Sync from github/docs@f4a9ff3 by PCIT

khs1994-website · Nov 6, 2024 · 6a80e0d · 6a80e0d
1 parent 8116bda
commit 6a80e0d
Show file tree

Hide file tree

Showing 12 changed files with 29 additions and 28 deletions.
diff --git a/actions/administering-github-actions/usage-limits-billing-and-administration.md b/actions/administering-github-actions/usage-limits-billing-and-administration.md
@@ -48,6 +48,7 @@ There are some limits on {% data variables.product.prodname_actions %} usage whe
 * **Job execution time** - Each job in a workflow can run for up to 6 hours of execution time. If a job reaches this limit, the job is terminated and fails to complete.
 {% data reusables.actions.usage-workflow-run-time %}
 {% data reusables.actions.usage-api-requests %}
+* **Webhook rate limit** - Each repository is limited to 1500 triggered events every 10 seconds.
 * **Concurrent jobs** - The number of concurrent jobs you can run in your account depends on your {% data variables.product.prodname_dotcom %} plan, as well as the type of runner used. If exceeded, any additional jobs are queued.
 
   **Standard {% data variables.product.prodname_dotcom %}-hosted runners**

diff --git a/...erprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md b/...erprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md
@@ -49,15 +49,17 @@ Using your IdP's allow list deactivates the {% data variables.product.company_sh
 
 By default, your IdP runs the CAP on the initial interactive SAML or OIDC sign-in to {% data variables.product.company_short %} for any IP allow list configuration you choose.
 
-The OIDC CAP only applies for requests to the API using a user token, such as an OAuth token for an {% data variables.product.prodname_oauth_app %} or a user access token for a {% data variables.product.prodname_github_app %} acting on behalf of a user. The OIDC CAP does not apply when a {% data variables.product.prodname_github_app %} uses an installation access token. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app)" and "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy#github-apps-and-oauth-apps)."
+The OIDC CAP applies to web requests and requests to the API using a user token, such as an OAuth token for an {% data variables.product.prodname_oauth_app %} or a user access token for a {% data variables.product.prodname_github_app %} acting on behalf of a user. The OIDC CAP does not apply when a {% data variables.product.prodname_github_app %} uses an installation access token. See "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app)" and "[AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy#github-apps-and-oauth-apps)."
+
+{% data reusables.enterprise-accounts.emu-cap-public-preview %}
 
 To ensure seamless use of the OIDC CAP while still applying the policy to OAuth tokens and user access tokens, you must copy all of the IP ranges from each {% data variables.product.prodname_github_app %} that your enterprise uses to your IdP policy.
 
 ## Using {% data variables.product.company_short %}'s IP allow list
 
 ### Enabling {% data variables.product.company_short %}'s IP allow list
 
-{% data reusables.profile.access_org %}
+{% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.profile.org_settings %}
 {% data reusables.organizations.security %}
 1. If you're using {% data variables.product.prodname_emus %} with OIDC, under "IP allow list", select the **IP allow list configuration** dropdown menu and click **GitHub**.
@@ -123,7 +125,7 @@ To ensure seamless use of the OIDC CAP while still applying the policy to OAuth
 
 {% endnote %}
 
-{% data reusables.profile.access_org %}
+{% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.profile.org_settings %}
 {% data reusables.organizations.security %}
 1. Under "IP allow list", select the **IP allow list configuration** dropdown menu and click **Identity Provider**.

diff --git a/...for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md b/...for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
@@ -136,6 +136,8 @@ Anyone can fork a public repository, then submit a pull request to propose chang
 
 You can configure which pull requests require approval before they are run.
 
+>[!WARNING] When requiring approvals only for first-time contributors (the first two settings), a user that has had any commit or pull request merged into the repository will not require approval. A malicious user could meet this requirement by getting a simple typo or other innocuous change accepted by a maintainer, either as part of a pull request they have authored or as part of another user's pull request.
+
 * **Require approval for first-time contributors who are new to {% data variables.product.prodname_dotcom %}**. Requires approval for users who have never committed to the repository and have new {% data variables.product.prodname_dotcom %} accounts.
 * **Require approval for first-time contributors**. Requires approval for users who have never committed to the repository.
 * **Require approval for all outside collaborators**. Requires approval for all users who are not organization members.

diff --git a/...terprise-managed-users/about-support-for-your-idps-conditional-access-policy.md b/...terprise-managed-users/about-support-for-your-idps-conditional-access-policy.md
@@ -21,6 +21,8 @@ redirect_from:
 
 {% data reusables.enterprise-accounts.emu-cap-validates %}
 
+{% data reusables.enterprise-accounts.emu-cap-public-preview %}
+
 {% data variables.product.product_name %} supports CAP for any {% data variables.enterprise.prodname_emu_enterprise %} where OIDC SSO is enabled. Enterprise owners can choose to use this IP allow list configuration instead of {% data variables.product.product_name %}'s IP allow list, and can do so once OIDC SSO is configured. For more information about IP allow lists, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list#about-your-idps-allow-list)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)."
 
 * {% data variables.product.product_name %} enforces your IdP's IP conditions but cannot enforce your device compliance conditions.

diff --git a/...n-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md b/...n-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md
@@ -23,6 +23,8 @@ With {% data variables.product.prodname_emus %}, your enterprise uses your ident
 
 {% data reusables.enterprise-accounts.emu-cap-validates %} See "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy)."
 
+{% data reusables.enterprise-accounts.emu-cap-public-preview %}
+
 You can adjust the lifetime of a session, and how often a {% data variables.enterprise.prodname_managed_user %} needs to reauthenticate with your IdP, by changing the lifetime policy property of the ID tokens issued for {% data variables.product.prodname_dotcom %} from your IdP. The default lifetime is one hour. See "[Configure token lifetime policies](https://learn.microsoft.com/en-us/entra/identity-platform/configure-token-lifetimes#create-a-policy-and-assign-it-to-a-service-principal)" in the Microsoft documentation.
 
 To change the lifetime policy property, you will need the object ID associated with your {% data variables.product.prodname_emus %} OIDC. See "[AUTOTITLE](/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/finding-the-object-id-for-your-entra-oidc-application)."

diff --git a/...m/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md b/...m/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md
@@ -21,6 +21,8 @@ redirect_from:
 
 If your {% data variables.enterprise.prodname_emu_enterprise %} uses SAML SSO to authenticate with Entra ID, you can migrate to OIDC. {% data reusables.enterprise-accounts.emu-cap-validates %}
 
+{% data reusables.enterprise-accounts.emu-cap-public-preview %}
+
 When you migrate from SAML to OIDC, {% data variables.enterprise.prodname_managed_users %} and groups that were previously provisioned for SAML but are not provisioned by the {% data variables.product.prodname_emu_idp_oidc_application %} application will have "(SAML)" appended to their display names.
 
 If you're new to {% data variables.product.prodname_emus %} and haven't yet configured authentication for your enterprise, you do not need to migrate and can set up OIDC single sign-on immediately. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)."

diff --git a/...wo-factor-authentication-2fa/countries-where-sms-authentication-is-supported.md b/...wo-factor-authentication-2fa/countries-where-sms-authentication-is-supported.md
@@ -27,12 +27,12 @@ If your country is not on this list, then we aren't currently able to reliably d
 <li>Austria</li>
 <li>Bahamas</li>
 <li>Bahrain</li>
-<li>Bangladesh</li>
 <li>Belarus</li>
 <li>Belgium</li>
 <li>Benin</li>
 <li>Bolivia</li>
 <li>Bosnia and Herzegovina</li>
+<li>Brazil</li>
 <li>Brunei</li>
 <li>Bulgaria</li>
 <li>Burundi</li>
@@ -65,15 +65,13 @@ If your country is not on this list, then we aren't currently able to reliably d
 <li>Hungary</li>
 <li>Iceland</li>
 <li>India</li>
-<li>Indonesia</li>
 <li>Ireland</li>
 <li>Israel</li>
 <li>Italy</li>
 <li>Ivory Coast</li>
 <li>Jamaica</li>
 <li>Japan</li>
 <li>Jordan</li>
-<li>Kazakhstan</li>
 <li>Kuwait</li>
 <li>Latvia</li>
 <li>Libya</li>
@@ -98,7 +96,6 @@ If your country is not on this list, then we aren't currently able to reliably d
 <li>New Zealand</li>
 <li>Nigeria</li>
 <li>Norway</li>
-<li>Philippines</li>
 <li>Poland</li>
 <li>Portugal</li>
 <li>Qatar</li>
@@ -127,7 +124,7 @@ If your country is not on this list, then we aren't currently able to reliably d
 <li>United Arab Emirates</li>
 <li>United Kingdom</li>
 <li>United States</li>
-<li>Uzbekistan</li>
+<li>Uruguay</li>
 <li>Venezuela</li>
 </ul>
 

diff --git a/billing/using-the-billing-platform/about-billing-on-github.md b/billing/using-the-billing-platform/about-billing-on-github.md
@@ -14,10 +14,6 @@ topics:
   - Fundamentals
 ---
 
-{% data reusables.billing.us-sales-tax-note %} For more information about updating your billing information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method)."
->
->If you're exempt from sales tax, you will need to upload a sales tax exemption certificate to your account. See "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-a-sales-tax-certificate)."
-
 ## About billing on {% data variables.product.prodname_dotcom %}
 
 {% data variables.product.company_short %} bills separately for each account. This means that you will receive a separate bill for your personal account and for each organization or enterprise account you own. For more information about account types, see "[AUTOTITLE](/get-started/learning-about-github/types-of-github-accounts)."
@@ -30,6 +26,12 @@ Usage-based billing applies when the cost of a paid product depends on how much
 
 Your plan may come with included amounts of usage-based products. For example, with {% data variables.product.prodname_pro %}, your personal account gets 3,000 minutes of {% data variables.product.prodname_actions %} usage for free each month. You can control usage beyond the included amounts by setting spending limits.
 
+{% ifversion us-sales-tax %}
+
+{% data reusables.billing.us-sales-tax %}
+
+{% endif %}
+
 ## Included amounts by plan
 
 <table>

diff --git a/billing/using-the-billing-platform/adding-a-sales-tax-certificate.md b/billing/using-the-billing-platform/adding-a-sales-tax-certificate.md
@@ -12,8 +12,6 @@ topics:
 shortTitle: Add a sales tax certificate
 ---
 
-{% data reusables.billing.us-sales-tax-note %} {% ifversion fpt or ghec %}For more information about updating your billing information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method)."{% endif %}
-
 If you're a {% data variables.product.company_short %} customer in the United States, you need to ensure that your account is set up to calculate sales tax correctly. If you're exempt from sales tax, you can upload a certificate to your account. The format of the certificate you upload must be one of the following:
 
 * JPEG (`.jpg`, `.jpeg`)

diff --git a/billing/using-the-billing-platform/adding-or-editing-a-payment-method.md b/billing/using-the-billing-platform/adding-or-editing-a-payment-method.md
@@ -28,15 +28,16 @@ topics:
 shortTitle: Manage a payment method
 ---
 
-
-{% data reusables.billing.us-sales-tax-note %}
->
->If you're exempt from sales tax, you can upload a certificate to your account. See "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-a-sales-tax-certificate)."
-
 {% data reusables.dotcom_billing.payment-methods %} {% data reusables.dotcom_billing.same-payment-method %}
 
 We don't support purchase orders for personal accounts. We email receipts monthly or yearly on your account's billing date. If your company, country, or accountant requires your receipts to provide more detail, you can add extra information to your receipts. For more information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-information-to-your-receipts)."
 
+{% ifversion us-sales-tax %}
+
+{% data reusables.billing.us-sales-tax %}
+
+{% endif %}
+
 ## Updating your personal account's payment method
 
 You can update your personal account's payment method at any time.

diff --git a/billing/using-the-billing-platform/index.md b/billing/using-the-billing-platform/index.md
@@ -30,11 +30,3 @@ children:
   - /troubleshooting-a-declined-credit-card-charge
   - /unlocking-a-locked-account
 ---
-
-{% ifversion us-sales-tax %}
-
-{% data reusables.billing.us-sales-tax-note %}{% ifversion fpt or ghec %} For more information about updating your billing information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method)."{% endif %}
->
->If you're exempt from sales tax, you can upload a certificate to your account. See "[AUTOTITLE](/billing/managing-your-github-billing-settings/adding-a-sales-tax-certificate)."
-
-{% endif %}
diff --git a/...ings-and-features/managing-repository-settings/setting-repository-visibility.md b/...ings-and-features/managing-repository-settings/setting-repository-visibility.md
@@ -77,7 +77,7 @@ We recommend reviewing the following caveats before you change the visibility of
 * {% data variables.product.product_name %} will detach private forks and turn them into a standalone private repository. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/working-with-forks/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility#changing-a-private-repository-to-a-public-repository)"{% ifversion fpt or ghec %}
 * If you're converting your private repository to a public repository as part of a move toward creating an open source project, see the [Open Source Guides](http://opensource.guide) for helpful tips and guidelines. You can also take a free course on managing an open source project with [{% data variables.product.prodname_learning %}]({% data variables.product.prodname_learning_link %}). Once your repository is public, you can also view your repository's community profile to see whether your project meets best practices for supporting contributors. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/about-community-profiles-for-public-repositories)."
 * The repository will automatically gain access to {% data variables.product.prodname_GH_advanced_security %} features.
-* Actions history and logs will be visible to everyone. If your repository had reusable or required workflows that were shared from a different repository in your organization, the workflow file path including the repository name will be visible in the logs. For more information on how to remove workflow runs and artifacts see "[AUTOTITLE](/actions/managing-workflow-runs#deleting-logs)" and "[AUTOTITLE](/rest/actions/workflow-runs)".
+* Actions history and logs will be visible to everyone. If your repository had reusable or required workflows that were shared from a different repository in your organization, the workflow file path including the repository name will be visible in the logs. For more information on how to remove workflow runs and artifacts see "[AUTOTITLE](/actions/managing-workflow-runs#deleting-logs)" and "[AUTOTITLE](/rest/actions/workflow-runs)."
 
 For information about improving repository security, see "[AUTOTITLE](/code-security/getting-started/securing-your-repository)."{% endif %}