repo sync

translations/ja-JP/content/actions/security-guides/security-hardening-for-github-actions.md

@@ -275,7 +275,7 @@ This list describes the recommended approaches for accessing repository data wit
 
 {% ifversion fpt or ghec %}**Self-hosted**{% elsif ghes or ghae %}Self-hosted{% endif %} runners for {% data variables.product.product_name %} do not have guarantees around running in ephemeral clean virtual machines, and can be persistently compromised by untrusted code in a workflow.
 
-{% ifversion fpt or ghec %}As a result, self-hosted runners should almost [never be used for public repositories](/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories) on {% data variables.product.product_name %}, because any user can open pull requests against the repository and compromise the environment. Similarly, be{% elsif ghes or ghae %}Be{% endif %} cautious when using self-hosted runners on private or internal repositories, as anyone who can fork the repository and open a pull request (generally those with read access to the repository) are able to compromise the self-hosted runner environment, including gaining access to secrets and the `GITHUB_TOKEN` which, depending on its settings, can grant write access to the repository. Although workflows can control access to environment secrets by using environments and required reviews, these workflows are not run in an isolated environment and are still susceptible to the same risks when run on a self-hosted runner.
+{% ifversion fpt or ghec %}As a result, self-hosted runners should almost [never be used for public repositories](/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security) on {% data variables.product.product_name %}, because any user can open pull requests against the repository and compromise the environment. Similarly, be{% elsif ghes or ghae %}Be{% endif %} cautious when using self-hosted runners on private or internal repositories, as anyone who can fork the repository and open a pull request (generally those with read access to the repository) are able to compromise the self-hosted runner environment, including gaining access to secrets and the `GITHUB_TOKEN` which, depending on its settings, can grant write access to the repository. Although workflows can control access to environment secrets by using environments and required reviews, these workflows are not run in an isolated environment and are still susceptible to the same risks when run on a self-hosted runner.
 
 When a self-hosted runner is defined at the organization or enterprise level, {% data variables.product.product_name %} can schedule workflows from multiple repositories onto the same runner. Consequently, a security compromise of these environments can result in a wide impact. To help reduce the scope of a compromise, you can create boundaries by organizing your self-hosted runners into separate groups. You can restrict what {% ifversion restrict-groups-to-workflows %}workflows, {% endif %}organizations and repositories can access runner groups. For more information, see "[Managing access to self-hosted runners using groups](/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups)."
 

translations/ja-JP/content/admin/github-actions/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled.md

@@ -1,7 +1,7 @@
 ---
-title: GitHub Actions を有効化して GitHub Enterprise Server をバックアップおよび復元する
+title: Backing up and restoring GitHub Enterprise Server with GitHub Actions enabled
 shortTitle: Backing up and restoring
-intro: '外部ストレージプロバイダの {% data variables.product.prodname_actions %} データは、通常の {% data variables.product.prodname_ghe_server %} バックアップに含まれていないため、個別にバックアップする必要があります。'
+intro: 'To restore a backup of {% data variables.product.product_location %} when {% data variables.product.prodname_actions %} is enabled, you must configure {% data variables.product.prodname_actions %} before restoring the backup with {% data variables.product.prodname_enterprise_backup_utilities %}.'
 versions:
   ghes: '*'
 type: how_to
@@ -12,50 +12,33 @@ topics:
   - Infrastructure
 redirect_from:
   - /admin/github-actions/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled
-ms.openlocfilehash: def12b4e9e93a75ee1aa58f8290ca1b6e7d13cd5
-ms.sourcegitcommit: fcf3546b7cc208155fb8acdf68b81be28afc3d2d
-ms.translationtype: HT
-ms.contentlocale: ja-JP
-ms.lasthandoff: 09/10/2022
-ms.locfileid: '145120462'
 ---
-{% data reusables.actions.enterprise-storage-ha-backups %}
-
-{% data variables.product.prodname_enterprise_backup_utilities %} を使用して {% data variables.product.product_location %} をバックアップする場合、外部ストレージプロバイダに保存されている {% data variables.product.prodname_actions %} データはバックアップに含まれないことにご注意ください。
-
-以下は、{% data variables.product.product_location %} と {% data variables.product.prodname_actions %} を新しいアプライアンスに復元するために必要なステップの概要です。
-
-1. 元のアプライアンスがオフラインであることを確認します。
-1. 交換用の {% data variables.product.prodname_ghe_server %} アプライアンスでネットワーク設定を手動設定します。 ネットワーク設定はバックアップスナップショットから除外され、`ghe-restore` で上書きされません。
-1. もともとのアプライアンスと同じ {% data variables.product.prodname_actions %} 外部ストレージ構成を使用するように交換アプライアンスを構成するには、新しいアプライアンスから、必須のパラメーターを `ghe-config` コマンドで設定します。
-
-    - Azure Blob Storage
-    ```shell
-    ghe-config secrets.actions.storage.blob-provider "azure"
-    ghe-config secrets.actions.storage.azure.connection-string "_Connection_String_"
-    ```
-    - Amazon S3
-    ```shell
-    ghe-config secrets.actions.storage.blob-provider "s3"
-    ghe-config secrets.actions.storage.s3.bucket-name "_S3_Bucket_Name"
-    ghe-config secrets.actions.storage.s3.service-url "_S3_Service_URL_"
-    ghe-config secrets.actions.storage.s3.access-key-id "_S3_Access_Key_ID_"
-    ghe-config secrets.actions.storage.s3.access-secret "_S3_Access_Secret_"
-    ```
-    - 必要に応じて、S3 強制パススタイルを有効にするには、次のコマンドを入力します。
-    ```shell
-    ghe-config secrets.actions.storage.s3.force-path-style true
-    ```
-
-
-1. 交換用アプライアンスで {% data variables.product.prodname_actions %} を有効化します。 これにより、交換用アプライアンスが {% data variables.product.prodname_actions %} の同じ外部ストレージに接続されます。
-
-    ```shell
-    ghe-config app.actions.enabled true
-    ghe-config-apply
-    ```
-
-1. {% data variables.product.prodname_actions %} が構成され、有効になったら、`ghe-restore` コマンドを使い、残りのデータをバックアップから復元します。 詳しくは、「[バックアップの復元](/admin/configuration/configuring-backups-on-your-appliance#restoring-a-backup)」を参照してください。
-1. セルフホストランナーを交換用アプライアンスに再登録します。 詳細については、「[セルフホステッド ランナーの追加](/actions/hosting-your-own-runners/adding-self-hosted-runners)」をご覧ください。
-
-{% data variables.product.prodname_ghe_server %} のバックアップと復元について詳しくは、「[アプライアンスでバックアップを構成する](/admin/configuration/configuring-backups-on-your-appliance)」を参照してください。
+
+## About backups of {% data variables.product.product_name %} when using {% data variables.product.prodname_actions %}
+
+You can use {% data variables.product.prodname_enterprise_backup_utilities %} to back up and restore the data and configuration for {% data variables.product.product_location %} to a new instance. For more information, see "[Configuring backups on your appliance](/admin/configuration/configuring-backups-on-your-appliance)."
+
+However, not all the data for {% data variables.product.prodname_actions %} is included in these backups. {% data reusables.actions.enterprise-storage-ha-backups %}
+
+## Restoring a backup of {% data variables.product.product_name %} when {% data variables.product.prodname_actions %} is enabled
+
+To restore a backup of {% data variables.product.product_location %} with {% data variables.product.prodname_actions %}, you must manually configure network settings and external storage on the destination instance before you restore your backup from {% data variables.product.prodname_enterprise_backup_utilities %}. 
+
+1. Confirm that the source instance is offline.
+1. Manually configure network settings on the replacement {% data variables.product.prodname_ghe_server %} instance. Network settings are excluded from the backup snapshot, and are not overwritten by `ghe-restore`. For more information, see "[Configuring network settings](/admin/configuration/configuring-network-settings)."
+1. SSH into the destination instance. For more information, see "[Accessing the administrative shell (SSH)](/admin/configuration/accessing-the-administrative-shell-ssh)."
+
+   ```shell{:copy}
+   $ ssh -p 122 admin@HOSTNAME
+   ```
+1. Configure the destination instance to use the same external storage service for {% data variables.product.prodname_actions %} as the source instance by entering one of the following commands.
+{% indented_data_reference reusables.actions.configure-storage-provider-platform-commands spaces=3 %}
+{% data reusables.actions.configure-storage-provider %}
+1. To prepare to enable {% data variables.product.prodname_actions %} on the destination instance, enter the following command.
+
+   ```shell{:copy}
+   ghe-config app.actions.enabled true
+   ```
+{% data reusables.actions.apply-configuration-and-enable %}
+1. After {% data variables.product.prodname_actions %} is configured and enabled, to restore the rest of the data from the backup, use the `ghe-restore` command. For more information, see "[Restoring a backup](/admin/configuration/configuring-backups-on-your-appliance#restoring-a-backup)."
+1. Re-register your self-hosted runners on the destination instance. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."