Merge branch 'main' into making-changes-and-describing-security

github · Apr 8, 2024 · 2896b62 · 2896b62
2 parents 51df76f + 4cedb0c
commit 2896b62
Show file tree

Hide file tree

Showing 19 changed files with 281 additions and 46 deletions.
diff --git a/assets/images/help/repository/set-up-issue-templates-button.png b/assets/images/help/repository/set-up-issue-templates-button.png
diff --git a/assets/images/help/security-overview/security-overview-enablement-trends.png b/assets/images/help/security-overview/security-overview-enablement-trends.png
diff --git a/...count-on-github/managing-email-preferences/setting-your-commit-email-address.md b/...count-on-github/managing-email-preferences/setting-your-commit-email-address.md
@@ -40,7 +40,7 @@ For web-based Git operations, you can set your commit email address on {% data v
 
 {% endif %}
 
-{% ifversion fpt or ghec %}If you'd like to keep your personal email address private, you can use a `noreply` email address from {% data variables.product.product_name %} as your commit email address. To use your `noreply` email address for commits you push from the command line, use that email address when you set your commit email address in Git. To use your `noreply` address for web-based Git operations, set your commit email address on GitHub and choose to **Keep my email address private**.
+{% ifversion fpt or ghec %}To use your `noreply` email address for commits you push from the command line, use that email address when you set your commit email address in Git. To use your `noreply` address for web-based Git operations, set your commit email address on GitHub and choose to **Keep my email address private**.
 
 You can also choose to block commits you push from the command line that expose your personal email address. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/blocking-command-line-pushes-that-expose-your-personal-email-address)."{% endif %}
 

diff --git a/...wn-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners.md b/...wn-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners.md
@@ -19,9 +19,15 @@ You can automatically increase or decrease the number of self-hosted runners in
 
 ## Supported autoscaling solutions
 
-{% data variables.product.prodname_dotcom %} recommends using [actions/actions-runner-controller](https://github.com/actions/actions-runner-controller) for autoscaling your runners.
+{% ifversion fpt or ghec %}
 
-For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller)."
+{% data variables.product.prodname_dotcom %}-hosted runners inherently autoscale based on your needs. {% data variables.product.prodname_dotcom %}-hosted runners can be a low-maintenance and cost-effective alternative to developing or implementing autoscaling solutions. For more information, see "[AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners)."
+
+{% endif %}
+
+The [actions/actions-runner-controller](https://github.com/actions/actions-runner-controller) (ARC) project is a Kubernetes-based runner autoscaler. {% data variables.product.prodname_dotcom %} recommends ARC if the team deploying it has expert Kubernetes knowledge and experience.
+
+For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller)" and "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller)."
 
 ## Using ephemeral runners for autoscaling
 

diff --git a/content/actions/using-workflows/reusing-workflows.md b/content/actions/using-workflows/reusing-workflows.md
@@ -50,7 +50,11 @@ For more information, see "[AUTOTITLE](/actions/using-workflows/creating-starter
 A reusable workflow can be used by another workflow if any of the following is true:
 
 - Both workflows are in the same repository.
-- The called workflow is stored in a public repository{% ifversion actions-workflow-policy %}, and your {% ifversion ghec %}enterprise{% else %}organization{% endif %} allows you to use public reusable workflows{% endif %}.{% ifversion ghes or ghec %}
+- The called workflow is stored in a public repository{% ifversion ghes %} on {% data variables.product.prodname_ghe_server %}.
+
+  You cannot directly use reusable workflows defined on {% data variables.product.prodname_dotcom_the_website %}. Instead store a copy of the reusable workflow on {% data variables.location.product_location %}, and call the workflow from that path.
+
+  {% elsif actions-workflow-policy %}, and your {% ifversion ghec %}enterprise{% else %}organization{% endif %} allows you to use public reusable workflows.{% endif %}{% ifversion ghes or ghec %}
 - The called workflow is stored in an internal repository and the settings for that repository allow it to be accessed. For more information, see {% ifversion internal-actions %}"[AUTOTITLE](/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise){% else %}"[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-an-internal-repository){% endif %}."{% endif %}{% ifversion private-actions %}
 - The called workflow is stored in a private repository and the settings for that repository allow it to be accessed. For more information, see {% ifversion ghes or ghec %}"[AUTOTITLE](/actions/creating-actions/sharing-actions-and-workflows-with-your-enterprise)."{% else %}"[AUTOTITLE](/actions/creating-actions/sharing-actions-and-workflows-with-your-organization)" and "[AUTOTITLE](/actions/creating-actions/sharing-actions-and-workflows-from-your-private-repository)."{% endif %}
 {% endif %}

diff --git a/...nce/administering-your-instance-from-the-command-line/command-line-utilities.md b/...nce/administering-your-instance-from-the-command-line/command-line-utilities.md
@@ -1132,6 +1132,67 @@ This utility rewrites the imported repository. This gives you a chance to rename
 git-import-rewrite
 ```
 
+{% ifversion ghes > 3.12 %}
+
+## License
+
+### ghe-license
+
+This utility lets you interact with your current active license, or with new licenses without needing to import them first. You can also directly apply the license to make the changes effective using `--apply`. Applying changes with the `ghe-license` utility avoids a configuration run and only restarts the affected services.
+
+You can review the possible commands and flags using `ghe-license -h`.
+
+Alternatively, you can manage licenses using the REST API or the {% data variables.product.prodname_cli %}. See "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)" and "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli)."
+
+Display license information. Alternatively, use the `-j` flag for JSON formatting.
+
+```shell
+ghe-license info
+# "advanced_security_enabled" : true
+# "advanced_security_seats" : 0
+# "cluster_support" : false
+# "company" : "GitHub"
+# "croquet_support" : true
+# "custom_terms" : true
+# "evaluation" : false
+# "expire_at" : "2025-01-01T23:59:59-08:00"
+# "insights_enabled" : true
+# "insights_expire_at" : "2025-01-01T23:59:59.999-08:00"
+# "learning_lab_evaluation_expires" : "2023-01-01T23:59:59.000-08:00"
+# "learning_lab_seats" : 100
+# "perpetual" : false
+# "reference_number" : "123456"
+# "seats" : 0
+# "ssh_allowed" : true
+# "support_key" : null
+# "unlimited_seating" : true
+```
+
+Check the license.
+
+```shell
+ghe-license check
+# License is valid.
+```
+
+All commands are performed on the existing license. However, you can also provide a license from STDOUT using `--pipe`.
+
+```shell
+cat license | ghe-license import --pipe
+# License imported at /data/user/common/enterprise.ghl.
+# License synchronized.
+```
+
+You can also provide a license by assigning a file path to the `GHE_LICENSE_FILE` environment variable.
+
+```shell
+GHE_LICENSE_FILE=/path/license ghe-license import
+# License imported at /data/user/common/enterprise.ghl.
+# License synchronized.
+```
+
+{% endif %}
+
 ## Security
 
 ### ghe-find-insecure-git-operations
@@ -1314,14 +1375,14 @@ ghe-upgrade-scheduler -r UPGRADE PACKAGE FILENAME
 
 ## User management
 
-### ghe-license-usage
+### {% ifversion ghes > 3.12 %}ghe-license usage{% else %}ghe-license-usage{% endif %}
 
 This utility exports a list of the installation's users in JSON format. If your instance is connected to {% data variables.product.prodname_ghe_cloud %}, {% data variables.product.prodname_ghe_server %} uses this information for reporting licensing information to {% data variables.product.prodname_ghe_cloud %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/managing-github-connect)."
 
-By default, the list of users in the resulting JSON file is encrypted. Use the `-h` flag for more options.
+By default, the list of users in the resulting JSON file is encrypted. {% ifversion ghes > 3.12 %}Review optional flags via `ghe-license --help`{% else %}Use the `-h` flag for more options{% endif %}.
 
 ```shell
-ghe-license-usage
+{% ifversion ghes > 3.12 %}ghe-license usage{% else %}ghe-license-usage{% endif %}
 ```
 
 ### ghe-org-membership-update

diff --git a/...se-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server.md b/...se-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server.md
@@ -16,13 +16,15 @@ After you purchase or upgrade a license for {% data variables.product.prodname_e
 
 {% data reusables.enterprise-licensing.contact-sales-for-renewals-or-seats %}
 
-## Uploading your license to {% data variables.location.product_location_enterprise %}
+## Uploading your license from the {% data variables.enterprise.management_console %}
 
+{% ifversion ghes < 3.13 %}
 {% warning %}
 
 **Warning:** Updating your license causes a small amount of downtime for {% data variables.location.product_location %}.
 
 {% endwarning %}
+{% endif %}
 
 1. Sign into {% data variables.location.product_location_enterprise %} as a site administrator.
 {% data reusables.enterprise-accounts.access-enterprise %}
@@ -34,4 +36,22 @@ After you purchase or upgrade a license for {% data variables.product.prodname_e
 1. To upload your license, click **License file**, or drag your license file onto **License file**.
 
    ![Screenshot of the "License" page of the Management Console. A link, labeled "License file", is highlighted with an orange outline.](/assets/images/enterprise/management-console/upload-license.png)
-1. Click **Upload**.
+1. Click **Upload**.{% ifversion ghes > 3.12 %} Your license will be updated in the background. The change may take a few minutes before it is visible on your instance.{% endif %}
+
+{% ifversion ghes > 3.12 %}
+
+## Uploading your license with the REST API
+
+You can use the REST API to upload a license to {% data variables.location.product_location %}. See "[AUTOTITLE](/rest/enterprise-admin/manage-ghes#upload-an-enterprise-license)."
+
+## Uploading a license with the {% data variables.product.prodname_cli %}
+
+You can import a license to {% data variables.location.product_location %} using the `gh es` extension of the {% data variables.product.prodname_cli %}. See the [usage instructions](https://github.com/github/gh-es/blob/main/USAGE.md#gh-es-config-import-license) in the `github/gh-es` repository on {% data variables.product.prodname_dotcom_the_website %}.
+
+For more information about accessing your instance via the extension, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli)."
+
+## Uploading a license via SSH
+
+You can upload and interact with your license from the command line via SSH. See the documentation for the `ghe-license` command in "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-license)." For more information about accessing your instance via SSH, see "[AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/accessing-the-administrative-shell-ssh)."
+
+{% endif %}
diff --git a/content/code-security/security-overview/assessing-adoption-code-security.md b/content/code-security/security-overview/assessing-adoption-code-security.md
@@ -28,9 +28,15 @@ You can use security overview to see which repositories and teams have already e
 You can download a CSV file of the data displayed on the "Security coverage" page. This data file can be used for efforts like security research and in-depth data analysis, and can integrate easily with external datasets. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-the-risk-and-coverage-pages)."
 {% endif %}
 
+{% ifversion security-overview-tool-adoption %}
+
+You can use the "Enablement trends" (beta) view to see enablement status and enablement status trends over time for {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %}, or {% data variables.product.prodname_secret_scanning %} for repositories in an organization. For each of these features, you can view a graph visualizing the percentage of repositories that have the feature enabled, as well as a detailed table with enablement percentages for different points in time. For more information, see "[Viewing enablement trends for an organization (beta)](#viewing-enablement-trends-for-an-organization-beta)."
+
+{% endif %}
+
 ## Viewing the enablement of code security features for an organization
 
-{% data reusables.security-overview.information-varies-GHAS %}
+You can view data to assess the enablement of code security features across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %}
 
 {% ifversion dependabot-updates-paused-enterprise-orgs %}
 
@@ -73,6 +79,30 @@ In the enterprise-level view, you can view data about the enablement of features
 
 {% endif %}
 
+{% ifversion security-overview-tool-adoption %}
+
+## Viewing enablement trends for an organization (beta)
+
+{% note %}
+
+**Note:** The "Enablement trends" view is currently in beta and is subject to change.
+
+{% endnote %}
+
+You can view data to assess the enablement status and enablement status trends of code security features for an organization.
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+1. In the sidebar, under "Metrics", click **{% octicon "meter" aria-hidden="true" %} Enablement trends**.
+1. Click on one of the tabs for "{% data variables.product.prodname_dependabot %}", "{% data variables.product.prodname_code_scanning_caps %}", or "{% data variables.product.prodname_secret_scanning_caps %}" to view enablement trends and the percentage of repositories in your organization with that feature enabled. This data is displayed as a graph and a detailed table.
+1. Optionally, use the options at the top of the "Enablement trends" (beta) view page to filter the group of repositories you want to see enablement trends for.
+    - Use the date picker to set the time range that you want to view enablement trends for.
+    - Click in the search box to add further filters on the enablement trends displayed. The filters you can apply are the same as those for the "Overview" dashboard (beta) view. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
+
+      ![Screenshot of the beta "Enablement trends" view for an organization, showing Dependabot status and trends over 30 days, with a filter applied.](/assets/images/help/security-overview/security-overview-enablement-trends.png)
+
+{% endif %}
+
 ## Interpreting and acting on the enablement data
 
 Some code security features can and should be enabled on all repositories. For example, {% data variables.secret-scanning.alerts %} and push protection reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."

diff --git a/...ful-issues-and-pull-requests/configuring-issue-templates-for-your-repository.md b/...ful-issues-and-pull-requests/configuring-issue-templates-for-your-repository.md
@@ -21,6 +21,8 @@ shortTitle: Configure
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 1. In the "Features" section, under **Issues**, click **Set up templates**. You may need to enable **Issues** and refresh the page before you can see the button.
+
+![Screenshot of the "Features" section of a repository's settings, with the "Issues" setting ticked and the green "Set up templates" button visible.](/assets/images/help/repository/set-up-issue-templates-button.png)
 1. Use the **Add template** dropdown menu, and click on the type of template you'd like to create.
 
    ![Screenshot of the "Add template" dropdown menu expanded to show the standard "Bug report" and "Feature request" templates. In addition, the "Custom template" is listed.](/assets/images/help/repository/add-template-drop-down-menu.png)

diff --git a/content/get-started/learning-about-github/githubs-plans.md b/content/get-started/learning-about-github/githubs-plans.md
@@ -132,6 +132,7 @@ In addition to the features available with {% data variables.product.prodname_te
 
 {% data variables.product.prodname_ghe_cloud %} specifically includes:
 - 50,000 {% data variables.product.prodname_actions %} minutes per month
+  - Included minutes can be used with standard {% data variables.product.prodname_dotcom %}-hosted runners only. For more information about billing for {% data variables.actions.hosted_runners %}, see "[AUTOTITLE](/enterprise-cloud@latest/actions/using-github-hosted-runners/about-larger-runners/about-larger-runners#understanding-billing)."
 - 50 GB {% data variables.product.prodname_registry %} storage
 - A service level agreement for 99.9% monthly uptime
 - The option to centrally manage policy and billing for multiple {% data variables.product.prodname_dotcom_the_website %} organizations with an enterprise account. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/overview/about-enterprise-accounts)."

diff --git a/data/features/security-overview-tool-adoption.yml b/data/features/security-overview-tool-adoption.yml
@@ -0,0 +1,5 @@
+# Reference: #13509
+# Documentation for the Enablement trends report (for security products) [Public Beta]
+versions:
+  ghes: '>3.12'
+  ghec: '*'
diff --git a/src/github-apps/lib/config.json b/src/github-apps/lib/config.json
@@ -60,5 +60,5 @@
       "2022-11-28"
     ]
   },
-  "sha": "28c94f8036c1e4957c5d3d23e00a8600a21c9edc"
+  "sha": "100282f36f15a8eaa0c3be16ef7aa7f32237d896"
 }