[pull] main from github:main

.github/workflows/check-broken-links-github-github.yml

@@ -45,7 +45,7 @@ jobs:
           ENABLED_LANGUAGES: en
         run: |
 
-          node src/frame/server.js &
+          npm run start &
           sleep 5
           curl --retry-connrefused --retry 3 -I http://localhost:4000/
 

.github/workflows/validate-github-github-docs-urls.yml

@@ -34,6 +34,12 @@ jobs:
     steps:
       - name: Check out repo's default branch
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          # Picking this number is a "best guess". If we make it too large,
+          # the checkout will take potentially unnecessariily long.
+          # This reduces the chance that tj-actions/changed-files has to
+          # fetch deeper history. But if it needs to, it will.
+          fetch-depth: 10
 
       - uses: ./.github/actions/node-npm-setup
 
@@ -100,6 +106,7 @@ jobs:
       # workaround for the time being.
       # First, gather the URLs that were relevant
       - name: Get changed content/data files
+        if: ${{ github.event_name == 'pull_request' }}
         id: changed-files
         uses: tj-actions/changed-files@77af4bed286740ef1a6387dc4e4e4dec39f96054 # v43.0.0
         with:
@@ -109,6 +116,7 @@ jobs:
           safe_output: false
           files: |
             content/**
+
       - name: Generate PR comment
         if: ${{ github.event_name == 'pull_request' && steps.changed-files.outputs.any_changed == 'true' }}
         env:

Dockerfile

@@ -96,7 +96,7 @@ COPY --chown=node:node next.config.js ./
 
 EXPOSE $PORT
 
-CMD ["node", "src/frame/server.js"]
+CMD ["node_modules/.bin/tsx", "src/frame/server.ts"]
 
 # --------------------------------------------------------------------------------
 # PRODUCTION IMAGE - includes all translations

LICENSE-CODE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright 2023 GitHub
+Copyright 2024 GitHub
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

content/actions/learn-github-actions/usage-limits-billing-and-administration.md

@@ -84,6 +84,18 @@ Usage limits apply to self-hosted runners. For more information, see "[AUTOTITLE
 In addition to the usage limits, you must ensure that you use {% data variables.product.prodname_actions %} within the [GitHub Terms of Service](/free-pro-team@latest/site-policy/github-terms/github-terms-of-service). For more information on {% data variables.product.prodname_actions %}-specific terms, see the [GitHub Additional Product Terms](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#a-actions-usage).
 {% endif %}
 
+{% ifversion fpt or ghec %}
+
+## {% data variables.product.prodname_actions %} usage metrics
+
+{% data reusables.actions.actions-usage-metrics-beta-note %}
+
+If you are on a {% data variables.product.prodname_ghe_cloud %} plan, organization owners and users with the "View organization Actions usage metrics" permission can view {% data variables.product.prodname_actions %} usage metrics for their organization. These metrics can help understand how and where your Actions minutes are being used. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions)."
+
+When you view usage metrics, it is important to remember that {% data reusables.actions.actions-usage-metrics-not-billing-metrics %}
+
+{% endif %}
+
 ## Billing for reusable workflows
 
 If you reuse a workflow, billing is always associated with the caller workflow. Assignment of {% data variables.product.prodname_dotcom %}-hosted runners is always evaluated using only the caller's context. The caller cannot use {% data variables.product.prodname_dotcom %}-hosted runners from the called repository.

content/actions/monitoring-and-troubleshooting-workflows/index.md

@@ -18,5 +18,6 @@ children:
   - /using-workflow-run-logs
   - /enabling-debug-logging
   - /notifications-for-workflow-runs
+  - /viewing-github-actions-usage-metrics-for-your-organization
 --- 
 {% data reusables.actions.enterprise-github-hosted-runners %}

content/actions/monitoring-and-troubleshooting-workflows/viewing-github-actions-usage-metrics-for-your-organization.md

@@ -0,0 +1,16 @@
+---
+title: Viewing GitHub Actions usage metrics for your organization
+shortTitle: GitHub Actions usage metrics
+intro: 'Organization owners and CI/CD administrators can view usage metrics for how and where their organization uses {% data variables.product.prodname_actions %}.'
+permissions: 'Organization owners and users with the "View organization Actions usage metrics" permissions.'
+product: 'Your organization must be on a {% data variables.product.prodname_ghe_cloud %} plan.'
+versions:
+  fpt: '*'
+  ghec: '*'
+---
+
+{% data reusables.actions.actions-usage-metrics-beta-note %}
+
+If you are on a {% data variables.product.prodname_ghe_cloud %} plan, {% data reusables.actions.about-actions-usage-metrics %}
+
+For more information about how to use {% data variables.product.prodname_actions %} usage metrics, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions)" in the {% data variables.product.prodname_ghe_cloud %} documentation.

content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md

@@ -44,6 +44,10 @@ If you're unable to use a service account, another option for unblocking actions
 
 {% data variables.product.prodname_github_codespaces %} may not be available if your enterprise uses OIDC SSO with CAP to restrict access by IP addresses. This is because codespaces are created with dynamic IP addresses which it's likely your IdP’s CAP will block. Other CAP policies may also affect {% data variables.product.prodname_github_codespaces %}'s availability, depending on the policy's specific setup.
 
+### The {% data variables.codespaces.serverless %} editor
+
+The {% data variables.codespaces.serverless %} editor may not be available if your enterprise uses OIDC SSO with CAP to restrict access by IP addresses. This is because {% data variables.codespaces.serverless %} relies on dynamic IP addresses which it's likely your IdP’s CAP will block. Other CAP policies may also affect {% data variables.codespaces.serverless %}'s availability, depending on the policy's specific setup.
+
 ### {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %}
 
 When {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %} sign a user in and make requests on that user's behalf, {% data variables.product.prodname_dotcom %} will send the IP address of the app's server to your IdP for validation. If the IP address of the app's server is not validated by your IdP's CAP, the request will fail.

content/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md

@@ -23,24 +23,35 @@ If your company pays for {% data variables.product.prodname_ghe_cloud %} by cred
 
 {% endnote %}
 
-## Prerequisites
+## Considerations when changing your enterprise slug
 
 Before changing the slug for an enterprise, ensure you have considered any parts of your enterprise's configuration, automations, or processes that may depend on the old enterprise slug. To minimize disruption, you should address these points either immediately before or immediately after changing the slug.
 
-Parts of your system that may be affected by changing the slug include, but are not limited to, the following points.
+Parts of your system that may be affected by changing the slug include, but are not limited to, the following.
 
-- If you have enabled SAML single sign-on (SSO) at the enterprise level, you will need to reconfigure the settings in your identity provider (IdP) to use the new enterprise slug. When you change your slug, existing IdP sessions are not revoked, but your members won't be able to use SSO to access resources in your enterprise until you update the IdP settings. If you have enabled SAML or SCIM at the organization level, changing the slug will not affect SSO. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)."
+### SAML single sign-on (SSO)
 
-  Before changing the slug, to ensure you will have access to your enterprise even if SSO is not working, we recommend you download the recovery codes for your enterprise. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes)."
-- Many {% data variables.product.company_short %} API endpoints for managing an enterprise take the enterprise slug as a parameter. If you use these endpoints in automations, you will need to update the API calls to use the new slug. API calls that use the old slug will stop working immediately. The enterprise ID, which can be used as an alternative to the slug in many cases, is not affected by a slug change.
-- If you use OpenID Connect (OIDC) in {% data variables.product.prodname_actions %} workflows, and have configured your cloud provider to only accept tokens from a unique URL that includes your enterprise slug, you will need to update the settings in your cloud provider. To prevent workflows from failing, the most robust option is to configure your provider to accept tokens from both the old and new slug just before you change the slug. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-issuer-value-for-an-enterprise)."
-- If your enterprise is linked to one or more {% data variables.product.prodname_ghe_server %} instances via {% data variables.product.prodname_github_connect %}, after changing the slug, you'll need to reset the connection by disabling and then reenabling {% data variables.product.prodname_github_connect %}. For more information, see "[AUTOTITLE](/enterprise-server@latest/admin/configuration/configuring-github-connect/managing-github-connect)" in the {% data variables.product.prodname_ghe_server %} documentation.
+If you have enabled SAML single sign-on (SSO) at the enterprise level, you will need to reconfigure the settings in your identity provider (IdP) to use the new enterprise slug. When you change your slug, existing IdP sessions are not revoked, but your members won't be able to use SSO to access resources in your enterprise until you update the IdP settings. If you have enabled SAML or SCIM at the organization level, changing the slug will not affect SSO. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)."
+
+Before changing the slug, to ensure you will have access to your enterprise even if SSO is not working, we recommend you download the recovery codes for your enterprise. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes)."
+
+### API endpoints
+
+Many {% data variables.product.company_short %} API endpoints for managing an enterprise take the enterprise slug as a parameter. If you use these endpoints in automations, you will need to update the API calls to use the new slug. API calls that use the old slug will stop working immediately. The enterprise ID, which can be used as an alternative to the slug in many cases, is not affected by a slug change.
+
+### OpenID Connect  with {% data variables.product.prodname_actions %} workflows
+
+If you use OpenID Connect (OIDC) in {% data variables.product.prodname_actions %} workflows, and have configured your cloud provider to only accept tokens from a unique URL that includes your enterprise slug, you will need to update the settings in your cloud provider. To prevent workflows from failing, the most robust option is to configure your provider to accept tokens from both the old and new slug just before you change the slug. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-issuer-value-for-an-enterprise)."
+
+### {% data variables.product.prodname_github_connect %}
+
+If your enterprise is linked to one or more {% data variables.product.prodname_ghe_server %} instances via {% data variables.product.prodname_github_connect %}, after changing the slug, you'll need to reset the connection by disabling and then reenabling {% data variables.product.prodname_github_connect %}. For more information, see "[AUTOTITLE](/enterprise-server@latest/admin/configuration/configuring-github-connect/managing-github-connect)" in the {% data variables.product.prodname_ghe_server %} documentation.
 
 ## Changing the enterprise slug
 
 {% note %}
 
-**Note:** Before changing the slug for an enterprise, make sure you have understood the potential consequences. For more information, see "[Prerequisites](#prerequisites)."
+**Note:** Before changing the slug for an enterprise, make sure you have understood the potential consequences. For more information, see "[Considerations when changing your enterprise slug](#considerations-when-changing-your-enterprise-slug)."
 
 {% endnote %}
 

content/admin/managing-your-enterprise-account/creating-a-readme-for-an-enterprise.md

@@ -24,6 +24,9 @@ You can also create READMEs for organizations in your enterprise, visible either
 {% data reusables.enterprise-accounts.access-enterprise %}
 1. On the "Overview" page, click **Create README**. If a README is already present on the page, click **Edit**.
 1. Write the content for your README. You can use Markdown to format the content, such as adding headings, images, and lists. For more information, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax)."
+
+   >[!NOTE] You can only link to publicly hosted images in your README. You cannot upload an image to your README, or link to an image from a private repository.
+
 1. Click **Save**.
 
 ## Further reading

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md

@@ -48,7 +48,7 @@ Additionally, you can enforce policies for the use of {% data variables.product.
 
 ## Enforcing a policy for visibility of dependency insights
 
-Dependency insights show all packages that repositories within your enterprise's organizations depend on. Dependency insights include aggregated information about security advisories and licenses. For more information, see "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)."
+Dependency insights show all packages that repositories within your enterprise's organizations depend on. Dependency insights include aggregated information about security advisories and licenses. For more information, see "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization)."
 
 Across all organizations owned by your enterprise, you can control whether organization members can view dependency insights. You can also allow owners to administer the setting on the organization level. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/changing-the-visibility-of-your-organizations-dependency-insights)."
 

content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md

@@ -48,8 +48,8 @@ In the following example, replace `INSTALLATION_ACCESS_TOKEN` with an installati
 curl --request GET \
 --url "{% data variables.product.api_url_pre %}/meta" \
 --header "Accept: application/vnd.github+json" \
---header "Authorization: Bearer INSTALLATION_ACCESS_TOKEN"{% ifversion api-date-versioning %} \
---header "X-GitHub-Api-Version: {{ allVersions[currentVersion].latestApiVersion }}"{% endif %}
+--header "Authorization: Bearer INSTALLATION_ACCESS_TOKEN" \
+--header "X-GitHub-Api-Version: {{ allVersions[currentVersion].latestApiVersion }}"
 ```
 
 ## Using the Octokit.js SDK to authenticate as an app installation
@@ -138,10 +138,9 @@ The Octokit.js SDK also passes a pre-authenticated `octokit` instance to webhook
          repo: payload.repository.name,
          issue_number: payload.issue.number,
          body: `This is a bot post in response to this issue being opened.`,
-         {% ifversion api-date-versioning %}
          headers: {
            "x-github-api-version": "{{ allVersions[currentVersion].latestApiVersion }}",
-         },{% endif %}
+         },
        }
      )
    });

content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app.md

@@ -25,8 +25,8 @@ If a REST API endpoint requires you to authenticate as an app, the documentation
    curl --request GET \
    --url "{% data variables.product.api_url_pre %}/app/installations" \
    --header "Accept: application/vnd.github+json" \
-   --header "Authorization: Bearer YOUR_JWT"{% ifversion api-date-versioning %} \
-   --header "X-GitHub-Api-Version: {{ allVersions[currentVersion].latestApiVersion }}"{% endif %}
+   --header "Authorization: Bearer YOUR_JWT" \
+   --header "X-GitHub-Api-Version: {{ allVersions[currentVersion].latestApiVersion }}"
    ```
 
 ## Using the Octokit.js SDK to authenticate as a {% data variables.product.prodname_github_app %}

content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md

@@ -29,8 +29,8 @@ To use a JWT, pass it in the `Authorization` header of an API request. For examp
 curl --request GET \
 --url "{% data variables.product.api_url_pre %}/app" \
 --header "Accept: application/vnd.github+json" \
---header "Authorization: Bearer YOUR_JWT"{% ifversion api-date-versioning %} \
---header "X-GitHub-Api-Version: {{ allVersions[currentVersion].latestApiVersion }}"{% endif %}
+--header "Authorization: Bearer YOUR_JWT" \
+--header "X-GitHub-Api-Version: {{ allVersions[currentVersion].latestApiVersion }}"
 ```
 
 {% data reusables.getting-started.bearer-vs-token %}
@@ -165,9 +165,9 @@ payload=$( echo -n "${payload_json}" | b64enc )
 
 # Signature
 header_payload="${header}"."${payload}"
-signature=$( 
+signature=$(
     openssl dgst -sha256 -sign <(echo -n "${pem}") \
-    <(echo -n "${header_payload}") | b64enc 
+    <(echo -n "${header_payload}") | b64enc
 )
 
 # Create JWT
@@ -191,9 +191,9 @@ $header = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((Conve
 }))).TrimEnd('=').Replace('+', '-').Replace('/', '_');
 
 $payload = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((ConvertTo-Json -InputObject @{
-  iat = [System.DateTimeOffset]::UtcNow.AddSeconds(-10).ToUnixTimeSeconds()  
+  iat = [System.DateTimeOffset]::UtcNow.AddSeconds(-10).ToUnixTimeSeconds()
   exp = [System.DateTimeOffset]::UtcNow.AddMinutes(10).ToUnixTimeSeconds()
-  iss = $app_id    
+  iss = $app_id
 }))).TrimEnd('=').Replace('+', '-').Replace('/', '_');
 
 $rsa = [System.Security.Cryptography.RSA]::Create()

content/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events.md

@@ -184,10 +184,10 @@ async function handlePullRequestOpened({octokit, payload}) {
       owner: payload.repository.owner.login,
       repo: payload.repository.name,
       issue_number: payload.pull_request.number,
-      body: messageForNewPRs,{% ifversion api-date-versioning %}
+      body: messageForNewPRs,
       headers: {
         "x-github-api-version": "{{ allVersions[currentVersion].latestApiVersion }}",
-      },{% endif %}
+      },
     });
   } catch (error) {
     if (error.response) {

content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-mandatory-two-factor-authentication.md

@@ -31,7 +31,7 @@ Your account is selected for mandatory 2FA if you have taken some action on {% d
 
 ### About mandatory 2FA for organizations and enterprises
 
-Mandatory 2FA is required by {% data variables.product.prodname_dotcom %} itself to improve security for both individual developers and the broader software development ecosystem. Your administrator may also require 2FA enablement as a requirement to join their organization or enterprise, but those requirements are separate from this program.
+Mandatory 2FA is required by {% data variables.product.prodname_dotcom %} itself to improve security for both individual developers and the broader software development ecosystem. Your administrator may also require 2FA enablement as a requirement to join their organization or enterprise, but those requirements are separate from this program. To find which users have enabled 2FA or are required to do so, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-whether-members-in-your-enterprise-have-2fa-enabled)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled)."
 
 Your account's eligibility for mandatory 2FA **does not** impact the eligibility of other individuals. For example, if you are an organization owner, and your account is eligible for mandatory 2FA, that does not impact the eligibility of other accounts within your organization.