Repo sync

.github/workflows/secret-scanning-pattern-table-updates.yml

@@ -10,6 +10,7 @@ on:
       - data/secret-scanning.yml
 permissions:
   pull-requests: write
+  repository-projects: write
 jobs:
   Process-secret-scanning-PR:
     runs-on: ubuntu-latest

content/actions/deployment/protecting-deployments/configuring-custom-deployment-protection-rules.md

@@ -2,6 +2,7 @@
 title: Configuring custom deployment protection rules
 shortTitle: Configure custom protection rules
 intro: Use {% data variables.product.prodname_github_apps %} to automate protecting deployments with third-party systems.
+product: '{% data reusables.actions.custom-deployment-protection-rules-availability %}'
 versions:
   fpt: '*'
   ghec: '*'

content/actions/deployment/protecting-deployments/creating-custom-deployment-protection-rules.md

@@ -2,6 +2,7 @@
 title: Creating custom deployment protection rules
 shortTitle: Create custom protection rules
 intro: Use {% data variables.product.prodname_github_apps %} to automate protecting deployments with third-party systems.
+product: '{% data reusables.actions.custom-deployment-protection-rules-availability %}'
 versions:
   fpt: '*'
   ghec: '*'

content/actions/deployment/targeting-different-environments/using-environments-for-deployment.md

@@ -52,10 +52,22 @@ Use required reviewers to require a specific person or team to approve workflow
 
 For more information on reviewing jobs that reference an environment with required reviewers, see "[AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments)."
 
+{% ifversion fpt %}{% note %}
+
+**Note:** Required reviewers are only available for public repositories for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, and {% data variables.product.prodname_team %} plans.
+
+{% endnote %}{% endif %}
+
 ### Wait timer
 
 Use a wait timer to delay a job for a specific amount of time after the job is initially triggered. The time (in minutes) must be an integer between 0 and 43,200 (30 days).
 
+{% ifversion fpt %}{% note %}
+
+**Note:** Wait timers are only available for public repositories for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, and {% data variables.product.prodname_team %} plans.
+
+{% endnote %}{% endif %}
+
 ### Deployment branches
 
 Use deployment branches to restrict which branches can deploy to the environment. Below are the options for deployment branches for an environment:
@@ -66,12 +78,24 @@ Use deployment branches to restrict which branches can deploy to the environment
 
   For example, if you specify `releases/*` as a deployment branch rule, only branches whose name begins with `releases/` can deploy to the environment. (Wildcard characters will not match `/`. To match branches that begin with `release/` and contain an additional single slash, use `release/*/*`.) If you add `main` as a deployment branch rule, a branch named `main` can also deploy to the environment. For more information about syntax options for deployment branches, see the [Ruby File.fnmatch documentation](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch).
 
+{% ifversion fpt %}{% note %}
+
+**Note:** Deployment branches are available for all public repositories. For users on {% data variables.product.prodname_pro %} or {% data variables.product.prodname_team %} plans, deployment branches are also available for private repositories.
+
+{% endnote %}{% endif %}
+
 {% ifversion actions-break-glass %}
 ### Allow administrators to bypass configured protection rules
 
 By default, administrators can bypass the protection rules and force deployments to specific environments. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments#bypassing-environment-protection-rules)."
 
 Alternatively, you can configure environments to disallow bypassing the protection rules for all deployments to the environment.
+
+{% ifversion fpt %}{% note %}
+
+**Note:** Allowing administrators to bypass protection rules is only available for public repositories for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, and {% data variables.product.prodname_team %} plans.
+
+{% endnote %}{% endif %}
 {% endif %}
 
 {% ifversion actions-custom-deployment-protection-rules-beta %}
@@ -84,6 +108,12 @@ Alternatively, you can configure environments to disallow bypassing the protecti
 
 Once custom deployment protection rules have been created and installed on a repository, you can enable the custom deployment protection rule for any environment in the repository. For more information about configuring and enabling custom deployment protection rules, see "[AUTOTITLE](/actions/deployment/protecting-deployments/configuring-custom-deployment-protection-rules)."
 
+{% ifversion fpt %}{% note %}
+
+**Note:** Custom deployment protection rules are only available for public repositories for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, and {% data variables.product.prodname_team %} plans.
+
+{% endnote %}{% endif %}
+
 {% endif %}
 
 ## Environment secrets
@@ -96,7 +126,7 @@ Secrets stored in an environment are only available to workflow jobs that refere
 **Notes:**
 
 - Workflows that run on self-hosted runners are not run in an isolated container, even if they use environments. Environment secrets should be treated with the same level of security as repository and organization secrets. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners)."
-- Environment secrets are only available in **public** repositories if you are using {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, or {% data variables.product.prodname_team %}. For access to environment secrets in **private** or **internal** repositories, you must use {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, or {% data variables.product.prodname_enterprise %}. For more information on switching your subscription, see "[AUTOTITLE](/billing/managing-billing-for-your-github-account/upgrading-your-github-subscription)."
+- Environment secrets are only available in public repositories if you are using {% data variables.product.prodname_free_user %}. For access to environment secrets in private or internal repositories, you must use {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, or {% data variables.product.prodname_enterprise %}. For more information on switching your subscription, see "[AUTOTITLE](/billing/managing-billing-for-your-github-account/upgrading-your-github-subscription)."
 
 {% endnote %}
 {% else %}
@@ -113,14 +143,23 @@ Secrets stored in an environment are only available to workflow jobs that refere
 Variables stored in an environment are only available to workflow jobs that reference the environment. These variables are only accessible using the [`vars`](/actions/learn-github-actions/contexts#vars-context) context. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables)."
 {% endif %}
 
+{% ifversion fpt %}{% note %}
+
+**Note:** Environment variables are available for all public repositories. For users on {% data variables.product.prodname_pro %} or {% data variables.product.prodname_team %} plans, environment variables are also available for private repositories.
+
+{% endnote %}{% endif %}
+
 ## Creating an environment
 
 {% data reusables.actions.permissions-statement-environment %}
 
-{% ifversion fpt or ghec %}
+{% ifversion fpt %}
 {% note %}
 
-**Note:** Creation of an environment in a private repository is available to organizations with {% data variables.product.prodname_team %} and users with {% data variables.product.prodname_pro %}.
+**Notes:** 
+
+- Creation of an environment in a private repository is available to organizations with {% data variables.product.prodname_team %} and users with {% data variables.product.prodname_pro %}.
+- Some features for environments have no or limited availability for private repositories. If you are unable to access a feature described in the instructions below, please see the documentation linked in the related step for availability information.
 
 {% endnote %}
 {% endif %}
@@ -130,34 +169,34 @@ Variables stored in an environment are only available to workflow jobs that refe
 {% data reusables.actions.sidebar-environment %}
 {% data reusables.actions.new-environment %}
 {% data reusables.actions.name-environment %}
-1. Optionally, specify people or teams that must approve workflow jobs that use this environment.
+1. Optionally, specify people or teams that must approve workflow jobs that use this environment. For more information, see "[Required reviewers](#required-reviewers)."
    1. Select **Required reviewers**.
    1. Enter up to 6 people or teams. Only one of the required reviewers needs to approve the job for it to proceed.
    1. Click **Save protection rules**.
-1. Optionally, specify the amount of time to wait before allowing workflow jobs that use this environment to proceed.
+1. Optionally, specify the amount of time to wait before allowing workflow jobs that use this environment to proceed. For more information, see "[Wait timer](#wait-timer)."
    1. Select **Wait timer**.
    1. Enter the number of minutes to wait.
    1. Click **Save protection rules**.
 {%- ifversion actions-break-glass %}
-1. Optionally, disallow bypassing configured protection rules. For more information about bypassing configured protection rules, see "[AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments)."
+1. Optionally, disallow bypassing configured protection rules. For more information, see "[Allow administrators to bypass configured protection rules](#allow-administrators-to-bypass-configured-protection-rules)."
    1. Deselect **Allow administrators to bypass configured protection rules**.
    1. Click **Save protection rules**.
 {%- endif %}
 {%- ifversion actions-custom-deployment-protection-rules-beta %}
-1. Optionally, enable any custom deployment protection rules that have been created with {% data variables.product.prodname_github_apps %}. For more information about configuring custom deployment protection rules with {% data variables.product.prodname_github_apps %}, see "[AUTOTITLE](/actions/deployment/protecting-deployments/configuring-custom-deployment-protection-rules)."
+1. Optionally, enable any custom deployment protection rules that have been created with {% data variables.product.prodname_github_apps %}. For more information, see "[Custom deployment protection rules](#custom-deployment-protection-rules)."
    1. Select the custom protection rule you want to enable.
    1. Click **Save protection rules**.
 {%- endif %}
-1. Optionally, specify what branches can deploy to this environment. For more information about the possible values, see "[Deployment branches](#deployment-branches)."
+1. Optionally, specify what branches can deploy to this environment. For more information, see "[Deployment branches](#deployment-branches)."
    1. Select the desired option in the **Deployment branches** dropdown.
    1. If you chose **Selected branches**, enter the branch name patterns that you want to allow.
-1. Optionally, add environment secrets. These secrets are only available to workflow jobs that use the environment. Additionally, workflow jobs that use this environment can only access these secrets after any configured rules (for example, required reviewers) pass. For more information about secrets, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets)."
+1. Optionally, add environment secrets. These secrets are only available to workflow jobs that use the environment. Additionally, workflow jobs that use this environment can only access these secrets after any configured rules (for example, required reviewers) pass. For more information, see "[Environment secrets](#environment-secrets)."
    1. Under **Environment secrets**, click **Add Secret**.
    1. Enter the secret name.
    1. Enter the secret value.
    1. Click **Add secret**.
 {%- ifversion actions-configuration-variables %}
-6. Optionally, add environment variables. These variables are only available to workflow jobs that use the environment, and are only accessible using the [`vars`](/actions/learn-github-actions/contexts#vars-context) context. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables)."
+6. Optionally, add environment variables. These variables are only available to workflow jobs that use the environment, and are only accessible using the [`vars`](/actions/learn-github-actions/contexts#vars-context) context. For more information, see "[Environment variables](#environment-variables)."
    1. Under **Environment variables**, click **Add Variable**.
    1. Enter the variable name.
    1. Enter the variable value.

data/reusables/actions/custom-deployment-protection-rules-availability.md

@@ -0,0 +1 @@
+Custom deployment protection rules are available in public repositories for all plans. For access to custom deployment protection rules in private or internal repositories, you must use {% data variables.product.prodname_enterprise %}. {% data reusables.gated-features.more-info %}

data/secret-scanning.yml

@@ -115,6 +115,19 @@
   hasPushProtection: true
   hasValidityCheck: false
 
+- provider: 'Amazon'
+  supportedSecret: 'Amazon OAuth Client Secret'
+  secretType: 'amazon_oauth_client_secret'
+  versions:
+    fpt: '*'
+    ghec: '*'
+    ghes: '>=3.10'
+    ghae: '>=3.10'
+  isPublic: false
+  isPrivateWithGhas: true
+  hasPushProtection: true
+  hasValidityCheck: false
+
 - provider: 'Amazon Web Services (AWS)'
   supportedSecret: 'Amazon AWS Access Key ID with Amazon AWS Secret Access Key'
   secretType: 'aws_access_key_id </br>aws_secret_access_key'
@@ -514,6 +527,19 @@
   hasPushProtection: false
   hasValidityCheck: false
 
+- provider: 'Defined'
+  supportedSecret: 'Defined Networking Nebula API Key'
+  secretType: 'defined_networking_nebula_api_key'
+  versions:
+    fpt: '*'
+    ghec: '*'
+    ghes: '>=3.10'
+    ghae: '>=3.10'
+  isPublic: true
+  isPrivateWithGhas: true
+  hasPushProtection: true
+  hasValidityCheck: false
+
 - provider: 'DevCycle'
   supportedSecret: 'DevCycle Client API Key'
   secretType: 'devcycle_client_api_key'
@@ -1536,7 +1562,7 @@
     ghec: '*'
     ghes: '>3.8'
     ghae: '>3.8'
-  isPublic: false
+  isPublic: true
   isPrivateWithGhas: true
   hasPushProtection: true
   hasValidityCheck: false
@@ -1591,6 +1617,32 @@
   hasPushProtection: false
   hasValidityCheck: false
 
+- provider: 'Mercury'
+  supportedSecret: 'Mercury Non-Production API Token'
+  secretType: 'mercury_non_production_api_token'
+  versions:
+    fpt: '*'
+    ghec: '*'
+    ghes: '>=3.10'
+    ghae: '>=3.10'
+  isPublic: false
+  isPrivateWithGhas: true
+  hasPushProtection: false
+  hasValidityCheck: false
+
+- provider: 'Mercury'
+  supportedSecret: 'Mercury Production API Token'
+  secretType: 'mercury_production_api_token'
+  versions:
+    fpt: '*'
+    ghec: '*'
+    ghes: '>=3.10'
+    ghae: '>=3.10'
+  isPublic: false
+  isPrivateWithGhas: true
+  hasPushProtection: false
+  hasValidityCheck: false
+
 - provider: 'MessageBird'
   supportedSecret: 'MessageBird API Key'
   secretType: 'messagebird_api_key'
@@ -1773,6 +1825,71 @@
   hasPushProtection: false
   hasValidityCheck: false
 
+- provider: 'OneChronos'
+  supportedSecret: 'OneChronos API Token'
+  secretType: 'onechronos_api_key'
+  versions:
+    fpt: '*'
+    ghec: '*'
+    ghes: '>=3.10'
+    ghae: '>= 3.10'
+  isPublic: false
+  isPrivateWithGhas: true
+  hasPushProtection: true
+  hasValidityCheck: false
+
+- provider: 'OneChronos'
+  supportedSecret: 'OneChronos Expressive Bidding API Key'
+  secretType: 'onechronos_eb_api_key'
+  versions:
+    fpt: '*'
+    ghec: '*'
+    ghes: '>=3.10'
+    ghae: '>= 3.10'
+  isPublic: false
+  isPrivateWithGhas: true
+  hasPushProtection: true
+  hasValidityCheck: false
+
+- provider: 'OneChronos'
+  supportedSecret: 'OneChronos Expressive Bidding Encryption Key'
+  secretType: 'onechronos_eb_encryption_key'
+  versions:
+    fpt: '*'
+    ghec: '*'
+    ghes: '>=3.10'
+    ghae: '>= 3.10'
+  isPublic: false
+  isPrivateWithGhas: true
+  hasPushProtection: true
+  hasValidityCheck: false
+
+- provider: 'OneChronos'
+  supportedSecret: 'OneChronos OAuth Token'
+  secretType: 'onechronos_oauth_token'
+  versions:
+    fpt: '*'
+    ghec: '*'
+    ghes: '>=3.10'
+    ghae: '>= 3.10'
+  isPublic: false
+  isPrivateWithGhas: true
+  hasPushProtection: true
+  hasValidityCheck: false
+
+- provider: 'OneChronos'
+  supportedSecret: 'OneChronos Refresh Token'
+  secretType: 'onechronos_refresh_token'
+  versions:
+    fpt: '*'
+    ghec: '*'
+    ghes: '>=3.10'
+    ghae: '>= 3.10'
+  isPublic: false
+  isPrivateWithGhas: true
+  hasPushProtection: true
+  hasValidityCheck: false
+
 - provider: 'Onfido'
   supportedSecret: 'Onfido Live API Token'
   secretType: 'onfido_live_api_token'
@@ -1851,6 +1968,32 @@
   hasPushProtection: false
   hasValidityCheck: false
 
+- provider: 'Pinterest'
+  supportedSecret: 'Pinterest Access Token'
+  secretType: 'pinterest_access_token'
+  versions:
+    fpt: '*'
+    ghec: '*'
+    ghes: '>3.10'
+    ghae: '>3.10'
+  isPublic: true
+  isPrivateWithGhas: true
+  hasPushProtection: true
+  hasValidityCheck: false
+
+- provider: 'Pinterest'
+  supportedSecret: 'Pinterest Refresh Token'
+  secretType: 'pinterest_refresh_token'
+  versions:
+    fpt: '*'
+    ghec: '*'
+    ghes: '>3.10'
+    ghae: '>3.10'
+  isPublic: true
+  isPrivateWithGhas: true
+  hasPushProtection: true
+  hasValidityCheck: false
+
 - provider: 'PlanetScale'
   supportedSecret: 'PlanetScale Database Password'
   secretType: 'planetscale_database_password'
@@ -2681,6 +2824,19 @@
   hasPushProtection: true
   hasValidityCheck: false
 
+- provider: 'Workato'
+  supportedSecret: 'Workato Developer API Token'
+  secretType: 'workato_developer_api_token'
+  versions:
+    fpt: '*'
+    ghec: '*'
+    ghes: '>3.11'
+    ghae: '>3.11'
+  isPublic: true
+  isPrivateWithGhas: true
+  hasPushProtection: true
+  hasValidityCheck: false
+
 - provider: 'WorkOS'
   supportedSecret: 'WorkOS Production API Key'
   secretType: 'workos_production_api_key'