From dd3ed1d734cc2fd0da52ec91cdfcab7a76f83d55 Mon Sep 17 00:00:00 2001 From: Laura Coursen Date: Mon, 20 Mar 2023 08:37:58 -0500 Subject: [PATCH 1/3] Update some tables for accessibility (#35324) Co-authored-by: Jules <19994093+jules-p@users.noreply.github.com> --- .../about-billing-for-github-codespaces.md | 10 ++++----- .../about-billing-for-github-packages.md | 2 +- .../the-githubdev-web-based-editor.md | 6 +++--- ...ng-github-copilot-in-visual-studio-code.md | 6 +++--- .../introduction-to-github-packages.md | 21 ++++++++++++++----- 5 files changed, 28 insertions(+), 17 deletions(-) diff --git a/content/billing/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md b/content/billing/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md index 5df98fb56d3c..163a483b9975 100644 --- a/content/billing/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md +++ b/content/billing/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md @@ -77,11 +77,11 @@ A {% data variables.product.prodname_github_codespaces %} instance (a "codespace | Component | Machine type | Unit of measure | Included usage multiplier | Price | | ------------------- | ------------ | --------------- | ------------------------- | ----- | | Codespaces compute | 2 core | 1 hour | 2 | $0.18 | -| | 4 core | 1 hour | 4 | $0.36 | -| | 8 core | 1 hour | 8 | $0.72 | -| | 16 core | 1 hour | 16 | $1.44 | -| | 32 core | 1 hour | 32 | $2.88 | -| Codespaces storage | Storage | 1 GB-month [1] | N/A | $0.07 | +| Codespaces compute | 4 core | 1 hour | 4 | $0.36 | +| Codespaces compute | 8 core | 1 hour | 8 | $0.72 | +| Codespaces compute | 16 core | 1 hour | 16 | $1.44 | +| Codespaces compute | 32 core | 1 hour | 32 | $2.88 | +| Codespaces storage | Storage | 1 GB-month [1] | Not applicable | $0.07 | [1] See "[About billing for storage usage](#about-billing-for-storage-usage)" later in this article for details of the GB-month unit of measure. diff --git a/content/billing/managing-billing-for-github-packages/about-billing-for-github-packages.md b/content/billing/managing-billing-for-github-packages/about-billing-for-github-packages.md index a378dfd44657..a14ac44b2d37 100644 --- a/content/billing/managing-billing-for-github-packages/about-billing-for-github-packages.md +++ b/content/billing/managing-billing-for-github-packages/about-billing-for-github-packages.md @@ -45,7 +45,7 @@ All data transferred out, when triggered by {% data variables.product.prodname_a ||Hosted|Self-Hosted| |-|-|-| |Access using a `GITHUB_TOKEN`|Free|Free| -|Access using a {% data variables.product.pat_generic %}|Free|$| +|Access using a {% data variables.product.pat_generic %}|Free|Paid| Storage usage is shared with build artifacts produced by {% data variables.product.prodname_actions %} for repositories owned by your account. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions)." diff --git a/content/codespaces/the-githubdev-web-based-editor.md b/content/codespaces/the-githubdev-web-based-editor.md index 86406b151ec6..14eb98819bbc 100644 --- a/content/codespaces/the-githubdev-web-based-editor.md +++ b/content/codespaces/the-githubdev-web-based-editor.md @@ -114,14 +114,14 @@ Extensions that can run in {% data variables.codespaces.serverless %} will appea ## Using {% data variables.codespaces.serverless %} behind a firewall -If you are working behind a firewall you will need to add the following URLs to your firewall's allow list: +If you are working behind a firewall you will need to add the following URLs to your firewall's allow list. | URL | Use | | --- | --- | | `https://*.vscode-cdn.net` | {% data variables.codespaces.serverless %} runs entirely in the browser. To do so it needs to download {% data variables.product.prodname_vscode_shortname %} assets from endpoints at this URL. | -| `https://update.code.visualstudio.com` | As above. | +| `https://update.code.visualstudio.com` | {% data variables.codespaces.serverless %} runs entirely in the browser. To do so it needs to download {% data variables.product.prodname_vscode_shortname %} assets from endpoints at this URL. | | `https://api.github.com` | Used to retrieve source files from {% data variables.product.prodname_dotcom %} | -| `https://vscode-sync-insiders.trafficmanager.net` | _Optional. To allow settings to be synchronized via Settings Sync._ | +| `https://vscode-sync-insiders.trafficmanager.net` | _Optional._ To allow settings to be synchronized via Settings Sync. | Every extension installed in {% data variables.codespaces.serverless %} is run under an independent web worker. This adds a layer of security between multiple extensions running in the same browser. As a result, request URLs coming from extensions are similar to this: `https://v--151hfiju3s93ktt2rqh65902gukb27osot905m4g52k40kaea3h6.vscode-cdn.net`. diff --git a/content/copilot/configuring-github-copilot/configuring-github-copilot-in-visual-studio-code.md b/content/copilot/configuring-github-copilot/configuring-github-copilot-in-visual-studio-code.md index 50bcbb2bfbaf..3d006eb86cdf 100644 --- a/content/copilot/configuring-github-copilot/configuring-github-copilot-in-visual-studio-code.md +++ b/content/copilot/configuring-github-copilot/configuring-github-copilot-in-visual-studio-code.md @@ -32,7 +32,7 @@ You can use the default keyboard shortcuts in {% data variables.product.prodname |Show previous inline suggestion| Option (⌥)+[
|editor.action.inlineSuggest.showPrevious| |Trigger inline suggestion| Option (⌥)+\
|editor.action.inlineSuggest.trigger| |Open {% data variables.product.prodname_copilot %} (additional suggestions in separate pane)|Ctrl+Return|github.copilot.generate| -|Toggle {% data variables.product.prodname_copilot %} on/off|_No default shortcut_|github.copilot.toggleCopilot| +|Toggle {% data variables.product.prodname_copilot %} on/off| None |github.copilot.toggleCopilot| {% endmac %} @@ -47,7 +47,7 @@ You can use the default keyboard shortcuts in {% data variables.product.prodname |Show previous inline suggestion|Alt+[|editor.action.inlineSuggest.showPrevious| |Trigger inline suggestion|Alt+\|editor.action.inlineSuggest.trigger| |Open {% data variables.product.prodname_copilot %} (additional suggestions in separate pane)|Ctrl+Enter|github.copilot.generate| -|Toggle {% data variables.product.prodname_copilot %} on/off|_No default shortcut_|github.copilot.toggleCopilot| +|Toggle {% data variables.product.prodname_copilot %} on/off| None |github.copilot.toggleCopilot| {% endwindows %} @@ -63,7 +63,7 @@ You can use the default keyboard shortcuts in {% data variables.product.prodname |Show previous inline suggestion|Alt+[|editor.action.inlineSuggest.showPrevious| |Trigger inline suggestion|Alt+\|editor.action.inlineSuggest.trigger| |Open {% data variables.product.prodname_copilot %} (additional suggestions in separate pane)|Ctrl+Enter|github.copilot.generate| -|Toggle {% data variables.product.prodname_copilot %} on/off|_No default shortcut_|github.copilot.toggleCopilot| +|Toggle {% data variables.product.prodname_copilot %} on/off| None |github.copilot.toggleCopilot| {% endlinux %} diff --git a/content/packages/learn-github-packages/introduction-to-github-packages.md b/content/packages/learn-github-packages/introduction-to-github-packages.md index 629e57ed7faf..3f2ab4040123 100644 --- a/content/packages/learn-github-packages/introduction-to-github-packages.md +++ b/content/packages/learn-github-packages/introduction-to-github-packages.md @@ -37,12 +37,23 @@ For more information about the configuration of {% data variables.product.prodna {% endif %} -### Overview of package permissions and visibility +### Overview of package permissions -| | | -|--------------------|--------------------| -| Permissions | {% ifversion packages-registries-v2 %}The permissions for a package are either inherited from the repository where the package is hosted, or can be defined for specific users or organizations. Some registries only support permissions inherited from a repository. For a list of these registries, see "[AUTOTITLE](/packages/learn-github-packages/about-permissions-for-github-packages#permissions-for-repository-scoped-packages)." For more information on package access, see "[AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)." {% else %}Each package inherits the permissions of the repository where the package is hosted.

For example, anyone with read permissions for a repository can install a package as a dependency in a project, and anyone with write permissions can publish a new package version.{% endif %} | -| Visibility | {% data reusables.package_registry.public-or-private-packages %} | +{% ifversion packages-registries-v2 %} + +The permissions for a package are either inherited from the repository where the package is hosted, or can be defined for specific users or organizations. Some registries only support permissions inherited from a repository. For a list of these registries, see "[AUTOTITLE](/packages/learn-github-packages/about-permissions-for-github-packages#permissions-for-repository-scoped-packages)." For more information on package access, see "[AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)." + +{% else %} + +Each package inherits the permissions of the repository where the package is hosted. + +For example, anyone with read permissions for a repository can install a package as a dependency in a project, and anyone with write permissions can publish a new package version. + +{% endif %} + +### Overview of package visibility + +{% data reusables.package_registry.public-or-private-packages %} {% ifversion fpt or ghec %} ## About billing for {% data variables.product.prodname_registry %} From 7fda47c6393ba6c5016a7bba20fb6e5f9ca55171 Mon Sep 17 00:00:00 2001 From: Laura Coursen Date: Mon, 20 Mar 2023 08:42:38 -0500 Subject: [PATCH 2/3] Make tables in the Enterprise focus area accessible (#35253) Co-authored-by: Matt Pollard --- content/admin/all-releases.md | 6 ++-- .../cluster-network-configuration.md | 18 +++++----- .../upgrading-github-enterprise-server.md | 12 +++---- ...ub-actions-for-github-enterprise-server.md | 2 +- .../using-cas-for-enterprise-iam/using-cas.md | 6 ++-- .../about-enterprise-managed-users.md | 13 +++---- ...le-sign-on-for-enterprise-managed-users.md | 2 +- .../using-ldap.md | 34 +++++++++---------- .../about-saml-for-enterprise-iam.md | 12 +++---- .../mapping-okta-groups-to-teams.md | 8 +++-- .../saml-configuration-reference.md | 18 +++++----- ...e-ecosystem-support-for-your-enterprise.md | 6 +--- ...inio-storage-bucket-for-github-packages.md | 4 +-- ...igrate-data-to-github-enterprise-server.md | 6 ++-- data/reusables/github-ae/saml-idp-table.md | 6 ++-- 15 files changed, 76 insertions(+), 77 deletions(-) diff --git a/content/admin/all-releases.md b/content/admin/all-releases.md index 98d4d6189c9f..7464d62d5721 100644 --- a/content/admin/all-releases.md +++ b/content/admin/all-releases.md @@ -27,13 +27,13 @@ For more information about the latest release, see the [{% data variables.produc {%- for version in enterpriseServerReleases.supported %} {%- assign currentDate = 'now' | date: '%s' %} {%- assign deprecationDate = enterpriseServerReleases.dates[version].deprecationDate | date: '%s' %} -| {{version}} | {{enterpriseServerReleases.dates[version].releaseDate}} | {{enterpriseServerReleases.dates[version].deprecationDate}} | {% if currentDate < deprecationDate %}{% octicon "check" aria-label="The Check icon" %}{% else %}{% octicon "x" aria-label="X symbol" %}{% endif %} | [{{version}} release notes](/enterprise-server@{{version}}/admin/release-notes) | [{{version}} documentation](/enterprise-server@{{version}}) | +| {{version}} | {{enterpriseServerReleases.dates[version].releaseDate}} | {{enterpriseServerReleases.dates[version].deprecationDate}} | {% if currentDate < deprecationDate %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | [{{version}} release notes](/enterprise-server@{{version}}/admin/release-notes) | [{{version}} documentation](/enterprise-server@{{version}}) | {%- endfor %} {%- for version in enterpriseServerReleases.deprecatedReleasesWithNewFormat %} -| {{version}} | {{enterpriseServerReleases.dates[version].releaseDate}} | {{enterpriseServerReleases.dates[version].deprecationDate}} | {% octicon "x" aria-label="X symbol" %} | [{{version}} release notes](/enterprise-server@{{version}}/admin/release-notes) | [{{version}} documentation](/enterprise-server@{{version}}) | +| {{version}} | {{enterpriseServerReleases.dates[version].releaseDate}} | {{enterpriseServerReleases.dates[version].deprecationDate}} | {% octicon "x" aria-label="Not supported" %} | [{{version}} release notes](/enterprise-server@{{version}}/admin/release-notes) | [{{version}} documentation](/enterprise-server@{{version}}) | {%- endfor %} {%- for version in enterpriseServerReleases.deprecatedReleasesWithLegacyFormat %} -| {{version}} | {{enterpriseServerReleases.dates[version].releaseDate}} | {{enterpriseServerReleases.dates[version].deprecationDate}} | {% octicon "x" aria-label="X symbol" %} | [{{version}} release notes](https://enterprise.github.com/releases/series/{{version}}) | [{{version}} documentation](/enterprise/{{version}}) | +| {{version}} | {{enterpriseServerReleases.dates[version].releaseDate}} | {{enterpriseServerReleases.dates[version].deprecationDate}} | {% octicon "x" aria-label="Not supported" %} | [{{version}} release notes](https://enterprise.github.com/releases/series/{{version}}) | [{{version}} documentation](/enterprise/{{version}}) | {%- endfor %} ### Deprecated developer documentation diff --git a/content/admin/enterprise-management/configuring-clustering/cluster-network-configuration.md b/content/admin/enterprise-management/configuring-clustering/cluster-network-configuration.md index 3bca1364de90..3dcfd11d70f4 100644 --- a/content/admin/enterprise-management/configuring-clustering/cluster-network-configuration.md +++ b/content/admin/enterprise-management/configuring-clustering/cluster-network-configuration.md @@ -27,11 +27,11 @@ Application ports provide web application and Git access for end users. | Port | Description | Encrypted | | :------------- | :------------- | :------------- | -| 22/TCP | Git over SSH | Yes | +| 22/TCP | Git over SSH | {% octicon "check" aria-label="Encrypted" %} | | 25/TCP | SMTP | Requires STARTTLS | -| 80/TCP | HTTP | No
(When SSL is enabled this port redirects to HTTPS) | -| 443/TCP | HTTPS | Yes | -| 9418/TCP | Simple Git protocol port
(Disabled in private mode) | No | +| 80/TCP | HTTP | {% octicon "x" aria-label="Not encrypted" %}

When SSL is enabled this port redirects to HTTPS | +| 443/TCP | HTTPS | {% octicon "check" aria-label="Encrypted" %} | +| 9418/TCP | Simple Git protocol port
(Disabled in private mode) | {% octicon "x" aria-label="Not encrypted" %} | ### Administrative ports @@ -39,11 +39,11 @@ Administrative ports are not required for basic application use by end users. | Port | Description | Encrypted | | :------------- | :------------- | :------------- | -| ICMP | ICMP Ping | No | -| 122/TCP | Administrative SSH | Yes | -| 161/UDP | SNMP | No | -| 8080/TCP | Management Console HTTP | No
(When SSL is enabled this port redirects to HTTPS) | -| 8443/TCP | Management Console HTTPS | Yes | +| ICMP | ICMP Ping | {% octicon "x" aria-label="Not encrypted" %} | +| 122/TCP | Administrative SSH | {% octicon "check" aria-label="Encrypted" %} | +| 161/UDP | SNMP | {% octicon "x" aria-label="Not encrypted" %} | +| 8080/TCP | Management Console HTTP | {% octicon "x" aria-label="Not encrypted" %}

When SSL is enabled this port redirects to HTTPS | +| 8443/TCP | Management Console HTTPS | {% octicon "check" aria-label="Encrypted" %} | ### Cluster communication ports diff --git a/content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server.md b/content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server.md index fe7f4a6f3ce7..6631a1ffb6bf 100644 --- a/content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server.md +++ b/content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server.md @@ -75,13 +75,13 @@ There are two types of snapshots: {% endnote %} -| Platform | Snapshot method | Snapshot documentation URL | +| Platform | Snapshot method | Documentation | |---|---|---| -| Amazon AWS | Disk | -| Azure | VM | -| Hyper-V | VM | -| Google Compute Engine | Disk | -| VMware | VM | +| Amazon AWS | Disk | [Create Amazon EBS snapshots](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html) in the AWS documentation +| Azure | VM | [Back up an Azure VM from the VM settings](https://docs.microsoft.com/azure/backup/backup-azure-vms-first-look-arm) in Microsoft Learn +| Hyper-V | VM | [Enable or disable checkpoints in Hyper-V](https://docs.microsoft.com/windows-server/virtualization/hyper-v/manage/enable-or-disable-checkpoints-in-hyper-v) in Microsoft Learn +| Google Compute Engine | Disk | [Create and manage disk snapshots](https://cloud.google.com/compute/docs/disks/create-snapshots) in the Google Cloud documentation +| VMware | VM | [Taking Snapshots of a Virtual Machine](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.hostclient.doc/GUID-64B866EF-7636-401C-A8FF-2B4584D9CA72.html) in VMware Docs ## Choosing an upgrade package diff --git a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md b/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md index d427b71e59d3..a5839b0a5c05 100644 --- a/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md +++ b/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md @@ -43,7 +43,7 @@ The peak quantity of concurrent jobs running without performance loss depends on The CPU and memory resources available to {% data variables.location.product_location %} determine the number of runners that can be configured without performance loss. {% data reusables.actions.minimum-hardware %} -The peak quantity of connected runners without performance loss depends on such factors as job duration, artifact usage, number of repositories running Actions, and how much other work your instance is doing not related to Actions. Internal testing at GitHub demonstrated the following performance targets for GitHub Enterprise Server on a range of CPU and memory configurations: +The peak quantity of connected runners without performance loss depends on such factors as job duration, artifact usage, number of repositories running Actions, and how much other work your instance is doing not related to Actions. Internal testing at GitHub demonstrated performance targets for GitHub Enterprise Server on a range of CPU and memory configurations. {% endif %} diff --git a/content/admin/identity-and-access-management/using-cas-for-enterprise-iam/using-cas.md b/content/admin/identity-and-access-management/using-cas-for-enterprise-iam/using-cas.md index 15cd6c75452c..4f1be36afb74 100644 --- a/content/admin/identity-and-access-management/using-cas-for-enterprise-iam/using-cas.md +++ b/content/admin/identity-and-access-management/using-cas-for-enterprise-iam/using-cas.md @@ -36,11 +36,9 @@ If you configure CAS, people with accounts on your identity provider (IdP) do no ## CAS attributes -The following attributes are available. +The `username` attribute is required and should be set to the {% data variables.product.prodname_ghe_server %} username. -| Attribute name | Type | Description | -|--------------------------|----------|-------------| -| `username` | Required | The {% data variables.product.prodname_ghe_server %} username. | +No other attributes are available. ## Configuring CAS diff --git a/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md b/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md index 8fd92f5a3a4e..2eeab3de3c53 100644 --- a/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md +++ b/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md @@ -58,13 +58,14 @@ To discover how a member was added to an organization, you can filter the member ## Identity provider support -{% data variables.product.prodname_emus %} supports the following IdPs{% ifversion oidc-for-emu %} and authentication methods: +{% ifversion oidc-for-emu %} + +| Identity provider | SAML | OIDC | +|-------------------|------|------| +| Azure Active Directory | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | +| Okta | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | -| | SAML | OIDC | -|----------------------------------|-----------------------------------------------|-----------------------------------------------| -| Azure Active Directory | {% octicon "check" aria-label="Check icon" %} | {% octicon "check" aria-label="Check icon" %} | -| Okta | {% octicon "check" aria-label="Check icon" %} | | -{% else %}: +{% else %} {% data reusables.enterprise-accounts.emu-supported-idps %} diff --git a/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users.md b/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users.md index 565c262b1195..f43149835d86 100644 --- a/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users.md +++ b/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users.md @@ -68,7 +68,7 @@ To configure your IdP, follow the instructions they provide for configuring the 1. So you can test and configure your enterprise, assign yourself or the user that will be configuring SAML SSO on {% data variables.product.prodname_dotcom %} to the {% data variables.product.prodname_emu_idp_application %} application on your IdP. -1. To enable you to continue configuring your enterprise on {% data variables.product.prodname_dotcom %}, locate and note the following information from the application you installed on your IdP: +1. To enable you to continue configuring your enterprise on {% data variables.product.prodname_dotcom %}, locate and note the following information from the application you installed on your IdP. | Value | Other names | Description | | :- | :- | :- | diff --git a/content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md b/content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md index da0342142c43..f97ad5b0f382 100644 --- a/content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md +++ b/content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md @@ -69,24 +69,24 @@ When you configure LDAP access for users via the {% data variables.enterprise.ma ## LDAP attributes Use these attributes to finish configuring LDAP for {% data variables.location.product_location %}. -| Attribute name | Type | Description | +| Attribute name | Required | Description | |--------------------------|----------|-------------| -| `Host` | Required | The LDAP host, e.g. `ldap.example.com` or `10.0.0.30`. If the hostname is only available from your internal network, you may need to configure {% data variables.location.product_location %}'s DNS first so it can resolve the hostname using your internal nameservers. | -| `Port` | Required | The port the host's LDAP services are listening on. Examples include: 389 and 636 (for LDAPS). | -| `Encryption` | Required | The encryption method used to secure communications to the LDAP server. Examples include plain (no encryption), SSL/LDAPS (encrypted from the start), and StartTLS (upgrade to encrypted communication once connected). | -| `Domain search user` | Optional | The LDAP user that looks up other users that sign in, to allow authentication. This is typically a service account created specifically for third-party integrations. Use a fully qualified name, such as `cn=Administrator,cn=Users,dc=Example,dc=com`. With Active Directory, you can also use the `[DOMAIN]\[USERNAME]` syntax (e.g. `WINDOWS\Administrator`) for the domain search user with Active Directory. | -| `Domain search password` | Optional | The password for the domain search user. | -| `Administrators group` | Optional | Users in this group are promoted to site administrators when signing into your appliance. If you don't configure an LDAP Administrators group, the first LDAP user account that signs into your appliance will be automatically promoted to a site administrator. | -| `Domain base` | Required | The fully qualified `Distinguished Name` (DN) of an LDAP subtree you want to search for users and groups. You can add as many as you like; however, each group must be defined in the same domain base as the users that belong to it. If you specify restricted user groups, only users that belong to those groups will be in scope. We recommend that you specify the top level of your LDAP directory tree as your domain base and use restricted user groups to control access. | -| `Restricted user groups` | Optional | If specified, only users in these groups will be allowed to log in. You only need to specify the common names (CNs) of the groups, and you can add as many groups as you like. If no groups are specified, *all* users within the scope of the specified domain base will be able to sign in to your {% data variables.product.prodname_ghe_server %} instance. | -| `User ID` | Required | The LDAP attribute that identifies the LDAP user who attempts authentication. Once a mapping is established, users may change their {% data variables.product.prodname_ghe_server %} usernames. This field should be `sAMAccountName` for most Active Directory installations, but it may be `uid` for other LDAP solutions, such as OpenLDAP. The default value is `uid`. | -| `Profile name` | Optional | The name that will appear on the user's {% data variables.product.prodname_ghe_server %} profile page. Unless LDAP Sync is enabled, users may change their profile names. | -| `Emails` | Optional | The email addresses for a user's {% data variables.product.prodname_ghe_server %} account. | -| `SSH keys` | Optional | The public SSH keys attached to a user's {% data variables.product.prodname_ghe_server %} account. The keys must be in OpenSSH format. | -| `GPG keys` | Optional | The GPG keys attached to a user's {% data variables.product.prodname_ghe_server %} account. | -| `Disable LDAP authentication for Git operations` | Optional |If selected, [turns off](#disabling-password-authentication-for-git-operations) users' ability to use LDAP passwords to authenticate Git operations. | -| `Enable LDAP certificate verification` | Optional |If selected, [turns on](#enabling-ldap-certificate-verification) LDAP certificate verification. | -| `Synchronization` | Optional |If selected, [turns on](#enabling-ldap-sync) LDAP Sync. | +| `Host` | {% octicon "check" aria-label="Required" %} | The LDAP host, e.g. `ldap.example.com` or `10.0.0.30`. If the hostname is only available from your internal network, you may need to configure {% data variables.location.product_location %}'s DNS first so it can resolve the hostname using your internal nameservers. | +| `Port` | {% octicon "check" aria-label="Required" %} | The port the host's LDAP services are listening on. Examples include: 389 and 636 (for LDAPS). | +| `Encryption` | {% octicon "check" aria-label="Required" %} | The encryption method used to secure communications to the LDAP server. Examples include plain (no encryption), SSL/LDAPS (encrypted from the start), and StartTLS (upgrade to encrypted communication once connected). | +| `Domain search user` | {% octicon "x" aria-label="Optional" %} | The LDAP user that looks up other users that sign in, to allow authentication. This is typically a service account created specifically for third-party integrations. Use a fully qualified name, such as `cn=Administrator,cn=Users,dc=Example,dc=com`. With Active Directory, you can also use the `[DOMAIN]\[USERNAME]` syntax (e.g. `WINDOWS\Administrator`) for the domain search user with Active Directory. | +| `Domain search password` | {% octicon "x" aria-label="Optional" %} | The password for the domain search user. | +| `Administrators group` | {% octicon "x" aria-label="Optional" %} | Users in this group are promoted to site administrators when signing into your appliance. If you don't configure an LDAP Administrators group, the first LDAP user account that signs into your appliance will be automatically promoted to a site administrator. | +| `Domain base` | {% octicon "check" aria-label="Required" %} | The fully qualified `Distinguished Name` (DN) of an LDAP subtree you want to search for users and groups. You can add as many as you like; however, each group must be defined in the same domain base as the users that belong to it. If you specify restricted user groups, only users that belong to those groups will be in scope. We recommend that you specify the top level of your LDAP directory tree as your domain base and use restricted user groups to control access. | +| `Restricted user groups` | {% octicon "x" aria-label="Optional" %} | If specified, only users in these groups will be allowed to log in. You only need to specify the common names (CNs) of the groups, and you can add as many groups as you like. If no groups are specified, *all* users within the scope of the specified domain base will be able to sign in to your {% data variables.product.prodname_ghe_server %} instance. | +| `User ID` | {% octicon "check" aria-label="Required" %} | The LDAP attribute that identifies the LDAP user who attempts authentication. Once a mapping is established, users may change their {% data variables.product.prodname_ghe_server %} usernames. This field should be `sAMAccountName` for most Active Directory installations, but it may be `uid` for other LDAP solutions, such as OpenLDAP. The default value is `uid`. | +| `Profile name` | {% octicon "x" aria-label="Optional" %} | The name that will appear on the user's {% data variables.product.prodname_ghe_server %} profile page. Unless LDAP Sync is enabled, users may change their profile names. | +| `Emails` | {% octicon "x" aria-label="Optional" %} | The email addresses for a user's {% data variables.product.prodname_ghe_server %} account. | +| `SSH keys` | {% octicon "x" aria-label="Optional" %} | The public SSH keys attached to a user's {% data variables.product.prodname_ghe_server %} account. The keys must be in OpenSSH format. | +| `GPG keys` | {% octicon "x" aria-label="Optional" %} | The GPG keys attached to a user's {% data variables.product.prodname_ghe_server %} account. | +| `Disable LDAP authentication for Git operations` | {% octicon "x" aria-label="Optional" %} |If selected, [turns off](#disabling-password-authentication-for-git-operations) users' ability to use LDAP passwords to authenticate Git operations. | +| `Enable LDAP certificate verification` | {% octicon "x" aria-label="Optional" %} |If selected, [turns on](#enabling-ldap-certificate-verification) LDAP certificate verification. | +| `Synchronization` | {% octicon "x" aria-label="Optional" %} | If selected, [turns on](#enabling-ldap-sync) LDAP Sync. | ### Disabling password authentication for Git operations diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md index ed1e9be2d9bd..7489d4375be5 100644 --- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md +++ b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md @@ -102,12 +102,12 @@ We test and officially support the following IdPs. For SAML SSO, we offer limite IdP | SAML | Team synchronization | --- | :--: | :-------: | -Active Directory Federation Services (AD FS) | {% octicon "check-circle-fill" aria-label= "The check icon" %} | | -Azure Active Directory (Azure AD) | {% octicon "check-circle-fill" aria-label="The check icon" %} | {% octicon "check-circle-fill" aria-label="The check icon" %} | -Okta | {% octicon "check-circle-fill" aria-label="The check icon" %} | | -OneLogin | {% octicon "check-circle-fill" aria-label="The check icon" %} | | -PingOne | {% octicon "check-circle-fill" aria-label="The check icon" %} | | -Shibboleth | {% octicon "check-circle-fill" aria-label="The check icon" %} | | +Active Directory Federation Services (AD FS) | {% octicon "check" aria-label= "Supported" %} | {% octicon "x" aria-label="Not supported" %} | +Azure Active Directory (Azure AD) | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | +Okta | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +OneLogin | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +PingOne | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | +Shibboleth | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% elsif ghes %} diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md index 5112b088e4b7..108cba877d3f 100644 --- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md +++ b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md @@ -74,8 +74,12 @@ Enterprise owners can use the site admin dashboard to check how Okta groups are To monitor SSO activity for mapped groups, you can review the following events in the {% data variables.product.prodname_ghe_managed %} audit log. +For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)." + + ### `external_group` events + {% data reusables.saml.external-group-audit-events %} -{% data reusables.saml.external-identity-audit-events %} +### `external_identity` events -For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)." +{% data reusables.saml.external-identity-audit-events %} diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference.md b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference.md index 7e112b8bb5e5..3fb7f945ed13 100644 --- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference.md +++ b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference.md @@ -75,18 +75,18 @@ The SP metadata for your enterprise on {% data variables.product.product_name %} The following SAML attributes are available for {% data variables.product.product_name %}.{% ifversion ghes %} You can change the attribute names in the {% data variables.enterprise.management_console %}, with the exception of the `administrator` attribute. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console)."{% endif %} -| Name | Required? | Description | +| Name | Required | Description | | :- | :- | :- | -| `NameID` | Yes | A persistent user identifier. Any persistent name identifier format may be used. {% ifversion ghec %}If you use an enterprise with {% data variables.product.prodname_emus %}, {% endif %}{% data variables.product.product_name %} will normalize the `NameID` element to use as a username unless one of the alternative assertions is provided. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication)."

{% note %}**Note:** It's important to use a human-readable, persistent identifier. Using a transient identifier format like `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` will result in re-linking of accounts on every sign-in, which can be detrimental to authorization management.{% endnote %} | -| `SessionNotOnOrAfter` | No | The date that {% data variables.product.product_name %} invalidates the associated session. After invalidation, the person must authenticate once again to access {% ifversion ghec or ghae %}your enterprise's resources{% elsif ghes %}{% data variables.location.product_location %}{% endif %}. For more information, see "[Session duration and timeout](#session-duration-and-timeout)." | +| `NameID` | {% octicon "check" aria-label="Required" %} | A persistent user identifier. Any persistent name identifier format may be used. {% ifversion ghec %}If you use an enterprise with {% data variables.product.prodname_emus %}, {% endif %}{% data variables.product.product_name %} will normalize the `NameID` element to use as a username unless one of the alternative assertions is provided. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication)."

{% note %}**Note:** It's important to use a human-readable, persistent identifier. Using a transient identifier format like `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` will result in re-linking of accounts on every sign-in, which can be detrimental to authorization management.{% endnote %} | +| `SessionNotOnOrAfter` | {% octicon "x" aria-label="Optional" %} | The date that {% data variables.product.product_name %} invalidates the associated session. After invalidation, the person must authenticate once again to access {% ifversion ghec or ghae %}your enterprise's resources{% elsif ghes %}{% data variables.location.product_location %}{% endif %}. For more information, see "[Session duration and timeout](#session-duration-and-timeout)." | {%- ifversion ghes or ghae %} -| `administrator` | No | When the value is `true`, {% data variables.product.product_name %} will automatically promote the user to be a {% ifversion ghes %}site administrator{% elsif ghae %}enterprise owner{% endif %}. Setting this attribute to anything but `true` will result in demotion, as long as the value is not blank. Omitting this attribute or leaving the value blank will not change the role of the user. | -| `username` | No | The username for {% data variables.location.product_location %}. | +| `administrator` | {% octicon "x" aria-label="Optional" %} | When the value is `true`, {% data variables.product.product_name %} will automatically promote the user to be a {% ifversion ghes %}site administrator{% elsif ghae %}enterprise owner{% endif %}. Setting this attribute to anything but `true` will result in demotion, as long as the value is not blank. Omitting this attribute or leaving the value blank will not change the role of the user. | +| `username` | {% octicon "x" aria-label="Optional" %} | The username for {% data variables.location.product_location %}. | {%- endif %} -| `full_name` | No | {% ifversion ghec %}If you configure SAML SSO for an enterprise and you use {% data variables.product.prodname_emus %}, the{% else %}The{% endif %} full name of the user to display on the user's profile page. | -| `emails` | No | The email addresses for the user.{% ifversion ghes or ghae %} You can specify more than one address.{% endif %}{% ifversion ghec or ghes %} If you sync license usage between {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}, {% data variables.product.prodname_github_connect %} uses `emails` to identify unique users across products. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."{% endif %} | -| `public_keys` | No | {% ifversion ghec %}If you configure SAML SSO for an enterprise and you use {% data variables.product.prodname_emus %}, the{% else %}The{% endif %} public SSH keys for the user. You can specify more than one key. | -| `gpg_keys` | No | {% ifversion ghec %}If you configure SAML SSO for an enterprise and you use {% data variables.product.prodname_emus %}, the{% else %}The{% endif %} GPG keys for the user. You can specify more than one key. | +| `full_name` | {% octicon "x" aria-label="Optional" %} | {% ifversion ghec %}If you configure SAML SSO for an enterprise and you use {% data variables.product.prodname_emus %}, the{% else %}The{% endif %} full name of the user to display on the user's profile page. | +| `emails` | {% octicon "x" aria-label="Optional" %} | The email addresses for the user.{% ifversion ghes or ghae %} You can specify more than one address.{% endif %}{% ifversion ghec or ghes %} If you sync license usage between {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}, {% data variables.product.prodname_github_connect %} uses `emails` to identify unique users across products. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."{% endif %} | +| `public_keys` | {% octicon "x" aria-label="Optional" %} | {% ifversion ghec %}If you configure SAML SSO for an enterprise and you use {% data variables.product.prodname_emus %}, the{% else %}The{% endif %} public SSH keys for the user. You can specify more than one key. | +| `gpg_keys` | {% octicon "x" aria-label="Optional" %} | {% ifversion ghec %}If you configure SAML SSO for an enterprise and you use {% data variables.product.prodname_emus %}, the{% else %}The{% endif %} GPG keys for the user. You can specify more than one key. | To specify more than one value for an attribute, use multiple `` elements. diff --git a/content/admin/packages/configuring-package-ecosystem-support-for-your-enterprise.md b/content/admin/packages/configuring-package-ecosystem-support-for-your-enterprise.md index 2ebafe22d970..b0448f335809 100644 --- a/content/admin/packages/configuring-package-ecosystem-support-for-your-enterprise.md +++ b/content/admin/packages/configuring-package-ecosystem-support-for-your-enterprise.md @@ -46,11 +46,7 @@ If you've enabled npm packages on your enterprise and want to allow access to th {% data variables.product.prodname_registry %} uses a transparent proxy for network traffic that connects to the official npm registry at `registry.npmjs.com`. The proxy is enabled by default and cannot be disabled. -To allow network connections to the npm registry, you will need to configure network ACLs that allow {% data variables.product.prodname_ghe_server %} to send HTTPS traffic to `registry.npmjs.com` over port 443: - -| Source | Destination | Port | Type | -|---|---|---|---| -| {% data variables.product.prodname_ghe_server %} | `registry.npmjs.com` | TCP/443 | HTTPS | +To allow network connections to the npm registry, you will need to configure network ACLs that allow {% data variables.product.prodname_ghe_server %} to send HTTPS traffic to `registry.npmjs.com` over port 443/TCP. Note that connections to `registry.npmjs.com` traverse through the Cloudflare network, and subsequently do not connect to a single static IP address; instead, a connection is made to an IP address within the CIDR ranges listed here: https://www.cloudflare.com/ips/. diff --git a/content/admin/packages/quickstart-for-configuring-your-minio-storage-bucket-for-github-packages.md b/content/admin/packages/quickstart-for-configuring-your-minio-storage-bucket-for-github-packages.md index e51b2a0ad2f8..1f6a73ad4d6f 100644 --- a/content/admin/packages/quickstart-for-configuring-your-minio-storage-bucket-for-github-packages.md +++ b/content/admin/packages/quickstart-for-configuring-your-minio-storage-bucket-for-github-packages.md @@ -23,7 +23,7 @@ This quickstart shows you how to set up MinIO using Docker for use with {% data | MinIO mode | Optimized for | Storage infrastructure required | |----|----|----| -| Standalone MinIO (on a single host) | Fast setup | N/A | +| Standalone MinIO (on a single host) | Fast setup | Not applicable | | Clustered MinIO (also called Distributed MinIO)| Data security | Storage servers running in a cluster | For more information about your options, see the official [MinIO docs](https://docs.min.io/). @@ -88,7 +88,7 @@ For more information about your options, see the official [MinIO docs](https://d ## 3. Create your MinIO bucket for {% data variables.product.prodname_registry %} -1. Install the MinIO client. +1. Install the MinIO client. ```shell $ docker pull minio/mc diff --git a/content/migrations/using-ghe-migrator/preparing-to-migrate-data-to-github-enterprise-server.md b/content/migrations/using-ghe-migrator/preparing-to-migrate-data-to-github-enterprise-server.md index d4e5e8044101..1d1e24479cf8 100644 --- a/content/migrations/using-ghe-migrator/preparing-to-migrate-data-to-github-enterprise-server.md +++ b/content/migrations/using-ghe-migrator/preparing-to-migrate-data-to-github-enterprise-server.md @@ -95,19 +95,19 @@ There are several different mapping actions that `ghe-migrator` can take when tr If you believe that `ghe-migrator` will perform an incorrect change, you can make corrections by changing the data in *conflicts.csv*. You can make changes to any of the rows in *conflicts.csv*. -For example, let's say you notice that the `octocat` user from the source is being mapped to `octocat` on the target: +For example, let's say you notice that the `octocat` user from the source is being mapped to `octocat` on the target. | `model_name` | `source_url` | `target_url` | `recommended_action` | |--------------|--------------|------------|--------------------| | `user` | `https://example-gh.source/octocat` | `https://example-gh.target/octocat` | `map` -You can choose to map the user to a different user on the target. Suppose you know that `octocat` should actually be `monalisa` on the target. You can change the `target_url` column in *conflicts.csv* to refer to `monalisa`: +You can choose to map the user to a different user on the target. Suppose you know that `octocat` should actually be `monalisa` on the target. You can change the `target_url` column in *conflicts.csv* to refer to `monalisa`. | `model_name` | `source_url` | `target_url` | `recommended_action` | |--------------|--------------|------------|--------------------| | `user` | `https://example-gh.source/octocat` | `https://example-gh.target/monalisa` | `map` -As another example, if you want to rename the `octo-org/widgets` repository to `octo-org/amazing-widgets` on the target instance, change the `target_url` to `octo-org/amazing-widgets` and the `recommend_action` to `rename`: +As another example, if you want to rename the `octo-org/widgets` repository to `octo-org/amazing-widgets` on the target instance, change the `target_url` to `octo-org/amazing-widgets` and the `recommend_action` to `rename`. | `model_name` | `source_url` | `target_url` | `recommended_action` | |--------------|--------------|------------|--------------------| diff --git a/data/reusables/github-ae/saml-idp-table.md b/data/reusables/github-ae/saml-idp-table.md index 2f261a8b689b..55fe2e7ba9ba 100644 --- a/data/reusables/github-ae/saml-idp-table.md +++ b/data/reusables/github-ae/saml-idp-table.md @@ -1,8 +1,8 @@ {% ifversion ghae %} -IdP | SAML | User provisioning | Team mapping| +IdP | SAML | User provisioning | Team mapping | --- | --- | ---------------- | --------- | -[Azure Active Directory (Azure AD)](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad) | {% octicon "check-circle-fill" aria-label="The check icon" %} | {% octicon "check-circle-fill" aria-label="The check icon" %}| {% octicon "check-circle-fill" aria-label="The check icon" %} | -[Okta](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-okta) | {% octicon "check-circle-fill" aria-label="The check icon" %} [Beta](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-okta)| {% octicon "check-circle-fill" aria-label="The check icon" %} [Beta](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-okta)| {% octicon "check-circle-fill" aria-label= "The check icon" %} [Beta](/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams) | +[Azure Active Directory (Azure AD)](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad) | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}| {% octicon "check" aria-label="Supported" %} | +[Okta](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-okta) | {% octicon "check" aria-label="Supported" %} [Beta](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-okta)| {% octicon "check" aria-label="Supported" %} [Beta](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-okta)| {% octicon "check" aria-label= "Supported" %} [Beta](/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams) | {% endif %} From ed18f98d128a2720d9a285b1ed48b161e4b9b7ef Mon Sep 17 00:00:00 2001 From: Laura Coursen Date: Mon, 20 Mar 2023 08:51:14 -0500 Subject: [PATCH 3/3] Make tables accessible in the Actions focus area (#35481) --- .../creating-actions/about-custom-actions.md | 10 +-- ...-security-hardening-with-openid-connect.md | 76 +++++++++---------- ...ncurrency-expressions-and-a-test-matrix.md | 8 +- ...g-scripts-to-test-your-code-on-a-runner.md | 8 +- .../using-the-github-cli-on-a-runner.md | 12 +-- .../autoscaling-with-self-hosted-runners.md | 12 +-- .../actions/learn-github-actions/contexts.md | 48 ++++++------ ...usage-limits-billing-and-administration.md | 2 +- ...igrating-from-jenkins-to-github-actions.md | 4 +- .../events-that-trigger-workflows.md | 26 +++---- .../actions/checkout-action-table-entry.md | 2 +- .../actions/concurrency-table-entry.md | 2 +- data/reusables/actions/cron-table-entry.md | 2 +- data/reusables/actions/example-table-intro.md | 2 +- .../actions/if-conditions-table-entry.md | 2 +- .../actions/permissions-table-entry.md | 2 +- .../actions/pull-request-table-entry.md | 2 +- data/reusables/actions/push-table-entry.md | 2 +- data/reusables/actions/secrets-table-entry.md | 2 +- .../actions/setup-node-table-entry.md | 2 +- .../actions/supported-github-runners.md | 6 +- .../actions/workflow-dispatch-table-entry.md | 2 +- 22 files changed, 113 insertions(+), 121 deletions(-) diff --git a/content/actions/creating-actions/about-custom-actions.md b/content/actions/creating-actions/about-custom-actions.md index 7675bb474fd2..2be617cd1acf 100644 --- a/content/actions/creating-actions/about-custom-actions.md +++ b/content/actions/creating-actions/about-custom-actions.md @@ -35,11 +35,11 @@ Actions can run directly on a machine or in a Docker container. You can define a You can build Docker container, JavaScript, and composite actions. Actions require a metadata file to define the inputs, outputs and main entrypoint for your action. The metadata filename must be either `action.yml` or `action.yaml`. For more information, see "[AUTOTITLE](/actions/creating-actions/metadata-syntax-for-github-actions)." -| Type | Operating system | -| ---- | ------------------- | -| Docker container | Linux | -| JavaScript | Linux, macOS, Windows | -| Composite Actions | Linux, macOS, Windows | +| Type | Linux | macOS | Windows | +| ---- | ----- | ----- | -------- | +| Docker container | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | +| JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | +| Composite Actions | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | ### Docker container actions diff --git a/content/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md b/content/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md index 807dcaffa69a..b785cad1d4b1 100644 --- a/content/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md +++ b/content/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md @@ -94,27 +94,27 @@ The following example OIDC token uses a subject (`sub`) that references a job en To see all the claims supported by {% data variables.product.prodname_dotcom %}'s OIDC provider, review the `claims_supported` entries at {% ifversion ghes %}`https://HOSTNAME/_services/token/.well-known/openid-configuration`{% else %}https://token.actions.githubusercontent.com/.well-known/openid-configuration{% endif %}. -The token includes the standard audience, issuer, and subject claims: +The token includes the standard audience, issuer, and subject claims. -| Claim | Description | -| ----------- | ---------------------- | -| `aud`| _(Audience)_ By default, this is the URL of the repository owner, such as the organization that owns the repository. This is the only claim that can be customized. You can set a custom audience with a toolkit command: [`core.getIDToken(audience)`](https://www.npmjs.com/package/@actions/core/v/1.6.0) | -| `iss`| _(Issuer)_ The issuer of the OIDC token: {% ifversion ghes %}`https://HOSTNAME/_services/token`{% else %}`https://token.actions.githubusercontent.com`{% endif %} | -| `sub`| _(Subject)_ Defines the subject claim that is to be validated by the cloud provider. This setting is essential for making sure that access tokens are only allocated in a predictable way.| +| Claim | Claim type | Description | +| ----------- | -----| ---------------------- | +| `aud`| Audience | By default, this is the URL of the repository owner, such as the organization that owns the repository. This is the only claim that can be customized. You can set a custom audience with a toolkit command: [`core.getIDToken(audience)`](https://www.npmjs.com/package/@actions/core/v/1.6.0) | +| `iss`| Issuer | The issuer of the OIDC token: {% ifversion ghes %}`https://HOSTNAME/_services/token`{% else %}`https://token.actions.githubusercontent.com`{% endif %} | +| `sub`| Subject | Defines the subject claim that is to be validated by the cloud provider. This setting is essential for making sure that access tokens are only allocated in a predictable way. | -The OIDC token also includes additional standard claims: +The OIDC token also includes additional standard claims. -| Claim | Description | -| ----------- | ---------------------- | -| `alg`| _(Algorithm)_ The algorithm used by the OIDC provider. | -| `exp`| _(Expires at)_ Identifies the expiry time of the JWT. | -| `iat`| _(Issued at)_ The time when the JWT was issued. | -| `jti`| _(JWT token identifier)_ Unique identifier for the OIDC token. | -| `kid`| _(Key identifier)_ Unique key for the OIDC token. | -| `nbf`| _(Not before)_ JWT is not valid for use before this time. | -| `typ`| _(Type)_ Describes the type of token. This is a JSON Web Token (JWT). | +| Claim | Claim type | Description | +| ----------- | -----| ---------------------- | +| `alg`| Algorithm | The algorithm used by the OIDC provider. | +| `exp`| Expires at | Identifies the expiry time of the JWT. | +| `iat`| Issued at | The time when the JWT was issued. | +| `jti`| JWT token identifier | Unique identifier for the OIDC token. | +| `kid`| Key identifier | Unique key for the OIDC token. | +| `nbf`| Not before | JWT is not valid for use before this time. | +| `typ`| Type | Describes the type of token. This is a JSON Web Token (JWT). | -The token also includes custom claims provided by {% data variables.product.prodname_dotcom %}: +The token also includes custom claims provided by {% data variables.product.prodname_dotcom %}. | Claim | Description | | ----------- | ---------------------- | @@ -172,10 +172,8 @@ The subject claim includes the environment name when the job references an envir You can configure a subject that filters for a specific [environment](/actions/deployment/targeting-different-environments/using-environments-for-deployment) name. In this example, the workflow run must have originated from a job that has an environment named `Production`, in a repository named `octo-repo` that is owned by the `octo-org` organization: -| | | -| ------ | ----------- | -| Syntax: | `repo::environment:` | -| Example:| `repo:octo-org/octo-repo:environment:Production` | +- Syntax: `repo::environment:` +- Example:`repo:octo-org/octo-repo:environment:Production` #### Filtering for `pull_request` events @@ -183,10 +181,8 @@ The subject claim includes the `pull_request` string when the workflow is trigge You can configure a subject that filters for the [`pull_request`](/actions/using-workflows/events-that-trigger-workflows#pull_request) event. In this example, the workflow run must have been triggered by a `pull_request` event in a repository named `octo-repo` that is owned by the `octo-org` organization: -| | | -| ------ | ----------- | -| Syntax: | `repo::pull_request` | -| Example:| `repo:octo-org/octo-repo:pull_request` | +- Syntax: `repo::pull_request` +- Example: `repo:octo-org/octo-repo:pull_request` #### Filtering for a specific branch @@ -194,10 +190,8 @@ The subject claim includes the branch name of the workflow, but only if the job You can configure a subject that filters for a specific branch name. In this example, the workflow run must have originated from a branch named `demo-branch`, in a repository named `octo-repo` that is owned by the `octo-org` organization: -| | | -| ------ | ----------- | -| Syntax: | `repo::ref:refs/heads/branchName` | -| Example:| `repo:octo-org/octo-repo:ref:refs/heads/demo-branch` | +- Syntax: `repo::ref:refs/heads/branchName` +- Example: repo:octo-org/octo-repo:ref:refs/heads/demo-branch` #### Filtering for a specific tag @@ -205,21 +199,19 @@ The subject claim includes the tag name of the workflow, but only if the job doe You can create a subject that filters for specific tag. In this example, the workflow run must have originated with a tag named `demo-tag`, in a repository named `octo-repo` that is owned by the `octo-org` organization: -| | | -| ------ | ----------- | -| Syntax: | `repo::ref:refs/tags/` | -| Example:| `repo:octo-org/octo-repo:ref:refs/tags/demo-tag` | +- Syntax: `repo::ref:refs/tags/` +- Example: `repo:octo-org/octo-repo:ref:refs/tags/demo-tag` ### Configuring the subject in your cloud provider To configure the subject in your cloud provider's trust relationship, you must add the subject string to its trust configuration. The following examples demonstrate how various cloud providers can accept the same `repo:octo-org/octo-repo:ref:refs/heads/demo-branch` subject in different ways: -| | | +| Cloud provider | Example | | ------ | ----------- | -| Amazon Web Services | `"{% ifversion ghes %}HOSTNAME/_services/token{% else %}token.actions.githubusercontent.com{% endif %}:sub": "repo:octo-org/octo-repo:ref:refs/heads/demo-branch"` | -| Azure| `repo:octo-org/octo-repo:ref:refs/heads/demo-branch` | -| Google Cloud Platform| `(assertion.sub=='repo:octo-org/octo-repo:ref:refs/heads/demo-branch')` | -| HashiCorp Vault| `bound_subject="repo:octo-org/octo-repo:ref:refs/heads/demo-branch" ` | +| Amazon Web Services | `"{% ifversion ghes %}HOSTNAME/_services/token{% else %}token.actions.githubusercontent.com{% endif %}:sub": "repo:octo-org/octo-repo:ref:refs/heads/demo-branch"` | +| Azure| `repo:octo-org/octo-repo:ref:refs/heads/demo-branch` | +| Google Cloud Platform| `(assertion.sub=='repo:octo-org/octo-repo:ref:refs/heads/demo-branch')` | +| HashiCorp Vault| `bound_subject="repo:octo-org/octo-repo:ref:refs/heads/demo-branch"` | For more information, see the guides listed in "[Enabling OpenID Connect for your cloud provider](#enabling-openid-connect-for-your-cloud-provider)." @@ -227,12 +219,12 @@ For more information, see the guides listed in "[Enabling OpenID Connect for you To update your custom actions to authenticate using OIDC, you can use `getIDToken()` from the Actions toolkit to request a JWT from {% data variables.product.prodname_dotcom %}'s OIDC provider. For more information, see "OIDC Token" in the [npm package documentation](https://www.npmjs.com/package/@actions/core/v/1.6.0). -You could also use a `curl` command to request the JWT, using the following environment variables: +You could also use a `curl` command to request the JWT, using the following environment variables. -| | | +| Variable | Description | | ------ | ----------- | -| `ACTIONS_ID_TOKEN_REQUEST_URL` | The URL for {% data variables.product.prodname_dotcom %}'s OIDC provider. | -| `ACTIONS_ID_TOKEN_REQUEST_TOKEN` | Bearer token for the request to the OIDC provider. | +| `ACTIONS_ID_TOKEN_REQUEST_URL` | The URL for {% data variables.product.prodname_dotcom %}'s OIDC provider. | +| `ACTIONS_ID_TOKEN_REQUEST_TOKEN` | Bearer token for the request to the OIDC provider. | For example: diff --git a/content/actions/examples/using-concurrency-expressions-and-a-test-matrix.md b/content/actions/examples/using-concurrency-expressions-and-a-test-matrix.md index b1302ee3a0d8..a644d0a4d587 100644 --- a/content/actions/examples/using-concurrency-expressions-and-a-test-matrix.md +++ b/content/actions/examples/using-concurrency-expressions-and-a-test-matrix.md @@ -33,15 +33,15 @@ topics: {% data reusables.actions.cron-table-entry %} {% data reusables.actions.permissions-table-entry %} {% data reusables.actions.concurrency-table-entry %} -| Running the job on different runners, depending on the repository: | [`runs-on`](/actions/using-jobs/choosing-the-runner-for-a-job)| +| Running the job on different runners, depending on the repository | [`runs-on`](/actions/using-jobs/choosing-the-runner-for-a-job)| {% data reusables.actions.if-conditions-table-entry %} -| Using a matrix to create different test configurations: | [`matrix`](/actions/using-jobs/using-a-matrix-for-your-jobs)| +| Using a matrix to create different test configurations | [`matrix`](/actions/using-jobs/using-a-matrix-for-your-jobs)| {% data reusables.actions.checkout-action-table-entry %} {% data reusables.actions.setup-node-table-entry %} {%- ifversion actions-caching %} -| Caching dependencies: | [`actions/cache`](/actions/advanced-guides/caching-dependencies-to-speed-up-workflows)| +| Caching dependencies | [`actions/cache`](/actions/advanced-guides/caching-dependencies-to-speed-up-workflows)| {%- endif %} -| Running tests on the runner: | `npm test`| +| Running tests on the runner | `npm test`| ## Example workflow diff --git a/content/actions/examples/using-scripts-to-test-your-code-on-a-runner.md b/content/actions/examples/using-scripts-to-test-your-code-on-a-runner.md index c68a0670d286..aef948dec197 100644 --- a/content/actions/examples/using-scripts-to-test-your-code-on-a-runner.md +++ b/content/actions/examples/using-scripts-to-test-your-code-on-a-runner.md @@ -27,17 +27,17 @@ topics: {% data reusables.actions.example-table-intro %} | **Feature** | **Implementation** | -| --- | --- | +| --- | --- | {% data reusables.actions.push-table-entry %} {% data reusables.actions.pull-request-table-entry %} {% data reusables.actions.workflow-dispatch-table-entry %} {% data reusables.actions.permissions-table-entry %} {% data reusables.actions.concurrency-table-entry %} -| Running the job on different runners, depending on the repository: | [`runs-on`](/actions/using-jobs/choosing-the-runner-for-a-job)| +| Running the job on different runners, depending on the repository | [`runs-on`](/actions/using-jobs/choosing-the-runner-for-a-job)| {% data reusables.actions.checkout-action-table-entry %} {% data reusables.actions.setup-node-table-entry %} -| Using a third-party action: | [`trilom/file-changes-action`](https://github.com/trilom/file-changes-action)| -| Running a script on the runner: | Using `./script/rendered-content-link-checker.mjs` | +| Using a third-party action | [`trilom/file-changes-action`](https://github.com/trilom/file-changes-action)| +| Running a script on the runner | Using `./script/rendered-content-link-checker.mjs` | ## Example workflow diff --git a/content/actions/examples/using-the-github-cli-on-a-runner.md b/content/actions/examples/using-the-github-cli-on-a-runner.md index 6971e0997325..ee122c8f9809 100644 --- a/content/actions/examples/using-the-github-cli-on-a-runner.md +++ b/content/actions/examples/using-the-github-cli-on-a-runner.md @@ -34,12 +34,12 @@ topics: {% data reusables.actions.secrets-table-entry %} {% data reusables.actions.checkout-action-table-entry %} {% data reusables.actions.setup-node-table-entry %} -| Using a third-party action: | [`peter-evans/create-issue-from-file`](https://github.com/peter-evans/create-issue-from-file)| -| Running shell commands on the runner: | [`run`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun) | -| Running a script on the runner: | Using `script/check-english-links.js` | -| Generating an output file: | Piping the output using the `>` operator | -| Checking for existing issues using {% data variables.product.prodname_cli %}: | [`gh issue list`](https://cli.github.com/manual/gh_issue_list) | -| Commenting on an issue using {% data variables.product.prodname_cli %}: | [`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) | +| Using a third-party action | [`peter-evans/create-issue-from-file`](https://github.com/peter-evans/create-issue-from-file)| +| Running shell commands on the runner | [`run`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun) | +| Running a script on the runner | Using `script/check-english-links.js` | +| Generating an output file | Piping the output using the `>` operator | +| Checking for existing issues using {% data variables.product.prodname_cli %} | [`gh issue list`](https://cli.github.com/manual/gh_issue_list) | +| Commenting on an issue using {% data variables.product.prodname_cli %} | [`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) | ## Example workflow diff --git a/content/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners.md b/content/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners.md index 2a28942ad76d..efa03188c592 100644 --- a/content/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners.md +++ b/content/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners.md @@ -15,18 +15,18 @@ type: overview ## About autoscaling -You can automatically increase or decrease the number of self-hosted runners in your environment in response to the webhook events you receive with a particular label. For example, you can create automation that adds a new self-hosted runner each time you receive a [`workflow_job`](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job) webhook event with the [`queued`](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job) activity, which notifies you that a new job is ready for processing. The webhook payload includes label data, so you can identify the type of runner the job is requesting. Once the job has finished, you can then create automation that removes the runner in response to the `workflow_job` [`completed`](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job) activity. +You can automatically increase or decrease the number of self-hosted runners in your environment in response to the webhook events you receive with a particular label. For example, you can create automation that adds a new self-hosted runner each time you receive a [`workflow_job`](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job) webhook event with the [`queued`](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job) activity, which notifies you that a new job is ready for processing. The webhook payload includes label data, so you can identify the type of runner the job is requesting. Once the job has finished, you can then create automation that removes the runner in response to the `workflow_job` [`completed`](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job) activity. ## Recommended autoscaling solutions -{% data variables.product.prodname_dotcom %} recommends and partners closely with two open source projects that you can use for autoscaling your runners. One or both solutions may be suitable, based on your needs. +{% data variables.product.prodname_dotcom %} recommends and partners closely with two open source projects that you can use for autoscaling your runners. One or both solutions may be suitable, based on your needs. -The following repositories have detailed instructions for setting up these autoscalers: +The following repositories have detailed instructions for setting up these autoscalers: - [actions/actions-runner-controller](https://github.com/actions/actions-runner-controller) - A Kubernetes controller for {% data variables.product.prodname_actions %} self-hosted runners. - [philips-labs/terraform-aws-github-runner](https://github.com/philips-labs/terraform-aws-github-runner) - A Terraform module for scalable {% data variables.product.prodname_actions %} runners on Amazon Web Services. -Each solution has certain specifics that may be important to consider: +Each solution has certain specifics that may be important to consider. | **Features** | **actions-runner-controller** | **terraform-aws-github-runner** | | :--- | :--- | :--- | @@ -39,7 +39,7 @@ Each solution has certain specifics that may be important to consider: {% data variables.product.prodname_dotcom %} recommends implementing autoscaling with ephemeral self-hosted runners; autoscaling with persistent self-hosted runners is not recommended. In certain cases, {% data variables.product.prodname_dotcom %} cannot guarantee that jobs are not assigned to persistent runners while they are shut down. With ephemeral runners, this can be guaranteed because {% data variables.product.prodname_dotcom %} only assigns one job to a runner. -This approach allows you to manage your runners as ephemeral systems, since you can use automation to provide a clean environment for each job. This helps limit the exposure of any sensitive resources from previous jobs, and also helps mitigate the risk of a compromised runner receiving new jobs. +This approach allows you to manage your runners as ephemeral systems, since you can use automation to provide a clean environment for each job. This helps limit the exposure of any sensitive resources from previous jobs, and also helps mitigate the risk of a compromised runner receiving new jobs. To add an ephemeral runner to your environment, include the `--ephemeral` parameter when registering your runner using `config.sh`. For example: @@ -90,7 +90,7 @@ You can create your own autoscaling environment by using payloads received from ## Authentication requirements -You can register and delete repository and organization self-hosted runners using [the API](/rest/actions#self-hosted-runners). To authenticate to the API, your autoscaling implementation can use an access token or a {% data variables.product.prodname_dotcom %} app. +You can register and delete repository and organization self-hosted runners using [the API](/rest/actions#self-hosted-runners). To authenticate to the API, your autoscaling implementation can use an access token or a {% data variables.product.prodname_dotcom %} app. Your access token will require the following scope: diff --git a/content/actions/learn-github-actions/contexts.md b/content/actions/learn-github-actions/contexts.md index 76f268fcbf13..09bb48243fd1 100644 --- a/content/actions/learn-github-actions/contexts.md +++ b/content/actions/learn-github-actions/contexts.md @@ -72,27 +72,27 @@ The following table indicates where each context and special function can be use | Workflow key | Context | Special functions | | ---- | ------- | ----------------- | {%- ifversion actions-run-name %} -| run-name | github, inputs{% ifversion actions-configuration-variables %}, vars{% endif %} | | +| run-name | github, inputs{% ifversion actions-configuration-variables %}, vars{% endif %} | None | {%- endif %} -| concurrency | github, inputs{% ifversion actions-configuration-variables %}, vars{% endif %} | | -| env | github, secrets, inputs{% ifversion actions-configuration-variables %}, vars{% endif %} | | -| jobs.<job_id>.concurrency | github, needs, strategy, matrix, inputs{% ifversion actions-configuration-variables %}, vars{% endif %} | | -| jobs.<job_id>.container | github, needs, strategy, matrix, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, inputs | | -| jobs.<job_id>.container.credentials | github, needs, strategy, matrix, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, inputs | | -| jobs.<job_id>.container.env.<env_id> | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, inputs | | -| jobs.<job_id>.continue-on-error | github, needs, strategy, {% ifversion actions-configuration-variables %}vars, {% endif %}matrix, inputs | | -| jobs.<job_id>.defaults.run | github, needs, strategy, matrix, env, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | | -| jobs.<job_id>.env | github, needs, strategy, matrix, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, inputs | | -| jobs.<job_id>.environment | github, needs, strategy, matrix, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | | -| jobs.<job_id>.environment.url | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}steps, inputs | | +| concurrency | github, inputs{% ifversion actions-configuration-variables %}, vars{% endif %} | None | +| env | github, secrets, inputs{% ifversion actions-configuration-variables %}, vars{% endif %} | None | +| jobs.<job_id>.concurrency | github, needs, strategy, matrix, inputs{% ifversion actions-configuration-variables %}, vars{% endif %} | None | +| jobs.<job_id>.container | github, needs, strategy, matrix, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, inputs | None | +| jobs.<job_id>.container.credentials | github, needs, strategy, matrix, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, inputs | None | +| jobs.<job_id>.container.env.<env_id> | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, inputs | None | +| jobs.<job_id>.continue-on-error | github, needs, strategy, {% ifversion actions-configuration-variables %}vars, {% endif %}matrix, inputs | None | +| jobs.<job_id>.defaults.run | github, needs, strategy, matrix, env, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | None | +| jobs.<job_id>.env | github, needs, strategy, matrix, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, inputs | None | +| jobs.<job_id>.environment | github, needs, strategy, matrix, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | None | +| jobs.<job_id>.environment.url | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}steps, inputs | None | | jobs.<job_id>.if | github, needs, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | always, cancelled, success, failure | -| jobs.<job_id>.name | github, needs, strategy, matrix, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | | -| jobs.<job_id>.outputs.<output_id> | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, steps, inputs | | -| jobs.<job_id>.runs-on | github, needs, strategy, matrix, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | | -| jobs.<job_id>.secrets.<secrets_id> | github, needs,{% ifversion actions-reusable-workflow-matrix %} strategy, matrix,{% endif %} secrets{% ifversion actions-unified-inputs %}, inputs{% endif %}{% ifversion actions-configuration-variables %}, vars{% endif %} | | -| jobs.<job_id>.services | github, needs, strategy, matrix, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | | -| jobs.<job_id>.services.<service_id>.credentials | github, needs, strategy, matrix, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, inputs | | -| jobs.<job_id>.services.<service_id>.env.<env_id> | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, inputs | | +| jobs.<job_id>.name | github, needs, strategy, matrix, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | None | +| jobs.<job_id>.outputs.<output_id> | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, steps, inputs | None | +| jobs.<job_id>.runs-on | github, needs, strategy, matrix, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | None | +| jobs.<job_id>.secrets.<secrets_id> | github, needs,{% ifversion actions-reusable-workflow-matrix %} strategy, matrix,{% endif %} secrets{% ifversion actions-unified-inputs %}, inputs{% endif %}{% ifversion actions-configuration-variables %}, vars{% endif %} | None | +| jobs.<job_id>.services | github, needs, strategy, matrix, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | None | +| jobs.<job_id>.services.<service_id>.credentials | github, needs, strategy, matrix, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, inputs | None | +| jobs.<job_id>.services.<service_id>.env.<env_id> | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, inputs | None | | jobs.<job_id>.steps.continue-on-error | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, steps, inputs | hashFiles | | jobs.<job_id>.steps.env | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, steps, inputs | hashFiles | | jobs.<job_id>.steps.if | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}steps, inputs | always, cancelled, success, failure, hashFiles | @@ -101,11 +101,11 @@ The following table indicates where each context and special function can be use | jobs.<job_id>.steps.timeout-minutes | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, steps, inputs | hashFiles | | jobs.<job_id>.steps.with | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, steps, inputs | hashFiles | | jobs.<job_id>.steps.working-directory | github, needs, strategy, matrix, job, runner, env, {% ifversion actions-configuration-variables %}vars, {% endif %}secrets, steps, inputs | hashFiles | -| jobs.<job_id>.strategy | github, needs, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | | -| jobs.<job_id>.timeout-minutes | github, needs, strategy, matrix, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | | -| jobs.<job_id>.with.<with_id> | github, needs{% ifversion actions-reusable-workflow-matrix %}, strategy, matrix{% endif %}{% ifversion actions-unified-inputs %}, inputs{% endif %}{% ifversion actions-configuration-variables %}, vars{% endif %} | | -| on.workflow_call.inputs.<inputs_id>.default | github{% ifversion actions-unified-inputs %}, inputs{% endif %}{% ifversion actions-configuration-variables %}, vars{% endif %} | | -| on.workflow_call.outputs.<output_id>.value | github, jobs, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | | +| jobs.<job_id>.strategy | github, needs, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | None | +| jobs.<job_id>.timeout-minutes | github, needs, strategy, matrix, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | None | +| jobs.<job_id>.with.<with_id> | github, needs{% ifversion actions-reusable-workflow-matrix %}, strategy, matrix{% endif %}{% ifversion actions-unified-inputs %}, inputs{% endif %}{% ifversion actions-configuration-variables %}, vars{% endif %} | None | +| on.workflow_call.inputs.<inputs_id>.default | github{% ifversion actions-unified-inputs %}, inputs{% endif %}{% ifversion actions-configuration-variables %}, vars{% endif %} | None | +| on.workflow_call.outputs.<output_id>.value | github, jobs, {% ifversion actions-configuration-variables %}vars, {% endif %}inputs | None | ### Example: printing context information to the log diff --git a/content/actions/learn-github-actions/usage-limits-billing-and-administration.md b/content/actions/learn-github-actions/usage-limits-billing-and-administration.md index 9b672f13c3b3..d14aab6f6f81 100644 --- a/content/actions/learn-github-actions/usage-limits-billing-and-administration.md +++ b/content/actions/learn-github-actions/usage-limits-billing-and-administration.md @@ -63,7 +63,7 @@ There are some limits on {% data variables.product.prodname_actions %} usage whe | GitHub plan | Total concurrent jobs | Maximum concurrent macOS jobs | |---|---|---| - | All | 500 | n/a | + | All | 500 | Not applicable | {% note %} diff --git a/content/actions/migrating-to-github-actions/manual-migrations/migrating-from-jenkins-to-github-actions.md b/content/actions/migrating-to-github-actions/manual-migrations/migrating-from-jenkins-to-github-actions.md index db97acf6ba35..fe7f5598b3c0 100644 --- a/content/actions/migrating-to-github-actions/manual-migrations/migrating-from-jenkins-to-github-actions.md +++ b/content/actions/migrating-to-github-actions/manual-migrations/migrating-from-jenkins-to-github-actions.md @@ -52,7 +52,7 @@ Jenkins splits its Declarative Pipelines into multiple sections. Similarly, {% d | Jenkins Directives | {% data variables.product.prodname_actions %} | | ------------- | ------------- | | [`agent`](https://jenkins.io/doc/book/pipeline/syntax/#agent) | [`jobs..runs-on`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on)
[`jobs..container`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainer) | -| [`post`](https://jenkins.io/doc/book/pipeline/syntax/#post) | | +| [`post`](https://jenkins.io/doc/book/pipeline/syntax/#post) | None | | [`stages`](https://jenkins.io/doc/book/pipeline/syntax/#stages) | [`jobs`](/actions/using-workflows/workflow-syntax-for-github-actions#jobs) | | [`steps`](https://jenkins.io/doc/book/pipeline/syntax/#steps) | [`jobs..steps`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idsteps) | @@ -91,7 +91,7 @@ Both {% data variables.product.prodname_actions %} and Jenkins let you use a mat | ------------- | ------------- | | [`axis`](https://jenkins.io/doc/book/pipeline/syntax/#matrix-axes) | [`strategy/matrix`](/actions/using-workflows/about-workflows#using-a-build-matrix)
[`context`](/actions/learn-github-actions/contexts) | | [`stages`](https://jenkins.io/doc/book/pipeline/syntax/#matrix-stages) | [`steps-context`](/actions/learn-github-actions/contexts#steps-context) | -| [`excludes`](https://jenkins.io/doc/book/pipeline/syntax/#matrix-stages) | | +| [`excludes`](https://jenkins.io/doc/book/pipeline/syntax/#matrix-stages) | None | ### Using steps to execute tasks diff --git a/content/actions/using-workflows/events-that-trigger-workflows.md b/content/actions/using-workflows/events-that-trigger-workflows.md index aed53bc6fbe4..dafbfd615321 100644 --- a/content/actions/using-workflows/events-that-trigger-workflows.md +++ b/content/actions/using-workflows/events-that-trigger-workflows.md @@ -109,7 +109,7 @@ on: | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | --------------------- | -------------- | ------------ | -------------| -| [`create`](/webhooks-and-events/webhooks/webhook-events-and-payloads#create) | n/a | Last commit on the created branch or tag | Branch or tag created | +| [`create`](/webhooks-and-events/webhooks/webhook-events-and-payloads#create) | Not applicable | Last commit on the created branch or tag | Branch or tag created | {% note %} @@ -130,7 +130,7 @@ on: | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | --------------------- | -------------- | ------------ | -------------| -| [`delete`](/webhooks-and-events/webhooks/webhook-events-and-payloads#delete) | n/a | Last commit on default branch | Default branch | +| [`delete`](/webhooks-and-events/webhooks/webhook-events-and-payloads#delete) | Not applicable | Last commit on default branch | Default branch | {% data reusables.actions.branch-requirement %} @@ -153,7 +153,7 @@ on: | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | --------------------- | -------------- | ------------ | -------------| -| [`deployment`](/webhooks-and-events/webhooks/webhook-events-and-payloads#deployment) | n/a | Commit to be deployed | Branch or tag to be deployed (empty if created with a commit SHA)| +| [`deployment`](/webhooks-and-events/webhooks/webhook-events-and-payloads#deployment) | Not applicable | Commit to be deployed | Branch or tag to be deployed (empty if created with a commit SHA)| Runs your workflow when someone creates a deployment in the workflow's repository. Deployments created with a commit SHA may not have a Git ref. For information about the APIs to create a deployment, see "[AUTOTITLE](/graphql/reference/mutations#createdeployment)" in the GraphQL API documentation or "[AUTOTITLE](/rest/repos#deployments)" in the REST API documentation. @@ -168,7 +168,7 @@ on: | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | --------------------- | -------------- | ------------ | -------------| -| [`deployment_status`](/webhooks-and-events/webhooks/webhook-events-and-payloads#deployment_status) | n/a | Commit to be deployed | Branch or tag to be deployed (empty if commit)| +| [`deployment_status`](/webhooks-and-events/webhooks/webhook-events-and-payloads#deployment_status) | Not applicable | Commit to be deployed | Branch or tag to be deployed (empty if commit)| {% note %} @@ -244,7 +244,7 @@ on: | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | --------------------- | -------------- | ------------ | -------------| -| [`fork`](/webhooks-and-events/webhooks/webhook-events-and-payloads#fork) | n/a | Last commit on default branch | Default branch | +| [`fork`](/webhooks-and-events/webhooks/webhook-events-and-payloads#fork) | Not applicable | Last commit on default branch | Default branch | {% data reusables.actions.branch-requirement %} @@ -261,7 +261,7 @@ on: | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | --------------------- | -------------- | ------------ | -------------| -| [`gollum`](/webhooks-and-events/webhooks/webhook-events-and-payloads#gollum) | n/a | Last commit on default branch | Default branch | +| [`gollum`](/webhooks-and-events/webhooks/webhook-events-and-payloads#gollum) | Not applicable | Last commit on default branch | Default branch | {% data reusables.actions.branch-requirement %} @@ -439,7 +439,7 @@ on: | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | --------------------- | -------------- | ------------ | -------------| -| [`page_build`](/webhooks-and-events/webhooks/webhook-events-and-payloads#page_build) | n/a | Last commit on default branch | n/a | +| [`page_build`](/webhooks-and-events/webhooks/webhook-events-and-payloads#page_build) | Not applicable | Last commit on default branch | Not applicable | {% data reusables.actions.branch-requirement %} @@ -570,7 +570,7 @@ on: | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | --------------------- | -------------- | ------------ | -------------| -| [`public`](/webhooks-and-events/webhooks/webhook-events-and-payloads#public) | n/a | Last commit on default branch | Default branch | +| [`public`](/webhooks-and-events/webhooks/webhook-events-and-payloads#public) | Not applicable | Last commit on default branch | Default branch | {% data reusables.actions.branch-requirement %} @@ -928,7 +928,7 @@ jobs: | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | --------------------- | -------------- | ------------ | -------------| -| [`push`](/webhooks-and-events/webhooks/webhook-events-and-payloads#push) | n/a | When you delete a branch, the SHA in the workflow run (and its associated refs) reverts to the default branch of the repository. | Updated ref | +| [`push`](/webhooks-and-events/webhooks/webhook-events-and-payloads#push) | Not applicable | When you delete a branch, the SHA in the workflow run (and its associated refs) reverts to the default branch of the repository. | Updated ref | {% note %} @@ -1142,7 +1142,7 @@ jobs: | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | --------------------- | -------------- | ------------ | -------------| -| n/a | n/a | Last commit on default branch | Default branch | When the scheduled workflow is set to run. A scheduled workflow uses [POSIX cron syntax](https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07). For more information, see "[AUTOTITLE](/actions/using-workflows#triggering-a-workflow-with-events)." | +| Not applicable | Not applicable | Last commit on default branch | Default branch | When the scheduled workflow is set to run. A scheduled workflow uses [POSIX cron syntax](https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07). For more information, see "[AUTOTITLE](/actions/using-workflows#triggering-a-workflow-with-events)." | {% data reusables.actions.schedule-delay %} @@ -1187,7 +1187,7 @@ Notifications for scheduled workflows are sent to the user who last modified the | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | --------------------- | -------------- | ------------ | -------------| -| [`status`](/webhooks-and-events/webhooks/webhook-events-and-payloads#status) | n/a | Last commit on default branch | n/a | +| [`status`](/webhooks-and-events/webhooks/webhook-events-and-payloads#status) | Not applicable | Last commit on default branch | Not applicable | {% data reusables.actions.branch-requirement %} @@ -1246,7 +1246,7 @@ on: | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | ------------------ | ------------ | ------------ | ------------------| -| Same as the caller workflow | n/a | Same as the caller workflow | Same as the caller workflow | +| Same as the caller workflow | Not applicable | Same as the caller workflow | Same as the caller workflow | `workflow_call` is used to indicate that a workflow can be called by another workflow. When a workflow is triggered with the `workflow_call` event, the event payload in the called workflow is the same event payload from the calling workflow. For more information see, "[AUTOTITLE](/actions/using-workflows/reusing-workflows)." @@ -1260,7 +1260,7 @@ on: workflow_call | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` | | ------------------ | ------------ | ------------ | ------------------| -| [workflow_dispatch](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch) | n/a | Last commit on the `GITHUB_REF` branch or tag | Branch or tag that received dispatch | +| [workflow_dispatch](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch) | Not applicable | Last commit on the `GITHUB_REF` branch or tag | Branch or tag that received dispatch | To manually trigger a workflow, use the `workflow_dispatch` event. You can manually trigger a workflow run using the {% data variables.product.product_name %} API, {% data variables.product.prodname_cli %}, or {% data variables.product.product_name %} browser interface. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/manually-running-a-workflow)." diff --git a/data/reusables/actions/checkout-action-table-entry.md b/data/reusables/actions/checkout-action-table-entry.md index 96a3e2aaa16f..c0174916b058 100644 --- a/data/reusables/actions/checkout-action-table-entry.md +++ b/data/reusables/actions/checkout-action-table-entry.md @@ -1 +1 @@ -| Cloning your repository to the runner: | [`actions/checkout`](https://github.com/actions/checkout)| +| Cloning your repository to the runner | [`actions/checkout`](https://github.com/actions/checkout)| diff --git a/data/reusables/actions/concurrency-table-entry.md b/data/reusables/actions/concurrency-table-entry.md index 4f18158dd068..87a692b30caf 100644 --- a/data/reusables/actions/concurrency-table-entry.md +++ b/data/reusables/actions/concurrency-table-entry.md @@ -1 +1 @@ -| Controlling how many workflow runs or jobs can run at the same time: | [`concurrency`](/actions/using-jobs/using-concurrency)| +| Controlling how many workflow runs or jobs can run at the same time | [`concurrency`](/actions/using-jobs/using-concurrency)| diff --git a/data/reusables/actions/cron-table-entry.md b/data/reusables/actions/cron-table-entry.md index cb3df8c51837..e005e4489f39 100644 --- a/data/reusables/actions/cron-table-entry.md +++ b/data/reusables/actions/cron-table-entry.md @@ -1 +1 @@ -| Running a workflow at regular intervals: | [`schedule`](/actions/using-workflows/events-that-trigger-workflows#schedule) | +| Running a workflow at regular intervals | [`schedule`](/actions/using-workflows/events-that-trigger-workflows#schedule) | diff --git a/data/reusables/actions/example-table-intro.md b/data/reusables/actions/example-table-intro.md index 59a2a48f6b79..daec53fdb231 100644 --- a/data/reusables/actions/example-table-intro.md +++ b/data/reusables/actions/example-table-intro.md @@ -1 +1 @@ -The example workflow demonstrates the following capabilities of {% data variables.product.prodname_actions %}: +The example workflow demonstrates the following capabilities of {% data variables.product.prodname_actions %}. diff --git a/data/reusables/actions/if-conditions-table-entry.md b/data/reusables/actions/if-conditions-table-entry.md index 77fc5096959e..695597b48f18 100644 --- a/data/reusables/actions/if-conditions-table-entry.md +++ b/data/reusables/actions/if-conditions-table-entry.md @@ -1 +1 @@ -| Preventing a job from running unless specific conditions are met: | [`if`](/actions/using-jobs/using-conditions-to-control-job-execution)| +| Preventing a job from running unless specific conditions are met | [`if`](/actions/using-jobs/using-conditions-to-control-job-execution)| diff --git a/data/reusables/actions/permissions-table-entry.md b/data/reusables/actions/permissions-table-entry.md index 27fba2cd0a9d..44630f5c4f1d 100644 --- a/data/reusables/actions/permissions-table-entry.md +++ b/data/reusables/actions/permissions-table-entry.md @@ -1 +1 @@ -| Setting permissions for the token: | [`permissions`](/actions/using-jobs/assigning-permissions-to-jobs)| +| Setting permissions for the token | [`permissions`](/actions/using-jobs/assigning-permissions-to-jobs)| diff --git a/data/reusables/actions/pull-request-table-entry.md b/data/reusables/actions/pull-request-table-entry.md index e7b472e5a9f5..795a76af1a1d 100644 --- a/data/reusables/actions/pull-request-table-entry.md +++ b/data/reusables/actions/pull-request-table-entry.md @@ -1 +1 @@ -| Triggering a workflow to run automatically: | [`pull_request`](/actions/using-workflows/events-that-trigger-workflows#pull_request) | +| Triggering a workflow to run automatically | [`pull_request`](/actions/using-workflows/events-that-trigger-workflows#pull_request) | diff --git a/data/reusables/actions/push-table-entry.md b/data/reusables/actions/push-table-entry.md index 569182be4bb9..a352f1d711e3 100644 --- a/data/reusables/actions/push-table-entry.md +++ b/data/reusables/actions/push-table-entry.md @@ -1 +1 @@ -| Triggering a workflow to run automatically: | [`push`](/actions/using-workflows/events-that-trigger-workflows#push) | +| Triggering a workflow to run automatically | [`push`](/actions/using-workflows/events-that-trigger-workflows#push) | diff --git a/data/reusables/actions/secrets-table-entry.md b/data/reusables/actions/secrets-table-entry.md index 85ea2e7b531f..117a17071d05 100644 --- a/data/reusables/actions/secrets-table-entry.md +++ b/data/reusables/actions/secrets-table-entry.md @@ -1 +1 @@ -| Referencing secrets in a workflow: | [Secrets](/actions/security-guides/encrypted-secrets)| +| Referencing secrets in a workflow | [Secrets](/actions/security-guides/encrypted-secrets)| diff --git a/data/reusables/actions/setup-node-table-entry.md b/data/reusables/actions/setup-node-table-entry.md index d03d74172a56..39341c802272 100644 --- a/data/reusables/actions/setup-node-table-entry.md +++ b/data/reusables/actions/setup-node-table-entry.md @@ -1 +1 @@ -| Installing `node` on the runner: | [`actions/setup-node`](https://github.com/actions/setup-node) | +| Installing `node` on the runner | [`actions/setup-node`](https://github.com/actions/setup-node) | diff --git a/data/reusables/actions/supported-github-runners.md b/data/reusables/actions/supported-github-runners.md index 01e23745ff8e..829455e50ecd 100644 --- a/data/reusables/actions/supported-github-runners.md +++ b/data/reusables/actions/supported-github-runners.md @@ -25,7 +25,7 @@ Windows Server 2019 windows-2019 - +None @@ -46,7 +46,7 @@ Ubuntu 20.04 ubuntu-20.04 - +None @@ -78,7 +78,7 @@ macOS Big Sur 11 macos-11 - +None diff --git a/data/reusables/actions/workflow-dispatch-table-entry.md b/data/reusables/actions/workflow-dispatch-table-entry.md index b213d9264611..66566718583e 100644 --- a/data/reusables/actions/workflow-dispatch-table-entry.md +++ b/data/reusables/actions/workflow-dispatch-table-entry.md @@ -1 +1 @@ -| Manually running a workflow from the UI: | [`workflow_dispatch`](/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch)| +| Manually running a workflow from the UI | [`workflow_dispatch`](/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch)|