Merge branch 'main' into 8472-support-portal-improvements

.github/workflows/browser-test.yml

@@ -65,6 +65,11 @@ jobs:
           PUPPETEER_SKIP_CHROMIUM_DOWNLOAD: true
         run: npm ci --include=optional
 
+      - uses: ./.github/actions/get-docs-early-access
+        if: ${{ github.repository == 'github/docs-internal' }}
+        with:
+          token: ${{ secrets.DOCUBOT_REPO_PAT }}
+
       - name: Cache nextjs build
         uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
         with:

.github/workflows/openapi-decorate.yml

@@ -63,6 +63,7 @@ jobs:
           git status
           echo "Deleting the cloned github/rest-api-description repo..."
           rm -rf rest-api-description
+          rm -rf openApiTemp
 
       - name: Create pull request
         env:

content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/about-your-profile.md

@@ -33,6 +33,7 @@ People who visit your profile can also see the following information.
 - Repositories you've starred{% ifversion fpt or ghec %} and organized into lists{% endif %}. For more information, see "[AUTOTITLE](/get-started/exploring-projects-on-github/saving-repositories-with-stars)."
 - An overview of your activity in organizations, repositories, and teams you're most active in. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-an-overview-of-your-activity-on-your-profile)."{% ifversion fpt or ghec %}
 - Badges and Achievements that highlight your activity and show if you use {% data variables.product.prodname_pro %} or participate in programs like the {% data variables.product.prodname_arctic_vault %}, {% data variables.product.prodname_sponsors %}, or the {% data variables.product.company_short %} Developer Program. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#displaying-badges-on-your-profile)."{% endif %}
+- Your pronouns if you've set them. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#adding-pronouns-to-your-profile).
 
 You can also set a status on your profile to provide information about your availability. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status)."
 

content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile.md

@@ -96,6 +96,22 @@ For a longer-form and more prominent way of displaying customized information ab
 
 {% data reusables.profile.update-profile %}
 
+## Adding pronouns to your profile
+
+Add pronouns to your public user profile to share information about yourself with other {% data variables.product.product_name %} users. Your pronouns will only be visible to users that are signed in to {% data variables.product.product_name %}.
+
+{% note %}
+
+**Note:**
+  Your pronouns will be visible to {% data variables.product.product_name %} users. It is important to consider that for transgender and non-binary people, covering demands in the workplace, at school, or in other contexts, may make it more comfortable not to share their pronouns. Please be aware of any applicable local laws, regulations, or cultural norms that may pose additional risks to transgender or non-binary people as you consider whether to leverage the pronouns feature.
+
+{% endnote %}
+
+{% data reusables.user-settings.access_settings %}
+1. Under **Pronouns**, add the pronouns that you want displayed on your profile. You may add custom pronouns.
+
+{% data reusables.profile.update-profile %}
+
 {% ifversion profile-time-zone %}
 
 ## Setting your location and time zone

content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md

@@ -26,6 +26,7 @@ When your profile is private, the following content is hidden from your profile
 - Follow and Sponsor buttons.
 - Organization memberships.
 - Stars, projects, packages, and sponsoring tabs.
+- Your pronouns.
 
 {% note %}
 

content/actions/deployment/targeting-different-environments/using-environments-for-deployment.md

@@ -21,6 +21,8 @@ Environments are used to describe a general deployment target like `production`,
 
 You can configure environments with protection rules and secrets. When a workflow job references an environment, the job won't start until all of the environment's protection rules pass. A job also cannot access secrets that are defined in an environment until all the environment protection rules pass.
 
+{% ifversion actions-break-glass %}Optionally, you can bypass an environment's protection rules and force all pending jobs referencing the environment to proceed. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments#bypassing-environment-protection-rules)."{% endif %}
+
 {% ifversion fpt %}
 {% note %}
 
@@ -45,6 +47,12 @@ For more information on reviewing jobs that reference an environment with requir
 
 Use a wait timer to delay a job for a specific amount of time after the job is initially triggered. The time (in minutes) must be an integer between 0 and 43,200 (30 days).
 
+{% ifversion actions-break-glass %}
+### Do not let admins bypass protection rules
+
+Prevent admins from being able to bypass the configured environment protection rules.
+{% endif %}
+
 ### Deployment branches
 
 Use deployment branches to restrict which branches can deploy to the environment. Below are the options for deployment branches for an environment:
@@ -95,22 +103,28 @@ Variables stored in an environment are only available to workflow jobs that refe
    1. Select **Wait timer**.
    1. Enter the number of minutes to wait.
    1. Click **Save protection rules**.
-3. Optionally, specify what branches can deploy to this environment. For more information about the possible values, see "[Deployment branches](#deployment-branches)."
+{%- ifversion actions-break-glass %}
+3. Optionally, prevent admins from bypassing environment protection rules. For more information about bypassing environment protection rules, see "[AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments)."
+   1. Select **Do not let admins bypass protection rules**.
+   1. Click **Save protection rules**.
+{%- endif %}
+4. Optionally, specify what branches can deploy to this environment. For more information about the possible values, see "[Deployment branches](#deployment-branches)."
    1. Select the desired option in the **Deployment branches** dropdown.
    1. If you chose **Selected branches**, enter the branch name patterns that you want to allow.
-4. Optionally, add environment secrets. These secrets are only available to workflow jobs that use the environment. Additionally, workflow jobs that use this environment can only access these secrets after any configured rules (for example, required reviewers) pass. For more information about secrets, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets)."
+5. Optionally, add environment secrets. These secrets are only available to workflow jobs that use the environment. Additionally, workflow jobs that use this environment can only access these secrets after any configured rules (for example, required reviewers) pass. For more information about secrets, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets)."
    1. Under **Environment secrets**, click **Add Secret**.
    1. Enter the secret name.
    1. Enter the secret value.
    1. Click **Add secret**.
 {%- ifversion actions-configuration-variables %}
-5. Optionally, add environment variables. These variables are only available to workflow jobs that use the environment, and are only accessible using the [`vars`](/actions/learn-github-actions/contexts#vars-context) context. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables)."
+6. Optionally, add environment variables. These variables are only available to workflow jobs that use the environment, and are only accessible using the [`vars`](/actions/learn-github-actions/contexts#vars-context) context. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables)."
    1. Under **Environment variables**, click **Add Variable**.
    1. Enter the variable name.
    1. Enter the variable value.
    1. Click **Add variable**.
 {%- endif %}
 
+
 You can also create and configure environments through the REST API. For more information, see "[AUTOTITLE](/rest/deployments/environments)," "[AUTOTITLE](/rest/actions/secrets),"{% ifversion actions-configuration-variables %} "[AUTOTITLE](/rest/actions/variables),"{% endif %} and "[AUTOTITLE](/rest/deployments/branch-policies)."
 
 Running a workflow that references an environment that does not exist will create an environment with the referenced name. The newly created environment will not have any protection rules or secrets configured. Anyone that can edit workflows in the repository can create environments via a workflow file, but only repository admins can configure the environment.

content/actions/managing-workflow-runs/reviewing-deployments.md

@@ -25,3 +25,25 @@ For more information about environments and required approvals, see "[AUTOTITLE]
 4. Approve or reject:
    - To approve the job, click **Approve and deploy**. Once a job is approved (and any other environment protection rules have passed), the job will proceed. At this point, the job can access any secrets stored in the environment.
    - To reject the job, click **Reject**. If a job is rejected, the workflow will fail.
+
+{% ifversion actions-break-glass %}
+## Bypassing environment protection rules
+
+If you have configured environment protection rules that control whether software can be deployed to an environment, you can bypass these rules and force all pending jobs referencing the environment to proceed.
+
+{% note %}
+
+**Notes:**
+
+- You cannot bypass environment protection rules if the environment has been configured to prevent admins from bypassing configured protection rules. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#creating-an-environment)."
+- You can only bypass environment protection rules during workflow execution when a job referencing the environment is in a "Pending" state.
+
+{% endnote %}
+
+1. Navigate to the workflow run. For more information about navigating to a workflow run, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)."
+1. To the right of **Deployment protection rules**, click **Start all waiting jobs**.
+   ![Screenshot of the "Deployment protection rules" section with the "Start all waiting jobs" button outlined in orange](/assets/images/actions-bypass-env-protection-rules.png)
+1. In the pop-up window, select the environments for which you want to bypass environment protection rules.
+1. Under **Leave a comment**, enter a description for bypassing the environment protection rules.
+1. Click **I understand the consequences, start deploying**.
+{% endif %}

content/actions/migrating-to-github-actions/automated-migrations/automating-migration-with-github-actions-importer.md

@@ -1,6 +1,8 @@
 ---
 title: Automating migration with GitHub Actions Importer
 intro: 'Use {% data variables.product.prodname_actions_importer %} to plan and automate your migration to {% data variables.product.prodname_actions %}.'
+redirect_from:
+  - /actions/migrating-to-github-actions/automating-migration-with-github-actions-importer
 versions:
   fpt: '*'
   ghec: '*'
@@ -19,12 +21,6 @@ shortTitle: 'Automate migration with {% data variables.product.prodname_actions_
 
 [Legal notice](#legal-notice)
 
-{% note %}
-
-**Note**: {% data variables.product.prodname_actions_importer %} is currently available as a public preview. Visit the [sign up page](https://github.com/features/actions-importer/signup) to request access to the preview. Once you are granted access you'll be able to use the `gh-actions-importer` CLI extension
-
-{% endnote %}
-
 ## About {% data variables.product.prodname_actions_importer %}
 
 You can use {% data variables.product.prodname_actions_importer %} to plan and automatically migrate your CI/CD pipelines to {% data variables.product.prodname_actions %} from Azure DevOps, CircleCI, GitLab, Jenkins, and Travis CI.
@@ -43,13 +39,10 @@ You can use {% data variables.product.prodname_actions_importer %} to migrate fr
 - Jenkins
 - Travis CI
 
-Once you are granted access to the preview, you will be able to access further reference documentation for each of the supported platforms.
-
 ## Prerequisites
 
 {% data variables.product.prodname_actions_importer %} has the following requirements:
 
-- You must have been granted access to the public preview for the {% data variables.product.prodname_actions_importer %}.
 {%- ifversion ghes < 3.5 or ghae %}
 - Use a {% data variables.product.pat_generic %} with the `read:packages` scope enabled.
 {%- else %}
@@ -111,8 +104,6 @@ You must configure credentials that allow {% data variables.product.prodname_act
 $ gh actions-importer configure
 ```
 
-Once you are granted access to the preview, you will be able to access further reference documentation about using environment variables.
-
 ## Using the {% data variables.product.prodname_actions_importer %} CLI
 
 Use the subcommands of `gh actions-importer` to begin your migration to {% data variables.product.prodname_actions %}, including `audit`, `forecast`, `dry-run`, and `migrate`.
@@ -138,8 +129,6 @@ Commands:
   travis-ci     An audit will output a list of data used in a Travis CI instance.
 ```
 
-Once you are granted access to the preview, you will be able to access further reference documentation about running an audit.
-
 ### Forecasting usage
 
 The `forecast` subcommand reviews historical pipeline usage to create a forecast of {% data variables.product.prodname_actions %} usage.
@@ -162,8 +151,6 @@ Commands:
   github        Forecasts GitHub Actions usage from historical GitHub pipeline utilization.
 ```
 
-Once you are granted access to the preview, you will be able to access further reference documentation about running a forecast.
-
 ### Testing the migration process
 
 The `dry-run` subcommand can be used to convert a pipeline to its {% data variables.product.prodname_actions %} equivalent, and then write the workflow to your local filesystem.
@@ -185,8 +172,6 @@ Commands:
   travis-ci     Convert a Travis CI pipeline to a GitHub Actions workflow and output its yaml file.
 ```
 
-Once you are granted access to the preview, you will be able to access further reference documentation about performing a dry run.
-
 ### Migrating a pipeline to {% data variables.product.prodname_actions %}
 
 The `migrate` subcommand can be used to convert a pipeline to its GitHub Actions equivalent and then create a pull request with the contents.
@@ -208,32 +193,18 @@ Commands:
   travis-ci     Convert a Travis CI pipeline to a GitHub Actions workflow and and open a pull request with the changes.
 ```
 
-Once you are granted access to the preview, you will be able to access further reference documentation about running a migration.
+## Performing self-serve migrations using IssueOps
+
+You can use {% data variables.product.prodname_actions %} and {% data variables.product.prodname_github_issues %} to run CLI commands for {% data variables.product.prodname_actions_importer %}. This allows you to migrate your CI/CD workflows without installing software on your local machine. This approach is especially useful for organizations that want to enable self-service migrations to {% data variables.product.prodname_actions %}. Once IssueOps is configured, users can open an issue with the relevant template to migrate pipelines to {% data variables.product.prodname_actions %}.
+
+For more information about setting up self-serve migrations with IssueOps, see the [`actions/importer-issue-ops`](https://github.com/actions/importer-issue-ops) template repository.
+
+## Using the {% data variables.product.prodname_actions_importer %} labs repository
+
+The {% data variables.product.prodname_actions_importer %} labs repository contains platform-specific learning paths that teach you how to use {% data variables.product.prodname_actions_importer %} and how to approach migrations to {% data variables.product.prodname_actions %}. You can use this repository to learn how to use {% data variables.product.prodname_actions_importer %} to help plan, forecast, and automate your migration to {% data variables.product.prodname_actions %}. 
+
+To learn more, see the [GitHub Actions Importer labs repository](https://github.com/actions/importer-labs/tree/main#readme).
 
 ## Legal notice
 
-Portions have been adapted from https://github.com/github/gh-actions-importer/ under the MIT license:
-
-```
-MIT License
-
-Copyright (c) 2022 GitHub
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-```
+{% data reusables.actions.actions-importer-legal-notice %}

content/actions/migrating-to-github-actions/automated-migrations/extending-github-actions-importer-with-custom-transformers.md

@@ -0,0 +1,181 @@
+---
+title: Extending GitHub Actions Importer with custom transformers
+intro: '{% data variables.product.prodname_actions_importer %} offers the ability to extend its built-in mapping.'
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '*'
+  ghae: '*'
+type: how_to
+topics:
+  - Migration
+  - CI
+  - CD
+shortTitle: 'Extending GitHub Actions Importer'
+---
+
+[Legal notice](#legal-notice)
+
+## About custom transformers
+
+{% data variables.product.prodname_actions_importer %} offers the ability to extend its built-in mapping by creating custom transformers. Custom transformers can be used to:
+
+- Convert items that {% data variables.product.prodname_actions_importer %} does not automatically convert, or modify how items are converted. For more information, see "[Creating custom transformers for items](#creating-custom-transformers-for-items)."
+- Convert references to runners to use different runner labels. For more information, see "[Creating custom transformers for runners](#creating-custom-transformers-for-runners)."
+- Convert environment variable values from your existing pipelines to {% data variables.product.prodname_actions %} workflows. For more information, see "[Creating custom transformers for environment variables](#creating-custom-transformers-for-environment-variables)."
+
+## Using custom transformers with {% data variables.product.prodname_actions_importer %}
+
+A custom transformer contains mapping logic that {% data variables.product.prodname_actions_importer %} can use to transform your plugins, tasks, runner labels, or environment variables to work with {% data variables.product.prodname_actions %}. Custom transformers are written with a domain-specific language (DSL) built on top of Ruby, and are defined within a file with the `.rb` file extension. 
+
+You can use the `--custom-transformers` CLI option to specify which custom transformer files to use with the `audit`, `dry-run`, and `migrate` commands.
+
+For example, if custom transformers are defined in a file named `transformers.rb`, you can use the following command to use them with {% data variables.product.prodname_actions_importer %}:
+
+```
+gh actions-importer ... --custom-transformers transformers.rb
+```
+
+Alternatively, you can use the glob pattern syntax to specify multiple custom transformer files. For example, if multiple custom transformer files are within a directory named `transformers`, you can provide them all to {% data variables.product.prodname_actions_importer %} with the following command:
+
+```
+gh actions-importer ... --custom-transformers transformers/*.rb
+```
+
+{% note %}
+
+**Note:** When you use custom transformers, the custom transformer files must reside in the same directory, or in subdirectores, from where the `gh actions-importer` command is run.
+
+{% endnote %}
+
+## Creating custom transformers for items
+
+You can create custom transformers that {% data variables.product.prodname_actions_importer %} will use when converting existing build steps or triggers to their equivalent in {% data variables.product.prodname_actions %}. This is especially useful when:
+
+- {% data variables.product.prodname_actions_importer %} doesn't automatically convert an item.
+- You want to change how an item is converted by {% data variables.product.prodname_actions_importer %}.
+- Your existing pipelines use custom or proprietary extensions, such as shared libraries in Jenkins, and you need to define how these steps should function in {% data variables.product.prodname_actions %}.
+
+{% data variables.product.prodname_actions_importer %} uses custom transformers that are defined using a DSL built on top of Ruby. In order to create custom transformers for build steps and triggers:
+
+- Each custom transformer file must contain at least one `transform` method.
+- Each `transform` method must return a `Hash`, an array of `Hash`'s, or `nil`. This returned value will correspond to an action defined in YAML. For more information about actions, see "[AUTOTITLE](/actions/learn-github-actions/understanding-github-actions)."
+
+### Example custom transformer for a build step
+
+The following example converts a build step that uses the "buildJavascriptApp" identifier to run various `npm` commands:
+
+```ruby{:copy}
+transform "buildJavascriptApp" do |item|
+  command = ["build", "package", "deploy"].map do |script|
+    "npm run #{script}"
+  end
+
+  {
+    name: "build javascript app",
+    run: command.join("\n")
+  }
+end
+```
+
+The above example results in the following {% data variables.product.prodname_actions %} workflow step. It is comprised of converted build steps that had a `buildJavascriptApp` identifier:
+
+```yaml
+- name: build javascript app
+  run: |
+    npm run build
+    npm run package
+    npm run deploy
+```
+
+The `transform` method uses the identifier of the build step from your source CI/CD instance in an argument. In this example, the identifier is `buildJavascriptLibrary`. You can also use comma-separated values to pass multiple identifiers to the `transform` method. For example, `transform "buildJavascriptApp", "buildTypescriptApp" { |item| ... }`.
+
+{% note %}
+
+**Note**: The data structure of `item` will be different depending on the CI/CD platform and the type of item being converted.
+
+{% endnote %}
+
+## Creating custom transformers for runners
+
+You can customize the mapping between runners in your source CI/CD instance and their equivalent {% data variables.product.prodname_actions %} runners.
+
+{% data variables.product.prodname_actions_importer %} uses custom transformers that are defined using a DSL built on top of Ruby. To create custom transformers for runners:
+
+- The custom transformer file must have at least one `runner` method.
+- The `runner` method accepts two parameters. The first parameter is the source CI/CD instance's runner label, and the second parameter is the corresponding {% data variables.product.prodname_actions %} runner label. {% ifversion not ghae %}For more information on {% data variables.product.prodname_actions %} runners, see "[AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources)."{% endif %}
+
+### Example custom transformers for runners
+
+The following example shows a `runner` method that converts one runner label to one {% data variables.product.prodname_actions %} runner label in the resulting workflow.
+
+```ruby{:copy}
+runner "linux", "ubuntu-latest"
+```
+
+You can also use the `runner` method to convert one runner label to multiple {% data variables.product.prodname_actions %} runner labels in the resulting workflow.
+
+```ruby{:copy}
+runner "big-agent", ["self-hosted", "xl", "linux"]
+```
+
+{% data variables.product.prodname_actions_importer %} attempts to map the runner label as best it can. In cases where it cannot do this, the `ubuntu-latest` runner label is used as a default. You can use a special keyword with the `runner` method to control this default value. For example, the following custom transformer instructs {% data variables.product.prodname_actions_importer %} to use `macos-latest` as the default runner instead of `ubuntu-latest`.
+
+```ruby{:copy}
+runner :default, "macos-latest"
+```
+
+## Creating custom transformers for environment variables
+
+You can customize the mapping between environment variables in your source CI/CD pipelines to their values in {% data variables.product.prodname_actions %}.
+
+{% data variables.product.prodname_actions_importer %} uses custom transformers that are defined using a DSL built on top of Ruby. To create custom transformers for environment variables:
+
+- The custom transformer file must have at least one `env` method.
+- The `env` method accepts two parameters. The first parameter is the name of the environment variable in the original pipeline, and the second parameter is the updated value for the environment variable for {% data variables.product.prodname_actions %}. For more information about {% data variables.product.prodname_actions %} environment variables, see "[AUTOTITLE](/actions/learn-github-actions/variables)."
+
+### Example custom transformers for environment variables
+
+There are several ways you can set up custom transformers to map your environment variables.
+
+- The following example sets the value of any existing environment variables named `OCTO`, to `CAT` when transforming a pipeline.
+
+  ```ruby{:copy}
+  env "OCTO", "CAT"
+  ```
+
+  You can also remove all instances of a specific environment variable so they are not transformed to an {% data variables.product.prodname_actions %} workflow. The following example removes all environment variables with the name `MONA_LISA`.
+
+  ```ruby{:copy}
+  env "MONA_LISA", nil
+  ```
+
+- You can also map your existing environment variables to secrets. For example, the following `env` method maps an environment variable named `MONALISA` to a secret named `OCTOCAT`.
+
+  ```ruby{:copy}
+  env "MONALISA", secret("OCTOCAT")
+  ```
+
+  This will set up a reference to a secret named `OCTOCAT` in the transformed workflow. For the secret to work, you will need to create the secret in your GitHub repository. For more information, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository)."
+
+- You can also use regular expressions to update the values of multiple environment variables at once. For example, the following custom transformer removes all environment variables from the converted workflow:
+
+  ```ruby{:copy}
+  env /.*/, nil
+  ```
+
+  The following example uses a regular expression match group to transform environment variable values to dynamically generated secrets.
+
+  ```ruby{:copy}
+  env /^(.+)_SSH_KEY/, secret("%s_SSH_KEY)
+  ```
+
+  {% note %}
+
+  **Note**: The order in which `env` methods are defined matters when using regular expressions. The first `env` transformer that matches an environment variable name takes precedence over subsequent `env` methods. You should define your most specific environment variable transformers first.
+
+  {% endnote %}
+
+## Legal notice
+
+{% data reusables.actions.actions-importer-legal-notice %}

content/actions/migrating-to-github-actions/automated-migrations/index.md

@@ -0,0 +1,15 @@
+---
+title: 'Using {% data variables.product.prodname_actions_importer %} to automate migrations'
+shortTitle: Automated migrations
+intro: 'Learn how to use {% data variables.product.prodname_actions_importer %} to migrate your CI/CD workflows to {% data variables.product.prodname_actions %}.'
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: '*'
+  ghec: '*'
+children:
+  - /automating-migration-with-github-actions-importer
+  - /extending-github-actions-importer-with-custom-transformers
+  - /supplemental-arguments-and-settings
+---
+

content/actions/migrating-to-github-actions/automated-migrations/supplemental-arguments-and-settings.md

@@ -0,0 +1,148 @@
+---
+title: Supplemental arguments and settings
+intro: '{% data variables.product.prodname_actions_importer %} has several supplemental arguments and settings to tailor the migration process to your needs.'
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '*'
+  ghae: '*'
+type: reference
+topics:
+  - Migration
+  - CI
+  - CD
+---
+
+[Legal notice](#legal-notice)
+
+This article provides general information for configuring {% data variables.product.prodname_actions_importer %}'s supplemental arguments and settings, such as optional parameters, path arguments, and network settings.
+
+## Optional parameters
+
+{% data variables.product.prodname_actions_importer %} has several optional parameters that you can use to customize the migration process.
+
+### Limiting allowed actions
+
+The following options can be used to limit which actions are allowed in converted workflows. When used in combination, these options expand the list of allowed actions. If none of these options are supplied, then all actions are allowed.
+
+- `--allowed-actions` specifies a list of actions to allow in converted workflows. Wildcards are supported. Any other actions other than those provided will be disallowed.
+
+  For example:
+
+  ```shell
+  --allowed-actions {% data reusables.actions.action-checkout %} actions/upload-artifact@* my-org/*
+  ```
+
+  You can provide an empty list to disallow all actions. For example, `--allowed-actions=`.
+
+- `--allow-verified-actions` specifies that all actions from verified creators are allowed.
+
+- `--allow-github-created-actions` specifies that actions published from the `github` or `actions` organizations are allowed.
+
+  For example, such actions include `github/super-linter` and `actions/checkout`.
+  
+  This option is equivalent to `--allowed-actions actions/* github/*`.
+
+### Using a credentials file for authentication
+
+The `--credentials-file` parameter specifies the path to a file containing credentials for different servers that {% data variables.product.prodname_actions_importer %} can authenticate to. This is useful when build scripts (such as `.travis.yml` or `jenkinsfile`) are stored in multiple {% data variables.product.prodname_ghe_server %} instances.
+
+A credentials file must be a YAML file containing a list of server and access token combinations. {% data variables.product.prodname_actions_importer %} uses the credentials for the URL that most closely matches the network request being made.
+
+For example:
+
+```yml
+- url: https://github.com
+  access_token: ghp_mygeneraltoken
+- url: https://github.com/specific_org/
+  access_token: ghp_myorgspecifictoken
+- url: https://jenkins.org
+  access_token: abc123
+  username: marty_mcfly
+```
+
+For the above credentials file, {% data variables.product.prodname_actions_importer %} uses the access token `ghp_mygeneraltoken` to authenticate all network requests to `https://github.com`, _unless_ the network request is for a repository in the `specific_org` organization. In that case, the `ghp_myorgspecifictoken` token is used to authenticate instead.
+
+#### Alternative source code providers
+
+{% data variables.product.prodname_actions_importer %} can automatically fetch source code from non-{% data variables.product.prodname_dotcom %} repositories. A credentials file can specify the `provider`, the provider URL, and the credentials needed to retrieve the source code.
+
+For example:
+
+```yml
+- url: https://gitlab.com
+  access_token: super_secret_token
+  provider: gitlab
+```
+
+For the above example, {% data variables.product.prodname_actions_importer %} uses the token `super_secret_token` to retrieve any source code that is hosted on `https://gitlab.com`.
+
+Supported values for `provider` are:
+
+- `github` (default)
+- `gitlab`
+- `bitbucket_server`
+- `azure_devops`
+
+### Restricting {% data variables.product.prodname_actions %} features to include in workflows
+
+You can use the `--features` option to limit the features used in workflows that {% data variables.product.prodname_actions_importer %} creates. This is useful for excluding newer {% data variables.product.prodname_actions %} syntax from workflows when migrating to an older {% data variables.product.prodname_ghe_server %} instance. When using the `--features` option, you must specify the version of {% data variables.product.prodname_ghe_server %} that you are migrating to.
+
+For example:
+
+```bash
+gh actions-importer dry-run ... --features ghes-3.3
+```
+
+The supported values for `--features` are:
+
+- `all` (default value)
+- `ghes-latest`
+- `ghes-<number>`, where `<number>` is the version of {% data variables.product.prodname_ghe_server %}, `3.0` or later. For example, `ghes-3.3`.
+
+### Disabling network response caching
+
+By default, {% data variables.product.prodname_actions_importer %} caches responses from network requests to reduce network load and reduce run time. You can use the `--no-http-cache` option to disable the network cache. For example:
+
+```bash
+gh actions-importer forecast ... --no-http-cache
+```
+
+## Path arguments
+
+When running {% data variables.product.prodname_actions_importer %}, path arguments are relative to the container's disk, so absolute paths relative to the container's host machine are not supported. When {% data variables.product.prodname_actions_importer %} is run, the container's `/data` directory is mounted to the directory where {% data variables.product.prodname_actions_importer %} is run.
+
+For example, the following command outputs the {% data variables.product.prodname_actions_importer %} audit summary to the `/Users/mona/out` directory:
+
+```console
+# Current directory: /Users/mona
+$ gh actions-importer audit --output-dir /data/out
+```
+
+## Using a proxy
+
+To access servers that are configured with a HTTP proxy, you must set the following environment variables with the proxy's URL:
+
+- `OCTOKIT_PROXY`: for any {% data variables.product.prodname_dotcom %} server.
+- `HTTP_PROXY` (or `HTTPS_PROXY`): for any other servers.
+
+For example:
+
+```sh
+export OCTOKIT_PROXY=https://proxy.example.com:8443
+export HTTPS_PROXY=$OCTOKIT_PROXY
+```
+
+If the proxy requires authentication, a username and password must be included in the proxy URL. For example, `https://username:password@proxy.url:port`.
+
+## Disabling SSL certificate verification
+
+By default, {% data variables.product.prodname_actions_importer %} verifies SSL certificates when making network requests. You can disable SSL certificate verification with the `--no-ssl-verify` option. For example:
+
+```bash
+gh actions-importer audit --output-dir ./output --no-ssl-verify
+```
+
+## Legal notice
+
+{% data reusables.actions.actions-importer-legal-notice %}

content/actions/migrating-to-github-actions/index.md

@@ -10,10 +10,6 @@ versions:
 redirect_from:
   - /articles/migrating-github-actions-from-hcl-syntax-to-yaml-syntax
 children:
-  - /automating-migration-with-github-actions-importer
-  - /migrating-from-azure-pipelines-to-github-actions
-  - /migrating-from-circleci-to-github-actions
-  - /migrating-from-gitlab-cicd-to-github-actions
-  - /migrating-from-jenkins-to-github-actions
-  - /migrating-from-travis-ci-to-github-actions
----
+  - /automated-migrations
+  - /manual-migrations
+---

content/actions/migrating-to-github-actions/manual-migrations/index.md

@@ -0,0 +1,17 @@
+---
+title: Manually migrating to GitHub Actions
+shortTitle: Manual migrations
+intro: 'Learn how to manually migrate your existing CI/CD workflows to {% data variables.product.prodname_actions %}.'
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: '*'
+  ghec: '*'
+children:
+  - /migrating-from-azure-pipelines-to-github-actions
+  - /migrating-from-circleci-to-github-actions
+  - /migrating-from-gitlab-cicd-to-github-actions
+  - /migrating-from-jenkins-to-github-actions
+  - /migrating-from-travis-ci-to-github-actions
+---
+

content/actions/migrating-to-github-actions/manual-migrations/migrating-from-azure-pipelines-to-github-actions.md

@@ -3,6 +3,7 @@ title: Migrating from Azure Pipelines to GitHub Actions
 intro: '{% data variables.product.prodname_actions %} and Azure Pipelines share several configuration similarities, which makes migrating to {% data variables.product.prodname_actions %} relatively straightforward.'
 redirect_from:
   - /actions/learn-github-actions/migrating-from-azure-pipelines-to-github-actions
+  - /actions/migrating-to-github-actions/migrating-from-azure-pipelines-to-github-actions
 versions:
   fpt: '*'
   ghes: '*'

content/actions/migrating-to-github-actions/manual-migrations/migrating-from-circleci-to-github-actions.md

@@ -3,6 +3,7 @@ title: Migrating from CircleCI to GitHub Actions
 intro: 'GitHub Actions and CircleCI share several similarities in configuration, which makes migration to GitHub Actions relatively straightforward.'
 redirect_from:
   - /actions/learn-github-actions/migrating-from-circleci-to-github-actions
+  - /actions/migrating-to-github-actions/migrating-from-circleci-to-github-actions
 versions:
   fpt: '*'
   ghes: '*'

content/actions/migrating-to-github-actions/manual-migrations/migrating-from-gitlab-cicd-to-github-actions.md

@@ -3,6 +3,7 @@ title: Migrating from GitLab CI/CD to GitHub Actions
 intro: '{% data variables.product.prodname_actions %} and GitLab CI/CD share several configuration similarities, which makes migrating to {% data variables.product.prodname_actions %} relatively straightforward.'
 redirect_from:
   - /actions/learn-github-actions/migrating-from-gitlab-cicd-to-github-actions
+  - /actions/migrating-to-github-actions/migrating-from-gitlab-cicd-to-github-actions
 versions:
   fpt: '*'
   ghes: '*'

content/actions/migrating-to-github-actions/manual-migrations/migrating-from-jenkins-to-github-actions.md

@@ -3,6 +3,7 @@ title: Migrating from Jenkins to GitHub Actions
 intro: '{% data variables.product.prodname_actions %} and Jenkins share multiple similarities, which makes migration to {% data variables.product.prodname_actions %} relatively straightforward.'
 redirect_from:
   - /actions/learn-github-actions/migrating-from-jenkins-to-github-actions
+  - /actions/migrating-to-github-actions/migrating-from-jenkins-to-github-actions
 versions:
   fpt: '*'
   ghes: '*'

content/actions/migrating-to-github-actions/manual-migrations/migrating-from-travis-ci-to-github-actions.md

@@ -3,6 +3,7 @@ title: Migrating from Travis CI to GitHub Actions
 intro: '{% data variables.product.prodname_actions %} and Travis CI share multiple similarities, which helps make it relatively straightforward to migrate to {% data variables.product.prodname_actions %}.'
 redirect_from:
   - /actions/learn-github-actions/migrating-from-travis-ci-to-github-actions
+  - /actions/migrating-to-github-actions/migrating-from-travis-ci-to-github-actions
 versions:
   fpt: '*'
   ghes: '*'

content/actions/using-workflows/events-that-trigger-workflows.md

@@ -19,11 +19,15 @@ shortTitle: Events that trigger workflows
 
 Workflow triggers are events that cause a workflow to run. For more information about how to use workflow triggers, see "[AUTOTITLE](/actions/using-workflows/triggering-a-workflow)."
 
-## Available events
+Some events have multiple activity types. For these events, you can specify which activity types will trigger a workflow run. For more information about what each activity type means, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads)."
 
-Some events have multiple activity types. For these events, you can specify which activity types will trigger a workflow run. For more information about what each activity type means, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads)." Note that not all webhook events trigger workflows.
+{% note %}
 
-### `branch_protection_rule`
+**Note:** Not all webhook events trigger workflows.
+
+{% endnote %}
+
+## `branch_protection_rule`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -47,7 +51,7 @@ on:
     types: [created, deleted]
 ```
 
-### `check_run`
+## `check_run`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -71,7 +75,7 @@ on:
     types: [rerequested, completed]
 ```
 
-### `check_suite`
+## `check_suite`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -101,7 +105,7 @@ on:
     types: [completed]
 ```
 
-### `create`
+## `create`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -122,7 +126,7 @@ on:
   create
 ```
 
-### `delete`
+## `delete`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -145,7 +149,7 @@ on:
   delete
 ```
 
-### `deployment`
+## `deployment`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -160,7 +164,7 @@ on:
   deployment
 ```
 
-### `deployment_status`
+## `deployment_status`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -182,7 +186,7 @@ on:
 ```
 
 {% ifversion discussions %}
-### `discussion`
+## `discussion`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -208,7 +212,7 @@ on:
     types: [created, edited, answered]
 ```
 
-### `discussion_comment`
+## `discussion_comment`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -236,7 +240,7 @@ on:
 
 {% endif %}
 
-### `fork`
+## `fork`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -253,7 +257,7 @@ on:
   fork
 ```
 
-### `gollum`
+## `gollum`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -270,7 +274,7 @@ on:
   gollum
 ```
 
-### `issue_comment`
+## `issue_comment`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -294,7 +298,7 @@ on:
     types: [created, deleted]
 ```
 
-#### `issue_comment` on issues only or pull requests only
+### `issue_comment` on issues only or pull requests only
 
 The `issue_comment` event occurs for comments on both issues and pull requests. You can use the `github.event.issue.pull_request` property in a conditional to take different action depending on whether the triggering object was an issue or pull request.
 
@@ -327,7 +331,7 @@ jobs:
           NUMBER: {% raw %}${{ github.event.issue.number }}{% endraw %}
 ```
 
-### `issues`
+## `issues`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -351,7 +355,7 @@ on:
     types: [opened, edited, milestoned]
 ```
 
-### `label`
+## `label`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -379,7 +383,7 @@ on:
 
 {% ifversion fpt or ghec  %}
 
-### `merge_group`
+## `merge_group`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -405,7 +409,7 @@ on:
 ```
 
 {% endif %}
-### `milestone`
+## `milestone`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -431,7 +435,7 @@ on:
     types: [opened, deleted]
 ```
 
-### `page_build`
+## `page_build`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -448,7 +452,7 @@ on:
   page_build
 ```
 
-### `project`
+## `project`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -486,7 +490,7 @@ on:
     types: [created, deleted]
 ```
 
-### `project_card`
+## `project_card`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -524,7 +528,7 @@ on:
     types: [created, deleted]
 ```
 
-### `project_column`
+## `project_column`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -562,7 +566,7 @@ on:
     types: [created, deleted]
 ```
 
-### `public`
+## `public`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -579,7 +583,7 @@ on:
   public
 ```
 
-### `pull_request`
+## `pull_request`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -625,7 +629,7 @@ jobs:
       - run: echo 'A review from octo-team was requested'
 ```
 
-#### Running your `pull_request` workflow based on the head or base branch of a pull request
+### Running your `pull_request` workflow based on the head or base branch of a pull request
 
 You can use the `branches` or `branches-ignore` filter to configure your workflow to only run on pull requests that target specific branches. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpull_requestpull_request_targetbranchesbranches-ignore)."
 
@@ -672,7 +676,7 @@ jobs:
       - run: echo "The head of this PR starts with 'releases/'"
 ```
 
-#### Running your `pull_request` workflow based on files changed in a pull request
+### Running your `pull_request` workflow based on files changed in a pull request
 
 You can also configure your workflow to run when a pull request changes specific files. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore)."
 
@@ -702,7 +706,7 @@ on:
 
 {% endnote %}
 
-#### Running your `pull_request` workflow when a pull request merges
+### Running your `pull_request` workflow when a pull request merges
 
 When a pull request merges, the pull request is automatically closed. To run a workflow when a pull request merges, use the `pull_request` `closed` event type along with a conditional that checks the `merged` value of the event. For example, the following workflow will run whenever a pull request closes. The `if_merged` job will only run if the pull request was also merged.
 
@@ -723,11 +727,11 @@ jobs:
 
 {% data reusables.developer-site.pull_request_forked_repos_link %}
 
-### `pull_request_comment` (use `issue_comment`)
+## `pull_request_comment` (use `issue_comment`)
 
 To run your workflow when a comment on a pull request (not on a pull request's diff) is created, edited, or deleted, use the [`issue_comment`](#issue_comment) event. For activity related to pull request reviews or pull request review comments, use the [`pull_request_review`](#pull_request_review) or [`pull_request_review_comment`](#pull_request_review_comment) events.
 
-### `pull_request_review`
+## `pull_request_review`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -749,7 +753,7 @@ on:
     types: [edited, dismissed]
 ```
 
-#### Running a workflow when a pull request is approved
+### Running a workflow when a pull request is approved
 
 To run your workflow when a pull request has been approved, you can trigger your workflow with the `submitted` type of `pull_request_review` event, then check the review state with the `github.event.review.state` property. For example, this workflow will run whenever a pull request review is submitted, but the `approved` job will only run if the submitted review is an approving review:
 
@@ -768,7 +772,7 @@ jobs:
 
 {% data reusables.developer-site.pull_request_forked_repos_link %}
 
-### `pull_request_review_comment`
+## `pull_request_review_comment`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -792,7 +796,7 @@ on:
 
 {% data reusables.developer-site.pull_request_forked_repos_link %}
 
-### `pull_request_target`
+## `pull_request_target`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -824,7 +828,7 @@ on:
     types: [assigned, opened, synchronize, reopened]
 ```
 
-#### Running your `pull_request_target` workflow based on the head or base branch of a pull request
+### Running your `pull_request_target` workflow based on the head or base branch of a pull request
 
 You can use the `branches` or `branches-ignore` filter to configure your workflow to only run on pull requests that target specific branches. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpull_requestpull_request_targetbranchesbranches-ignore)."
 
@@ -871,7 +875,7 @@ jobs:
       - run: echo "The head of this PR starts with 'releases/'"
 ```
 
-#### Running your `pull_request_target` workflow based on files changed in a pull request
+### Running your `pull_request_target` workflow based on files changed in a pull request
 
 You can use the `paths` or `paths-ignore` filter to configure your workflow to run when a pull request changes specific files. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore)."
 
@@ -901,7 +905,7 @@ on:
 
 {% endnote %}
 
-#### Running your `pull_request_target` workflow when a pull request merges
+### Running your `pull_request_target` workflow when a pull request merges
 
 When a pull request merges, the pull request is automatically closed. To run a workflow when a pull request merges, use the `pull_request_target` `closed` event type along with a conditional that checks the `merged` value of the event. For example, the following workflow will run whenever a pull request closes. The `if_merged` job will only run if the pull request was also merged.
 
@@ -920,7 +924,7 @@ jobs:
         echo The PR was merged
 ```
 
-### `push`
+## `push`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -953,7 +957,7 @@ on:
 
 {% endnote %}
 
-#### Running your workflow only when a push to specific branches occurs
+### Running your workflow only when a push to specific branches occurs
 
 You can use the `branches` or `branches-ignore` filter to configure your workflow to only run when specific branches are pushed. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore)."
 
@@ -982,7 +986,7 @@ on:
 
 {% endnote %}
 
-#### Running your workflow only when a push of specific tags occurs
+### Running your workflow only when a push of specific tags occurs
 
 You can use the `tags` or `tags-ignore` filter to configure your workflow to only run when specific tags are pushed. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore)."
 
@@ -995,7 +999,7 @@ on:
       - v1.**
 ```
 
-#### Running your workflow only when a push affects specific files
+### Running your workflow only when a push affects specific files
 
 You can use the `paths` or `paths-ignore` filter to configure your workflow to run when a push to specific files occurs. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore)."
 
@@ -1023,7 +1027,7 @@ on:
 
 {% endnote %}
 
-### `registry_package`
+## `registry_package`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -1047,7 +1051,7 @@ on:
     types: [published]
 ```
 
-### `release`
+## `release`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -1081,7 +1085,7 @@ on:
     types: [published]
 ```
 
-### `repository_dispatch`
+## `repository_dispatch`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | ------------------ | ------------ | ------------ | ------------------|
@@ -1134,7 +1138,7 @@ jobs:
         run: echo $MESSAGE
 ```
 
-### `schedule`
+## `schedule`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -1179,7 +1183,7 @@ You can use [crontab guru](https://crontab.guru/) to help generate your cron syn
 
 Notifications for scheduled workflows are sent to the user who last modified the cron syntax in the workflow file. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/notifications-for-workflow-runs)."
 
-### `status`
+## `status`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -1214,7 +1218,7 @@ jobs:
           echo The status is error or failed: $DESCRIPTION
 ```
 
-### `watch`
+## `watch`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -1238,7 +1242,7 @@ on:
     types: [started]
 ```
 
-### `workflow_call`
+## `workflow_call`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | ------------------ | ------------ | ------------ | ------------------|
@@ -1252,7 +1256,7 @@ The example below only runs the workflow when it's called from another workflow:
 on: workflow_call
 ```
 
-### `workflow_dispatch`
+## `workflow_dispatch`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | ------------------ | ------------ | ------------ | ------------------|
@@ -1264,7 +1268,7 @@ To manually trigger a workflow, use the `workflow_dispatch` event. You can manua
 on: workflow_dispatch
 ```
 
-#### Providing inputs
+### Providing inputs
 
 You can configure custom-defined input properties, default input values, and required inputs for the event directly in your workflow. When you trigger the event, you can provide the `ref` and any `inputs`. When the workflow runs, you can access the input values in the {% ifversion actions-unified-inputs %}`inputs`{% else %}`github.event.inputs`{% endif %} context. For more information, see "[AUTOTITLE](/actions/learn-github-actions/contexts)."
 
@@ -1320,7 +1324,7 @@ gh workflow run run-tests.yml -f logLevel=warning -f tags=false -f environment=s
 
 For more information, see the {% data variables.product.prodname_cli %} information in "[AUTOTITLE](/actions/managing-workflow-runs/manually-running-a-workflow)."
 
-### `workflow_run`
+## `workflow_run`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
@@ -1362,7 +1366,7 @@ on:
       - completed
 ```
 
-#### Running a workflow based on the conclusion of another workflow
+### Running a workflow based on the conclusion of another workflow
 
 A workflow run is triggered regardless of the conclusion of the previous workflow. If you want to run a job or step based on the result of the triggering workflow, you can use a conditional with the `github.event.workflow_run.conclusion` property. For example, this workflow will run whenever a workflow named "Build" completes, but the `on-success` job will only run if the "Build" workflow succeeded, and the `on-failure` job will only run if the "Build" workflow failed:
 
@@ -1385,7 +1389,7 @@ jobs:
       - run: echo 'The triggering workflow failed'
 ```
 
-#### Limiting your workflow to run based on branches
+### Limiting your workflow to run based on branches
 
 You can use the `branches` or `branches-ignore` filter to specify what branches the triggering workflow must run on in order to trigger your workflow. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_runbranchesbranches-ignore)." For example, a workflow with the following trigger will only run when the workflow named `Build` runs on a branch named `canary`.
 
@@ -1397,7 +1401,7 @@ on:
     branches: [canary]
 ```
 
-#### Using data from the triggering workflow
+### Using data from the triggering workflow
 
 You can access the [`workflow_run` event payload](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_run) that corresponds to the workflow that triggered your workflow. For example, if your triggering workflow generates artifacts, a workflow triggered with the `workflow_run` event can access these artifacts.
 

content/actions/using-workflows/workflow-syntax-for-github-actions.md

@@ -82,7 +82,7 @@ In addition to the standard input parameters that are available, `on.workflow_ca
 
 If a `default` parameter is not set, the default value of the input is `false` for a boolean, `0` for a number, and `""` for a string.
 
-Within the called workflow, you can use the `inputs` context to refer to an input.
+Within the called workflow, you can use the `inputs` context to refer to an input. For more information, see "[AUTOTITLE](/actions/learn-github-actions/contexts#inputs-context)."
 
 If a caller workflow passes an input that is not specified in the called workflow, this results in an error.
 

content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md

@@ -42,10 +42,11 @@ You can configure {% data variables.product.prodname_code_scanning %} to run {%
 
 - A VM or container for {% data variables.product.prodname_code_scanning %} analysis to run in.
 
-## Running {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_actions %}
+<!-- Anchor to maintain the CodeQL CLI manual pages link: https://aka.ms/code-scanning-docs/configuring-ghes -->
 
-<!--The CodeQL CLI man pages include a link to this section of the article. If you rename this section,
-make sure that you also update the MS short link: https://aka.ms/code-scanning-docs/configuring-ghes.-->
+<a name="running-code-scanning-using-github-actions"></a>
+
+## Running {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_actions %}
 
 ### Setting up a self-hosted runner
 

content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md

@@ -48,7 +48,7 @@ Identify the gates and checks in your existing system and verify that you can im
 
 ### Identifying and validating migration tools
 
-Automated migration tools can translate your enterprise's workflows from the existing system's syntax to the syntax required by {% data variables.product.prodname_actions %}. Identify third-party tooling or contact your dedicated representative or {% data variables.contact.contact_enterprise_sales %} to ask about tools that {% data variables.product.company_short %} can provide. For example, you can use the {% data variables.product.prodname_actions_importer %} to plan, scope, and migrate your CI pipelines to {% data variables.product.prodname_actions %} from various supported services. For more information, see "[AUTOTITLE](/actions/migrating-to-github-actions/automating-migration-with-github-actions-importer)."
+Automated migration tools can translate your enterprise's workflows from the existing system's syntax to the syntax required by {% data variables.product.prodname_actions %}. Identify third-party tooling or contact your dedicated representative or {% data variables.contact.contact_enterprise_sales %} to ask about tools that {% data variables.product.company_short %} can provide. For example, you can use the {% data variables.product.prodname_actions_importer %} to plan, scope, and migrate your CI pipelines to {% data variables.product.prodname_actions %} from various supported services. For more information, see "[AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/automating-migration-with-github-actions-importer)."
 
 After you've identified a tool to automate your migrations, validate the tool by running the tool on some test workflows and verifying that the results are as expected.
 

content/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise.md

@@ -137,6 +137,8 @@ If you use an external directory or identity provider (IdP) to centralize access
 - "[AUTOTITLE](/admin/identity-and-access-management/using-ldap-for-enterprise-iam)"
 - "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam)"
 
+{% data reusables.enterprise.saml-or-ldap %}
+
 If you choose to use external authentication, you can also configure fallback authentication for people who don't have an account on your external authentication provider. For example, you may want to grant access to a contractor or machine user. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/allowing-built-in-authentication-for-users-outside-your-provider)."
 
 {% ifversion scim-for-ghes %}

content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md

@@ -80,7 +80,8 @@ To discover how a member was added to an organization, you can filter the member
 
 {% data variables.enterprise.prodname_managed_users_caps %} can only contribute to private and internal repositories within their enterprise and private repositories owned by their user account. {% data variables.enterprise.prodname_managed_users_caps %} have read-only access to the wider {% data variables.product.prodname_dotcom %} community. These visibility and access restrictions for users and content apply to all requests, including API requests.
 
-* {% data variables.enterprise.prodname_managed_users_caps %} cannot be invited to organizations or repositories outside of the enterprise, nor can the {% data variables.enterprise.prodname_managed_users %} be invited to other enterprises.
+* {% data variables.enterprise.prodname_managed_users_caps %} authenticate using only your identity provider, and have no password or two-factor authentication methods stored on {% data variables.product.prodname_dotcom %}. As a result, they do not see the sudo prompt when taking sensitive actions. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode)."
+*  {% data variables.enterprise.prodname_managed_users_caps %} cannot be invited to organizations or repositories outside of the enterprise, nor can the {% data variables.enterprise.prodname_managed_users %} be invited to other enterprises.
 * {% data variables.enterprise.prodname_managed_users_caps %} and the content they create is only visible to other members of the enterprise.
 * Other {% data variables.product.prodname_dotcom %} users cannot see, mention, or invite a {% data variables.enterprise.prodname_managed_user %} to collaborate.
 * {% data variables.enterprise.prodname_managed_users_caps %} can view all public repositories on {% data variables.product.prodname_dotcom_the_website %}, but cannot interact with repositories outside of the enterprise in any of the following ways:

content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups.md

@@ -20,7 +20,7 @@ topics:
 
 ## About team management with {% data variables.product.prodname_emus %}
 
-With {% data variables.product.prodname_emus %}, you can manage team and organization membership within your enterprise through your IdP by connecting {% data variables.product.prodname_dotcom %} teams with IdP groups. When you connect a team in one of your enterprise's organizations to an IdP group, changes to membership from the IdP group are reflected in your enterprise automatically, reducing the need for manual updates and custom scripts. 
+With {% data variables.product.prodname_emus %}, you can manage team and organization membership within your enterprise through your IdP by connecting {% data variables.product.prodname_dotcom %} teams with IdP groups. When you connect a team in one of your enterprise's organizations to an IdP group, changes to membership from the IdP group are reflected in your enterprise automatically, reducing the need for manual updates and custom scripts.
 
 When a change to an IdP group or a new team connection results in a {% data variables.enterprise.prodname_managed_user %} joining a team in an organization they were not already a member of, the {% data variables.enterprise.prodname_managed_user %} will automatically be added to the organization. When you disconnect a group from a team, users who became members of the organization via team membership are removed from the organization if they are not assigned membership in the organization by any other means.
 
@@ -44,9 +44,11 @@ You can connect a team in your enterprise to one IdP group. You can assign the s
 
 If you are connecting an existing team to an IdP group, you must first remove any members that were added manually. After you connect a team in your enterprise to an IdP group, your IdP administrator must make team membership changes through the identity provider. You cannot manage team membership on {% data variables.product.prodname_dotcom_the_website %}.
 
+If you use Azure AD as your IdP, you can only connect a team to a security group. Nested group memberships and Microsoft 365 groups are not supported.
+
 ## Creating a new team connected to an IdP group
 
-Any member of an organization can create a new team and connect the team to an IdP group. 
+Any member of an organization can create a new team and connect the team to an IdP group.
 
 {% data reusables.profile.access_org %}
 {% data reusables.user-settings.access_org %}
@@ -73,7 +75,7 @@ Organization owners and team maintainers can manage the existing connection betw
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.specific_team %}
 {% data reusables.organizations.team_settings %}
-1. Optionally, under "Identity Provider Group", to the right of the IdP group you want to disconnect, click {% octicon "x" aria-label="X symbol" %}. 
+1. Optionally, under "Identity Provider Group", to the right of the IdP group you want to disconnect, click {% octicon "x" aria-label="X symbol" %}.
     ![Unselect a connected IdP group from the GitHub team](/assets/images/enterprise/github-ae/teams/unselect-idp-group.png)
 1. To connect an IdP group, under "Identity Provider Group", select the drop-down menu, and click an identity provider group from the list.
     ![Drop-down menu to choose identity provider group](/assets/images/enterprise/github-ae/teams/choose-an-idp-group.png)
@@ -88,5 +90,5 @@ You can review a list of IdP groups, see any teams connected to an IdP group, an
     ![Screenshot showing "Identity provider" tab in enterprise sidebar](/assets/images/help/enterprises/enterprise-account-identity-provider-tab.png)
 2. To see the members and teams connected to an IdP group, click the group's name.
     ![Screenshot showing list of IdP groups, the group name is highlighted](/assets/images/help/enterprises/select-idp-group.png)
-4. To view the teams connected to the IdP group, click **Teams**. 
+4. To view the teams connected to the IdP group, click **Teams**.
     ![Screenshot showing the "Teams" button](/assets/images/help/enterprises/idp-groups-team-switcher.png)

content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-saml-to-oidc.md

@@ -32,13 +32,19 @@ If you're new to {% data variables.product.prodname_emus %} and haven't yet conf
 
 1. Before you begin the migration, sign in to Azure and disable provisioning in the existing {% data variables.product.prodname_emu_idp_application %} application.
 1. If you use [Conditional Access (CA) network location policies](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition) in Azure AD, and you're currently using an IP allow list with your enterprise account or any of the organizations owned by the enterprise account on {% data variables.product.prodname_dotcom_the_website %}, disable the IP allow lists. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)."
-1.  Sign into {% data variables.product.prodname_dotcom_the_website %} as the setup user for your enterprise with the username **@<em>SHORT-CODE</em>_admin**. 
+1.  Sign into {% data variables.product.prodname_dotcom_the_website %} as the setup user for your enterprise with the username **@<em>SHORT-CODE</em>_admin**.
 1. When prompted to continue to your identity provider, click **Use a recovery code** and sign in using one of your enterprise's recovery codes.
+
+   {% note %}
+
+   **Note:** You must use a recovery code for your enterprise, not your user account. For more information, see "[Downloading your enterprise account's single sign-on recovery codes](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes)."
+
+   {% endnote %}
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.security-tab %}
-1. At the bottom of the page, next to "Migrate to OpenID Connect single sign-on", click **Configure with Azure**.  
-   {% warning %} 
+1. At the bottom of the page, next to "Migrate to OpenID Connect single sign-on", click **Configure with Azure**.
+   {% warning %}
 
    **Warning:** The migration can take up to an hour, and it is important that no users are provisioned during the migration. You can confirm if the migration is still in progress by returning to your enterprise's security settings page; if "Require SAML authentication" is still checked, the migration is still in progress.
 
@@ -48,8 +54,8 @@ If you're new to {% data variables.product.prodname_emus %} and haven't yet conf
 1. Read both warnings and click to continue.
 {% data reusables.enterprise-accounts.emu-azure-admin-consent %}
 1. In a new tab or window, while signed in as the setup user on {% data variables.product.prodname_dotcom_the_website %}, create a {% data variables.product.pat_v1 %} with the **admin:enterprise** scope and **no expiration** and copy it to your clipboard. For more information about creating a new token, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users#creating-a-personal-access-token)."
-1. In the settings for the {% data variables.product.prodname_emu_idp_oidc_application %} application in Azure Portal, under "Tenant URL", type `https://api.github.com/scim/v2/enterprises/YOUR_ENTERPRISE`, replacing YOUR_ENTERPRISE with the name of your enterprise account.  
-   
+1. In the settings for the {% data variables.product.prodname_emu_idp_oidc_application %} application in Azure Portal, under "Tenant URL", type `https://api.github.com/scim/v2/enterprises/YOUR_ENTERPRISE`, replacing YOUR_ENTERPRISE with the name of your enterprise account.
+
    For example, if your enterprise account's URL is `https://github.com/enterprises/octo-corp`, the name of the enterprise account is `octo-corp`.
 1. Under "Secret token", paste the {% data variables.product.pat_v1 %} with the **admin:enterprise** scope that you created earlier.
 1. To test the configuration, click **Test Connection**.

content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md

@@ -28,6 +28,8 @@ LDAP is a popular application protocol for access and maintenance of directory i
 
 If you use an LDAP directory for centralized authentication, you can configure LDAP authentication for the people who use {% data variables.location.product_location %}.
 
+{% data reusables.enterprise.saml-or-ldap %}
+
 {% data reusables.enterprise_user_management.built-in-authentication %}
 
 ## Supported LDAP services

content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md

@@ -56,6 +56,8 @@ SAML SSO allows people to authenticate and access {% data variables.location.pro
 
 SAML is an XML-based standard for authentication and authorization. When you configure SAML for {% data variables.location.product_location %}, the external system for authentication is called an identity provider (IdP). Your instance acts as a SAML service provider (SP). For more information about the SAML standard, see [Security Assertion Markup Language](https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language) on Wikipedia.
 
+{% data reusables.enterprise.saml-or-ldap %}
+
 {% elsif ghae %}
 
 {% data reusables.saml.ae-uses-saml-sso %} {% data reusables.saml.ae-enable-saml-sso-during-bootstrapping %}

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md

@@ -1093,7 +1093,7 @@ Before you'll see `git` category actions, you must enable Git events in the audi
 {%- ifversion ghes %}
 | `repo.disk_archive`  | A repository was archived on disk. For more information, see "[AUTOTITLE](/repositories/archiving-a-github-repository/archiving-repositories)."
 {%- endif %}
-| `repo.download_zip` | A source code archive of a repository was downloaded as a ZIP file.
+| `repo.download_zip` | A source code archive of a repository was downloaded as a ZIP file. For more information, see "[AUTOTITLE](/repositories/working-with-files/using-files/downloading-source-code-archives)."
 | `repo.pages_cname` | A {% data variables.product.prodname_pages %} custom domain was modified in a repository.
 | `repo.pages_create` | A {% data variables.product.prodname_pages %} site was created.
 | `repo.pages_destroy` | A {% data variables.product.prodname_pages %} site was deleted.

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md

@@ -62,26 +62,41 @@ You can compose a search query from one or more `key:value` pairs, separated by
 The `key:value` pairs that can be used in a search query are:
 
 Key            | Value
---------------:| --------------------------------------------------------
-`actor_id`     | ID of the user account that initiated the action
-`actor`        | Name of the user account that initiated the action
-`oauth_app_id` | ID of the OAuth application associated with the action
-`action`       | Name of the audited action
-`user_id`      | ID of the user affected by the action
-`user`         | Name of the user affected by the action
-`repo_id`      | ID of the repository affected by the action (if applicable)
-`repo`         | Name of the repository affected by the action (if applicable)
-`actor_ip`     | IP address from which the action was initiated
-`created`      | Time at which the action occurred{% ifversion ghes %}. If querying the audit log from the site admin dashboard, use `created_at` instead{% endif %}
-`from`         | View from which the action was initiated
-`note`         | Miscellaneous event-specific information (in either plain text or JSON format)
-`org`          | Name of the organization affected by the action (if applicable)
-`org_id`       | ID of the organization affected by the action (if applicable)
-`business` | Name of the enterprise affected by the action (if applicable)
-`business_id` | ID of the enterprise affected by the action (if applicable)
+-------------- | --------------------------------------------------------
+`action`       | Name of the audited action.
+`actor`        | Name of the user account that initiated the action.
+{%- ifversion ghes or ghae %}
+`actor_id`     | ID of the user account that initiated the action.{% endif %}
+{%- ifversion ghes or ghae %}
+`actor_ip`     | IP address from which the action was initiated.{% endif %}
+{%- ifversion ghes or ghae %}
+`business` | Name of the enterprise affected by the action (if applicable).{% endif %}
+{%- ifversion ghes or ghae %}
+`business_id` | ID of the enterprise affected by the action (if applicable).{% endif %}
 {%- ifversion token-audit-log %}
-`hashed_token` | The token used to authenticate for the action (if applicable, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token)")
-{%- endif %}
+`created`      | Time at which the action occurred.{% ifversion ghes %} If querying the audit log from the site admin dashboard, use `created_at` instead.{% endif %}
+`country`           | Name of the country where the actor was when performing the action.
+`country_code`      | Two-letter short code of the country where the actor was when performing the action.
+{%- ifversion ghes or ghae %}
+`from`         | View from which the action was initiated.{% endif %}
+`hashed_token` | The token used to authenticate for the action (if applicable, see "[Identifying audit log events performed by an access token](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token)"). {% endif %}
+`ip`                | IP address of the actor.
+{%- ifversion ghes or ghae %}
+`note`         | Miscellaneous event-specific information (in either plain text or JSON format).{% endif %}
+{%- ifversion ghes or ghae %}
+`oauth_app_id` | ID of the OAuth application associated with the action.{% endif %}
+`operation`         | Operation type that corresponds with the action. Operation types are `create`, `access`, `modify`, `remove`, `authentication`, `transfer`, and `restore`. 
+{%- ifversion ghes or ghae %}
+`org`          | Name of the organization affected by the action (if applicable).{% endif %}
+{%- ifversion ghes or ghae %}
+`org_id`       | ID of the organization affected by the action (if applicable).{% endif %}
+{%- ifversion ghes or ghae %}
+`repo_id`      | ID of the repository affected by the action (if applicable).{% endif %}
+`repository`        | Name with owner of the repository where the action occurred (such as `octocat/octo-repo`).
+{%- ifversion ghes or ghae %}
+`user_id`      | ID of the user affected by the action.{% endif %}
+`user`         | Name of the user affected by the action.
+
 
 To see actions grouped by category, you can also use the action qualifier as a `key:value` pair. For more information, see "[Search based on the action performed](#search-based-on-the-action-performed)."
 

content/admin/overview/best-practices-for-enterprises.md

@@ -13,6 +13,10 @@ topics:
   - Fundamentals
 ---
 
+## Assign multiple owners
+
+{% data reusables.organizations.ent-ownership-recommendation %} {% ifversion ghec or ghes %}For more information, see "[Inviting people to manage your enterprise](/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise)."{% endif %}
+
 {% ifversion ghec %}
 ## Identify the best authentication method for your enterprise
 

content/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md

@@ -56,7 +56,9 @@ Enterprise owners who create an organization owned by the enterprise account aut
 
 ## Inviting an organization to join your enterprise account
 
-Enterprise owners can invite existing organizations to join their enterprise account. If the organization you want to invite is already owned by another enterprise account, you must be an owner of both enterprise accounts, or the previous enterprise must give up ownership of the organization first. For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise)."
+Enterprise owners can invite existing organizations to join their enterprise account. 
+
+If the organization you want to invite is already owned by another enterprise account, you must be an owner of both enterprise accounts. If you're not, you can ask an owner of the enterprise account that currently owns the organization to transfer the organization to your enterprise account instead. For more information, see "[Transferring an organization between enterprise accounts](#transferring-an-organization-between-enterprise-accounts)."
 
 When you invite an organization to join your enterprise account, at least one owner needs to accept the invitation. Then, you must give a final approval for the transfer.
 

content/admin/user-management/managing-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md

@@ -91,7 +91,7 @@ Each time a user sees a mandatory message, an audit log event is created. The ev
 {% ifversion display-mandatory-message-again %} {% else %}
 {% note %}
 
-**Note:** If you change the mandatory message for {% data variables.location.product_location %}, users who have already acknowledged the message will not see the new message. 
+**Note:** If you change the mandatory message for {% data variables.location.product_location %}, users who have already acknowledged the message will not see the new message.
 
 {% endnote %}
 {% endif %}
@@ -103,7 +103,7 @@ Each time a user sees a mandatory message, an audit log event is created. The ev
   ![Add mandatory message button](/assets/images/enterprise/site-admin-settings/add-mandatory-message-button.png)
 1. Under "Mandatory message", in the text box, type your message.
   ![Screenshot of the mandatory message text box](/assets/images/enterprise/site-admin-settings/mandatory-message-text-box.png)
-{%- ifversion display-mandatory-message-again %} 
+{%- ifversion display-mandatory-message-again %}
 1. Optionally, select **Show updated message to all users even if they dismissed the previous one**.
 ![Screenshot of checkbox that when selected pushes mandatory messages to all users](/assets/images/enterprise/site-admin-settings/push-mandatory-message-checkbox.png)
    {% endif %}
@@ -132,12 +132,13 @@ You can also set an announcement banner{% ifversion ghes %} in the administrativ
 
    ![Screenshot of the text field to enter announcement](/assets/images/enterprise/site-admin-settings/announcement-text-field.png)
 2. Optionally, under "Expires on", select the calendar drop-down menu and click an expiration date.
-
+   {% ifversion ghe-announce-dismiss %}
    {% note %}
 
    **Note:** Announcements must either have an expiration date, be user dismissible, or both.
 
    {% endnote %}
+   {% endif %}
 
    ![Screenshot of the calendar drop-down menu to choose expiration date](/assets/images/enterprise/site-admin-settings/expiration-drop-down.png){% ifversion ghe-announce-dismiss %}
 3. Optionally, to allow each user to dismiss the announcement, select **User dismissible**.

content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md

@@ -0,0 +1,145 @@
+---
+title: Authenticating as a GitHub App installation
+shortTitle: Authenticate as an installation
+intro: You can make your {% data variables.product.prodname_github_app %} authenticate as an installation in order to make API requests that affect resources owned by the account where the app is installed.
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: '*'
+  ghec: '*'
+topics:
+  - GitHub Apps
+---
+
+## About authentication as a {% data variables.product.prodname_github_app %} installation
+
+Once your {% data variables.product.prodname_github_app %} is installed on an account, you can make it authenticate as an app installation for API requests. This allows the app to access resources owned by that installation, as long as the app was granted the necessary repository access and permissions. API requests made by an app installation are attributed to the app. For more information about installing GitHub Apps, see "[Installing GitHub Apps](/developers/apps/managing-github-apps/installing-github-apps)."
+
+For example, if you want your app to change the `Status` field of an issue on a project owned by an organization called "octo-org," then you would authenticate as the octo-org installation of your app. The timeline of the issue would state that your app updated the status.
+
+To make an API request as an installation, you must first generate an installation access token. Then, you will send the installation access token in the `Authorization` header of your subsequent API requests. You can also use {% data variables.product.company_short %}'s Octokit SDKs, which can generate an installation access token for you.
+
+API requests that are made by app installations are called "server-to-server requests." If a REST API endpoint works with server-to-server requests, the REST reference documentation for that endpoint will say "Works with {% data variables.product.prodname_github_apps %}." Additionally, your app must have the required permissions to use the endpoint. For more information about the permissions required for REST API endpoints, see "[Permissions required for GitHub Apps](/rest/overview/permissions-required-for-github-apps)."
+
+App installations can also use the GraphQL API. Similar to the REST API, the app must have certain permissions to access objects in the GraphQL API. For GraphQL requests, you should test you app to ensure that your app has the required permissions for the GraphQL queries and mutations that you want to make.
+
+For more information about authenticating as an app on behalf of a user instead of as an app installation, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)".
+
+## Using an installation access token to authenticate as an app installation
+
+To authenticate as an installation with an installation access token, first use the REST API to generate an installation access token. Then, use that installation access token in the `Authorization` header of a REST API or GraphQL API request. The installation access token will expire after 1 hour.
+
+### Generating an installation access token
+
+{% data reusables.apps.generate-installation-access-token %}
+
+### Authenticating with an installation access token
+
+To authenticate with an installation access token, include it in the `Authorization` header of an API request. The access token will work with both the GraphQL API and the REST API.
+
+Your app must have the required permissions to use the endpoint. For more information about the permissions required for REST API endpoints, see "[Permissions required for GitHub Apps](/rest/overview/permissions-required-for-github-apps)." For GraphQL requests, you should test your app to ensure that it has the required permissions for the GraphQL queries and mutations that you want to make.
+
+In the following example, replace `INSTALLATION_ACCESS_TOKEN` with an installation access token:
+
+```shell
+curl --request GET \
+--url "{% data variables.product.api_url_pre %}meta" \
+--header "Accept: application/vnd.github+json" \
+--header "Authorization: Bearer INSTALLATION_ACCESS_TOKEN"{% ifversion api-date-versioning %}\
+--header "X-GitHub-Api-Version: {{ allVersions[currentVersion].latestApiVersion }}"{% endif %}
+```
+
+## Using the Octokit.js SDK to authenticate as an app installation
+
+You can use {% data variables.product.company_short %}'s Octokit.js SDK to authenticate as an app installation. One advantage of using the SDK to authenticate is that you do not need to generate a JSON web token (JWT) yourself. Additionally, the SDK will take care of regenerating an installation access token for you so you don't need to worry about the one hour expiration.
+
+{% note %}
+
+You must install and import `octokit` in order to use the Octokit.js library. The following example uses import statements in accordance with ES6. For more information about different installation and import methods, see [the Octokit.js README's Usage section](https://github.com/octokit/octokit.js/#usage).
+
+{% endnote %}
+
+### Using Octokit.js to authenticate with an installation ID
+
+1. Get the ID of your app. You can find your app's ID on the settings page for your app. For user-owned apps, the settings page is `https://github.com/settings/apps/APP-SLUG`. For organization-owned apps, the settings page is `https://github.com/organizations/ORGANIZATION/settings/apps/APP-SLUG`. Replace `APP-SLUG` with the slugified name of your app. Replace `ORGANIZATION` with the slugified name of your organization. For example, `https://github.com/organizations/octo-org/settings/apps/octo-app`.
+1. Generate a private key. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps)".
+1. Get the ID of the installation that you want to authenticate as.
+
+   If you are responding to a webhook event, the webhook payload will include the installation ID.
+
+   You can also use the REST API to find the ID for an installation of your app. For example, you can get an installation ID with the `GET /users/{username}/installation`, `GET /repos/{owner}/{repo}/installation`, `GET /orgs/{org}/installation`, or `GET /app/installations` endpoints. For more information, see "[AUTOTITLE](/rest/apps/apps)".
+1. Import `App` from `octokit`. Create a new instance of `App`. In the following example, replace `APP_ID` with a reference to your app's ID. Replace `PRIVATE_KEY` with a reference to your app's private key.
+
+   ```javascript{:copy}
+   import { App } from "octokit";
+ 
+   const app = new App({
+     appId: APP_ID,
+     privateKey: PRIVATE_KEY,
+   });
+   ```
+
+1. Use the `getInstallationOctokit` method to create an authenticated `octokit` instance. In the following example, replace `INSTALLATION_ID` with the ID of the installation of your app that you want to authenticate on behalf of.
+
+   ```javascript{:copy}
+   const octokit = await app.getInstallationOctokit(INSTALLATION_ID);
+   ```
+
+1. Use an `octokit` method to make a request to the API.
+
+   Your app must have the required permissions to use the endpoint. For more information about the permissions required for REST API endpoints, see "[Permissions required for GitHub Apps](/rest/overview/permissions-required-for-github-apps)." For GraphQL requests, you should test you app to ensure that your app has the required permissions for the GraphQL queries and mutations that you want to make.
+
+   For example, to make a request to the GraphQL API:
+
+   ```javascript{:copy}
+   await octokit.graphql(`
+     query { 
+       viewer { 
+         login
+       }
+     }
+     `)
+   ```
+
+   For example, to make a request to the REST API:
+
+   ```javascript{:copy}
+   await octokit.request("GET /meta")
+   ```
+
+### Using Octokit.js to authenticate in response to a webhook event
+
+The Octokit.js SDK also passes a pre-authenticated `octokit` instance to webhook event handlers.
+
+1. Get the ID of your app. You can find your app's ID on the settings page for your app. For user-owned apps, the settings page is `https://github.com/settings/apps/APP-SLUG`. For organization-owned apps, the settings page is `https://github.com/organizations/ORGANIZATION/settings/apps/APP-SLUG`. Replace `APP-SLUG` with the slugified name of your app. Replace `ORGANIZATION` with the slugified name of your organization. For example, `https://github.com/organizations/octo-org/settings/apps/octo-app`.
+1. Generate a private key. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps)".
+1. Get the webhook secret that you specified in your app's settings.
+1. Import `App` from `octokit`. Create a new instance of `App`. In the following example, replace `APP_ID` with a reference to your app's ID. Replace `PRIVATE_KEY` with a reference to your app's private key. Replace `WEBHOOK_SECRET` with the your app's webhook secret.
+
+   ```javascript{:copy}
+   import { App } from "octokit";
+ 
+   const app = new App({
+     appId: APP_ID,
+     privateKey: PRIVATE_KEY,
+     webhooks: { WEBHOOK_SECRET },
+   });
+   ```
+
+1. Use an `app.webhooks.*` method to handle webhook events. For more information, see [the Octokit.js README's Webhooks section](https://github.com/octokit/octokit.js#webhooks). For example, to create a comment on an issue when the issue is opened:
+
+   ```javascript
+   app.webhooks.on("issues.opened", ({ octokit, payload }) => {
+     await octokit.request("POST /repos/{owner}/{repo}/issues/{issue_number}/comments", {
+         owner: payload.repository.owner.login,
+         repo: payload.repository.name,
+         issue_number: payload.issue.number,
+         body: `This is a bot post in response to this issue being opened.`,
+         {% ifversion api-date-versioning %}
+         headers: {
+           "x-github-api-version": "{{ allVersions[currentVersion].latestApiVersion }}",
+         },{% endif %}
+       }
+     )
+   });
+   ```

content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app.md

@@ -0,0 +1,67 @@
+---
+title: Authenticating as a GitHub App
+intro: You can authenticate as a {% data variables.product.prodname_github_app %} in order to generate an installation access token or manage your app.
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: '*'
+  ghec: '*'
+topics:
+  - GitHub Apps
+shortTitle: Authenticate as an app
+---
+
+## About authentication as a {% data variables.product.prodname_github_app %}
+
+You must authenticate as a {% data variables.product.prodname_github_app %} in order to make REST API requests as the application. For example, if you want to use the API to generate an installation access token for accessing organization resources, list installations across organizations for your app, or suspend an app installation, you must authenticate as an app.
+
+If a REST API endpoint requires you to authenticate as an app, the documentation for that endpoint will indicate that you must use a JWT to access the endpoint. The GraphQL API does not support any queries or mutations that require you to authenticate as an app.
+
+## Using a JSON Web Token (JWT) to authenticate as a {% data variables.product.prodname_github_app %}
+
+1. Generate a JSON Web Token (JWT) for your app. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app)."
+1. Include the JWT in the `Authorization` header of your request. In the following example, replace `YOUR_JWT` with your JWT.
+
+   ```shell
+   curl --request POST \
+   --url "{% data variables.product.api_url_pre %}/app/installations" \
+   --header "Accept: application/vnd.github+json" \
+   --header "Authorization: Bearer YOUR_JWT"{% ifversion api-date-versioning %}\
+   --header "X-GitHub-Api-Version: {{ allVersions[currentVersion].latestApiVersion }}"{% endif %}
+   ```
+
+## Using the Octokit.js SDK to authenticate as a {% data variables.product.prodname_github_app %}
+
+You can use {% data variables.product.company_short %}'s Octokit.js SDK to authenticate as a {% data variables.product.prodname_github_app %}. One advantage of using the SDK to authenticate is that you do not need to generate a JSON web token (JWT) yourself. Additionally, the SDK will take care of regenerating the JWT when it expires.
+
+{% note %}
+
+**Note**: You must install and import `octokit` in order to use the Octokit.js library. The following example uses import statements in accordance with ES6. For more information about different installation and import methods, see [Usage](https://github.com/octokit/octokit.js/#usage) in the octokit/octokit repository.
+
+{% endnote %}
+
+1. On the settings page for your app, get the app's ID.
+   - For user-owned apps, the settings page is `https://github.com/settings/apps/APP-SLUG`. 
+   - For organization-owned apps, the settings page is `https://github.com/organizations/ORGANIZATION/settings/apps/APP-SLUG`. 
+   
+   Replace `APP-SLUG` with the sluggified name of your app and `ORGANIZATION` with the sluggified name of your organization. For example, `https://github.com/organizations/octo-org/settings/apps/octo-app`.
+1. Generate a private key. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps)."
+1. Import `App` from `octokit`.
+
+   ```javascript{:copy}
+   import { App } from "octokit";
+   ```
+1. Create a new instance of `App`. In the following example, replace `APP_ID` with a reference to your app's ID. Replace `PRIVATE_KEY` with a reference to the value of your app's private key.
+
+   ```javascript{:copy}
+    const app = new App({
+     appId: APP_ID,
+     privateKey: PRIVATE_KEY,
+   });
+   ```
+
+1. Use an `octokit` method to make a request to a REST API endpoint that requires a JWT. For example:
+
+   ```javascript{:copy}
+   await app.octokit.request("/app")
+   ```

content/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app.md

@@ -0,0 +1,26 @@
+---
+title: Generating an installation access token for a GitHub App
+shortTitle: Installation access token
+intro: Learn how to generate an installation access token for your {% data variables.product.prodname_github_app %}.
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: '*'
+  ghec: '*'
+topics:
+  - GitHub Apps
+---
+
+## About installation access tokens
+
+In order to authenticate as an app installation, you must generate an installation access token. For more information about authenticating as an app installation, see "[Authenticating as a GitHub App installation](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)."
+
+{% note %}
+
+**Note**: Instead of generating an installation access token, you can use {% data variables.product.company_short %}'s Octokit SDKs to authenticate as an app. The SDK will take care of generating an installation access token for you and will regenerate the token once it expires. For more information about authenticating as an app installation, see "[Authenticating as a GitHub App installation](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)."
+
+{% endnote %}
+
+## Generating an installation access token
+
+{% data reusables.apps.generate-installation-access-token %}

content/apps/creating-github-apps/authenticating-with-a-github-app/index.md

@@ -9,9 +9,12 @@ versions:
 topics:
   - GitHub Apps
 children:
-  - /generating-a-json-web-token-jwt-for-a-github-app
   - /authenticating-with-github-apps
+  - /authenticating-as-a-github-app
+  - /authenticating-as-a-github-app-installation
+  - /managing-private-keys-for-github-apps
+  - /generating-a-json-web-token-jwt-for-a-github-app
+  - /generating-an-installation-access-token-for-a-github-app
   - /identifying-and-authorizing-users-for-github-apps
   - /refreshing-user-to-server-access-tokens
-  - /managing-private-keys-for-github-apps
 ---

content/apps/using-github-apps/installing-an-app-in-your-organization.md

@@ -28,8 +28,7 @@ If you choose a paid plan, you'll pay for your app subscription on your organiza
 {% data reusables.marketplace.confirm-install-account-org %}
 {% data reusables.marketplace.add-payment-method-org %}
 {% data reusables.marketplace.complete-order-begin-installation %}
-8. If the app requires access to repositories, decide whether to give the app access to all of your repositories or to certain repositories, then select **All repositories** or **Only select repositories**.
-  ![Radio buttons with options to install an app on all of your repositories or certain repositories](/assets/images/help/marketplace/marketplace-choose-repo-install-option.png)
+1. If the app requires access to repositories, select **All repositories** or **Only select repositories**.
 {% data reusables.marketplace.select-installation-repos %}
 {% data reusables.marketplace.review-app-perms-install %}
 

content/apps/using-github-apps/installing-an-app-in-your-personal-account.md

@@ -27,7 +27,6 @@ If you choose a paid plan, you'll pay for your app subscription on your personal
 {% data reusables.marketplace.add-payment-method-personal %}
 {% data reusables.marketplace.complete-order-begin-installation %}
 8. Decide whether to give the app access to all of your repositories, or to certain repositories, then select **All repositories** or **Only select repositories**.
-  ![Radio buttons with options to install an app on all of your repositories or certain repositories](/assets/images/help/marketplace/marketplace-choose-repo-install-option.png)
 {% data reusables.marketplace.select-installation-repos %}
 {% data reusables.marketplace.review-app-perms-install %}
 

content/authentication/keeping-your-account-and-data-secure/sudo-mode.md

@@ -32,6 +32,15 @@ After you authenticate to perform a sensitive action, your session is temporaril
 
 {% endnote %}
 
+{% endif %}
+{% ifversion ghec %}
+
+{% note %}
+
+**Note**: If your enterprise uses {% data variables.product.prodname_emus %}, you will not receive prompts to enter sudo mode, as your account doesn't have credentials stored on {% data variables.product.product_name %}. 
+
+{% endnote %}
+
 {% endif %}
 
 "sudo" is a reference to a program on Unix systems, where the name is short for "**su**peruser **do**." For more information, see [sudo](https://wikipedia.org/wiki/Sudo) on Wikipedia.

content/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md

@@ -19,19 +19,19 @@ shortTitle: Access GitHub with 2FA
 
 {% ifversion 2fa-check-up-period %}
 
-With two-factor authentication (2FA) enabled, you'll need to provide an authentication code when accessing {% data variables.product.product_name %} through your browser. When you first configure 2FA, your account will enter a check up period for 28 days, and 2FA will not be necessary in existing {% data variables.product.prodname_dotcom_the_website %} sessions. You can exit the check up period by successfully performing 2FA within 28 days. If you fail to authenticate within 28 days, you'll be asked to perform 2FA inside one of your existing {% data variables.product.prodname_dotcom_the_website %} sessions. If you cannot perform 2FA to pass the 28th day checkup, use the provided shortcut to reconfigure your 2FA settings and retain access to {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)."
+With two-factor authentication (2FA) enabled, you'll need to use a second factor when accessing {% data variables.product.product_name %} through your browser. When you first configure 2FA, your account will enter a check up period for 28 days to ensure your account's 2FA methods are setup correctly. You can exit the check up period by successfully performing 2FA within 28 days. If you don't authenticate within 28 days, you'll be asked to perform 2FA inside one of your existing {% data variables.product.prodname_dotcom_the_website %} sessions. If you cannot perform 2FA to pass the 28th day checkup, use the provided shortcut to reconfigure your 2FA settings and retain access to {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)."
 
 If you access {% data variables.product.product_name %} using other methods, such as the API or the command line, you'll authenticate using a token, application, or SSH key. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/about-authentication-to-github)."
 
 {% else %}
 
-With two-factor authentication enabled, you'll need to provide an authentication code when accessing {% data variables.product.product_name %} through your browser. If you access {% data variables.product.product_name %} using other methods, such as the API or the command line, you'll need to use an alternative form of authentication. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/about-authentication-to-github)."
+With two-factor authentication enabled, you'll need to provide an authentication code{% ifversion fpt or ghec %}, tap a notification in GitHub Mobile,{% endif %} or use a security key when accessing {% data variables.product.product_name %} through your browser. If you access {% data variables.product.product_name %} using other methods, such as the API or the command line, you'll need to use an alternative form of authentication. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/about-authentication-to-github)."
 
 {% endif %}
 
-## Providing a 2FA code when signing in to the website
+## Performing 2FA when signing in to the website
 
-After you sign in to {% data variables.product.product_name %} using your password, you'll be prompted to provide an authentication code from {% ifversion fpt or ghec %}a text message or{% endif %} your TOTP app.
+After you sign in to {% data variables.product.product_name %} using your password, you'll need to provide an authentication code{% ifversion fpt or ghec %}, tap a notification in {% data variables.product.prodname_mobile %},{% endif %} or use a security key to perform 2FA.
 
 {% data variables.product.product_name %} will only ask you to provide your 2FA authentication code again if you've logged out, are using a new device, are performing a sensitive action, or your session expires. For more information on 2FA for sensitive actions, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/sudo-mode)."
 
@@ -41,6 +41,15 @@ If you chose to set up two-factor authentication using a TOTP application on you
 
 If you delete your authenticator application after configuring two-factor authentication, you'll need to provide your recovery code to get access to your account. Many TOTP apps support the secure backup of your authentication codes in the cloud and can be restored if you lose access to your device. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials)."
 
+### Using a security key 
+
+If you've set up a security key on your account, and your browser supports security keys, you can use it to complete your sign in. 
+
+1. Using your username and password, sign in to {% data variables.product.product_name %} through your browser.
+1. If you use a physical security key, ensure it's connected to your device. 
+1. To trigger the security key prompt from your operating system, select "Use security key".
+1. Select the appropriate option in the prompt. Depending on your security key configuration, you may type a PIN, complete a biometric prompt, or use a physical security key.
+
 {% ifversion fpt or ghec %}
 
 ### Receiving a text message
@@ -52,9 +61,6 @@ If you set up two-factor authentication via text messages, {% data variables.pro
 If you have installed and signed in to {% data variables.product.prodname_mobile %}, you may choose to authenticate with {% data variables.product.prodname_mobile %} for two-factor authentication.
 
 1. Sign in to {% data variables.product.product_name %} with your browser, using your username and password.
-1. If you have added a security key to your account, you'll first be prompted to insert and use a security key. To skip using a security key, click **Authenticate with {% data variables.product.prodname_mobile %}**.
-
-   ![Screenshot of login options on the 2FA screen. A link, labeled "Authenticate with {% data variables.product.prodname_mobile %}", is outlined in orange.](/assets/images/help/2fa/2fa-select-mobile.png)
 1. {% data variables.product.product_name %} will send you a push notification to verify your sign in attempt. Opening the push notification or opening the {% data variables.product.prodname_mobile %} app will display a prompt, asking you to approve or reject this sign in attempt.
   {% note %}
 

content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods.md

@@ -18,7 +18,7 @@ topics:
   - 2FA
 shortTitle: Configure 2FA recovery
 ---
-In addition to securely storing your two-factor authentication recovery codes, we strongly recommend configuring one or more additional recovery methods.
+In addition to securely storing your two-factor authentication recovery codes, we strongly recommend configuring one or more additional authentication methods.
 
 ## Downloading your two-factor authentication recovery codes
 
@@ -51,33 +51,6 @@ Once you use a recovery code to regain access to your account, it cannot be reus
 
 You can set up a security key as a secondary two-factor authentication method, and use the security key to regain access to your account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key)."
 
-{% ifversion fpt or ghec %}
-
-## Setting a fallback authentication number
-
-You can provide a second number for a fallback device. If you lose access to both your preferred device and your recovery codes, a backup SMS number can get you back in to your account.
-
-You can use a fallback number regardless of whether you've configured authentication via text message or TOTP mobile application.
-
-{% warning %}
-
-**Warning:** Using a fallback number is a last resort. We recommend configuring additional recovery methods if you set a fallback authentication number.
-- Bad actors may attack cell phone carriers, so SMS authentication is risky.
-- SMS messages are only supported for certain countries outside the US; for the list, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported)".
-
-{% endwarning %}
-
-{% data reusables.user-settings.access_settings %}
-{% data reusables.user-settings.security %}
-1. Next to "Fallback SMS number", click **Add**.
-
-   ![Screenshot of account recovery options in the 2FA settings. A gray button, labeled "Add", is outlined in orange.](/assets/images/help/2fa/add-fallback-sms-number-button.png)
-1. Select your country code and type your mobile phone number, including the area code. When your information is correct, click **Set fallback**.
-
-  After setup, the backup device will receive a confirmation SMS.
-
-{% endif %}
-
 ## Further reading
 
 - "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication)"

content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md

@@ -57,7 +57,7 @@ A time-based one-time password (TOTP) application automatically generates an aut
 
 {% tip %}
 
-**Tip**: To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time. If 2FA is already enabled and you want to add another device, you must re-configure 2FA from your security settings.
+**Tip**: To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time. If 2FA is already enabled and you want to add another device, you must re-configure your TOTP app from your security settings.
 
 {% endtip %}
 
@@ -88,7 +88,7 @@ A time-based one-time password (TOTP) application automatically generates an aut
 
 ## Configuring two-factor authentication using text messages
 
-If you're unable to authenticate using a TOTP mobile app, you can authenticate using SMS messages. You can also provide a second number for a fallback device. If you lose access to both your preferred device and your recovery codes, a backup SMS number can get you back in to your account.
+If you're unable to configure a TOTP mobile app, you can also register your phone number to receive SMS messages.
 
 Before using this method, be sure that you can receive text messages. Carrier rates may apply.
 

content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md

@@ -48,17 +48,22 @@ Use one of your recovery codes to automatically regain entry into your account.
 1. Under "Having problems?", click **Use a recovery code{% ifversion fpt or ghec %} or request a reset{% endif %}**.
 1. Type one of your recovery codes, then click **Verify**.
 
-{% ifversion fpt or ghec %}
-## Authenticating with a fallback number
-
-If you lose access to your preferred TOTP app or phone number, you can provide a two-factor authentication code sent to your fallback number to automatically regain access to your account.
-{% endif %}
-
 ## Authenticating with a security key
 
 If you configured two-factor authentication using a security key, you can use your security key as a secondary authentication method to automatically regain access to your account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key)."
 
 {% ifversion fpt or ghec %}
+
+## Authenticating with a fallback number
+
+{% note %}
+
+**Note:** Configuring a fallback SMS number in addition to your primary SMS number is no longer supported. Instead, we strongly recommend registering multiple authentication methods.
+
+{% endnote %}
+
+If you lose access to your preferred TOTP app or phone number, you can provide a two-factor authentication code sent to your fallback number to automatically regain access to your account.
+
 ## Authenticating with a verified device, SSH token, or {% data variables.product.pat_generic %}
 
 If you know your password for {% data variables.location.product_location %} but don't have the two-factor authentication credentials or your two-factor authentication recovery codes, you can have a one-time password sent to your verified email address to begin the verification process and regain access to your account.

content/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md

@@ -23,7 +23,7 @@ shortTitle: Advanced Security billing
 
 {% ifversion fpt %}
 
-If you want to use {% data variables.product.prodname_GH_advanced_security %} features on any repository apart from a public repository on {% data variables.product.prodname_dotcom_the_website %}, you will need a {% data variables.product.prodname_GH_advanced_security %} license, available with {% data variables.product.prodname_ghe_cloud %} or {% data variables.product.prodname_ghe_server %}. 
+If you want to use {% data variables.product.prodname_GH_advanced_security %} features on any repository apart from a public repository on {% data variables.product.prodname_dotcom_the_website %}, you will need a {% data variables.product.prodname_GH_advanced_security %} license, available with {% data variables.product.prodname_ghe_cloud %} or {% data variables.product.prodname_ghe_server %}.
 
 For information about billing for {% data variables.product.prodname_GH_advanced_security %}, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
 
@@ -56,7 +56,11 @@ You can determine how many licenses you'll need for {% data variables.product.pr
 {% endif %}
 
 {% ifversion ghec %}
-Enterprise account customers on GitHub Enterprise Cloud who pay with a credit card can purchase a GitHub Advanced Security license from their enterprise account settings. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security)." For customers who pay by invoice, contact {% data variables.contact.contact_enterprise_sales %} to discuss licensing {% data variables.product.prodname_GH_advanced_security %} for your enterprise.
+If you use {% data variables.product.prodname_ghe_cloud %} with an enterprise account and pay with a credit card, you can purchase a {% data variables.product.prodname_GH_advanced_security %} license from your enterprise account settings. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security)."
+
+If you pay by invoice, contact {% data variables.contact.contact_enterprise_sales %} to discuss licensing {% data variables.product.prodname_GH_advanced_security %} for your enterprise.
+
+For other billing-related questions, contact {% data variables.contact.github_support %}.
 {% endif %}
 
 ## About committer numbers for {% data variables.product.prodname_GH_advanced_security %}
@@ -88,7 +92,7 @@ As soon as you free up some {% ifversion ghas-billing-UI-update %}licenses{% els
 You can enforce policies to allow or disallow the use of {% data variables.product.prodname_advanced_security %} by organizations owned by your enterprise account. For more information, see "[Enforcing policies for {% data variables.product.prodname_advanced_security %} in your enterprise]({% ifversion fpt %}/enterprise-cloud@latest/{% endif %}/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
 
 {% ifversion fpt or ghes or ghec %}
-For more information on viewing license usage, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage)." 
+For more information on viewing license usage, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage)."
 {% endif %}
 
 {% ifversion ghec %}
@@ -99,12 +103,12 @@ For more information on managing the number of committers, see "[AUTOTITLE](/bil
 
 The following example timeline demonstrates how active committer count for {% data variables.product.prodname_GH_advanced_security %} could change over time in an enterprise. For each month, you will find events, along with the resulting committer count.
 
-| Date | Events during the month | Total committers | 
-| :- | :- | -: | 
-| <nobr>April 15</nobr> | A member of your enterprise enables {% data variables.product.prodname_GH_advanced_security %} for repository **X**. Repository **X** has 50 committers over the past 90 days. | **50** | 
+| Date | Events during the month | Total committers |
+| :- | :- | -: |
+| <nobr>April 15</nobr> | A member of your enterprise enables {% data variables.product.prodname_GH_advanced_security %} for repository **X**. Repository **X** has 50 committers over the past 90 days. | **50** |
 | <nobr>May 1</nobr> | Developer **A** leaves the team working on repository **X**. Developer **A**'s contributions continue to count for 90 days. | **50** | **50** |
-| <nobr>August 1</nobr> | Developer **A**'s contributions no longer count towards the licenses required, because 90 days have passed. | <sub>_50 - 1_</sub></br>**49** | 
-| <nobr>August 15</nobr> | A member of your enterprise enables {% data variables.product.prodname_GH_advanced_security %} for a second repository, repository **Y**. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo **X** and do not require additional licenses. | <sub>_49 + 10_</sub><br/>**59** | 
+| <nobr>August 1</nobr> | Developer **A**'s contributions no longer count towards the licenses required, because 90 days have passed. | <sub>_50 - 1_</sub></br>**49** |
+| <nobr>August 15</nobr> | A member of your enterprise enables {% data variables.product.prodname_GH_advanced_security %} for a second repository, repository **Y**. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo **X** and do not require additional licenses. | <sub>_49 + 10_</sub><br/>**59** |
 | <nobr>August 16</nobr> | A member of your enterprise disables {% data variables.product.prodname_GH_advanced_security %} for repository **X**. Of the 49 developers who were working on repository **X**, 10 still also work on repository **Y**, which has a total of 20 developers contributing in the last 90 days. | <sub>_49 - 29_</sub><br/>**20** |
 
 {% note %}

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning.md

@@ -402,12 +402,14 @@ In the following example, the `+` symbol ensures that the specified additional {
     packs: +scope/pack1,scope/pack2@1.2.3,scope/pack3@4.5.6:path/to/queries
     {%- endif %}
 ```
+<!-- Anchor to maintain the current CodeQL CLI manual pages link: https://aka.ms/code-scanning-docs/config-file -->
+<a name="using-a-custom-configuration-file"></a>
+
+<!-- Anchor to maintain the old CodeQL CLI manual pages link: https://aka.ms/docs-config-file -->
+<a name="example-configuration-files"></a>
 
 ## Using a custom configuration file
 
-<!--The CodeQL CLI man pages include a link to this section of the article. If you rename this section,
-make sure that you also update the MS short link: https://aka.ms/code-scanning-docs/config-file.-->
-
 A custom configuration file is an alternative way to specify additional {% ifversion codeql-packs %}packs and {% endif %}queries to run. You can also use the file to disable the default queries{% ifversion code-scanning-exclude-queries-from-analysis %}, exclude or include specific queries,{% endif %} and to specify which directories to scan during analysis.
 
 In the workflow file, use the `config-file` parameter of the `init` action to specify the path to the configuration file you want to use. This example loads the configuration file _./.github/codeql/codeql-config.yml_.
@@ -554,9 +556,6 @@ You can quickly analyze small portions of a monorepo when you modify code in spe
 
 ### Example configuration files
 
-<!-- Note that the CodeQL CLI manual pages link to this heading: https://aka.ms/docs-config-file.
-If you edit this heading, update the short link too.-->
-
 {% data reusables.code-scanning.example-configuration-files %}
 
 ## Configuring {% data variables.product.prodname_code_scanning %} for compiled languages

content/code-security/codeql-cli/using-the-codeql-cli/creating-codeql-databases.md

@@ -241,10 +241,11 @@ The following examples are designed to give you an idea of some of the build com
 
 This command runs a custom script that contains all of the commands required to build the project.
 
-### Using indirect build tracing
+<!-- Anchor to maintain the CodeQL CLI manual pages link: https://aka.ms/codeql-docs/indirect-tracing -->
 
-<!--The CodeQL CLI man pages include a link to this section of the article. If you rename this section,
-make sure that you also update the MS short link: https://aka.ms/codeql-docs/indirect-tracing.-->
+<a name="using-indirect-build-tracing"></a>
+
+### Using indirect build tracing
 
 If the {% data variables.product.prodname_codeql_cli %} autobuilders for compiled languages do not work with your CI workflow and you cannot wrap invocations of build commands with `codeql database trace-command`, you can use indirect build tracing to create a {% data variables.product.prodname_codeql %} database. To use indirect build tracing, your CI system must be able to set custom environment variables for each build action.
 

content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md

@@ -147,7 +147,9 @@ For supported languages, {% data variables.product.prodname_dependabot %} detect
 1. View the details for an alert. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %}](#viewing-dependabot-alerts)" (above).
 {% ifversion fpt or ghec or ghes %}
 1. If you have {% data variables.product.prodname_dependabot_security_updates %} enabled, there may be a link to a pull request that will fix the dependency. Alternatively, you can click **Create {% data variables.product.prodname_dependabot %} security update** at the top of the alert details page to create a pull request.
-  ![Create {% data variables.product.prodname_dependabot %} security update button](/assets/images/help/repository/create-dependabot-security-update-button-ungrouped.png)
+
+  ![Screenshot of a {% data variables.product.prodname_dependabot %} alert with the "Create {% data variables.product.prodname_dependabot %} security update" button highlighted with a dark orange outline.](/assets/images/help/repository/create-dependabot-security-update-button-ungrouped.png)
+
 1. Optionally, if you do not use {% data variables.product.prodname_dependabot_security_updates %}, you can use the information on the page to decide which version of the dependency to upgrade to and create a pull request to update the dependency to a secure version.
 {% elsif ghae %}
 1. You can use the information on the page to decide which version of the dependency to upgrade to and create a pull request to the manifest or lock file to a secure version.
@@ -201,12 +203,11 @@ You can view all open alerts, and you can reopen alerts that have been previousl
 1. To just view closed alerts, click **Closed**.
 
    {%- ifversion dependabot-bulk-alerts %}
-   ![Screenshot showing the list of Dependabot alerts with the "Closed" tab highlighted with a dark orange outline.](/assets/images/help/repository/dependabot-alerts-closed-checkbox.png)
-   {%- else %}
-   ![Screenshot showing the list of Dependabot alerts with the "Closed" tab highlighted with a dark orange outline.](/assets/images/help/repository/dependabot-alerts-closed.png)
+   ![Screenshot showing the list of {% data variables.product.prodname_dependabot_alerts %} with the "Closed" tab highlighted with a dark orange outline.](/assets/images/help/repository/dependabot-alerts-closed-checkbox.png)
    {%- endif %}
+
 1. Click the alert that you would like to view or update.
-2. Optionally, if the alert was dismissed and you wish to reopen it, click **Reopen**. Alerts that have already been fixed cannot be reopened.
+1. Optionally, if the alert was dismissed and you wish to reopen it, click **Reopen**. Alerts that have already been fixed cannot be reopened.
 
    {% indented_data_reference reusables.enterprise.3-5-missing-feature spaces=3 %}
    ![Screenshot showing the "Reopen" button](/assets/images/help/repository/reopen-dismissed-alert.png)

content/code-security/secret-scanning/about-secret-scanning.md

@@ -81,7 +81,7 @@ If you're a repository administrator, you can enable {% data variables.secret-sc
 
 ### Accessing {% data variables.secret-scanning.alerts %}
 
-When you enable {% data variables.product.prodname_secret_scanning %} for a repository or push commits to a repository with {% data variables.product.prodname_secret_scanning %} enabled, {% data variables.product.prodname_dotcom %} scans the contents of those commits for secrets that match patterns defined by service providers{% ifversion ghes or ghae or ghec %} and any custom patterns defined in your enterprise, organization, or repository{% endif %}. {% ifversion secret-scanning-issue-body-comments %}{% data reusables.secret-scanning.scan-issue-description-and-comments %}{% endif %} {% ifversion secret-scanning-backfills %}{% data variables.product.prodname_dotcom %} also periodically runs a scan of all historical content in {% ifversion fpt %}public {% endif %}repositories with {% data variables.product.prodname_secret_scanning %} enabled.{% endif%}
+When you enable {% data variables.product.prodname_secret_scanning %} for a repository or push commits to a repository with {% data variables.product.prodname_secret_scanning %} enabled, {% data variables.product.prodname_dotcom %} scans the contents of those commits for secrets that match patterns defined by service providers{% ifversion ghes or ghae or ghec %} and any custom patterns defined in your enterprise, organization, or repository{% endif %}. {% ifversion secret-scanning-issue-body-comments %}{% data reusables.secret-scanning.scan-issue-description-and-comments %}{% endif %} {% ifversion secret-scanning-backfills %}{% data variables.product.prodname_dotcom %} also runs a scan of all historical content in {% ifversion fpt %}public {% endif %}repositories with {% data variables.product.prodname_secret_scanning %} enabled when a new partner pattern {% ifversion not fpt %}or custom pattern{% endif %} is added or updated.{% endif%}
 
 If {% data variables.product.prodname_secret_scanning %} detects a secret, {% data variables.product.prodname_dotcom %} generates an alert.
 

content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md

@@ -49,10 +49,12 @@ You can enable {% data variables.secret-scanning.user_alerts %} for any {% ifver
    {% ifversion ghec %}![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/help/repository/enable-ghas-dotcom.png)
    {% elsif ghes or ghae %}![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/enterprise/3.1/help/repository/enable-ghas.png){% endif %}
 1. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository**.
-1. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled.
-   ![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-ghec.png){% endif %}{% ifversion fpt %}
-2. Scroll down to the bottom of the page, and click **Enable** for {% data variables.product.prodname_secret_scanning %}. If you see a **Disable** button, it means that {% data variables.product.prodname_secret_scanning %} is already enabled for the repository.
-   ![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-alerts-fpt.png){% endif %}
+1. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled. 
+   
+   ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "Code security and analysis" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %}{% ifversion fpt %}
+1. Scroll down to the bottom of the page, and click **Enable** for {% data variables.product.prodname_secret_scanning %}. If you see a **Disable** button, it means that {% data variables.product.prodname_secret_scanning %} is already enabled for the repository. 
+   
+   ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "Code security and analysis" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %}
 
 {% ifversion secret-scanning-push-protection %}
 1. Optionally, if you want to enable push protection, click **Enable** to the right of "Push protection." {% data reusables.secret-scanning.push-protection-overview %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."

content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md

@@ -16,7 +16,6 @@ topics:
   - Repositories
 shortTitle: Dependency graph
 ---
-<!--For this article in earlier GHES versions, see /content/github/visualizing-repository-data-with-graphs-->
 <!--Marketing-LINK: From /features/security and /features/security/software-supply-chain pages "How GitHub's dependency graph is generated".-->
 
 ## About the dependency graph

content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md

@@ -21,7 +21,6 @@ topics:
   - Repositories
 shortTitle: Explore dependencies
 ---
-<!--For this article in earlier GHES versions, see /content/github/visualizing-repository-data-with-graphs-->
 
 ## Viewing the dependency graph
 

content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md

@@ -48,7 +48,7 @@ Yes, the dependency graph has two categories of limits:
 
     Manifests over 0.5 MB in size are only processed for enterprise accounts. For other accounts, manifests over 0.5 MB are ignored and will not create {% data variables.product.prodname_dependabot_alerts %}.
 
-    By default, {% data variables.product.prodname_dotcom %} will not process more than {% ifversion fpt %}150{% else %}600{% endif %} manifests per repository. {% data variables.product.prodname_dependabot_alerts %} are not created for manifests beyond this limit. If you need to increase the limit, contact {% data variables.contact.contact_support %}.
+    By default, {% data variables.product.prodname_dotcom %} will not process more than {% ifversion fpt or ghec %}150{% else %}600{% endif %} manifests per repository. {% data variables.product.prodname_dependabot_alerts %} are not created for manifests beyond this limit. If you need to increase the limit, contact {% data variables.contact.contact_support %}.
 
     Manifest files stored in directories with names that are typically used for vendored dependencies will not be processed. A directory whose name matches the following regular expressions is considered a vendored dependencies directory:
       - <code>(3rd|[Tt]hird)[-_]?[Pp]arty/</code>

content/codespaces/guides.md

@@ -50,7 +50,7 @@ includeGuides:
   - /codespaces/managing-codespaces-for-your-organization/managing-billing-for-codespaces-in-your-organization
   - /codespaces/managing-codespaces-for-your-organization/managing-encrypted-secrets-for-your-repository-and-organization-for-codespaces
   - /codespaces/managing-codespaces-for-your-organization/restricting-access-to-machine-types
-  - /codespaces/managing-codespaces-for-your-organization/restricting-the-base-image-for-codespaces.md
+  - /codespaces/managing-codespaces-for-your-organization/restricting-the-base-image-for-codespaces
   - /codespaces/managing-codespaces-for-your-organization/restricting-the-idle-timeout-period
   - /codespaces/managing-codespaces-for-your-organization/restricting-the-retention-period-for-codespaces
   - /codespaces/managing-codespaces-for-your-organization/restricting-the-visibility-of-forwarded-ports

content/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam.md

@@ -32,32 +32,33 @@ Users in India can contact GitHub's Grievance Officer for India [here](https://s
 ## Reporting an issue or pull request
 
 1. Navigate to the issue or pull request you'd like to report.
-2. In the upper-right corner of the issue or pull request, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab octicon" %}, then click **Report content**.
+1. In the upper-right corner of the issue or pull request, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab octicon" %}, then click **Report content**.
   ![Button to report a comment](/assets/images/help/repository/menu-report-issue-or-pr.png)
 {% data reusables.community.report-content %}
 
 ## Reporting a comment
 
 1. Navigate to the comment you'd like to report.
-2. In the upper-right corner of the comment, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab octicon" %}, then click **Report content**.
+1. In the upper-right corner of the comment, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab octicon" %}, then click **Report content**.
 ![Kebab menu with option to report a comment](/assets/images/help/repository/menu-report-comment.png)
 {% data reusables.community.report-content %}
 
 ## Reporting an app in {% data variables.product.prodname_marketplace %}
 
 {% data reusables.marketplace.visit-marketplace %}
-2. Browse to the app you'd like to report.
-3. In the left sidebar, under the "Developer links" section, click {% octicon "report" aria-label="The report symbol" %} **Report abuse**.
-  ![Button to report an app in {% data variables.product.prodname_marketplace %}](/assets/images/help/marketplace/marketplace-report-app.png)
-4. Complete the contact form to tell {% data variables.contact.contact_support %} about the app's behavior, then click **Send request**.
+1. Browse to the app you'd like to report.
+1. In the left sidebar, under the "Developer links" section, click **Report abuse**.
+
+   ![Screenshot of the sidebar of a {% data variables.product.prodname_marketplace %} app. A link, labeled "Report abuse", is outlined in dark orange.](/assets/images/help/marketplace/marketplace-report-app.png)
+1. Complete the contact form to tell {% data variables.contact.contact_support %} about the app's behavior, then click **Send request**.
 
 ## Reporting contact link abuse in the template chooser
 
 1. Navigate to the repository that contains the contact link you'd like to report.
-2. Under the repository name, click {% octicon "issue-opened" aria-label="The issues icon" %} **Issues**.
-3. In the lower-right corner of the template chooser, click **Report abuse**.
+1. Under the repository name, click {% octicon "issue-opened" aria-label="The issues icon" %} **Issues**.
+1. In the lower-right corner of the template chooser, click **Report abuse**.
   ![Link to report an abuse](/assets/images/help/repository/template-chooser-report-abuse.png)
-4. Complete the contact form to tell {% data variables.contact.contact_support %} about the contact link's behavior, then click **Send request**.
+1. Complete the contact form to tell {% data variables.contact.contact_support %} about the contact link's behavior, then click **Send request**.
 
 ## Further reading
 

content/copilot/configuring-github-copilot/configuring-github-copilot-in-visual-studio.md

@@ -23,8 +23,8 @@ You can use the default keyboard shortcuts in {% data variables.product.prodname
 
 | Action | Shortcut | Command name |
 |:---|:---|:---|
-|Show next inline suggestion|<kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>]</kbd>|Tools.Nextsuggestion|
-|Show previous inline suggestion|<kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>[</kbd>|Tools.Previoussuggestion|
+|Show next inline suggestion|<kbd>Alt</kbd>+<kbd>.</kbd>|Tools.Nextsuggestion|
+|Show previous inline suggestion|<kbd>Alt</kbd>+<kbd>,</kbd>|Tools.Previoussuggestion|
 |Trigger inline suggestion|<kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>\</kbd>|Edit.Copilot.TriggerInlineSuggestion|
 
 ## Rebinding keyboard shortcuts

content/copilot/getting-started-with-github-copilot/getting-started-with-github-copilot-in-visual-studio.md

@@ -21,7 +21,7 @@ If you use {% data variables.product.prodname_vs %}, you can view and incorporat
 
 {% data reusables.copilot.subscription-prerequisite %}
 
-- To use {% data variables.product.prodname_copilot %} in {% data variables.product.prodname_vs %}, you must have {% data variables.product.prodname_vs %} 2022 17.2 or later installed. For more information, see the [Visual Studio IDE](https://visualstudio.microsoft.com/vs/) documentation.
+- To use {% data variables.product.prodname_copilot %} in {% data variables.product.prodname_vs %}, you must have {% data variables.product.prodname_vs %} 2022 17.4.4 or later installed. For more information, see the [Visual Studio IDE](https://visualstudio.microsoft.com/vs/) documentation.
 
 {% note %}
 

content/discussions/index.md

@@ -24,7 +24,6 @@ featuredLinks:
 changelog:
   label: discussions
 examples_source: data/product-examples/discussions/community-examples.yml
-product_video: 'https://www.youtube-nocookie.com/embed/IpBw2SJkFyk'
 layout: product-landing
 versions:
   feature: discussions
@@ -37,4 +36,3 @@ children:
   - /collaborating-with-your-community-using-discussions
   - /managing-discussions-for-your-community
 ---
-

content/get-started/quickstart/git-and-github-learning-resources.md

@@ -36,10 +36,6 @@ Become better acquainted with {% data variables.product.product_name %} through
 
 Learn about [Git branching](http://learngitbranching.js.org/) using an interactive tool. Read about [forks](/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks) and [pull requests](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests) as well as [how we use pull requests](https://github.com/blog/1124-how-we-use-pull-requests-to-build-github) at {% data variables.product.prodname_dotcom %}. Access references about using {% data variables.product.prodname_dotcom %} from the [command line](https://cli.github.com/).
 
-### Tune in
-
-Our {% data variables.product.prodname_dotcom %} [YouTube Training and Guides channel](https://youtube.com/githubguides) offers tutorials about [pull requests](https://www.youtube.com/watch?v=d5wpJ5VimSU&list=PLg7s6cbtAD15G8lNyoaYDuKZSKyJrgwB-&index=19), [forking](https://www.youtube.com/watch?v=5oJHRbqEofs), [rebase](https://www.youtube.com/watch?v=SxzjZtJwOgo&list=PLg7s6cbtAD15G8lNyoaYDuKZSKyJrgwB-&index=22), and [reset](https://www.youtube.com/watch?v=BKPjPMVB81g) functions. Each topic is covered in 5 minutes or less.
-
 ## Training
 
 ### Free courses

content/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-cloud.md

@@ -45,6 +45,7 @@ You do not need to provide a payment method during the trial.
 
 The following features are not included in the trial of {% data variables.product.prodname_ghe_cloud %}:
 
+- {% data variables.product.prodname_github_codespaces %}
 - {% data variables.product.prodname_copilot_for_business %}
 - {% data variables.product.prodname_sponsors %}
 - {% data variables.product.prodname_marketplace %} apps
@@ -54,6 +55,7 @@ The following features are not included in the trial of {% data variables.produc
 Before you can try {% data variables.product.prodname_ghe_cloud %}, you must be signed into a personal account. If you don't already have a personal account on {% data variables.product.prodname_dotcom_the_website %}, you must create one. For more information, see "[AUTOTITLE](/free-pro-team@latest/get-started/signing-up-for-github/signing-up-for-a-new-github-account)."
 
 {% data reusables.enterprise.create-enterprise-account %}
+
 1. Follow the prompts to configure your trial.
 
 ## Exploring {% data variables.product.prodname_ghe_cloud %}

content/get-started/using-git/about-git.md

@@ -168,11 +168,4 @@ For an open source project, or for projects to which anyone can contribute, mana
 The {% data variables.product.product_name %} team has created a library of educational videos and guides to help users continue to develop their skills and build better software.
 
 - [Beginner projects to explore](https://github.com/showcases/great-for-new-contributors)
-- [{% data variables.product.product_name %} video guides](https://youtube.com/githubguides)
-
-For a detailed look at Git practices, the videos below show how to get the most out of some Git commands.
-
-- [Working locally](https://www.youtube.com/watch?v=rBbbOouhI-s&index=2&list=PLg7s6cbtAD17Gw5u8644bgKhgRLiJXdX4)
-- [`git status`](https://www.youtube.com/watch?v=SxmveNrZb5k&list=PLg7s6cbtAD17Gw5u8644bgKhgRLiJXdX4&index=3)
-- [Two-step commits](https://www.youtube.com/watch?v=Vb0Ghkkc2hk&index=4&list=PLg7s6cbtAD17Gw5u8644bgKhgRLiJXdX4)
-- [`git pull` and `git push`](https://www.youtube.com/watch?v=-uQHV9GOA0w&index=5&list=PLg7s6cbtAD17Gw5u8644bgKhgRLiJXdX4)
+- [{% data variables.product.product_name %} video guides](https://youtube.com/githubguides)

content/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists.md

@@ -70,14 +70,10 @@ Alternatively, you can drag and drop a text file from your desktop directly into
 
 1. Sign in to {% data variables.product.product_name %}.
 2. Navigate to your {% data variables.gists.gist_homepage %}.
-3. Type an optional description and name for your gist.
-![Gist name description](/assets/images/help/gist/gist_name_description.png)
+3. Optionally, in the "Gist description" field, type a description for your gist.
+4. In the "Filename including extension" field, type a file name for your gist, including the file extensions.
+5. In the file contents field, type the text of your gist.
+6. Optionally, to create {% ifversion ghae %}an internal{% else %}a public{% endif %} gist, click {% octicon "triangle-down" aria-label="The downwards triangle icon" %}, then click **Create {% ifversion ghae %}internal{% else %}public{% endif %} gist**.
 
-4. Type the text of your gist into the gist text box.
-![Gist text box](/assets/images/help/gist/gist_text_box.png)
-
-5. Optionally, to create {% ifversion ghae %}an internal{% else %}a public{% endif %} gist, click {% octicon "triangle-down" aria-label="The downwards triangle icon" %}, then click **Create {% ifversion ghae %}internal{% else %}public{% endif %} gist**.
-![Drop-down menu to select gist visibility]{% ifversion ghae %}(/assets/images/help/gist/gist-visibility-drop-down-ae.png){% else %}(/assets/images/help/gist/gist-visibility-drop-down.png){% endif %}
-
-6. Click **Create secret Gist** or **Create {% ifversion ghae %}internal{% else %}public{% endif %} gist**.
-  ![Button to create gist](/assets/images/help/gist/create-secret-gist-button.png)
+   ![Screenshot of the visibility dropdown menu for a new gist. Next to a button labeled "Create secret gist", a dropdown icon is outlined in dark orange.]{% ifversion ghae %}(/assets/images/help/gist/gist-visibility-drop-down-ae.png){% else %}(/assets/images/help/gist/gist-visibility-drop-down.png){% endif %}
+7. Click **Create secret Gist** or **Create {% ifversion ghae %}internal{% else %}public{% endif %} gist**.

content/get-started/writing-on-github/editing-and-sharing-content-with-gists/forking-and-cloning-gists.md

@@ -12,24 +12,23 @@ versions:
   ghae: '*'
   ghec: '*'
 ---
+
 ## Forking gists
 
 Each gist indicates which forks have activity, making it easy to find interesting changes from others.
 
-![Gist forks](/assets/images/help/gist/gist_forks.png)
-
 ## Cloning gists
 
 If you want to make local changes to a gist and push them up to the web, you can clone a gist and make commits the same as you would with any Git repository. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/cloning-a-repository)."
 
-![Gist clone button](/assets/images/help/gist/gist_clone_btn.png)
+To clone a gist, select the Embed dropdown menu, then click Clone via HTTPS or Clone via SSH.
+
+![Screenshot of the "Embed" dropdown menu in GitHub Gist. The dropdown is expanded, and an option labeled “Clone via HTTPS” is outlined in dark orange.](/assets/images/help/gist/gist_clone_btn.png)
 
 ## Viewing gist commit history
 
 To view a gist's full commit history, click the "Revisions" tab at the top of the gist.
 
-![Gist revisions tab](/assets/images/help/gist/gist_revisions_tab.png)
-
 You will see a full commit history for the gist with diffs.
 
-![Gist revisions page](/assets/images/help/gist/gist_history.png)
+![Screenshot of the "Revisions" page in GitHub Gist. A tab, labeled “Revisions”, is outlined in dark orange.](/assets/images/help/gist/gist_history.png)