diff --git a/content/actions/get-started/understanding-github-actions.md b/content/actions/get-started/understanding-github-actions.md index 8d5f7fbc2c02..8cdc24b1ef85 100644 --- a/content/actions/get-started/understanding-github-actions.md +++ b/content/actions/get-started/understanding-github-actions.md @@ -70,6 +70,8 @@ A **job** is a set of **steps** in a workflow that is executed on the same **run You can configure a job's dependencies with other jobs; by default, jobs have no dependencies and run in parallel. When a job takes a dependency on another job, it waits for the dependent job to complete before running. +You can also use a **matrix** to run the same job multiple times, each with a different combination of variables—like operating systems or language versions. + For example, you might configure multiple build jobs for different architectures without any job dependencies and a packaging job that depends on those builds. The build jobs run in parallel, and once they complete successfully, the packaging job runs. For more information, see [AUTOTITLE](/actions/using-jobs). diff --git a/content/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow.md b/content/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow.md index ad9bb9089c5a..d5b0b7aba12d 100644 --- a/content/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow.md +++ b/content/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow.md @@ -14,52 +14,234 @@ redirect_from: - /actions/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow --- -{% data reusables.actions.enterprise-github-hosted-runners %} - ## About matrix strategies {% data reusables.actions.jobs.about-matrix-strategy %} -## Using a matrix strategy - -{% data reusables.actions.jobs.using-matrix-strategy %} - -### Example: Using a single-dimension matrix - -{% data reusables.actions.jobs.single-dimension-matrix %} - -### Example: Using a multi-dimension matrix - -{% data reusables.actions.jobs.multi-dimension-matrix %} - -### Example: Using contexts to create matrices - -{% data reusables.actions.jobs.matrix-from-context %} +## Adding a matrix strategy to your workflow job + +Use `jobs..strategy.matrix` to define a matrix of different job configurations. Within your matrix, define one or more variables followed by an array of values. For example, the following matrix has a variable called `version` with the value `[10, 12, 14]` and a variable called `os` with the value `[ubuntu-latest, windows-latest]`: + +```yaml +jobs: + example_matrix: + strategy: + matrix: + version: [10, 12, 14] + os: [ubuntu-latest, windows-latest] +``` + +A job will run for each possible combination of the variables. In this example, the workflow will run six jobs, one for each combination of the `os` and `version` variables. + +The above matrix will create the jobs in the following order. + +* `{version: 10, os: ubuntu-latest}` +* `{version: 10, os: windows-latest}` +* `{version: 12, os: ubuntu-latest}` +* `{version: 12, os: windows-latest}` +* `{version: 14, os: ubuntu-latest}` +* `{version: 14, os: windows-latest}` + +For reference information and examples, see [AUTOTITLE](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix). + +## Using contexts to create matrices + +To create matrices with information about workflow runs, variables, runner environments, jobs, and steps, access contexts using the {% raw %}`${{ }}`{% endraw %} expression syntax. For more information about contexts, see [AUTOTITLE](/actions/learn-github-actions/contexts). + +For example, the following workflow triggers on the `repository_dispatch` event and uses information from the event payload to build the matrix. When a repository dispatch event is created with a payload like the one below, the matrix `version` variable will have a value of `[12, 14, 16]`. For more information about the `repository_dispatch` trigger, see [AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#repository_dispatch). + +```json +{ + "event_type": "test", + "client_payload": { + "versions": [12, 14, 16] + } +} +``` + +```yaml +on: + repository_dispatch: + types: + - test + +jobs: + example_matrix: + runs-on: ubuntu-latest + strategy: + matrix: + version: {% raw %}${{ github.event.client_payload.versions }}{% endraw %} + steps: + - uses: {% data reusables.actions.action-setup-node %} + with: + node-version: {% raw %}${{ matrix.version }}{% endraw %} +``` ## Expanding or adding matrix configurations -{% data reusables.actions.jobs.matrix-include %} +To expand existing matrix configurations or to add new configurations, use `jobs..strategy.matrix.include`. The value of `include` is a list of objects. + +For example, consider the following matrix. + +```yaml +strategy: + matrix: + fruit: [apple, pear] + animal: [cat, dog] + include: + - color: green + - color: pink + animal: cat + - fruit: apple + shape: circle + - fruit: banana + - fruit: banana + animal: cat +``` + +This will result in six jobs with the following matrix combinations. + +* `{fruit: apple, animal: cat, color: pink, shape: circle}` +* `{fruit: apple, animal: dog, color: green, shape: circle}` +* `{fruit: pear, animal: cat, color: pink}` +* `{fruit: pear, animal: dog, color: green}` +* `{fruit: banana}` +* `{fruit: banana, animal: cat}` + +Each `include` entry was applied in the following ways. + +* `{color: green}` is added to all of the original matrix combinations because it can be added without overwriting any part of the original combinations. +* `{color: pink, animal: cat}` adds `color:pink` only to the original matrix combinations that include `animal: cat`. This overwrites the `color: green` that was added by the previous `include` entry. +* `{fruit: apple, shape: circle}` adds `shape: circle` only to the original matrix combinations that include `fruit: apple`. +* `{fruit: banana}` cannot be added to any original matrix combination without overwriting a value, so it is added as an additional matrix combination. +* `{fruit: banana, animal: cat}` cannot be added to any original matrix combination without overwriting a value, so it is added as an additional matrix combination. It does not add to the `{fruit: banana}` matrix combination because that combination was not one of the original matrix combinations. + +For reference and example configurations, see [AUTOTITLE](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstrategymatrixinclude). -### Example: Expanding configurations +## Excluding matrix configurations -{% data reusables.actions.jobs.matrix-expand-with-include %} +To remove specific configurations defined in the matrix, use `jobs..strategy.matrix.exclude`. + +For example, the following workflow will run nine jobs: one job for each of the 12 configurations, minus the one excluded job that matches `{os: macos-latest, version: 12, environment: production}`, and the two excluded jobs that match `{os: windows-latest, version: 16}`. + +```yaml +strategy: + matrix: + os: [macos-latest, windows-latest] + version: [12, 14, 16] + environment: [staging, production] + exclude: + - os: macos-latest + version: 12 + environment: production + - os: windows-latest + version: 16 +runs-on: {% raw %}${{ matrix.os }}{% endraw %} +``` + +For reference information, see [AUTOTITLE](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstrategymatrixexclude) + +## Using an output to define two matrices + +You can use the output from one job to define matrices for multiple jobs. + +For example, the following workflow demonstrates how to define a matrix of values in one job, use that matrix in a second jobs to produce artifacts, and then consume those artifacts in a third job. Each artifact is associated with a value from the matrix. + +```yaml copy +name: shared matrix +on: + push: + workflow_dispatch: + +jobs: + define-matrix: + runs-on: ubuntu-latest + + outputs: + colors: {% raw %}${{ steps.colors.outputs.colors }}{% endraw %} + + steps: + - name: Define Colors + id: colors + run: | + echo 'colors=["red", "green", "blue"]' >> "$GITHUB_OUTPUT" + + produce-artifacts: + runs-on: ubuntu-latest + needs: define-matrix + strategy: + matrix: + color: {% raw %}${{ fromJSON(needs.define-matrix.outputs.colors) }}{% endraw %} + + steps: + - name: Define Color + env: + color: {% raw %}${{ matrix.color }}{% endraw %} + run: | + echo "$color" > color + - name: Produce Artifact + uses: {% data reusables.actions.action-upload-artifact %} + with: + name: {% raw %}${{ matrix.color }}{% endraw %} + path: color + + consume-artifacts: + runs-on: ubuntu-latest + needs: + - define-matrix + - produce-artifacts + strategy: + matrix: + color: {% raw %}${{ fromJSON(needs.define-matrix.outputs.colors) }}{% endraw %} + + steps: + - name: Retrieve Artifact + uses: {% data reusables.actions.action-download-artifact %} + with: + name: {% raw %}${{ matrix.color }}{% endraw %} + + - name: Report Color + run: | + cat color +``` -### Example: Adding configurations +## Handling failures -{% data reusables.actions.jobs.matrix-add-with-include %} +To control how job failures are handled, use `jobs..strategy.fail-fast` and `jobs..continue-on-error`. -## Excluding matrix configurations +You can use `jobs..strategy.fail-fast` and `jobs..continue-on-error` together. For example, the following workflow will start four jobs. For each job, `continue-on-error` is determined by the value of `matrix.experimental`. If any of the jobs with `continue-on-error: false` fail, all jobs that are in progress or queued will be cancelled. If the job with `continue-on-error: true` fails, the other jobs will not be affected. -{% data reusables.actions.jobs.matrix-exclude %} +```yaml +jobs: + test: + runs-on: ubuntu-latest + continue-on-error: {% raw %}${{ matrix.experimental }}{% endraw %} + strategy: + fail-fast: true + matrix: + version: [6, 7, 8] + experimental: [false] + include: + - version: 9 + experimental: true +``` -## Example: Using an output to define two matrices +For reference information see [`jobs..strategy.fail-fast`](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstrategyfail-fast) and [`jobs..continue-on-error`](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idcontinue-on-error). -{% data reusables.actions.jobs.matrix-used-twice %} +## Defining the maximum number of concurrent jobs -## Handling failures +To set the maximum number of jobs that can run simultaneously when using a `matrix` job strategy, use `jobs..strategy.max-parallel`. -{% data reusables.actions.jobs.section-using-a-build-matrix-for-your-jobs-failfast %} +For example, the following workflow will run a maximum of two jobs at a time, even if there are runners available to run all six jobs at once. -## Defining the maximum number of concurrent jobs +```yaml +jobs: + example_matrix: + strategy: + max-parallel: 2 + matrix: + version: [10, 12, 14] + os: [ubuntu-latest, windows-latest] +``` -{% data reusables.actions.jobs.section-using-a-build-matrix-for-your-jobs-max-parallel %} +For reference information, see [AUTOTITLE](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstrategymax-parallel). diff --git a/content/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/using-jobs-in-a-workflow.md b/content/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/using-jobs-in-a-workflow.md index d9320936ae52..35573c70256e 100644 --- a/content/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/using-jobs-in-a-workflow.md +++ b/content/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/using-jobs-in-a-workflow.md @@ -28,3 +28,9 @@ redirect_from: ## Defining prerequisite jobs {% data reusables.actions.jobs.section-using-jobs-in-a-workflow-needs %} + +## Using a matrix to run jobs with different variables + +To automatically run a job with different combinations of variables, such as operating systems or language versions, define a `matrix` strategy in your workflow. + +For more information, see [AUTOTITLE](/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow). diff --git a/content/actions/reference/workflow-syntax-for-github-actions.md b/content/actions/reference/workflow-syntax-for-github-actions.md index 4d1f1f9d1178..d860049c2e8b 100644 --- a/content/actions/reference/workflow-syntax-for-github-actions.md +++ b/content/actions/reference/workflow-syntax-for-github-actions.md @@ -887,23 +887,86 @@ Use `jobs..strategy` to use a matrix strategy for your jobs. {% data reu ## `jobs..strategy.matrix` -{% data reusables.actions.jobs.using-matrix-strategy %} +Use `jobs..strategy.matrix` to define a matrix of different job configurations. For more information, see [AUTOTITLE](/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow). -### Example: Using a single-dimension matrix +A matrix will generate a maximum of 256 jobs per workflow run. This limit applies to both {% data variables.product.github %}-hosted and self-hosted runners. -{% data reusables.actions.jobs.single-dimension-matrix %} +The variables that you define become properties in the `matrix` context, and you can reference the property in other areas of your workflow file. In this example, you can use `matrix.version` and `matrix.os` to access the current value of `version` and `os` that the job is using. For more information, see [AUTOTITLE](/actions/learn-github-actions/contexts). -### Example: Using a multi-dimension matrix +By default, {% data variables.product.github %} will maximize the number of jobs run in parallel depending on runner availability. The order of the variables in the matrix determines the order in which the jobs are created. The first variable you define will be the first job that is created in your workflow run. -{% data reusables.actions.jobs.multi-dimension-matrix %} +### Using a single-dimension matrix -### Example: Using contexts to create matrices +The following workflow defines the variable `version` with the values `[10, 12, 14]`. The workflow will run three jobs, one for each value in the variable. Each job will access the `version` value through the `matrix.version` context and pass the value as `node-version` to the `actions/setup-node` action. -{% data reusables.actions.jobs.matrix-from-context %} +```yaml +jobs: + example_matrix: + strategy: + matrix: + version: [10, 12, 14] + steps: + - uses: {% data reusables.actions.action-setup-node %} + with: + node-version: {% raw %}${{ matrix.version }}{% endraw %} +``` + +### Using a multi-dimensional matrix + +Specify multiple variables to create a multi-dimensional matrix. A job will run for each possible combination of the variables. + +For example, the following workflow specifies two variables: + +* Two operating systems specified in the `os` variable +* Three Node.js versions specified in the `version` variable + +The workflow will run six jobs, one for each combination of the `os` and `version` variables. Each job will set the `runs-on` value to the current `os` value and will pass the current `version` value to the `actions/setup-node` action. + +```yaml +jobs: + example_matrix: + strategy: + matrix: + os: [ubuntu-22.04, ubuntu-20.04] + version: [10, 12, 14] + runs-on: {% raw %}${{ matrix.os }}{% endraw %} + steps: + - uses: {% data reusables.actions.action-setup-node %} + with: + node-version: {% raw %}${{ matrix.version }}{% endraw %} +``` + +A variable configuration in a matrix can be an `array` of `object`s. For example, the following matrix produces 4 jobs with corresponding contexts. + +```yaml +matrix: + os: + - ubuntu-latest + - macos-latest + node: + - version: 14 + - version: 20 + env: NODE_OPTIONS=--openssl-legacy-provider +``` + +Each job in the matrix will have its own combination of `os` and `node` values, as shown below. + +```yaml +- matrix.os: ubuntu-latest + matrix.node.version: 14 +- matrix.os: ubuntu-latest + matrix.node.version: 20 + matrix.node.env: NODE_OPTIONS=--openssl-legacy-provider +- matrix.os: macos-latest + matrix.node.version: 14 +- matrix.os: macos-latest + matrix.node.version: 20 + matrix.node.env: NODE_OPTIONS=--openssl-legacy-provider +``` ## `jobs..strategy.matrix.include` -{% data reusables.actions.jobs.matrix-include %} +For each object in the `include` list, the key:value pairs in the object will be added to each of the matrix combinations if none of the key:value pairs overwrite any of the original matrix values. If the object cannot be added to any of the matrix combinations, a new matrix combination will be created instead. Note that the original matrix values will not be overwritten, but added matrix values can be overwritten. ### Example: Expanding configurations @@ -915,18 +978,24 @@ Use `jobs..strategy` to use a matrix strategy for your jobs. {% data reu ## `jobs..strategy.matrix.exclude` -{% data reusables.actions.jobs.matrix-exclude %} +An excluded configuration only has to be a partial match for it to be excluded. + +All `include` combinations are processed after `exclude`. This allows you to use `include` to add back combinations that were previously excluded. ## `jobs..strategy.fail-fast` +`jobs..strategy.fail-fast` applies to the entire matrix. If `jobs..strategy.fail-fast` is set to `true` or its expression evaluates to `true`, {% data variables.product.github %} will cancel all in-progress and queued jobs in the matrix if any job in the matrix fails. This property defaults to `true`. + {% data reusables.actions.jobs.section-using-a-build-matrix-for-your-jobs-failfast %} ## `jobs..strategy.max-parallel` -{% data reusables.actions.jobs.section-using-a-build-matrix-for-your-jobs-max-parallel %} +By default, {% data variables.product.github %} will maximize the number of jobs run in parallel depending on runner availability. ## `jobs..continue-on-error` +`jobs..continue-on-error` applies to a single job. If `jobs..continue-on-error` is `true`, other jobs in the matrix will continue running even if the job with `jobs..continue-on-error: true` fails. + Prevents a workflow run from failing when a job fails. Set to `true` to allow a workflow run to pass when this job fails. ### Example: Preventing a specific failing matrix job from failing a workflow run diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/configuring-collectd-for-your-instance.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/configuring-collectd-for-your-instance.md index ef915eb1f912..db270ea55f89 100644 --- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/configuring-collectd-for-your-instance.md +++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/configuring-collectd-for-your-instance.md @@ -64,18 +64,6 @@ By default, `collectd` forwarding is disabled on {% data variables.product.prodn 1. In the **Cryptographic setup** dropdown menu, select the security level of communications with the `collectd` server. (None, signed packets, or encrypted packets.) {% data reusables.enterprise_management_console.save-settings %} -## Exporting collectd data with `ghe-export-graphs` - -The command-line tool `ghe-export-graphs` will export the data that `collectd` stores in RRD databases. This command turns the data into XML and exports it into a single tarball (`.tgz`). - -Its primary use is to provide the {% data variables.contact.contact_ent_support %} team with data about a VM's performance, without the need for downloading a full Support Bundle. It shouldn't be included in your regular backup exports and there is no import counterpart. If you contact us through {% data variables.contact.contact_ent_support %}, we may ask for this data to assist with troubleshooting. - -### Usage - -```shell -ssh -p 122 admin@[hostname] -- 'ghe-export-graphs' && scp -P 122 admin@[hostname]:~/graphs.tar.gz . -``` - ## Troubleshooting ### Central collectd server receives no data diff --git a/content/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates.md b/content/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates.md index 1c16a47f618c..51d54ded9214 100644 --- a/content/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates.md +++ b/content/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates.md @@ -131,7 +131,7 @@ For more information about `patterns`, see [`patterns` and `exclude-patterns`](/ ### Additional configuration options -All standard {% data variables.product.prodname_dependabot %} configuration options can be used with multi-ecosystem groups. See [`package-ecosystem`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#package-ecosystem--), [`directory`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#directories-or-directory-), [`allow`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#allow--), [`ignore`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore-), and [`registries`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#registries--) in [AUTOTITLE](/code-security/dependabot/working-with-dependabot/dependabot-options-reference). +All standard {% data variables.product.prodname_dependabot %} configuration options can be used with multi-ecosystem groups. See [`package-ecosystem`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#package-ecosystem--), [`directory`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#directories-or-directory-), [`allow`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#allow--), [`ignore`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#ignore-), [`cooldown`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#cooldown-), and [`registries`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#registries--) in [AUTOTITLE](/code-security/dependabot/working-with-dependabot/dependabot-options-reference). ## Key configuration @@ -166,6 +166,7 @@ The following table shows the configuration keys available at the ecosystem leve | [`vendor`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#vendor--) |{% octicon "x" aria-label="Not required" %}| Not applicable | | [`versioning-strategy`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#versioning-strategy--) |{% octicon "x" aria-label="Not required" %}| Not applicable | | [`update-types`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#update-types-groups--) |{% octicon "x" aria-label="Not required" %}| Not applicable | +| [`cooldown`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#cooldown-) |{% octicon "x" aria-label="Not required" %}| Not applicable | | [`labels`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#labels--) | {% octicon "x" aria-label="Not required" %} | Additive | | [`assignees`](/code-security/dependabot/working-with-dependabot/dependabot-options-reference#assignees--) |{% octicon "x" aria-label="Not required" %} |Additive | diff --git a/content/copilot/concepts/completions/code-referencing.md b/content/copilot/concepts/completions/code-referencing.md index 34f4d48adff4..3397f4fce681 100644 --- a/content/copilot/concepts/completions/code-referencing.md +++ b/content/copilot/concepts/completions/code-referencing.md @@ -47,7 +47,7 @@ type: overview ## About {% data variables.product.prodname_copilot_short %} code referencing on {% data variables.product.prodname_dotcom_the_website %} -If you've allowed suggestions that match public code, then whenever a response from {% data variables.copilot.copilot_chat_short %} includes matching code, details of the matches will be included in the response. +If you, or your organization, have allowed suggestions that match public code, then whenever a response from {% data variables.copilot.copilot_chat_short %} includes matching code, details of the matches will be included in the response. > [!NOTE] > Typically, matches to public code occur infrequently, so you should not expect to see code references in many {% data variables.copilot.copilot_chat_short %} responses. @@ -72,16 +72,18 @@ When {% data variables.copilot.copilot_chat_short %} provides a response that in ## How code referencing finds matching code -{% data variables.product.prodname_copilot_short %} code referencing searches for matches by taking the code suggestion, plus some of the code that will surround the suggestion if it is accepted, and comparing it against an index of all public repositories on {% data variables.product.prodname_dotcom_the_website %}. +{% data variables.product.prodname_copilot_short %} code referencing compares potential code suggestions and the surrounding code of about 150 characters against an index of all public repositories on {% data variables.product.prodname_dotcom_the_website %}. Code in private {% data variables.product.prodname_dotcom %} repositories, or code outside of {% data variables.product.prodname_dotcom %}, is not included in the search process. -The search index is refreshed every few months. As a result, newly committed code, and code from public repositories deleted before the index was created, may not be included in the search. For the same reason, the search may return matches to code that has been deleted or moved since the index was created. - ## Limitations +The search index is refreshed every few months. As a result, newly committed code, and code from public repositories deleted before the index was created, may not be included in the search. For the same reason, the search may return matches to code that has been deleted or moved since the index was created. + References to matching code are currently available in JetBrains IDEs, {% data variables.product.prodname_vs %}, {% data variables.product.prodname_vscode %}, and on the {% data variables.product.github %} website. ## Further reading * [AUTOTITLE](/copilot/how-tos/completions/finding-public-code-that-matches-github-copilot-suggestions) +* [AUTOTITLE](/copilot/how-tos/manage-your-account/managing-copilot-policies-as-an-individual-subscriber) +* [AUTOTITLE](/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization) diff --git a/content/copilot/concepts/completions/code-suggestions.md b/content/copilot/concepts/completions/code-suggestions.md index 24bae8e25702..2a73396cacda 100644 --- a/content/copilot/concepts/completions/code-suggestions.md +++ b/content/copilot/concepts/completions/code-suggestions.md @@ -83,6 +83,10 @@ topics: {% endeclipse %} +## Code suggestions that match public code + +{% data variables.product.prodname_copilot %} checks each suggestion for matches with publicly available code. Any matches are discarded or suggested with a code reference, based on the setting of the "Suggestions matching public code" policy for your account or organization. See [AUTOTITLE](/copilot/concepts/completions/code-referencing). + ## Next steps * [AUTOTITLE](/copilot/how-tos/completions/getting-code-suggestions-in-your-ide-with-github-copilot) diff --git a/content/copilot/concepts/index.md b/content/copilot/concepts/index.md index 9a317b8b7daa..66a232a164ec 100644 --- a/content/copilot/concepts/index.md +++ b/content/copilot/concepts/index.md @@ -15,6 +15,7 @@ children: - /indexing-repositories-for-copilot-chat - /about-copilot-coding-agent - /about-organizing-and-sharing-context-with-copilot-spaces + - /policies - /copilot-knowledge-bases - /build-copilot-extensions --- diff --git a/content/copilot/concepts/policies.md b/content/copilot/concepts/policies.md new file mode 100644 index 000000000000..c60edc045ed2 --- /dev/null +++ b/content/copilot/concepts/policies.md @@ -0,0 +1,52 @@ +--- +title: Copilot policies to control availability of features and models +shortTitle: Policies +allowTitleToDifferFromFilename: true +intro: 'Learn about the policies that control the availability of {% data variables.product.prodname_copilot %} features and models for users granted a license through your organization or an organization in your enterprise.' +versions: + feature: copilot +type: overview +topics: + - Copilot + - Policy + - Access management + - Organizations + - Enterprise +--- + +## About policies for {% data variables.product.prodname_copilot_short %} + +When you assign a {% data variables.product.prodname_copilot_short %} license to a member of your organization, you can control the features they can use under that license with {% data variables.product.prodname_copilot_short %} policies. + +Policies are grouped into different types. + +* **Feature policy:** Defines the availability of a {% data variables.product.prodname_copilot_short %} feature. Shown on the "Policies" page. +* **Privacy policy:** Defines whether a potentially sensitive action is allowed or not. Show at the end of the "Policies" page. +* **Models policy:** Defines the availability of models beyond the basic models provided with {% data variables.product.prodname_copilot_short %}, which may incur additional costs. Shown on the "Models" page. + +Each policy controls availability for members who receive a {% data variables.product.prodname_copilot_short %} license from your enterprise or organization. + +## Organization-level control of policies + +Organization owners set policies to control the availability of features and models for users granted a {% data variables.product.prodname_copilot_short %} license by the organization. For example, an organization owner can enable or disable using {% data variables.product.prodname_copilot_short %} in the IDE (unless an enterprise owner has defined availability for the feature at the enterprise level). + +The enforcement options for feature and model policies in an organization are: + +* **Unconfigured** - A placeholder, which is removed once you have defined a setting. The policy is treated as disabled for this organization until you select an option. +* **Enabled** - The feature is **available** to all members who are assigned {% data variables.product.prodname_copilot_short %} by the organization. +* **Disabled** - The feature is **blocked** for all members who are assigned {% data variables.product.prodname_copilot_short %} by the organization. + +For privacy policies, the options are called "Allowed" and "Blocked" in preference to enabled and disabled. This provides a clearer message of the impact of a privacy policy. + +## Enterprise-level control of policies + +Enterprise owners can choose to set policies for {% data variables.product.prodname_copilot_short %} at the enterprise level or to delegate the decision to organization owners using the **No policy** option. + +If a policy is defined at the enterprise level, control of the policy is disabled at the organization level. + +If organization owners are allowed to set a policy, some organizations may enable a feature while others disable it. If a member receives access to {% data variables.product.prodname_copilot_short %} through multiple organizations with conflicting policies, either the least or most permissive policy may apply, depending on the policy. For more information, see [AUTOTITLE](/copilot/reference/feature-availability-enterprise). + +## Next steps + +* [AUTOTITLE](/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization) +* [AUTOTITLE](/copilot/how-tos/administer/enterprises/managing-policies-and-features-for-copilot-in-your-enterprise) diff --git a/content/copilot/how-tos/administer/enterprises/managing-policies-and-features-for-copilot-in-your-enterprise.md b/content/copilot/how-tos/administer/enterprises/managing-policies-and-features-for-copilot-in-your-enterprise.md index e87204c5ceb9..e9c54a86818f 100644 --- a/content/copilot/how-tos/administer/enterprises/managing-policies-and-features-for-copilot-in-your-enterprise.md +++ b/content/copilot/how-tos/administer/enterprises/managing-policies-and-features-for-copilot-in-your-enterprise.md @@ -1,136 +1,36 @@ --- title: Managing policies and features for Copilot in your enterprise -intro: 'Enterprise owners can control the availability of {% data variables.product.prodname_copilot %} and its features for all organizations in the enterprise.' +intro: 'Control the availability of features for {% data variables.product.prodname_copilot %} in your enterprise using policies.' permissions: Enterprise owners product: '{% data variables.copilot.copilot_enterprise_short %} or {% data variables.copilot.copilot_business_short %}' versions: feature: copilot-enterprise +allowTitleToDifferFromFilename: true +type: how_to topics: - Copilot -shortTitle: Manage policies + - Enterprise +shortTitle: Manage enterprise policies redirect_from: - /copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise --- -## About policies for {% data variables.product.prodname_copilot %} in your enterprise +When an organization owner assigns a {% data variables.product.prodname_copilot_short %} license to a member of their organization, the availability of features and models is controlled by policies. -You can set policies that control the availability of {% data variables.product.prodname_copilot_short %} and its features in your enterprise and organizations. +## Defining policies for your enterprise -The enforcement options for {% data variables.product.prodname_copilot_short %} policies in your enterprise are: - -* **Enabled** - The feature is available in all organizations with {% data variables.product.prodname_copilot_short %} enabled in your enterprise. -* **Disabled** - The feature is blocked for all organizations with {% data variables.product.prodname_copilot_short %} enabled in your enterprise. -* **No policy** - Control of the feature is delegated to organization owners to set. - -If a policy is enabled or disabled at the enterprise level, the same policy cannot be changed at the organization level. - -You can configure policies for your enterprise. If no policy is chosen at the enterprise level, and multiple organizations within the enterprise choose different policies and grant access to the same users, the policy will be enforced as listed in the table. - -| Policy Name | Enforced policy for multiple organizations | -| ----------- | ------------------------------------------ | -| [{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}](#copilot-in-githubcom) | least restrictive | -| [{% data variables.copilot.copilot_cli %}](#github-copilot-in-the-cli) | least restrictive | -| [{% data variables.copilot.copilot_desktop_short %}](#copilot-in-github-desktop) | least restrictive | -| [{% data variables.copilot.copilot_chat %} in the IDE](#github-copilot-chat-in-the-ide) | least restrictive | -| [Editor preview features](#editor-preview-features) | least restrictive | -| [{% data variables.copilot.copilot_mobile %}](#github-copilot-chat-in-github-mobile) | least restrictive | -| [{% data variables.copilot.copilot_extensions %}](#github-copilot-extensions) | least restrictive | -| [Suggestions matching public code](#suggestions-matching-public-code) | most restrictive | -| [Give {% data variables.product.prodname_copilot_short %} access to Bing](#give-copilot-access-to-bing) | least restrictive | -| [{% data variables.product.prodname_copilot_short %} access to alternative AI models](#copilot-access-to-alternative-ai-models) | least restrictive | -| [{% data variables.product.prodname_copilot_short %} Metrics API access](#copilot-metrics-api-access) | most restrictive | -| [{% data variables.copilot.copilot_coding_agent %}](#copilot-coding-agent) | least restrictive | -| [MCP servers in {% data variables.product.prodname_copilot_short %}](#mcp-servers-in-copilot) | least restrictive | - -### {% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %} - -You can enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" to provide members of your enterprise access to AI features on the {% data variables.product.github %} website, including: -* **{% data variables.copilot.copilot_chat %} in {% data variables.product.prodname_dotcom_the_website %}** - You can ask {% data variables.product.prodname_copilot %} coding-related questions within a chat interface on {% data variables.product.github %}. You can ask general questions or questions within a specific context such as a repository, issue, file, or symbol. -* **{% data variables.product.prodname_copilot_short %} pull request summaries** - {% data variables.product.prodname_copilot_short %} can generate a summary of the changes made in a pull request, as well as a list of impacted files, using natural language. This overview helps reviewers quickly understand the proposed changes. -* **{% data variables.product.prodname_copilot_short %} knowledge bases** - Organization owners can create knowledge bases consisting of Markdown documentation across one or more repositories, allowing organization members to use that documentation as context when they ask questions in {% data variables.copilot.copilot_chat_dotcom_short %}, {% data variables.copilot.copilot_chat_short %} in {% data variables.product.prodname_vscode %}, and {% data variables.copilot.copilot_chat_short %} in {% data variables.product.prodname_vs %}. - -If you enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}," you can also configure additional features: - -{% data reusables.copilot.policies-for-dotcom %} - -### {% data variables.copilot.copilot_cli %} - -{% data variables.copilot.copilot_cli %} is an extension for {% data variables.product.prodname_cli %} which provides a chat-like interface in the terminal. You can ask {% data variables.product.prodname_copilot %} for command suggestions, or for explanations of commands they run. - -### {% data variables.copilot.copilot_desktop_short %} - -You can generate commit messages and descriptions in {% data variables.product.prodname_desktop %} based on the changes you make to your project. - -### {% data variables.copilot.copilot_chat %} in the IDE - -You can chat with {% data variables.product.prodname_copilot %} in your IDE to get code suggestions and answers to coding-related questions without context switching. - -### Editor preview features - -Some features of {% data variables.product.prodname_copilot_short %} are available as preview features in your editor. You can enable or disable these features for your enterprise. - -### {% data variables.copilot.copilot_mobile %} - -{% data variables.copilot.copilot_mobile %} is a chat interface that lets you interact with {% data variables.product.prodname_copilot %} to ask and receive answers to coding-related questions within {% data variables.product.prodname_mobile %}. - -### {% data variables.copilot.copilot_extensions %} - -{% data variables.copilot.copilot_extensions %} integrate external tools with {% data variables.copilot.copilot_chat %}, helping members of your enterprise reduce context switching, interact with tools using natural language, and customize their {% data variables.copilot.copilot_chat_short %} experience. - -### Suggestions matching public code - -{% data variables.product.prodname_copilot %} includes a filter which detects code suggestions that match public code on {% data variables.product.prodname_dotcom %}. When the filter is enabled, {% data variables.product.prodname_copilot %} checks code suggestions with their surrounding code of about 150 characters against public code on {% data variables.product.prodname_dotcom %}. If there is a match or near match, the suggestion will not be shown. - -### Give {% data variables.product.prodname_copilot_short %} access to Bing - -{% data variables.copilot.copilot_chat %} can use Bing to provide enhanced responses by searching the internet for information related to a question. Bing search is particularly helpful when discussing new technologies or highly specific subjects. - -### {% data variables.product.prodname_copilot_short %} access to alternative AI models - -By default, {% data variables.copilot.copilot_chat_short %} uses an included model. If you grant access to the alternative models, members of your enterprise can choose to use these models rather than the included model. The available alternative models are: - -* **{% data variables.copilot.copilot_claude %}**. See [AUTOTITLE](/copilot/using-github-copilot/ai-models/using-claude-in-github-copilot). -* **{% data variables.copilot.copilot_gemini %}**. See [AUTOTITLE](/copilot/using-github-copilot/ai-models/using-gemini-in-github-copilot). -* **OpenAI models:** See [AUTOTITLE](/copilot/using-github-copilot/ai-models/using-openai-gpt-41-in-github-copilot). - -> [!NOTE] -> This setting has no impact on the model used by {% data variables.copilot.copilot_coding_agent %}. - -### {% data variables.product.prodname_copilot_short %} Metrics API access - -Enable this policy to allow users to use the {% data variables.product.prodname_copilot_short %} Metrics API. See [AUTOTITLE](/rest/copilot/copilot-metrics). - -### {% data variables.copilot.copilot_coding_agent %} - -{% data reusables.copilot.coding-agent.preview-note %} - -{% data variables.copilot.copilot_coding_agent %} is an autonomous, AI-powered software development agent. During the preview, use of the feature is subject to [GitHub Pre-release License Terms](/free-pro-team@latest/site-policy/github-terms/github-pre-release-license-terms). This feature may use models which are not enabled on your "Models" settings page. The cost of a premium request made by {% data variables.copilot.copilot_coding_agent %} is independent of the model it uses. - -You can enable "{% data variables.copilot.copilot_coding_agent %}" to allow members of your enterprise to use {% data variables.copilot.copilot_coding_agent %} under the Copilot license you have assigned them. This will allow them to assign work or issues to {% data variables.product.prodname_copilot_short %} in organization repositories where {% data variables.copilot.copilot_coding_agent %} is available and to enable {% data variables.copilot.copilot_coding_agent %} for their personal repositories. - -Alternatively, set to "No policy" to leave organization owners to make the decision in their organization settings. - -> [!TIP] Enabling your license holders to use {% data variables.copilot.copilot_coding_agent %} is the first step in making {% data variables.copilot.copilot_coding_agent %} available for use in repositories in your organizations. For more information, see [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/adding-copilot-coding-agent-to-organization). - -### MCP servers in {% data variables.product.prodname_copilot_short %} - -{% data reusables.copilot.coding-agent.mcp-brief-intro %} - -You can enable this policy to allow users to connect MCP servers to {% data variables.product.prodname_copilot %} in {% data variables.product.prodname_vscode %} and {% data variables.copilot.copilot_coding_agent_short %}. - -* By default, this policy is disabled. When disabled, users with a {% data variables.product.prodname_copilot_short %} seat assigned by the enterprise or any child organizations will not be able to access MCP servers (remote or local) in {% data variables.product.prodname_copilot_short %}. -* If the policy is set to **Disabled** or **Enabled** at the enterprise level, all child organizations will inherit the same policy configuration. -* This policy only applies to users with a {% data variables.copilot.copilot_enterprise_short %} or {% data variables.copilot.copilot_business_short %} seat assigned by the same enterprise (or any of its child organizations) configuring the policy. It does not govern MCP access for any users with a {% data variables.product.prodname_copilot_short %} Free, Pro or Pro+ license. - -> [!NOTE] -> This policy does not apply to {% data variables.product.prodname_copilot_short %} editors where MCP support is still in preview. Instead, you can use the **Editor preview features** policy to disable MCP access in these editors. - -For more information on using MCP, see [AUTOTITLE](/copilot/how-tos/context/model-context-protocol/extending-copilot-chat-with-mcp) and [AUTOTITLE](/copilot/using-github-copilot/coding-agent/extending-copilot-coding-agent-with-mcp). - -## Configuring policies for {% data variables.product.prodname_copilot %} +Enterprise owners can define a policy for the whole enterprise, or delegate the decision to individual organization owners. See [AUTOTITLE](/copilot/concepts/policies). {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} {% data reusables.enterprise-accounts.copilot-tab %} -{% data reusables.enterprise-accounts.copilot-policies-tab %} -1. For each policy you want to configure, click the dropdown menu and select an enforcement option. +1. On the "{% data variables.product.prodname_copilot %}" page: + * Click the **Policies** tab to edit the policies that control privacy and availability of features. + * Click the **Models** tab to edit the policies that control availability of models beyond the basic models provided with {% data variables.product.prodname_copilot_short %}, which may incur additional costs. +1. For each policy you want to configure, click the dropdown menu and select an enforcement option. Select **No policy** to delegate the decision to individual organization owners. For more information, see [AUTOTITLE](/copilot/reference/feature-availability-enterprise). + +## Opting in to previews or feedback + +If your enterprise has a {% data variables.copilot.copilot_business_short %} or {% data variables.copilot.copilot_enterprise_short %} plan and you enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}" on the "Policies" tab, two additional options are displayed: + + {% data reusables.copilot.policies-for-dotcom %} diff --git a/content/copilot/how-tos/administer/organizations/adding-copilot-coding-agent-to-organization.md b/content/copilot/how-tos/administer/organizations/adding-copilot-coding-agent-to-organization.md index 2299c247660e..af2822b8ca57 100644 --- a/content/copilot/how-tos/administer/organizations/adding-copilot-coding-agent-to-organization.md +++ b/content/copilot/how-tos/administer/organizations/adding-copilot-coding-agent-to-organization.md @@ -26,7 +26,8 @@ redirect_from: ## Enabling {% data variables.copilot.copilot_coding_agent %} for your members -{% data reusables.organizations.copilot-policy-ent-overrides-org %} +> [!NOTE] +> {% data reusables.organizations.copilot-policy-ent-overrides-org %} {% data variables.copilot.copilot_coding_agent %} and use of third-party MCP servers are disabled by default for organization members assigned a {% data variables.copilot.copilot_enterprise %} or {% data variables.copilot.copilot_business_short %} license by your organization. diff --git a/content/copilot/how-tos/administer/organizations/index.md b/content/copilot/how-tos/administer/organizations/index.md index 699e7bf2971c..b89892831e41 100644 --- a/content/copilot/how-tos/administer/organizations/index.md +++ b/content/copilot/how-tos/administer/organizations/index.md @@ -12,9 +12,10 @@ topics: - Copilot children: - /managing-the-copilot-plan-for-your-organization - - /managing-policies-for-copilot-in-your-organization - /managing-access-to-github-copilot-in-your-organization + - /managing-policies-for-copilot-in-your-organization - /adding-copilot-coding-agent-to-organization + - /set-extension-permissions - /reviewing-activity-related-to-github-copilot-in-your-organization --- diff --git a/content/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization.md b/content/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization.md index 7c599f2fc526..973f531248b4 100644 --- a/content/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization.md +++ b/content/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization.md @@ -1,10 +1,12 @@ --- -title: Managing policies for Copilot in your organization -intro: 'Learn how to manage policies for {% data variables.product.prodname_copilot %} in your organization.' +title: Managing policies and features for Copilot in your organization +intro: 'Control the availability of {% data variables.product.prodname_copilot %} features and models for users granted a license by your organization.' permissions: Organization owners product: 'Organizations with a {% data variables.copilot.copilot_for_business %} or {% data variables.copilot.copilot_enterprise %} plan' versions: feature: copilot +type: how_to +allowTitleToDifferFromFilename: true redirect_from: - /copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization - /copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization @@ -20,108 +22,33 @@ redirect_from: - /copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization topics: - Copilot + - Organizations shortTitle: Manage policies --- -## About policies for {% data variables.product.prodname_copilot %} - -Organization owners can set policies to govern how {% data variables.product.prodname_copilot %} can be used within the organization. For example, an organization owner can enable or disable the following {% data variables.product.prodname_copilot_short %} features{% ifversion ghec %} (unless an enterprise owner has blocked access to these features at the enterprise level){% endif %}: - -* {% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %} -* {% data variables.copilot.copilot_chat_short %} in the IDE -* Editor preview Copilot features, such as: - * Image support in {% data variables.copilot.copilot_chat_short %} (available in {% data variables.product.prodname_vscode_shortname %} and {% data variables.product.prodname_vs %}) - >[!NOTE] This setting only applies to preview features within {% data variables.product.prodname_copilot_short %} and does not control all preview-related settings in {% data variables.product.prodname_vscode_shortname %}. -* {% data variables.copilot.copilot_coding_agent %} ({% data variables.release-phases.public_preview %}) -* {% data variables.copilot.copilot_spaces %} (public preview) -* MCP servers in {% data variables.product.prodname_copilot_short %} -* {% data variables.copilot.copilot_spaces %} ({% data variables.release-phases.public_preview %}) -* {% data variables.copilot.copilot_mobile_short %} -* {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_windows_terminal %} -* {% data variables.copilot.copilot_desktop_short %} -* Suggestions matching public code -* Access to alternative models for {% data variables.product.prodname_copilot_short %} - * Anthropic {% data variables.copilot.copilot_claude %} in {% data variables.product.prodname_copilot_short %} - * Google {% data variables.copilot.copilot_gemini %} in {% data variables.product.prodname_copilot_short %} - * OpenAI models in {% data variables.product.prodname_copilot_short %} - -The policy settings selected by an organization owner determine the behavior of {% data variables.product.prodname_copilot_short %} for all organization members that have been granted access to {% data variables.product.prodname_copilot_short %} through the organization. - -### Policies for suggestion matching - -Organization settings include an option to either allow or block code suggestions that match publicly available code. If you choose to block suggestions matching public code, {% data variables.product.prodname_copilot_short %} will check potential code suggestions and the surrounding code of about 150 characters against public code on {% data variables.product.prodname_dotcom %}. If there is a match, or a near match, the suggestion is not shown. - -{% ifversion ghec %}If your enterprise admin has selected **No policy** for suggestion matching at the enterprise level, you can set a suggestion matching policy for your organization. - -If an organization member is assigned a seat by multiple organizations with different suggestion matching policies under the same enterprise, {% data variables.product.prodname_copilot_short %} will use the most restrictive policy.{% endif %} - -## Enabling {% data variables.product.prodname_copilot_short %} features in your organization - {% data reusables.organizations.copilot-policy-ent-overrides-org %} +## Enabling {% data variables.product.prodname_copilot_short %} features and models in your organization + {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -{% data reusables.copilot.policy-settings %} -1. Use the dropdown options to the right of each feature to enable or disable that feature for your organization. - - For example, to enable or disable suggestion matching, in the "Suggestions matching public code" dropdown, select **Allowed** or **Blocked**. - -1. If your organization has a {% data variables.copilot.copilot_business_short %}{% ifversion ghec %} or {% data variables.copilot.copilot_enterprise_short %}{% endif %} plan and you enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}," two additional options are displayed: - - {% data reusables.copilot.policies-for-dotcom %} - -> [!TIP] -> If you choose to enable {% data variables.copilot.copilot_coding_agent %} for users, you also need to define which repositories the agent is available in, see [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/adding-copilot-coding-agent-to-organization). - -## Setting a policy for MCP servers connecting to {% data variables.product.prodname_copilot_short %} in your organization - -{% data reusables.copilot.coding-agent.mcp-brief-intro %} - -You can enable this policy to allow users to connect MCP (Model Context Protocol) servers to {% data variables.product.prodname_copilot %} in {% data variables.product.prodname_vscode %} and {% data variables.copilot.copilot_coding_agent_short %}. - -* By default, this policy is disabled. When disabled, members with a {% data variables.product.prodname_copilot_short %} seat assigned by the organization will not be able to access MCP servers (remote or local) in {% data variables.product.prodname_copilot_short %}. -* If there is a parent enterprise with the policy set to **Enabled** or **Disabled**, the organizations will inherit (and cannot change) the configuration set by the parent enterprise. -* If **No policy** is selected at the enterprise level and multiple organizations within the enterprise assign seats to the same users, each with different policies, the least restrictive policy is applied. -* This policy only applies to members with a {% data variables.copilot.copilot_enterprise_short %} or {% data variables.copilot.copilot_business_short %} license assigned by the same organization configuring or inheriting the policy. It does not govern MCP access for any members with a {% data variables.product.prodname_copilot_short %} Free, Pro or Pro+ plan. -* For centralized governance across all organizations you can configure the policy at the enterprise level. +1. In the sidebar, under "Code, planning, and automation", click **{% octicon "copilot" aria-hidden="true" aria-label="copilot" %} {% data variables.product.prodname_copilot_short %}**. + * Click **Policies** to edit the policies that control privacy and availability of features. + * Click **Models** to edit the policies that control availability of models beyond the basic models provided with {% data variables.product.prodname_copilot_short %}, which may incur additional costs. +1. For each policy you want to configure, click the dropdown menu and select an enforcement option. > [!NOTE] -> This policy does not apply to {% data variables.product.prodname_copilot_short %} editors where MCP support is still in preview. Instead, you can use the **Editor preview features** policy to disable MCP access in these editors. - -For more information on using MCP, see [AUTOTITLE](/copilot/how-tos/context/model-context-protocol/extending-copilot-chat-with-mcp) and [AUTOTITLE](/copilot/using-github-copilot/coding-agent/extending-copilot-coding-agent-with-mcp). - -## Setting a policy for {% data variables.copilot.copilot_extensions %} in your organization - -{% data variables.copilot.copilot_extensions %} integrate external tools with {% data variables.copilot.copilot_chat %}. See [AUTOTITLE](/copilot/using-github-copilot/using-extensions-to-integrate-external-tools-with-copilot-chat). +> The **MCP servers in {% data variables.product.prodname_copilot_short %}** policy controls use where MCP server support is generally available (GA). In features where MCP support is in preview, for example {% data variables.product.prodname_copilot_short %} editors, availability is controlled by the **Editor preview features** policy. -Before you install {% data variables.copilot.copilot_extensions_short %} in your organization, you should set a usage policy for your organization. Setting a usage policy allows you to enable or disable {% data variables.copilot.copilot_extensions_short %} for all members of your organization, limiting your security risk. +## Opting in to to previews or feedback -{% ifversion ghec %} -If {% data variables.copilot.copilot_extensions_short %} have not been enabled or disabled at the enterprise level, you can set a {% data variables.copilot.copilot_extensions_short %} policy for your organization. -{% endif %} +If your organization has a {% data variables.copilot.copilot_business_short %} or {% data variables.copilot.copilot_enterprise_short %} plan and you enable "{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %}", two additional options are displayed: -{% data reusables.profile.access_org %} -{% data reusables.profile.org_settings %} -{% data reusables.copilot.policy-settings %} -1. In the "{% data variables.copilot.copilot_extensions_short %}" section, select the dropdown menu, then enable or disable {% data variables.copilot.copilot_extensions_short %} for your organization. - -### Managing permissions for a {% data variables.copilot.copilot_extension %} in your organization - -After you have installed a {% data variables.copilot.copilot_extension_short %} in your organization, you can view the permissions the extension has in your organization, and why those permissions are necessary. If you do not want the {% data variables.copilot.copilot_extension_short %} to have the listed permissions, you can suspend or uninstall the extension. - -{% data reusables.profile.access_org %} -{% data reusables.profile.org_settings %} -{% data reusables.apps.access-org-app-settings %} -1. Optionally, to filter your installed {% data variables.product.prodname_github_apps %} for {% data variables.copilot.copilot_extensions_short %}, select the **Filter:** dropdown menu, then click **{% data variables.copilot.copilot_extensions_short %}**. -1. Next to the {% data variables.copilot.copilot_extension_short %} you want to review or modify, click **Configure**. -1. In the "Permissions" section, review the permissions listed for the {% data variables.copilot.copilot_extension_short %}. Optionally, you can block the {% data variables.copilot.copilot_extension_short %}'s access to your organization in one of two ways: - * To indefinitely suspend the {% data variables.copilot.copilot_extension_short %}'s access to resources in your organization while keeping the extension installed, in the "Danger zone" section, click **Suspend**. - * To uninstall a {% data variables.copilot.copilot_extension_short %} completely, in the "Danger zone" section, click **Uninstall**. +{% data reusables.copilot.policies-for-dotcom %} ## Further reading * [{% data variables.product.prodname_copilot %} Trust Center](https://copilot.github.trust.page) -* [AUTOTITLE](/copilot/using-github-copilot/finding-public-code-that-matches-github-copilot-suggestions){% ifversion ghec %} -* [AUTOTITLE](/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-enterprise) -* [AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/making-copilot-coding-agent-available-to-enterprise){% else %} -* [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/adding-copilot-coding-agent-to-organization){% endif %} +* [AUTOTITLE](/copilot/using-github-copilot/finding-public-code-that-matches-github-copilot-suggestions) +* [AUTOTITLE](/copilot/how-tos/administer/organizations/set-extension-permissions) +* [AUTOTITLE](/enterprise-cloud@latest/copilot/setting-up-github-copilot/setting-up-github-copilot-for-your-enterprise) diff --git a/content/copilot/how-tos/administer/organizations/set-extension-permissions.md b/content/copilot/how-tos/administer/organizations/set-extension-permissions.md new file mode 100644 index 000000000000..bb5ca0ea483e --- /dev/null +++ b/content/copilot/how-tos/administer/organizations/set-extension-permissions.md @@ -0,0 +1,41 @@ +--- +title: Setting permissions for a Copilot extension in your organization +intro: 'Learn how to control access to {% data variables.copilot.copilot_extensions %}.' +permissions: Organization owners +product: 'Organizations with a {% data variables.copilot.copilot_for_business %} or {% data variables.copilot.copilot_enterprise %} plan' +versions: + feature: copilot-extensions +type: how_to +allowTitleToDifferFromFilename: true +topics: + - Copilot + - Organizations + - Permissions +shortTitle: Set extension permissions +--- + +{% data variables.copilot.copilot_extensions %} integrate external tools with {% data variables.copilot.copilot_chat %}. See [AUTOTITLE](/copilot/concepts/build-copilot-extensions/about-building-copilot-extensions). + +## Prerequisites + +* Set a usage policy to enable or disable {% data variables.copilot.copilot_extensions_short %} for all users granted a {% data variables.product.prodname_copilot_short %} license by your organization, controlling your security risk. See [AUTOTITLE](/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization). +* Install a {% data variables.copilot.copilot_extension_short %} in your organization. See [AUTOTITLE](/copilot/how-tos/context/install-copilot-extensions/extending-the-capabilities-of-github-copilot-in-your-organization). + +## Managing permissions for a {% data variables.copilot.copilot_extension %} in your organization + +After you have installed a {% data variables.copilot.copilot_extension_short %} in your organization, you can view the permissions the extension has in your organization, and why those permissions are necessary. If you do not want the {% data variables.copilot.copilot_extension_short %} to have the listed permissions, you can suspend or uninstall the extension. + +{% data reusables.profile.access_org %} +{% data reusables.profile.org_settings %} +{% data reusables.apps.access-org-app-settings %} +1. Optionally, to filter your installed {% data variables.product.prodname_github_apps %} for {% data variables.copilot.copilot_extensions_short %}, select the **Filter:** dropdown menu, then click **{% data variables.copilot.copilot_extensions_short %}**. +1. Next to the {% data variables.copilot.copilot_extension_short %} you want to review or modify, click **Configure**. +1. In the "Permissions" section, review the permissions listed for the {% data variables.copilot.copilot_extension_short %}. Optionally, you can block the {% data variables.copilot.copilot_extension_short %}'s access to your organization in one of two ways: + * To indefinitely suspend the {% data variables.copilot.copilot_extension_short %}'s access to resources in your organization while keeping the extension installed, in the "Danger zone" section, click **Suspend**. + * To uninstall a {% data variables.copilot.copilot_extension_short %} completely, in the "Danger zone" section, click **Uninstall**. + +## Further reading + +* [{% data variables.product.prodname_copilot %} Trust Center](https://copilot.github.trust.page) +* [AUTOTITLE](/copilot/how-tos/context/install-copilot-extensions/using-extensions-to-integrate-external-tools-with-copilot-chat) +* [AUTOTITLE](/copilot/concepts/build-copilot-extensions/about-building-copilot-extensions) diff --git a/content/copilot/how-tos/agents/copilot-coding-agent/using-copilot-to-work-on-an-issue.md b/content/copilot/how-tos/agents/copilot-coding-agent/using-copilot-to-work-on-an-issue.md index d2321cef4b90..27fb542bdc01 100644 --- a/content/copilot/how-tos/agents/copilot-coding-agent/using-copilot-to-work-on-an-issue.md +++ b/content/copilot/how-tos/agents/copilot-coding-agent/using-copilot-to-work-on-an-issue.md @@ -62,10 +62,70 @@ You can also assign issues to {% data variables.product.prodname_copilot_short % ### Assigning an issue to {% data variables.product.prodname_copilot_short %} via the {% data variables.product.github %} API -You can assign an issue to {% data variables.product.prodname_copilot_short %} by making a request to the GraphQL API. +You can assign issues to {% data variables.product.prodname_copilot_short %} using the GraphQL API. + +#### Creating and assigning a new issue + +1. Make sure you're authenticating with the API using a user token, for example a {% data variables.product.pat_generic %} or a {% data variables.product.prodname_github_app %} user-to-server token. +1. Verify that {% data variables.copilot.copilot_coding_agent %} is enabled in the repository by checking if the repository's `suggestedActors` in the GraphQL API includes {% data variables.product.prodname_copilot_short %}. Replace `octo-org` with the repository owner, and `octo-repo` with the repository name. + + ```graphql copy + query { + repository(owner: "octo-org", name: "octo-repo") { + suggestedActors(capabilities: [CAN_BE_ASSIGNED], first: 100) { + nodes { + login + __typename + + ... on Bot { + id + } + + ... on User { + id + } + } + } + } + } + ``` + + If {% data variables.copilot.copilot_coding_agent %} is enabled for the user and in the repository, the first node returned from the query will have the `login` value `copilot-swe-agent`. + +1. Make a note of the `id` value of this login. + +1. Fetch the GraphQL global ID of the repository you want to create the issue in, replacing `octo-org` with the repository owner, and `octo-repo` with the repository name. + + ```graphql copy + query { + repository(owner: "octo-org", name: "octo-repo") { + id + } + } + ``` + +1. Create the issue with the `createIssue` mutation. Replace `REPOSITORY_ID` with the ID returned from the previous step, and `BOT_ID` with the ID returned from the step before that. + + ```graphql copy + mutation { + createIssue(input: {repositoryId: "REPOSITORY_ID", title: "Implement comprehensive unit tests", body: "DETAILS", assigneeIds: ["BOT_ID"]}) { + issue { + id + title + assignees(first: 10) { + nodes { + login + } + } + } + } + } + ``` + +#### Assigning an existing issue 1. Make sure you're authenticating with the API using a user token, for example a {% data variables.product.pat_generic %} or a {% data variables.product.prodname_github_app %} user-to-server token. -1. Verify that {% data variables.copilot.copilot_coding_agent %} is enabled in the repository by checking if the repository's `suggestedActors` in the GraphQL API includes {% data variables.product.prodname_copilot_short %}. Replace `monalisa` with the repository owner, and `octocat` with the name. +1. Verify that {% data variables.copilot.copilot_coding_agent %} is enabled in the repository by checking if the repository's `suggestedActors` in the GraphQL API includes {% data variables.product.prodname_copilot_short %}. Replace `octo-org` with the repository owner, and `octo-repo` with the repository name. ```graphql copy query { @@ -103,11 +163,11 @@ You can assign an issue to {% data variables.product.prodname_copilot_short %} b } ``` -1. Assign the issue to {% data variables.product.prodname_copilot_short %} using the `replaceActorsForAssignable` GraphQL mutation. Replace `ISSUE_ID` with the ID returned from the previous step, and `BOT_ID` with the ID returned from the step before that. +1. Assign the existing issue to {% data variables.product.prodname_copilot_short %} using the `replaceActorsForAssignable` mutation. Replace `ISSUE_ID` with the ID returned from the previous step, and `BOT_ID` with the ID returned from the step before that. ```graphql copy mutation { - replaceActorsForAssignable(input: {assignableId: "ISSUE_ID", assigneeIds: ["BOT_ID"]}) { + replaceActorsForAssignable(input: {assignableId: "ISSUE_ID", actorIds: ["BOT_ID"]}) { assignable { ... on Issue { id diff --git a/content/copilot/reference/feature-availability-enterprise.md b/content/copilot/reference/feature-availability-enterprise.md new file mode 100644 index 000000000000..ef9b30488de7 --- /dev/null +++ b/content/copilot/reference/feature-availability-enterprise.md @@ -0,0 +1,56 @@ +--- +title: Feature availability when Copilot policies conflict in organizations +shortTitle: Feature availability (enterprise) +allowTitleToDifferFromFilename: true +intro: 'Learn how delegating {% data variables.product.prodname_copilot_short %} policy decisions to organizations affects users granted a license by organizations with different policies.' +versions: + feature: copilot +type: reference +topics: + - Copilot + - Policy + - Access management + - Organizations + - Enterprise +--- + +## About delegating policy decisions to organizations + +Policies can be defined for a whole enterprise, or set at the organization level. See [AUTOTITLE](/copilot/concepts/policies). + +When an enterprise owner delegates control of a policy to organization owners by setting "No policy," some organizations may enable a feature while others disable it. Users may be granted a {% data variables.product.prodname_copilot_short %} license by organizations with different policies for the same feature. + +## How availability is determined + +Feature, model, and privacy settings for users are set according to the **least restrictive** or the **most restrictive** policy defined by any of the organizations where they are granted a {% data variables.product.prodname_copilot_short %} license. + +* **Least restrictive:** if any of the organizations has **enabled** a feature, this feature is enabled for the user everywhere. This applies to all but the more sensitive {% data variables.product.prodname_copilot_short %} features. + +* **Most restrictive:** if any of the organizations has **disabled** a feature, this feature is disabled for the user in all their organizations. This applies only to the most sensitive {% data variables.product.prodname_copilot_short %} features, for example: access to {% data variables.product.prodname_copilot_short %} metrics using the API. + +## Availability for members with {% data variables.product.prodname_copilot_short %} from multiple organizations + + + +| Policy | Availability matches | More information | +| :---- | :---- | :---- | +| {% data variables.product.prodname_copilot_short %} Metrics API | Most restrictive organization | [AUTOTITLE](/rest/copilot/copilot-metrics) | +| Suggestions matching public code (privacy policy) | Most restrictive organization | [AUTOTITLE](/copilot/concepts/completions/code-suggestions) | +| {% data variables.product.prodname_copilot_short %} can search the web | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-github#leveraging-a-web-search-to-answer-a-question) | +| {% data variables.copilot.copilot_mobile_short %} | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-github-mobile) | +| {% data variables.copilot.copilot_chat_short %} in the IDE | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-your-ide) | +| {% data variables.copilot.copilot_coding_agent %} | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-copilot-coding-agent-on-githubcom) | +| {% data variables.copilot.copilot_extensions_short %} | Least restrictive organization | [AUTOTITLE](/copilot/concepts/build-copilot-extensions/about-building-copilot-extensions) | +| {% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %} | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-chat-in-github) | +| {% data variables.copilot.copilot_desktop_short %} | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-in-github-desktop) | +| {% data variables.copilot.copilot_cli_short %} | Least restrictive organization | [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-in-the-cli) | +| Editor preview features | Least restrictive organization | [AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-pre-release-license-terms) | +| {% data variables.product.prodname_github_models %}, one policy per model | Least restrictive organization | [AUTOTITLE](/github-models/github-models-at-scale/manage-models-at-scale) | +| MCP servers in {% data variables.product.prodname_copilot_short %} | Least restrictive organization | [AUTOTITLE](/copilot/using-github-copilot/coding-agent/extending-copilot-coding-agent-with-mcp) | + +## Next steps + +* [AUTOTITLE](/copilot/how-tos/administer/organizations/managing-policies-for-copilot-in-your-organization) +* [AUTOTITLE](/copilot/how-tos/administer/enterprises/managing-policies-and-features-for-copilot-in-your-enterprise) diff --git a/content/copilot/reference/index.md b/content/copilot/reference/index.md index 824f33f5d47d..be23ba166b2d 100644 --- a/content/copilot/reference/index.md +++ b/content/copilot/reference/index.md @@ -8,6 +8,7 @@ topics: - Copilot children: - /github-copilot-chat-cheat-sheet + - /feature-availability-enterprise - /ai-models - /proxy-server-and-firewall-settings-for-copilot - /copilot-extensions diff --git a/data/reusables/copilot/about-code-referencing.md b/data/reusables/copilot/about-code-referencing.md index 0e0f9808eb74..4840edc21020 100644 --- a/data/reusables/copilot/about-code-referencing.md +++ b/data/reusables/copilot/about-code-referencing.md @@ -1,6 +1,6 @@ {% data variables.product.prodname_copilot_short %} code referencing identifies and attributes code suggestions by linking them to their original public sources, helping you understand where the code originates. -If you've allowed suggestions that match public code, {% data variables.product.prodname_copilot %} can provide you with details of the code that a suggestion matches. This happens: +If you, or your organization, have allowed suggestions that match public code, {% data variables.product.prodname_copilot %} can provide you with details of the code that a suggestion matches. This happens: * When you accept a code completion suggestion in the editor. * When a response in {% data variables.copilot.copilot_chat_short %} includes matching code. diff --git a/data/reusables/copilot/policies-for-dotcom.md b/data/reusables/copilot/policies-for-dotcom.md index 54faa129a7a2..e1a695e6b59d 100644 --- a/data/reusables/copilot/policies-for-dotcom.md +++ b/data/reusables/copilot/policies-for-dotcom.md @@ -1,4 +1,4 @@ -* **Opt in to user feedback collection:** If enabled, users can provide feedback on {% data variables.product.prodname_copilot_short %} pull request summaries. For more information, see [AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/copilot-pull-request-summaries/creating-a-pull-request-summary-with-github-copilot). +* **Opt in to user feedback collection:** If enabled, users will see options to provide feedback on selected {% data variables.product.prodname_copilot_short %} features. * **Opt in to preview features:** If enabled, users can test new {% data variables.product.prodname_copilot_short %} features that are not yet generally available. Be aware that previews of features may have flaws, and the features may be changed or discontinued at any time. Current previews of {% data variables.product.prodname_copilot_short %} features include: * {% data variables.copilot.copilot_spaces %}. See [AUTOTITLE](/copilot/using-github-copilot/copilot-spaces/about-organizing-and-sharing-context-with-copilot-spaces). diff --git a/data/reusables/copilot/policies-intro.md b/data/reusables/copilot/policies-intro.md new file mode 100644 index 000000000000..6b060581135b --- /dev/null +++ b/data/reusables/copilot/policies-intro.md @@ -0,0 +1,3 @@ +When an organization owner assigns a {% data variables.product.prodname_copilot_short %} license to a member of their organization, the user's access to features and models is controlled by policies. + +Enterprise owners can define a policy for the whole enterprise, or delegate the decision to individual organization owners. See [AUTOTITLE](/copilot/concepts/policies). diff --git a/data/reusables/enterprise-accounts/copilot-tab.md b/data/reusables/enterprise-accounts/copilot-tab.md index b60c0167152c..7040be061b70 100644 --- a/data/reusables/enterprise-accounts/copilot-tab.md +++ b/data/reusables/enterprise-accounts/copilot-tab.md @@ -1 +1 @@ -1. In the "{% octicon "law" aria-hidden="true" aria-label="law" %} Policies" section, click **{% data variables.product.prodname_copilot_short %}**. +1. In the "Policies" section, click **{% data variables.product.prodname_copilot_short %}**. diff --git a/data/reusables/organizations/copilot-policy-ent-overrides-org.md b/data/reusables/organizations/copilot-policy-ent-overrides-org.md index 6917545de5e3..6dae2be58dfe 100644 --- a/data/reusables/organizations/copilot-policy-ent-overrides-org.md +++ b/data/reusables/organizations/copilot-policy-ent-overrides-org.md @@ -1 +1 @@ ->[!NOTE] {% data variables.product.prodname_copilot_short %} policies are also managed at the enterprise level. If your organization is part of an enterprise, and explicit settings have been selected at the enterprise level, you cannot override those settings at the organization level. For more information on managing policies at the enterprise level, see [AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise). +{% data variables.product.prodname_copilot_short %} policies are also managed at the enterprise level. If your organization is part of an enterprise, and explicit settings have been selected at the enterprise level, you cannot override those settings at the organization level. For information on how policies combine, see [AUTOTITLE](/copilot/concepts/policies).