[pull] main from github:main

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/what-does-the-available-for-hire-checkbox-do.md

@@ -21,7 +21,5 @@ Deprecation note: GitHub Jobs is now deprecated. The last date to post a job was
 
 {% endwarning %}
 
-The [GitHub Jobs](https://jobs.github.com/) board is a great way to find employment in tech. You can opt to see jobs posted there on your GitHub dashboard.
-
 {% data reusables.user-settings.access_settings %}
 1. Under Jobs Profile, select **Available for hire**, then click **Save jobs profile**.

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md

@@ -121,6 +121,6 @@ To use a different SSH key for different repositories that you clone to your wor
 
 For example, the following command sets the `GIT_SSH_COMMAND` environment variable to specify an SSH command that uses the private key file at **_PATH/TO/KEY/FILE_** for authentication to clone the repository named OWNER/REPOSITORY on {% data variables.location.product_location %}.
 
-<pre>
+```shell copy
 GIT_SSH_COMMAND='ssh -i PATH/TO/KEY/FILE -o IdentitiesOnly=yes' git clone [email protected]:OWNER/REPOSITORY
-</pre>
+```

content/actions/using-workflows/workflow-syntax-for-github-actions.md

@@ -959,7 +959,15 @@ services:
 
 ## `jobs.<job_id>.services.<service_id>.image`
 
-The Docker image to use as the service container to run the action. The value can be the Docker Hub image name or a  registry name.
+The Docker image to use as the service container to run the action. The value can be the Docker Hub image name or a registry name.
+
+If `jobs.<job_id>.services.<service_id>.image` is assigned an empty string, the service will not start. You can use this to set up conditional services, similar to the following example.
+
+```yaml
+services:
+  nginx:
+    image: {% raw %}${{ options.nginx == true && 'nginx' || '' }}{% endraw %}
+```
 
 ## `jobs.<job_id>.services.<service_id>.credentials`
 

content/admin/configuration/configuring-network-settings/configuring-built-in-firewall-rules.md

@@ -22,7 +22,7 @@ shortTitle: Configure firewall rules
 
 After you install {% data variables.product.prodname_ghe_server %}, all required network ports are automatically opened to accept connections. Every non-required port is automatically configured as `deny`, and the default outgoing policy is configured as `allow`. Stateful tracking is enabled for any new connections; these are typically network packets with the `SYN` bit set. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/network-ports)."
 
-The UFW firewall also opens several other ports that are required for {% data variables.product.prodname_ghe_server %} to operate properly. For more information on the UFW rule set, see [the UFW README](https://bazaar.launchpad.net/~jdstrand/ufw/0.30-oneiric/view/head:/README#L213).
+The UFW firewall also opens several other ports that are required for {% data variables.product.prodname_ghe_server %} to operate properly. For more information on the UFW rule set, see [the UFW README](https://github.com/jbq/ufw/blob/master/README#L213).
 
 We do not recommend customizing UFW as it can complicate some troubleshooting issues.
 

content/admin/guides.md

@@ -136,4 +136,3 @@ includeGuides:
   - /admin/administering-your-instance/administering-your-instance-from-the-web-ui/accessing-the-management-console
   - /admin/administering-your-instance/administering-your-instance-from-the-web-ui/troubleshooting-access-to-the-management-console
 ---
-

content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md

@@ -24,6 +24,10 @@ redirect_from:
 
 For more information about using OIDC with {% data variables.product.prodname_emus %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)" and "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-saml-to-oidc)."
 
+## About CAP and deploy keys
+
+A deploy key is an SSH key that grants access to an individual repository. Because deploy keys do not perform operations on behalf of a user, CAP IP conditions do not apply to any requests authenticated with a deploy key. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys)."
+
 ## Considerations for integrations and automations
 
 {% data variables.product.prodname_dotcom %} sends the originating IP address to your IdP for validation against your CAP. To make sure  actions and apps are not blocked by your IdP's CAP, you will need to make changes to your configuration.
@@ -49,3 +53,7 @@ When {% data variables.product.prodname_github_apps %} call {% data variables.pr
 You can contact the owners of the apps you want to use, ask for their IP ranges, and configure your IdP's CAP to allow access from those IP ranges. If you're unable to contact the owners, you can review your IdP sign-in logs to review the IP addresses seen in the requests, then allow-list those addresses.
 
 If you do not wish to allow all of the IP ranges for all of your enterprise's apps, you can also exempt installed {% data variables.product.prodname_github_apps %} and authorized {% data variables.product.prodname_oauth_apps %} from the IdP allow list. If you do so, these apps will continue working regardless of the originating IP address. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#allowing-access-by-github-apps)."
+
+## Further reading
+
+- [Using the location condition in a Conditional Access policy](https://learn.microsoft.com/entra/identity/conditional-access/location-condition) on Microsoft Learn

content/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise.md

@@ -51,6 +51,12 @@ You can view the number of {% data variables.product.prodname_enterprise %} lice
 
 You can also see pending {% data variables.product.prodname_enterprise %} invitations to subscribers in {% data variables.visual_studio.prodname_vss_admin_portal_with_url %}.
 
+## About licenses for {% data variables.product.prodname_ghe_server %}
+
+{% data reusables.enterprise.ghe-includes-ghec-and-ghes %} For more information, see "[AUTOTITLE](/admin/overview/about-github-for-enterprises#about-deployment-options)."
+
+If you use {% data variables.product.prodname_ghe_server %}, you can ensure that each {% data variables.product.prodname_vs %} subscriber consumes only one license seat, regardless of whether the subscriber uses {% data variables.product.prodname_ghe_server %}, {% data variables.product.prodname_ghe_cloud %}, or both. If a subscriber only uses {% data variables.product.prodname_ghe_server %}, the subscriber does not also need a user account for {% data variables.product.prodname_ghe_cloud %}. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)."
+
 ## Further reading
 
 - [{% data variables.product.prodname_vs %} subscriptions with {% data variables.product.prodname_enterprise %}](https://docs.microsoft.com/visualstudio/subscriptions/access-github) in Microsoft Docs

content/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise.md

@@ -21,7 +21,7 @@ shortTitle: About licenses
 
 {% endif %}
 
-{% data reusables.enterprise-licensing.unique-user-licensing-model %}
+{% data reusables.enterprise-licensing.unique-user-licensing-model %} For more information about per-user pricing, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing)." For more about the price of {% data variables.product.prodname_enterprise %} licenses, see [Pricing](https://github.com/pricing) on the {% data variables.product.prodname_dotcom %} website.
 
 To ensure the same user isn't consuming more than one license for multiple enterprise deployments, you can synchronize license usage between your {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %} deployments.
 

content/code-security/getting-started/github-security-features.md

@@ -75,9 +75,9 @@ Security overview shows which security features are enabled for the repository,
 
 ## Available for free public repositories
 
-### {% data variables.secret-scanning.partner_alerts_caps %}
+### {% data variables.secret-scanning.user_alerts_caps %}
 
-Automatically detect leaked secrets across all public repositories, as well as public npm packages. {% data variables.product.company_short %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
+Automatically detect tokens or credentials that have been checked into a {% ifversion ghec %}user-owned {% endif %}public repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)."
 
 {% ifversion secret-scanning-push-protection-for-users %}
 
@@ -87,6 +87,10 @@ Push protection for users automatically protects you from accidentally committin
 
 {% endif %}
 
+### {% data variables.secret-scanning.partner_alerts_caps %}
+
+Automatically detect leaked secrets across all public repositories, as well as public npm packages. {% data variables.product.company_short %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
+
 {% endif %}
 
 ## Available with {% data variables.product.prodname_GH_advanced_security %}

content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md

@@ -99,20 +99,21 @@ For more information about non-provider patterns, see "{% ifversion fpt or ghec
 
 {% endif %}
 
-{% ifversion fpt %}
+{% ifversion secret-scanning-enable-by-default-for-public-repos %}
 
-## Enabling {% data variables.secret-scanning.user_alerts %} for all your public repositories
+## Enabling {% data variables.secret-scanning.user_alerts %} for all your {% ifversion ghec %}user-owned {% endif %}public repositories
 
-You can enable {% data variables.secret-scanning.user_alerts %} for all of your public repositories through your personal account settings.
+You can enable {% data variables.product.prodname_secret_scanning %} for all of your existing {% ifversion ghec %}user-owned {% endif %}public repositories through your personal account settings.
+{% note %}
+
+**Note**: As of March 11, 2024, {% data variables.product.prodname_secret_scanning %} and push protection will be enabled by default for all new {% ifversion ghec %}user-owned {% endif %}public repositories that you create. You can still choose to disable these features for an individual repository in the repository's "Code security and analysis" settings page. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-public-repositories)".
+
+{% endnote %}
 
 {% data reusables.user-settings.access_settings %}
 {% data reusables.user-settings.security-analysis %}
 1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_secret_scanning_caps %}", click **Disable all** or **Enable all**.
-
-   ![Screenshot of the setting options for "{% data variables.product.prodname_secret_scanning_caps %}" on the personal account settings page. The options "Enable all" and "Disable all" are highlighted with an orange outline.](/assets/images/help/repository/secret-scanning-personal-account-settings-enable-all.png)
-1. Optionally, to automatically enable {% data variables.product.prodname_secret_scanning %} for any new public repositories that you create, below "{% data variables.product.prodname_secret_scanning_caps %}", select the checkbox for "Automatically enable for new public repositories."
-
-   ![Screenshot of the setting options for "{% data variables.product.prodname_secret_scanning_caps %}" on the personal account settings page. The option "Automatically enable for new public repositories" is highlighted with an orange outline.](/assets/images/help/repository/secret-scanning-personal-account-settings-auto-enable.png)
+{% data reusables.secret-scanning.push-protection-optional-enable %}
 
 {% endif %}
 

content/code-security/secret-scanning/push-protection-for-repositories-and-organizations.md

@@ -60,6 +60,12 @@ For you to use {% data variables.product.prodname_secret_scanning %} as a push p
 
 Organization owners, security managers, and repository administrators can also enable push protection for {% data variables.product.prodname_secret_scanning %} via the API. For more information, see "[AUTOTITLE](/rest/repos#update-a-repository)" and expand the "Properties of the `security_and_analysis` object" section.
 
+{% ifversion secret-scanning-enable-by-default-for-public-repos %}
+
+You can also enable push protection for all of your existing {% ifversion ghec %}user-owned {% endif %} public repositories through your personal account settings. For any new public repositories you create, push protection will be enabled by default. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#enabling-secret-scanning-alerts-for-users-for-all-your-public-repositories)."
+
+{% endif %}
+
 {% ifversion secret-scanning-enterprise-level-api %}
 Enterprise administrators can also enable or disable {% data variables.product.prodname_secret_scanning %} as a push protection for the enterprise via the API. For more information, see "[AUTOTITLE](/rest/enterprise-admin/code-security-and-analysis)."{% endif %}
 

content/copilot/using-github-copilot/getting-started-with-github-copilot.md

@@ -142,7 +142,7 @@ You may not want to accept an entire suggestion from {% data variables.product.p
    - On macOS, press <kbd>Command</kbd>+<kbd>Shift</kbd>+<kbd>A</kbd>, then click **Open GitHub Copilot**, or press <kbd>Command</kbd>+<kbd>Shift</kbd>+<kbd>\\</kbd> to open the new tab immediately.
    - On Windows or Linux, press <kbd>Ctrl</kbd>+<kbd>Enter</kbd>, then click **Open GitHub Copilot**.
 
-1. To accept a suggestion, above the suggestion, click **Accept Solution**. To reject all suggestions, close the tab.
+1. To accept a suggestion, below the suggestion, click **Accept suggestion NUMBER**. To reject all suggestions, close the tab.
 
 ## Generating code suggestions from comments
 
@@ -376,7 +376,7 @@ You may not want to accept an entire suggestion from {% data variables.product.p
    ```
 
 1. To open a new tab with multiple additional options, press <kbd>Ctrl</kbd>+<kbd>Enter</kbd>.
-1. To accept a suggestion, above the suggestion, click **Accept Solution**. To reject all suggestions, close the tab.
+1. To accept a suggestion, below the suggestion, click **Accept suggestion NUMBER**. To reject all suggestions, close the tab.
 
 ## Generating code suggestions from comments
 

content/get-started/learning-about-github/about-github-advanced-security.md

@@ -36,7 +36,7 @@ A {% data variables.product.prodname_GH_advanced_security %} license provides th
 
 - **{% data variables.product.prodname_code_scanning_caps %}** - Search for potential security vulnerabilities and coding errors in your code. For more information, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning)."
 
-- **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into {% ifversion fpt %} private repositories{% else %} the repository{% endif %}. {% ifversion fpt%}{% data variables.secret-scanning.user_alerts_caps %} and {% data variables.secret-scanning.partner_alerts %} are available and free of charge for public repositories on {% data variables.product.prodname_dotcom_the_website %}.{% endif %}{% ifversion secret-scanning-push-protection %} If push protection is enabled, also detects secrets when they are pushed to your repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations)."{% else %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."{% endif %}
+- **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into {% ifversion fpt %}private repositories{% else %} the repository{% endif %}.{% ifversion secret-scanning-push-protection %} If push protection is enabled, {% data variables.product.prodname_dotcom %} also detects secrets when they are pushed to your repository. {% ifversion secret-scanning-enable-by-default-for-public-repos %}{% data variables.secret-scanning.user_alerts_caps %} and push protection are available and free of charge for all {% ifversion ghec %}user-owned {% endif %}public repositories on {% data variables.product.prodname_dotcom_the_website %}.{% endif %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations)."{% else %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."{% endif %}
 
 {% ifversion dependabot-auto-triage-rules %}