diff --git a/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions.md b/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions.md index bcdf32a42..6c954fb82 100644 --- a/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions.md +++ b/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions.md @@ -14,11 +14,8 @@ shortTitle: Manage your subscriptions --- To help you understand your subscriptions and decide whether to unsubscribe, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/viewing-your-subscriptions)." -{% note %} - -**Note:** Instead of unsubscribing, you have the option to ignore a repository. If you ignore a repository, you won't receive any notifications. We don't recommend ignoring repositories as you won't be notified if you're @mentioned. {% ifversion fpt or ghec %}If you're experiencing abuse and want to ignore a repository, please visit {% data variables.contact.contact_support_page %} so we can help. {% data reusables.policies.abuse %}{% endif %} - -{% endnote %} +> [!NOTE] +> Instead of unsubscribing, you have the option to ignore a repository. If you ignore a repository, you won't receive any notifications. We don't recommend ignoring repositories as you won't be notified if you're @mentioned. {% ifversion fpt or ghec %}If you're experiencing abuse and want to ignore a repository, please visit {% data variables.contact.contact_support_page %} so we can help. {% data reusables.policies.abuse %}{% endif %} ## Choosing how to unsubscribe diff --git a/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/viewing-your-subscriptions.md b/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/viewing-your-subscriptions.md index d48c918dc..312519024 100644 --- a/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/viewing-your-subscriptions.md +++ b/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/viewing-your-subscriptions.md @@ -33,11 +33,9 @@ We recommend auditing and unsubscribing from your subscriptions as a part of a h When your inbox has too many notifications to manage, consider whether you have oversubscribed or how you can change your notification settings to reduce the subscriptions you have and the types of notifications you're receiving. For example, you may consider disabling the settings to automatically watch all repositories {% ifversion team-discussions %}and all team discussions{% endif %} whenever you've joined a team or repository. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#automatic-watching)." To see an overview of your repository subscriptions, see "[Reviewing repositories that you're watching](#reviewing-repositories-that-youre-watching)." -{% tip %} -**Tip:** You can select the types of event to be notified of by using the **Custom** option of the **Watch/Unwatch** dropdown list in your [watching page](https://github.com/watching) or on any repository page on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository)." - -{% endtip %} +> [!TIP] +> You can select the types of event to be notified of by using the **Custom** option of the **Watch/Unwatch** dropdown list in your [watching page](https://github.com/watching) or on any repository page on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository)." Many people forget about repositories that they've chosen to watch in the past. From the "Watched repositories" page you can quickly unwatch repositories. For more information on ways to unsubscribe, see "[Unwatch recommendations](https://github.blog/changelog/2020-11-10-unwatch-recommendations/)" on {% data variables.product.prodname_blog %} and "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github/managing-your-subscriptions)." You can also create a triage workflow to help with the notifications you receive. For guidance on triage workflows, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications)." @@ -51,14 +49,9 @@ Many people forget about repositories that they've chosen to watch in the past. ![Screenshot of the "Subscriptions" tab. Three dropdown menus, titled "Reason", "Repository", and "Sort", are highlighted with an orange outline.](/assets/images/help/notifications-v2/all-subscriptions.png) -{% tip %} - -**Tips:** -* To review subscriptions you may have forgotten about, sort by "least recently subscribed." - -* To review a list of repositories that you can still receive notifications for, see the repository list in the "filter by repository" drop-down menu. - -{% endtip %} +> [!TIP] +> * To review subscriptions you may have forgotten about, sort by "least recently subscribed." +> * To review a list of repositories that you can still receive notifications for, see the repository list in the "filter by repository" drop-down menu. ## Reviewing repositories that you're watching @@ -66,10 +59,7 @@ Many people forget about repositories that they've chosen to watch in the past. ![Screenshot of the "Notifications" page. A dropdown menu, titled "Manage notifications", is highlighted with an orange outline.](/assets/images/help/notifications-v2/manage-notifications-options.png) 1. Evaluate the repositories that you are watching and decide if their updates are still relevant and helpful. When you watch a repository, you will be notified of all conversations for that repository. - {% tip %} - - **Tip:** Instead of watching a repository, consider only receiving notifications when there are updates to {% data reusables.notifications-v2.custom-notification-types %} (if enabled for the repository), or any combination of these options, or completely unwatching a repository. - - When you unwatch a repository, you can still be notified when you're @mentioned or participating in a thread. When you configure to receive notifications for certain event types, you're only notified when there are updates to these event types in the repository, you're participating in a thread, or you or a team you're on is @mentioned. - - {% endtip %} + > [!TIP] + > Instead of watching a repository, consider only receiving notifications when there are updates to {% data reusables.notifications-v2.custom-notification-types %} (if enabled for the repository), or any combination of these options, or completely unwatching a repository. + > + > When you unwatch a repository, you can still be notified when you're @mentioned or participating in a thread. When you configure to receive notifications for certain event types, you're only notified when there are updates to these event types in the repository, you're participating in a thread, or you or a team you're on is @mentioned. diff --git a/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications.md b/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications.md index 245cd622e..1b4a127db 100644 --- a/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications.md +++ b/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications.md @@ -32,11 +32,8 @@ For example, you may decide to check your notifications in this order in the mor * Events where a team you're a member of is @mentioned, also called team mentions (filter by `reason:team-mention`) * CI workflow failures for a specific repository (filter by `reason:ci-activity` and `repo:owner/repo-name` and ensure you've enabled CI activity notifications for workflow failures in your notification settings) - {% tip %} - - **Tip:** To quickly review your highest priorities, set up custom filters in order of their reviewing priority. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#customizing-your-inbox-with-custom-filters)." - - {% endtip %} + > [!TIP] + > To quickly review your highest priorities, set up custom filters in order of their reviewing priority. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#customizing-your-inbox-with-custom-filters)." ## Following up on ongoing notification updates @@ -50,11 +47,10 @@ For example, you may decide to follow up in this order: After triaging the higher priority notifications, review the remaining notifications, such as participating notifications. Consider these questions: * Can you unsubscribe to this notification? Is this notification completed and ready to be marked as **Done**? - {% tip %} - **Tip:** When you unsubscribe from a notification you won't receive new updates unless you start participating in the thread or you're @mentioned or a team you're on is @mentioned. When you mark a notification as **Done**, the notification is removed from your main inbox view and can be viewed with the query `is:read`. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#triaging-options)." + > [!TIP] + > When you unsubscribe from a notification you won't receive new updates unless you start participating in the thread or you're @mentioned or a team you're on is @mentioned. When you mark a notification as **Done**, the notification is removed from your main inbox view and can be viewed with the query `is:read`. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox#triaging-options)." - {% endtip %} * Would you like to receive future updates when this issue or pull request is closed or reopened, or when a pull request is merged? For more information on these options, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/triaging-a-single-notification#customizing-when-to-receive-future-updates-for-an-issue-or-pull-request)." * Would you like to avoid receiving notifications like this in the future? If so, consider unsubscribing. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/managing-subscriptions-for-activity-on-github)." diff --git a/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md b/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md index 9f4adc359..7e4ac4f03 100644 --- a/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md +++ b/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md @@ -58,11 +58,8 @@ You can add up to 15 of your own custom filters. {% data reusables.notifications.access_notifications %} 1. To open the filter settings, in the left sidebar, next to "Filters", click {% octicon "gear" aria-label="Customize filters" %}. - {% tip %} - - **Tip:** You can quickly preview a filter's inbox results by creating a query in your inbox view and clicking **Save**, which opens the custom filter settings. - - {% endtip %} + > [!TIP] + > You can quickly preview a filter's inbox results by creating a query in your inbox view and clicking **Save**, which opens the custom filter settings. 1. Add a name for your filter and a filter query. For example, to only see notifications for a specific repository, you can create a filter using the query `repo:octocat/open-source-project-name reason:participating`. You can also add emojis with a native emoji keyboard. For a list of supported search queries, see "[Supported queries for custom filters](#supported-queries-for-custom-filters)." diff --git a/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme.md b/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme.md index e17f0801f..8a96e747d 100644 --- a/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme.md +++ b/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme.md @@ -36,11 +36,8 @@ You can format text and include emoji, images, and GIFs in your profile README b * The repository contains a file named README.md in its root. * The README.md file contains any content. -{% note %} - -**Note**: If you created a public repository with the same name as your username before July 2020, {% data variables.product.prodname_dotcom %} won't automatically show the repository's README on your profile. You can manually share the repository's README to your profile by going to the repository on {% data variables.product.prodname_dotcom %} and clicking **Share to profile**. - -{% endnote %} +> [!NOTE] +> If you created a public repository with the same name as your username before July 2020, {% data variables.product.prodname_dotcom %} won't automatically show the repository's README on your profile. You can manually share the repository's README to your profile by going to the repository on {% data variables.product.prodname_dotcom %} and clicking **Share to profile**. ## Adding a profile README diff --git a/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile.md b/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile.md index 801b527f8..68ef5505c 100644 --- a/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile.md +++ b/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile.md @@ -19,12 +19,8 @@ topics: shortTitle: Personalize --- -{% note %} - -**Note:** - Any details you add to your public {% data variables.product.product_name %} profile will be visible to all {% data variables.product.product_name %} users, including in regions where local laws, regulations, or cultural norms may pose risks to expressing your identity. We respect everyone’s decision about whether or not to share information about themselves on their {% data variables.product.product_name %} profile. - -{% endnote %} +> [!NOTE] +> Any details you add to your public {% data variables.product.product_name %} profile will be visible to all {% data variables.product.product_name %} users, including in regions where local laws, regulations, or cultural norms may pose risks to expressing your identity. We respect everyone’s decision about whether or not to share information about themselves on their {% data variables.product.product_name %} profile. ## Changing your profile picture @@ -32,14 +28,9 @@ Your profile picture helps identify you across {% data variables.product.product When you sign up for an account, {% data variables.product.product_name %} provides you with a randomly generated "identicon". [Your identicon](https://github.com/blog/1586-identicons) generates from a hash of your user ID, so there's no way to control its color or pattern. You can replace your identicon with an image that represents you. -{% note %} - -**Note{% ifversion ghec %}s{% endif %}**: {% ifversion ghec %} - -* {% endif %}Your profile picture should be a PNG, JPG, or GIF file, and it must be less than 1 MB in size and smaller than 3000 by 3000 pixels. For the best quality rendering, we recommend keeping the image at about 500 by 500 pixels. -{% ifversion ghec %}* Gravatar profile pictures are not supported with {% data variables.product.prodname_emus %}.{% endif %} - -{% endnote %} +> [!NOTE] {% ifversion ghec %} +> * {% endif %}Your profile picture should be a PNG, JPG, or GIF file, and it must be less than 1 MB in size and smaller than 3000 by 3000 pixels. For the best quality rendering, we recommend keeping the image at about 500 by 500 pixels. +{% ifversion ghec %}> * Gravatar profile pictures are not supported with {% data variables.product.prodname_emus %}.{% endif %} If you use Gravatar, and your Gravatar image is associated with the email you use for {% data variables.product.product_name %}, the image will be shown as your {% data variables.product.product_name %} profile picture by default (rather than an identicon). To change your {% data variables.product.product_name %} profile picture, you can either upload a new image to Gravatar, or upload a new image to {% data variables.product.product_name %} and override the Gravatar image. @@ -62,11 +53,10 @@ If you use Gravatar, and your Gravatar image is associated with the email you us You can change the name that is displayed on your profile. This name may also be displayed next to comments you make on private repositories owned by an organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-display-of-member-names-in-your-organization)." {% ifversion fpt or ghec %} -{% note %} -**Note:** If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, any changes to your profile name must be made through your identity provider instead of {% data variables.product.prodname_dotcom %}. {% data reusables.enterprise-accounts.emu-more-info-account %} +> [!NOTE] +> If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, any changes to your profile name must be made through your identity provider instead of {% data variables.product.prodname_dotcom %}. {% data reusables.enterprise-accounts.emu-more-info-account %} -{% endnote %} {% endif %} {% data reusables.user-settings.access_settings %} @@ -78,21 +68,14 @@ Add a bio to your profile to share information about yourself with other {% data For a longer-form and more prominent way of displaying customized information about yourself, you can also use a profile README. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme)." -{% note %} - -**Note:** - If you have the activity overview section enabled for your profile and you @mention an organization you're a member of in your profile bio, then that organization will be featured first in your activity overview. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-an-overview-of-your-activity-on-your-profile)." - -{% endnote %} +> [!NOTE] +> If you have the activity overview section enabled for your profile and you @mention an organization you're a member of in your profile bio, then that organization will be featured first in your activity overview. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-an-overview-of-your-activity-on-your-profile)." {% data reusables.user-settings.access_settings %} 1. Under "Public profile", in the "Bio" field, type the content that you want displayed on your profile. The bio field is limited to 160 characters. - {% tip %} - - **Tip:** When you @mention an organization, only those that you're a member of will autocomplete. You can still @mention organizations that you're not a member of, like a previous employer, but the organization name won't autocomplete for you. - - {% endtip %} + > [!TIP] + > When you @mention an organization, only those that you're a member of will autocomplete. You can still @mention organizations that you're not a member of, like a previous employer, but the organization name won't autocomplete for you. {% data reusables.profile.update-profile %} @@ -210,11 +193,8 @@ Achievements celebrate specific events and actions that happen on {% data variab To stop private contributions from counting toward your Achievements, or to turn off Achievements entirely, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile)." -{% note %} - -**Note:** This feature is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> This feature is currently in {% data variables.release-phases.public_preview %} and subject to change. {% endif %} diff --git a/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md b/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md index c1cdae1de..a9a5f1bef 100644 --- a/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md +++ b/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md @@ -28,11 +28,8 @@ When your profile is private, the following content is hidden from your profile * Stars, projects, packages, and sponsoring tabs * Your pronouns -{% note %} - -**Note**: When your profile is private, some optional fields are still publicly visible, such as the README, biography, and profile photo. - -{% endnote %} +> [!NOTE] +> When your profile is private, some optional fields are still publicly visible, such as the README, biography, and profile photo. ## Changes to reporting on your activities @@ -45,11 +42,8 @@ When your profile is private, your {% data variables.product.prodname_dotcom %} * Site-wide search results * The [Trending](https://github.com/trending) page -{% note %} - -**Note**: Your activity on public repositories will still be publicly visible to anyone viewing those repositories, and some activity data may still be available through the {% data variables.product.prodname_dotcom %} API. - -{% endnote %} +> [!NOTE] +> Your activity on public repositories will still be publicly visible to anyone viewing those repositories, and some activity data may still be available through the {% data variables.product.prodname_dotcom %} API. ## Changing your profile's privacy settings diff --git a/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sharing-contributions-from-github-enterprise-server.md b/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sharing-contributions-from-github-enterprise-server.md index d211c45ec..9df25ee93 100644 --- a/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sharing-contributions-from-github-enterprise-server.md +++ b/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sharing-contributions-from-github-enterprise-server.md @@ -26,11 +26,8 @@ You can decide whether to show counts for private contributions on your profile. For more information about how contributions are calculated, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile)." -{% note %} - -**Note:** The connection between your accounts is governed by [GitHub's Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-privacy-statement) and users enabling the connection must agree to the [GitHub Terms of Service](/free-pro-team@latest/site-policy/github-terms/github-terms-of-service). - -{% endnote %} +> [!NOTE] +> The connection between your accounts is governed by [GitHub's Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-privacy-statement) and users enabling the connection must agree to the [GitHub Terms of Service](/free-pro-team@latest/site-policy/github-terms/github-terms-of-service). ## Sending your enterprise contributions to your profile diff --git a/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile.md b/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile.md index 959208ad8..7c4071fd7 100644 --- a/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile.md +++ b/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile.md @@ -17,11 +17,8 @@ shortTitle: View contributions --- Your contribution graph and Achievements show activity from public repositories. You can choose to show activity from both public and private repositories, with specific details of your activity in private repositories anonymized. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile)." -{% note %} - -**Note:** Commits will only appear on your contributions graph if the email address you used to author the commits is connected to your account on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile#your-local-git-commit-email-isnt-connected-to-your-account)" - -{% endnote %} +> [!NOTE] +> Commits will only appear on your contributions graph if the email address you used to author the commits is connected to your account on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile#your-local-git-commit-email-isnt-connected-to-your-account)" ## What counts as a contribution @@ -57,11 +54,8 @@ Your contributions calendar shows your contribution activity. * Click on a day's square to show the contributions made during that 24-hour period. * Press _Shift_ and click on another day's square to show contributions made during that time span. -{% note %} - -**Note:** You can select up to a one-month range on your contributions calendar. If you select a larger time span, we will only display one month of contributions. - -{% endnote %} +> [!NOTE] +> You can select up to a one-month range on your contributions calendar. If you select a larger time span, we will only display one month of contributions. ![Screenshot of the contributions graph on a user profile.](/assets/images/help/profile/contributions-graph.png) diff --git a/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md b/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md index 0011608f4..d7491b926 100644 --- a/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md +++ b/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md @@ -73,11 +73,10 @@ The email address in the `From:` field is the address that was set in the [local If the email address used for the commit is not connected to your account on {% data variables.product.prodname_dotcom %}, you must [add the email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account) to your account on {% data variables.product.prodname_dotcom %}. Your contributions graph will be rebuilt automatically when you add the new address. {% ifversion fpt or ghec %} -{% note %} -**Note**: If you use a {% data variables.enterprise.prodname_managed_user %}, you cannot add additional email addresses to the account, even if multiple email addresses are registered with your identity provider (IdP). Therefore, only commits that are authored by the primary email address registered with your IdP can be associated with your {% data variables.enterprise.prodname_managed_user %}. +> [!NOTE] +> If you use a {% data variables.enterprise.prodname_managed_user %}, you cannot add additional email addresses to the account, even if multiple email addresses are registered with your identity provider (IdP). Therefore, only commits that are authored by the primary email address registered with your IdP can be associated with your {% data variables.enterprise.prodname_managed_user %}. -{% endnote %} {% endif %} Generic email addresses, such as `jane@computer.local`, cannot be added to {% data variables.product.prodname_dotcom %} accounts and linked to commits. If you've authored any commits using a generic email address, the commits will not be linked to your {% data variables.product.prodname_dotcom %} profile and will not show up in your contribution graph. @@ -90,11 +89,8 @@ If your commits are in a non-default or non-`gh-pages` branch and you'd like the * [Open a pull request](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) to have your changes merged into the default branch or the `gh-pages` branch. * [Change the default branch](/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/changing-the-default-branch) of the repository. -{% warning %} - -**Warning**: Changing the default branch of the repository will change it for all repository collaborators. Only do this if you want the new branch to become the base against which all future pull requests and commits will be made. - -{% endwarning %} +> [!WARNING] +> Changing the default branch of the repository will change it for all repository collaborators. Only do this if you want the new branch to become the base against which all future pull requests and commits will be made. ### Commit was made in a fork diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account.md index 8d503773c..37583e5b5 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account.md @@ -17,13 +17,9 @@ shortTitle: Add an email address --- {% ifversion fpt or ghec %} -{% note %} - -**Notes**: -* {% data reusables.user-settings.no-verification-disposable-emails %} -* If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, you cannot make changes to your email address on {% data variables.product.prodname_dotcom %}. {% data reusables.enterprise-accounts.emu-more-info-account %} - -{% endnote %} +> [!NOTE] +> * {% data reusables.user-settings.no-verification-disposable-emails %} +> * If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, you cannot make changes to your email address on {% data variables.product.prodname_dotcom %}. {% data reusables.enterprise-accounts.emu-more-info-account %} {% endif %} diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/remembering-your-github-username-or-email.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/remembering-your-github-username-or-email.md index e9a9f6eb8..059b34073 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/remembering-your-github-username-or-email.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/remembering-your-github-username-or-email.md @@ -53,11 +53,8 @@ YOUR-USERNAME If you have any local copies of personal repositories you have created or forked, you can check the URL of the remote repository. -{% tip %} - -**Tip**: This method only works if you have an original repository or your own fork of someone else's repository. If you clone someone else's repository, their username will show instead of yours. Similarly, organization repositories will show the name of the organization instead of a particular user in the remote URL. - -{% endtip %} +> [!TIP] +> This method only works if you have an original repository or your own fork of someone else's repository. If you clone someone else's repository, their username will show instead of yours. Similarly, organization repositories will show the name of the organization instead of a particular user in the remote URL. ```shell $ cd YOUR-REPOSITORY diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address.md index 8b5fa4372..769d56080 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address.md @@ -32,11 +32,8 @@ For web-based Git operations, you can set your commit email address on {% data v {% ifversion fpt or ghec %} -{% note %} - -**Note**: {% data reusables.user-settings.no-verification-disposable-emails %} - -{% endnote %} +> [!NOTE] +> {% data reusables.user-settings.no-verification-disposable-emails %} {% endif %} @@ -50,11 +47,8 @@ To ensure that commits are attributed to you and appear in your contributions gr -{% note %} - -**Note:** If you created your account _after_ July 18, 2017, your `noreply` email address for is an ID number and your username in the form of ID+USERNAME@users.noreply.github.com. If you created your account _prior to_ July 18, 2017, and enabled **Keep my email address private** prior to that date, your `noreply` email address is USERNAME@users.noreply.github.com. You can get an ID-based `noreply` email address by selecting (or deselecting and reselecting) **Keep my email address private** in your email settings. - -{% endnote %} +> [!NOTE] +> If you created your account _after_ July 18, 2017, your `noreply` email address for is an ID number and your username in the form of ID+USERNAME@users.noreply.github.com. If you created your account _prior to_ July 18, 2017, and enabled **Keep my email address private** prior to that date, your `noreply` email address is USERNAME@users.noreply.github.com. You can get an ID-based `noreply` email address by selecting (or deselecting and reselecting) **Keep my email address private** in your email settings. If you use your `noreply` email address for {% data variables.product.github %} to make commits and then change your username, those commits will not be associated with your account. This does not apply if you're using the ID-based `noreply` address from {% data variables.product.github %}. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username)."{% endif %} diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address.md index 81b99bcc4..02210f102 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address.md @@ -34,14 +34,9 @@ If you do not verify your email address, you will not be able to: * Sponsor developers with {% data variables.product.prodname_sponsors %} * Accept organization invitations -{% warning %} - -**Warnings**: - -* {% data reusables.user-settings.no-verification-disposable-emails %} -* {% data reusables.user-settings.verify-org-approved-email-domain %} - -{% endwarning %} +> [!WARNING] +> * {% data reusables.user-settings.no-verification-disposable-emails %} +> * {% data reusables.user-settings.verify-org-approved-email-domain %} {% ifversion ghec %} diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/about-your-personal-dashboard.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/about-your-personal-dashboard.md index d843ce3de..612a59de7 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/about-your-personal-dashboard.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/about-your-personal-dashboard.md @@ -49,11 +49,8 @@ You can also find a list of your recently visited repositories, teams, and proje {% ifversion feed %} -{% note %} - -**Note:** The new feed is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> The new feed is currently in {% data variables.release-phases.public_preview %} and subject to change. The feed is designed to help you discover relevant content from projects you follow, keep up with your friends and community members, and track recent activity in your communities. @@ -89,11 +86,8 @@ For more information about following people and starring repositories, see "[AUT ### For you feed -{% note %} - -**Note:** This new tab is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> This new tab is currently in {% data variables.release-phases.public_preview %} and subject to change. This feed shows activity and recommendations based on your network on {% data variables.product.product_name %}. It's designed to provide updates that inspire you, keep you up-to-date, and help you find new communities you want to participate in. Your network includes: diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username.md index f94371b69..9d75b2c01 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/changing-your-github-username.md @@ -22,20 +22,18 @@ shortTitle: Change your username {% ifversion ghec or ghes %} -{% note %} - {% ifversion ghec %} -**Note**: Members of an {% data variables.enterprise.prodname_emu_enterprise %} cannot change usernames. Your enterprise's IdP administrator controls your username for {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." +> [!NOTE] +> Members of an {% data variables.enterprise.prodname_emu_enterprise %} cannot change usernames. Your enterprise's IdP administrator controls your username for {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." {% elsif ghes %} -**Note**: If you sign into {% data variables.location.product_location %} with LDAP credentials or single sign-on (SSO), only your local administrator can change your username. For more information about authentication methods for {% data variables.product.product_name %}, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise)." +> [!NOTE] +> If you sign into {% data variables.location.product_location %} with LDAP credentials or single sign-on (SSO), only your local administrator can change your username. For more information about authentication methods for {% data variables.product.product_name %}, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise)." {% endif %} -{% endnote %} - {% endif %} ## About username changes @@ -88,14 +86,9 @@ If your Git commits are associated with another email address you've added to yo {% ifversion fpt or ghec %}If you've been using a {% data variables.product.prodname_dotcom %}-provided private commit email address, whether or not your commit history will be retained after an account rename depends on the format of the email address. Git commits that are associated with your {% data variables.product.product_name %}-provided `noreply` email address won't be attributed to your new username and won't appear in your contributions graph, unless your `noreply` email address is in the form of `ID+USERNAME@users.noreply.github.com`. Older versions of the `noreply` email address that do not contain a numeric ID will not be associated with your {% data variables.product.prodname_dotcom %} account after changing your username.{% endif %} -{% warning %} - -**Warnings:** - -* After a username change, verified commits signed using the previous {% data variables.product.product_name %}-provided `noreply` email address will lose their "Verified" status. -* When verifying a signature, {% data variables.product.product_name %} checks that the email address of the committer or tagger exactly matches one of the email addresses associated with the GPG key's identities. Additionally, {% data variables.product.product_name %} confirms that the email address is verified and linked to the user's account. This ensures that the key belongs to you and that you created the commit or tag. Because the username of the `noreply` email address changes, these commits can no longer be verified. - -{% endwarning %} +> [!WARNING] +> * After a username change, verified commits signed using the previous {% data variables.product.product_name %}-provided `noreply` email address will lose their "Verified" status. +> * When verifying a signature, {% data variables.product.product_name %} checks that the email address of the committer or tagger exactly matches one of the email addresses associated with the GPG key's identities. Additionally, {% data variables.product.product_name %} confirms that the email address is verified and linked to the user's account. This ensures that the key belongs to you and that you created the commit or tag. Because the username of the `noreply` email address changes, these commits can no longer be verified. ## Your gists diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/permission-levels-for-a-personal-account-repository.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/permission-levels-for-a-personal-account-repository.md index edaf16ae7..423d364e6 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/permission-levels-for-a-personal-account-repository.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/permission-levels-for-a-personal-account-repository.md @@ -21,11 +21,8 @@ Repositories owned by personal accounts have one owner. Ownership permissions ca You can also {% ifversion fpt or ghec %}invite{% else %}add{% endif %} users on {% data variables.product.product_name %} to your repository as collaborators. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository)." -{% tip %} - -**Tip:** If you require more granular access to a repository owned by your personal account, consider transferring the repository to an organization. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/transferring-a-repository#transferring-a-repository-owned-by-your-personal-account)." - -{% endtip %} +> [!TIP] +> If you require more granular access to a repository owned by your personal account, consider transferring the repository to an organization. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/transferring-a-repository#transferring-a-repository-owned-by-your-personal-account)." ## Owner access for a repository owned by a personal account @@ -70,11 +67,8 @@ The repository owner has full control of the repository. In addition to the acti Collaborators on a personal repository can pull (read) the contents of the repository and push (write) changes to the repository. -{% note %} - -**Note:** In a private repository, repository owners can only grant write access to collaborators. Collaborators can't have read-only access to repositories owned by a personal account. - -{% endnote %} +> [!NOTE] +> In a private repository, repository owners can only grant write access to collaborators. Collaborators can't have read-only access to repositories owned by a personal account. Collaborators can also perform the following actions. diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/about-organization-membership.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/about-organization-membership.md index 44cd00623..1c4d03954 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/about-organization-membership.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/about-organization-membership.md @@ -30,11 +30,8 @@ When you accept an invitation to join an organization, the organization owners m For more information, see the [{% data variables.product.prodname_dotcom %} Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-privacy-statement). - {% note %} - - **Note:** Owners are not able to view member IP addresses in the organization's audit log. In the event of a security incident, such as an account compromise or inadvertent sharing of sensitive data, organization owners may request details of access to private repositories. The information we return may include your IP address. - - {% endnote %} +> [!NOTE] +> Owners are not able to view member IP addresses in the organization's audit log. In the event of a security incident, such as an account compromise or inadvertent sharing of sensitive data, organization owners may request details of access to private repositories. The information we return may include your IP address. By default, your organization membership visibility is set to private. You can choose to publicize individual organization memberships on your profile. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/publicizing-or-hiding-organization-membership)." diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/accessing-an-organization.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/accessing-an-organization.md index deed03c44..0091b07b3 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/accessing-an-organization.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/accessing-an-organization.md @@ -16,11 +16,9 @@ versions: topics: - Accounts --- -{% tip %} -**Tip:** Only organization owners can see and change the account settings for an organization. - -{% endtip %} +> [!TIP] +> Only organization owners can see and change the account settings for an organization. {% data reusables.profile.access_org %} {% data reusables.user-settings.access_org %} diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization.md index d0a30f7ce..adef359a2 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization.md @@ -17,13 +17,10 @@ shortTitle: Leave an organization --- {% ifversion fpt or ghec %} -{% warning %} - -**Warning:** If you're currently responsible for paying for {% data variables.product.product_name %} in your organization, removing yourself from the organization **does not** update the billing information on file for the organization. If you are currently responsible for billing, **you must** have another owner or billing manager for the organization [update the organization's payment method](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method). - -For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/transferring-organization-ownership)." - -{% endwarning %} +> [!WARNING] +> If you're currently responsible for paying for {% data variables.product.product_name %} in your organization, removing yourself from the organization **does not** update the billing information on file for the organization. If you are currently responsible for billing, **you must** have another owner or billing manager for the organization [update the organization's payment method](/billing/managing-your-github-billing-settings/adding-or-editing-a-payment-method). +> +> For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/transferring-organization-ownership)." {% endif %} diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization.md index 05f4868f6..e5bc96043 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization.md @@ -40,11 +40,8 @@ If your organization is managed by an enterprise account, then you can view the You can also view whether an enterprise owner has a specific role in the organization. Enterprise owners can also be an organization member, any other organization role, or be un-affiliated with the organization. -{% note %} - -**Note:** If you're an organization owner, you can also invite an enterprise owner to have a role in the organization. If an enterprise owner accepts the invitation, a seat or license in the organization is used from the available licenses for your enterprise. For more information about how licensing works, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise#enterprise-owner)." - -{% endnote %} +> [!NOTE] +> If you're an organization owner, you can also invite an enterprise owner to have a role in the organization. If an enterprise owner accepts the invitation, a seat or license in the organization is used from the available licenses for your enterprise. For more information about how licensing works, see "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise#enterprise-owner)." | **Enterprise role** | **Organization role** | **Organization access or impact** | |----|----|----| diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization.md index 37729bcdd..91125262b 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/converting-a-user-into-an-organization.md @@ -17,24 +17,23 @@ topics: - Accounts shortTitle: User into an organization --- -{% warning %} -**Warning**: Before converting a user into an organization, keep these points in mind. - -* You will **no longer** be able to sign into the converted personal account. -* You will **no longer** be able to create or modify gists owned by the converted personal account. -* An organization **cannot** be converted back to a user. -* The SSH keys, OAuth tokens, job profile, reactions, and associated user information, **will not** be transferred to the organization. This is only true for the personal account that's being converted, not any of the personal account's collaborators. -* Any {% data variables.product.prodname_github_apps %} installed on the converted personal account will be uninstalled. -* Any commits made with the converted personal account **will no longer be linked** to that account. The commits themselves **will** remain intact. -* Any existing comments made by the converted personal account **will no longer be linked** to that account. The comments themselves **will** remain intact, but will be associated with the `ghost` user. -* Any forks of private repositories made with the converted personal account will be deleted. -* Since organizations cannot star repositories, you will no longer have access to your original list of starred repositories. -* You will no longer have access to the list of users you were following from your user account. -* Any followers of your user account will not automatically follow the new organization. -{% ifversion projects-v2 %}- Any existing collaborators on your projects will still have access to those projects in the new organization.{% endif %} -* {% data variables.product.prodname_actions %} is not automatically enabled on the account after converting it to an organization, and will have to be re-enabled. To re-enable {% data variables.product.prodname_actions %}, create a new workflow file in the `.github/workflows` directory of your repository. -{% endwarning %} +> [!WARNING] +> Before converting a user into an organization, keep these points in mind. +> +> * You will **no longer** be able to sign into the converted personal account. +> * You will **no longer** be able to create or modify gists owned by the converted personal account. +> * An organization **cannot** be converted back to a user. +> * The SSH keys, OAuth tokens, job profile, reactions, and associated user information, **will not** be transferred to the organization. This is only true for the personal account that's being converted, not any of the personal account's collaborators. +> * Any {% data variables.product.prodname_github_apps %} installed on the converted personal account will be uninstalled. +> * Any commits made with the converted personal account **will no longer be linked** to that account. The commits themselves **will** remain intact. +> * Any existing comments made by the converted personal account **will no longer be linked** to that account. The comments themselves **will** remain intact, but will be associated with the `ghost` user. +> * Any forks of private repositories made with the converted personal account will be deleted. +> * Since organizations cannot star repositories, you will no longer have access to your original list of starred repositories. +> * You will no longer have access to the list of users you were following from your user account. +> * Any followers of your user account will not automatically follow the new organization. +{% ifversion projects-v2 %}> * Any existing collaborators on your projects will still have access to those projects in the new organization.{% endif %} +> * {% data variables.product.prodname_actions %} is not automatically enabled on the account after converting it to an organization, and will have to be re-enabled. To re-enable {% data variables.product.prodname_actions %}, create a new workflow file in the `.github/workflows` directory of your repository. ## Prerequisites diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account.md index c8942c35e..7ff1d42e7 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account.md @@ -31,11 +31,8 @@ Deleting your personal account removes all repositories, forks of private reposi {% ifversion ghec %} -{% note %} - -**Note**: If your enterprise manages your account and you sign into {% data variables.product.github %} through your company's identity provider (IdP), you cannot delete your account. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." - -{% endnote %} +> [!NOTE] +> If your enterprise manages your account and you sign into {% data variables.product.github %} through your company's identity provider (IdP), you cannot delete your account. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." {% endif %} @@ -58,11 +55,8 @@ For more information, see the following articles. Before you delete your personal account, make a copy of all repositories, private forks, wikis, issues, and pull requests owned by your account. For more information, see "[AUTOTITLE](/repositories/archiving-a-github-repository/backing-up-a-repository)." -{% warning %} - -**Warning:** Once your personal account has been deleted, {% ifversion fpt or ghec %}{% data variables.product.company_short %}{% elsif ghes %}an enterprise owner{% endif %} cannot restore your content. - -{% endwarning %} +> [!WARNING] +> Once your personal account has been deleted, {% ifversion fpt or ghec %}{% data variables.product.company_short %}{% elsif ghes %}an enterprise owner{% endif %} cannot restore your content. ## Deleting your personal account diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md index 29a0aaa29..16ded05d0 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts.md @@ -24,11 +24,8 @@ If you need to use multiple accounts, you can stay signed in to your accounts an If you want to use one workstation to contribute from both accounts, you can simplify contribution with Git by using a mixture of protocols to access repository data, or by using credentials on a per-repository basis. -{% warning %} - -**Warning**: Be mindful when you use one workstation to contribute to two separate accounts. Management of two or more accounts can increase the chance of mistakenly leaking internal code to the public. - -{% endwarning %} +> [!WARNING] +> Be mindful when you use one workstation to contribute to two separate accounts. Management of two or more accounts can increase the chance of mistakenly leaking internal code to the public. If you aren't required to use a {% data variables.enterprise.prodname_managed_user %}, {% data variables.product.company_short %} recommends that you use one personal account for all your work on {% data variables.location.product_location %}. With a single personal account, you can contribute to a combination of personal, open source, or professional projects using one identity. Other people can invite the account to contribute to both individual repositories and repositories owned by an organization, and the account can be a member of multiple organizations or enterprises. diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/merging-multiple-personal-accounts.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/merging-multiple-personal-accounts.md index 3c4f3b9cb..f460aa009 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/merging-multiple-personal-accounts.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/merging-multiple-personal-accounts.md @@ -16,29 +16,23 @@ topics: - Accounts shortTitle: Merge multiple accounts --- -{% tip %} +> [!TIP] {% ifversion ghec %} -**Tip:** {% data variables.product.prodname_emus %} allow an enterprise to provision unique personal accounts for its members through an identity provider (IdP). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." For other use cases, we recommend using only one personal account to manage both personal and professional repositories. +> {% data variables.product.prodname_emus %} allow an enterprise to provision unique personal accounts for its members through an identity provider (IdP). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." For other use cases, we recommend using only one personal account to manage both personal and professional repositories. {% else %} -**Tip:** We recommend using only one personal account to manage both personal and professional repositories. +> We recommend using only one personal account to manage both personal and professional repositories. {% endif %} -{% endtip %} - -{% warning %} - -**Warning:** -* Organization and repository access permissions aren't transferable between accounts. If the account you want to delete has an existing access permission, an organization owner or repository administrator will need to invite the account that you want to keep. -* Any commits authored with a {% data variables.product.company_short %}-provided `noreply` email address cannot be transferred from one account to another. If the account you want to delete used the **Keep my email address private** option, it won't be possible to transfer the commits authored by the account you are deleting to the account you want to keep. -* Issues, pull requests, and discussions will not be attributed to the new account. -* Achievements are not able to be transferred between accounts. - -{% endwarning %} +> [!WARNING] +> * Organization and repository access permissions aren't transferable between accounts. If the account you want to delete has an existing access permission, an organization owner or repository administrator will need to invite the account that you want to keep. +> * Any commits authored with a {% data variables.product.company_short %}-provided `noreply` email address cannot be transferred from one account to another. If the account you want to delete used the **Keep my email address private** option, it won't be possible to transfer the commits authored by the account you are deleting to the account you want to keep. +> * Issues, pull requests, and discussions will not be attributed to the new account. +> * Achievements are not able to be transferred between accounts. 1. [Transfer any repositories](/repositories/creating-and-managing-repositories/transferring-a-repository) from the account you want to delete to the account you want to keep. Issues, pull requests, and wikis are transferred as well. Verify the repositories exist on the account you want to keep. 1. [Update the remote URLs](/get-started/getting-started-with-git/managing-remote-repositories) in any local clones of the repositories that were moved. diff --git a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account.md b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account.md index e1ecad1ed..c23a5ec71 100644 --- a/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account.md +++ b/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account.md @@ -12,25 +12,16 @@ topics: shortTitle: Unlink your email --- -{% note %} - -**Notes:** - -* Following these steps will not disable 2FA or provide access to a locked account, but will instead unlink the associated email address so it may be used for a different account. If you cannot regain access to the 2FA locked account, these steps will permanently break the link between the account and the linked email address. Before continuing with this article, be sure you have lost all access to your account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials)." - -* If you recover access to your locked account, you can re-link an unlinked email address. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)." - -{% endnote %} +> [!NOTE] +> * Following these steps will not disable 2FA or provide access to a locked account, but will instead unlink the associated email address so it may be used for a different account. If you cannot regain access to the 2FA locked account, these steps will permanently break the link between the account and the linked email address. Before continuing with this article, be sure you have lost all access to your account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials)." +> * If you recover access to your locked account, you can re-link an unlinked email address. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)." ## About unlinking your email address Since an email address can only be associated with a single {% data variables.product.prodname_dotcom %} account, when you've lost your 2FA credentials and are unable to recover access, unlinking your email address from the locked account allows you to link that email address to a new or existing account. Additionally, linking a previously used commit email address to a new account will connect your commit history to that account. Unless you have chosen to keep your email address private, your account's commit email address is the same as your account's primary email address. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)." Be aware that nothing else associated with your 2FA locked account, including your repositories, permissions, and profile, will transfer to your new account. -{% note %} - -**Note:** Backup email addresses are not associated with your commits. Unlinking a backup email address and linking the email address to a different account will not connect your commit history to that account. - -{% endnote %} +> [!NOTE] +> Backup email addresses are not associated with your commits. Unlinking a backup email address and linking the email address to a different account will not connect your commit history to that account. ## Unlinking your email address @@ -47,10 +38,7 @@ Since an email address can only be associated with a single {% data variables.pr 1. To verify your identity, type the one-time password from your email in the "One-time password" text field, then click **Verify email address**. {% data reusables.accounts.unlinking-email-address %} - {% note %} - - **Note:** You can also link your unlinked email to an existing {% data variables.product.prodname_dotcom %} account. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)." - - {% endnote %} + > [!NOTE] + > You can also link your unlinked email to an existing {% data variables.product.prodname_dotcom %} account. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)." 1. Optionally, if you have any form of payment set up on the locked account, please contact us through the {% data variables.contact.contact_support_portal %} to cancel future payments. For example, you might have a paid subscription or sponsor developers through {% data variables.product.prodname_sponsors %}. If you are sponsored through {% data variables.product.prodname_sponsors %}, please mention this so that the team can help you migrate your sponsorships. diff --git a/actions/administering-github-actions/usage-limits-billing-and-administration.md b/actions/administering-github-actions/usage-limits-billing-and-administration.md index 99d5efdb4..fe7c4c29c 100644 --- a/actions/administering-github-actions/usage-limits-billing-and-administration.md +++ b/actions/administering-github-actions/usage-limits-billing-and-administration.md @@ -39,11 +39,8 @@ GitHub Actions usage is free for {% data variables.product.prodname_ghe_server % {% ifversion fpt or ghec %} There are some limits on {% data variables.product.prodname_actions %} usage when using {% data variables.product.prodname_dotcom %}-hosted runners. These limits are subject to change. -{% note %} - -**Note:** For self-hosted runners, different usage limits apply. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits)." - -{% endnote %} +> [!NOTE] +> For self-hosted runners, different usage limits apply. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits)." * **Job execution time** - Each job in a workflow can run for up to 6 hours of execution time. If a job reaches this limit, the job is terminated and fails to complete. {% data reusables.actions.usage-workflow-run-time %} @@ -67,14 +64,9 @@ There are some limits on {% data variables.product.prodname_actions %} usage whe | Team | 1000 | 5 | 100 | | Enterprise | 1000 | 50 | 100 | - {% note %} - - **Notes:** - - * If required, customers on enterprise plans can request a higher limit for concurrent jobs. For more information, contact us through the {% data variables.contact.contact_support_portal %}, or contact your sales representative. - * The maximum concurrent macOS jobs is shared across standard {% data variables.product.prodname_dotcom %}-hosted runner and {% data variables.product.prodname_dotcom %}-hosted {% data variables.actions.hosted_runner %}s. - - {% endnote %} + > [!NOTE] + > * If required, customers on enterprise plans can request a higher limit for concurrent jobs. For more information, contact us through the {% data variables.contact.contact_support_portal %}, or contact your sales representative. + > * The maximum concurrent macOS jobs is shared across standard {% data variables.product.prodname_dotcom %}-hosted runner and {% data variables.product.prodname_dotcom %}-hosted {% data variables.actions.hosted_runner %}s. * **Job matrix** - {% data reusables.actions.usage-matrix-limits %} {% data reusables.actions.usage-workflow-queue-limits %} diff --git a/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller.md b/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller.md index a3a629026..49918323a 100644 --- a/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller.md +++ b/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller.md @@ -20,11 +20,8 @@ topics: The following diagram illustrates the architecture of ARC's autoscaling runner scaleset mode. -{% note %} - -**Note:** To view the following diagram in a larger size, see the [Autoscaling Runner Scale Sets mode](https://github.com/actions/actions-runner-controller/blob/master/docs/gha-runner-scale-set-controller/README.md#how-it-works) documentation in the Actions Runner Controller repository. - -{% endnote %} +> [!NOTE] +> To view the following diagram in a larger size, see the [Autoscaling Runner Scale Sets mode](https://github.com/actions/actions-runner-controller/blob/master/docs/gha-runner-scale-set-controller/README.md#how-it-works) documentation in the Actions Runner Controller repository. ![Diagram showing ARC's autoscaling runner ScaleSet mode.](/assets/images/help/actions/arc-diagram.png) @@ -51,11 +48,8 @@ Each resource that is deployed by ARC is given a name composed of: * an installation name, which is the installation name you specify when you install the Helm chart. * a resource identification suffix, which is a string that identifies the resource type. This value is not configurable. -{% note %} - -**Note:** Different versions of Kubernetes have different length limits for names of resources. The length limit for the resource name is calculated by adding the length of the installation name and the length of the resource identification suffix. If the resource name is longer than the reserved length, you will receive an error. - -{% endnote %} +> [!NOTE] +> Different versions of Kubernetes have different length limits for names of resources. The length limit for the resource name is calculated by adding the length of the installation name and the length of the resource identification suffix. If the resource name is longer than the reserved length, you will receive an error. ### Resources deployed by `gha-runner-scale-set-controller` diff --git a/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md b/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md index 1d2c843d7..77e60ceba 100644 --- a/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md +++ b/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller.md @@ -43,14 +43,9 @@ If you're uncertain if the issue is out of scope, open a ticket and we're happy For more information about contacting {% data variables.contact.github_support %}, see [AUTOTITLE](/support/contacting-github-support). -{% note %} - -**Note:** - -* OpenShift clusters are currently unsupported. -* ARC is only supported on GitHub Enterprise Server versions 3.9 and greater. - -{% endnote %} +> [!NOTE] +> * OpenShift clusters are currently unsupported. +> * ARC is only supported on GitHub Enterprise Server versions 3.9 and greater. ## Working with {% data variables.contact.github_support %} for Actions Runner Controller diff --git a/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md b/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md index c7aafde34..511de0b2b 100644 --- a/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md +++ b/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md @@ -18,11 +18,8 @@ defaultPlatform: linux You can authenticate {% data variables.product.prodname_actions_runner_controller %} (ARC) to the {% data variables.product.prodname_dotcom %} API by using a {% data variables.product.prodname_github_app %} or by using a {% data variables.product.pat_v1 %}. -{% note %} - -**Note:** You cannot authenticate using a {% data variables.product.prodname_github_app %} for runners at the enterprise level. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#about-runner-groups)." - -{% endnote %} +> [!NOTE] +> You cannot authenticate using a {% data variables.product.prodname_github_app %} for runners at the enterprise level. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups#about-runner-groups)." ## Authenticating ARC with a {% data variables.product.prodname_github_app %} @@ -32,11 +29,10 @@ You can authenticate {% data variables.product.prodname_actions_runner_controlle 1. Under "Permissions," click **Repository permissions**. Then use the dropdown menus to select the following access permissions. * **Administration**: Read and write - {% note %} - **Note**: `Administration: Read and write` is only required when configuring {% data variables.product.prodname_actions_runner_controller %} to register at the repository scope. It is not required to register at the organization scope. + > [!NOTE] + > `Administration: Read and write` is only required when configuring {% data variables.product.prodname_actions_runner_controller %} to register at the repository scope. It is not required to register at the organization scope. - {% endnote %} * **Metadata**: Read-only 1. Under "Permissions," click **Organization permissions**. Then use the dropdown menus to select the following access permissions. @@ -57,11 +53,10 @@ You can authenticate {% data variables.product.prodname_actions_runner_controlle ARC can use {% data variables.product.pat_v1_plural %} to register self-hosted runners. {% ifversion ghec or ghes %} -{% note %} -**Note:** Authenticating ARC with a {% data variables.product.pat_v1 %} is the only supported authentication method to register runners at the enterprise level. +> [!NOTE] +> Authenticating ARC with a {% data variables.product.pat_v1 %} is the only supported authentication method to register runners at the enterprise level. -{% endnote %} {% endif %} 1. Create a {% data variables.product.pat_v1 %} with the required scopes. The required scopes are different depending on whether you are registering runners at the repository{% ifversion ghec or ghes %}, organization, or enterprise{% else %} or organization{% endif %} level. For more information on how to create a {% data variables.product.pat_v1 %}, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-personal-access-token-classic)." diff --git a/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md b/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md index 19cb479e8..beaa3629a 100644 --- a/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md +++ b/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller.md @@ -28,16 +28,11 @@ To deploy a runner scale set, you must have ARC up and running. For more informa You can deploy runner scale sets with ARC's Helm charts or by deploying the necessary manifests. Using ARC's Helm charts is the preferred method, especially if you do not have prior experience using ARC. -{% note %} - -**Notes:** - -* {% data reusables.actions.actions-runner-controller-security-practices-namespace %} -* {% data reusables.actions.actions-runner-controller-security-practices-secret %} -* We recommend running production workloads in isolation. {% data variables.product.prodname_actions %} workflows are designed to run arbitrary code, and using a shared Kubernetes cluster for production workloads could pose a security risk. -* Ensure you have implemented a way to collect and retain logs from the controller, listeners, and ephemeral runners. - -{% endnote %} +> [!NOTE] +> * {% data reusables.actions.actions-runner-controller-security-practices-namespace %} +> * {% data reusables.actions.actions-runner-controller-security-practices-secret %} +> * We recommend running production workloads in isolation. {% data variables.product.prodname_actions %} workflows are designed to run arbitrary code, and using a shared Kubernetes cluster for production workloads could pose a security risk. +> * Ensure you have implemented a way to collect and retain logs from the controller, listeners, and ephemeral runners. 1. To configure your runner scale set, run the following command in your terminal, using values from your ARC configuration. @@ -118,11 +113,8 @@ ARC offers several advanced configuration options. ### Configuring the runner scale set name -{% note %} - -**Note:** Runner scale set names are unique within the runner group they belong to. If you want to deploy multiple runner scale sets with the same name, they must belong to different runner groups. - -{% endnote %} +> [!NOTE] +> Runner scale set names are unique within the runner group they belong to. If you want to deploy multiple runner scale sets with the same name, they must belong to different runner groups. To configure the runner scale set name, you can define an `INSTALLATION_NAME` or set the value of `runnerScaleSetName` in your copy of the [`values.yaml`](https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set/values.yaml) file. @@ -138,11 +130,10 @@ Make sure to pass the `values.yaml` file in your `helm install` command. See the Runner scale sets can be deployed at the repository, organization, or enterprise levels. {% ifversion ghec or ghes %} -{% note %} -**Note:** You can only deploy runner scale sets at the enterprise level when using {% data variables.product.pat_v1 %} authentication. +> [!NOTE] +> You can only deploy runner scale sets at the enterprise level when using {% data variables.product.pat_v1 %} authentication. -{% endnote %} {% endif %} To deploy runner scale sets to a specific level, set the value of `githubConfigUrl` in your copy of the `values.yaml` to the URL of your repository, organization, or enterprise. @@ -170,11 +161,8 @@ githubConfigUrl: "http(s):///<'enterprises/your_enterprise'/'org'/'org If you are not using enterprise-level runners, you can use {% data variables.product.prodname_github_apps %} to authenticate with the {% data variables.product.company_short %} API. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api)." -{% note %} - -**Note:** Given the security risk associated with exposing your private key in plain text in a file on disk, we recommend creating a Kubernetes secret and passing the reference instead. - -{% endnote %} +> [!NOTE] +> Given the security risk associated with exposing your private key in plain text in a file on disk, we recommend creating a Kubernetes secret and passing the reference instead. You can either create a Kubernetes secret, or specify values in your [`values.yaml`](https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set/values.yaml) file. @@ -266,11 +254,8 @@ ARC supports using anonymous or authenticated proxies. If you use authenticated The `maxRunners` and `minRunners` properties provide you with a range of options to customize your ARC setup. -{% note %} - -**Note:** ARC does not support scheduled maximum and minimum configurations. You can use a cronjob or any other scheduling solution to update the configuration on a schedule. - -{% endnote %} +> [!NOTE] +> ARC does not support scheduled maximum and minimum configurations. You can use a cronjob or any other scheduling solution to update the configuration on a schedule. #### Example: Unbounded number of runners @@ -302,11 +287,8 @@ minRunners: 20 In this configuration, {% data variables.product.prodname_actions_runner_controller %} will scale up to a maximum of `30` runners and will scale down to `20` runners when the jobs are complete. -{% note %} - -**Note:** The value of `minRunners` can never exceed that of `maxRunners`, unless `maxRunners` is commented out. - -{% endnote %} +> [!NOTE] +> The value of `minRunners` can never exceed that of `maxRunners`, unless `maxRunners` is commented out. ```yaml ## maxRunners is the max number of runners the auto scaling runner set will scale up to. @@ -332,11 +314,8 @@ minRunners: 0 ### Custom TLS certificates -{% note %} - -**Note:** If you are using a custom runner image that is not based on the `Debian` distribution, the following instructions will not work. - -{% endnote %} +> [!NOTE] +> If you are using a custom runner image that is not based on the `Debian` distribution, the following instructions will not work. Some environments require TLS certificates that are signed by a custom certificate authority (CA). Since the custom certificate authority certificates are not bundled with the controller or runner containers, you must inject them into their respective trust stores. @@ -473,13 +452,10 @@ If you are using container jobs and services or container actions, the `containe ### Using Docker-in-Docker mode -{% note %} - -**Note:** The Docker-in-Docker container requires privileged mode. For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) in the Kubernetes documentation. - -By default, the `dind` container uses the `docker:dind` image, which runs the Docker daemon as root. You can replace this image with `docker:dind-rootless` as long as you are aware of the [known limitations](https://docs.docker.com/engine/security/rootless/#known-limitations) and run the pods with `--privileged` mode. To learn how to customize the Docker-in-Docker configuration, see "[Customizing container modes](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller#customizing-container-modes)." - -{% endnote %} +> [!NOTE] +> The Docker-in-Docker container requires privileged mode. For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) in the Kubernetes documentation. +> +> By default, the `dind` container uses the `docker:dind` image, which runs the Docker daemon as root. You can replace this image with `docker:dind-rootless` as long as you are aware of the [known limitations](https://docs.docker.com/engine/security/rootless/#known-limitations) and run the pods with `--privileged` mode. To learn how to customize the Docker-in-Docker configuration, see "[Customizing container modes](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller#customizing-container-modes)." Docker-in-Docker mode is a configuration that allows you to run Docker inside a Docker container. In this configuration, for each runner pod created, ARC creates the following containers. @@ -582,29 +558,26 @@ containerMode: {% data reusables.actions.actions-runner-controller-helm-chart-options %} -{% note %} - -**Note:** When Kubernetes mode is enabled, workflows that are not configured with a container job will fail with an error similar to: - - ```bash - Jobs without a job container are forbidden on this runner, please add a 'container:' to your job or contact your self-hosted runner administrator. - ``` - -To allow jobs without a job container to run, set `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` to `false` on your runner container. This instructs the runner to disable this check. - -```yaml -template: - spec: - containers: - - name: runner - image: ghcr.io/actions/actions-runner:latest - command: ["/home/runner/run.sh"] - env: - - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER - value: "false" -``` - -{% endnote %} +> [!NOTE] +> When Kubernetes mode is enabled, workflows that are not configured with a container job will fail with an error similar to: +> +> ```bash +> Jobs without a job container are forbidden on this runner, please add a 'container:' to your job or contact your self-hosted runner administrator. +> ``` +> +> To allow jobs without a job container to run, set `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` to `false` on your runner container. This instructs the runner to disable this check. +> +> ```yaml +> template: +> spec: +> containers: +> - name: runner +> image: ghcr.io/actions/actions-runner:latest +> command: ["/home/runner/run.sh"] +> env: +> - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER +> value: "false" +> ``` ### Customizing container modes @@ -839,11 +812,8 @@ There are two options to configure hook extensions. * Store in your **custom runner image**. You can store the PodSpec in a YAML file anywhere in your custom runner image. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller#creating-your-own-runner-image)." * Store in a **ConfigMap**. You can create a config map with the PodSpec and mount that config map in the runner container. For more information, see [ConfigMaps](https://kubernetes.io/docs/concepts/configuration/configmap/) in the Kubernetes documentation. -{% note %} - -**Note:** With both options, you must set the `ACTIONS_RUNNER_CONTAINER_HOOK_TEMPLATE` environment variable in the runner container spec to point to the path of the YAML file mounted in the runner container. - -{% endnote %} +> [!NOTE] +> With both options, you must set the `ACTIONS_RUNNER_CONTAINER_HOOK_TEMPLATE` environment variable in the runner container spec to point to the path of the YAML file mounted in the runner container. ##### Example: Using config map to set securityContext @@ -879,11 +849,8 @@ data: ## Enabling metrics -{% note %} - -**Note:** Metrics for ARC are available as of version gha-runner-scale-set-0.5.0. - -{% endnote %} +> [!NOTE] +> Metrics for ARC are available as of version gha-runner-scale-set-0.5.0. ARC can emit metrics about your runners, your jobs, and time spent on executing your workflows. Metrics can be used to identify congestion, monitor the health of your ARC deployment, visualize usage trends, optimize resource consumption, among many other use cases. Metrics are emitted by the controller-manager and listener pods in Prometheus format. For more information, see [Exposition formats](https://prometheus.io/docs/instrumenting/exposition_formats/) in the Prometheus documentation. @@ -898,11 +865,8 @@ metrics: listenerEndpoint: "/metrics" ``` -{% note %} - -**Note:** If the `metrics:` object is not provided or is commented out, the following flags will be applied to the controller-manager and listener pods with empty values: `--metrics-addr`, `--listener-metrics-addr`, `--listener-metrics-endpoint`. This will disable metrics for ARC. - -{% endnote %} +> [!NOTE] +> If the `metrics:` object is not provided or is commented out, the following flags will be applied to the controller-manager and listener pods with empty values: `--metrics-addr`, `--listener-metrics-addr`, `--listener-metrics-endpoint`. This will disable metrics for ARC. Once these properties are configured, your controller-manager and listener pods emit metrics via the listenerEndpoint bound to the ports that you specify in your [`values.yaml`](https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set-controller/values.yaml) file. In the above example, the endpoint is `/metrics` and the port is `:8080`. You can use this endpoint to scrape metrics from your controller-manager and listener pods. @@ -912,11 +876,8 @@ To turn off metrics, update your [`values.yaml`](https://github.com/actions/acti The following table shows the metrics emitted by the controller-manager and listener pods. -{% note %} - -**Note:** The metrics that the controller-manager emits pertain to the controller runtime and are not owned by {% data variables.product.company_short %}. - -{% endnote %} +> [!NOTE] +> The metrics that the controller-manager emits pertain to the controller runtime and are not owned by {% data variables.product.company_short %}. | Owner | Metric | Type | Description | | ------------------ | --------------------------------------------- | --------- | ----------------------------------------------------------------------------------------------------------- | @@ -977,26 +938,16 @@ For more information, see "[Deploying a runner scale set](/actions/hosting-your- If you would like to upgrade ARC but are concerned about downtime, you can deploy ARC in a high availability configuration to ensure runners are always available. For more information, see "[High availability and automatic failover](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller#high-availability-and-automatic-failover)." -{% note %} - -**Note:** - -Transitioning from the [community supported version of ARC](https://github.com/actions/actions-runner-controller/discussions/2775) to the GitHub supported version is a substantial architectural change. The GitHub supported version involves a redesign of many components of ARC. It is not a minor software upgrade. For these reasons, we recommend testing the new versions in a staging environment that matches your production environment first. This will ensure stability and reliability of the setup before deploying in production. - -{% endnote %} +> [!NOTE] +> Transitioning from the [community supported version of ARC](https://github.com/actions/actions-runner-controller/discussions/2775) to the GitHub supported version is a substantial architectural change. The GitHub supported version involves a redesign of many components of ARC. It is not a minor software upgrade. For these reasons, we recommend testing the new versions in a staging environment that matches your production environment first. This will ensure stability and reliability of the setup before deploying in production. ### Deploying a canary image You can test features before they are released by using canary releases of the controller-manager container image. Canary images are published with tag format `canary-SHORT_SHA`. For more information, see [`gha-runner-scale-set-controller`](https://github.com/actions/actions-runner-controller/pkgs/container/gha-runner-scale-set-controller) on the {% data variables.product.prodname_container_registry %}. -{% note %} - -**Notes:** - -* You must use Helm charts on your local file system. -* You cannot use the released Helm charts. - -{% endnote %} +> [!NOTE] +> * You must use Helm charts on your local file system. +> * You cannot use the released Helm charts. 1. Update the `tag` in the [gha-runner-scale-set-controller `values.yaml`](https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set-controller/values.yaml) file to: `canary-SHORT_SHA` 1. Update the field `appVersion` in the [`Chart.yaml`](https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set/Chart.yaml) file for `gha-runner-scale-set` to: `canary-SHORT_SHA` diff --git a/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md b/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md index 7eb808463..b3a39c010 100644 --- a/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md +++ b/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller.md @@ -28,11 +28,8 @@ In order to use ARC, ensure you have the following. * For a managed cloud environment, you can use AKS. For more information, see [Azure Kubernetes Service](https://azure.microsoft.com/en-us/products/kubernetes-service) in the Azure documentation. * For a local setup, you can use minikube or kind. For more information, see [minikube start](https://minikube.sigs.k8s.io/docs/start/) in the minikube documentation and [kind](https://kind.sigs.k8s.io/) in the kind documentation. - {% note %} - - **Note:** OpenShift clusters are currently unsupported. - - {% endnote %} + > [!NOTE] + > OpenShift clusters are currently unsupported. * Helm 3 * For more information, see [Installing Helm](https://helm.sh/docs/intro/install/) in the Helm documentation. @@ -69,13 +66,9 @@ In order to use ARC, ensure you have the following. * Set `GITHUB_CONFIG_URL` to the URL of your repository, organization, or enterprise. This is the entity that the runners will belong to. * This example command installs the latest version of the Helm chart. To install a specific version, you can pass the `--version` argument with the version of the chart you wish to install. You can find the list of releases in the [GitHub Container Registry](https://github.com/actions/actions-runner-controller/pkgs/container/actions-runner-controller-charts%2Fgha-runner-scale-set). - {% note %} - - **Note:** - * {% data reusables.actions.actions-runner-controller-security-practices-namespace %} - * {% data reusables.actions.actions-runner-controller-security-practices-secret %} For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller)." - - {% endnote %} + > [!NOTE] + > * {% data reusables.actions.actions-runner-controller-security-practices-namespace %} + > * {% data reusables.actions.actions-runner-controller-security-practices-secret %} For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller)." ```bash copy INSTALLATION_NAME="arc-runner-set" diff --git a/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners.md b/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners.md index d90f15fb5..a57269ea0 100644 --- a/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners.md +++ b/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners.md @@ -21,13 +21,10 @@ If you are an organization or enterprise administrator, you might want to add yo For information on supported operating systems for self-hosted runners, or using self-hosted runners with a proxy server, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)." -{% warning %} - -**Warning:** {% data reusables.actions.self-hosted-runner-security %} - -For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)." - -{% endwarning %} +> [!WARNING] +> {% data reusables.actions.self-hosted-runner-security %} +> +> For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)." You can set up automation to scale the number of self-hosted runners. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners)." @@ -49,11 +46,8 @@ You can add self-hosted runners to a single repository. To add a self-hosted run For information about how to add a self-hosted runner with the REST API, see "[AUTOTITLE](/rest/actions/self-hosted-runners)." -{% note %} - -**Note**: {% data reusables.actions.disable-selfhosted-runners-crossrefs %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.disable-selfhosted-runners-crossrefs %} {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} diff --git a/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners.md b/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners.md index 58ef47ad3..2b076c487 100644 --- a/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners.md +++ b/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners.md @@ -45,11 +45,8 @@ To add an ephemeral runner to your environment, include the `--ephemeral` parame The {% data variables.product.prodname_actions %} service will then automatically de-register the runner after it has processed one job. You can then create your own automation that wipes the runner after it has been de-registered. -{% note %} - -**Note:** If a job is labeled for a certain type of runner, but none matching that type are available, the job does not immediately fail at the time of queueing. Instead, the job will remain queued until the 24 hour timeout period expires. - -{% endnote %} +> [!NOTE] +> If a job is labeled for a certain type of runner, but none matching that type are available, the job does not immediately fail at the time of queueing. Instead, the job will remain queued until the 24 hour timeout period expires. {% ifversion actions-single-use-tokens %} diff --git a/actions/hosting-your-own-runners/managing-self-hosted-runners/configuring-the-self-hosted-runner-application-as-a-service.md b/actions/hosting-your-own-runners/managing-self-hosted-runners/configuring-the-self-hosted-runner-application-as-a-service.md index 2db234d35..3501ace62 100644 --- a/actions/hosting-your-own-runners/managing-self-hosted-runners/configuring-the-self-hosted-runner-application-as-a-service.md +++ b/actions/hosting-your-own-runners/managing-self-hosted-runners/configuring-the-self-hosted-runner-application-as-a-service.md @@ -20,12 +20,10 @@ defaultPlatform: linux {% capture service_nonwindows_intro %} -{% note %} - -**Note:** You must add a runner to {% data variables.product.product_name %} before you can configure the self-hosted runner application as a service. +> [!NOTE] +> You must add a runner to {% data variables.product.product_name %} before you can configure the self-hosted runner application as a service. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)." -{% endnote %} {% endcapture %} {% capture service_win_name %}actions.runner.*{% endcapture %} @@ -42,13 +40,10 @@ For Linux systems that use `systemd`, you can use the `svc.sh` script that is cr {% windows %} -{% note %} - -**Note:** Configuring the self-hosted runner application as a service on Windows is part of the application configuration process. If you have already configured the self-hosted runner application but did not choose to configure it as a service, you must remove the runner from {% data variables.product.prodname_dotcom %} and re-configure the application. When you re-configure the application, choose the option to configure the application as a service. - -For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners)" and "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)." - -{% endnote %} +> [!NOTE] +> Configuring the self-hosted runner application as a service on Windows is part of the application configuration process. If you have already configured the self-hosted runner application but did not choose to configure it as a service, you must remove the runner from {% data variables.product.prodname_dotcom %} and re-configure the application. When you re-configure the application, choose the option to configure the application as a service. +> +> For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners)" and "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)." You can manage the runner service in the Windows **Services** application, or you can use PowerShell to run the commands below. diff --git a/actions/hosting-your-own-runners/managing-self-hosted-runners/customizing-the-containers-used-by-jobs.md b/actions/hosting-your-own-runners/managing-self-hosted-runners/customizing-the-containers-used-by-jobs.md index a6db11fd0..c526b3cef 100644 --- a/actions/hosting-your-own-runners/managing-self-hosted-runners/customizing-the-containers-used-by-jobs.md +++ b/actions/hosting-your-own-runners/managing-self-hosted-runners/customizing-the-containers-used-by-jobs.md @@ -9,11 +9,8 @@ type: reference shortTitle: Customize containers used by jobs --- -{% note %} - -**Note**: This feature is currently in {% data variables.release-phases.public_preview %} and is subject to change. - -{% endnote %} +> [!NOTE] +> This feature is currently in {% data variables.release-phases.public_preview %} and is subject to change. ## About container customization @@ -476,11 +473,8 @@ No output is expected for `run_script_step`. {% data variables.product.prodname_dotcom %} has created an example repository that demonstrates how to generate customization scripts for Docker and Kubernetes. -{% note %} - -**Note:** The resulting scripts are available for testing purposes, and you will need to determine whether they are appropriate for your requirements. - -{% endnote %} +> [!NOTE] +> The resulting scripts are available for testing purposes, and you will need to determine whether they are appropriate for your requirements. 1. Clone the [actions/runner-container-hooks](https://github.com/actions/runner-container-hooks) repository to your self-hosted runner. @@ -502,11 +496,8 @@ When the resulting `index.js` is triggered by {% data variables.product.prodname The custom script must be located on the runner, but should not be stored in the self-hosted runner application directory (that is, the directory into which you downloaded and unpacked the runner software). The scripts are executed in the security context of the service account that's running the runner service. -{% note %} - -**Note**: The triggered script is processed synchronously, so it will block job execution while running. - -{% endnote %} +> [!NOTE] +> The triggered script is processed synchronously, so it will block job execution while running. The script is automatically executed when the runner has the following environment variable containing an absolute path to the script: diff --git a/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners.md b/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners.md index 5678dd02e..ca785aa04 100644 --- a/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners.md +++ b/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners.md @@ -17,18 +17,13 @@ shortTitle: Remove self-hosted runners ## Removing a runner from a repository -{% note %} - -**Notes:** - -* {% data reusables.actions.self-hosted-runner-removal-impact %} -* {% data reusables.actions.self-hosted-runner-auto-removal %} +> [!NOTE] +> * {% data reusables.actions.self-hosted-runner-removal-impact %} +> * {% data reusables.actions.self-hosted-runner-auto-removal %} {%- ifversion actions-single-use-tokens %} -* {% data reusables.actions.jit-runner-removal %} +> * {% data reusables.actions.jit-runner-removal %} {%- endif %} -{% endnote %} - To remove a self-hosted runner from a user repository you must be the repository owner. Organization owners{% ifversion custom-org-roles %} and users with the "Manage organization runners and runner groups" permission{% endif %} can remove a runner from a repository in the organization. {% ifversion custom-org-roles %}For more information about custom organization roles, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)."{% endif %} We recommend that you also have access to the self-hosted runner machine. @@ -44,18 +39,13 @@ For information about how to remove a self-hosted runner with the REST API, see ## Removing a runner from an organization -{% note %} - -**Notes:** - -* {% data reusables.actions.self-hosted-runner-removal-impact %} -* {% data reusables.actions.self-hosted-runner-auto-removal %} +> [!NOTE] +> * {% data reusables.actions.self-hosted-runner-removal-impact %} +> * {% data reusables.actions.self-hosted-runner-auto-removal %} {%- ifversion actions-single-use-tokens %} -* {% data reusables.actions.jit-runner-removal %} +> * {% data reusables.actions.jit-runner-removal %} {%- endif %} -{% endnote %} - To remove a self-hosted runner from an organization, you must be an organization owner{% ifversion custom-org-roles %} or have the "Manage organization runners and runner groups" permission{% endif %}. We recommend that you also have access to the self-hosted runner machine. For information about how to remove a self-hosted runner with the REST API, see "[AUTOTITLE](/rest/actions/self-hosted-runners)." {% ifversion custom-org-roles %}For more information about custom organization roles, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)."{% endif %} @@ -73,16 +63,14 @@ To remove a self-hosted runner from an organization, you must be an organization If you use {% data variables.product.prodname_ghe_cloud %}, you can also remove runners from an enterprise. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/actions/hosting-your-own-runners/managing-self-hosted-runners/removing-self-hosted-runners#removing-a-runner-from-an-enterprise). {% endif %} {% ifversion ghec or ghes %} -{% note %} -**Notes:** - -* {% data reusables.actions.self-hosted-runner-removal-impact %} -* {% data reusables.actions.self-hosted-runner-auto-removal %} +> [!NOTE] +> * {% data reusables.actions.self-hosted-runner-removal-impact %} +> * {% data reusables.actions.self-hosted-runner-auto-removal %} {%- ifversion actions-single-use-tokens %} -* {% data reusables.actions.jit-runner-removal %} +> * {% data reusables.actions.jit-runner-removal %} + {%- endif %} -{% endnote %} To remove a self-hosted runner from an enterprise, you must be an enterprise owner. We recommend that you also have access to the self-hosted runner machine. For information about how to remove a self-hosted runner with the REST API, see the enterprise endpoints in the [{% data variables.product.prodname_actions %} REST API](/rest/actions/self-hosted-runners). diff --git a/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md b/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md index bcf37637d..9fd6434d4 100644 --- a/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md +++ b/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md @@ -29,11 +29,8 @@ Your custom scripts can use the following features: Your script files must use a file extension for the relevant language, such as `.sh` or `.ps1`, in order to run successfully. -{% note %} - -**Note**: Avoid using your scripts to output sensitive information to the console, as anyone with read access to the repository might be able to see the output in the UI logs. - -{% endnote %} +> [!NOTE] +> Avoid using your scripts to output sensitive information to the console, as anyone with read access to the repository might be able to see the output in the UI logs. ### Handling exit codes @@ -45,11 +42,8 @@ The [`continue-on-error`](/actions/using-workflows/workflow-syntax-for-github-ac The custom scripts must be located on the runner, but should not be stored in the `actions-runner` application directory. The scripts are executed in the security context of the service account that's running the runner service. -{% note %} - -**Note**: The triggered scripts are processed synchronously, so they will block job execution while they are running. - -{% endnote %} +> [!NOTE] +> The triggered scripts are processed synchronously, so they will block job execution while they are running. The scripts are automatically executed when the runner has the following environment variables containing an absolute path to the script: * `ACTIONS_RUNNER_HOOK_JOB_STARTED`: The script defined in this environment variable is triggered when a job has been assigned to a runner, but before the job starts running. @@ -61,11 +55,8 @@ To set these environment variables, you can either add them to the operating sys ACTIONS_RUNNER_HOOK_JOB_STARTED=/opt/runner/cleanup_script.sh ``` -{% note %} - -**Note**: The script defined in `ACTIONS_RUNNER_HOOK_JOB_COMPLETED` is executed at the end of the job, before the job completes. This makes it unsuitable for use cases that may interrupt a runner, such as deleting the runner machine as part of an autoscaling implementation. - -{% endnote %} +> [!NOTE] +> The script defined in `ACTIONS_RUNNER_HOOK_JOB_COMPLETED` is executed at the end of the job, before the job completes. This makes it unsuitable for use cases that may interrupt a runner, such as deleting the runner machine as part of an autoscaling implementation. ## Troubleshooting diff --git a/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners.md b/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners.md index c7e66c3ae..e89ef73ce 100644 --- a/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners.md +++ b/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners.md @@ -17,7 +17,8 @@ For information on how to use labels to route jobs to specific types of self-hos {% data reusables.actions.self-hosted-runner-management-permissions-required %} ->[!NOTE]Actions Runner Controller does not support multiple labels, to find out more please read our [Actions Runner Controller documentation](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller#using-arc-runners-in-a-workflow) +> [!NOTE] +> Actions Runner Controller does not support multiple labels, to find out more please read our [Actions Runner Controller documentation](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller#using-arc-runners-in-a-workflow) ## Creating a custom label @@ -27,11 +28,8 @@ You can create custom labels for runners at the repository{% ifversion ghec or g * [Creating a custom label for an organization runner](#creating-a-custom-label-for-an-organization-runner){% ifversion ghec or ghes %} * [Creating a custom label for an enterprise runner](#creating-a-custom-label-for-an-enterprise-runner){% endif %} -{% note %} - -**Note:** Labels are case-insensitive. - -{% endnote %} +> [!NOTE] +> Labels are case-insensitive. ### Creating a custom label for a repository runner @@ -124,11 +122,8 @@ You can programmatically assign labels to a self-hosted runner after the runner * To programmatically assign labels to an existing self-hosted runner, you must use the REST API. For more information, see "[AUTOTITLE](/rest/actions/self-hosted-runners)." * To programmatically assign labels to a self-hosted runner during the initial runner configuration, you can pass label names to the `config` script using the `labels` parameter. - {% note %} - - **Note:** You cannot use the `config` script to assign labels to an existing self-hosted runner. - - {% endnote %} + > [!NOTE] + > You cannot use the `config` script to assign labels to an existing self-hosted runner. For example, this command assigns a label named `gpu` when configuring a new self-hosted runner: @@ -144,8 +139,5 @@ You can programmatically assign labels to a self-hosted runner after the runner ./config.sh --url --token --labels gpu,x64,linux ``` - {% note %} - - **Note:** If you replace an existing runner, then you must reassign any custom labels. - - {% endnote %} + > [!NOTE] + > If you replace an existing runner, then you must reassign any custom labels. diff --git a/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md b/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md index 670e09f9f..c40bd9e80 100644 --- a/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md +++ b/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md @@ -31,13 +31,12 @@ You can configure environments with protection rules and secrets. When a workflo {% ifversion actions-break-glass %}Optionally, you can bypass an environment's protection rules and force all pending jobs referencing the environment to proceed. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments#bypassing-environment-protection-rules)."{% endif %} {% ifversion fpt %} -{% note %} -**Note:** Users with {% data variables.product.prodname_free_user %} plans can only configure environments for public repositories. If you convert a repository from public to private, any configured protection rules or environment secrets will be ignored, and you will not be able to configure any environments. If you convert your repository back to public, you will have access to any previously configured protection rules and environment secrets. +> [!NOTE] +> Users with {% data variables.product.prodname_free_user %} plans can only configure environments for public repositories. If you convert a repository from public to private, any configured protection rules or environment secrets will be ignored, and you will not be able to configure any environments. If you convert your repository back to public, you will have access to any previously configured protection rules and environment secrets. +> +> Organizations with {% data variables.product.prodname_team %} and users with {% data variables.product.prodname_pro %} can configure environments for private repositories. For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)." -Organizations with {% data variables.product.prodname_team %} and users with {% data variables.product.prodname_pro %} can configure environments for private repositories. For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)." - -{% endnote %} {% endif %} ## Deployment protection rules @@ -58,21 +57,23 @@ Use required reviewers to require a specific person or team to approve workflow For more information on reviewing jobs that reference an environment with required reviewers, see "[AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments)." -{% ifversion fpt %}{% note %} +{% ifversion fpt %} -**Note:** If you are on a {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, or {% data variables.product.prodname_team %} plan, required reviewers are only available for public repositories. +> [!NOTE] +> If you are on a {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, or {% data variables.product.prodname_team %} plan, required reviewers are only available for public repositories. -{% endnote %}{% endif %} +{% endif %} ### Wait timer Use a wait timer to delay a job for a specific amount of time after the job is initially triggered. The time (in minutes) must be an integer between 1 and 43,200 (30 days). -{% ifversion fpt %}{% note %} +{% ifversion fpt %} -**Note:** If you are on a {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, or {% data variables.product.prodname_team %} plan, wait timers are only available for public repositories. +> [!NOTE] +> If you are on a {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, or {% data variables.product.prodname_team %} plan, wait timers are only available for public repositories. -{% endnote %}{% endif %} +{% endif %} ### Deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} @@ -85,11 +86,10 @@ Use deployment branches{% ifversion deployment-protections-tag-patterns %} and t {%- endif %} * **Protected branches{% ifversion deployment-protections-tag-patterns %} only{% endif %}**: Only branches with branch protection rules enabled can deploy to the environment. If no branch protection rules are defined for any branch in the repository, then all branches can deploy. For more information about branch protection rules, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches)."{% ifversion actions-protected-branches-restrictions %} - {% note %} + > [!NOTE] + > Deployment workflow runs triggered by tags with the same name as a protected branch and forks with branches that match the protected branch name cannot deploy to the environment. - **Note:** Deployment workflow runs triggered by tags with the same name as a protected branch and forks with branches that match the protected branch name cannot deploy to the environment. - - {% endnote %}{% endif %} + {% endif %} * **Selected branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %}**: Only branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} that match your specified name patterns can deploy to the environment. If you specify `releases/*` as a deployment branch{% ifversion deployment-protections-tag-patterns %} or tag{% endif %} rule, only a branch{% ifversion deployment-protections-tag-patterns %} or tag{% endif %} whose name begins with `releases/` can deploy to the environment. (Wildcard characters will not match `/`. To match branches{% ifversion deployment-protections-tag-patterns %} or tags{% endif %} that begin with `release/` and contain an additional single slash, use `release/*/*`.) If you add `main` as a branch rule, a branch named `main` can also deploy to the environment. For more information about syntax options for deployment branches, see the [Ruby `File.fnmatch` documentation](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch). @@ -100,11 +100,12 @@ Use deployment branches{% ifversion deployment-protections-tag-patterns %} and t {% endif %} -{% ifversion fpt %}{% note %} +{% ifversion fpt %} -**Note:** Deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} are available for all public repositories. For users on {% data variables.product.prodname_pro %} or {% data variables.product.prodname_team %} plans, deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} are also available for private repositories. +> [!NOTE] +> Deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} are available for all public repositories. For users on {% data variables.product.prodname_pro %} or {% data variables.product.prodname_team %} plans, deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} are also available for private repositories. -{% endnote %}{% endif %} +{% endif %} {% ifversion actions-break-glass %} @@ -114,11 +115,12 @@ By default, administrators can bypass the protection rules and force deployments Alternatively, you can configure environments to disallow bypassing the protection rules for all deployments to the environment. -{% ifversion fpt %}{% note %} +{% ifversion fpt %} -**Note:** Allowing administrators to bypass protection rules is only available for public repositories for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, and {% data variables.product.prodname_team %} plans. +> [!NOTE] +> Allowing administrators to bypass protection rules is only available for public repositories for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, and {% data variables.product.prodname_team %} plans. -{% endnote %}{% endif %} +{% endif %} {% endif %} {% ifversion actions-custom-deployment-protection-rules-beta %} @@ -131,11 +133,12 @@ Alternatively, you can configure environments to disallow bypassing the protecti Once custom deployment protection rules have been created and installed on a repository, you can enable the custom deployment protection rule for any environment in the repository. For more information about configuring and enabling custom deployment protection rules, see "[AUTOTITLE](/actions/deployment/protecting-deployments/configuring-custom-deployment-protection-rules)." -{% ifversion fpt %}{% note %} +{% ifversion fpt %} -**Note:** Custom deployment protection rules are only available for public repositories for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, and {% data variables.product.prodname_team %} plans. +> [!NOTE] +> Custom deployment protection rules are only available for public repositories for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, and {% data variables.product.prodname_team %} plans. -{% endnote %}{% endif %} +{% endif %} {% endif %} @@ -144,45 +147,38 @@ Once custom deployment protection rules have been created and installed on a rep Secrets stored in an environment are only available to workflow jobs that reference the environment. If the environment requires approval, a job cannot access environment secrets until one of the required reviewers approves it. For more information about secrets, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)." {% ifversion fpt %} -{% note %} - -**Notes:** +> [!NOTE] +> * Workflows that run on self-hosted runners are not run in an isolated container, even if they use environments. Environment secrets should be treated with the same level of security as repository and organization secrets. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners)." +> * Environment secrets are only available in public repositories if you are using {% data variables.product.prodname_free_user %}. For access to environment secrets in private or internal repositories, you must use {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, or {% data variables.product.prodname_enterprise %}. For more information on switching your plan, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan)." -* Workflows that run on self-hosted runners are not run in an isolated container, even if they use environments. Environment secrets should be treated with the same level of security as repository and organization secrets. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners)." -* Environment secrets are only available in public repositories if you are using {% data variables.product.prodname_free_user %}. For access to environment secrets in private or internal repositories, you must use {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, or {% data variables.product.prodname_enterprise %}. For more information on switching your plan, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan)." - -{% endnote %} {% else %} -{% note %} -**Note:** Workflows that run on self-hosted runners are not run in an isolated container, even if they use environments. Environment secrets should be treated with the same level of security as repository and organization secrets. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners)." +> [!NOTE] +> Workflows that run on self-hosted runners are not run in an isolated container, even if they use environments. Environment secrets should be treated with the same level of security as repository and organization secrets. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners)." -{% endnote %} {% endif %} ## Environment variables Variables stored in an environment are only available to workflow jobs that reference the environment. These variables are only accessible using the [`vars`](/actions/learn-github-actions/contexts#vars-context) context. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables)." -{% ifversion fpt %}{% note %} +{% ifversion fpt %} -**Note:** Environment variables are available for all public repositories. For users on {% data variables.product.prodname_pro %} or {% data variables.product.prodname_team %} plans, environment variables are also available for private repositories. +> [!NOTE] +> Environment variables are available for all public repositories. For users on {% data variables.product.prodname_pro %} or {% data variables.product.prodname_team %} plans, environment variables are also available for private repositories. -{% endnote %}{% endif %} +{% endif %} ## Creating an environment {% data reusables.actions.permissions-statement-environment %} {% ifversion fpt %} -{% note %} - -**Notes:** -* Creation of an environment in a private repository is available to organizations with {% data variables.product.prodname_team %} and users with {% data variables.product.prodname_pro %}. -* Some features for environments have no or limited availability for private repositories. If you are unable to access a feature described in the instructions below, please see the documentation linked in the related step for availability information. +> [!NOTE] +> * Creation of an environment in a private repository is available to organizations with {% data variables.product.prodname_team %} and users with {% data variables.product.prodname_pro %}. +> * Some features for environments have no or limited availability for private repositories. If you are unable to access a feature described in the instructions below, please see the documentation linked in the related step for availability information. -{% endnote %} {% endif %} {% data reusables.repositories.navigate-to-repo %} diff --git a/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md b/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md index 87295e370..4b34487ae 100644 --- a/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md +++ b/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md @@ -27,11 +27,12 @@ For more information about environments and required approvals, see "[AUTOTITLE] * To approve the job, click **Approve and deploy**. Once a job is approved (and any other deployment protection rules have passed), the job will proceed. At this point, the job can access any secrets stored in the environment. * To reject the job, click **Reject**. If a job is rejected, the workflow will fail. -{% ifversion deployments-prevent-self-approval %}{% note %} +{% ifversion deployments-prevent-self-approval %} -**Note:** If the targeted environment is configured to prevent self-approvals for deployments, you will not be able to approve a deployment from a workflow run you initiated. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#required-reviewers)." +> [!NOTE] +> If the targeted environment is configured to prevent self-approvals for deployments, you will not be able to approve a deployment from a workflow run you initiated. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#required-reviewers)." -{% endnote %}{% endif %} +{% endif %} {% ifversion actions-break-glass %} @@ -39,14 +40,9 @@ For more information about environments and required approvals, see "[AUTOTITLE] If you have configured deployment protection rules that control whether software can be deployed to an environment, you can bypass these rules and force all pending jobs referencing the environment to proceed. -{% note %} - -**Notes:** - -* You cannot bypass deployment protection rules if the environment has been configured to prevent admins from bypassing configured protection rules. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#creating-an-environment)." -* You can only bypass deployment protection rules during workflow execution when a job referencing the environment is in a "Pending" state. - -{% endnote %} +> [!NOTE] +> * You cannot bypass deployment protection rules if the environment has been configured to prevent admins from bypassing configured protection rules. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#creating-an-environment)." +> * You can only bypass deployment protection rules during workflow execution when a job referencing the environment is in a "Pending" state. 1. Navigate to the workflow run. For more information about navigating to a workflow run, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)." 1. To the right of **Deployment protection rules**, click **Start all waiting jobs**. diff --git a/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow.md b/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow.md index 6219e13dd..6a0e61692 100644 --- a/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow.md +++ b/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/disabling-and-enabling-a-workflow.md @@ -22,11 +22,8 @@ Temporarily disabling a workflow can be useful in many scenarios. These are a fe * A workflow that sends requests to a service that is down. * Workflows on a forked repository that aren't needed (for example, scheduled workflows). -{% warning %} - -**Warning:** {% data reusables.actions.scheduled-workflows-disabled %} - -{% endwarning %} +> [!WARNING] +> {% data reusables.actions.scheduled-workflows-disabled %} You can also disable and enable a workflow using the REST API. For more information, see "[AUTOTITLE](/rest/actions/workflows)." diff --git a/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow.md b/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow.md index 291ae42af..998deaa1d 100644 --- a/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow.md +++ b/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow.md @@ -35,11 +35,9 @@ To trigger the `workflow_dispatch` event, your workflow must be in the default b ![Screenshot of the "Actions" page. Features apart from one workflow in the left sidebar are grayed out.](/assets/images/help/repository/actions-select-workflow.png) {%- endif %} 1. Above the list of workflow runs, click the **Run workflow** button. - {% note %} - **Note:** To see the **Run workflow** button, your workflow file must use the `workflow_dispatch` event trigger. Only workflow files that use the `workflow_dispatch` event trigger will have the option to run the workflow manually using the **Run workflow** button. For more information about configuring the `workflow_dispatch` event, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch)." - - {% endnote %} + > [!NOTE] + > To see the **Run workflow** button, your workflow file must use the `workflow_dispatch` event trigger. Only workflow files that use the `workflow_dispatch` event trigger will have the option to run the workflow manually using the **Run workflow** button. For more information about configuring the `workflow_dispatch` event, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch)." ![Screenshot of a workflow page. Above the list of workflow runs, a button, labeled "Run workflow", is outlined in dark orange.](/assets/images/help/actions/actions-workflow-dispatch.png) 1. Select the **Branch** dropdown menu and click a branch to run the workflow on. @@ -88,10 +86,7 @@ gh run watch When using the REST API, you configure the `inputs` and `ref` as request body parameters. If the inputs are omitted, the default values defined in the workflow file are used. -{% note %} - -**Note:** You can define up to 10 `inputs` for a `workflow_dispatch` event. - -{% endnote %} +> [!NOTE] +> You can define up to 10 `inputs` for a `workflow_dispatch` event. For more information about using the REST API, see "[AUTOTITLE](/rest/actions/workflows#create-a-workflow-dispatch-event)." diff --git a/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md b/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md index 7dd813db7..29c0160d9 100644 --- a/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md +++ b/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/removing-workflow-artifacts.md @@ -14,11 +14,8 @@ redirect_from: ## Deleting an artifact -{% warning %} - -**Warning:** Once you delete an artifact, it cannot be restored. - -{% endwarning %} +> [!WARNING] +> Once you delete an artifact, it cannot be restored. {% data reusables.repositories.permissions-statement-write %} diff --git a/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/skipping-workflow-runs.md b/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/skipping-workflow-runs.md index cb5913ec6..3dd59237c 100644 --- a/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/skipping-workflow-runs.md +++ b/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/skipping-workflow-runs.md @@ -12,11 +12,8 @@ redirect_from: {% data reusables.actions.enterprise-github-hosted-runners %} -{% note %} - -**Note:** If a workflow is skipped due to [path filtering](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore), [branch filtering](/actions/using-workflows/workflow-syntax-for-github-actions#onpull_requestpull_request_targetbranchesbranches-ignore) or a commit message (see below), then checks associated with that workflow will remain in a "Pending" state. A pull request that requires those checks to be successful will be blocked from merging. - -{% endnote %} +> [!NOTE] +> If a workflow is skipped due to [path filtering](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore), [branch filtering](/actions/using-workflows/workflow-syntax-for-github-actions#onpull_requestpull_request_targetbranchesbranches-ignore) or a commit message (see below), then checks associated with that workflow will remain in a "Pending" state. A pull request that requires those checks to be successful will be blocked from merging. Workflows that would otherwise be triggered using `on: push` or `on: pull_request` won't be triggered if you add any of the following strings to the commit message in a push, or the HEAD commit of a pull request: @@ -34,10 +31,7 @@ Alternatively, you can add a `skip-checks` trailer to your commit message. The t You won't be able to merge the pull request if your repository is configured to require specific checks to pass first. To allow the pull request to be merged you can push a new commit to the pull request without the skip instruction in the commit message. -{% note %} - -**Note:** Skip instructions only apply to the `push` and `pull_request` events. For example, adding `[skip ci]` to a commit message won't stop a workflow that's triggered `on: pull_request_target` from running. - -{% endnote %} +> [!NOTE] +> Skip instructions only apply to the `push` and `pull_request` events. For example, adding `[skip ci]` to a commit message won't stop a workflow that's triggered `on: pull_request_target` from running. Skip instructions only apply to the workflow run(s) that would be triggered by the commit that contains the skip instructions. You can also disable a workflow from running. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/disabling-and-enabling-a-workflow)." diff --git a/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/extending-github-actions-importer-with-custom-transformers.md b/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/extending-github-actions-importer-with-custom-transformers.md index 3a7a7d15a..07849e657 100644 --- a/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/extending-github-actions-importer-with-custom-transformers.md +++ b/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/extending-github-actions-importer-with-custom-transformers.md @@ -43,11 +43,8 @@ Alternatively, you can use the glob pattern syntax to specify multiple custom tr gh actions-importer ... --custom-transformers transformers/*.rb ``` -{% note %} - -**Note:** When you use custom transformers, the custom transformer files must reside in the same directory, or in subdirectories, from where the `gh actions-importer` command is run. - -{% endnote %} +> [!NOTE] +> When you use custom transformers, the custom transformer files must reside in the same directory, or in subdirectories, from where the `gh actions-importer` command is run. ## Creating custom transformers for items @@ -91,11 +88,8 @@ The above example results in the following {% data variables.product.prodname_ac The `transform` method uses the identifier of the build step from your source CI/CD instance in an argument. In this example, the identifier is `buildJavaScriptLibrary`. You can also use comma-separated values to pass multiple identifiers to the `transform` method. For example, `transform "buildJavaScriptApp", "buildTypeScriptApp" { |item| ... }`. -{% note %} - -**Note**: The data structure of `item` will be different depending on the CI/CD platform and the type of item being converted. - -{% endnote %} +> [!NOTE] +> The data structure of `item` will be different depending on the CI/CD platform and the type of item being converted. ## Creating custom transformers for runners @@ -171,11 +165,8 @@ There are several ways you can set up custom transformers to map your environmen env /^(.+)_SSH_KEY/, secret("%s_SSH_KEY) ``` - {% note %} - - **Note**: The order in which `env` methods are defined matters when using regular expressions. The first `env` transformer that matches an environment variable name takes precedence over subsequent `env` methods. You should define your most specific environment variable transformers first. - - {% endnote %} + > [!NOTE] + > The order in which `env` methods are defined matters when using regular expressions. The first `env` transformer that matches an environment variable name takes precedence over subsequent `env` methods. You should define your most specific environment variable transformers first. ## Legal notice diff --git a/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-azure-devops-with-github-actions-importer.md b/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-azure-devops-with-github-actions-importer.md index 8a1455c24..7656ccaa8 100644 --- a/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-azure-devops-with-github-actions-importer.md +++ b/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-azure-devops-with-github-actions-importer.md @@ -536,11 +536,8 @@ steps: | stage | `job` | Partially supported | | stageList | `job` | Partially supported | -{% note %} - -**Note:** A template used under the `step` key with this parameter type is only serialized as a composite action if the steps are used at the beginning or end of the template steps. A template used under the `stage`, `deployment`, and `job` keys with this parameter type are not transformed into a reusable workflow, and instead are serialized as a standalone workflow. - -{% endnote %} +> [!NOTE] +> A template used under the `step` key with this parameter type is only serialized as a composite action if the steps are used at the beginning or end of the template steps. A template used under the `stage`, `deployment`, and `job` keys with this parameter type are not transformed into a reusable workflow, and instead are serialized as a standalone workflow. ## Legal notice diff --git a/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bamboo-with-github-actions-importer.md b/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bamboo-with-github-actions-importer.md index 6719c745f..edeb53ce9 100644 --- a/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bamboo-with-github-actions-importer.md +++ b/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-bamboo-with-github-actions-importer.md @@ -371,11 +371,8 @@ For more information about supported Bamboo concept and plugin mappings, see the | `bamboo.shortPlanKey` | {% raw %}`${{ github.workflow }}`{% endraw %} | `bamboo.shortPlanName` | {% raw %}`${{ github.workflow }}`{% endraw %} -{% note %} - -**Note:** Unknown variables are transformed to {% raw %}`${{ env. }}`{% endraw %} and must be replaced or added under `env` for proper operation. For example, `${bamboo.jira.baseUrl}` will become {% raw %}`${{ env.jira_baseUrl }}`{% endraw %}. - -{% endnote %} +> [!NOTE] +> Unknown variables are transformed to {% raw %}`${{ env. }}`{% endraw %} and must be replaced or added under `env` for proper operation. For example, `${bamboo.jira.baseUrl}` will become {% raw %}`${{ env.jira_baseUrl }}`{% endraw %}. ### System Variables diff --git a/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-jenkins-with-github-actions-importer.md b/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-jenkins-with-github-actions-importer.md index 5e6dc8f84..c6d0b1799 100644 --- a/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-jenkins-with-github-actions-importer.md +++ b/actions/migrating-to-github-actions/using-github-actions-importer-to-automate-migrations/migrating-from-jenkins-with-github-actions-importer.md @@ -212,11 +212,8 @@ This section contains reference information on environment variables, optional a * `GITHUB_INSTANCE_URL`: The URL to the target {% data variables.product.prodname_dotcom %} instance (for example, `https://github.com`). * `JENKINS_ACCESS_TOKEN`: The Jenkins API token used to view Jenkins resources. - {% note %} - - **Note**: This token requires access to all jobs that you want to migrate or audit. In cases where a folder or job does not inherit access control lists from their parent, you must grant explicit permissions or full admin privileges. - - {% endnote %} + > [!NOTE] + > This token requires access to all jobs that you want to migrate or audit. In cases where a folder or job does not inherit access control lists from their parent, you must grant explicit permissions or full admin privileges. * `JENKINS_USERNAME`: The username of the user account that created the Jenkins API token. * `JENKINS_INSTANCE_URL`: The URL of the Jenkins instance. diff --git a/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/adding-a-workflow-status-badge.md b/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/adding-a-workflow-status-badge.md index 2857b0565..1404091f6 100644 --- a/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/adding-a-workflow-status-badge.md +++ b/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/adding-a-workflow-status-badge.md @@ -13,11 +13,8 @@ versions: {% data reusables.actions.enterprise-github-hosted-runners %} -{% note %} - -**Note**: Workflow badges in a private repository are not accessible externally, so you won't be able to embed them or link to them from an external site. - -{% endnote %} +> [!NOTE] +> Workflow badges in a private repository are not accessible externally, so you won't be able to embed them or link to them from an external site. {% data reusables.repositories.actions-workflow-status-badge-intro %} diff --git a/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-workflow-run-logs.md b/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-workflow-run-logs.md index 9deda463f..b03b02284 100644 --- a/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-workflow-run-logs.md +++ b/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/using-workflow-run-logs.md @@ -63,11 +63,8 @@ You can download the log files from your workflow run. You can also download a w {% ifversion re-run-jobs %} - {% note %} - - **Note**: When you download the log archive for a workflow that was partially re-run, the archive only includes the jobs that were re-run. To get a complete set of logs for jobs that were run from a workflow, you must download the log archives for the previous run attempts that ran the other jobs. - - {% endnote %} + > [!NOTE] + > When you download the log archive for a workflow that was partially re-run, the archive only includes the jobs that were re-run. To get a complete set of logs for jobs that were run from a workflow, you must download the log archives for the previous run attempts that ran the other jobs. {% endif %} diff --git a/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-job-execution-time.md b/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-job-execution-time.md index 027c0100e..879cc9989 100644 --- a/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-job-execution-time.md +++ b/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/viewing-job-execution-time.md @@ -21,8 +21,5 @@ Billable job execution minutes are only shown for jobs run on private repositori 1. Under the job summary, you can view the job's execution time. 1. To view details about the billable job execution time, in the left sidebar under "Run details", click **{% octicon "stopwatch" aria-hidden="true" %} Usage**. - {% note %} - - **Note:** The billable time shown does not include any minute multipliers. To view your total {% data variables.product.prodname_actions %} usage, including minute multipliers, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/viewing-your-github-actions-usage)." - - {% endnote %} + > [!NOTE] + > The billable time shown does not include any minute multipliers. To view your total {% data variables.product.prodname_actions %} usage, including minute multipliers, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/viewing-your-github-actions-usage)." diff --git a/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/working-with-support-for-github-actions.md b/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/working-with-support-for-github-actions.md index cf7589611..6cc24558d 100644 --- a/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/working-with-support-for-github-actions.md +++ b/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/working-with-support-for-github-actions.md @@ -36,19 +36,13 @@ Some information that {% data variables.contact.github_support %} will request c Self-hosted runner log file names are be formatted: `Runner_YYYY####-xxxxxx-utc.log` and `Worker_YYYY####-xxxxxx-utc.log`. -{% note %} +> [!NOTE] +> Attach files to your support ticket by changing the file's extension to `.txt` or `.zip`. If you include textual data such as log or workflow file snippets inline in your ticket, ensure they are formatted correctly as Markdown code blocks. For more information about proper Markdown formatting, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#quoting-code)." +> +> If the information you provide is unreadable due to the loss of formatting by improper Markdown syntax, {% data variables.contact.github_support %} may request that resubmit the information either as an attachment or with the correct Markdown formatting. -**Note:** Attach files to your support ticket by changing the file's extension to `.txt` or `.zip`. If you include textual data such as log or workflow file snippets inline in your ticket, ensure they are formatted correctly as Markdown code blocks. For more information about proper Markdown formatting, see "[AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#quoting-code)." - -If the information you provide is unreadable due to the loss of formatting by improper Markdown syntax, {% data variables.contact.github_support %} may request that resubmit the information either as an attachment or with the correct Markdown formatting. - -{% endnote %} - -{% warning %} - -**Warning:** Ensure all files and text provided to {% data variables.contact.github_support %} have been properly redacted to remove sensitive information such as tokens and other secrets. - -{% endwarning %} +> [!WARNING] +> Ensure all files and text provided to {% data variables.contact.github_support %} have been properly redacted to remove sensitive information such as tokens and other secrets. {% ifversion ghes %} Depending on the nature of your inquiry, {% data variables.contact.github_support %} may also request that you generate and upload a support bundle for further review and analysis. For more information about providing data to {% data variables.contact.github_support %} and support bundles, see "[AUTOTITLE](/support/contacting-github-support/providing-data-to-github-support)." diff --git a/actions/security-for-github-actions/security-guides/automatic-token-authentication.md b/actions/security-for-github-actions/security-guides/automatic-token-authentication.md index 791f333c4..4062da830 100644 --- a/actions/security-for-github-actions/security-guides/automatic-token-authentication.md +++ b/actions/security-for-github-actions/security-guides/automatic-token-authentication.md @@ -30,11 +30,8 @@ The token is also available in the `github.token` context. For more information, You can use the `GITHUB_TOKEN` by using the standard syntax for referencing secrets: {% raw %}`${{ secrets.GITHUB_TOKEN }}`{% endraw %}. Examples of using the `GITHUB_TOKEN` include passing the token as an input to an action, or using it to make an authenticated {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API request. -{% note %} - -**Important:** An action can access the `GITHUB_TOKEN` through the `github.token` context even if the workflow does not explicitly pass the `GITHUB_TOKEN` to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the `GITHUB_TOKEN`. For more information, see "[Permissions for the `GITHUB_TOKEN`](#permissions-for-the-github_token)." - -{% endnote %} +> [!IMPORTANT] +> An action can access the `GITHUB_TOKEN` through the `github.token` context even if the workflow does not explicitly pass the `GITHUB_TOKEN` to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the `GITHUB_TOKEN`. For more information, see "[Permissions for the `GITHUB_TOKEN`](#permissions-for-the-github_token)." {% data reusables.actions.actions-do-not-trigger-workflows %} @@ -104,14 +101,10 @@ The following table shows the permissions granted to the `GITHUB_TOKEN` by defau {% endrowheaders %} -{% note %} - -**Notes:** -* When a workflow is triggered by the [`pull_request_target`](/actions/using-workflows/events-that-trigger-workflows#pull_request_target) event, the `GITHUB_TOKEN` is granted read/write repository permission, even when it is triggered from a public fork. For more information, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#pull_request_target)." -* Private repositories can control whether pull requests from forks can run workflows, and can configure the permissions assigned to `GITHUB_TOKEN`. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories)." -* {% data reusables.actions.workflow-runs-dependabot-note %} - -{% endnote %} +> [!NOTE] +> * When a workflow is triggered by the [`pull_request_target`](/actions/using-workflows/events-that-trigger-workflows#pull_request_target) event, the `GITHUB_TOKEN` is granted read/write repository permission, even when it is triggered from a public fork. For more information, see "[AUTOTITLE](/actions/using-workflows/events-that-trigger-workflows#pull_request_target)." +> * Private repositories can control whether pull requests from forks can run workflows, and can configure the permissions assigned to `GITHUB_TOKEN`. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-forks-of-private-repositories)." +> * {% data reusables.actions.workflow-runs-dependabot-note %} ### Modifying the permissions for the `GITHUB_TOKEN` @@ -127,11 +120,8 @@ The two workflow examples earlier in this article show the `permissions` key bei For full details of the `permissions` key, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#permissions)." -{% note %} - -**Note:** Organization{% ifversion not fpt %} and enterprise{% endif %} owners can prevent you from granting write access to the `GITHUB_TOKEN` at the repository level. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization){% ifversion not fpt %} and "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise)."{% else %}."{% endif %} - -{% endnote %} +> [!NOTE] +> Organization{% ifversion not fpt %} and enterprise{% endif %} owners can prevent you from granting write access to the `GITHUB_TOKEN` at the repository level. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization){% ifversion not fpt %} and "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise)."{% else %}."{% endif %} #### How the permissions are calculated for a workflow job diff --git a/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md b/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md index 7c9530efb..731482319 100644 --- a/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md +++ b/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md @@ -46,11 +46,8 @@ To help prevent accidental disclosure, {% data variables.product.product_name %} * **Consider requiring review for access to secrets** * You can use required reviewers to protect environment secrets. A workflow job cannot access environment secrets until approval is granted by a reviewer. For more information about storing secrets in environments or requiring reviews for environments, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)" and "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment)." -{% warning %} - -**Warning**: Any user with write access to your repository has read access to all secrets configured in your repository. Therefore, you should ensure that the credentials being used within workflows have the least privileges required. - -{% endwarning %} +> [!WARNING] +> Any user with write access to your repository has read access to all secrets configured in your repository. Therefore, you should ensure that the credentials being used within workflows have the least privileges required. ## Using `CODEOWNERS` to monitor changes @@ -237,11 +234,8 @@ These sections consider some of the steps an attacker can take if they're able t {% ifversion fpt or ghec %} -{% note %} - -**Note:** {% data variables.product.prodname_dotcom %}-hosted runners do not scan for malicious code downloaded by a user during their job, such as a compromised third party library. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dotcom %}-hosted runners do not scan for malicious code downloaded by a user during their job, such as a compromised third party library. {% endif %} @@ -353,11 +347,8 @@ Some customers might attempt to partially mitigate these risks by implementing s To improve runner registration security, you can use the REST API to create ephemeral, just-in-time (JIT) runners. These self-hosted runners perform at most one job before being automatically removed from the repository, organization, or enterprise. For more information about configuring JIT runners, see "[AUTOTITLE](/rest/actions/self-hosted-runners#create-configuration-for-a-just-in-time-runner-for-an-organization)." -{% note %} - -**Note:** Re-using hardware to host JIT runners can risk exposing information from the environment. Use automation to ensure the JIT runner uses a clean environment. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners#using-ephemeral-runners-for-autoscaling)." - -{% endnote %} +> [!NOTE] +> Re-using hardware to host JIT runners can risk exposing information from the environment. Use automation to ensure the JIT runner uses a clean environment. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners#using-ephemeral-runners-for-autoscaling)." Once you have the config file from the REST API response, you can pass it to the runner at startup. diff --git a/actions/security-for-github-actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md b/actions/security-for-github-actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md index ef600c9e5..335cfcee5 100644 --- a/actions/security-for-github-actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md +++ b/actions/security-for-github-actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions.md @@ -43,11 +43,8 @@ You can set up your repositories so that you: You can use {% data variables.product.prodname_dependabot %} to monitor the actions in your workflows and enable {% data variables.product.prodname_dependabot_alerts %} to notify you when an action you use has a reported vulnerability. {% data variables.product.prodname_dependabot %} performs a scan of the default branch of the repositories where it is enabled to detect insecure dependencies. {% data variables.product.prodname_dependabot %} generates {% data variables.product.prodname_dependabot_alerts %} when a new advisory is added to the {% data variables.product.prodname_advisory_database %} or when an action you use is updated. -{% note %} - -**Note:** {% data variables.product.prodname_dependabot %} only creates alerts for vulnerable actions that use semantic versioning and will not create alerts for actions pinned to SHA values. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dependabot %} only creates alerts for vulnerable actions that use semantic versioning and will not create alerts for actions pinned to SHA values. {% ifversion fpt or ghec %}You can enable {% data variables.product.prodname_dependabot_alerts %} for your personal account, for a repository, or for an organization. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts)."{% else %}An enterprise owner must first set up {% data variables.product.prodname_dependabot %} for your enterprise before you can manage {% data variables.product.prodname_dependabot_alerts %} for your repository. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."{% endif %} @@ -76,13 +73,8 @@ The following features can automatically update the actions in your workflows. * **{% data variables.product.prodname_dependabot_version_updates %}** open pull requests to update actions to the latest version when a new version is released. * **{% data variables.product.prodname_dependabot_security_updates %}** open pull requests to update actions with reported vulnerabilities to the minimum patched version. -{% note %} - -**Notes:** - -{% data reusables.actions.dependabot-version-updates-actions-caveats %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.dependabot-version-updates-actions-caveats %} For information on how to configure {% data variables.product.prodname_dependabot_version_updates %}, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." diff --git a/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions.md b/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions.md index b5f48a3b4..a121cf3b2 100644 --- a/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions.md +++ b/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions.md @@ -27,11 +27,8 @@ Secrets are variables that you create in an organization, repository, or reposit For secrets stored at the environment level, you can enable required reviewers to control access to the secrets. A workflow job cannot access environment secrets until approval is granted by required approvers. -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} ### Naming your secrets @@ -65,11 +62,8 @@ When generating a {% data variables.product.pat_v1 %}, select the fewest scopes Instead of using a {% data variables.product.pat_generic %}, consider using a {% data variables.product.prodname_github_app %}, which uses fine-grained permissions and short lived tokens, similar to a {% data variables.product.pat_v2 %}. Unlike a {% data variables.product.pat_generic %}, a {% data variables.product.prodname_github_app %} is not tied to a user, so the workflow will continue to work even if the user who installed the app leaves your organization. For more information, see "[AUTOTITLE](/apps/creating-github-apps/guides/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow)." -{% note %} - -**Note:** Users with collaborator access to a repository can use the REST API to manage secrets for that repository, and users with admin access to an organization can use the REST API to manage secrets for that organization. For more information, see "[AUTOTITLE](/rest/actions/secrets)." - -{% endnote %} +> [!NOTE] +> Users with collaborator access to a repository can use the REST API to manage secrets for that repository, and users with admin access to an organization can use the REST API to manage secrets for that organization. For more information, see "[AUTOTITLE](/rest/actions/secrets)." ## Creating secrets for a repository @@ -171,15 +165,12 @@ gh secret list --env ENV_NAME {% cli %} -{% note %} - -**Note:** By default, {% data variables.product.prodname_cli %} authenticates with the `repo` and `read:org` scopes. To manage organization secrets, you must additionally authorize the `admin:org` scope. - -```shell -gh auth login --scopes "admin:org" -``` - -{% endnote %} +> [!NOTE] +> By default, {% data variables.product.prodname_cli %} authenticates with the `repo` and `read:org` scopes. To manage organization secrets, you must additionally authorize the `admin:org` scope. +> +> ```shell +> gh auth login --scopes "admin:org" +> ``` To add a secret for an organization, use the `gh secret set` subcommand with the `--org` or `-o` flag followed by the organization name. @@ -218,15 +209,9 @@ You can check which access policies are being applied to a secret in your organi ## Using secrets in a workflow -{% note %} - -**Notes:** - -* {% data reusables.actions.forked-secrets %} - -* Secrets are not automatically passed to reusable workflows. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows#passing-inputs-and-secrets-to-a-reusable-workflow)." - -{% endnote %} +> [!NOTE] +> * {% data reusables.actions.forked-secrets %} +> * Secrets are not automatically passed to reusable workflows. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows#passing-inputs-and-secrets-to-a-reusable-workflow)." To provide an action with a secret as an input or environment variable, you can use the `secrets` context to access secrets you've created in your repository. For more information, see "[AUTOTITLE](/actions/learn-github-actions/contexts)" and "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions)." @@ -312,11 +297,8 @@ Secrets are limited to 48 KB in size. To store larger secrets, see the "[Storing To use secrets that are larger than 48 KB, you can use a workaround to store secrets in your repository and save the decryption passphrase as a secret on {% data variables.product.prodname_dotcom %}. For example, you can use `gpg` to encrypt a file containing your secret locally before checking the encrypted file in to your repository on {% data variables.product.prodname_dotcom %}. For more information, see the "[gpg manpage](https://www.gnupg.org/gph/de/manual/r1023.html)." -{% warning %} - -**Warning**: Be careful that your secrets do not get printed when your workflow runs. When using this workaround, {% data variables.product.prodname_dotcom %} does not redact secrets that are printed in logs. - -{% endwarning %} +> [!WARNING] +> Be careful that your secrets do not get printed when your workflow runs. When using this workaround, {% data variables.product.prodname_dotcom %} does not redact secrets that are printed in logs. 1. Run the following command from your terminal to encrypt the file containing your secret using `gpg` and the AES256 cipher algorithm. In this example, `my_secret.json` is the file containing the secret. @@ -330,11 +312,8 @@ To use secrets that are larger than 48 KB, you can use a workaround to store sec 1. Copy your encrypted file to a path in your repository and commit it. In this example, the encrypted file is `my_secret.json.gpg`. - {% warning %} - - **Warning**: Make sure to copy the encrypted `my_secret.json.gpg` file ending with the `.gpg` file extension, and **not** the unencrypted `my_secret.json` file. - - {% endwarning %} + > [!WARNING] + > Make sure to copy the encrypted `my_secret.json.gpg` file ending with the `.gpg` file extension, and **not** the unencrypted `my_secret.json` file. ```shell git add my_secret.json.gpg @@ -391,11 +370,8 @@ To use secrets that are larger than 48 KB, you can use a workaround to store sec You can use Base64 encoding to store small binary blobs as secrets. You can then reference the secret in your workflow and decode it for use on the runner. For the size limits, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions#limits-for-secrets)." -{% note %} - -**Note**: Note that Base64 only converts binary to text, and is not a substitute for actual encryption. - -{% endnote %} +> [!NOTE] +> Note that Base64 only converts binary to text, and is not a substitute for actual encryption. 1. Use `base64` to encode your file into a Base64 string. For example: @@ -440,11 +416,8 @@ You can use Base64 encoding to store small binary blobs as secrets. You can then openssl x509 -in cert.der -inform DER -text -noout ``` -{% note %} - -**Note**: Using another shell might require different commands for decoding the secret to a file. On Windows runners, we recommend [using a bash shell](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell) with `shell: bash` to use the commands in the `run` step above. - -{% endnote %} +> [!NOTE] +> Using another shell might require different commands for decoding the secret to a file. On Windows runners, we recommend [using a bash shell](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell) with `shell: bash` to use the commands in the `run` step above. ## Redacting secrets from workflow run logs diff --git a/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md b/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md index 5e948e573..fe7842c1a 100644 --- a/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md +++ b/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md @@ -166,11 +166,8 @@ If you need more granular trust conditions, you can customize the {% ifversion g There are also many additional claims supported in the OIDC token that can be used for setting these conditions. In addition, your cloud provider could allow you to assign a role to the access tokens, letting you specify even more granular permissions. -{% note %} - -**Note**: To control how your cloud provider issues access tokens, you **must** define at least one condition, so that untrusted repositories can’t request access tokens for your cloud resources. - -{% endnote %} +> [!NOTE] +> To control how your cloud provider issues access tokens, you **must** define at least one condition, so that untrusted repositories can’t request access tokens for your cloud resources. ### Example subject claims @@ -294,19 +291,13 @@ After this setting is applied, the JWT will contain the updated `iss` value. In To help improve security, compliance, and standardization, you can customize the standard claims to suit your required access conditions. If your cloud provider supports conditions on subject claims, you can create a condition that checks whether the `sub` value matches the path of the reusable workflow, such as `"job_workflow_ref:octo-org/octo-automation/.github/workflows/oidc.yml@refs/heads/main"`. The exact format will vary depending on your cloud provider's OIDC configuration. To configure the matching condition on {% data variables.product.prodname_dotcom %}, you can can use the REST API to require that the `sub` claim must always include a specific custom claim, such as `job_workflow_ref`. You can use the REST API to apply a customization template for the OIDC subject claim; for example, you can require that the `sub` claim within the OIDC token must always include a specific custom claim, such as `job_workflow_ref`. For more information, see "[AUTOTITLE](/rest/actions/oidc)." -{% note %} - -**Note**: When the organization template is applied, it will not affect any workflows already using OIDC unless their repository has opted in to custom organization templates. For all repositories, existing and new, the repository owner will need to use the repository-level REST API to opt in to receive this configuration by setting `use_default` to `false`. Alternatively, the repository owner could use the REST API to apply a different configuration specific to the repository. For more information, see "[AUTOTITLE](/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository)." - -{% endnote %} +> [!NOTE] +> When the organization template is applied, it will not affect any workflows already using OIDC unless their repository has opted in to custom organization templates. For all repositories, existing and new, the repository owner will need to use the repository-level REST API to opt in to receive this configuration by setting `use_default` to `false`. Alternatively, the repository owner could use the REST API to apply a different configuration specific to the repository. For more information, see "[AUTOTITLE](/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository)." Customizing the claims results in a new format for the entire `sub` claim, which replaces the default predefined `sub` format in the token described in "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#example-subject-claims)." -{% note %} - -**Note**: The `sub` claim uses the shortened form `repo` (for example, `repo:ORG-NAME/REPO-NAME`) instead of `repository` to reference the repository. - -{% endnote %} +> [!NOTE] +> The `sub` claim uses the shortened form `repo` (for example, `repo:ORG-NAME/REPO-NAME`) instead of `repository` to reference the repository. The following example templates demonstrate various ways to customize the subject claim. To configure these settings on {% data variables.product.prodname_dotcom %}, admins use the REST API to specify a list of claims that must be included in the subject (`sub`) claim. diff --git a/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md b/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md index 67b938066..bfcf57d73 100644 --- a/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md +++ b/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md @@ -34,16 +34,13 @@ This guide explains how to configure AWS to trust {% data variables.product.prod {% ifversion ghes %} {% data reusables.actions.oidc-endpoints %} - {% note %} - **Note:** You can restrict access to the OIDC endpoints by allowing only [AWS IP address ranges](https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html). + > [!NOTE] + > You can restrict access to the OIDC endpoints by allowing only [AWS IP address ranges](https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html). - {% endnote %} - {% note %} + > [!NOTE] + > {% data variables.product.prodname_dotcom %} does not natively support AWS session tags. - **Note:** {% data variables.product.prodname_dotcom %} does not natively support AWS session tags. - - {% endnote %} {% endif %} ## Adding the identity provider to AWS @@ -57,11 +54,8 @@ To add the {% data variables.product.prodname_dotcom %} OIDC provider to IAM, se To configure the role and trust in IAM, see the AWS documentation "[Configure AWS Credentials for GitHub Actions](https://github.com/aws-actions/configure-aws-credentials#configure-aws-credentials-for-github-actions)" and "[Configuring a role for GitHub OIDC identity provider](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html#idp_oidc_Create_GitHub)." -{% note %} - -**Note**: AWS Identity and Access Management (IAM) recommends that users evaluate the IAM condition key, `token.actions.githubusercontent.com:sub`, in the trust policy of any role that trusts {% data variables.product.prodname_dotcom %}’s OIDC identity provider (IdP). Evaluating this condition key in the role trust policy limits which {% data variables.product.prodname_dotcom %} actions are able to assume the role. - -{% endnote %} +> [!NOTE] +> AWS Identity and Access Management (IAM) recommends that users evaluate the IAM condition key, `token.actions.githubusercontent.com:sub`, in the trust policy of any role that trusts {% data variables.product.prodname_dotcom %}’s OIDC identity provider (IdP). Evaluating this condition key in the role trust policy limits which {% data variables.product.prodname_dotcom %} actions are able to assume the role. Edit the trust policy, adding the `sub` field to the validation conditions. For example: diff --git a/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure.md b/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure.md index c17355077..7db66568c 100644 --- a/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure.md +++ b/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure.md @@ -32,11 +32,9 @@ This guide gives an overview of how to configure Azure to trust {% data variable {% ifversion ghes %} {% data reusables.actions.oidc-endpoints %} - {% note %} - **Note:** Microsoft Entra ID (previously known as Azure AD) does not have fixed IP ranges defined for these endpoints. - - {% endnote %} + > [!NOTE] + > Microsoft Entra ID (previously known as Azure AD) does not have fixed IP ranges defined for these endpoints. * Make sure that the value of the issuer claim that's included with the JSON Web Token (JWT) is set to a publicly routable URL. For more information, see "[AUTOTITLE](/enterprise-server@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)." {% endif %} diff --git a/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md b/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md index 27569033f..350d8d4af 100644 --- a/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md +++ b/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md @@ -49,11 +49,10 @@ To configure your Vault server to accept JSON Web Tokens (JWT) for authenticatio ``` {% ifversion ghec %} - {% note %} - **Note:** If a unique issuer URL for an enterprise was set using the REST API (as described in "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#switching-to-a-unique-token-url)"), the values for `bound_issuer` and `oidc_discover_url` must match that unique URL. For example, for an enterprise named `octocat` that uses the unique issuer URL, `bound_issuer` and `oidc_discovery_url` must be set to `https://token.actions.githubusercontent.com/octocat`. + > [!NOTE] + > If a unique issuer URL for an enterprise was set using the REST API (as described in "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#switching-to-a-unique-token-url)"), the values for `bound_issuer` and `oidc_discover_url` must match that unique URL. For example, for an enterprise named `octocat` that uses the unique issuer URL, `bound_issuer` and `oidc_discovery_url` must be set to `https://token.actions.githubusercontent.com/octocat`. - {% endnote %} {% endif %} 1. Configure a policy that only grants access to the specific paths your workflows will use to retrieve secrets. For more advanced policies, see the HashiCorp Vault [Policies documentation](https://www.vaultproject.io/docs/concepts/policies). @@ -112,13 +111,8 @@ This example demonstrates how to use OIDC with the official action to request a {% data reusables.actions.oidc-permissions-token %} -{% note %} - -**Note**: - -When the `permissions` key is used, all unspecified permissions are set to _no access_, with the exception of the metadata scope, which always gets _read_ access. As a result, you may need to add other permissions, such as `contents: read`. See [Automatic token authentication](/actions/security-guides/automatic-token-authentication) for more information. - -{% endnote %} +> [!NOTE] +> When the `permissions` key is used, all unspecified permissions are set to _no access_, with the exception of the metadata scope, which always gets _read_ access. As a result, you may need to add other permissions, such as `contents: read`. See [Automatic token authentication](/actions/security-guides/automatic-token-authentication) for more information. ### Requesting the access token @@ -153,14 +147,9 @@ jobs: # This step has access to the secret retrieved above; see hashicorp/vault-action for more details. ``` -{% note %} - -**Note**: - -* If your Vault server is not accessible from the public network, consider using a self-hosted runner with other available Vault [auth methods](https://www.vaultproject.io/docs/auth). For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)." -* `VAULT-NAMESPACE` must be set for a Vault Enterprise (including HCP Vault) deployment. For more information, see [Vault namespace](https://www.vaultproject.io/docs/enterprise/namespaces). - -{% endnote %} +> [!NOTE] +> * If your Vault server is not accessible from the public network, consider using a self-hosted runner with other available Vault [auth methods](https://www.vaultproject.io/docs/auth). For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)." +> * `VAULT-NAMESPACE` must be set for a Vault Enterprise (including HCP Vault) deployment. For more information, see [Vault namespace](https://www.vaultproject.io/docs/enterprise/namespaces). ### Revoking the access token diff --git a/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md b/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md index 17cc80c42..b41dd32b6 100644 --- a/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md +++ b/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md @@ -35,12 +35,8 @@ To use OIDC with PyPI, add a trust configuration that links each project on PyPI 1. Configure a trust relationship between the PyPI project and a {% data variables.product.prodname_dotcom %} repository (and workflow within the repository). For example, if your {% data variables.product.prodname_dotcom %} repository is at `myorg/myproject` and your release workflow is defined in `release.yml` with an environment of `release`, you should use the following settings for your trusted publisher on PyPI. - {% note %} - - **Note:** Enter these values carefully. Giving the incorrect user, repository, or workflow - the ability to publish to your PyPI project is equivalent to sharing an API token. - - {% endnote %} + > [!NOTE] + > Enter these values carefully. Giving the incorrect user, repository, or workflow the ability to publish to your PyPI project is equivalent to sharing an API token. * Owner: `myorg` * Repository name: `myproject` diff --git a/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions.md b/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions.md index 532e46c1d..a63f0591c 100644 --- a/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions.md +++ b/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions.md @@ -43,11 +43,8 @@ Action metadata files use YAML syntax. If you're new to YAML, you can read "[Lea This example configures two inputs: `num-octocats` and `octocat-eye-color`. The `num-octocats` input is not required and will default to a value of `1`. `octocat-eye-color` is required and has no default value. -{% note %} - -**Note:** Actions using `required: true` will not automatically return an error if the input is not specified. - -{% endnote %} +> [!NOTE] +> Actions using `required: true` will not automatically return an error if the input is not specified. Workflow files that use this action can use the `with` keyword to set an input value for `octocat-eye-color`. For more information about the `with` syntax, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepswith)." diff --git a/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace.md b/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace.md index 201f777fa..1702f56d6 100644 --- a/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace.md +++ b/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace.md @@ -43,11 +43,9 @@ To draft a new release and publish the action to {% data variables.product.prodn 1. Navigate to the action metadata file in your repository (`action.yml` or `action.yaml`), and you'll see a banner to publish the action to {% data variables.product.prodname_marketplace %}. Click **Draft a release**. 1. Under "Release Action", select **Publish this Action to the {% data variables.product.prodname_marketplace %}**. - {% note %} + > [!NOTE] + > The "Publish" checkbox is disabled if the account that owns the repository has not yet accepted the {% data variables.product.prodname_marketplace %} Developer Agreement. If you own the repository or are an organization owner, click the link to "accept the GitHub Marketplace Developer Agreement", then accept the agreement. If there is no link, send the organization owner a link to this "Release Action" page and ask them to accept the agreement. - **Note**: The "Publish" checkbox is disabled if the account that owns the repository has not yet accepted the {% data variables.product.prodname_marketplace %} Developer Agreement. If you own the repository or are an organization owner, click the link to "accept the GitHub Marketplace Developer Agreement", then accept the agreement. If there is no link, send the organization owner a link to this "Release Action" page and ask them to accept the agreement. - - {% endnote %} 1. If the labels in your metadata file contain any problems, you will see an error message. Address them by updating your metadata file. Once complete, you will see an "Everything looks good!" message. 1. Select the **Primary Category** dropdown menu and click a category that will help people find your action in {% data variables.product.prodname_marketplace %}. 1. Optionally, select the **Another Category** dropdown menu and click a secondary category. @@ -73,12 +71,9 @@ When a repository admin transfers an action repository, {% data variables.produc Actions published on {% data variables.product.prodname_marketplace %} are linked to a repository by their unique `name` identifier, meaning you can publish new releases of an action from the transferred repository under the same {% data variables.product.prodname_marketplace %} listing. If an action repository is deleted, the {% data variables.product.prodname_marketplace %} listing is also deleted, and the unique `name` identifier becomes available. -{% note %} - -**Note:** The "Verified" badge seen on an organization's {% data variables.product.prodname_dotcom %} profile is different from the verified creator badge on {% data variables.product.prodname_marketplace %}. If you transfer an action repository, the {% data variables.product.prodname_marketplace %} listing will lose the verified creator badge unless the new owner is also a verified creator. +> [!NOTE] +> The "Verified" badge seen on an organization's {% data variables.product.prodname_dotcom %} profile is different from the verified creator badge on {% data variables.product.prodname_marketplace %}. If you transfer an action repository, the {% data variables.product.prodname_marketplace %} listing will lose the verified creator badge unless the new owner is also a verified creator. -{% endnote %} - ## About badges in {% data variables.product.prodname_marketplace %} Actions with the {% octicon "verified" aria-label="The verified badge" %}, or verified creator badge, indicate that {% data variables.product.prodname_dotcom %} has verified the creator of the action as a partner organization. Partners can email partnerships@github.com to request the verified creator badge. diff --git a/actions/sharing-automations/creating-workflow-templates-for-your-organization.md b/actions/sharing-automations/creating-workflow-templates-for-your-organization.md index daf71b800..2cc1ded6d 100644 --- a/actions/sharing-automations/creating-workflow-templates-for-your-organization.md +++ b/actions/sharing-automations/creating-workflow-templates-for-your-organization.md @@ -36,11 +36,8 @@ Workflow templates can be created by users with write access to the organization Workflow templates created by users can only be used to create workflows in public repositories. Organizations using {% data variables.product.prodname_ghe_cloud %} can also use workflow templates to create workflows in private repositories. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/actions/using-workflows/creating-starter-workflows-for-your-organization). {% endif %} -{% note %} - -**Note:** To avoid duplication among workflow templates you can call reusable workflows from within a workflow. This can help make your workflows easier to maintain. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows)." - -{% endnote %} +> [!NOTE] +> To avoid duplication among workflow templates you can call reusable workflows from within a workflow. This can help make your workflows easier to maintain. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows)." This procedure demonstrates how to create a workflow template and metadata file. The metadata file describes how the workflow templates will be presented to users when they are creating a new workflow. @@ -51,15 +48,15 @@ This procedure demonstrates how to create a workflow template and metadata file. If you need to refer to a repository's default branch, you can use the `$default-branch` placeholder. When a workflow is created the placeholder will be automatically replaced with the name of the repository's default branch. {% ifversion ghes %} - {% note %} - - **Note:** The following values in the `runs-on` key are also treated as placeholders: - * "ubuntu-latest" is replaced with "[ self-hosted ]" - * "windows-latest" is replaced with "[ self-hosted, windows ]" - * "macos-latest" is replaced with "[ self-hosted, macOS ]" + > [!NOTE] + > The following values in the `runs-on` key are also treated as placeholders: + > + > * "ubuntu-latest" is replaced with "[ self-hosted ]" + > * "windows-latest" is replaced with "[ self-hosted, windows ]" + > * "macos-latest" is replaced with "[ self-hosted, macOS ]" - {% endnote %}{% endif %} + {% endif %} For example, this file named `octo-organization-ci.yml` demonstrates a basic workflow. diff --git a/actions/sharing-automations/reusing-workflows.md b/actions/sharing-automations/reusing-workflows.md index e8da4aa74..4eb8e735f 100644 --- a/actions/sharing-automations/reusing-workflows.md +++ b/actions/sharing-automations/reusing-workflows.md @@ -145,11 +145,9 @@ You can define inputs and secrets, which can be passed from the caller workflow {% ifversion actions-inherit-secrets-reusable-workflows %} 1. In the reusable workflow, reference the input or secret that you defined in the `on` key in the previous step. - {% note %} + > [!NOTE] + > If the secrets are inherited by using `secrets: inherit` in the calling workflow, you can reference them even if they are not explicitly defined in the `on` key. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idsecretsinherit)." - **Note**: If the secrets are inherited by using `secrets: inherit` in the calling workflow, you can reference them even if they are not explicitly defined in the `on` key. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idsecretsinherit)." - - {% endnote %} {%- else %} 1. In the reusable workflow, reference the input or secret that you defined in the `on` key in the previous step. {%- endif %} @@ -171,11 +169,8 @@ You can define inputs and secrets, which can be passed from the caller workflow In the example above, `personal_access_token` is a secret that's defined at the repository or organization level. - {% warning %} - - **Warning**: Environment secrets cannot be passed from the caller workflow as `on.workflow_call` does not support the `environment` keyword. If you include `environment` in the reusable workflow at the job level, the environment secret will be used, and not the secret passed from the caller workflow. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#environment-secrets)" and "[AUTOTITLE](/actions/writing-workflows/workflow-syntax-for-github-actions#onworkflow_call)". - - {% endwarning %} + > [!WARNING] + > Environment secrets cannot be passed from the caller workflow as `on.workflow_call` does not support the `environment` keyword. If you include `environment` in the reusable workflow at the job level, the environment secret will be used, and not the secret passed from the caller workflow. For more information, see "[AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#environment-secrets)" and "[AUTOTITLE](/actions/writing-workflows/workflow-syntax-for-github-actions#onworkflow_call)". 1. Pass the input or secret from the caller workflow. @@ -277,15 +272,11 @@ When you call a reusable workflow, you can only use the following keywords in th * [`jobs..concurrency`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idconcurrency) * [`jobs..permissions`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions) - {% note %} - - **Note:** - - * If `jobs..permissions` is not specified in the calling job, the called workflow will have the default permissions for the `GITHUB_TOKEN`. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)." - * The `GITHUB_TOKEN` permissions passed from the caller workflow can be only downgraded (not elevated) by the called workflow. - * If you use `jobs..concurrency.cancel-in-progress: true`, don't use the same value for `jobs..concurrency.group` in the called and caller workflows as this will cause the workflow that's already running to be cancelled. A called workflow uses the name of its caller workflow in {% raw %}${{ github.workflow }}{% endraw %}, so using this context as the value of `jobs..concurrency.group` in both caller and called workflows will cause the caller workflow to be cancelled when the called workflow runs. - - {% endnote %} + > [!NOTE] + > + > * If `jobs..permissions` is not specified in the calling job, the called workflow will have the default permissions for the `GITHUB_TOKEN`. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)." + > * The `GITHUB_TOKEN` permissions passed from the caller workflow can be only downgraded (not elevated) by the called workflow. + > * If you use `jobs..concurrency.cancel-in-progress: true`, don't use the same value for `jobs..concurrency.group` in the called and caller workflows as this will cause the workflow that's already running to be cancelled. A called workflow uses the name of its caller workflow in {% raw %}${{ github.workflow }}{% endraw %}, so using this context as the value of `jobs..concurrency.group` in both caller and called workflows will cause the caller workflow to be cancelled when the called workflow runs. ### Example caller workflow @@ -459,11 +450,8 @@ You can use the {% data variables.product.prodname_dotcom %} REST API to monitor For information about using the REST API to query the audit log for an organization, see "[AUTOTITLE](/rest/orgs#get-the-audit-log-for-an-organization)." -{% note %} - -**Note**: Audit data for `prepared_workflow_job` can only be viewed using the REST API. It is not visible in the {% data variables.product.prodname_dotcom %} web interface, or included in JSON/CSV exported audit data. - -{% endnote %} +> [!NOTE] +> Audit data for `prepared_workflow_job` can only be viewed using the REST API. It is not visible in the {% data variables.product.prodname_dotcom %} web interface, or included in JSON/CSV exported audit data. {% ifversion partial-reruns-with-reusable %} diff --git a/actions/sharing-automations/sharing-actions-and-workflows-from-your-private-repository.md b/actions/sharing-automations/sharing-actions-and-workflows-from-your-private-repository.md index a615d902b..71ebdbdc6 100644 --- a/actions/sharing-automations/sharing-actions-and-workflows-from-your-private-repository.md +++ b/actions/sharing-automations/sharing-actions-and-workflows-from-your-private-repository.md @@ -18,13 +18,9 @@ You can share actions and reusable workflows from your private repository, witho Any actions or reusable workflows stored in the private repository can be used in workflows defined in other private repositories owned by the same organization or user. Actions and reusable workflows stored in private repositories cannot be used in public repositories. -{% warning %} - -**Warning**: -* If you make a private repository accessible to {% data variables.product.prodname_actions %} workflows in other repositories, outside collaborators on the other repositories can indirectly access the private repository, even though they do not have direct access to these repositories. The outside collaborators can view logs for workflow runs when actions or workflows from the private repository are used. -* {% data reusables.actions.scoped-token-note %} - -{% endwarning %} +> [!WARNING] +> * If you make a private repository accessible to {% data variables.product.prodname_actions %} workflows in other repositories, outside collaborators on the other repositories can indirectly access the private repository, even though they do not have direct access to these repositories. The outside collaborators can view logs for workflow runs when actions or workflows from the private repository are used. +> * {% data reusables.actions.scoped-token-note %} ## Sharing actions and workflows from your private repository diff --git a/actions/sharing-automations/sharing-actions-and-workflows-with-your-enterprise.md b/actions/sharing-automations/sharing-actions-and-workflows-with-your-enterprise.md index e947c13c9..bfd1c5860 100644 --- a/actions/sharing-automations/sharing-actions-and-workflows-with-your-enterprise.md +++ b/actions/sharing-automations/sharing-actions-and-workflows-with-your-enterprise.md @@ -18,13 +18,9 @@ If your organization is owned by an enterprise account, you can share actions an Any actions or reusable workflows stored in the internal {% ifversion private-actions %}or private {% endif %}repository can be used in workflows defined in other internal or private repositories owned by the same organization, or by any organization owned by the enterprise. Actions and reusable workflows stored in internal repositories cannot be used in public repositories {% ifversion private-actions %}and actions and reusable workflows stored in private repositories cannot be used in public or internal repositories{% endif %}. -{% warning %} - -**Warning**: -* {% data reusables.actions.outside-collaborators-actions %} -* {% data reusables.actions.scoped-token-note %} - -{% endwarning %} +> [!WARNING] +> * {% data reusables.actions.outside-collaborators-actions %} +> * {% data reusables.actions.scoped-token-note %} ## Sharing actions and workflows with your enterprise diff --git a/actions/sharing-automations/sharing-actions-and-workflows-with-your-organization.md b/actions/sharing-automations/sharing-actions-and-workflows-with-your-organization.md index cc0afa719..2b367e32b 100644 --- a/actions/sharing-automations/sharing-actions-and-workflows-with-your-organization.md +++ b/actions/sharing-automations/sharing-actions-and-workflows-with-your-organization.md @@ -18,13 +18,9 @@ You can share actions and reusable workflows within your organization, without p Any actions or reusable workflows stored in the private repository can be used in workflows defined in other private repositories owned by the same organization. Actions and reusable workflows stored in private repositories cannot be used in public repositories. -{% warning %} - -**Warning**: -* {% data reusables.actions.outside-collaborators-actions %} -* {% data reusables.actions.scoped-token-note %} - -{% endwarning %} +> [!WARNING] +> * {% data reusables.actions.outside-collaborators-actions %} +> * {% data reusables.actions.scoped-token-note %} ## Sharing actions and workflows with your organization diff --git a/actions/use-cases-and-examples/building-and-testing/building-and-testing-net.md b/actions/use-cases-and-examples/building-and-testing/building-and-testing-net.md index 98fe86a22..4a917a2b2 100644 --- a/actions/use-cases-and-examples/building-and-testing/building-and-testing-net.md +++ b/actions/use-cases-and-examples/building-and-testing/building-and-testing-net.md @@ -154,11 +154,8 @@ steps: run: dotnet add package Newtonsoft.Json --version 12.0.1 ``` -{% note %} - -**Note:** Depending on the number of dependencies, it may be faster to use the dependency cache. Projects with many large dependencies should see a performance increase as it cuts down the time required for downloading. Projects with fewer dependencies may not see a significant performance increase and may even see a slight decrease due to how NuGet installs cached dependencies. The performance varies from project to project. - -{% endnote %} +> [!NOTE] +> Depending on the number of dependencies, it may be faster to use the dependency cache. Projects with many large dependencies should see a performance increase as it cuts down the time required for downloading. Projects with fewer dependencies may not see a significant performance increase and may even see a slight decrease due to how NuGet installs cached dependencies. The performance varies from project to project. ## Building and testing your code diff --git a/actions/use-cases-and-examples/building-and-testing/building-and-testing-powershell.md b/actions/use-cases-and-examples/building-and-testing/building-and-testing-powershell.md index f3244b084..0971b7a53 100644 --- a/actions/use-cases-and-examples/building-and-testing/building-and-testing-powershell.md +++ b/actions/use-cases-and-examples/building-and-testing/building-and-testing-powershell.md @@ -93,21 +93,15 @@ The table below describes the locations for various PowerShell modules in each { {% endrowheaders %} -{% note %} - -**Note:** On Ubuntu runners, Azure PowerShell modules are stored in `/usr/share/` instead of the default location of PowerShell add-on modules (i.e. `/usr/local/share/powershell/Modules/`). - -{% endnote %} +> [!NOTE] +> On Ubuntu runners, Azure PowerShell modules are stored in `/usr/share/` instead of the default location of PowerShell add-on modules (i.e. `/usr/local/share/powershell/Modules/`). ## Installing dependencies {% data variables.product.prodname_dotcom %}-hosted runners have PowerShell 7 and Pester installed. You can use `Install-Module` to install additional dependencies from the PowerShell Gallery before building and testing your code. -{% note %} - -**Note:** The pre-installed packages (such as Pester) used by {% data variables.product.prodname_dotcom %}-hosted runners are regularly updated, and can introduce significant changes. As a result, it is recommended that you always specify the required package versions by using `Install-Module` with `-MaximumVersion`. - -{% endnote %} +> [!NOTE] +> The pre-installed packages (such as Pester) used by {% data variables.product.prodname_dotcom %}-hosted runners are regularly updated, and can introduce significant changes. As a result, it is recommended that you always specify the required package versions by using `Install-Module` with `-MaximumVersion`. You can also cache dependencies to speed up your workflow. For more information, see "[AUTOTITLE](/actions/using-workflows/caching-dependencies-to-speed-up-workflows)." @@ -127,11 +121,8 @@ jobs: Install-Module SqlServer, PSScriptAnalyzer ``` -{% note %} - -**Note:** By default, no repositories are trusted by PowerShell. When installing modules from the PowerShell Gallery, you must explicitly set the installation policy for `PSGallery` to `Trusted`. - -{% endnote %} +> [!NOTE] +> By default, no repositories are trusted by PowerShell. When installing modules from the PowerShell Gallery, you must explicitly set the installation policy for `PSGallery` to `Trusted`. ### Caching dependencies diff --git a/actions/use-cases-and-examples/deploying/deploying-docker-to-azure-app-service.md b/actions/use-cases-and-examples/deploying/deploying-docker-to-azure-app-service.md index 46f3428b2..221a655fe 100644 --- a/actions/use-cases-and-examples/deploying/deploying-docker-to-azure-app-service.md +++ b/actions/use-cases-and-examples/deploying/deploying-docker-to-azure-app-service.md @@ -21,11 +21,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a Docker container to [Azure App Service](https://azure.microsoft.com/services/app-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/actions/use-cases-and-examples/deploying/deploying-java-to-azure-app-service.md b/actions/use-cases-and-examples/deploying/deploying-java-to-azure-app-service.md index d6dcbe542..fcc7d297c 100644 --- a/actions/use-cases-and-examples/deploying/deploying-java-to-azure-app-service.md +++ b/actions/use-cases-and-examples/deploying/deploying-java-to-azure-app-service.md @@ -20,11 +20,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a Java project to [Azure App Service](https://azure.microsoft.com/services/app-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service.md b/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service.md index abb6cd9b1..33bd39421 100644 --- a/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service.md +++ b/actions/use-cases-and-examples/deploying/deploying-net-to-azure-app-service.md @@ -19,11 +19,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a .NET project to [Azure App Service](https://azure.microsoft.com/services/app-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/actions/use-cases-and-examples/deploying/deploying-nodejs-to-azure-app-service.md b/actions/use-cases-and-examples/deploying/deploying-nodejs-to-azure-app-service.md index b1a58369d..b91eca468 100644 --- a/actions/use-cases-and-examples/deploying/deploying-nodejs-to-azure-app-service.md +++ b/actions/use-cases-and-examples/deploying/deploying-nodejs-to-azure-app-service.md @@ -24,11 +24,8 @@ topics: This guide explains how to use {% data variables.product.prodname_actions %} to build, test, and deploy a Node.js project to [Azure App Service](https://azure.microsoft.com/services/app-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/actions/use-cases-and-examples/deploying/deploying-php-to-azure-app-service.md b/actions/use-cases-and-examples/deploying/deploying-php-to-azure-app-service.md index 69c83d7ce..7e6b78a87 100644 --- a/actions/use-cases-and-examples/deploying/deploying-php-to-azure-app-service.md +++ b/actions/use-cases-and-examples/deploying/deploying-php-to-azure-app-service.md @@ -19,11 +19,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a PHP project to [Azure App Service](https://azure.microsoft.com/services/app-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/actions/use-cases-and-examples/deploying/deploying-python-to-azure-app-service.md b/actions/use-cases-and-examples/deploying/deploying-python-to-azure-app-service.md index f5093958c..43b09cc20 100644 --- a/actions/use-cases-and-examples/deploying/deploying-python-to-azure-app-service.md +++ b/actions/use-cases-and-examples/deploying/deploying-python-to-azure-app-service.md @@ -20,11 +20,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a Python project to [Azure App Service](https://azure.microsoft.com/services/app-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/actions/use-cases-and-examples/deploying/deploying-to-amazon-elastic-container-service.md b/actions/use-cases-and-examples/deploying/deploying-to-amazon-elastic-container-service.md index a412d1067..ac5ae8b80 100644 --- a/actions/use-cases-and-examples/deploying/deploying-to-amazon-elastic-container-service.md +++ b/actions/use-cases-and-examples/deploying/deploying-to-amazon-elastic-container-service.md @@ -25,11 +25,8 @@ This guide explains how to use {% data variables.product.prodname_actions %} to On every new push to `main` in your {% data variables.product.company_short %} repository, the {% data variables.product.prodname_actions %} workflow builds and pushes a new container image to Amazon ECR, and then deploys a new task definition to Amazon ECS. -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services)." ## Prerequisites diff --git a/actions/use-cases-and-examples/deploying/deploying-to-azure-kubernetes-service.md b/actions/use-cases-and-examples/deploying/deploying-to-azure-kubernetes-service.md index fa27712ab..9599f7856 100644 --- a/actions/use-cases-and-examples/deploying/deploying-to-azure-kubernetes-service.md +++ b/actions/use-cases-and-examples/deploying/deploying-to-azure-kubernetes-service.md @@ -19,11 +19,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a project to [Azure Kubernetes Service](https://azure.microsoft.com/services/kubernetes-service/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/actions/use-cases-and-examples/deploying/deploying-to-azure-static-web-app.md b/actions/use-cases-and-examples/deploying/deploying-to-azure-static-web-app.md index ffc813a02..7a73e1cb1 100644 --- a/actions/use-cases-and-examples/deploying/deploying-to-azure-static-web-app.md +++ b/actions/use-cases-and-examples/deploying/deploying-to-azure-static-web-app.md @@ -19,11 +19,8 @@ redirect_from: This guide explains how to use {% data variables.product.prodname_actions %} to build and deploy a web app to [Azure Static Web Apps](https://azure.microsoft.com/services/app-service/static/). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure)." ## Prerequisites diff --git a/actions/use-cases-and-examples/deploying/deploying-to-google-kubernetes-engine.md b/actions/use-cases-and-examples/deploying/deploying-to-google-kubernetes-engine.md index 3ebec3486..82eff64a6 100644 --- a/actions/use-cases-and-examples/deploying/deploying-to-google-kubernetes-engine.md +++ b/actions/use-cases-and-examples/deploying/deploying-to-google-kubernetes-engine.md @@ -25,11 +25,8 @@ This guide explains how to use {% data variables.product.prodname_actions %} to GKE is a managed Kubernetes cluster service from Google Cloud that can host your containerized workloads in the cloud or in your own datacenter. For more information, see [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine). -{% note %} - -**Note**: {% data reusables.actions.about-oidc-short-overview %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.about-oidc-short-overview %} ## Prerequisites @@ -78,11 +75,8 @@ This procedure demonstrates how to create the service account for your GKE integ 1. Add roles to the service account. - {% note %} - - **Note**: Apply more restrictive roles to suit your requirements. - - {% endnote %} + > [!NOTE] + > Apply more restrictive roles to suit your requirements. ```shell copy gcloud projects add-iam-policy-binding $GKE_PROJECT \ diff --git a/actions/use-cases-and-examples/deploying/deploying-with-github-actions.md b/actions/use-cases-and-examples/deploying/deploying-with-github-actions.md index 363a1154d..bdd7be830 100644 --- a/actions/use-cases-and-examples/deploying/deploying-with-github-actions.md +++ b/actions/use-cases-and-examples/deploying/deploying-with-github-actions.md @@ -62,11 +62,8 @@ For more information, see "[AUTOTITLE](/actions/using-workflows/events-that-trig Concurrency ensures that only a single job or workflow using the same concurrency group will run at a time. You can use concurrency so that an environment has a maximum of one deployment in progress and one deployment pending at a time. For more information about concurrency, see "[AUTOTITLE](/actions/using-jobs/using-concurrency)." -{% note %} - -**Note:** `concurrency` and `environment` are not connected. The concurrency value can be any string; it does not need to be an environment name. Additionally, if another workflow uses the same environment but does not specify concurrency, that workflow will not be subject to any concurrency rules. - -{% endnote %} +> [!NOTE] +> `concurrency` and `environment` are not connected. The concurrency value can be any string; it does not need to be an environment name. Additionally, if another workflow uses the same environment but does not specify concurrency, that workflow will not be subject to any concurrency rules. For example, when the following workflow runs, it will be paused with the status `pending` if any job or workflow that uses the `production` concurrency group is in progress. It will also cancel any job or workflow that uses the `production` concurrency group and has the status `pending`. This means that there will be a maximum of one running and one pending job or workflow in that uses the `production` concurrency group. diff --git a/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md b/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md index 9db381508..161f25771 100644 --- a/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md +++ b/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md @@ -119,11 +119,8 @@ jobs: # ... ``` -{% note %} - -**Note:** For iOS build targets, your provisioning profile should have the extension `.mobileprovision`. For macOS build targets, the extension should be `.provisionprofile`. The example workflow above should be updated to reflect your target platform. - -{% endnote %} +> [!NOTE] +> For iOS build targets, your provisioning profile should have the extension `.mobileprovision`. For macOS build targets, the extension should be `.provisionprofile`. The example workflow above should be updated to reflect your target platform. ## Required clean-up on self-hosted runners diff --git a/actions/use-cases-and-examples/project-management/closing-inactive-issues.md b/actions/use-cases-and-examples/project-management/closing-inactive-issues.md index 124e10829..00e3dc95a 100644 --- a/actions/use-cases-and-examples/project-management/closing-inactive-issues.md +++ b/actions/use-cases-and-examples/project-management/closing-inactive-issues.md @@ -67,11 +67,8 @@ In the tutorial, you will first make a workflow file that uses the [`actions/sta Based on the `schedule` parameter (for example, every day at 1:30 UTC), your workflow will find issues that have been inactive for the specified period of time and will add the specified comment and label. Additionally, your workflow will close any previously labeled issues if no additional activity has occurred for the specified period of time. -{% note %} - -**Note:** {% data reusables.actions.schedule-delay %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.schedule-delay %} You can view the history of your workflow runs to see this workflow run periodically. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)." diff --git a/actions/use-cases-and-examples/project-management/scheduling-issue-creation.md b/actions/use-cases-and-examples/project-management/scheduling-issue-creation.md index 2d17f8d1f..a0121d7d6 100644 --- a/actions/use-cases-and-examples/project-management/scheduling-issue-creation.md +++ b/actions/use-cases-and-examples/project-management/scheduling-issue-creation.md @@ -98,11 +98,8 @@ In the tutorial, you will first make a workflow file that uses the {% data varia Based on the `schedule` parameter (for example, every Monday at 7:20 UTC), your workflow will create a new issue with the assignees, labels, title, and body that you specified. If you set `PINNED` to `true`, the workflow will pin the issue to your repository. If you set `CLOSE_PREVIOUS` to true, the workflow will close the most recent issue with matching labels. -{% note %} - -**Note:** {% data reusables.actions.schedule-delay %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.schedule-delay %} You can view the history of your workflow runs to see this workflow run periodically. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)." diff --git a/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md b/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md index 07e8374a7..d89219d88 100644 --- a/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md +++ b/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md @@ -24,11 +24,8 @@ layout: inline This guide shows you how to create a workflow that performs a Docker build, and then publishes Docker images to Docker Hub or {% data variables.product.prodname_registry %}. With a single workflow, you can publish images to a single registry or to multiple registries. -{% note %} - -**Note:** If you want to push to another third-party Docker registry, the example in the "[Publishing images to {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)" section can serve as a good template. - -{% endnote %} +> [!NOTE] +> If you want to push to another third-party Docker registry, the example in the "[Publishing images to {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)" section can serve as a good template. ## Prerequisites diff --git a/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners.md b/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners.md index 472e16a5b..341b962bb 100644 --- a/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners.md +++ b/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners.md @@ -125,11 +125,8 @@ While the job runs, the logs and output can be viewed in the {% data variables.p > [!NOTE] > The `-latest` runner images are the latest stable images that {% data variables.product.prodname_dotcom %} provides, and might not be the most recent version of the operating system available from the operating system vendor. -{% warning %} - -**Warning:** Beta and Deprecated Images are provided "as-is", "with all faults" and "as available" and are excluded from the service level agreement and warranty. Beta Images may not be covered by customer support. - -{% endwarning %} +> [!WARNING] +> Beta and Deprecated Images are provided "as-is", "with all faults" and "as available" and are excluded from the service level agreement and warranty. Beta Images may not be covered by customer support. {% endif %} diff --git a/actions/using-github-hosted-runners/using-github-hosted-runners/customizing-github-hosted-runners.md b/actions/using-github-hosted-runners/using-github-hosted-runners/customizing-github-hosted-runners.md index 573034c82..25fda15ff 100644 --- a/actions/using-github-hosted-runners/using-github-hosted-runners/customizing-github-hosted-runners.md +++ b/actions/using-github-hosted-runners/using-github-hosted-runners/customizing-github-hosted-runners.md @@ -41,11 +41,8 @@ jobs: sudo apt-get install jq ``` -{% note %} - -**Note:** Always run `sudo apt-get update` before installing a package. In case the `apt` index is stale, this command fetches and re-indexes any available packages, which helps prevent package installation failures. - -{% endnote %} +> [!NOTE] +> Always run `sudo apt-get update` before installing a package. In case the `apt` index is stale, this command fetches and re-indexes any available packages, which helps prevent package installation failures. ## Installing software on macOS runners diff --git a/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md b/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md index 3b2b07f09..5d825bca6 100644 --- a/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md +++ b/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md @@ -11,11 +11,8 @@ redirect_from: - /actions/using-github-hosted-runners/about-larger-runners/controlling-access-to-larger-runners --- -{% note %} - -**Note:** {% data reusables.actions.windows-linux-larger-runners-note %} - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.windows-linux-larger-runners-note %} ## About runner groups @@ -23,11 +20,8 @@ redirect_from: ### Managing access to your runners -{% note %} - -**Note**: Before your workflows can send jobs to {% data variables.actions.hosted_runner %}s, you must first configure permissions for the runner group. See the following sections for more information. - -{% endnote %} +> [!NOTE] +> Before your workflows can send jobs to {% data variables.actions.hosted_runner %}s, you must first configure permissions for the runner group. See the following sections for more information. Runner groups are used to control which repositories can run jobs on your {% data variables.actions.hosted_runner %}s. You must manage access to the group from each level of the management hierarchy, depending on where you've defined the {% data variables.actions.hosted_runner %}: diff --git a/actions/using-github-hosted-runners/using-larger-runners/running-jobs-on-larger-runners.md b/actions/using-github-hosted-runners/using-larger-runners/running-jobs-on-larger-runners.md index b1ea7ab10..567260371 100644 --- a/actions/using-github-hosted-runners/using-larger-runners/running-jobs-on-larger-runners.md +++ b/actions/using-github-hosted-runners/using-larger-runners/running-jobs-on-larger-runners.md @@ -39,11 +39,8 @@ Use the labels in the table below to run your workflows on the corresponding mac {% data reusables.actions.larger-runners-table %} -{% note %} - -**Note:** For macOS {% data variables.actions.hosted_runner %}s, the `-latest` runner label uses the macOS 12 runner image. For macOS Xlarge, the `-latest` runner label uses the macOS 13 runner image - -{% endnote %} +> [!NOTE] +> For macOS {% data variables.actions.hosted_runner %}s, the `-latest` runner label uses the macOS 12 runner image. For macOS Xlarge, the `-latest` runner label uses the macOS 13 runner image {% endmac %} @@ -197,10 +194,7 @@ jobs: Because macOS arm64 does not support Node 12, macOS {% data variables.actions.hosted_runner %}s automatically use Node 16 to execute any JavaScript action written for Node 12. Some community actions may not be compatible with Node 16. If you use an action that requires a different Node version, you may need to manually install a specific version at runtime. -{% note %} - -**Note:** ARM-powered runners are currently in {% data variables.release-phases.public_preview %} and are subject to change. - -{% endnote %} +> [!NOTE] +> ARM-powered runners are currently in {% data variables.release-phases.public_preview %} and are subject to change. {% endmac %} diff --git a/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs.md b/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs.md index 57e2ee1d9..39bfd2dd4 100644 --- a/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs.md +++ b/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs.md @@ -365,11 +365,8 @@ The contents of the `vars` context is a mapping of configuration variable names This example workflow shows how configuration variables set at the repository, environment, or organization levels are automatically available using the `vars` context. -{% note %} - -Note: Configuration variables at the environment level are automatically available after their environment is declared by the runner. - -{% endnote %} +> [!NOTE] +> Configuration variables at the environment level are automatically available after their environment is declared by the runner. {% data reusables.actions.actions-vars-context-example-usage %} diff --git a/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md b/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md index 5d86df877..3af5e6b5c 100644 --- a/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md +++ b/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md @@ -35,17 +35,14 @@ To cache dependencies for a job, you can use {% data variables.product.prodname_ | Go `go.sum` | [setup-go](https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs) | | .NET NuGet | [setup-dotnet](https://github.com/actions/setup-dotnet?tab=readme-ov-file#caching-nuget-packages) | -{% warning %} - -**Warning**: {% ifversion fpt or ghec %}Be mindful of the following when using caching with {% data variables.product.prodname_actions %}: - -* {% endif %}We recommend that you don't store any sensitive information in the cache. For example, sensitive information can include access tokens or login credentials stored in a file in the cache path. Also, command line interface (CLI) programs like `docker login` can save access credentials in a configuration file. Anyone with read access can create a pull request on a repository and access the contents of a cache. Forks of a repository can also create pull requests on the base branch and access caches on the base branch. +> [!WARNING] +> {% ifversion fpt or ghec %}Be mindful of the following when using caching with {% data variables.product.prodname_actions %}: +> +> * {% endif %}We recommend that you don't store any sensitive information in the cache. For example, sensitive information can include access tokens or login credentials stored in a file in the cache path. Also, command line interface (CLI) programs like `docker login` can save access credentials in a configuration file. Anyone with read access can create a pull request on a repository and access the contents of a cache. Forks of a repository can also create pull requests on the base branch and access caches on the base branch. {%- ifversion fpt or ghec %} -* When using self-hosted runners, caches from workflow runs are stored on {% data variables.product.company_short %}-owned cloud storage. A customer-owned storage solution is only available with {% data variables.product.prodname_ghe_server %}. +> * When using self-hosted runners, caches from workflow runs are stored on {% data variables.product.company_short %}-owned cloud storage. A customer-owned storage solution is only available with {% data variables.product.prodname_ghe_server %}. {%- endif %} -{% endwarning %} - {% data reusables.actions.comparing-artifacts-caching %} For more information on workflow run artifacts, see "[AUTOTITLE](/actions/using-workflows/storing-workflow-data-as-artifacts)." @@ -289,11 +286,8 @@ There are multiple ways to manage caches for your repositories: * Using the REST API. For more information, see "[AUTOTITLE](/rest/actions/cache)." * Installing the `gh cache` subcommand to manage your caches from the command line. For more information, see the [GitHub CLI documentation](https://cli.github.com/manual/gh_cache). - {% note %} - - **Note:** If you are doing this manually, ensure you have version 2.32.0 or higher of the CLI installed. - - {% endnote %} + > [!NOTE] + > If you are doing this manually, ensure you have version 2.32.0 or higher of the CLI installed. {% else %} diff --git a/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions.md b/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions.md index ad66d9d33..874cc243c 100644 --- a/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions.md +++ b/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions.md @@ -25,11 +25,8 @@ Expressions are commonly used with the conditional `if` keyword in a workflow fi `${{ }}` {% endraw %} -{% note %} - -**Note**: The exception to this rule is when you are using expressions in an `if` clause, where, optionally, you can usually omit {% raw %}`${{`{% endraw %} and {% raw %}`}}`{% endraw %}. For more information about `if` conditionals, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idif)." - -{% endnote %} +> [!NOTE] +> The exception to this rule is when you are using expressions in an `if` clause, where, optionally, you can usually omit {% raw %}`${{`{% endraw %} and {% raw %}`}}`{% endraw %}. For more information about `if` conditionals, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idif)." {% data reusables.actions.context-injection-warning %} @@ -92,14 +89,10 @@ env: | `&&` | And | | \|\| | Or | - {% note %} - - **Notes:** - * {% data variables.product.company_short %} ignores case when comparing strings. - * `steps..outputs.` evaluates as a string. {% data reusables.actions.expressions-syntax-evaluation %} For more information, see "[AUTOTITLE](/actions/learn-github-actions/contexts#steps-context)." - * For numerical comparison, the `fromJSON()` function can be used to convert a string to a number. For more information on the `fromJSON()` function, see "[fromJSON](#fromjson)." - - {% endnote %} + > [!NOTE] + > * {% data variables.product.company_short %} ignores case when comparing strings. + > * `steps..outputs.` evaluates as a string. {% data reusables.actions.expressions-syntax-evaluation %} For more information, see "[AUTOTITLE](/actions/learn-github-actions/contexts#steps-context)." + > * For numerical comparison, the `fromJSON()` function can be used to convert a string to a number. For more information on the `fromJSON()` function, see "[fromJSON](#fromjson)." {% data variables.product.prodname_dotcom %} performs loose equality comparisons. @@ -332,11 +325,8 @@ steps: Causes the step to always execute, and returns `true`, even when canceled. The `always` expression is best used at the step level or on tasks that you expect to run even when a job is canceled. For example, you can use `always` to send logs even when a job is canceled. -{% warning %} - -**Warning:** Avoid using `always` for any task that could suffer from a critical failure, for example: getting sources, otherwise the workflow may hang until it times out. If you want to run a job or step regardless of its success or failure, use the recommended alternative: `if: {% raw %}${{ !cancelled() }}{% endraw %}` - -{% endwarning %} +> [!WARNING] +> Avoid using `always` for any task that could suffer from a critical failure, for example: getting sources, otherwise the workflow may hang until it times out. If you want to run a job or step regardless of its success or failure, use the recommended alternative: `if: {% raw %}${{ !cancelled() }}{% endraw %}` #### Example of `always` diff --git a/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables.md b/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables.md index e1188a088..f076144d3 100644 --- a/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables.md +++ b/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables.md @@ -29,11 +29,8 @@ You can set a custom variable in two ways. * To define an environment variable for use in a single workflow, you can use the `env` key in the workflow file. For more information, see "[Defining environment variables for a single workflow](#defining-environment-variables-for-a-single-workflow)". * To define a configuration variable across multiple workflows, you can define it at the organization, repository, or environment level. For more information, see "[Defining configuration variables for multiple workflows](#defining-configuration-variables-for-multiple-workflows)". -{% warning %} - -**Warning:** By default, variables render unmasked in your build outputs. If you need greater security for sensitive information, such as passwords, use secrets instead. For more information, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)". - -{% endwarning %} +> [!WARNING] +> By default, variables render unmasked in your build outputs. If you need greater security for sensitive information, such as passwords, use secrets instead. For more information, see "[AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions)". ## Defining environment variables for a single workflow @@ -78,11 +75,8 @@ Because runner environment variable interpolation is done after a workflow job i When you set an environment variable, you cannot use any of the default environment variable names. For a complete list of default environment variables, see "[Default environment variables](#default-environment-variables)" below. If you attempt to override the value of one of these default variables, the assignment is ignored. -{% note %} - -**Note**: You can list the entire set of environment variables that are available to a workflow step by using `run: env` in a step and then examining the output for the step. - -{% endnote %} +> [!NOTE] +> You can list the entire set of environment variables that are available to a workflow step by using `run: env` in a step and then examining the output for the step. ## Defining configuration variables for multiple workflows @@ -164,11 +158,8 @@ A workflow created in a repository can access the following number of variables: * Up to 1,000 organization variables, if the total combined size of repository and organization variables is less than 10 MB. If the total combined size of organization and repository variables exceeds 10 MB, only the organization variables that fall below that limit will be available (after accounting for repository variables and as sorted alphabetically by variable name). * Up to 100 environment-level variables. -{% note %} - -**Note**: Environment-level variables do not count toward the 10 MB total size limit. If you exceed the combined size limit for repository and organization variables and still need additional variables, you can use an environment and define additional variables in the environment. - -{% endnote %} +> [!NOTE] +> Environment-level variables do not count toward the 10 MB total size limit. If you exceed the combined size limit for repository and organization variables and still need additional variables, you can use an environment and define additional variables in the environment. {% else %} @@ -182,11 +173,8 @@ A workflow created in a repository can access the following number of variables: * Up to 1,000 organization variables, if the total combined size of repository and organization variables is less than 256 KB. If the total combined size of organization and repository variables exceeds 256 KB, only the organization variables that fall below that limit will be available (after accounting for repository variables and as sorted alphabetically by variable name). * Up to 100 environment-level variables. -{% note %} - -**Note**: Environment-level variables do not count toward the 256 KB total size limit. If you exceed the combined size limit for repository and organization variables and still need additional variables, you can use an environment and define additional variables in the environment. - -{% endnote %} +> [!NOTE] +> Environment-level variables do not count toward the 256 KB total size limit. If you exceed the combined size limit for repository and organization variables and still need additional variables, you can use an environment and define additional variables in the environment. {% endif %} @@ -239,11 +227,8 @@ run: echo "${{ env.Greeting }} ${{ env.First_Name }}. Today is ${{ env.DAY_OF_WE {% endraw %} -{% note %} - -**Note**: Contexts are usually denoted using the dollar sign and curly braces, as {% raw %}`${{ context.property }}`{% endraw %}. In an `if` conditional, the {% raw %}`${{` and `}}`{% endraw %} are optional, but if you use them they must enclose the entire comparison statement, as shown above. - -{% endnote %} +> [!NOTE] +> Contexts are usually denoted using the dollar sign and curly braces, as {% raw %}`${{ context.property }}`{% endraw %}. In an `if` conditional, the {% raw %}`${{` and `}}`{% endraw %} are optional, but if you use them they must enclose the entire comparison statement, as shown above. You will commonly use either the `env` or `github` context to access variable values in parts of the workflow that are processed before jobs are sent to runners. @@ -317,11 +302,8 @@ We strongly recommend that actions use variables to access the filesystem rather | `RUNNER_TEMP` | {% data reusables.actions.runner-temp-directory-description %} For example, `D:\a\_temp` | | `RUNNER_TOOL_CACHE` | {% data reusables.actions.runner-tool-cache-description %} For example, `C:\hostedtoolcache\windows` | -{% note %} - -**Note:** If you need to use a workflow run's URL from within a job, you can combine these variables: `$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID` - -{% endnote %} +> [!NOTE] +> If you need to use a workflow run's URL from within a job, you can combine these variables: `$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID` ## Detecting the operating system diff --git a/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md b/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md index 72a910a36..86741403e 100644 --- a/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md +++ b/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md @@ -155,11 +155,8 @@ After a workflow run has been completed, you can download or delete artifacts on The [`actions/download-artifact`](https://github.com/actions/download-artifact) action can be used to download previously uploaded artifacts during a workflow run. -{% note %} - -**Note:** You can only download artifacts in a workflow that were uploaded during the same workflow run. - -{% endnote %} +> [!NOTE] +> You can only download artifacts in a workflow that were uploaded during the same workflow run. Specify an artifact's name to download an individual artifact. If you uploaded an artifact without specifying a name, the default name is `artifact`. diff --git a/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md b/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md index ef9c9203d..10d98b646 100644 --- a/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md +++ b/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md @@ -129,11 +129,8 @@ The creators of a community action have the option to use tags, branches, or SHA You will designate the version of the action in your workflow file. Check the action's documentation for information on their approach to release management, and to see which tag, branch, or SHA value to use. -{% note %} - -**Note:** We recommend that you use a SHA value when using third-party actions. However, it's important to note {% data variables.product.prodname_dependabot %} will only create {% data variables.product.prodname_dependabot_alerts %} for vulnerable {% data variables.product.prodname_actions %} that use semantic versioning. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)" and "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." - -{% endnote %} +> [!NOTE] +> We recommend that you use a SHA value when using third-party actions. However, it's important to note {% data variables.product.prodname_dependabot %} will only create {% data variables.product.prodname_dependabot_alerts %} for vulnerable {% data variables.product.prodname_actions %} that use semantic versioning. For more information, see "[AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)" and "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." ### Using tags diff --git a/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions.md b/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions.md index 8bdd35f4a..6eb898aeb 100644 --- a/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions.md +++ b/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions.md @@ -44,17 +44,11 @@ Write-Output "::workflow-command parameter1={data},parameter2={data}::{command v {% endpowershell %} -{% note %} +> [!NOTE] +> Workflow command and parameter names are case insensitive. -**Note:** Workflow command and parameter names are case insensitive. - -{% endnote %} - -{% warning %} - -**Warning:** If you are using Command Prompt, omit double quote characters (`"`) when using workflow commands. - -{% endwarning %} +> [!WARNING] +> If you are using Command Prompt, omit double quote characters (`"`) when using workflow commands. ## Using workflow commands to access toolkit functions @@ -293,11 +287,8 @@ Write-Output "::add-mask::Mona The Octocat" {% endpowershell %} -{% warning %} - -**Warning:** Make sure you register the secret with 'add-mask' before outputting it in the build logs or using it in any other workflow commands. - -{% endwarning %} +> [!WARNING] +> Make sure you register the secret with 'add-mask' before outputting it in the build logs or using it in any other workflow commands. ### Example: Masking an environment variable @@ -395,11 +386,8 @@ If you want to pass a masked secret between jobs or workflows, you should store #### Workflow -{% note %} - -**Note**: This workflow uses an imaginary secret store, `secret-store`, which has imaginary commands `store-secret` and `retrieve-secret`. `some/secret-store@ 27b31702a0e7fc50959f5ad993c78deac1bdfc29` is an imaginary action that installs the `secret-store` application and configures it to connect to an `instance` with `credentials`. - -{% endnote %} +> [!NOTE] +> This workflow uses an imaginary secret store, `secret-store`, which has imaginary commands `store-secret` and `retrieve-secret`. `some/secret-store@ 27b31702a0e7fc50959f5ad993c78deac1bdfc29` is an imaginary action that installs the `secret-store` application and configures it to connect to an `instance` with `credentials`. {% bash %} @@ -492,11 +480,8 @@ Stops processing any workflow commands. This special command allows you to log a To stop the processing of workflow commands, pass a unique token to `stop-commands`. To resume processing workflow commands, pass the same token that you used to stop workflow commands. -{% warning %} - -**Warning:** Make sure the token you're using is randomly generated and unique for each run. - -{% endwarning %} +> [!WARNING] +> Make sure the token you're using is randomly generated and unique for each run. ```text copy ::{endtoken}:: @@ -605,33 +590,30 @@ steps: {% powershell %} -{% note %} - -**Note:** PowerShell versions 5.1 and below (`shell: powershell`) do not use UTF-8 by default, so you must specify the UTF-8 encoding. For example: - -```yaml copy -jobs: - legacy-powershell-example: - runs-on: windows-latest - steps: - - shell: powershell - run: | - "mypath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append -``` - -PowerShell Core versions 6 and higher (`shell: pwsh`) use UTF-8 by default. For example: - -```yaml copy -jobs: - powershell-core-example: - runs-on: windows-latest - steps: - - shell: pwsh - run: | - "mypath" >> $env:GITHUB_PATH -``` - -{% endnote %} +> [!NOTE] +> PowerShell versions 5.1 and below (`shell: powershell`) do not use UTF-8 by default, so you must specify the UTF-8 encoding. For example: +> +> ```yaml copy +> jobs: +> legacy-powershell-example: +> runs-on: windows-latest +> steps: +> - shell: powershell +> run: | +> "mypath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append +> ``` +> +> PowerShell Core versions 6 and higher (`shell: pwsh`) use UTF-8 by default. For example: +> +> ```yaml copy +> jobs: +> powershell-core-example: +> runs-on: windows-latest +> steps: +> - shell: pwsh +> run: | +> "mypath" >> $env:GITHUB_PATH +> ``` {% endpowershell %} @@ -667,11 +649,12 @@ You can make an environment variable available to any subsequent steps in a work {% data reusables.actions.environment-variables-are-fixed %} For more information about the default environment variables, see "[AUTOTITLE](/actions/learn-github-actions/environment-variables#default-environment-variables)." -{% ifversion github-env-node-options %}{% note %} +{% ifversion github-env-node-options %} -**Note:** Due to security restrictions, `GITHUB_ENV` cannot be used to set the `NODE_OPTIONS` environment variable. +> [!NOTE] +> Due to security restrictions, `GITHUB_ENV` cannot be used to set the `NODE_OPTIONS` environment variable. -{% endnote %}{% endif %} +{% endif %} ### Example of writing an environment variable to `GITHUB_ENV` @@ -717,11 +700,8 @@ For multiline strings, you may use a delimiter with the following syntax. {delimiter} ``` -{% warning %} - -**Warning:** Make sure the delimiter you're using won't occur on a line of its own within the value. If the value is completely arbitrary then you shouldn't use this format. Write the value to a file instead. - -{% endwarning %} +> [!WARNING] +> Make sure the delimiter you're using won't occur on a line of its own within the value. If the value is completely arbitrary then you shouldn't use this format. Write the value to a file instead. #### Example of a multiline string diff --git a/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows.md b/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows.md index 657f254ea..e5fc94f31 100644 --- a/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows.md +++ b/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows.md @@ -21,11 +21,8 @@ Workflow triggers are events that cause a workflow to run. For more information Some events have multiple activity types. For these events, you can specify which activity types will trigger a workflow run. For more information about what each activity type means, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads)." -{% note %} - -**Note:** Not all webhook events trigger workflows. - -{% endnote %} +> [!NOTE] +> Not all webhook events trigger workflows. ## `branch_protection_rule` @@ -33,11 +30,8 @@ Some events have multiple activity types. For these events, you can specify whic | --------------------- | -------------- | ------------ | -------------| | [`branch_protection_rule`](/webhooks-and-events/webhooks/webhook-events-and-payloads#branch_protection_rule) | - `created`
- `edited`
- `deleted` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#branch_protection_rule)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#branch_protection_rule)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -57,11 +51,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`check_run`](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_run) | - `created`
- `rerequested`
- `completed`
- `requested_action` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_run)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_run)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -81,19 +72,13 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`check_suite`](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_suite) | - `completed` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_suite)." Although only the `completed` activity type is supported, specifying the activity type will keep your workflow specific if more activity types are added in the future. {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_suite)." Although only the `completed` activity type is supported, specifying the activity type will keep your workflow specific if more activity types are added in the future. {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} -{% note %} - -**Note:** To prevent recursive workflows, this event does not trigger workflows if the check suite was created by {% data variables.product.prodname_actions %}. - -{% endnote %} +> [!NOTE] +> To prevent recursive workflows, this event does not trigger workflows if the check suite was created by {% data variables.product.prodname_actions %}. Runs your workflow when check suite activity occurs. A check suite is a collection of the check runs created for a specific commit. Check suites summarize the status and conclusion of the check runs that are in the suite. For information, see "[AUTOTITLE](/rest/guides/using-the-rest-api-to-interact-with-checks)." For information about the check suite APIs, see "[AUTOTITLE](/graphql/reference/objects#checksuite)" in the GraphQL API documentation or "[AUTOTITLE](/rest/checks/suites)." @@ -111,11 +96,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`create`](/webhooks-and-events/webhooks/webhook-events-and-payloads#create) | Not applicable | Last commit on the created branch or tag | Branch or tag created | -{% note %} - -**Note**: An event will not be created when you create more than three tags at once. - -{% endnote %} +> [!NOTE] +> An event will not be created when you create more than three tags at once. Runs your workflow when someone creates a Git reference (Git branch or tag) in the workflow's repository. For information about the APIs to create a Git reference, see "[AUTOTITLE](/graphql/reference/mutations#createref)" in the GraphQL API documentation or "[AUTOTITLE](/rest/git/refs#create-a-reference)." @@ -134,11 +116,8 @@ on: {% data reusables.actions.branch-requirement %} -{% note %} - -**Note**: An event will not be created when you delete more than three tags at once. - -{% endnote %} +> [!NOTE] +> An event will not be created when you delete more than three tags at once. Runs your workflow when someone deletes a Git reference (Git branch or tag) in the workflow's repository. For information about the APIs to delete a Git reference, see "[AUTOTITLE](/graphql/reference/mutations#deleteref)" in the GraphQL API documentation or "[AUTOTITLE](/rest/git/refs#delete-a-reference)." @@ -170,11 +149,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`deployment_status`](/webhooks-and-events/webhooks/webhook-events-and-payloads#deployment_status) | Not applicable | Commit to be deployed | Branch or tag to be deployed (empty if commit)| -{% note %} - -**Note:** When a deployment status's state is set to `inactive`, a workflow run will not be triggered. - -{% endnote %} +> [!NOTE] +> When a deployment status's state is set to `inactive`, a workflow run will not be triggered. Runs your workflow when a third party provides a deployment status. Deployments created with a commit SHA may not have a Git ref. For information about the APIs to create a deployment status, see "[AUTOTITLE](/graphql/reference/mutations#createdeploymentstatus)" in the GraphQL API documentation or "[AUTOTITLE](/rest/deployments#create-a-deployment-status)." @@ -191,11 +167,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`discussion`](/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion) | - `created`
- `edited`
- `deleted`
- `transferred`
- `pinned`
- `unpinned`
- `labeled`
- `unlabeled`
- `locked`
- `unlocked`
- `category_changed`
- `answered`
- `unanswered` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -217,11 +190,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`discussion_comment`](/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion_comment) | - `created`
- `edited`
- `deleted`
| Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion_comment)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#discussion_comment)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -277,11 +247,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`issue_comment`](/webhooks-and-events/webhooks/webhook-events-and-payloads#issue_comment) | - `created`
- `edited`
- `deleted`
| Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#issue_comment)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#issue_comment)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -334,11 +301,8 @@ jobs: | --------------------- | -------------- | ------------ | -------------| | [`issues`](/webhooks-and-events/webhooks/webhook-events-and-payloads#issues) | - `opened`
- `edited`
- `deleted`
- `transferred`
- `pinned`
- `unpinned`
- `closed`
- `reopened`
- `assigned`
- `unassigned`
- `labeled`
- `unlabeled`
- `locked`
- `unlocked`
- `milestoned`
- `demilestoned` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#issues)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#issues)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -358,11 +322,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`label`](/webhooks-and-events/webhooks/webhook-events-and-payloads#label) | - `created`
- `edited`
- `deleted`
| Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#label)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#label)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -386,14 +347,9 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`merge_group`](/webhooks-and-events/webhooks/webhook-events-and-payloads#merge_group) | `checks_requested` | SHA of the merge group | Ref of the merge group | -{% note %} - -**Notes**: - -* {% data reusables.developer-site.multiple_activity_types %} Although only the `checks_requested` activity type is supported, specifying the activity type will keep your workflow specific if more activity types are added in the future. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#merge_group)." {% data reusables.developer-site.limit_workflow_to_activity_types %} -* {% data reusables.actions.merge-group-event-with-required-checks %} - -{% endnote %} +> [!NOTE] +> * {% data reusables.developer-site.multiple_activity_types %} Although only the `checks_requested` activity type is supported, specifying the activity type will keep your workflow specific if more activity types are added in the future. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#merge_group)." {% data reusables.developer-site.limit_workflow_to_activity_types %} +> * {% data reusables.actions.merge-group-event-with-required-checks %} Runs your workflow when a pull request is added to a merge queue, which adds the pull request to a merge group. For more information see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue)". @@ -415,11 +371,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`milestone`](/webhooks-and-events/webhooks/webhook-events-and-payloads#milestone) | - `created`
- `closed`
- `opened`
- `edited`
- `deleted`
| Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#milestone)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#milestone)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -460,26 +413,19 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`project`](/webhooks-and-events/webhooks/webhook-events-and-payloads#project) | - `created`
- `closed`
- `reopened`
- `edited`
- `deleted`
| Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} The `edited` activity type refers to when a {% data variables.projects.projects_v1_board %}, not a column or card on the {% data variables.projects.projects_v1_board %}, is edited. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#project)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} The `edited` activity type refers to when a {% data variables.projects.projects_v1_board %}, not a column or card on the {% data variables.projects.projects_v1_board %}, is edited. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#project)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} -{% note %} - -**Note**: This event only occurs for projects owned by the workflow's repository, not for organization-owned or user-owned projects or for projects owned by another repository. - -{% endnote %} +> [!NOTE] +> This event only occurs for projects owned by the workflow's repository, not for organization-owned or user-owned projects or for projects owned by another repository. {% ifversion fpt or ghec %} -{% note %} -**Note**: This event only occurs for {% data variables.product.prodname_projects_v1 %}. +> [!NOTE] +> This event only occurs for {% data variables.product.prodname_projects_v1 %}. -{% endnote %} {% endif %} Runs your workflow when a {% data variables.projects.projects_v1_board %} is created or modified. For activity related to cards or columns in a {% data variables.projects.projects_v1_board %}, use the [`project_card`](#project_card) or [`project_column`](#project_column) events instead. For more information about {% data variables.projects.projects_v1_boards %}, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/managing-project-boards/about-project-boards)." For information about the {% data variables.projects.projects_v1_board %} APIs, see "[AUTOTITLE](/graphql/reference/objects#project)" in the GraphQL API documentation or "[AUTOTITLE](/rest/projects)." @@ -498,26 +444,19 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`project_card`](/webhooks-and-events/webhooks/webhook-events-and-payloads#project_card) | - `created`
- `moved`
- `converted` to an issue
- `edited`
- `deleted` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#project_card)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#project_card)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} -{% note %} - -**Note**: This event only occurs for projects owned by the workflow's repository, not for organization-owned or user-owned projects or for projects owned by another repository. - -{% endnote %} +> [!NOTE] +> This event only occurs for projects owned by the workflow's repository, not for organization-owned or user-owned projects or for projects owned by another repository. {% ifversion fpt or ghec %} -{% note %} -**Note**: This event only occurs for {% data variables.product.prodname_projects_v1 %}. +> [!NOTE] +> This event only occurs for {% data variables.product.prodname_projects_v1 %}. -{% endnote %} {% endif %} Runs your workflow when a card on a {% data variables.projects.projects_v1_board %} is created or modified. For activity related to {% data variables.projects.projects_v1_boards %} or columns in a {% data variables.projects.projects_v1_board %}, use the [`project`](#project) or [`project_column`](#project_column) event instead. For more information about {% data variables.projects.projects_v1_boards %}, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/managing-project-boards/about-project-boards)." For information about the project card APIs, see "[AUTOTITLE](/graphql/reference/objects#projectcard)" in the GraphQL API documentation or "[AUTOTITLE](/rest/projects/cards)." @@ -536,26 +475,19 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`project_column`](/webhooks-and-events/webhooks/webhook-events-and-payloads#project_column) | - `created`
- `updated`
- `moved`
- `deleted` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#project_column)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#project_column)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} -{% note %} - -**Note**: This event only occurs for projects owned by the workflow's repository, not for organization-owned or user-owned projects or for projects owned by another repository. - -{% endnote %} +> [!NOTE] +> This event only occurs for projects owned by the workflow's repository, not for organization-owned or user-owned projects or for projects owned by another repository. {% ifversion fpt or ghec %} -{% note %} -**Note**: This event only occurs for {% data variables.product.prodname_projects_v1 %}. +> [!NOTE] +> This event only occurs for {% data variables.product.prodname_projects_v1 %}. -{% endnote %} {% endif %} Runs your workflow when a column on a {% data variables.projects.projects_v1_board %} is created or modified. For activity related to {% data variables.projects.projects_v1_boards %} or cards in a {% data variables.projects.projects_v1_board %}, use the [`project`](#project) or [`project_card`](#project_card) event instead. For more information about {% data variables.projects.projects_v1_boards %}, see "[AUTOTITLE](/issues/organizing-your-work-with-project-boards/managing-project-boards/about-project-boards)." For information about the project column APIs, see "[AUTOTITLE](/graphql/reference/objects#projectcolumn)" in the GraphQL API documentation or "[AUTOTITLE](/rest/projects#columns)." @@ -593,20 +525,12 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`pull_request`](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request) | - `assigned`
- `unassigned`
- `labeled`
- `unlabeled`
- `opened`
- `edited`
- `closed`
- `reopened`
- `synchronize`
- `converted_to_draft`
- `locked`
- `unlocked`
{% ifversion fpt or ghec %}- `enqueued`
- `dequeued`
{% endif %}- `milestoned`
- `demilestoned`
- `ready_for_review`
- `review_requested`
- `review_request_removed`
- `auto_merge_enabled`
- `auto_merge_disabled` | Last merge commit on the `GITHUB_REF` branch | PR merge branch `refs/pull/PULL_REQUEST_NUMBER/merge` | -{% note %} - -**Notes**: -* {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request)." By default, a workflow only runs when a `pull_request` event's activity type is `opened`, `synchronize`, or `reopened`. To trigger workflows by different activity types, use the `types` keyword. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onevent_nametypes)." - -* Workflows will not run on `pull_request` activity if the pull request has a merge conflict. The merge conflict must be resolved first. - - Conversely, workflows with the `pull_request_target` event will run even if the pull request has a merge conflict. Before using the `pull_request_target` trigger, you should be aware of the security risks. For more information, see [`pull_request_target`](#pull_request_target). - -* The `pull_request` webhook event payload is empty for merged pull requests and pull requests that come from forked repositories. - -* The value of `GITHUB_REF` varies for a closed pull request depending on whether the pull request has been merged or not. If a pull request was closed but not merged, it will be `refs/pull/PULL_REQUEST_NUMBER/merge`. If a pull request was closed as a result of being merged, it will be the fully qualified `ref` of the branch it was merged into, for example `/refs/heads/main`. - -{% endnote %} +> [!NOTE] +> * {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request)." By default, a workflow only runs when a `pull_request` event's activity type is `opened`, `synchronize`, or `reopened`. To trigger workflows by different activity types, use the `types` keyword. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onevent_nametypes)." +> * Workflows will not run on `pull_request` activity if the pull request has a merge conflict. The merge conflict must be resolved first. +> Conversely, workflows with the `pull_request_target` event will run even if the pull request has a merge conflict. Before using the `pull_request_target` trigger, you should be aware of the security risks. For more information, see [`pull_request_target`](#pull_request_target). +> * The `pull_request` webhook event payload is empty for merged pull requests and pull requests that come from forked repositories. +> * The value of `GITHUB_REF` varies for a closed pull request depending on whether the pull request has been merged or not. If a pull request was closed but not merged, it will be `refs/pull/PULL_REQUEST_NUMBER/merge`. If a pull request was closed as a result of being merged, it will be the fully qualified `ref` of the branch it was merged into, for example `/refs/heads/main`. Runs your workflow when activity on a pull request in the workflow's repository occurs. For example, if no activity types are specified, the workflow runs when a pull request is opened or reopened or when the head branch of the pull request is updated. For activity related to pull request reviews, pull request review comments, or pull request comments, use the [`pull_request_review`](#pull_request_review), [`pull_request_review_comment`](#pull_request_review_comment), or [`issue_comment`](#issue_comment) events instead. For information about the pull request APIs, see "[AUTOTITLE](/graphql/reference/objects#pullrequest)" in the GraphQL API documentation or "[AUTOTITLE](/rest/pulls)." @@ -649,22 +573,19 @@ on: - 'releases/**' ``` -{% note %} - -**Note:** {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: - -```yaml -on: - pull_request: - types: - - opened - branches: - - 'releases/**' - paths: - - '**.js' -``` - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: +> +> ```yaml +> on: +> pull_request: +> types: +> - opened +> branches: +> - 'releases/**' +> paths: +> - '**.js' +> ``` To run a job based on the pull request's head branch name (as opposed to the pull request's base branch name), use the `github.head_ref` context in a conditional. For example, this workflow will run whenever a pull request is opened, but the `run_if` job will only execute if the head of the pull request is a branch whose name starts with `releases/`: @@ -694,22 +615,19 @@ on: - '**.js' ``` -{% note %} - -**Note:** {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: - -```yaml -on: - pull_request: - types: - - opened - branches: - - 'releases/**' - paths: - - '**.js' -``` - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: +> +> ```yaml +> on: +> pull_request: +> types: +> - opened +> branches: +> - 'releases/**' +> paths: +> - '**.js' +> ``` ### Running your `pull_request` workflow when a pull request merges @@ -742,11 +660,8 @@ To run your workflow when a comment on a pull request (not on a pull request's d | --------------------- | -------------- | ------------ | -------------| | [`pull_request_review`](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_review) | - `submitted`
- `edited`
- `dismissed` | Last merge commit on the `GITHUB_REF` branch | PR merge branch `refs/pull/PULL_REQUEST_NUMBER/merge` | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_review)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_review)." {% data reusables.developer-site.limit_workflow_to_activity_types %} Runs your workflow when a pull request review is submitted, edited, or dismissed. A pull request review is a group of pull request review comments in addition to a body comment and a state. For activity related to pull request review comments or pull request comments, use the [`pull_request_review_comment`](#pull_request_review_comment) or [`issue_comment`](#issue_comment) events instead. For information about the pull request review APIs, see "[AUTOTITLE](/graphql/reference/objects#pullrequest)" in the GraphQL API documentation or "[AUTOTITLE](/rest/pulls#reviews)." @@ -783,11 +698,8 @@ jobs: | --------------------- | -------------- | ------------ | -------------| | [`pull_request_review_comment`](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_review_comment) | - `created`
- `edited`
- `deleted`| Last merge commit on the `GITHUB_REF` branch | PR merge branch `refs/pull/PULL_REQUEST_NUMBER/merge` | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_review_comment)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request_review_comment)." {% data reusables.developer-site.limit_workflow_to_activity_types %} Runs your workflow when a pull request review comment is modified. A pull request review comment is a comment on a pull request's diff. For activity related to pull request reviews or pull request comments, use the [`pull_request_review`](#pull_request_review) or [`issue_comment`](#issue_comment) events instead. For information about the pull request review comment APIs, see "[AUTOTITLE](/graphql/reference/objects#pullrequestreviewcomment)" in the GraphQL API documentation or "[AUTOTITLE](/rest/pulls#comments)." @@ -807,11 +719,8 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`pull_request`](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request) | - `assigned`
- `unassigned`
- `labeled`
- `unlabeled`
- `opened`
- `edited`
- `closed`
- `reopened`
- `synchronize`
- `converted_to_draft`
- `ready_for_review`
- `locked`
- `unlocked`
- `review_requested`
- `review_request_removed`
- `auto_merge_enabled`
- `auto_merge_disabled` | Last commit on the PR base branch | PR base branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request)." By default, a workflow only runs when a `pull_request_target` event's activity type is `opened`, `synchronize`, or `reopened`. To trigger workflows by different activity types, use the `types` keyword. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onevent_nametypes)." - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request)." By default, a workflow only runs when a `pull_request_target` event's activity type is `opened`, `synchronize`, or `reopened`. To trigger workflows by different activity types, use the `types` keyword. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onevent_nametypes)." Runs your workflow when activity on a pull request in the workflow's repository occurs. For example, if no activity types are specified, the workflow runs when a pull request is opened or reopened or when the head branch of the pull request is updated. @@ -844,22 +753,19 @@ on: - 'releases/**' ``` -{% note %} - -**Note:** {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: - -```yaml -on: - pull_request_target: - types: - - opened - branches: - - 'releases/**' - paths: - - '**.js' -``` - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: +> +> ```yaml +> on: +> pull_request_target: +> types: +> - opened +> branches: +> - 'releases/**' +> paths: +> - '**.js' +> ``` To run a job based on the pull request's head branch name (as opposed to the pull request's base branch name), use the `github.head_ref` context in a conditional. For example, this workflow will run whenever a pull request is opened, but the `run_if` job will only execute if the head of the pull request is a branch whose name starts with `releases/`: @@ -889,22 +795,19 @@ on: - '**.js' ``` -{% note %} - -**Note:** {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: - -```yaml -on: - pull_request_target: - types: - - opened - branches: - - 'releases/**' - paths: - - '**.js' -``` - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a pull request that includes a change to a JavaScript (`.js`) file is opened on a branch whose name starts with `releases/`: +> +> ```yaml +> on: +> pull_request_target: +> types: +> - opened +> branches: +> - 'releases/**' +> paths: +> - '**.js' +> ``` ### Running your `pull_request_target` workflow when a pull request merges @@ -931,17 +834,11 @@ jobs: | --------------------- | -------------- | ------------ | -------------| | [`push`](/webhooks-and-events/webhooks/webhook-events-and-payloads#push) | Not applicable | Tip commit pushed to the ref. When you delete a branch, the SHA in the workflow run (and its associated refs) reverts to the default branch of the repository. | Updated ref | -{% note %} - -**Note:** The webhook payload available to GitHub Actions does not include the `added`, `removed`, and `modified` attributes in the `commit` object. You can retrieve the full commit object using the API. For information, see "[AUTOTITLE](/graphql/reference/objects#commit)" in the GraphQL API documentation or "[AUTOTITLE](/rest/commits#get-a-commit)." - -{% endnote %} +> [!NOTE] +> The webhook payload available to GitHub Actions does not include the `added`, `removed`, and `modified` attributes in the `commit` object. You can retrieve the full commit object using the API. For information, see "[AUTOTITLE](/graphql/reference/objects#commit)" in the GraphQL API documentation or "[AUTOTITLE](/rest/commits#get-a-commit)." -{% note %} - -**Note**: {% ifversion fpt or ghec or ghes > 3.13 %}Events will not be created if more than 5,000 branches are pushed at once. {% endif %}Events will not be created for tags when more than three tags are pushed at once. - -{% endnote %} +> [!NOTE] +> {% ifversion fpt or ghec or ghes > 3.13 %}Events will not be created if more than 5,000 branches are pushed at once. {% endif %}Events will not be created for tags when more than three tags are pushed at once. Runs your workflow when you push a commit or tag, or when you create a repository from a template. @@ -952,11 +849,8 @@ on: push ``` -{% note %} - -**Note**: When a `push` webhook event triggers a workflow run, the Actions UI's "pushed by" field shows the account of the pusher and not the author or committer. However, if the changes are pushed to a repository using SSH authentication with a deploy key, then the "pushed by" field will be the repository admin who verified the deploy key when it was added it to a repository. - -{% endnote %} +> [!NOTE] +> When a `push` webhook event triggers a workflow run, the Actions UI's "pushed by" field shows the account of the pusher and not the author or committer. However, if the changes are pushed to a repository using SSH authentication with a deploy key, then the "pushed by" field will be the repository admin who verified the deploy key when it was added it to a repository. ### Running your workflow only when a push to specific branches occurs @@ -972,20 +866,17 @@ on: - 'releases/**' ``` -{% note %} - -**Note:** {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a push that includes a change to a JavaScript (`.js`) file is made to a branch whose name starts with `releases/`: - -```yaml -on: - push: - branches: - - 'releases/**' - paths: - - '**.js' -``` - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a push that includes a change to a JavaScript (`.js`) file is made to a branch whose name starts with `releases/`: +> +> ```yaml +> on: +> push: +> branches: +> - 'releases/**' +> paths: +> - '**.js' +> ``` ### Running your workflow only when a push of specific tags occurs @@ -1013,20 +904,17 @@ on: - '**.js' ``` -{% note %} - -**Note:** {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a push that includes a change to a JavaScript (`.js`) file is made to a branch whose name starts with `releases/`: - -```yaml -on: - push: - branches: - - 'releases/**' - paths: - - '**.js' -``` - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.branch-paths-filter %} For example, the following workflow will only run when a push that includes a change to a JavaScript (`.js`) file is made to a branch whose name starts with `releases/`: +> +> ```yaml +> on: +> push: +> branches: +> - 'releases/**' +> paths: +> - '**.js' +> ``` ## `registry_package` @@ -1034,29 +922,19 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`registry_package`](/webhooks-and-events/webhooks/webhook-events-and-payloads#package) | - `published`
- `updated` | Commit of the published package | Branch or tag of the published package | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#registry_package)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#registry_package)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} -{% note %} - -**Note**: When pushing multi-architecture container images, this event occurs once per manifest, so you might observe your workflow triggering multiple times. To mitigate this, and only run your workflow job for the event that contains the actual image tag information, use a conditional: - -{% raw %} - -```yaml -jobs: - job_name: - if: ${{ github.event.registry_package.package_version.container_metadata.tag.name != '' }} -``` - -{% endraw %} - -{% endnote %} +> [!NOTE] +> When pushing multi-architecture container images, this event occurs once per manifest, so you might observe your workflow triggering multiple times. To mitigate this, and only run your workflow job for the event that contains the actual image tag information, use a conditional: +> +> ```yaml +> jobs: +> job_name: +> if: ${{ github.event.registry_package.package_version.container_metadata.tag.name != '' }} +> ``` Runs your workflow when activity related to {% data variables.product.prodname_registry %} occurs in your repository. For more information, see "[{% data variables.product.prodname_registry %} Documentation](/packages)." @@ -1074,23 +952,14 @@ on: | --------------------- | -------------- | ------------ | -------------| | [`release`](/webhooks-and-events/webhooks/webhook-events-and-payloads#release) | - `published`
- `unpublished`
- `created`
- `edited`
- `deleted`
- `prereleased`
- `released` | Last commit in the tagged release | Tag ref of release `refs/tags/` | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#release)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} - -{% note %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#release)." {% data reusables.developer-site.limit_workflow_to_activity_types %} -**Note:** Workflows are not triggered for the `created`, `edited`, or `deleted` activity types for draft releases. When you create your release through the {% data variables.product.product_name %} browser UI, your release may automatically be saved as a draft. +> [!NOTE] +> Workflows are not triggered for the `created`, `edited`, or `deleted` activity types for draft releases. When you create your release through the {% data variables.product.product_name %} browser UI, your release may automatically be saved as a draft. -{% endnote %} - -{% note %} - -**Note:** The `prereleased` type will not trigger for pre-releases published from draft releases, but the `published` type will trigger. If you want a workflow to run when stable _and_ pre-releases publish, subscribe to `published` instead of `released` and `prereleased`. - -{% endnote %} +> [!NOTE] +> The `prereleased` type will not trigger for pre-releases published from draft releases, but the `published` type will trigger. If you want a workflow to run when stable _and_ pre-releases publish, subscribe to `published` instead of `released` and `prereleased`. Runs your workflow when release activity in your repository occurs. For information about the release APIs, see "[AUTOTITLE](/graphql/reference/objects#release)" in the GraphQL API documentation or "[AUTOTITLE](/rest/releases)" in the REST API documentation. @@ -1120,11 +989,8 @@ on: types: [test_result] ``` -{% note %} - -**Note:** The `event_type` value is limited to 100 characters. - -{% endnote %} +> [!NOTE] +> The `event_type` value is limited to 100 characters. Any data that you send through the `client_payload` parameter will be available in the `github.event` context in your workflow. For example, if you send this request body when you create a repository dispatch event: @@ -1155,14 +1021,9 @@ jobs: run: echo $MESSAGE ``` -{% note %} - -**Notes**: - -* The maximum number of top-level properties in `client_payload` is 10. -* The payload can contain a maximum of 65,535 characters. - -{% endnote %} +> [!NOTE] +> * The maximum number of top-level properties in `client_payload` is 10. +> * The payload can contain a maximum of 65,535 characters. ## `schedule` @@ -1170,25 +1031,20 @@ jobs: | --------------------- | -------------- | ------------ | -------------| | Not applicable | Not applicable | Last commit on default branch | Default branch | When the scheduled workflow is set to run. A scheduled workflow uses [POSIX cron syntax](https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07). For more information, see "[AUTOTITLE](/actions/using-workflows#triggering-a-workflow-with-events)." | -{% note %} - -**Notes:** - -* {% data reusables.actions.schedule-delay %} -* This event will only trigger a workflow run if the workflow file is on the default branch. -* Scheduled workflows will only run on the default branch. -* In a public repository, scheduled workflows are automatically disabled when no repository activity has occurred in 60 days. For information on re-enabling a disabled workflow, see "[AUTOTITLE](/enterprise-server@3.12/actions/using-workflows/disabling-and-enabling-a-workflow#enabling-a-workflow)." -* When the last user to commit to the cron schedule of a workflow is removed from the organization, the scheduled workflow will be disabled. If a user with `write` permissions to the repository makes a commit that changes the cron schedule, the scheduled workflow will be reactivated. Note that, in this situation, the workflow is not reactivated by any change to the workflow file; you must alter the `cron` value and commit this change. - - **Example:** - - ```yaml - on: - schedule: - - cron: "15 4,5 * * *" # <=== Change this value - ``` - -{% endnote %} +> [!NOTE] +> * {% data reusables.actions.schedule-delay %} +> * This event will only trigger a workflow run if the workflow file is on the default branch. +> * Scheduled workflows will only run on the default branch. +> * In a public repository, scheduled workflows are automatically disabled when no repository activity has occurred in 60 days. For information on re-enabling a disabled workflow, see "[AUTOTITLE](/enterprise-server@3.12/actions/using-workflows/disabling-and-enabling-a-workflow#enabling-a-workflow)." +> * When the last user to commit to the cron schedule of a workflow is removed from the organization, the scheduled workflow will be disabled. If a user with `write` permissions to the repository makes a commit that changes the cron schedule, the scheduled workflow will be reactivated. Note that, in this situation, the workflow is not reactivated by any change to the workflow file; you must alter the `cron` value and commit this change. +> +> **Example:** +> +> ```yaml +> on: +> schedule: +> - cron: "15 4,5 * * *" # <=== Change this value +> ``` The `schedule` event allows you to trigger a workflow at a scheduled time. @@ -1217,11 +1073,8 @@ You can use these operators in any of the five fields: | - | Range of values | `30 4-6 * * *` runs at minute 30 of the 4th, 5th, and 6th hour. | | / | Step values | `20/15 * * * *` runs every 15 minutes starting from minute 20 through 59 (minutes 20, 35, and 50). | -{% note %} - -**Note:** {% data variables.product.prodname_actions %} does not support the non-standard syntax `@yearly`, `@monthly`, `@weekly`, `@daily`, `@hourly`, and `@reboot`. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_actions %} does not support the non-standard syntax `@yearly`, `@monthly`, `@weekly`, `@daily`, `@hourly`, and `@reboot`. You can use [crontab guru](https://crontab.guru/) to help generate your cron syntax and confirm what time it will run. To help you get started, there is also a list of [crontab guru examples](https://crontab.guru/examples.html). @@ -1268,11 +1121,8 @@ jobs: | --------------------- | -------------- | ------------ | -------------| | [`watch`](/webhooks-and-events/webhooks/webhook-events-and-payloads#watch) | - `started` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} Although only the `started` activity type is supported, specifying the activity type will keep your workflow specific if more activity types are added in the future. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#watch)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} Although only the `started` activity type is supported, specifying the activity type will keep your workflow specific if more activity types are added in the future. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#watch)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} @@ -1376,19 +1226,13 @@ For more information, see the {% data variables.product.prodname_cli %} informat | --------------------- | -------------- | ------------ | -------------| | [`workflow_run`](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_run) | - `completed`
- `requested`
- `in_progress` | Last commit on default branch | Default branch | -{% note %} - -**Note**: {% data reusables.developer-site.multiple_activity_types %} The `requested` activity type does not occur when a workflow is re-run. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_run)." {% data reusables.developer-site.limit_workflow_to_activity_types %} - -{% endnote %} +> [!NOTE] +> {% data reusables.developer-site.multiple_activity_types %} The `requested` activity type does not occur when a workflow is re-run. For information about each activity type, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_run)." {% data reusables.developer-site.limit_workflow_to_activity_types %} {% data reusables.actions.branch-requirement %} -{% note %} - -**Note:** You can't use `workflow_run` to chain together more than three levels of workflows. For example, if you attempt to trigger five workflows (named `B` to `F`) to run sequentially after an initial workflow `A` has run (that is: `A` → `B` → `C` → `D` → `E` → `F`), workflows `E` and `F` will not be run. - -{% endnote %} +> [!NOTE] +> You can't use `workflow_run` to chain together more than three levels of workflows. For example, if you attempt to trigger five workflows (named `B` to `F`) to run sequentially after an initial workflow `A` has run (that is: `A` → `B` → `C` → `D` → `E` → `F`), workflows `E` and `F` will not be run. This event occurs when a workflow run is requested or completed. It allows you to execute a workflow based on execution or completion of another workflow. The workflow started by the `workflow_run` event is able to access secrets and write tokens, even if the previous workflow was not. This is useful in cases where the previous workflow is intentionally not privileged, but you need to take a privileged action in a later workflow. diff --git a/actions/writing-workflows/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution.md b/actions/writing-workflows/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution.md index 601967794..dfcea0362 100644 --- a/actions/writing-workflows/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution.md +++ b/actions/writing-workflows/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution.md @@ -20,8 +20,5 @@ redirect_from: On a skipped job, you should see "This check was skipped." -{% note %} - -**Note:** In some parts of the workflow you cannot use environment variables. Instead you can use contexts to access the value of an environment variable. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables#using-the-env-context-to-access-environment-variable-values)." - -{% endnote %} +> [!NOTE] +> In some parts of the workflow you cannot use environment variables. Instead you can use contexts to access the value of an environment variable. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables#using-the-env-context-to-access-environment-variable-values)." diff --git a/actions/writing-workflows/workflow-syntax-for-github-actions.md b/actions/writing-workflows/workflow-syntax-for-github-actions.md index a97e4415e..c7857c9e8 100644 --- a/actions/writing-workflows/workflow-syntax-for-github-actions.md +++ b/actions/writing-workflows/workflow-syntax-for-github-actions.md @@ -187,11 +187,8 @@ A map of the secrets that can be used in the called workflow. Within the called workflow, you can use the `secrets` context to refer to a secret. -{% note %} - -**Note:** If you are passing the secret to a nested reusable workflow, then you must use [`jobs..secrets`](#jobsjob_idsecrets) again to pass the secret. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows#passing-secrets-to-nested-workflows)." - -{% endnote %} +> [!NOTE] +> If you are passing the secret to a nested reusable workflow, then you must use [`jobs..secrets`](#jobsjob_idsecrets) again to pass the secret. For more information, see "[AUTOTITLE](/actions/using-workflows/reusing-workflows#passing-secrets-to-nested-workflows)." If a caller workflow passes a secret that is not specified in the called workflow, this results in an error. @@ -881,11 +878,8 @@ The maximum number of minutes to let a job run before {% data variables.product. If the timeout exceeds the job execution time limit for the runner, the job will be canceled when the execution time limit is met instead. For more information about job execution time limits, see "[AUTOTITLE](/actions/learn-github-actions/usage-limits-billing-and-administration#usage-limits)" for {% data variables.product.prodname_dotcom %}-hosted runners and "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#usage-limits)" for self-hosted runner usage limits. -{% note %} - -**Note:** {% data reusables.actions.github-token-expiration %} For self-hosted runners, the token may be the limiting factor if the job timeout is greater than 24 hours. For more information on the `GITHUB_TOKEN`, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication#about-the-github_token-secret)." - -{% endnote %} +> [!NOTE] +> {% data reusables.actions.github-token-expiration %} For self-hosted runners, the token may be the limiting factor if the job timeout is greater than 24 hours. For more information on the `GITHUB_TOKEN`, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication#about-the-github_token-secret)." ## `jobs..strategy` @@ -1089,11 +1083,8 @@ volumes: Additional Docker container resource options. For a list of options, see "[`docker create` options](https://docs.docker.com/engine/reference/commandline/create/#options)." -{% warning %} - -**Warning:** The `--network` option is not supported. - -{% endwarning %} +> [!WARNING] +> The `--network` option is not supported. ## `jobs..uses` diff --git a/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md b/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md index 928202f78..935469188 100644 --- a/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md +++ b/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md @@ -100,11 +100,8 @@ ghe-cleanup-caches This utility wipes all existing {% data variables.enterprise.management_console %} settings. -{% tip %} - -**Tip**: {% data reusables.enterprise_enterprise_support.support_will_ask_you_to_run_command %} - -{% endtip %} +> [!TIP] +> {% data reusables.enterprise_enterprise_support.support_will_ask_you_to_run_command %} ```shell ghe-cleanup-settings @@ -796,14 +793,9 @@ Flag | Description `-v/--verbose` | Prints additional information to the console. `-h/--help` | Displays help text for the command. -{% note %} - -**Notes:** - -* This command can only be used to remove a node from a cluster configuration. It cannot be used to remove a node from a high availability configuration. -* This command does not support parallel execution. To remove multiple nodes, you must wait until this command has finished before running it for another node. - -{% endnote %} +> [!NOTE] +> * This command can only be used to remove a node from a cluster configuration. It cannot be used to remove a node from a high availability configuration. +> * This command does not support parallel execution. To remove multiple nodes, you must wait until this command has finished before running it for another node. {% endif %} @@ -1001,11 +993,10 @@ This utility tests the blob storage configuration for {% data variables.product. For more information about the configuration of {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server)." {% ifversion ghes-actions-storage-oidc %} -{% note %} -**Note:** This utility only works with configurations that use a credentials-based connection to the storage provider. To test OpenID Connect (OIDC) configurations, use [`ghe-actions-test-storage-with-oidc`](#ghe-actions-test-storage-with-oidc). +> [!NOTE] +> This utility only works with configurations that use a credentials-based connection to the storage provider. To test OpenID Connect (OIDC) configurations, use [`ghe-actions-test-storage-with-oidc`](#ghe-actions-test-storage-with-oidc). -{% endnote %} {% endif %} ```shell @@ -1024,11 +1015,8 @@ All Storage tests passed This utility checks that the blob storage provider for {% data variables.product.prodname_actions %} on {% data variables.location.product_location %} is valid when OpenID Connect (OIDC) is used. -{% note %} - -**Note:** This utility only works with configurations that use an OpenID Connect (OIDC) configuration. To test credentials-based configurations, use [`ghe-actions-precheck`](#ghe-actions-precheck). - -{% endnote %} +> [!NOTE] +> This utility only works with configurations that use an OpenID Connect (OIDC) configuration. To test credentials-based configurations, use [`ghe-actions-precheck`](#ghe-actions-precheck). ```shell ghe-actions-test-storage-with-oidc -p [PROVIDER] -cs ["CONNECTION-STRING"] @@ -1040,27 +1028,17 @@ ghe-actions-test-storage-with-oidc -p [PROVIDER] -cs ["CONNECTION-STRING"] This utility stops {% data variables.product.prodname_actions %} from running on {% data variables.location.product_location %}. -{% note %} - -**Notes**: - -* {% data reusables.enterprise_enterprise_support.support_will_ask_you_to_run_command %} -* In high availability configurations, run this command from the primary. - -{% endnote %} +> [!NOTE] +> * {% data reusables.enterprise_enterprise_support.support_will_ask_you_to_run_command %} +> * In high availability configurations, run this command from the primary. ### ghe-actions-start This utility starts {% data variables.product.prodname_actions %} on {% data variables.location.product_location %} after it has been previously stopped. -{% note %} - -**Notes**: - -* {% data reusables.enterprise_enterprise_support.support_will_ask_you_to_run_command %} -* In high availability configurations, run this command from the primary. - -{% endnote %} +> [!NOTE] +> * {% data reusables.enterprise_enterprise_support.support_will_ask_you_to_run_command %} +> * In high availability configurations, run this command from the primary. If your system is configured correctly, you'll see the following output: @@ -1367,11 +1345,10 @@ In this example, `ghe-repl-status -vv` sends verbose status information from a r During an upgrade to a feature release, this utility displays the status of background jobs on {% data variables.location.product_location %}. If you're running back-to-back upgrades, you should use this utility to check that all background jobs are complete before proceeding with the next upgrade. {% ifversion ghes < 3.12 %} -{% note %} -**Note:** To use `ghe-check-background-upgrade-jobs` with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later. +> [!NOTE] +> To use `ghe-check-background-upgrade-jobs` with {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}, your instance must run version {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} or later. -{% endnote %} {% endif %} ```shell diff --git a/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md b/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md index 7027d74ab..ffe3e3f20 100644 --- a/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md +++ b/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance.md @@ -66,11 +66,8 @@ If you have an existing backup configuration file, `backup.config`, ensure you c Backup snapshots created by {% data variables.product.prodname_enterprise_backup_utilities %} are written to the disk path set by the `GHE_DATA_DIR` data directory variable in your `backup.config` file. These snapshots need to be stored on a filesystem which supports symbolic and hard links. -{% note %} - -**Note:** We recommend ensuring your snapshots are not kept in a subdirectory of the {% data variables.product.prodname_enterprise_backup_utilities %} installation directory, to avoid inadvertently overwriting your data directory when upgrading {% data variables.product.prodname_enterprise_backup_utilities %} versions. - -{% endnote %} +> [!NOTE] +> We recommend ensuring your snapshots are not kept in a subdirectory of the {% data variables.product.prodname_enterprise_backup_utilities %} installation directory, to avoid inadvertently overwriting your data directory when upgrading {% data variables.product.prodname_enterprise_backup_utilities %} versions. 1. Download the relevant {% data variables.product.prodname_enterprise_backup_utilities %} release from the [Releases](https://github.com/github/backup-utils/releases) page of the github/backup-utils repository. @@ -97,13 +94,11 @@ Backup snapshots created by {% data variables.product.prodname_enterprise_backup 1. If you previously upgraded {% data variables.product.prodname_enterprise_backup_utilities %} using Git, ensure that you copy your existing configuration from `backup.config` into the new file. For more information, see "[Upgrading {% data variables.product.prodname_enterprise_backup_utilities %}](#upgrading-github-enterprise-server-backup-utilities)." 1. Set the `GHE_HOSTNAME` value to your primary {% data variables.product.prodname_ghe_server %} instance's hostname or IP address. - {% note %} - - **Note:** If {% data variables.location.product_location %} is deployed as a cluster or in a high availability configuration using a load balancer, the `GHE_HOSTNAME` can be the load balancer hostname, as long as the load balancer allows SSH access over port 122 to {% data variables.location.product_location %}. - - To ensure a recovered instance is immediately available, perform backups targeting the primary instance even in a geo-replication configuration. + > [!NOTE] + > If {% data variables.location.product_location %} is deployed as a cluster or in a high availability configuration using a load balancer, the `GHE_HOSTNAME` can be the load balancer hostname, as long as the load balancer allows SSH access over port 122 to {% data variables.location.product_location %}. + > + > To ensure a recovered instance is immediately available, perform backups targeting the primary instance even in a geo-replication configuration. - {% endnote %} 1. Set the `GHE_DATA_DIR` value to the filesystem location where you want to store backup snapshots. We recommend choosing a location on the same filesystem as your backup host. 1. To grant your backup host access to your instance, open your primary instance's settings page at `http(s)://HOSTNAME/setup/settings` and add the backup host's SSH key to the list of authorized SSH keys. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh#enabling-access-to-the-administrative-shell-via-ssh)." 1. On your backup host, verify SSH connectivity with {% data variables.location.product_location %} with the `ghe-host-check` command. diff --git a/admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise.md b/admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise.md index 59d8454cd..ef37730d9 100644 --- a/admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise.md +++ b/admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise.md @@ -33,9 +33,10 @@ To prevent new packages from being uploaded, you can set an ecosystem you previo {% data reusables.enterprise_site_admin_settings.management-console %} {% data reusables.enterprise_site_admin_settings.packages-tab %} 1. Under "Ecosystem Toggles", for each package type, select **Enabled**, **Read-Only**, or **Disabled**. - {%- ifversion ghes %}{% note -%} - **Note**: Subdomain isolation must be enabled to toggle the {% data variables.product.prodname_container_registry %} options. - {%- endnote %}{%- endif %} + {%- ifversion ghes %} + > [!NOTE] + > Subdomain isolation must be enabled to toggle the {% data variables.product.prodname_container_registry %} options. + {%- endif %} ![Screenshot of the "Ecosystem toggles" section on the Settings page of the Management Console.](/assets/images/enterprise/site-admin-settings/ecosystem-toggles.png) {% data reusables.enterprise_management_console.save-settings %} diff --git a/admin/configuring-packages/enabling-github-packages-with-aws.md b/admin/configuring-packages/enabling-github-packages-with-aws.md index 7178fba96..cbb4e8295 100644 --- a/admin/configuring-packages/enabling-github-packages-with-aws.md +++ b/admin/configuring-packages/enabling-github-packages-with-aws.md @@ -14,14 +14,10 @@ redirect_from: - /admin/packages/enabling-github-packages-with-aws --- -{% warning %} - -**Warnings:** -* It is critical that you configure any restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible to the public internet. For more information, see "[Setting bucket and object access permissions](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-permissions.html)" in the AWS Documentation. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}. -* We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage. -* Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. - -{% endwarning %} +> [!WARNING] +> * It is critical that you configure any restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible to the public internet. For more information, see "[Setting bucket and object access permissions](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-permissions.html)" in the AWS Documentation. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}. +> * We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage. +> * Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. ## Prerequisites diff --git a/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md b/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md index c1a2e066c..134cd94d4 100644 --- a/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md +++ b/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md @@ -13,14 +13,10 @@ redirect_from: - /admin/packages/enabling-github-packages-with-azure-blob-storage --- -{% warning %} - -**Warnings:** -* It is critical that you set the restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible on the public internet. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}. -* We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage. -* Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. - -{% endwarning %} +> [!WARNING] +> * It is critical that you set the restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible on the public internet. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}. +> * We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage. +> * Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. ## Prerequisites @@ -36,13 +32,10 @@ Before you can enable and configure {% data variables.product.prodname_registry You must create a storage container prior to setting the container name and connection string. - {% note %} - - **Note:** You can find your Azure Connection String by navigating to the Access Key menu in your Azure storage account. - - Usage of a SAS Token or SAS URL as connection string is not currently supported. - - {% endnote %} + > [!NOTE] + > You can find your Azure Connection String by navigating to the Access Key menu in your Azure storage account. + > + > Usage of a SAS Token or SAS URL as connection string is not currently supported. {% data reusables.enterprise_management_console.save-settings %} diff --git a/admin/configuring-packages/enabling-github-packages-with-minio.md b/admin/configuring-packages/enabling-github-packages-with-minio.md index 770e6687e..5325769f3 100644 --- a/admin/configuring-packages/enabling-github-packages-with-minio.md +++ b/admin/configuring-packages/enabling-github-packages-with-minio.md @@ -13,14 +13,11 @@ redirect_from: - /admin/packages/enabling-github-packages-with-minio --- -{% warning %} - -**Warnings:** -* It is critical that you set the restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible on the public internet. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}. -* We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage. -* Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. -* We recommend configuring the TLS for the bucket to avoid possible issues with Package Registry, for example, downloading from NuGet Registry. -{% endwarning %} +> [!WARNING] +> * It is critical that you set the restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible on the public internet. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}. +> * We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage. +> * Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. +> * We recommend configuring the TLS for the bucket to avoid possible issues with Package Registry, for example, downloading from NuGet Registry. ## Prerequisites diff --git a/admin/configuring-settings/configuring-github-connect/about-github-connect.md b/admin/configuring-settings/configuring-github-connect/about-github-connect.md index cb8635f29..b5dc117f6 100644 --- a/admin/configuring-settings/configuring-github-connect/about-github-connect.md +++ b/admin/configuring-settings/configuring-github-connect/about-github-connect.md @@ -71,11 +71,8 @@ If you're connecting to an enterprise on {% data variables.enterprise.data_resid When {% data variables.product.prodname_github_connect %} is enabled, a record on {% data variables.product.prodname_ghe_cloud %} stores information about the connection. If you enable individual features of {% data variables.product.prodname_github_connect %}, additional data is transmitted. -{% note %} - -**Note:** No repositories, issues, or pull requests are ever transmitted from {% data variables.product.product_name %} to {% data variables.product.prodname_ghe_cloud %} by {% data variables.product.prodname_github_connect %}. - -{% endnote %} +> [!NOTE] +> No repositories, issues, or pull requests are ever transmitted from {% data variables.product.product_name %} to {% data variables.product.prodname_ghe_cloud %} by {% data variables.product.prodname_github_connect %}. ### Data transmitted when {% data variables.product.prodname_github_connect %} is enabled diff --git a/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md b/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md index 69df47149..e2cdee276 100644 --- a/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md +++ b/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md @@ -41,11 +41,8 @@ After you {% ifversion dependabot-alerts-ghes-enablement %} set up {% data varia You can also choose to manually sync vulnerability data at any time. For more information, see "[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise)." -{% note %} - -**Note:** When you enable {% data variables.product.prodname_dependabot_alerts %}, no code or information about code from {% data variables.product.prodname_ghe_server %} is uploaded to {% data variables.product.prodname_dotcom_the_website %}. - -{% endnote %} +> [!NOTE] +> When you enable {% data variables.product.prodname_dependabot_alerts %}, no code or information about code from {% data variables.product.prodname_ghe_server %} is uploaded to {% data variables.product.prodname_dotcom_the_website %}. When {% data variables.product.prodname_ghe_server %} receives information about a vulnerability, it identifies repositories that use the affected version of the dependency and generates {% data variables.product.prodname_dependabot_alerts %}. You can choose whether or not to notify users automatically about new {% data variables.product.prodname_dependabot_alerts %}. @@ -55,11 +52,8 @@ For repositories with {% data variables.product.prodname_dependabot_alerts %} en After you enable {% data variables.product.prodname_dependabot_alerts %}, you can choose to enable {% data variables.product.prodname_dependabot_updates %}. When {% data variables.product.prodname_dependabot_updates %} are enabled for {% data variables.product.prodname_ghe_server %}, users can configure repositories so that their dependencies are updated and kept secure automatically. -{% note %} - -**Note:** {% data variables.product.prodname_dependabot_updates %} on {% data variables.product.product_name %} requires {% data variables.product.prodname_actions %} with self-hosted runners. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dependabot_updates %} on {% data variables.product.product_name %} requires {% data variables.product.prodname_actions %} with self-hosted runners. By default, {% data variables.product.prodname_actions %} runners used by {% data variables.product.prodname_dependabot %} need access to the internet, to download updated packages from upstream package managers. For {% data variables.product.prodname_dependabot_updates %} powered by {% data variables.product.prodname_github_connect %}, internet access provides your runners with a token that allows access to dependencies and advisories hosted on {% data variables.product.prodname_dotcom_the_website %}. @@ -106,11 +100,8 @@ Before you can enable {% data variables.product.prodname_dependabot_updates %}: {% ifversion ghes %} -{% note %} - -**Note:** After you enable the dependency graph, you can use the [{% data variables.product.prodname_dependabot %} action](https://github.com/github/dependabot-action). The action will raise an error if any vulnerabilities or invalid licenses are being introduced. {% data reusables.actions.action-bundled-actions %} - -{% endnote %} +> [!NOTE] +> After you enable the dependency graph, you can use the [{% data variables.product.prodname_dependabot %} action](https://github.com/github/dependabot-action). The action will raise an error if any vulnerabilities or invalid licenses are being introduced. {% data reusables.actions.action-bundled-actions %} {% endif %} diff --git a/admin/configuring-settings/configuring-network-settings/changing-the-hostname-for-your-instance.md b/admin/configuring-settings/configuring-network-settings/changing-the-hostname-for-your-instance.md index 61ad17646..81f1c1b14 100644 --- a/admin/configuring-settings/configuring-network-settings/changing-the-hostname-for-your-instance.md +++ b/admin/configuring-settings/configuring-network-settings/changing-the-hostname-for-your-instance.md @@ -38,9 +38,7 @@ In this article, the term "source instance" refers to the instance with the old 1. Optionally, while the destination instance is in maintenance mode, validate the instance's configuration and verify that user data is intact. For more information, see "[AUTOTITLE](/admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode#validating-changes-in-maintenance-mode-using-the-ip-exception-list)." 1. To direct traffic to the destination instance, update the DNS `CNAME` record with the source instance's hostname to resolve to the IP address of the destination instance. - {% note %} + > [!NOTE] + > Restored user-generated content in the instance's web application will likely contain URLs that reference the source instance's old hostname. Optionally, to ensure that these links continue to resolve to the destination instance, you can configure a redirect using DNS. In addition to the `CNAME` record that resolves to the new instance's hostname, configure a second DNS `CNAME` record that directs traffic from the original hostname to the new hostname. For more information, see the documentation for your DNS provider. - **Note**: Restored user-generated content in the instance's web application will likely contain URLs that reference the source instance's old hostname. Optionally, to ensure that these links continue to resolve to the destination instance, you can configure a redirect using DNS. In addition to the `CNAME` record that resolves to the new instance's hostname, configure a second DNS `CNAME` record that directs traffic from the original hostname to the new hostname. For more information, see the documentation for your DNS provider. - - {% endnote %} 1. On the destination instance, disable maintenance mode. diff --git a/admin/configuring-settings/configuring-network-settings/configuring-an-outbound-web-proxy-server.md b/admin/configuring-settings/configuring-network-settings/configuring-an-outbound-web-proxy-server.md index 074f12af7..669796928 100644 --- a/admin/configuring-settings/configuring-network-settings/configuring-an-outbound-web-proxy-server.md +++ b/admin/configuring-settings/configuring-network-settings/configuring-an-outbound-web-proxy-server.md @@ -23,11 +23,8 @@ shortTitle: Configure an outbound proxy When a proxy server is enabled for {% data variables.location.product_location %}, outbound messages sent by {% data variables.product.prodname_ghe_server %} are first sent through the proxy server, unless the destination host is added as an HTTP proxy exclusion. Types of outbound messages include outgoing webhooks, uploading bundles, and fetching legacy avatars. The proxy server's URL is the protocol, domain or IP address, plus the port number, for example `http://127.0.0.1:8123`. -{% note %} - -**Note:** To connect {% data variables.location.product_location %} to {% data variables.product.prodname_dotcom_the_website %}, your proxy configuration must allow connectivity to `github.com` and `api.github.com`. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/managing-github-connect)." - -{% endnote %} +> [!NOTE] +> To connect {% data variables.location.product_location %} to {% data variables.product.prodname_dotcom_the_website %}, your proxy configuration must allow connectivity to `github.com` and `api.github.com`. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/managing-github-connect)." {% data reusables.actions.proxy-considerations %} For more information about using {% data variables.product.prodname_actions %} with {% data variables.product.prodname_ghe_server %}, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server)." diff --git a/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules.md b/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules.md index c93e97066..c28699976 100644 --- a/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules.md +++ b/admin/configuring-settings/configuring-network-settings/configuring-built-in-firewall-rules.md @@ -62,11 +62,8 @@ We do not recommend customizing UFW as it can complicate some troubleshooting is ## Adding custom firewall rules -{% warning %} - -**Warning:** Before you add custom firewall rules, back up your current rules in case you need to reset to a known working state. If you're locked out of your server, visit {% data variables.contact.contact_ent_support %} and contact us to reconfigure the original firewall rules. Restoring the original firewall rules involves downtime for your server. - -{% endwarning %} +> [!WARNING] +> Before you add custom firewall rules, back up your current rules in case you need to reset to a known working state. If you're locked out of your server, visit {% data variables.contact.contact_ent_support %} and contact us to reconfigure the original firewall rules. Restoring the original firewall rules involves downtime for your server. 1. Configure a custom firewall rule. 1. Check the status of each new rule with the `status numbered` command. @@ -87,11 +84,8 @@ After you upgrade {% data variables.location.product_location %}, you must reapp If something goes wrong after you change the firewall rules, you can reset the rules from your original backup. -{% warning %} - -**Warning:** If you didn't back up the original rules before making changes to the firewall, visit {% data variables.contact.contact_ent_support %} and contact us for further assistance. - -{% endwarning %} +> [!WARNING] +> If you didn't back up the original rules before making changes to the firewall, visit {% data variables.contact.contact_ent_support %} and contact us for further assistance. {% data reusables.enterprise_installation.ssh-into-instance %} diff --git a/admin/configuring-settings/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md b/admin/configuring-settings/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md index b50d5c15c..83c28aea2 100644 --- a/admin/configuring-settings/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md +++ b/admin/configuring-settings/configuring-network-settings/configuring-the-ip-address-using-the-virtual-machine-console.md @@ -16,11 +16,9 @@ topics: - Networking shortTitle: Set the IP using the console --- -{% note %} -**Note:** We do not support adding additional network adapters to {% data variables.product.prodname_ghe_server %}. - -{% endnote %} +> [!NOTE] +> We do not support adding additional network adapters to {% data variables.product.prodname_ghe_server %}. {% data reusables.enterprise_installation.open-vm-console-start %} 1. Choose to configure the `IPv4` or `IPv6` protocol. diff --git a/admin/configuring-settings/configuring-network-settings/configuring-time-synchronization.md b/admin/configuring-settings/configuring-network-settings/configuring-time-synchronization.md index 14f629ac0..33cc6ff35 100644 --- a/admin/configuring-settings/configuring-network-settings/configuring-time-synchronization.md +++ b/admin/configuring-settings/configuring-network-settings/configuring-time-synchronization.md @@ -35,13 +35,9 @@ shortTitle: Configure time settings The NTP protocol continuously corrects small time synchronization discrepancies. You can use the administrative shell to synchronize time immediately. -{% note %} - -**Notes:** -* You can't modify the Coordinated Universal Time (UTC) zone. -* You should prevent your hypervisor from trying to set the virtual machine's clock. For more information, see the documentation provided by the virtualization provider. - -{% endnote %} +> [!NOTE] +> * You can't modify the Coordinated Universal Time (UTC) zone. +> * You should prevent your hypervisor from trying to set the virtual machine's clock. For more information, see the documentation provided by the virtualization provider. * Use the `chronyc` command to synchronize the server with the configured NTP server. For example: diff --git a/admin/configuring-settings/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md b/admin/configuring-settings/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md index 8e2c4f5e2..31e348639 100644 --- a/admin/configuring-settings/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md +++ b/admin/configuring-settings/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md @@ -52,11 +52,8 @@ We strongly recommend enabling PROXY protocol support for both your instance and {% data reusables.enterprise_clustering.x-forwarded-for %} -{% warning %} - -**Warning**: If you configure `X-Forwarded-For` support on {% data variables.location.product_location %} and load balancer, you may not be able to connect to the {% data variables.enterprise.management_console %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer#error-your-session-has-expired-for-connections-to-the-management-console)." - -{% endwarning %} +> [!WARNING] +> If you configure `X-Forwarded-For` support on {% data variables.location.product_location %} and load balancer, you may not be able to connect to the {% data variables.enterprise.management_console %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer#error-your-session-has-expired-for-connections-to-the-management-console)." {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} @@ -77,11 +74,8 @@ Health checks allow a load balancer to stop sending traffic to a node that is no If you cannot connect to services on {% data variables.location.product_location %} through a load balancer, you can review the following information to troubleshoot the problem. -{% note %} - -**Note**: Always test changes to your network infrastructure and instance configuration in a staging environment. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)." - -{% endnote %} +> [!NOTE] +> Always test changes to your network infrastructure and instance configuration in a staging environment. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)." ### Error: "Your session has expired" for connections to the {% data variables.enterprise.management_console %} diff --git a/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md b/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md index 76a24fbd8..6ec038bba 100644 --- a/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md +++ b/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md @@ -99,11 +99,8 @@ You can use the following {% data variables.product.prodname_cli %} commands to ### 2. Create a runner group for your enterprise -{% note %} - -**Note:** For the runner group to be accessible by repositories within your organizations, those repositories must have access to that runner group at the organization level. For more information, see "[AUTOTITLE](/actions/using-github-hosted-runners/controlling-access-to-larger-runners#changing-which-repositories-can-access-a-runner-group)." - -{% endnote %} +> [!NOTE] +> For the runner group to be accessible by repositories within your organizations, those repositories must have access to that runner group at the organization level. For more information, see "[AUTOTITLE](/actions/using-github-hosted-runners/controlling-access-to-larger-runners#changing-which-repositories-can-access-a-runner-group)." 1. Create a new runner group for your enterprise. For more information about how to create a runner group, see "[AUTOTITLE](/actions/using-github-hosted-runners/controlling-access-to-larger-runners#creating-a-runner-group-for-an-enterprise)." {% data reusables.actions.workflows.runner-groups-enterprise-organization-access %} @@ -112,11 +109,8 @@ You can use the following {% data variables.product.prodname_cli %} commands to ### 3. Add the {% data variables.product.company_short %}-hosted runner to the enterprise runner group -{% note %} - -**Note:** When adding your {% data variables.product.company_short %}-hosted runner to a runner group, select the runner group you created in the previous procedures. - -{% endnote %} +> [!NOTE] +> When adding your {% data variables.product.company_short %}-hosted runner to a runner group, select the runner group you created in the previous procedures. 1. Add the {% data variables.product.company_short %}-hosted runner to the runner group. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/actions/using-github-hosted-runners/managing-larger-runners#adding-a-larger-runner-to-an-enterprise)." diff --git a/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md b/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md index 04baf66b5..ec2842042 100644 --- a/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md +++ b/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-email-for-notifications.md @@ -45,11 +45,8 @@ settings to allow incoming emails](#configuring-dns-and-firewall-settings-to-all 1. Under "Send test email to," type an address to send the test email to. 1. Click **Send test email**. - {% tip %} - - **Tip:** If SMTP errors occur while sending a test email—such as an immediate delivery failure or an outgoing mail configuration error—you will see them in the Test email settings dialog box. - - {% endtip %} + > [!TIP] + > If SMTP errors occur while sending a test email—such as an immediate delivery failure or an outgoing mail configuration error—you will see them in the Test email settings dialog box. 1. If the test email fails, [troubleshoot your email settings](#troubleshooting-email-delivery). 1. When the test email succeeds, under the "Settings" sidebar, click **Save settings**. diff --git a/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md b/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md index ae6018440..2e7dddcf5 100644 --- a/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md +++ b/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-github-pages-for-your-enterprise.md @@ -24,11 +24,8 @@ shortTitle: Configure GitHub Pages If private mode is enabled on your enterprise, the public cannot access {% data variables.product.prodname_pages %} sites hosted by your enterprise unless you enable public sites. -{% warning %} - -**Warning:** If you enable public sites for {% data variables.product.prodname_pages %}, every site in every repository on your enterprise will be accessible to the public. - -{% endwarning %} +> [!WARNING] +> If you enable public sites for {% data variables.product.prodname_pages %}, every site in every repository on your enterprise will be accessible to the public. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} @@ -50,11 +47,8 @@ If subdomain isolation is disabled for your enterprise, you should also disable You can add or override response headers for {% data variables.product.prodname_pages %} sites hosted by {% data variables.location.product_location %}. -{% warning %} - -**Warning:** Ensure that your response headers are properly configured before saving. Improper configurations may negatively impact the security of {% data variables.location.product_location %}. - -{% endwarning %} +> [!WARNING] +> Ensure that your response headers are properly configured before saving. Improper configurations may negatively impact the security of {% data variables.location.product_location %}. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} diff --git a/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md b/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md index e4e43707b..ff0749cd8 100644 --- a/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md +++ b/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md @@ -21,11 +21,8 @@ To enable interactive maps, you must provide authentication credentials for Azur {% ifversion azure-maps-auth-2023 %} {% ifversion ghes < 3.13 %} -{% warning %} - -**Warning**: Authentication with Azure Maps using an API token is {% data variables.release-phases.retired %} in {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} and later. If you upgrade to the latest release of {% data variables.product.product_name %} on an instance already configured to authenticate with an API token, interactive maps will be disabled. You must reconfigure authentication using role-based access control (RBAC) for an application on a Microsoft Entra ID (previously known as Azure AD) tenant. {% data reusables.enterprise.azure-maps-auth-deprecation-link %} - -{% endwarning %} +> [!WARNING] +> Authentication with Azure Maps using an API token is {% data variables.release-phases.retired %} in {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }}.{% ifversion ghes = 3.10 %}4{% elsif ghes = 3.11 %}1{% endif %} and later. If you upgrade to the latest release of {% data variables.product.product_name %} on an instance already configured to authenticate with an API token, interactive maps will be disabled. You must reconfigure authentication using role-based access control (RBAC) for an application on a Microsoft Entra ID (previously known as Azure AD) tenant. {% data reusables.enterprise.azure-maps-auth-deprecation-link %} {% endif %} {% endif %} diff --git a/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md b/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md index 9adbd0f80..5ec5be839 100644 --- a/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md +++ b/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits.md @@ -33,11 +33,8 @@ Excessive numbers of requests to the {% data variables.product.prodname_enterpri You can exempt a list of users from API rate limits using the `ghe-config` utility in the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-config)." {% endif %} -{% note %} - -**Note:** The {% data variables.enterprise.management_console %} lists the time period (per minute or per hour) for each rate limit. - -{% endnote %} +> [!NOTE] +> The {% data variables.enterprise.management_console %} lists the time period (per minute or per hour) for each rate limit. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} @@ -63,11 +60,8 @@ Setting secondary rate limits protects the overall level of service on {% data v If a member of {% data variables.product.company_short %}'s staff has recommended it, you can apply Git rate limits per repository network or per user ID. Git rate limits are expressed in concurrent operations per minute, and are adaptive based on the current CPU load. -{% warning %} - -**Warning:** We encourage you to leave this setting disabled unless directly recommended by a member of {% data variables.product.company_short %}'s staff. Git operations are rarely the leading driver of CPU and RAM usage. Enabling this feature can make Git operations more likely to fail under high load conditions but does not address the underlying cause of those conditions. - -{% endwarning %} +> [!WARNING] +> We encourage you to leave this setting disabled unless directly recommended by a member of {% data variables.product.company_short %}'s staff. Git operations are rarely the leading driver of CPU and RAM usage. Enabling this feature can make Git operations more likely to fail under high load conditions but does not address the underlying cause of those conditions. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} diff --git a/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md b/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md index 3637844bc..134ff8b81 100644 --- a/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md +++ b/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-web-commit-signing.md @@ -44,11 +44,9 @@ You can enable web commit signing, rotate the private key used for web commit si {% data reusables.enterprise_site_admin_settings.email-settings %} 1. Under "No-reply email address", type the same email address you used when creating the PGP key. - {% note %} + > [!NOTE] + > The "No-reply email address" field will only be displayed if you've enabled email for {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications#configuring-smtp-for-your-enterprise)." - **Note:** The "No-reply email address" field will only be displayed if you've enabled email for {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications#configuring-smtp-for-your-enterprise)." - - {% endnote %} {% data reusables.enterprise_management_console.save-settings %} ## Rotating the private key used for web commit signing diff --git a/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md b/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md index fc5826260..f8b5892a6 100644 --- a/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md +++ b/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-host-keys-for-your-instance.md @@ -26,11 +26,8 @@ Servers that accept SSH connections advertise one or more cryptographic host key By default, {% data variables.location.product_location %} generates and advertises host keys with OpenSSH-style host key rotation. To increase the security of SSH in your environment, you can enable additional algorithms for the generation of host keys. -{% note %} - -**Note**: If you enable additional host key algorithms, clients that do not use OpenSSH for SSH connections may experience warnings during connection, or fail to connect entirely. Some SSH implementations can ignore unsupported algorithms and fall back to a different algorithm. If the client does not support fallback, the connection will fail. For example, the SSH library for Go does not support fallback to a different algorithm. - -{% endnote %} +> [!NOTE] +> If you enable additional host key algorithms, clients that do not use OpenSSH for SSH connections may experience warnings during connection, or fail to connect entirely. Some SSH implementations can ignore unsupported algorithms and fall back to a different algorithm. If the client does not support fallback, the connection will fail. For example, the SSH library for Go does not support fallback to a different algorithm. ## Managing an Ed25519 host key diff --git a/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md b/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md index 713e4819e..640cc13a2 100644 --- a/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md +++ b/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md @@ -27,11 +27,8 @@ You can control the information that {% data variables.product.product_name %} s You can enable the `same-origin` referrer policy to instruct modern browsers to exclude the hostname for {% data variables.location.product_location %} from requests to external websites. The setting applies to all links from the web interface on your instance. By default, {% data variables.product.product_name %} uses the `origin-when-cross-origin` and `strict-origin-when-cross-origin` referrer policies, which means your instance's hostname will appear in HTTP and HTTPS requests to external websites. -{% note %} - -**Note**: Changing the referrer policy to `same-origin` can affect external sites that expect a hostname in the HTTP headers for a request. - -{% endnote %} +> [!NOTE] +> Changing the referrer policy to `same-origin` can affect external sites that expect a hostname in the HTTP headers for a request. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md b/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md index 185d0d92d..09ed0f62e 100644 --- a/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md +++ b/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md @@ -119,11 +119,8 @@ To ensure seamless use of the OIDC CAP while still applying the policy to OAuth ## Using your identity provider's allow list -{% note %} - -**Note:** Using your IdP's allow list is only supported for {% data variables.product.prodname_emus %} with Entra ID and OIDC. - -{% endnote %} +> [!NOTE] +> Using your IdP's allow list is only supported for {% data variables.product.prodname_emus %} with Entra ID and OIDC. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.profile.org_settings %} diff --git a/admin/configuring-settings/index.md b/admin/configuring-settings/index.md index e7c74900b..28aeda352 100644 --- a/admin/configuring-settings/index.md +++ b/admin/configuring-settings/index.md @@ -20,9 +20,8 @@ children: - /configuring-github-connect --- {% ifversion ghes %} -{% note %} -**Note:** To configure {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} for your enterprise, see "[AUTOTITLE](/admin/github-actions)" or "[AUTOTITLE](/admin/packages)." +> [!NOTE] +> To configure {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} for your enterprise, see "[AUTOTITLE](/admin/github-actions)" or "[AUTOTITLE](/admin/packages)." -{% endnote %} {% endif %} diff --git a/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md b/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md index f4257ee96..1d48e3640 100644 --- a/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md +++ b/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md @@ -29,11 +29,8 @@ If you're an organization owner, you can enable {% data variables.product.prodna ## Enabling or disabling {% data variables.product.prodname_github_codespaces %} in your enterprise -{% note %} - -**Note:** If you remove a user's access to {% data variables.product.prodname_github_codespaces %}, the user will immediately be unable to open existing codespaces they have created from an organization's private {% ifversion ghec %}and internal {% endif %}repositories. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization#about-changing-your-settings)." - -{% endnote %} +> [!NOTE] +> If you remove a user's access to {% data variables.product.prodname_github_codespaces %}, the user will immediately be unable to open existing codespaces they have created from an organization's private {% ifversion ghec %}and internal {% endif %}repositories. For more information, see "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/enabling-or-disabling-github-codespaces-for-your-organization#about-changing-your-settings)." {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} diff --git a/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md b/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md index f0e530bee..4786f64a4 100644 --- a/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md +++ b/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md @@ -42,23 +42,15 @@ Before you require use of two-factor authentication, we recommend notifying orga {% data reusables.two_fa.ghes_ntp %} -{% warning %} - -**Warnings:** - -* When you require two-factor authentication for your enterprise, members, outside collaborators, and billing managers (including bot accounts) in all organizations owned by your enterprise who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable two-factor authentication for their account within three months of their removal from your organization. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization)." -* Any organization owner, member, billing manager, or outside collaborator in any of the organizations owned by your enterprise who disables 2FA for their account after you've enabled required two-factor authentication will automatically be removed from the organization. -* If you're the sole owner of an enterprise that requires two-factor authentication, you won't be able to disable 2FA for your user account without disabling required two-factor authentication for the enterprise. - -{% endwarning %} +> [!WARNING] +> * When you require two-factor authentication for your enterprise, members, outside collaborators, and billing managers (including bot accounts) in all organizations owned by your enterprise who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable two-factor authentication for their account within three months of their removal from your organization. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization)." +> * Any organization owner, member, billing manager, or outside collaborator in any of the organizations owned by your enterprise who disables 2FA for their account after you've enabled required two-factor authentication will automatically be removed from the organization. +> * If you're the sole owner of an enterprise that requires two-factor authentication, you won't be able to disable 2FA for your user account without disabling required two-factor authentication for the enterprise. {% ifversion mandatory-2fa-dotcom-contributors %} -{% note %} - -**Note**: Some of the users in your organizations may have been selected for mandatory two-factor authentication enrollment by {% data variables.product.prodname_dotcom_the_website %}, but it has no impact on how you enable the 2FA requirement for the organizations in your enterprise. If you enable the 2FA requirement for organizations in your enterprise, all users without 2FA currently enabled will be removed from the organizations, including those that are required to enable it by {% data variables.product.prodname_dotcom_the_website %}. - -{% endnote %} +> [!NOTE] +> Some of the users in your organizations may have been selected for mandatory two-factor authentication enrollment by {% data variables.product.prodname_dotcom_the_website %}, but it has no impact on how you enable the 2FA requirement for the organizations in your enterprise. If you enable the 2FA requirement for organizations in your enterprise, all users without 2FA currently enabled will be removed from the organizations, including those that are required to enable it by {% data variables.product.prodname_dotcom_the_website %}. {% endif %} @@ -138,11 +130,8 @@ By default, to hide the existence of private resources, when an unauthenticated To prevent confusion from your developers, you can change this behavior so that users are automatically redirected to single sign-on (SSO) through your identity provider (IdP). When you enable automatic redirects, anyone who visits the URL for any of your enterprise's resources will be able to see that the resource exists. However, they'll only be able to see the resource if they have appropriate access after authenticating with your IdP. -{% note %} - -**Note:** If a user is signed in to their personal account when they attempt to access any of your enterprise's resources, they'll be automatically signed out and redirected to SSO to sign in to their {% data variables.enterprise.prodname_managed_user %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts)." - -{% endnote %} +> [!NOTE] +> If a user is signed in to their personal account when they attempt to access any of your enterprise's resources, they'll be automatically signed out and redirected to SSO to sign in to their {% data variables.enterprise.prodname_managed_user %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts)." {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md b/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md index 869afbb87..9fbdd3d84 100644 --- a/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md +++ b/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md @@ -112,11 +112,10 @@ People with admin permissions can set a more granular forking policy. For more i {% endif %} {% ifversion enterprise-namespace-repo-setting %} -{% note %} -**Note:** If {% ifversion ghec %}your enterprise uses {% data variables.product.prodname_emus %} and {% endif %}your "Repository creation" policy prevents enterprise members from creating repositories owned by their user accounts, members will not be allowed to fork a repository in their user accounts, regardless of your "Repository forking" policy. +> [!NOTE] +> If {% ifversion ghec %}your enterprise uses {% data variables.product.prodname_emus %} and {% endif %}your "Repository creation" policy prevents enterprise members from creating repositories owned by their user accounts, members will not be allowed to fork a repository in their user accounts, regardless of your "Repository forking" policy. -{% endnote %} {% endif %} {% data reusables.enterprise-accounts.access-enterprise %} @@ -225,11 +224,8 @@ Across all organizations owned by your enterprise, you can allow members to see ![Screenshot of an issue comment. The header says "ashtom (Thomas Dohmke) commented 1 minute ago," with "(Thomas Dohmke)" outlined in dark orange.](/assets/images/help/issues/commenter-full-name.png) -{% note %} - -**Note:** When this policy is enforced for all repositories in the enterprise, it overrides the organization setting for private repositories. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-display-of-member-names-in-your-organization)". - -{% endnote %} +> [!NOTE] +> When this policy is enforced for all repositories in the enterprise, it overrides the organization setting for private repositories. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-display-of-member-names-in-your-organization)". {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} diff --git a/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md b/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md index da5ed7d2b..269a06830 100644 --- a/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md +++ b/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks.md @@ -41,8 +41,5 @@ Due to risk of failure and performance impact for all users of your instance, we * Avoid API requests within a pre-receive hook. In particular, we strongly discourage that you make requests to external services, which may take longer and can compound performance impact. * Avoid long-running Git operations within a pre-receive hook. If your pre-receive hook performs Git operations within large or busy repositories, your instance's Git and overall performance may be negatively impacted. -{% note %} - -**Note:** To avoid rejection of a push due to a timeout, all combined pre-receive hooks should run in under five seconds. - -{% endnote %} +> [!NOTE] +> To avoid rejection of a push due to a timeout, all combined pre-receive hooks should run in under five seconds. diff --git a/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md b/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md index c01153e6b..a0fc50b61 100644 --- a/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md +++ b/admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-environment.md @@ -73,14 +73,10 @@ You can use a Linux container management tool to build a pre-receive hook enviro tar -czf /path/to/pre-receive-environment.tar.gz . ``` - {% note %} - - **Notes:** - * Do not include leading directory paths of files within the tar archive, such as `/path/to/chroot`. - * `/bin/sh` must exist and be executable, as the entry point into the chroot environment. - * Unlike traditional chroots, the `dev` directory is not required by the chroot environment for pre-receive hooks. - - {% endnote %} + > [!NOTE] + > * Do not include leading directory paths of files within the tar archive, such as `/path/to/chroot`. + > * `/bin/sh` must exist and be executable, as the entry point into the chroot environment. + > * Unlike traditional chroots, the `dev` directory is not required by the chroot environment for pre-receive hooks. For more information about creating a chroot environment see "[Chroot](https://wiki.debian.org/chroot)" from the _Debian Wiki_, "[BasicChroot](https://help.ubuntu.com/community/BasicChroot)" from the _Ubuntu Community Help Wiki_, or "[Installing Alpine Linux in a chroot](https://wiki.alpinelinux.org/wiki/Installing_Alpine_Linux_in_a_chroot)" from the _Alpine Linux Wiki_. diff --git a/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md b/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md index 14dfaf67f..309cd7ddd 100644 --- a/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md +++ b/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md @@ -99,18 +99,11 @@ If you're setting up your AMI for the first time, you will need to create a secu To create the instance, you'll need to launch an EC2 instance with your {% data variables.product.prodname_ghe_server %} AMI and attach an additional storage volume for your instance data. For more information, see "[Hardware considerations](#hardware-considerations)." -{% note %} +> [!NOTE] +> You can encrypt the data disk to gain an extra level of security and ensure that any data you write to your instance is protected. There is a slight performance impact when using encrypted disks. If you decide to encrypt your volume, we strongly recommend doing so **before** starting your instance for the first time. For more information, see the [Amazon guide on EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html). -**Note:** You can encrypt the data disk to gain an extra level of security and ensure that any data you write to your instance is protected. There is a slight performance impact when using encrypted disks. If you decide to encrypt your volume, we strongly recommend doing so **before** starting your instance for the first time. - For more information, see the [Amazon guide on EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html). - -{% endnote %} - -{% warning %} - -**Warning:** If you decide to enable encryption after you've configured your instance, you will need to migrate your data to the encrypted volume, which will incur some downtime for your users. - -{% endwarning %} +> [!WARNING] +> If you decide to enable encryption after you've configured your instance, you will need to migrate your data to the encrypted volume, which will incur some downtime for your users. ### Launching an EC2 instance diff --git a/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md b/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md index 15a4241a6..ba70a5aa5 100644 --- a/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md +++ b/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md @@ -72,11 +72,8 @@ Before launching {% data variables.location.product_location %} on Azure, you'll az vm disk attach --vm-name VM_NAME -g RESOURCE_GROUP --sku Premium_LRS --new -z SIZE_IN_GB --name ghe-data.vhd --caching ReadWrite ``` - {% note %} - - **Note:** For non-production instances to have sufficient I/O throughput, the recommended minimum disk size is 150 GiB with read/write cache enabled (`--caching ReadWrite`). - - {% endnote %} + > [!NOTE] + > For non-production instances to have sufficient I/O throughput, the recommended minimum disk size is 150 GiB with read/write cache enabled (`--caching ReadWrite`). ## Configuring the {% data variables.product.prodname_ghe_server %} virtual machine @@ -94,11 +91,8 @@ To configure the instance, you must confirm the instance's status, upload a lice ``` - {% note %} - - **Note:** Azure does not automatically create a FQDNS entry for the VM. For more information, see the Azure guide [Create a fully qualified domain name in the Azure portal for a Linux VM](https://docs.microsoft.com/azure/virtual-machines/linux/portal-create-fqdn). - - {% endnote %} + > [!NOTE] + > Azure does not automatically create a FQDNS entry for the VM. For more information, see the Azure guide [Create a fully qualified domain name in the Azure portal for a Linux VM](https://docs.microsoft.com/azure/virtual-machines/linux/portal-create-fqdn). {% data reusables.enterprise_installation.copy-the-vm-public-dns-name %} {% data reusables.enterprise_installation.upload-a-license-file %} diff --git a/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md b/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md index 2e0106691..ce559281e 100644 --- a/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md +++ b/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md @@ -21,11 +21,8 @@ shortTitle: Set up a staging instance For example, to protect against loss of data, you can regularly validate the backup of your production instance. You can regularly restore the backup of your production data to a separate {% data variables.product.product_name %} instance in a staging environment. On this staging instance, you could also test the upgrade to the latest feature release of {% data variables.product.product_name %}. -{% tip %} - -**Tip:** You may reuse your existing {% data variables.product.prodname_enterprise %} license file as long as the staging instance is not used in a production capacity. - -{% endtip %} +> [!TIP] +> You may reuse your existing {% data variables.product.prodname_enterprise %} license file as long as the staging instance is not used in a production capacity. ## Considerations for a staging environment @@ -55,11 +52,8 @@ Alternatively, you can create a staging instance that reflects your production c If you want to test changes on an instance that contains the same data and configuration as your production instance, back up the data and configuration from the production instance using {% data variables.product.prodname_enterprise_backup_utilities %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)." -{% warning %} - -**Warning**: If you use {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} in production, your backup will include your production configuration for external storage. To avoid potential loss of data by writing to your production storage from your staging instance, you must configure each feature in steps 3 and 4 before you restore your backup. - -{% endwarning %} +> [!WARNING] +> If you use {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} in production, your backup will include your production configuration for external storage. To avoid potential loss of data by writing to your production storage from your staging instance, you must configure each feature in steps 3 and 4 before you restore your backup. ### 2. Set up a staging instance @@ -71,11 +65,8 @@ If you plan to restore a backup of your production instance, continue to the nex Optionally, if you use {% data variables.product.prodname_actions %} on your production instance, configure the feature on the staging instance before restoring your production backup. If you don't use {% data variables.product.prodname_actions %}, skip to "[1. Configure {% data variables.product.prodname_registry %}](#4-configure-github-packages)." -{% warning %} - -**Warning**: If you don't configure {% data variables.product.prodname_actions %} on the staging instance before restoring your production backup, your staging instance will use your production instance's external storage, which could result in loss of data. We strongly recommended that you use different external storage for your staging instance. For more information, see "[AUTOTITLE](/admin/github-actions/advanced-configuration-and-troubleshooting/using-a-staging-environment)." - -{% endwarning %} +> [!WARNING] +> If you don't configure {% data variables.product.prodname_actions %} on the staging instance before restoring your production backup, your staging instance will use your production instance's external storage, which could result in loss of data. We strongly recommended that you use different external storage for your staging instance. For more information, see "[AUTOTITLE](/admin/github-actions/advanced-configuration-and-troubleshooting/using-a-staging-environment)." {% data reusables.enterprise_installation.ssh-into-staging-instance %} 1. To configure the staging instance to use an external storage provider for {% data variables.product.prodname_actions %}, enter one of the following commands. @@ -91,11 +82,8 @@ Optionally, if you use {% data variables.product.prodname_actions %} on your pro Optionally, if you use {% data variables.product.prodname_registry %} on your production instance, configure the feature on the staging instance before restoring your production backup. If you don't use {% data variables.product.prodname_registry %}, skip to "[1. Restore your production backup](#5-restore-your-production-backup)." -{% warning %} - -**Warning**: If you don't configure {% data variables.product.prodname_registry %} on the staging instance before restoring your production backup, your staging instance will use your production instance's external storage, which could result in loss of data. We strongly recommended that you use different external storage for your staging instance. - -{% endwarning %} +> [!WARNING] +> If you don't configure {% data variables.product.prodname_registry %} on the staging instance before restoring your production backup, your staging instance will use your production instance's external storage, which could result in loss of data. We strongly recommended that you use different external storage for your staging instance. 1. Review the backup you will restore to the staging instance. * If you took the backup with {% data variables.product.prodname_enterprise_backup_utilities %} 3.5 or later, the backup includes the configuration for {% data variables.product.prodname_registry %}. Continue to the next step. @@ -136,19 +124,13 @@ If the staging instance is already configured and you want to overwrite settings To access the staging instance using the same hostname, update your local hosts file to resolve the staging instance's hostname by IP address by editing the `/etc/hosts` file in macOS or Linux, or the `C:\Windows\system32\drivers\etc` file in Windows. -{% note %} - -**Note**: Your staging instance must be accessible from the same hostname as your production instance. Changing the hostname for {% data variables.location.product_location %} is not supported. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-a-hostname)." - -{% endnote %} +> [!NOTE] +> Your staging instance must be accessible from the same hostname as your production instance. Changing the hostname for {% data variables.location.product_location %} is not supported. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-a-hostname)." Then, review the staging instance's configuration in the {% data variables.enterprise.management_console %}. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console)." -{% warning %} - -**Warning**: If you configured {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} for the staging instance, to avoid overwriting production data, ensure that the external storage configuration in the {% data variables.enterprise.management_console %} does not match your production instance. - -{% endwarning %} +> [!WARNING] +> If you configured {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} for the staging instance, to avoid overwriting production data, ensure that the external storage configuration in the {% data variables.enterprise.management_console %} does not match your production instance. ### 7. Apply the instance's configuration diff --git a/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md b/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md index e17f963ab..c4bced72e 100644 --- a/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md +++ b/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md @@ -32,11 +32,9 @@ There are several types of user messages. {% endif %} {% ifversion ghes %} -{% note %} -**Note:** If you are using SAML for authentication, the sign in page is presented by your identity provider and is not customizable via {% data variables.product.prodname_ghe_server %}. - -{% endnote %} +> [!NOTE] +> If you are using SAML for authentication, the sign in page is presented by your identity provider and is not customizable via {% data variables.product.prodname_ghe_server %}. {% data reusables.enterprise.user-messages-markdown %} @@ -87,11 +85,10 @@ If you include Markdown checkboxes in the message, all checkboxes must be select Each time a user sees a mandatory message, an audit log event is created. The event includes the version of the message that the user saw. For more information see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)." {% ifversion display-mandatory-message-again %} {% else %} -{% note %} -**Note:** If you change the mandatory message for {% data variables.location.product_location %}, users who have already acknowledged the message will not see the new message. +> [!NOTE] +> If you change the mandatory message for {% data variables.location.product_location %}, users who have already acknowledged the message will not see the new message. -{% endnote %} {% endif %} {% data reusables.enterprise-accounts.access-enterprise %} @@ -124,11 +121,11 @@ You can also set an announcement banner{% ifversion ghes %} in the administrativ 1. Under "Announcement", in the text field, type the announcement you want displayed in a banner. 1. Optionally, under "Expires on", select the calendar drop-down menu and click an expiration date. {% ifversion ghe-announce-dismiss %} - {% note %} - **Note:** Announcements must either have an expiration date, be user dismissible, or both. + > [!NOTE] + > Announcements must either have an expiration date, be user dismissible, or both. - {% endnote %}{% endif %} + {% endif %} {%- ifversion ghe-announce-dismiss %} 1. Optionally, to allow each user to dismiss the announcement, select **User dismissible**. {%- endif %}{% ifversion custom-banner-messages %} diff --git a/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-projects-using-jira.md b/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-projects-using-jira.md index 37dd9b8b6..e2807b224 100644 --- a/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-projects-using-jira.md +++ b/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-projects-using-jira.md @@ -25,11 +25,9 @@ shortTitle: Project management with Jira {% data reusables.user-settings.oauth_apps %} 1. Click **New {% data variables.product.prodname_oauth_app %}**. - {% note %} + > [!NOTE] + > If you haven't created an app before, this button will say, **Register an application**. - **Note:** If you haven't created an app before, this button will say, **Register an application**. - - {% endnote %} 1. Fill in the application settings: * In the **Application name** field, type "Jira" or any name you would like to use to identify the Jira instance. * In the **Homepage URL** field, type the full URL of your Jira instance. diff --git a/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise.md b/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise.md index a740f6151..5930ce491 100644 --- a/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise.md +++ b/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise.md @@ -19,11 +19,10 @@ shortTitle: Manage your organization roles You can choose to join an organization owned by your enterprise as a member or as an organization owner, change your role within the organization, or leave the organization. {% ifversion ghec %} -{% warning %} -**Warning**: If an organization uses SCIM to provision users, joining the organization this way could have unintended consequences. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations)." +> [!WARNING] +> If an organization uses SCIM to provision users, joining the organization this way could have unintended consequences. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations)." -{% endwarning %} {% endif %} For information about managing other people's roles in an organization, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization)" and "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles)." diff --git a/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md b/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md index 13672d088..1bb97146d 100644 --- a/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md +++ b/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/removing-organizations-from-your-enterprise.md @@ -16,15 +16,12 @@ redirect_from: You can remove an organization that is owned by your enterprise account, so the organization stands alone. -{% warning %} - -**Warning**: When you remove an organization from your enterprise: -* Billing, identity management, 2FA requirements, and other policies for the organization will no longer be governed by your enterprise. -* The organization will be downgraded to the free plan. -* The organization will be governed by our standard Terms of Service. -* Any internal repositories within the organization will be converted to private repositories. - -{% endwarning %} +> [!WARNING] +> When you remove an organization from your enterprise: +> * Billing, identity management, 2FA requirements, and other policies for the organization will no longer be governed by your enterprise. +> * The organization will be downgraded to the free plan. +> * The organization will be governed by our standard Terms of Service. +> * Any internal repositories within the organization will be converted to private repositories. ## Removing an organization from your enterprise diff --git a/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization.md b/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization.md index c2731968b..d8f817a8b 100644 --- a/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization.md +++ b/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization.md @@ -30,15 +30,10 @@ Before you require use of two-factor authentication, we recommend notifying orga {% data reusables.two_fa.ghes_ntp %} -{% warning %} - -**Warnings:** - -* When your require two-factor authentication, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can [reinstate their access privileges and settings](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization). -* When 2FA is required, organization members or outside collaborators who disable 2FA will automatically be removed from the organization. -* If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization. - -{% endwarning %} +> [!WARNING] +> * When your require two-factor authentication, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can [reinstate their access privileges and settings](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization). +> * When 2FA is required, organization members or outside collaborators who disable 2FA will automatically be removed from the organization. +> * If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization. ## Requiring two-factor authentication for an organization diff --git a/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise.md b/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise.md index 5d73fa083..2907f5ffb 100644 --- a/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise.md +++ b/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise.md @@ -13,11 +13,8 @@ redirect_from: - /admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise --- -{% note %} - -**Note:** Temporarily accessing user-owned repositories is currently in {% data variables.release-phases.public_preview %} for {% data variables.product.prodname_emus %} and subject to change. - -{% endnote %} +> [!NOTE] +> Temporarily accessing user-owned repositories is currently in {% data variables.release-phases.public_preview %} for {% data variables.product.prodname_emus %} and subject to change. ## About temporary access to user-owned repositories diff --git a/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/viewing-user-owned-repositories-in-your-enterprise.md b/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/viewing-user-owned-repositories-in-your-enterprise.md index 89ceaabfa..0b13ea7f2 100644 --- a/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/viewing-user-owned-repositories-in-your-enterprise.md +++ b/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/viewing-user-owned-repositories-in-your-enterprise.md @@ -13,11 +13,8 @@ redirect_from: - /admin/user-management/managing-repositories-in-your-enterprise/viewing-user-owned-repositories-in-your-enterprise --- -{% note %} - -**Note:** Viewing user-owned repositories is currently in {% data variables.release-phases.public_preview %} for {% data variables.product.prodname_emus %} and subject to change. - -{% endnote %} +> [!NOTE] +> Viewing user-owned repositories is currently in {% data variables.release-phases.public_preview %} for {% data variables.product.prodname_emus %} and subject to change. If your enterprise uses {% data variables.product.prodname_emus %}, and you've allowed users to create repositories owned by their user accounts, you can view all user-owned repositories within your enterprise. diff --git a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/auditing-users-across-your-enterprise.md b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/auditing-users-across-your-enterprise.md index 6a13f0b05..0fb9eeec9 100644 --- a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/auditing-users-across-your-enterprise.md +++ b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/auditing-users-across-your-enterprise.md @@ -39,14 +39,9 @@ The audit log lists the following information about actions made within your ent * [Which country](#search-based-on-the-location) the action took place in * [The date and time](#search-based-on-the-time-of-action) the action occurred -{% warning %} - -**Notes:** - -* While you can't use text to search for audit entries, you can construct search queries using a variety of filters. {% data variables.product.product_name %} supports many operators for searching across {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/about-searching-on-github)." -* Audit records are available for the last 180 days. - -{% endwarning %} +> [!NOTE] +> * While you can't use text to search for audit entries, you can construct search queries using a variety of filters. {% data variables.product.product_name %} supports many operators for searching across {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/about-searching-on-github)." +> * Audit records are available for the last 180 days. ### Search based on the repository diff --git a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators.md b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators.md index 054039dfa..bfc07a1f3 100644 --- a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators.md +++ b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/enabling-guest-collaborators.md @@ -59,11 +59,9 @@ If you use **Microsoft Entra ID** (previously known as Azure AD) or **Okta** for }, ``` - {% note %} + > [!NOTE] + > The `id` value is critical. If another `id` value is present, the update will fail. - **Note:** The `id` value is critical. If another `id` value is present, the update will fail. - - {% endnote %} 1. Click **Save**. ### Enabling guest collaborators with Okta diff --git a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/exporting-membership-information-for-your-enterprise.md b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/exporting-membership-information-for-your-enterprise.md index 8dc87836c..01cab3d2f 100644 --- a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/exporting-membership-information-for-your-enterprise.md +++ b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/exporting-membership-information-for-your-enterprise.md @@ -17,11 +17,8 @@ You can export aggregated information about your enterprise's members as a membe The membership information report includes the following information. -{% note %} - -**Note:** You can only export the datetime of the user's last activity at the organization level. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization#about-export-of-membership-information)." - -{% endnote %} +> [!NOTE] +> You can only export the datetime of the user's last activity at the organization level. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization#about-export-of-membership-information)." * Username and display name details * Whether the user has two-factor authentication enabled {% ifversion mandatory-2fa-required-overview %}or is required to enable it{% endif %} diff --git a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-organization-members-in-your-enterprise.md b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-organization-members-in-your-enterprise.md index 8d3a34667..331d2b0f6 100644 --- a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-organization-members-in-your-enterprise.md +++ b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-organization-members-in-your-enterprise.md @@ -22,23 +22,16 @@ Members can also be added or removed from an organization at the organization le 1. Select the checkbox next to each user you want to add or remove. 1. At the top of the member list, select the **X user(s) selected** dropdown menu, then click **Add to organizations** or **Remove from organizations**. - {% note %} - - **Note:** - * Users will be added as organization members. If the user is already an organization member or organization owner, the privileges will not be modified. - * Organization owners cannot be removed from the organization via the bulk method. - - {% endnote %} + > [!NOTE] + > * Users will be added as organization members. If the user is already an organization member or organization owner, the privileges will not be modified. + > * Organization owners cannot be removed from the organization via the bulk method. ![Screenshot of the list of enterprise members. A dropdown menu, labeled "1 user selected...", is expanded and highlighted with an orange outline.](/assets/images/help/business-accounts/enterprise-add-or-remove-from-org.png) 1. In the popup, select the organizations you want to add or remove the user from. - {% note %} - - **Note:** You can only select organizations where you're an organization owner. - - {% endnote %} + > [!NOTE] + > You can only select organizations where you're an organization owner. 1. To confirm, click **Add user** or **Remove user**. 1. Optionally, to add or remove multiple users at the same time, select multiple checkboxes. Use the dropdown to select **Add to organizations** or **Remove from organizations**. diff --git a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md index 187c6d8b0..d97e8dd00 100644 --- a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md +++ b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md @@ -24,11 +24,8 @@ Enterprise owners and billing managers automatically have a support entitlement. To add a support entitlement to a user, the user must already be a member of an organization that is owned by your enterprise. -{% note %} - -**Note**: After you add a support entitlement, the enterprise member may need to sign out from {% data variables.contact.contact_landing_page_portal %}, then sign in again, before they can manage tickets. - -{% endnote %} +> [!NOTE] +> After you add a support entitlement, the enterprise member may need to sign out from {% data variables.contact.contact_landing_page_portal %}, then sign in again, before they can manage tickets. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md index 78e470772..0720e4dce 100644 --- a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md +++ b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md @@ -24,11 +24,8 @@ If your enterprise does use {% data variables.product.prodname_emus %}, you must ## Removing a member from your enterprise -{% note %} - -**Note:** If an enterprise member uses only {% data variables.product.prodname_ghe_server %}, and not {% data variables.product.prodname_ghe_cloud %}, you cannot remove the enterprise member this way. - -{% endnote %} +> [!NOTE] +> If an enterprise member uses only {% data variables.product.prodname_ghe_server %}, and not {% data variables.product.prodname_ghe_cloud %}, you cannot remove the enterprise member this way. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.people-tab %} diff --git a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md index 58b2f0225..a9965e779 100644 --- a/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md +++ b/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md @@ -153,11 +153,8 @@ You can see all the pending invitations to become members, administrators, or ou In the list of pending members, for any individual account, you can cancel all invitations to join organizations owned by your enterprise. This does not cancel any invitations for that same person to become an enterprise administrator or outside collaborator. -{% note %} - -**Note:** If an invitation was provisioned via SCIM, you must cancel the invitation via your identity provider (IdP) instead of on {% data variables.product.prodname_dotcom %}. - -{% endnote %} +> [!NOTE] +> If an invitation was provisioned via SCIM, you must cancel the invitation via your identity provider (IdP) instead of on {% data variables.product.prodname_dotcom %}. If you use {% data variables.visual_studio.prodname_vss_ghe %}, the list of pending invitations includes all {% data variables.product.prodname_vs %} subscribers that haven't joined any of your organizations on {% data variables.product.prodname_dotcom %}, even if the subscriber does not have a pending invitation to join an organization. For more information about how to get {% data variables.product.prodname_vs %} subscribers access to {% data variables.product.prodname_enterprise %}, see "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/setting-up-visual-studio-subscriptions-with-github-enterprise)." diff --git a/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md b/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md index 659c29ee8..ba6461a8b 100644 --- a/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md +++ b/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md @@ -56,13 +56,9 @@ You can configure {% data variables.product.prodname_code_scanning %} to run {% ## Provisioning a self-hosted runner -{% note %} - -**Notes:** - * If your enterprise uses {% data variables.product.prodname_dotcom %}-hosted runners with {% data variables.product.prodname_actions %}, proceed directly to configuring {% data variables.product.prodname_code_scanning %} through {% data variables.product.prodname_dotcom_the_website %}. See "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale)." - * With the exception of Swift analysis, default setup can now run on {% data variables.actions.hosted_runners %}. See "[AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/about-larger-runners)" and "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup)." - -{% endnote %} +> [!NOTE] +> * If your enterprise uses {% data variables.product.prodname_dotcom %}-hosted runners with {% data variables.product.prodname_actions %}, proceed directly to configuring {% data variables.product.prodname_code_scanning %} through {% data variables.product.prodname_dotcom_the_website %}. See "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale)." +> * With the exception of Swift analysis, default setup can now run on {% data variables.actions.hosted_runners %}. See "[AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/about-larger-runners)" and "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup)." {% endif %} @@ -78,11 +74,10 @@ If you are using default setup for {% data variables.product.prodname_code_scann You must ensure that Git is in the PATH variable on any self-hosted runners you use to run {% data variables.product.prodname_codeql %} actions. {% ifversion default-setup-self-hosted-runners-GHEC or ghes %} -{% note %} -**Note:** If you use {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} to analyze code written in Python in your enterprise, you must make sure that your self-hosted runner has Python 3 installed. +> [!NOTE] +> If you use {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} to analyze code written in Python in your enterprise, you must make sure that your self-hosted runner has Python 3 installed. -{% endnote %} {% endif %} {% ifversion ghes %} diff --git a/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md b/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md index a03401f84..b61c85874 100644 --- a/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md +++ b/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md @@ -47,10 +47,7 @@ When you enable one or more security and analysis features for existing reposito {% ifversion secret-scanning-custom-link-on-block %} 1. Optionally, to include a resource link in the message that members will see when they attempt to push a secret, select **Add a resource link in the CLI and web UI when a commit is blocked**, then type a URL, and click **Save link**. - {% note %} - - **Note**: When a custom link is configured for an organization, the organization-level value overrides the custom link set for the enterprise. See "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." - - {% endnote %} + > [!NOTE] + > When a custom link is configured for an organization, the organization-level value overrides the custom link set for the enterprise. See "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)." ![Screenshot of the "Push protection" section of the settings for security and analysis features. The checkbox and the text field used for enabling a custom link are outlined in dark orange.](/assets/images/help/organizations/secret-scanning-custom-link.png){% endif %} diff --git a/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md b/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md index 9d31af053..6fce3c645 100644 --- a/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md +++ b/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/configuring-dependabot-to-work-with-limited-internet-access.md @@ -45,11 +45,8 @@ Before configuring {% data variables.product.prodname_dependabot %}, install Doc {%- endif %} - {% note %} - - **Note:** You will need to repeat this step when you upgrade to a new minor version of {% data variables.product.product_name %}, or if you manually update the {% data variables.product.prodname_dependabot %} action from {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom)." - - {% endnote %} + > [!NOTE] + > You will need to repeat this step when you upgrade to a new minor version of {% data variables.product.product_name %}, or if you manually update the {% data variables.product.prodname_dependabot %} action from {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom)." 1. When you have finished adding these images to the runner, you are ready to restrict internet access to the {% data variables.product.prodname_dependabot %} runner, ensuring that it can still access your private registries for the required ecosystems and for {% data variables.product.prodname_ghe_server %}. diff --git a/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md b/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md index 2f02b222e..8d7ea2a26 100644 --- a/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md +++ b/admin/managing-code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md @@ -45,11 +45,9 @@ If your instance uses clustering, you cannot enable the dependency graph with th ghe-config app.dependency-graph.enabled true ``` - {% note %} + > [!NOTE] + > For more information about enabling access to the administrative shell via SSH, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)." - **Note**: For more information about enabling access to the administrative shell via SSH, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)." - - {% endnote %} 1. Apply the configuration. ```shell diff --git a/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md b/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md index ccce4dd5f..09ab8f6cc 100644 --- a/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md +++ b/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md @@ -110,11 +110,9 @@ If any of these services are at or near 100% CPU utilization, or the memory is n For CPU and memory, this shows how much is allocated to the **total** of **all** services (the left value) and how much is available (the right value). In the example above, there is 23 GiB of memory allocated out of 32 GiB total. This means there is 9 GiB of memory available for allocation. - {% warning %} + > [!WARNING] + > Be careful not to allocate more than the total available resources, or services will fail to start. - **Warning:** Be careful not to allocate more than the total available resources, or services will fail to start. - - {% endwarning %} 1. Change directory to `/etc/consul-templates/etc/nomad-jobs/actions`: ```shell diff --git a/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md b/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md index 0d84cb19d..3c76ba002 100644 --- a/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md +++ b/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md @@ -29,11 +29,8 @@ After you restore a {% data variables.product.prodname_ghe_server %} backup to t When you set up a staging environment that includes a {% data variables.product.product_name %} instance with {% data variables.product.prodname_actions %} enabled, you must use a different external storage configuration for {% data variables.product.prodname_actions %} storage than your production environment. -{% warning %} - -**Warning**: If you don't change the storage configuration, your staging instance may be able to write to the same external storage that you use for production, which could result in loss of data. - -{% endwarning %} +> [!WARNING] +> If you don't change the storage configuration, your staging instance may be able to write to the same external storage that you use for production, which could result in loss of data. For more information about storage configuration for {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server#enabling-github-actions-with-your-storage-provider)." diff --git a/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md b/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md index e17ca79a8..12599182d 100644 --- a/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md +++ b/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md @@ -24,13 +24,10 @@ shortTitle: Amazon S3 storage ## Prerequisites -{% note %} - -**Note:** The only {% data variables.product.prodname_dotcom %}-supported S3 storage providers are Amazon S3 and MinIO Gateway for NAS. - -{% data reusables.actions.enterprise-s3-tech-partners %} - -{% endnote %} +> [!NOTE] +> The only {% data variables.product.prodname_dotcom %}-supported S3 storage providers are Amazon S3 and MinIO Gateway for NAS. +> +> {% data reusables.actions.enterprise-s3-tech-partners %} Before enabling {% data variables.product.prodname_actions %}, make sure you have completed the following steps: @@ -93,11 +90,8 @@ To configure {% data variables.product.prodname_ghe_server %} to use OIDC with a For more information on installing the AWS CLI, see the [Amazon documentation](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). - {% warning %} - - **Warning:** If the certificate for {% data variables.location.product_location_enterprise %} changes in the future, you must update the thumbprint value in the Amazon OIDC provider for the OIDC trust to continue to work. - - {% endwarning %} + > [!WARNING] + > If the certificate for {% data variables.location.product_location_enterprise %} changes in the future, you must update the thumbprint value in the Amazon OIDC provider for the OIDC trust to continue to work. ### 2. Create an IAM role diff --git a/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md b/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md index 9447c5566..a21d5b251 100644 --- a/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md +++ b/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md @@ -29,11 +29,9 @@ Before enabling {% data variables.product.prodname_actions %}, make sure you hav * Create your Azure storage account for storing workflow data. {% data variables.product.prodname_actions %} stores its data as block blobs, and two storage account types are supported: * A **general-purpose** storage account (also known as `general-purpose v1` or `general-purpose v2`) using the **standard** performance tier. - {% warning %} + > [!WARNING] + > Using the **premium** performance tier with a general-purpose storage account is not supported. The **standard** performance tier must be selected when creating the storage account, and it cannot be changed later. - **Warning:** Using the **premium** performance tier with a general-purpose storage account is not supported. The **standard** performance tier must be selected when creating the storage account, and it cannot be changed later. - - {% endwarning %} * A **BlockBlobStorage** storage account, which uses the **premium** performance tier. For more information on Azure storage account types and performance tiers, see the [Azure documentation](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview?toc=/azure/storage/blobs/toc.json#types-of-storage-accounts). @@ -61,11 +59,9 @@ To configure {% data variables.product.prodname_ghe_server %} to use OIDC with a 1. For "Issuer", enter `https://HOSTNAME/_services/token`, where `HOSTNAME` is the public hostname for {% data variables.location.product_location_enterprise %}. For example, `https://my-ghes-host.example.com/_services/token`. 1. For "Subject identifier", enter the public hostname for {% data variables.location.product_location_enterprise %}. For example, `my-ghes-host.example.com`. - {% note %} - - **Note:** The subject identifier must only have the hostname of {% data variables.location.product_location_enterprise %}, and _must not_ include the protocol. + > [!NOTE] + > The subject identifier must only have the hostname of {% data variables.location.product_location_enterprise %}, and _must not_ include the protocol. - {% endnote %} 1. For "Name", enter a name for the credential. 1. Click **Add**. diff --git a/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md b/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md index f4b48b629..48d36d6c7 100644 --- a/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md +++ b/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md @@ -15,11 +15,8 @@ redirect_from: - /admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage --- -{% note %} - -**Note:** {% data variables.product.prodname_actions %} support for Google Cloud Storage is currently in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_actions %} support for Google Cloud Storage is currently in {% data variables.release-phases.public_preview %} and subject to change. {% data reusables.actions.enterprise-storage-about %} @@ -91,11 +88,9 @@ To configure {% data variables.product.prodname_ghe_server %} to use OIDC with G google.subject == "my-ghes-host.example.com" ``` - {% note %} - - **Note:** The hostname of {% data variables.location.product_location_enterprise %} used here _must not_ include the protocol. + > [!NOTE] + > The hostname of {% data variables.location.product_location_enterprise %} used here _must not_ include the protocol. - {% endnote %} * Click **Save**. 1. After creating the identity pool, at the top of the identity pool's page, click **Grant access**. * Under "Select service account", select the service account that you created in the previous procedure. diff --git a/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md b/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md index 8052d6e66..45704ffc7 100644 --- a/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md +++ b/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md @@ -41,11 +41,8 @@ Before enabling {% data variables.product.prodname_actions %}, make sure you hav {% data reusables.actions.enterprise-s3-storage-setup %} 1. Under "Authentication", select **Credentials-based**, and enter your storage bucket's details: - {% note %} - - **Note:** For MinIO, you cannot use OpenID Connect (OIDC) authentication. You must use credentials-based authentication. - - {% endnote %} + > [!NOTE] + > For MinIO, you cannot use OpenID Connect (OIDC) authentication. You must use credentials-based authentication. {% data reusables.actions.enterprise-minio-storage-credential-fields %} {%- else %} diff --git a/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md b/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md index 3aeff0043..559fa5e60 100644 --- a/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md +++ b/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md @@ -44,14 +44,9 @@ The peak quantity of connected runners without performance loss depends on such {% data variables.product.company_short %} measured maximum connected runners using multiple repositories, job duration of approximately 10 minutes, and 10 MB artifact uploads. You may experience different performance depending on the overall levels of activity on your instance. -{% note %} - -**Notes:** - -* Beginning with {% data variables.product.prodname_ghe_server %} 3.6, {% data variables.product.company_short %} documents connected runners as opposed to concurrent jobs. Connected runners represents the most runners you can connect and expect to utilize. It should also be noted that connecting more runners than you can expect to utilize can negatively impact performance. - -* Beginning with {% data variables.product.prodname_ghe_server %} 3.5, {% data variables.product.company_short %}'s internal testing uses 3rd generation CPUs to better reflect a typical customer configuration. This change in CPU represents a small portion of the changes to performance targets in this version of {% data variables.product.prodname_ghe_server %}. -{% endnote %} +> [!NOTE] +> * Beginning with {% data variables.product.prodname_ghe_server %} 3.6, {% data variables.product.company_short %} documents connected runners as opposed to concurrent jobs. Connected runners represents the most runners you can connect and expect to utilize. It should also be noted that connecting more runners than you can expect to utilize can negatively impact performance. +> * Beginning with {% data variables.product.prodname_ghe_server %} 3.5, {% data variables.product.company_short %}'s internal testing uses 3rd generation CPUs to better reflect a typical customer configuration. This change in CPU represents a small portion of the changes to performance targets in this version of {% data variables.product.prodname_ghe_server %}. If you plan to enable {% data variables.product.prodname_actions %} for the users of an existing instance, review the levels of activity for users and automations on the instance and ensure that you have provisioned adequate CPU and memory for your users. For more information about monitoring the capacity and performance of {% data variables.product.prodname_ghe_server %}, see "[AUTOTITLE](/admin/enterprise-management/monitoring-your-appliance)." @@ -89,13 +84,10 @@ All other {% data variables.product.prodname_actions %} data, such as the workfl {%- endif %} * S3-compatible MinIO cluster -{% note %} - -**Note:** These are the only storage providers that {% data variables.product.company_short %} supports and can provide assistance with. - -{% data reusables.actions.enterprise-s3-tech-partners %} - -{% endnote %} +> [!NOTE] +> These are the only storage providers that {% data variables.product.company_short %} supports and can provide assistance with. +> +> {% data reusables.actions.enterprise-s3-tech-partners %} ## Networking considerations diff --git a/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md b/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md index db66c5ba1..579a100bb 100644 --- a/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md +++ b/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md @@ -81,15 +81,11 @@ You can create a runner group to manage access to the runner that you added to y {%- ifversion ghec or ghes %} 1. Optionally, to allow public repositories in the selected organizations to use runners in the group, select **Allow public repositories**. - {% warning %} + > [!WARNING] + > {% data reusables.actions.self-hosted-runner-security %} + > + > For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)." - **Warning**: - - {% data reusables.actions.self-hosted-runner-security %} - - For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)." - - {% endwarning %} {%- endif %} {% data reusables.actions.create-runner-group %} 1. Click the "Runners" tab. diff --git a/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md b/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md index 02abec8f6..ac454a5e1 100644 --- a/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md +++ b/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise.md @@ -43,13 +43,9 @@ There is no connection required between {% data variables.location.product_locat Each action is a repository in the `actions` organization, and each action repository includes the necessary tags, branches, and commit SHAs that your workflows can use to reference the action. For information on how to update the bundled official actions, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions)." -{% note %} - -**Notes:** -* When using setup actions (such as `actions/setup-LANGUAGE`) on {% data variables.product.product_name %} with self-hosted runners, you might need to set up the tools cache on runners that do not have internet access. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)." -* When {% data variables.product.product_name %} is updated, bundled actions are automatically replaced with default versions in the upgrade package. - -{% endnote %} +> [!NOTE] +> * When using setup actions (such as `actions/setup-LANGUAGE`) on {% data variables.product.product_name %} with self-hosted runners, you might need to set up the tools cache on runners that do not have internet access. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)." +> * When {% data variables.product.product_name %} is updated, bundled actions are automatically replaced with default versions in the upgrade package. ## Configuring access to actions on {% data variables.product.prodname_dotcom_the_website %} @@ -58,11 +54,10 @@ Each action is a repository in the `actions` organization, and each action repos The recommended approach is to enable automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %}. You can do this by using {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.product_name %} with {% data variables.product.prodname_ghe_cloud %}. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)". {% ifversion ghes %} -{% note %} -**Note:** Before you can configure access to actions on {% data variables.product.prodname_dotcom_the_website %}, you must configure {% data variables.location.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server)." +> [!NOTE] +> Before you can configure access to actions on {% data variables.product.prodname_dotcom_the_website %}, you must configure {% data variables.location.product_location %} to use {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server)." -{% endnote %} {% endif %} {% data reusables.actions.self-hosted-runner-networking-to-dotcom %} diff --git a/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md b/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md index f50b98a5d..c4cd9c90f 100644 --- a/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md +++ b/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md @@ -56,8 +56,5 @@ After using an action from {% data variables.product.prodname_dotcom_the_website 1. To the right of the namespace that you want use in {% data variables.location.product_location %}, click **Unretire**. 1. Go to the relevant organization and create a new repository. - {% tip %} - - **Tip:** When you unretire a namespace, always create the new repository with that name as soon as possible. If a workflow calls the associated action on {% data variables.product.prodname_dotcom_the_website %} before you create the local repository, the namespace will be retired again. For actions used in workflows that run frequently, you may find that a namespace is retired again before you have time to create the local repository. In this case, you can temporarily disable the relevant workflows until you have created the new repository. - - {% endtip %} + > [!TIP] + > When you unretire a namespace, always create the new repository with that name as soon as possible. If a workflow calls the associated action on {% data variables.product.prodname_dotcom_the_website %} before you create the local repository, the namespace will be retired again. For actions used in workflows that run frequently, you may find that a namespace is retired again before you have time to create the local repository. In this case, you can temporarily disable the relevant workflows until you have created the new repository. diff --git a/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md b/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md index 33ce08ba6..e59f9505e 100644 --- a/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md +++ b/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md @@ -34,11 +34,8 @@ If your machine has access to both systems at the same time, you can do the sync The `actions-sync` tool can only download actions from {% data variables.product.prodname_dotcom_the_website %} that are stored in public repositories. -{% note %} - -**Note:** The `actions-sync` tool is intended for use in systems where {% data variables.product.prodname_github_connect %} is not enabled. If you run the tool on a system with {% data variables.product.prodname_github_connect %} enabled, you may see the error `The repository has been retired and cannot be reused`. This indicates that a workflow has used that action directly on {% data variables.product.prodname_dotcom_the_website %} and the namespace is retired on {% data variables.location.product_location %}. See "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." - -{% endnote %} +> [!NOTE] +> The `actions-sync` tool is intended for use in systems where {% data variables.product.prodname_github_connect %} is not enabled. If you run the tool on a system with {% data variables.product.prodname_github_connect %} enabled, you may see the error `The repository has been retired and cannot be reused`. This indicates that a workflow has used that action directly on {% data variables.product.prodname_dotcom_the_website %} and the namespace is retired on {% data variables.location.product_location %}. See "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." ## Prerequisites @@ -46,11 +43,8 @@ The `actions-sync` tool can only download actions from {% data variables.product * You must create a {% data variables.product.pat_generic %} on your enterprise that can create and write to repositories in the destination organizations. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."{% ifversion ghes %} * If you want to sync the bundled actions in the `actions` organization on {% data variables.location.product_location %}, you must be an owner of the `actions` organization. - {% note %} - - **Note:** By default, even site administrators are not owners of the bundled `actions` organization. - - {% endnote %} + > [!NOTE] + > By default, even site administrators are not owners of the bundled `actions` organization. Site administrators can use the `ghe-org-admin-promote` command in the administrative shell to promote a user to be an owner of the bundled `actions` organization. See "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)" and "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-org-admin-promote)." @@ -62,11 +56,8 @@ The `actions-sync` tool can only download actions from {% data variables.product This example demonstrates using the `actions-sync` tool to sync an individual action from {% data variables.product.prodname_dotcom_the_website %} to an enterprise instance. -{% note %} - -**Note:** This example uses the `actions-sync sync` command, which requires concurrent access to both the {% data variables.product.prodname_dotcom_the_website %} API and your enterprise instance's API from your machine. If you can only access one system at a time, you can use the `actions-sync pull` and `push` commands. See the [`actions-sync` README](https://github.com/actions/actions-sync#not-connected-instances). - -{% endnote %} +> [!NOTE] +> This example uses the `actions-sync sync` command, which requires concurrent access to both the {% data variables.product.prodname_dotcom_the_website %} API and your enterprise instance's API from your machine. If you can only access one system at a time, you can use the `actions-sync pull` and `push` commands. See the [`actions-sync` README](https://github.com/actions/actions-sync#not-connected-instances). 1. Download and extract the latest [`actions-sync` release](https://github.com/actions/actions-sync/releases) for your machine's operating system. 1. Create a directory to store cache files for the tool. diff --git a/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md b/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md index 9561e3019..5be74cbef 100644 --- a/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md +++ b/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access.md @@ -27,11 +27,8 @@ The `actions/setup-LANGUAGE` actions normally need internet access to download t You can populate the runner tool cache by running a {% data variables.product.prodname_actions %} workflow on {% data variables.product.prodname_dotcom_the_website %} that uploads a {% data variables.product.prodname_dotcom %}-hosted runner's tool cache as an artifact, which you can then transfer and extract on your internet-disconnected self-hosted runner. -{% note %} - -**Note:** You can only use a {% data variables.product.prodname_dotcom %}-hosted runner's tool cache for a self-hosted runner that has an identical operating system and architecture. For example, if you are using a `ubuntu-22.04` {% data variables.product.prodname_dotcom %}-hosted runner to generate a tool cache, your self-hosted runner must be a 64-bit Ubuntu 22.04 machine. For more information on {% data variables.product.prodname_dotcom %}-hosted runners, see "[AUTOTITLE](/free-pro-team@latest/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources)." - -{% endnote %} +> [!NOTE] +> You can only use a {% data variables.product.prodname_dotcom %}-hosted runner's tool cache for a self-hosted runner that has an identical operating system and architecture. For example, if you are using a `ubuntu-22.04` {% data variables.product.prodname_dotcom %}-hosted runner to generate a tool cache, your self-hosted runner must be a 64-bit Ubuntu 22.04 machine. For more information on {% data variables.product.prodname_dotcom %}-hosted runners, see "[AUTOTITLE](/free-pro-team@latest/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources)." ## Prerequisites diff --git a/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md b/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md index 7076fbab6..9240db4d5 100644 --- a/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md +++ b/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md @@ -46,8 +46,5 @@ Once {% data variables.product.prodname_github_connect %} is configured, you can 1. Configure your workflow's YAML to use `{% data reusables.actions.action-checkout %}`. 1. Each time your workflow runs, the runner will use the specified version of `actions/checkout` from {% data variables.product.prodname_dotcom_the_website %}. - {% note %} - - **Note:** The first time the `checkout` action is used from {% data variables.product.prodname_dotcom_the_website %}, the `actions/checkout` namespace is automatically retired on {% data variables.location.product_location %}. If you ever want to revert to using a local copy of the action, you first need to remove the namespace from retirement. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." - - {% endnote %} + > [!NOTE] + > The first time the `checkout` action is used from {% data variables.product.prodname_dotcom_the_website %}, the `actions/checkout` namespace is automatically retired on {% data variables.location.product_location %}. If you ever want to revert to using a local copy of the action, you first need to remove the namespace from retirement. For more information, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)." diff --git a/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md b/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md index af1bf2228..79a08bc9a 100644 --- a/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md +++ b/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md @@ -100,11 +100,9 @@ After the initial configuration of SAML SSO, the only setting you can update on {% data reusables.emus.sign-in-as-setup-user %} - {% note %} - - **Note**: {% data reusables.enterprise-accounts.emu-password-reset-session %} + > [!NOTE] + > {% data reusables.enterprise-accounts.emu-password-reset-session %} - {% endnote %} {% data reusables.enterprise-accounts.access-enterprise-emu %} {% data reusables.enterprise-accounts.settings-tab %} {% data reusables.enterprise-accounts.security-tab %} @@ -117,11 +115,8 @@ After the initial configuration of SAML SSO, the only setting you can update on 1. Before enabling SAML SSO for your enterprise, to ensure that the information you've entered is correct, click **Test SAML configuration**. {% data reusables.saml.test-must-succeed %} 1. Click **Save**. - {% note %} - - **Note:** After you require SAML SSO for your enterprise and save SAML settings, the setup user will continue to have access to the enterprise and will remain signed in to GitHub along with the {% data variables.enterprise.prodname_managed_users %} provisioned by your IdP who will also have access to the enterprise. - - {% endnote %} + > [!NOTE] + > After you require SAML SSO for your enterprise and save SAML settings, the setup user will continue to have access to the enterprise and will remain signed in to GitHub along with the {% data variables.enterprise.prodname_managed_users %} provisioned by your IdP who will also have access to the enterprise. {% data reusables.enterprise-accounts.download-recovery-codes %} diff --git a/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md b/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md index f7c530a8f..3a15ba026 100644 --- a/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md +++ b/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md @@ -28,21 +28,15 @@ After you disable SAML or OIDC SSO for your enterprise, the following effects ap If you later reconfigure authentication for the enterprise, external groups must be reprovisioned via SCIM, and {% data variables.enterprise.prodname_managed_users %} must be reprovisioned before users can sign in. -{% note %} - -**Note:** When a {% data variables.enterprise.prodname_managed_user %} is suspended, the user's avatar is permanently deleted. If you reprovision the user, the user will need to reupload their avatar. - -{% endnote %} +> [!NOTE] +> When a {% data variables.enterprise.prodname_managed_user %} is suspended, the user's avatar is permanently deleted. If you reprovision the user, the user will need to reupload their avatar. If you want to migrate to a new identity provider (IdP) or tenant rather than disabling authentication entirely, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-your-enterprise-to-a-new-identity-provider-or-tenant)." ## Disabling authentication -{% warning %} - -**Warning**: Disabling authentication and provisioning will prevent your enterprise's {% data variables.enterprise.prodname_managed_users %} from signing in to access your enterprise on {% data variables.product.product_name %}. - -{% endwarning %} +> [!WARNING] +> Disabling authentication and provisioning will prevent your enterprise's {% data variables.enterprise.prodname_managed_users %} from signing in to access your enterprise on {% data variables.product.product_name %}. {% data reusables.emus.sign-in-as-setup-user %} 1. Attempt to access your enterprise account, and use a recovery code to bypass SAML SSO or OIDC. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable)." diff --git a/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication.md b/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication.md index b4d2d76db..1fa8a0bb6 100644 --- a/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication.md +++ b/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication.md @@ -19,11 +19,10 @@ redirect_from: --- {% ifversion ghec %} -{% note %} -**Note:** This article only applies to {% data variables.product.prodname_emus %}. If you use {% data variables.product.prodname_ghe_cloud %} without {% data variables.product.prodname_emus %}, usernames are created by users, not {% data variables.product.prodname_dotcom %}. +> [!NOTE] +> This article only applies to {% data variables.product.prodname_emus %}. If you use {% data variables.product.prodname_ghe_cloud %} without {% data variables.product.prodname_emus %}, usernames are created by users, not {% data variables.product.prodname_dotcom %}. -{% endnote %} {% endif %} ## About usernames with external authentication @@ -142,11 +141,10 @@ When you configure CAS, LDAP, or SAML authentication, {% data variables.product. {% data variables.product.product_name %} creates a mapping between the `NameID` from the IdP and the username on {% data variables.location.product_location %}, so the `NameID` should be persistent, unique, and not subject to change for the lifecycle of the user. {% ifversion ghes %} -{% note %} -**Note**: If the `NameID` for a user does change on the IdP, the person will see an error message when signing in to {% data variables.location.product_location %}. To restore the person's access, you'll need to update the user account's `NameID` mapping. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/updating-a-users-saml-nameid)." +> [!NOTE] +> If the `NameID` for a user does change on the IdP, the person will see an error message when signing in to {% data variables.location.product_location %}. To restore the person's access, you'll need to update the user account's `NameID` mapping. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/updating-a-users-saml-nameid)." -{% endnote %} {% endif %} {% endif %} @@ -164,11 +162,8 @@ To resolve this problem, you must make one of the following changes in your IdP When you change the attribute mapping, usernames of existing {% data variables.enterprise.prodname_managed_users %} will be updated, but nothing else about the accounts will change, including activity history. -{% note %} - -**Note:** {% data variables.contact.github_support %} cannot provide assistance with customizing attribute mappings or configuring custom expressions. You can contact your IdP with any questions. - -{% endnote %} +> [!NOTE] +> {% data variables.contact.github_support %} cannot provide assistance with customizing attribute mappings or configuring custom expressions. You can contact your IdP with any questions. ### Resolving username problems with Entra ID diff --git a/admin/managing-iam/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md b/admin/managing-iam/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md index 70f9e08db..0ae98d672 100644 --- a/admin/managing-iam/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md +++ b/admin/managing-iam/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md @@ -25,11 +25,8 @@ In order to access your enterprise account this way, you must have previously do ## Using a recovery code -{% note %} - -**Note:** If your enterprises uses {% data variables.product.prodname_emus %}, you must sign in as the setup user to use a recovery code. - -{% endnote %} +> [!NOTE] +> If your enterprises uses {% data variables.product.prodname_emus %}, you must sign in as the setup user to use a recovery code. 1. Attempt to access the enterprise account. {% data reusables.saml.recovery-code-access %} diff --git a/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md b/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md index e68cd34da..6e9013a31 100644 --- a/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md +++ b/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes.md @@ -25,11 +25,11 @@ If you did not save your recovery codes when you configured SSO, you can still a {% data reusables.enterprise-accounts.security-tab %} 1. Under{% ifversion oidc-for-emu %} either{% endif %} "Require SAML authentication"{% ifversion oidc-for-emu %} or "Require OIDC authentication"{% endif %}, click **Save your recovery codes**.{% ifversion oidc-for-emu %} - {% note %} - **Note:** OIDC SSO is only available for {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." + > [!NOTE] + > OIDC SSO is only available for {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)." - {% endnote %}{% endif %} + {% endif %} ![Screenshot of the "Authentication security" screen. The "Save your recovery codes" hyperlink is highlighted with an orange outline.](/assets/images/help/enterprises/saml-recovery-codes-link.png) 1. To save your recovery codes, click **Download**, **Print**, or **Copy**. diff --git a/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md b/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md index 6d13799ec..f05dc7f0b 100644 --- a/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md +++ b/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md @@ -177,11 +177,9 @@ If you don't use a partner IdP, or if you only use a partner IdP for authenticat {% data reusables.emus.sign-in-as-setup-user %} - {% note %} + > [!NOTE] + > {% data reusables.enterprise-accounts.emu-password-reset-session %} - **Note**: {% data reusables.enterprise-accounts.emu-password-reset-session %} - - {% endnote %} {% data reusables.enterprise-accounts.access-enterprise-emu %} {% data reusables.enterprise-accounts.settings-tab %} {% data reusables.enterprise-accounts.security-tab %} diff --git a/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta.md b/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta.md index a7f91ad37..b19409414 100644 --- a/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta.md +++ b/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta.md @@ -46,11 +46,10 @@ Alternatively, if you only intend to use Okta for SAML authentication and you wa | Reactivate Users | Users in Okta whose Okta accounts are reactivated and who are assigned back to {% ifversion ghec %}the {% data variables.product.prodname_emu_idp_application %}{% else %}{% data variables.product.company_short %}'s{% endif %} application on Okta will be enabled. | {% ifversion ghec %} -{% note %} -**Note:** {% data variables.product.prodname_emus %} does not support modifications to usernames. +> [!NOTE] +> {% data variables.product.prodname_emus %} does not support modifications to usernames. -{% endnote %} {% endif %} ## Prerequisites @@ -148,11 +147,8 @@ You can also automatically manage organization membership by adding groups to th {% data reusables.enterprise-managed.assigning-roles %} -{% note %} - -**Note:** You can only set the "Roles" attribute for an individual user, not a group. If you want to set roles for everyone in a group that is assigned to the application in Okta, you must use the "Roles" attribute for each group member, individually. - -{% endnote %} +> [!NOTE] +> You can only set the "Roles" attribute for an individual user, not a group. If you want to set roles for everyone in a group that is assigned to the application in Okta, you must use the "Roles" attribute for each group member, individually. ## How do I deprovision users and groups? diff --git a/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md b/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md index d929d4f7f..8c9e1b3c1 100644 --- a/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md +++ b/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups.md @@ -30,11 +30,8 @@ topics: When a change to an IdP group or a new team connection results in a user joining a team in an organization they were not already a member of, the user will automatically be added to the organization. When you disconnect a group from a team, users who became members of the organization via team membership are removed from the organization if they are not assigned membership in the organization by any other means. -{% note %} - -**Note:** Organization owners can also add users to organizations manually, as long as the accounts have already been provisioned via SCIM. - -{% endnote %} +> [!NOTE] +> Organization owners can also add users to organizations manually, as long as the accounts have already been provisioned via SCIM. When group membership changes on your IdP, your IdP sends a SCIM request with the changes to {% data variables.product.prodname_dotcom %} according to the schedule determined by your IdP, so change may not be immediate. Any requests that change team or organization membership will register in the audit log as changes made by the account used to configure user provisioning. @@ -71,11 +68,8 @@ Any member of an organization can create a new team and connect the team to an I Organization owners {% ifversion ghes %}and team maintainers {% endif %}can manage the existing connection between an IdP group and a team.{% ifversion ghec %} If your enterprise does not use {% data variables.enterprise.prodname_managed_users %}, team maintainers can also manage the connection.{% endif %} -{% note %} - -**Note**: Before you connect an existing team on {% data variables.product.prodname_dotcom %} to an IdP group for the first time, all members of the team on {% data variables.product.prodname_dotcom %} must first be removed. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/removing-organization-members-from-a-team)." - -{% endnote %} +> [!NOTE] +> Before you connect an existing team on {% data variables.product.prodname_dotcom %} to an IdP group for the first time, all members of the team on {% data variables.product.prodname_dotcom %} must first be removed. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/removing-organization-members-from-a-team)." {% data reusables.profile.access_profile %} diff --git a/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md b/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md index da0291ad9..56ee38861 100644 --- a/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md +++ b/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md @@ -105,11 +105,8 @@ To ensure that your environment has a single source of truth, you should only pr However, you can safely retrieve information from {% data variables.product.company_short %}'s APIs with `GET` requests in scripts or ad hoc requests by an enterprise owner. -{% warning %} - -**Warning:** If you use a partner IdP for SCIM provisioning, the application on the IdP must be the only system that makes write requests to the API. If you make ad hoc requests using the `POST`, `PUT`, `PATCH`, or `DELETE` methods, subsequent synchronization attempts will fail, and provisioning won't function properly for your enterprise. - -{% endwarning %} +> [!WARNING] +> If you use a partner IdP for SCIM provisioning, the application on the IdP must be the only system that makes write requests to the API. If you make ad hoc requests using the `POST`, `PUT`, `PATCH`, or `DELETE` methods, subsequent synchronization attempts will fail, and provisioning won't function properly for your enterprise. ### Send valid requests to REST API endpoints diff --git a/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md b/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md index 607656e02..e104a2421 100644 --- a/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md +++ b/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md @@ -139,16 +139,12 @@ After you enable SCIM on a {% data variables.product.product_name %} instance, a 1. Sign into your instance as the new enterprise owner. 1. Create a {% data variables.product.pat_v1 %} with **admin:enterprise** scope. Do not specify an expiration date for the {% data variables.product.pat_v1 %}. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)." - {% warning %} + > [!WARNING] + > Ensure that you don't specify an expiration date for the {% data variables.product.pat_v1 %}. If you specify an expiration date, SCIM will no longer function after the expiration date passes. - **Warning**: Ensure that you don't specify an expiration date for the {% data variables.product.pat_v1 %}. If you specify an expiration date, SCIM will no longer function after the expiration date passes. + > [!NOTE] + > You'll need this {% data variables.product.pat_generic %} to test the SCIM configuration, and to configure the application for SCIM on your IdP. Store the token securely in a password manager until you need the token again later in these instructions. - {% endwarning %} - {% note %} - - **Note**: You'll need this {% data variables.product.pat_generic %} to test the SCIM configuration, and to configure the application for SCIM on your IdP. Store the token securely in a password manager until you need the token again later in these instructions. - - {% endnote %} {% data reusables.enterprise_installation.ssh-into-instance %} 1. To enable SCIM, run the commands provided to you by your account manager on {% data variables.contact.contact_enterprise_sales %}. {% data reusables.enterprise_site_admin_settings.wait-for-configuration-run %} diff --git a/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md b/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md index 33fb699a6..729b18136 100644 --- a/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md +++ b/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-oidc-to-saml.md @@ -25,11 +25,8 @@ Then, you will configure SAML and SCIM. At this time, users, groups, and identit If you're new to {% data variables.product.prodname_emus %} and haven't yet configured authentication for your enterprise, you do not need to migrate and can set up SAML single sign-on (SSO) immediately. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users)." -{% warning %} - -**Warning:** {% data reusables.enterprise_user_management.migration-teams-warning %} - -{% endwarning %} +> [!WARNING] +> {% data reusables.enterprise_user_management.migration-teams-warning %} ## Prerequisites diff --git a/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md b/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md index 3774c7fa2..dff53f06f 100644 --- a/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md +++ b/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md @@ -27,11 +27,8 @@ When you migrate from SAML to OIDC, {% data variables.enterprise.prodname_manage If you're new to {% data variables.product.prodname_emus %} and haven't yet configured authentication for your enterprise, you do not need to migrate and can set up OIDC single sign-on immediately. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)." -{% warning %} - -**Warning:** {% data reusables.enterprise_user_management.migration-teams-warning %} - -{% endwarning %} +> [!WARNING] +> {% data reusables.enterprise_user_management.migration-teams-warning %} ## Prerequisites @@ -43,11 +40,8 @@ If you're new to {% data variables.product.prodname_emus %} and haven't yet conf To migrate your enterprise from SAML to OIDC, you will disable your existing {% data variables.product.prodname_emu_idp_application %} application on Entra ID, prepare and begin the migration as the setup user for your enterprise on {% data variables.product.github %}, then install and configure the new application for OIDC on Entra ID. After the migration is complete and Entra ID provisions your users, the users can authenticate to access your enterprise's resources on {% data variables.product.github %} using OIDC. -{% warning %} - -**Warning**: Migration of your enterprise from SAML to OIDC can take up to an hour. During the migration, users cannot access your enterprise on {% data variables.product.github %}. - -{% endwarning %} +> [!WARNING] +> Migration of your enterprise from SAML to OIDC can take up to an hour. During the migration, users cannot access your enterprise on {% data variables.product.github %}. 1. Before you begin the migration, sign in to Azure and disable provisioning in the existing {% data variables.product.prodname_emu_idp_application %} application. 1. If you use [Conditional Access (CA) network location policies](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition) in Entra ID, and you're currently using an IP allow list with your enterprise account or any of the organizations owned by the enterprise account, disable the IP allow lists. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)." @@ -62,11 +56,9 @@ To migrate your enterprise from SAML to OIDC, you will disable your existing {% 1. After you grant consent, a new browser window will open to {% data variables.product.github %} and display a new set of recovery codes for your {% data variables.enterprise.prodname_emu_enterprise %}. Download the codes, then click **Enable OIDC authentication**. 1. Wait for the migration to complete, which can take up to an hour. To check the status of the migration, navigate to your enterprise's authentication security settings page. If "Require SAML authentication" is selected, the migration is still in progress. - {% warning %} - - **Warning:** Do not provision new users from the application on Entra ID during the migration. + > [!WARNING] + > Do not provision new users from the application on Entra ID during the migration. - {% endwarning %} 1. In a new tab or window, while signed in as the setup user, create a {% data variables.product.pat_v1 %} with the **scim:enterprise** scope and **no expiration** and copy it to your clipboard. For more information about creating a new token, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users#creating-a-personal-access-token)." 1. In the provisioning settings for the {% data variables.product.prodname_emu_idp_oidc_application %} application in the Microsoft Entra admin center, under "Tenant URL", type the tenant URL for your enterprise: diff --git a/admin/managing-iam/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md b/admin/managing-iam/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md index ecbe9a9e2..d7a98ee76 100644 --- a/admin/managing-iam/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md +++ b/admin/managing-iam/understanding-iam-for-enterprises/allowing-built-in-authentication-for-users-outside-your-provider.md @@ -28,11 +28,8 @@ If you're unable to add specific accounts to your external authentication provid If you configure built-in authentication and a person successfully authenticates with SAML or CAS, the person will no longer have the option to authenticate with a username and password. If a user successfully authenticates with LDAP, the credentials are no longer considered internal. -{% warning %} - -**Warning:** If you disable built-in authentication, you must individually suspend any users that should no longer have access to the instance. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/suspending-and-unsuspending-users)." - -{% endwarning %} +> [!WARNING] +> If you disable built-in authentication, you must individually suspend any users that should no longer have access to the instance. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/suspending-and-unsuspending-users)." ## Configuring built-in authentication for users outside your provider diff --git a/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md b/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md index 682db400d..27b1238e3 100644 --- a/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md +++ b/admin/managing-iam/using-ldap-for-enterprise-iam/using-ldap.md @@ -54,11 +54,8 @@ After you configure LDAP, users will be able to sign into your instance with the When you configure LDAP access for users via the {% data variables.enterprise.management_console %}, your user licenses aren't used until the first time a user signs in to your instance. However, if you create an account manually using site admin settings, the user license is immediately accounted for. -{% warning %} - -**Warning:** Before configuring LDAP on {% data variables.location.product_location %}, make sure that your LDAP service supports paged results. - -{% endwarning %} +> [!WARNING] +> Before configuring LDAP on {% data variables.location.product_location %}, make sure that your LDAP service supports paged results. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} @@ -117,15 +114,12 @@ You can establish role-based access control for users from your LDAP server by s LDAP sync does not create user accounts on {% data variables.location.product_location %}. For more information, see "[Viewing and creating LDAP users](#viewing-and-creating-ldap-users)." -{% note %} - -**Note:** Using LDAP Synchronization with groups that exceed 1499 members may lead to team membership synchronization failures. - -If you use Active Directory specifically, user lookups and team synchronization may fail when the LDAP groups configured for teams or in the {% data variables.enterprise.management_console %} exceed 1500 members, due to the `MaxValRange` limit in Active Directory. As a workaround, you can use Active Directory groups that contain less than 1500 members, or you can work with your Active Directory administrator to increase the `MaxValRange` value for your domain controllers. For more information, see [View and set LDAP policy in Active Directory by using Ntdsutil.exe](https://learn.microsoft.com/en-US/troubleshoot/windows-server/identity/view-set-ldap-policy-using-ntdsutil) in Microsoft Learn. - -If you need help determining if modifying the `MaxValRange` is the right approach for your Active Directory environment, contact Microsoft Support. - -{% endnote %} +> [!NOTE] +> Using LDAP Synchronization with groups that exceed 1499 members may lead to team membership synchronization failures. +> +> If you use Active Directory specifically, user lookups and team synchronization may fail when the LDAP groups configured for teams or in the {% data variables.enterprise.management_console %} exceed 1500 members, due to the `MaxValRange` limit in Active Directory. As a workaround, you can use Active Directory groups that contain less than 1500 members, or you can work with your Active Directory administrator to increase the `MaxValRange` value for your domain controllers. For more information, see [View and set LDAP policy in Active Directory by using Ntdsutil.exe](https://learn.microsoft.com/en-US/troubleshoot/windows-server/identity/view-set-ldap-policy-using-ntdsutil) in Microsoft Learn. +> +> If you need help determining if modifying the `MaxValRange` is the right approach for your Active Directory environment, contact Microsoft Support. To enable LDAP Sync, in your LDAP settings, select **Synchronization**. @@ -149,22 +143,17 @@ After you enable LDAP sync, a synchronization job will run at the specified time * If an LDAP User field is defined for SSH public keys, synchronize the user's public SSH keys with the LDAP entry. * If an LDAP User field is defined for GPG keys, synchronize the user's GPG keys with the LDAP entry. -{% note %} - -**Note**: LDAP entries can only be marked as disabled if you use Active Directory and the `userAccountControl` attribute is present and flagged with `ACCOUNTDISABLE`. Some variations of Active Directory, such as AD LDS and ADAM, don't support the `userAccountControl` attribute. - -{% endnote %} +> [!NOTE] +> LDAP entries can only be marked as disabled if you use Active Directory and the `userAccountControl` attribute is present and flagged with `ACCOUNTDISABLE`. Some variations of Active Directory, such as AD LDS and ADAM, don't support the `userAccountControl` attribute. A synchronization job will also run at the specified time interval to perform the following operations on each team that has been mapped to an LDAP group: * If a team's corresponding LDAP group has been removed, remove all members from the team. * If LDAP member entries have been removed from the LDAP group, remove the corresponding users from the team. If the user is no longer a member of any team in the organization and is not an owner of the organization, remove the user from the organization. If the user loses access to any repositories as a result, delete any private forks the user has of those repositories. - {% note %} - - **Note:** LDAP Sync will not remove a user from an organization if the user is an owner of that organization. Another organization owner will need to manually remove the user instead. + > [!NOTE] + > LDAP Sync will not remove a user from an organization if the user is an owner of that organization. Another organization owner will need to manually remove the user instead. - {% endnote %} * If LDAP member entries have been added to the LDAP group, add the corresponding users to the team. If the user regains access to any repositories as a result, restore any private forks of the repositories that were deleted because the user lost access in the past 90 days. {% data reusables.enterprise_user_management.ldap-sync-nested-teams %} diff --git a/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md b/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md index d16acfa70..91eafe780 100644 --- a/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md +++ b/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md @@ -111,11 +111,8 @@ For more detailed information about how to enable SAML using Okta, see "[AUTOTIT You can enable or disable SAML authentication for {% data variables.location.product_location %}, or you can edit an existing configuration. You can view and edit authentication settings for {% data variables.product.product_name %} in the {% data variables.enterprise.management_console %}. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console)." -{% note %} - -**Note**: {% data reusables.enterprise.test-in-staging %} - -{% endnote %} +> [!NOTE] +> {% data reusables.enterprise.test-in-staging %} {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} @@ -124,11 +121,8 @@ You can enable or disable SAML authentication for {% data variables.location.pro 1. {% data reusables.enterprise_user_management.built-in-authentication-option %} 1. Optionally, to enable unsolicited response SSO, select **IdP initiated SSO**. By default, {% data variables.product.prodname_ghe_server %} will reply to an unsolicited Identity Provider (IdP) initiated request with an `AuthnRequest` back to the IdP. - {% tip %} - - **Note**: We recommend keeping this value **unselected**. You should enable this feature **only** in the rare instance that your SAML implementation does not support service provider initiated SSO, and when advised by {% data variables.contact.enterprise_support %}. - - {% endtip %} + > [!TIP] + > We recommend keeping this value **unselected**. You should enable this feature **only** in the rare instance that your SAML implementation does not support service provider initiated SSO, and when advised by {% data variables.contact.enterprise_support %}. 1. Optionally, if you do not want your SAML provider to determine administrator rights for users on {% data variables.location.product_location %}, select **Disable administrator demotion/promotion** {%- ifversion ghes %} diff --git a/admin/managing-iam/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md b/admin/managing-iam/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md index aa4287543..896b7ee89 100644 --- a/admin/managing-iam/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md +++ b/admin/managing-iam/using-saml-for-enterprise-iam/disabling-saml-single-sign-on-for-your-enterprise.md @@ -23,11 +23,8 @@ After you disable SAML SSO for your enterprise, the following effects apply: {% data reusables.enterprise-accounts.access-enterprise %} - {% note %} - - **Note:** If you're unable to access the enterprise because your IdP is unavailable, you can use a recovery code to bypass SSO. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable)." - - {% endnote %} + > [!NOTE] + > If you're unable to access the enterprise because your IdP is unavailable, you can use a recovery code to bypass SSO. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable)." {% data reusables.enterprise-accounts.settings-tab %} {% data reusables.enterprise-accounts.security-tab %} diff --git a/admin/managing-iam/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md b/admin/managing-iam/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md index abddbb4fe..6c70faf5f 100644 --- a/admin/managing-iam/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md +++ b/admin/managing-iam/using-saml-for-enterprise-iam/enabling-encrypted-assertions.md @@ -29,11 +29,8 @@ To enable encrypted assertions for authentication to {% data variables.product.p To enable encrypted assertions, you must provide {% data variables.location.product_location %}'s public certificate to your IdP, and configure encryption settings that match your IdP. -{% note %} - -**Note**: {% data reusables.enterprise.test-in-staging %} - -{% endnote %} +> [!NOTE] +> {% data reusables.enterprise.test-in-staging %} 1. Optionally, enable SAML debugging. SAML debugging records verbose entries in {% data variables.product.product_name %}'s authentication log, and may help you troubleshoot failed authentication attempts. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication#configuring-saml-debugging)." {% data reusables.enterprise_site_admin_settings.access-settings %} diff --git a/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md b/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md index d4b39fb35..744d83d1a 100644 --- a/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md +++ b/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md @@ -30,14 +30,9 @@ For more information about SAML response requirements, see "[AUTOTITLE](/admin/i You can configure {% data variables.product.product_name %} to write verbose debug logs for every SAML authentication attempt. You may be able to troubleshoot failed authentication attempts with this extra output. -{% warning %} - -**Warnings**: - -* Only enable SAML debugging temporarily, and disable debugging immediately after you finish troubleshooting. If you leave debugging enabled, the size of the {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}logs{% endif %} increases much faster than usual, which can negatively impact the performance of {% data variables.product.product_name %}. -* Test new authentication settings for {% data variables.location.product_location %} in a staging environment before you apply the settings in your production environment. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)." - -{% endwarning %} +> [!WARNING] +> * Only enable SAML debugging temporarily, and disable debugging immediately after you finish troubleshooting. If you leave debugging enabled, the size of the {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}logs{% endif %} increases much faster than usual, which can negatively impact the performance of {% data variables.product.product_name %}. +> * Test new authentication settings for {% data variables.location.product_location %} in a staging environment before you apply the settings in your production environment. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)." {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} diff --git a/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md b/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md index 1ca94de3f..a704f81a7 100644 --- a/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md +++ b/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md @@ -17,11 +17,8 @@ When you create an enterprise, you choose a "slug" for the enterprise, which is If your company pays for {% data variables.product.prodname_ghe_cloud %} by credit card or PayPal, you can change the slug in the settings for your enterprise. When you change the slug, {% data variables.product.company_short %} does not set up any redirects from the old URL. Your old enterprise slug will immediately become available for another customer to use. -{% note %} - -**Note:** If you pay for {% data variables.product.prodname_ghe_cloud %} via invoice, or if your enterprise uses {% data variables.product.prodname_emus %}, you must contact {% data variables.contact.contact_enterprise_sales %} to change your enterprise slug. - -{% endnote %} +> [!NOTE] +> If you pay for {% data variables.product.prodname_ghe_cloud %} via invoice, or if your enterprise uses {% data variables.product.prodname_emus %}, you must contact {% data variables.contact.contact_enterprise_sales %} to change your enterprise slug. ## Considerations when changing your enterprise slug @@ -49,11 +46,8 @@ If your enterprise is linked to one or more {% data variables.product.prodname_g ## Changing the enterprise slug -{% note %} - -**Note:** Before changing the slug for an enterprise, make sure you have understood the potential consequences. For more information, see "[Considerations when changing your enterprise slug](#considerations-when-changing-your-enterprise-slug)." - -{% endnote %} +> [!NOTE] +> Before changing the slug for an enterprise, make sure you have understood the potential consequences. For more information, see "[Considerations when changing your enterprise slug](#considerations-when-changing-your-enterprise-slug)." {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} diff --git a/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/accessing-reports-for-your-instance.md b/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/accessing-reports-for-your-instance.md index d0fcc3a80..e3fc9165d 100644 --- a/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/accessing-reports-for-your-instance.md +++ b/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/accessing-reports-for-your-instance.md @@ -45,11 +45,8 @@ curl --remote-name \ To access the other reports programmatically, replace `all_users` with `active_users`, `dormant_users`, `suspended_users`, `all_organizations`, or `all_repositories`. -{% note %} - -**Note:** The initial curl request will return an HTTP `202` response if there are no cached reports available. Your instance will generate a report in the background. You can send a second request to download the report. You can use a password or an OAuth token with the `site_admin` scope in place of a password. - -{% endnote %} +> [!NOTE] +> The initial curl request will return an HTTP `202` response if there are no cached reports available. Your instance will generate a report in the background. You can send a second request to download the report. You can use a password or an OAuth token with the `site_admin` scope in place of a password. ## User reports diff --git a/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md b/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md index 0fdba7b64..d34fc1e21 100644 --- a/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md +++ b/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md @@ -24,11 +24,8 @@ topics: ## About audit logs -{% note %} - -**Note:** {% data reusables.webhooks.webhooks-as-audit-log-alternative %} - -{% endnote %} +> [!NOTE] +> {% data reusables.webhooks.webhooks-as-audit-log-alternative %} {% data reusables.audit_log.retention-periods %} diff --git a/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise.md b/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise.md index 6728c7038..7b27b3472 100644 --- a/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise.md +++ b/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise.md @@ -51,11 +51,8 @@ Before you can enable Git events in the audit log, you must configure a retentio {% data reusables.audit_log.audit-data-retention-tab %} 1. Under "Git event opt-in", select or deselect **Enable git events in the audit-log**. - {% note %} - - **Note:** The retention policy must be set to something other than infinite for this option to display. - - {% endnote %} + > [!NOTE] + > The retention policy must be set to something other than infinite for this option to display. ![Screenshot of the audit log. The checkbox to enable Git events in the audit log is highlighted with an orange outline.](/assets/images/help/enterprises/enable-git-events-checkbox.png) 1. Click **Save**. diff --git a/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md b/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md index 81f1b9075..b80e2dfa4 100644 --- a/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md +++ b/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md @@ -31,11 +31,8 @@ You can also use the API to retrieve audit log events. For more information, see You cannot search for entries using text. You can, however, construct search queries using a variety of filters. Many operators used when querying the log, such as `-`, `>`, or `<`, match the same format as searching across {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/about-searching-on-github)." -{% note %} - -**Note**: {% data reusables.audit_log.retention-periods %} - -{% endnote %} +> [!NOTE] +> {% data reusables.audit_log.retention-periods %} ## Search query filters diff --git a/admin/monitoring-and-managing-your-instance/caching-repositories/configuring-a-repository-cache.md b/admin/monitoring-and-managing-your-instance/caching-repositories/configuring-a-repository-cache.md index 156cb7a92..785c22027 100644 --- a/admin/monitoring-and-managing-your-instance/caching-repositories/configuring-a-repository-cache.md +++ b/admin/monitoring-and-managing-your-instance/caching-repositories/configuring-a-repository-cache.md @@ -82,11 +82,8 @@ You can control data locality by configuring data location policies for your rep Data location policies affect only Git content. Content in the database, such as issues and pull request comments, will be replicated to all nodes regardless of policy. -{% note %} - -**Note:** Data location policies are not the same as access control. You must use repository roles to control which users may access a repository. For more information about repository roles, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)." - -{% endnote %} +> [!NOTE] +> Data location policies are not the same as access control. You must use repository roles to control which users may access a repository. For more information about repository roles, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)." You can configure a policy to replicate all networks with the `--default` flag. For example, this command will create a policy to replicate a single copy of every repository network to the set of repository caches whose `cache_location` is "kansas". diff --git a/admin/monitoring-and-managing-your-instance/configuring-clustering/about-cluster-nodes.md b/admin/monitoring-and-managing-your-instance/configuring-clustering/about-cluster-nodes.md index 778587c40..f5b022842 100644 --- a/admin/monitoring-and-managing-your-instance/configuring-clustering/about-cluster-nodes.md +++ b/admin/monitoring-and-managing-your-instance/configuring-clustering/about-cluster-nodes.md @@ -39,11 +39,8 @@ Each node must have a root volume, as well as a separate data volume. These are For adequate redundancy, use these minimum nodes operating each service. -{% tip %} - -**Note:** Your environment's scaling requirements depend on many factors, including the size and number of repositories, number of users, and overall utilization. - -{% endtip %} +> [!NOTE] +> Your environment's scaling requirements depend on many factors, including the size and number of repositories, number of users, and overall utilization. ## Example cluster configuration diff --git a/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md b/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md index 8a2e5d0b7..9bd2a6032 100644 --- a/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md +++ b/admin/monitoring-and-managing-your-instance/configuring-clustering/configuring-high-availability-replication-for-a-cluster.md @@ -32,11 +32,8 @@ For each existing node in your active cluster, you'll need to provision a second On each new virtual machine, install the same version of {% data variables.product.prodname_ghe_server %} that runs on the nodes in your active cluster. You don't need to upload a license or perform any additional configuration. For more information, see "[AUTOTITLE](/enterprise/admin/installation/setting-up-a-github-enterprise-server-instance)." -{% note %} - -**Note**: The nodes that you intend to use for high availability replication should be standalone {% data variables.product.prodname_ghe_server %} instances. Don't initialize the replica nodes as a second cluster. - -{% endnote %} +> [!NOTE] +> The nodes that you intend to use for high availability replication should be standalone {% data variables.product.prodname_ghe_server %} instances. Don't initialize the replica nodes as a second cluster. ### Network @@ -53,15 +50,10 @@ To create a high availability replica for your cluster, use the `ghe-cluster-rep {% data reusables.enterprise_clustering.ssh-to-a-node %} 1. To begin configuration of high availability, run the following command. The `-p` and `-s` flags are optional. If you're using the flags, replace PRIMARY-DATACENTER and SECONDARY-DATACENTER with the names of your primary and secondary datacenters. - {% note %} - - **Notes:** - - * By default, the utility will use the name of the primary datacenter in `cluster.conf`. - * If no name for the primary datacenter is defined, the utility will use `mona`. - * If no name for the secondary datacenter is defined, the utility will use `hubot`. - - {% endnote %} + > [!NOTE] + > * By default, the utility will use the name of the primary datacenter in `cluster.conf`. + > * If no name for the primary datacenter is defined, the utility will use `mona`. + > * If no name for the secondary datacenter is defined, the utility will use `hubot`. ```shell copy ghe-cluster-repl-bootstrap -p PRIMARY-DATACENTER -s SECONDARY-DATACENTER @@ -111,15 +103,12 @@ Before you define a secondary datacenter for your replica nodes, ensure that you ... ``` - {% note %} - - **Note**: If you changed the name of the primary datacenter in step 3, find the `consul-datacenter` key-value pair in the section for each node and change the value to the renamed primary datacenter. For example, if you named the primary datacenter `primary`, use the following key-value pair for each node. - - ```text - consul-datacenter = primary - ``` - - {% endnote %} + > [!NOTE] + > If you changed the name of the primary datacenter in step 3, find the `consul-datacenter` key-value pair in the section for each node and change the value to the renamed primary datacenter. For example, if you named the primary datacenter `primary`, use the following key-value pair for each node. + > + > ```text + > consul-datacenter = primary + > ``` {% data reusables.enterprise_clustering.apply-configuration %} {% data reusables.enterprise_clustering.configuration-finished %} @@ -139,11 +128,8 @@ For an example configuration, see "[Review an example configuration](#3-review-a 1. For each node in your cluster, provision a matching virtual machine with identical specifications, running the same version of {% data variables.product.prodname_ghe_server %}. Note the IPv4 address and hostname for each new cluster node. For more information, see "[Prerequisites](#prerequisites)." - {% note %} - - **Note**: If you're reconfiguring high availability after a failover, you can use the old nodes from the primary datacenter instead. - - {% endnote %} + > [!NOTE] + > If you're reconfiguring high availability after a failover, you can use the old nodes from the primary datacenter instead. {% data reusables.enterprise_clustering.ssh-to-a-node %} 1. Back up your existing cluster configuration. @@ -172,11 +158,8 @@ For an example configuration, see "[Review an example configuration](#3-review-a 1. Decide on a pattern for the replica nodes' hostnames. - {% warning %} - - **Warning**: Hostnames for replica nodes must be unique and differ from the hostname for the corresponding active node. - - {% endwarning %} + > [!WARNING] + > Hostnames for replica nodes must be unique and differ from the hostname for the corresponding active node. 1. Open the temporary cluster configuration file from step 3 in a text editor. For example, you can use Vim. @@ -213,25 +196,22 @@ For an example configuration, see "[Review an example configuration](#3-review-a git config -f /data/user/common/cluster.conf cluster.redis-master-replica REPLICA-REDIS-PRIMARY-HOSTNAME ``` - {% warning %} - - **Warning**: Review your cluster configuration file before proceeding. - - * In the top-level `[cluster]` section, ensure that the values for `mysql-master-replica` and `redis-master-replica` are the correct hostnames for the replica nodes in the secondary datacenter that will serve as the MySQL and Redis primaries after a failover. - * In each section for an active node named [cluster "ACTIVE NODE HOSTNAME"], double-check the following key-value pairs. - * `datacenter` should match the value of `primary-datacenter` in the top-level `[cluster]` section. - * `consul-datacenter` should match the value of `datacenter`, which should be the same as the value for `primary-datacenter` in the top-level `[cluster]` section. - * Ensure that for each active node, the configuration has **one** corresponding section for **one** replica node with the same roles. In each section for a replica node, double-check each key-value pair. - * `datacenter` should match all other replica nodes. - * `consul-datacenter` should match all other replica nodes. - * `hostname` should match the hostname in the section heading. - * `ipv4` should match the node's unique, static IPv4 address. - * `replica` should be configured as `enabled`. - * Take the opportunity to remove sections for offline nodes that are no longer in use. - - To review an example configuration, see "[Review an example configuration](#3-review-an-example-configuration)." - - {% endwarning %} + > [!WARNING] + > Review your cluster configuration file before proceeding. + > + > * In the top-level `[cluster]` section, ensure that the values for `mysql-master-replica` and `redis-master-replica` are the correct hostnames for the replica nodes in the secondary datacenter that will serve as the MySQL and Redis primaries after a failover. + > * In each section for an active node named [cluster "ACTIVE NODE HOSTNAME"], double-check the following key-value pairs. + > * `datacenter` should match the value of `primary-datacenter` in the top-level `[cluster]` section. + > * `consul-datacenter` should match the value of `datacenter`, which should be the same as the value for `primary-datacenter` in the top-level `[cluster]` section. + > * Ensure that for each active node, the configuration has **one** corresponding section for **one** replica node with the same roles. In each section for a replica node, double-check each key-value pair. + > * `datacenter` should match all other replica nodes. + > * `consul-datacenter` should match all other replica nodes. + > * `hostname` should match the hostname in the section heading. + > * `ipv4` should match the node's unique, static IPv4 address. + > * `replica` should be configured as `enabled`. + > * Take the opportunity to remove sections for offline nodes that are no longer in use. + > + > To review an example configuration, see "[Review an example configuration](#3-review-an-example-configuration)." 1. Initialize the new cluster configuration. {% data reusables.enterprise.use-a-multiplexer %} diff --git a/admin/monitoring-and-managing-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md b/admin/monitoring-and-managing-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md index b164054bf..92e4e55c9 100644 --- a/admin/monitoring-and-managing-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md +++ b/admin/monitoring-and-managing-your-instance/configuring-clustering/evacuating-a-cluster-node-running-data-services.md @@ -24,15 +24,9 @@ In a cluster configuration for {% data variables.product.product_name %}, you ma For more information about nodes and service tiers for {% data variables.product.prodname_ghe_server %}, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/about-cluster-nodes)." -{% warning %} - -**Warnings**: - -* To avoid data loss during replacement of a node, {% data variables.product.company_short %} strongly recommends evacuation of the applicable data services on the node before you take the node offline. - -* To ensure redundancy for any data service on your cluster, copies of data should exist on at least three nodes. For example, when four or more nodes store Git data, during evacuation, evacuated repository data will move from the node you're evacuating to the other three nodes. If you only have three nodes that store data for a service, evacuation of one node could fail and result in under-replicated data. - -{% endwarning %} +> [!WARNING] +> * To avoid data loss during replacement of a node, {% data variables.product.company_short %} strongly recommends evacuation of the applicable data services on the node before you take the node offline. +> * To ensure redundancy for any data service on your cluster, copies of data should exist on at least three nodes. For example, when four or more nodes store Git data, during evacuation, evacuated repository data will move from the node you're evacuating to the other three nodes. If you only have three nodes that store data for a service, evacuation of one node could fail and result in under-replicated data. ## Evacuating a cluster node running data services @@ -134,11 +128,8 @@ If you plan to take a node offline and the node runs any of the following roles, 1. To monitor evacuation of a service while {% data variables.product.product_name %} copies the data, run the following commands. For each command, replace UUID with the UUID from the earlier step. - {% warning %} - - **Warning**: Do not shut down the node until evacuation is complete. Evacuation is complete when the data counts reach zero, which means that all data is safely stored on other nodes. - - {% endwarning %} + > [!WARNING] + > Do not shut down the node until evacuation is complete. Evacuation is complete when the data counts reach zero, which means that all data is safely stored on other nodes. * `git-server`: diff --git a/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md b/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md index 7cca2dc02..72e629d24 100644 --- a/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md +++ b/admin/monitoring-and-managing-your-instance/configuring-clustering/monitoring-the-health-of-your-cluster.md @@ -42,11 +42,8 @@ admin@ghe-data-node-0:~$ ghe-cluster-status | grep error > mysql cluster: error ``` -{% note %} - -**Note:** If there are no failing tests, this command produces no output. This indicates the cluster is healthy. - -{% endnote %} +> [!NOTE] +> If there are no failing tests, this command produces no output. This indicates the cluster is healthy. {% ifversion ghes-manage-api-cli-extension %} @@ -84,15 +81,14 @@ You can configure [Nagios](https://www.nagios.org/) to monitor {% data variables **Security Warning:** An SSH key without a passphrase can pose a security risk if authorized for full access to a host. Limit this key's authorization to a single read-only command. {% enddanger %} - {% note %} - - **Note:** If you're using a distribution of Linux that doesn't support the Ed25519 algorithm, use the command: - ```shell - nagiosuser@nagios:~$ ssh-keygen -t rsa -b 4096 - ``` + > [!NOTE] + > If you're using a distribution of Linux that doesn't support the Ed25519 algorithm, use the command: + > + > ```shell + > nagiosuser@nagios:~$ ssh-keygen -t rsa -b 4096 + > ``` - {% endnote %} 1. Copy the private key (`id_ed25519`) to the `nagios` home folder and set the appropriate ownership. ```shell diff --git a/admin/monitoring-and-managing-your-instance/configuring-clustering/rebalancing-cluster-workloads.md b/admin/monitoring-and-managing-your-instance/configuring-clustering/rebalancing-cluster-workloads.md index 890dbe0dd..f3ec38874 100644 --- a/admin/monitoring-and-managing-your-instance/configuring-clustering/rebalancing-cluster-workloads.md +++ b/admin/monitoring-and-managing-your-instance/configuring-clustering/rebalancing-cluster-workloads.md @@ -64,11 +64,8 @@ After you determine which jobs are unbalanced across your cluster's nodes, you c You can schedule rebalancing of jobs on your cluster by setting and applying configuration values for {% data variables.location.product_location %}. -{% note %} - -**Note:** Currently, you can only schedule reallocation of jobs for the HTTP server, `github-unicorn`. - -{% endnote %} +> [!NOTE] +> Currently, you can only schedule reallocation of jobs for the HTTP server, `github-unicorn`. 1. To configure automatic, hourly balancing of jobs, run the following command. diff --git a/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node.md b/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node.md index 8d2629274..af3019ccc 100644 --- a/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node.md +++ b/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node.md @@ -25,11 +25,8 @@ You can replace a functional node in a {% data variables.product.product_name %} After you replace a node, {% data variables.location.product_location %} does not automatically distribute jobs to the new node. You can force your instance to balance jobs across nodes. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/rebalancing-cluster-workloads)." {% endif %} -{% warning %} - -**Warning:** To avoid conflicts, do not reuse a hostname that was previously assigned to a node in the cluster. - -{% endwarning %} +> [!WARNING] +> To avoid conflicts, do not reuse a hostname that was previously assigned to a node in the cluster. ## Replacing a functional node @@ -37,11 +34,8 @@ You can replace an existing, functional node in your cluster. For example, you m To replace a functional node, install the {% data variables.product.product_name %} appliance on a new VM, configure an IP address, add the new node to the cluster configuration file, initialize the cluster and apply the configuration, then take the node you replaced offline. -{% note %} - -**Note:** If you're replacing the primary MySQL node, see "[Replacing the primary MySQL node](#replacing-the-primary-mysql-node)." - -{% endnote %} +> [!NOTE] +> If you're replacing the primary MySQL node, see "[Replacing the primary MySQL node](#replacing-the-primary-mysql-node)." {% data reusables.enterprise_clustering.replacing-a-cluster-node-provision %} {% data reusables.enterprise_clustering.replacing-a-cluster-node-admin-configure-ip %} @@ -66,11 +60,8 @@ To replace a functional node, install the {% data variables.product.product_name You can replace a failed node in your cluster. For example, a software or hardware issue may affect a node's availability. -{% note %} - -**Note:** If you're replacing the primary MySQL node, see "[Replacing the primary MySQL node](#replacing-the-primary-mysql-node)." - -{% endnote %} +> [!NOTE] +> If you're replacing the primary MySQL node, see "[Replacing the primary MySQL node](#replacing-the-primary-mysql-node)." {% ifversion cluster-node-removal %} @@ -116,11 +107,8 @@ To replace a node in an emergency, you'll take the failed node offline, add your These commands indicate to each service that the node is permanently removed. The services will recreate any replicas contained within the node on the available nodes within the cluster. - {% note %} - - **Note:** These commands may cause increased load on the server while data is rebalanced across replicas. - - {% endnote %} + > [!NOTE] + > These commands may cause increased load on the server while data is rebalanced across replicas. For the `git-server` service (used for repository data): @@ -202,11 +190,9 @@ If you want to provide the VM for your primary MySQL node with more resources, o 1. During your scheduled maintenance window, enable maintenance mode. For more information, see "[AUTOTITLE](/admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode#enabling-or-disabling-maintenance-mode-for-all-nodes-in-a-cluster-via-the-cli)." 1. Ensure that MySQL replication is finished from any node in the cluster by running `ghe-cluster-status -v`. - {% warning %} - - **Warning**: If you do not wait for MySQL replication to finish, you risk data loss on your instance. + > [!WARNING] + > If you do not wait for MySQL replication to finish, you risk data loss on your instance. - {% endwarning %} 1. To set the current MySQL primary node to read-only mode, run the following command from of the instance's nodes. ```shell copy diff --git a/admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica.md b/admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica.md index 8ff5839c1..ab6c35f56 100644 --- a/admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica.md +++ b/admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica.md @@ -81,11 +81,9 @@ This example configuration uses a primary and two replicas, which are located in (replica2)$ ghe-repl-node --datacenter [SECOND REPLICA DC NAME] ``` - {% tip %} + > [!TIP] + > You can set the `--datacenter` and `--active` options at the same time. - **Tip:** You can set the `--datacenter` and `--active` options at the same time. - - {% endtip %} 1. An active replica node will store copies of the appliance data and service end user requests. An inactive node will store copies of the appliance data but will be unable to service end user requests. Enable active mode using the `--active` flag or inactive mode using the `--inactive` flag. On the first replica: diff --git a/admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md b/admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md index fba58ea76..982d75f0f 100644 --- a/admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md +++ b/admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md @@ -34,11 +34,8 @@ The time required to failover depends on how long it takes to manually promote t * When the number of active Git operations, MySQL queries, and Resque jobs reaches zero, wait 30 seconds. - {% note %} - - **Note:** Nomad will always have jobs running, even in maintenance mode, so you can safely ignore these jobs. - - {% endnote %} + > [!NOTE] + > Nomad will always have jobs running, even in maintenance mode, so you can safely ignore these jobs. * To verify all replication channels report `OK`, use the `ghe-repl-status -vv` command. @@ -54,11 +51,8 @@ The time required to failover depends on how long it takes to manually promote t ghe-repl-promote ``` - {% note %} - - **Note:** If the primary node is unavailable, warnings and timeouts may occur but can be ignored. - - {% endnote %} + > [!NOTE] + > If the primary node is unavailable, warnings and timeouts may occur but can be ignored. 1. Update the DNS record to point to the IP address of the replica. Traffic is directed to the replica after the TTL period elapses. If you are using a load balancer, ensure it is configured to send traffic to the replica. 1. Notify users that they can resume normal operations. diff --git a/admin/monitoring-and-managing-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md b/admin/monitoring-and-managing-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md index 9b75ac3fd..a4a447922 100644 --- a/admin/monitoring-and-managing-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md +++ b/admin/monitoring-and-managing-your-instance/configuring-high-availability/recovering-a-high-availability-configuration.md @@ -21,11 +21,8 @@ shortTitle: Recover a HA configuration You can use the former primary appliance as the new replica appliance if the failover was planned or was not related to the health of the appliance. If the failover was related to an issue with the primary appliance, you may prefer to create a new replica appliance. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/creating-a-high-availability-replica)." -{% warning %} - -**Warning:** You must enable maintenance mode before configuring a former primary appliance as a new replica. If you do not enable maintenance mode, you will cause a production outage. - -{% endwarning %} +> [!WARNING] +> You must enable maintenance mode before configuring a former primary appliance as a new replica. If you do not enable maintenance mode, you will cause a production outage. ## Configuring a former primary appliance as a new replica diff --git a/admin/monitoring-and-managing-your-instance/configuring-high-availability/removing-a-high-availability-replica.md b/admin/monitoring-and-managing-your-instance/configuring-high-availability/removing-a-high-availability-replica.md index ebf8865d2..8a0bb14c6 100644 --- a/admin/monitoring-and-managing-your-instance/configuring-high-availability/removing-a-high-availability-replica.md +++ b/admin/monitoring-and-managing-your-instance/configuring-high-availability/removing-a-high-availability-replica.md @@ -48,9 +48,8 @@ shortTitle: Remove a HA replica ``` {% ifversion ghes %} - {% note %} - **Note:** If you have {% data variables.product.prodname_actions %} enabled, you should decommission the former replica server or update its {% data variables.product.prodname_actions %} configuration to use different external storage. For more information, see "[AUTOTITLE](/admin/github-actions/advanced-configuration-and-troubleshooting/high-availability-for-github-actions#high-availability-replicas)." + > [!NOTE] + > If you have {% data variables.product.prodname_actions %} enabled, you should decommission the former replica server or update its {% data variables.product.prodname_actions %} configuration to use different external storage. For more information, see "[AUTOTITLE](/admin/github-actions/advanced-configuration-and-troubleshooting/high-availability-for-github-actions#high-availability-replicas)." - {% endnote %} {% endif %} diff --git a/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs.md b/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs.md index 577298599..ac843bb19 100644 --- a/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs.md +++ b/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-system-logs.md @@ -30,11 +30,8 @@ You can forward system logs and audit logs to an external system for analysis or In addition to reviewing your system logs, you can monitor activity on your instance in other ways. For example, you can review audit logs and push logs, or configure global webhooks. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise)." -{% note %} - -**Note**: The following lists of logs are not intended to be comprehensive. - -{% endnote %} +> [!NOTE] +> The following lists of logs are not intended to be comprehensive. ## System log files diff --git a/admin/monitoring-and-managing-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md b/admin/monitoring-and-managing-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md index e70fb7841..c86924ded 100644 --- a/admin/monitoring-and-managing-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md +++ b/admin/monitoring-and-managing-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise.md @@ -17,11 +17,8 @@ redirect_from: - /admin/monitoring-managing-and-updating-your-instance/monitoring-your-instance/generating-a-health-check-for-your-enterprise --- -{% note %} - -**Note:** Generating a Health Check is currently in {% data variables.release-phases.public_preview %} for {% data variables.product.prodname_ghe_server %} and subject to change. - -{% endnote %} +> [!NOTE] +> Generating a Health Check is currently in {% data variables.release-phases.public_preview %} for {% data variables.product.prodname_ghe_server %} and subject to change. ## About generated Health Checks diff --git a/admin/monitoring-and-managing-your-instance/monitoring-your-instance/monitoring-using-snmp.md b/admin/monitoring-and-managing-your-instance/monitoring-your-instance/monitoring-using-snmp.md index 5545195c7..d4f550bd3 100644 --- a/admin/monitoring-and-managing-your-instance/monitoring-your-instance/monitoring-using-snmp.md +++ b/admin/monitoring-and-managing-your-instance/monitoring-your-instance/monitoring-using-snmp.md @@ -113,10 +113,7 @@ With SNMP v2c, to query for `hrMemorySize`, run the following command on a separ snmpget -v 2c -c COMMUNITY-STRING HOSTNAME HOST-RESOURCES-MIB::hrMemorySize.0 ``` -{% tip %} - -**Note:** To prevent leaking information about services running on your appliance, we exclude the `hrSWRun` table (1.3.6.1.2.1.25.4) from the resulting SNMP reports unless you're using the `authPriv` security level with SNMP v3. If you're using the `authPriv` security level, we include the `hrSWRun` table. - -{% endtip %} +> [!NOTE] +> To prevent leaking information about services running on your appliance, we exclude the `hrSWRun` table (1.3.6.1.2.1.25.4) from the resulting SNMP reports unless you're using the `authPriv` security level with SNMP v3. If you're using the `authPriv` security level, we include the `hrSWRun` table. For more information on OID mappings for common system attributes in SNMP, see "[Linux SNMP OID’s for CPU, Memory and Disk Statistics](http://www.linux-admins.net/2012/02/linux-snmp-oids-for-cpumemory-and-disk.html)". diff --git a/admin/monitoring-and-managing-your-instance/monitoring-your-instance/troubleshooting-resource-allocation-problems.md b/admin/monitoring-and-managing-your-instance/monitoring-your-instance/troubleshooting-resource-allocation-problems.md index a1dd3611a..d6a5a48e8 100644 --- a/admin/monitoring-and-managing-your-instance/monitoring-your-instance/troubleshooting-resource-allocation-problems.md +++ b/admin/monitoring-and-managing-your-instance/monitoring-your-instance/troubleshooting-resource-allocation-problems.md @@ -18,15 +18,12 @@ shortTitle: Troubleshooting resource allocation problems ## Troubleshooting common resource allocation problems on your appliance -{% note %} - -**Note**: Regularly making repeated requests (polling) to {% data variables.location.product_location %} from continuous integration (CI) systems, build servers, or any other clients (such as Git or API clients) can overwhelm the system. This can lead to a denial of service (DoS) attack, causing significant performance issues and resource saturation. - -To avoid these problems, we strongly recommend using webhooks to receive updates. Webhooks allow the system to push updates to you automatically, eliminating the need for constant polling. Additionally, consider using conditional requests and caching strategies to minimize unnecessary requests. Avoid running jobs in large, simultaneous batches (thundering herds) and instead wait for webhook events to trigger actions. - -For more information, see "[AUTOTITLE](/get-started/exploring-integrations/about-webhooks)." - -{% endnote %} +> [!NOTE] +> Regularly making repeated requests (polling) to {% data variables.location.product_location %} from continuous integration (CI) systems, build servers, or any other clients (such as Git or API clients) can overwhelm the system. This can lead to a denial of service (DoS) attack, causing significant performance issues and resource saturation. +> +> To avoid these problems, we strongly recommend using webhooks to receive updates. Webhooks allow the system to push updates to you automatically, eliminating the need for constant polling. Additionally, consider using conditional requests and caching strategies to minimize unnecessary requests. Avoid running jobs in large, simultaneous batches (thundering herds) and instead wait for webhook events to trigger actions. +> +> For more information, see "[AUTOTITLE](/get-started/exploring-integrations/about-webhooks)." We recommend using the monitor dashboard to stay informed on your appliance's resource health and make decisions on how to fix high usage issues, such as the ones outlined on this page. diff --git a/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md b/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md index 593f665dd..887911d05 100644 --- a/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md +++ b/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md @@ -23,11 +23,8 @@ As more users join {% data variables.location.product_location %}, you may need ## Requirements and recommendations -{% note %} - -**Note:** Before resizing any storage volume, put your instance in maintenance mode.{% ifversion ip-exception-list %} You can validate changes by configuring an IP exception list to allow access from specified IP addresses. {% endif %} For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)." - -{% endnote %} +> [!NOTE] +> Before resizing any storage volume, put your instance in maintenance mode.{% ifversion ip-exception-list %} You can validate changes by configuring an IP exception list to allow access from specified IP addresses. {% endif %} For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)." ### Minimum recommended requirements @@ -68,11 +65,8 @@ Root storage refers to the total size of your instance's root disk. The availabl ## Increasing the root partition size using an existing appliance -{% warning %} - -**Warning:** Before increasing the root partition size, you must put your instance in maintenance mode. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)." - -{% endwarning %} +> [!WARNING] +> Before increasing the root partition size, you must put your instance in maintenance mode. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)." 1. Attach a new disk to your {% data variables.product.prodname_ghe_server %} appliance. 1. Run the `lsblk` command to identify the new disk's device name. diff --git a/admin/overview/setting-up-a-trial-of-github-enterprise-server.md b/admin/overview/setting-up-a-trial-of-github-enterprise-server.md index 829100343..4da5f204d 100644 --- a/admin/overview/setting-up-a-trial-of-github-enterprise-server.md +++ b/admin/overview/setting-up-a-trial-of-github-enterprise-server.md @@ -49,11 +49,8 @@ To get the most out of your trial, follow these steps: * Add users to your {% data variables.product.prodname_ghe_server %} instance using built-in authentication or your configured identity provider. For more information, see "[AUTOTITLE](/enterprise-server@latest/admin/identity-and-access-management/using-built-in-authentication/configuring-built-in-authentication)." * To invite people to become account administrators, visit the [{% data variables.product.prodname_enterprise %} Web portal](https://enterprise.github.com/login). - {% note %} - - **Note:** People you invite to become account administrators will receive an email with a link to accept your invitation. - - {% endnote %} + > [!NOTE] + > People you invite to become account administrators will receive an email with a link to accept your invitation. {% data reusables.enterprise.best-practices %} diff --git a/admin/overview/system-overview.md b/admin/overview/system-overview.md index b22bc21ff..2b210afb4 100644 --- a/admin/overview/system-overview.md +++ b/admin/overview/system-overview.md @@ -55,11 +55,8 @@ By default, {% data variables.product.product_name %} runs as a standalone insta ## Data retention and datacenter redundancy -{% warning %} - -**Warning**: Before using {% data variables.product.product_name %} in a production environment, we strongly recommend you set up backups and a disaster recovery plan. - -{% endwarning %} +> [!WARNING] +> Before using {% data variables.product.product_name %} in a production environment, we strongly recommend you set up backups and a disaster recovery plan. {% data variables.product.product_name %} includes support for online and incremental backups with {% data variables.product.prodname_enterprise_backup_utilities %}. You can take incremental snapshots over a secure network link (the SSH administrative port) over long distances for off-site or geographically dispersed storage. You can restore snapshots over the network into a newly provisioned instance at time of recovery in case of disaster at the primary datacenter. diff --git a/admin/upgrading-your-instance/performing-an-upgrade/migrating-from-github-enterprise-1110x-to-2123.md b/admin/upgrading-your-instance/performing-an-upgrade/migrating-from-github-enterprise-1110x-to-2123.md index 0c91198fe..f5b9b0dd7 100644 --- a/admin/upgrading-your-instance/performing-an-upgrade/migrating-from-github-enterprise-1110x-to-2123.md +++ b/admin/upgrading-your-instance/performing-an-upgrade/migrating-from-github-enterprise-1110x-to-2123.md @@ -23,11 +23,9 @@ topics: - Upgrades shortTitle: Migrate from 11.10.x to 2.1.23 --- -{% note %} -**Note**: {% data variables.product.prodname_ghe_server %} 11.10 is an unsupported release from 2014. For a list of supported releases, see "[AUTOTITLE](/admin/all-releases)." - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_ghe_server %} 11.10 is an unsupported release from 2014. For a list of supported releases, see "[AUTOTITLE](/admin/all-releases)." Migrations from {% data variables.product.prodname_enterprise %} 11.10.348 and later are supported. Migrating from {% data variables.product.prodname_enterprise %} 11.10.348 and earlier is not supported. You must first upgrade to 11.10.348 in several upgrades. For more information, see the 11.10.348 upgrading procedure, "[Upgrading to the latest release](/enterprise/11.10.340/admin/articles/upgrading-to-the-latest-release/)." @@ -42,11 +40,8 @@ To upgrade to the latest version of {% data variables.product.prodname_enterpris * If you are not currently running scheduled backups, set up {% data variables.product.prodname_enterprise_backup_utilities %}. 1. Take an initial full backup snapshot of the current instance using the `ghe-backup` command. If you have already configured scheduled backups for your current instance, you don't need to take a snapshot of your instance. - {% tip %} - - **Tip:** You can leave the instance online and in active use during the snapshot. You'll take another snapshot during the maintenance portion of the migration. Since backups are incremental, this initial snapshot reduces the amount of data transferred in the final snapshot, which may shorten the maintenance window. - - {% endtip %} + > [!TIP] + > You can leave the instance online and in active use during the snapshot. You'll take another snapshot during the maintenance portion of the migration. Since backups are incremental, this initial snapshot reduces the amount of data transferred in the final snapshot, which may shorten the maintenance window. 1. Determine the method for switching user network traffic to the new instance. After you've migrated, all HTTP and Git network traffic directs to the new instance. * **DNS** - We recommend this method for all environments, as it's simple and works well even when migrating from one datacenter to another. Before starting migration, reduce the existing DNS record's TTL to five minutes or less and allow the change to propagate. Once the migration is complete, update the DNS record(s) to point to the IP address of the new instance. @@ -64,11 +59,8 @@ To upgrade to the latest version of {% data variables.product.prodname_enterpris 1. Copy the `ghe-restore` command that you'll run on the backup host to migrate data to the new instance. 1. Enable maintenance mode on the old instance and wait for all active processes to complete. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)." - {% note %} - - **Note:** The instance will be unavailable for normal use from this point forward. - - {% endnote %} + > [!NOTE] + > The instance will be unavailable for normal use from this point forward. 1. On the backup host, run the `ghe-backup` command to take a final backup snapshot. This ensures that all data from the old instance is captured. 1. On the backup host, run the `ghe-restore` command you copied on the new instance's restore status screen to restore the latest snapshot. @@ -97,11 +89,8 @@ To upgrade to the latest version of {% data variables.product.prodname_enterpris 1. Click **Continue to settings** to review and adjust the configuration information and settings that were imported from the previous instance. 1. Click **Save settings**. - {% note %} - - **Note:** You can use the new instance after you've applied configuration settings and restarted the server. - - {% endnote %} + > [!NOTE] + > You can use the new instance after you've applied configuration settings and restarted the server. 1. Switch user network traffic from the old instance to the new instance using either DNS or IP address assignment. 1. Upgrade to the latest patch release of {% data variables.product.prodname_ghe_server %}. For more information, see "[AUTOTITLE](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)." diff --git a/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks.md b/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks.md index 6ae4bf91d..9e8cc9d3b 100644 --- a/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks.md +++ b/admin/upgrading-your-instance/preparing-to-upgrade/enabling-automatic-update-checks.md @@ -25,11 +25,8 @@ If a hotpatch is available for an upgrade, the `.hpkg` will download automatical ## Enabling automatic update checks -{% tip %} - -**Tip:** To enable automatic update checks, {% data variables.location.product_location %} must be able to connect to `https://github-enterprise.s3.amazonaws.com`. - -{% endtip %} +> [!TIP] +> To enable automatic update checks, {% data variables.location.product_location %} must be able to connect to `https://github-enterprise.s3.amazonaws.com`. {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} diff --git a/admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements.md b/admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements.md index 52125afed..82d6864c2 100644 --- a/admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements.md +++ b/admin/upgrading-your-instance/preparing-to-upgrade/upgrade-requirements.md @@ -17,14 +17,11 @@ topics: - Enterprise - Upgrades --- -{% note %} -**Notes:** -* Upgrade packages are available at [enterprise.github.com](https://enterprise.github.com/releases) for supported versions. Verify the availability of the upgrade packages you will need to complete the upgrade. If a package is not available, visit {% data variables.contact.contact_ent_support %} and contact us for assistance. -* If you're using {% data variables.product.prodname_ghe_server %} Clustering, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/upgrading-a-cluster)" in the {% data variables.product.prodname_ghe_server %} Clustering Guide for specific instructions unique to clustering. -* The release notes for {% data variables.product.prodname_ghe_server %} provide a comprehensive list of new features for every version of {% data variables.product.prodname_ghe_server %}. For more information, see the [releases page](https://enterprise.github.com/releases). - -{% endnote %} +> [!NOTE] +> * Upgrade packages are available at [enterprise.github.com](https://enterprise.github.com/releases) for supported versions. Verify the availability of the upgrade packages you will need to complete the upgrade. If a package is not available, visit {% data variables.contact.contact_ent_support %} and contact us for assistance. +> * If you're using {% data variables.product.prodname_ghe_server %} Clustering, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/upgrading-a-cluster)" in the {% data variables.product.prodname_ghe_server %} Clustering Guide for specific instructions unique to clustering. +> * The release notes for {% data variables.product.prodname_ghe_server %} provide a comprehensive list of new features for every version of {% data variables.product.prodname_ghe_server %}. For more information, see the [releases page](https://enterprise.github.com/releases). ## Recommendations diff --git a/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance.md b/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance.md index 3e7892fef..9da154474 100644 --- a/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance.md +++ b/admin/upgrading-your-instance/troubleshooting-upgrades/known-issues-with-upgrades-to-your-instance.md @@ -33,11 +33,8 @@ To future-proof {% data variables.product.prodname_ghe_server %} and provide the After the upgrade to {% data variables.product.prodname_ghe_server %} 3.9, if you experience unacceptable degradation in the performance of your instance, you can collect data from your instance's monitor dashboard to confirm the impact. You can attempt to mitigate the issue, and you can provide the data to {% data variables.contact.github_support %} to help profile and communicate the real-world impact of this change. -{% warning %} - -**Warning**: Due to the nature of this upgrade, back up your instance's configuration and data before proceeding. Validate the backup in a staging environment. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)" and "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)." - -{% endwarning %} +> [!WARNING] +> Due to the nature of this upgrade, back up your instance's configuration and data before proceeding. Validate the backup in a staging environment. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)" and "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)." ### Collecting baseline I/O utilization data before the MySQL upgrade @@ -77,14 +74,11 @@ To attempt to mitigate the performance impact, you can adjust InnoDB's flushing The following instructions are only intended for {% data variables.product.product_name %} 3.9 and later. -{% warning %} - -**Warning**: Adjustment of the flushing method requires that your instance's storage device has a battery-backed cache. If the device's cache is not battery-backed, you risk data loss. - -* If you host your instance using a virtualization hypervisor within an on-premises datacenter, review your storage specifications to confirm. -* If you host your instance in a public cloud service, consult your provider's documentation or support team to confirm. - -{% endwarning %} +> [!WARNING] +> Adjustment of the flushing method requires that your instance's storage device has a battery-backed cache. If the device's cache is not battery-backed, you risk data loss. +> +> * If you host your instance using a virtualization hypervisor within an on-premises datacenter, review your storage specifications to confirm. +> * If you host your instance in a public cloud service, consult your provider's documentation or support team to confirm. {% data reusables.enterprise_installation.ssh-into-instance %} 1. To validate the current flushing method for InnoDB, run the following command. @@ -212,3 +206,30 @@ If your appliance averages more than 70% CPU utilization, {% data variables.prod As part of upgrading GitHub Enterprise Server to version 3.13 or later, the Elasticsearch service will be upgraded. {% data variables.product.company_short %} strongly recommends following the guidance in "[AUTOTITLE](/admin/upgrading-your-instance/performing-an-upgrade/preparing-for-the-elasticsearch-upgrade)." {% endif %} + +{% ifversion ghes > 3.12 and ghes < 3.15 %} + +## Undecryptable records + +If you are upgrading from {% data variables.product.prodname_ghe_server %} 3.11 or 3.12 to 3.13, or from 3.12 to 3.14, you may run into an issue with undecryptable records due to missing required keys for decryption. The only solution is to delete the undecryptable records. The type of records impacted by this issue are 2FA records, that means you might need to ask users to re-enable two-factor authentication (2FA). + +### Before upgrading + +If you are upgrading from {% data variables.product.prodname_ghe_server %} 3.11 or 3.12 to 3.13, or from 3.12 to 3.14, you can run the encryption diagnostics script to identify the undecryptable records ahead of time. This will give you the opportunity to understand the impact and plan for it. + +1. Download the [encryption diagnostics script](https://gh.io/ghes-encryption-diagnostics). You can use a command like `curl -L -O https://gh.io/ghes-encryption-diagnostics` to download the script. +1. Save the script to the `/data/user/common` directory on the appliance. +1. Follow the instructions at the top of the script and execute it on the appliance. If there are any undecryptable records, they are logged in `/tmp/column_encryption_records_to_be_deleted.log`. Any records logged here means that the system was not able to find the keys for them and hence was not able to decrypt the data in those records. + +At this stage, please note that these records will be deleted as part of the process. The script will warn you about the users who will need to re-enroll into 2FA after the upgrade. The impacted users' handles are logged in `/tmp/column_encryption_users_to_have_2fa_disabled.log`. These users will need to be re-enrolled into 2FA. + +If the script runs into unexpected issues, you will be prompted to [contact {% data variables.contact.github_support %}](/support/contacting-github-support). Errors related to these issues will be logged in `/tmp/column_encryption_unexpected_errors.log`. If you are in a dire situation and are unable to have users re-enroll into 2FA, [contact {% data variables.contact.github_support %}](/support/contacting-github-support) for help. + +### During the upgrade + +In case you did not have the opportunity to run the encryption diagnostics script ahead of time, there are mechanisms in the product to help you. The pre-flight checks during the upgrade process will detect undecryptable records and log them in `/tmp/column_encryption_records_to_be_deleted.log`. The sequence will warn you of the users who will need to re-enable 2FA after the upgrade. The impacted users records are logged in `/tmp/column_encryption_users_to_have_2fa_disabled.log`. + +If undecryptable records are detected, you will be prompted whether you want to proceed with the upgrade or not. If you proceed, the upgrade process deletes the undecryptable records. Otherwise, the upgrade process will exit. + +If you have any questions during the upgrade, you can reach out to {% data variables.contact.github_support %}. Once you have had the time and opportunity to understand the impact, you can retrigger the upgrade. +{% endif %} diff --git a/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app.md b/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app.md index c690b83dc..164ee9c83 100644 --- a/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app.md +++ b/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app.md @@ -33,11 +33,8 @@ If a REST API endpoint requires you to authenticate as an app, the documentation You can use {% data variables.product.company_short %}'s Octokit.js SDK to authenticate as a {% data variables.product.prodname_github_app %}. One advantage of using the SDK to authenticate is that you do not need to generate a JSON web token (JWT) yourself. Additionally, the SDK will take care of regenerating the JWT when it expires. -{% note %} - -**Note**: You must install and import `octokit` in order to use the Octokit.js library. The following example uses import statements in accordance with ES6. For more information about different installation and import methods, see [Usage](https://github.com/octokit/octokit.js/#usage) in the octokit/octokit repository. - -{% endnote %} +> [!NOTE] +> You must install and import `octokit` in order to use the Octokit.js library. The following example uses import statements in accordance with ES6. For more information about different installation and import methods, see [Usage](https://github.com/octokit/octokit.js/#usage) in the octokit/octokit repository. 1. Get the ID of your app. You can find your app's ID on the settings page for your {% data variables.product.prodname_github_app %}. For more information about navigating to the settings page for your {% data variables.product.prodname_github_app %}, see "[AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration#navigating-to-your-github-app-settings)." 1. Generate a private key. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps)." diff --git a/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user.md b/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user.md index 3b1f6859d..a9585fbd3 100644 --- a/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user.md +++ b/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user.md @@ -35,8 +35,5 @@ Requests made with a user access token are sometimes called "user-to-server" req If you want to attribute app activity to the app instead of to a user, you should authenticate as an app installation instead. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)." -{% note %} - -**Note**: {% data reusables.apps.github_app_auth_saml %} - -{% endnote %} +> [!NOTE] +> {% data reusables.apps.github_app_auth_saml %} diff --git a/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md b/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md index 09318dcb3..2d9a1888b 100644 --- a/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md +++ b/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md @@ -39,19 +39,13 @@ curl --request GET \ Most programming languages have a package that can generate a JWT. In all cases, you must have a private key and the ID of your {% data variables.product.prodname_github_app %}. For more information about generating a private key, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps)". You can find your app's ID with the `GET /app` REST API endpoint. For more information, see "[Apps](/rest/apps/apps)" in the REST API documentation. -{% note %} - -Note: Instead of creating a JWT, you can use {% data variables.product.company_short %}'s Octokit SDKs to authenticate as an app. The SDK will take care of generating a JWT for you and will regenerate the JWT once the token expires. For more information, see "[Scripting with the REST API and JavaScript](/rest/guides/scripting-with-the-rest-api-and-javascript#authenticating-with-a-github-app)." - -{% endnote %} +> [!NOTE] +> Instead of creating a JWT, you can use {% data variables.product.company_short %}'s Octokit SDKs to authenticate as an app. The SDK will take care of generating a JWT for you and will regenerate the JWT once the token expires. For more information, see "[Scripting with the REST API and JavaScript](/rest/guides/scripting-with-the-rest-api-and-javascript#authenticating-with-a-github-app)." ### Example: Using Ruby to generate a JWT -{% note %} - -**Note:** You must run `gem install jwt` to install the `jwt` package in order to use this script. - -{% endnote %} +> [!NOTE] +> You must run `gem install jwt` to install the `jwt` package in order to use this script. In the following example, replace `YOUR_PATH_TO_PEM` with the file path where your private key is stored. Replace `YOUR_APP_ID` with the ID of your app. Make sure to enclose the values for `YOUR_PATH_TO_PEM` and `YOUR_APP_ID` in double quotes. @@ -82,11 +76,8 @@ puts jwt ### Example: Using Python to generate a JWT -{% note %} - -**Note:** You must run `pip install PyJWT` to install the `PyJWT` package in order to use this script. - -{% endnote %} +> [!NOTE] +> You must run `pip install PyJWT` to install the `PyJWT` package in order to use this script. ```python copy #!/usr/bin/env python3 @@ -142,11 +133,8 @@ This script will prompt you for the file path where your private key is stored a ### Example: Using Bash to generate a JWT -{% note %} - -**Note:** You must pass your {% ifversion client-id-for-app %}Client ID{% else %}App ID{% endif %} and the file path where your private key is stored as arguments when running this script. - -{% endnote %} +> [!NOTE] +> You must pass your {% ifversion client-id-for-app %}Client ID{% else %}App ID{% endif %} and the file path where your private key is stored as arguments when running this script. ```bash copy #!/usr/bin/env bash diff --git a/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md b/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md index df2800978..7002d6ae6 100644 --- a/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md +++ b/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md @@ -58,11 +58,8 @@ If your app runs in the browser, you should use the web application flow to gene ## Using the device flow to generate a user access token -{% note %} - -**Note:** The device flow is in {% data variables.release-phases.public_preview %} and subject to change. - -{% endnote %} +> [!NOTE] +> The device flow is in {% data variables.release-phases.public_preview %} and subject to change. If your app is headless or does not have access to a browser, you should use the device flow to generate a user access token. For example, CLI tools, simple Raspberry Pis, and desktop applications should use the device flow. For a tutorial that uses device flow, see "[AUTOTITLE](/apps/creating-github-apps/guides/building-a-cli-with-a-github-app)." diff --git a/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app.md b/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app.md index bf1e8df51..2339fab30 100644 --- a/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app.md +++ b/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app.md @@ -14,11 +14,8 @@ topics: In order to authenticate as an app installation, you must generate an installation access token. For more information about authenticating as an app installation, see "[Authenticating as a GitHub App installation](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)." -{% note %} - -**Note**: Instead of generating an installation access token, you can use {% data variables.product.company_short %}'s Octokit SDKs to authenticate as an app. The SDK will take care of generating an installation access token for you and will regenerate the token once it expires. For more information about authenticating as an app installation, see "[Authenticating as a GitHub App installation](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)." - -{% endnote %} +> [!NOTE] +> Instead of generating an installation access token, you can use {% data variables.product.company_short %}'s Octokit SDKs to authenticate as an app. The SDK will take care of generating an installation access token for you and will regenerate the token once it expires. For more information about authenticating as an app installation, see "[Authenticating as a GitHub App installation](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)." You should keep your installation access token secure. For more information, see "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app)." diff --git a/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps.md b/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps.md index b9f3eb999..648d16528 100644 --- a/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps.md +++ b/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps.md @@ -32,11 +32,8 @@ To generate a private key: 1. Under "Private keys", click **Generate a private key**. 1. You will see a private key in PEM format downloaded to your computer. Make sure to store this file because GitHub only stores the public portion of the key. For more information about securely storing your key, see "[Storing private keys](#storing-private-keys)." -{% note %} - -**Note:** If you're using a library that requires a specific file format, the PEM file you download will be in `PKCS#1 RSAPrivateKey` format. - -{% endnote %} +> [!NOTE] +> If you're using a library that requires a specific file format, the PEM file you download will be in `PKCS#1 RSAPrivateKey` format. ## Verifying private keys diff --git a/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens.md b/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens.md index f03912991..73f78828b 100644 --- a/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens.md +++ b/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens.md @@ -16,11 +16,8 @@ shortTitle: Refresh user access tokens --- ## About user access tokens that expire -{% note %} - -**Note:** User access tokens that expire are currently an optional feature and are subject to change. For more information, see "[Expiring user-to-server access tokens for GitHub Apps](https://developer.github.com/changes/2020-04-30-expiring-user-to-server-access-tokens-for-github-apps)." - -{% endnote %} +> [!NOTE] +> User access tokens that expire are currently an optional feature and are subject to change. For more information, see "[Expiring user-to-server access tokens for GitHub Apps](https://developer.github.com/changes/2020-04-30-expiring-user-to-server-access-tokens-for-github-apps)." To enforce regular token rotation and reduce the impact of a compromised token, you can configure your {% data variables.product.prodname_github_app %} to use user access tokens that expire. If your app uses user access tokens that expire, then you will receive a refresh token when you generate a user access token. The user access token expires after eight hours, and the refresh token expires after six months. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app)." diff --git a/apps/creating-github-apps/registering-a-github-app/about-the-setup-url.md b/apps/creating-github-apps/registering-a-github-app/about-the-setup-url.md index 9b4805f27..d2c6c2f27 100644 --- a/apps/creating-github-apps/registering-a-github-app/about-the-setup-url.md +++ b/apps/creating-github-apps/registering-a-github-app/about-the-setup-url.md @@ -16,11 +16,8 @@ When you register a {% data variables.product.prodname_github_app %}, you can sp If you specify a setup URL, you can also select **Redirect on update** to specify that users should be redirected to the setup URL after they update an installation. An update includes adding or removing access to a repository for an installation. -{% warning %} - -**Warning**: When {% data variables.product.company_short %} redirects users to the setup URL, it includes an `installation_id` query parameter. Bad actors can hit this URL with a spoofed `installation_id`. Therefore, you should not rely on the validity of the `installation_id` parameter. Instead, you should generate a user access token for the user who installed the {% data variables.product.prodname_github_app %} and then check that the installation is associated with that user. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app)." - -{% endwarning %} +> [!WARNING] +> When {% data variables.product.company_short %} redirects users to the setup URL, it includes an `installation_id` query parameter. Bad actors can hit this URL with a spoofed `installation_id`. Therefore, you should not rely on the validity of the `installation_id` parameter. Instead, you should generate a user access token for the user who installed the {% data variables.product.prodname_github_app %} and then check that the installation is associated with that user. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app)." {% ifversion fpt or ghec %} Although the setup URL is optional during {% data variables.product.prodname_github_app %} registration, it is required if you want to allow users to purchase your app in {% data variables.product.prodname_marketplace %}. For more information, see "[AUTOTITLE](/apps/publishing-apps-to-github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials)." diff --git a/apps/creating-github-apps/registering-a-github-app/creating-a-custom-badge-for-your-github-app.md b/apps/creating-github-apps/registering-a-github-app/creating-a-custom-badge-for-your-github-app.md index 341b1dd1f..8821e3661 100644 --- a/apps/creating-github-apps/registering-a-github-app/creating-a-custom-badge-for-your-github-app.md +++ b/apps/creating-github-apps/registering-a-github-app/creating-a-custom-badge-for-your-github-app.md @@ -43,11 +43,10 @@ For more information about badges for {% data variables.product.prodname_github_ 1. Under "Badge background color", type the hexadecimal color code of the background color for your badge. {% ifversion fpt or ghec %} - {% note %} - **Note:** The "Badge background color" input field will only appear after you upload a logo. + > [!NOTE] + > The "Badge background color" input field will only appear after you upload a logo. - {% endnote %} {% endif %} {% ifversion fpt or ghec %} diff --git a/apps/github-marketplace/creating-apps-for-github-marketplace/requirements-for-listing-an-app.md b/apps/github-marketplace/creating-apps-for-github-marketplace/requirements-for-listing-an-app.md index 7bd218855..9c427f5d8 100644 --- a/apps/github-marketplace/creating-apps-for-github-marketplace/requirements-for-listing-an-app.md +++ b/apps/github-marketplace/creating-apps-for-github-marketplace/requirements-for-listing-an-app.md @@ -86,11 +86,8 @@ To publish a paid app (or an app that offers a paid plan), you must also meet th When you are ready to publish the app on {% data variables.product.prodname_marketplace %} you must request verification for the app listing. -{% note %} - -**Note:** {% data reusables.marketplace.app-transfer-to-org-for-verification %} For information on how to transfer an app to an organization, see: "[AUTOTITLE](/apps/github-marketplace/listing-an-app-on-github-marketplace/submitting-your-listing-for-publication#transferring-an-app-to-an-organization-before-you-submit)." - -{% endnote %} +> [!NOTE] +> {% data reusables.marketplace.app-transfer-to-org-for-verification %} For information on how to transfer an app to an organization, see: "[AUTOTITLE](/apps/github-marketplace/listing-an-app-on-github-marketplace/submitting-your-listing-for-publication#transferring-an-app-to-an-organization-before-you-submit)." ## Billing requirements for paid apps diff --git a/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-metrics-for-your-listing.md b/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-metrics-for-your-listing.md index 12bcc7ccd..0b6286019 100644 --- a/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-metrics-for-your-listing.md +++ b/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-metrics-for-your-listing.md @@ -21,11 +21,8 @@ shortTitle: View listing metrics You can view metrics for the past day (24 hours), week, month, or for the entire duration of time that your {% data variables.product.prodname_github_app %} has been listed. -{% note %} - -**Note:** Because it takes time to aggregate data, you'll notice a slight delay in the dates shown. When you select a time period, you can see exact dates for the metrics at the top of the page. - -{% endnote %} +> [!NOTE] +> Because it takes time to aggregate data, you'll notice a slight delay in the dates shown. When you select a time period, you can see exact dates for the metrics at the top of the page. ## Performance metrics @@ -35,11 +32,8 @@ The Insights page displays these performance metrics, for the selected time peri * **Visitors:** Number of people that have viewed a page in your GitHub Apps listing. This number includes both logged in and logged out visitors. * **Pageviews:** Number of views the pages in your GitHub App's listing received. A single visitor can generate more than one page view. -{% note %} - -**Note:** Your estimated subscription value could be much higher than the transactions processed for this period. - -{% endnote %} +> [!NOTE] +> Your estimated subscription value could be much higher than the transactions processed for this period. ### Conversion performance diff --git a/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-transactions-for-your-listing.md b/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-transactions-for-your-listing.md index 9277c100d..6fac54b4d 100644 --- a/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-transactions-for-your-listing.md +++ b/apps/github-marketplace/creating-apps-for-github-marketplace/viewing-transactions-for-your-listing.md @@ -16,11 +16,8 @@ shortTitle: View listing transactions {% data reusables.marketplace.marketplace-apps-not-actions %} -{% note %} - -**Note:** Because it takes time to aggregate data, you'll notice a slight delay in the dates shown. When you select a time period, you can see exact dates for the metrics at the top of the page. - -{% endnote %} +> [!NOTE] +> Because it takes time to aggregate data, you'll notice a slight delay in the dates shown. When you select a time period, you can see exact dates for the metrics at the top of the page. You can view or download the transaction data to keep track of your subscription activity. Click the **Export CSV** button to download a `.csv` file. You can also select a period of time to view and search within the transaction page. diff --git a/apps/github-marketplace/listing-an-app-on-github-marketplace/drafting-a-listing-for-your-app.md b/apps/github-marketplace/listing-an-app-on-github-marketplace/drafting-a-listing-for-your-app.md index 820b98cc0..f09bc4504 100644 --- a/apps/github-marketplace/listing-an-app-on-github-marketplace/drafting-a-listing-for-your-app.md +++ b/apps/github-marketplace/listing-an-app-on-github-marketplace/drafting-a-listing-for-your-app.md @@ -39,11 +39,8 @@ To create a {% data variables.product.prodname_marketplace %} listing: {% data reusables.user-settings.developer_settings %} 1. In the left sidebar, click either **OAuth Apps** or **GitHub Apps** depending on the app you're adding to {% data variables.product.prodname_marketplace %}. - {% note %} - - **Note**: You can also add a listing by navigating to https://github.com/marketplace/new, viewing your available apps, and clicking **Create draft listing**. - - {% endnote %} + > [!NOTE] + > You can also add a listing by navigating to https://github.com/marketplace/new, viewing your available apps, and clicking **Create draft listing**. ![Screenshot of the sidebar on the "Developer Settings" page of {% data variables.product.prodname_dotcom %}. Options labeled "{% data variables.product.prodname_github_apps %}" and "{% data variables.product.prodname_oauth_apps %}" are outlined in dark orange.](/assets/images/settings/apps-choose-app.png) @@ -53,11 +50,8 @@ To create a {% data variables.product.prodname_marketplace %} listing: ![Screenshot of a draft {% data variables.product.prodname_marketplace %} listing. In a section labeled "Publish your app to Marketplace," unfinished action items such as "Add your contact info" are marked with orange circles.](/assets/images/marketplace/marketplace-listing-overview.png) -{% note %} - -**Note:** In the "Contact info" section of your listing, we recommend using individual email addresses, rather than group emails addresses like support@domain.com. GitHub will use these email addresses to contact you about updates to {% data variables.product.prodname_marketplace %} that might affect your listing, new feature releases, marketing opportunities, payouts, and information on conferences and sponsorships. - -{% endnote %} +> [!NOTE] +> In the "Contact info" section of your listing, we recommend using individual email addresses, rather than group emails addresses like support@domain.com. GitHub will use these email addresses to contact you about updates to {% data variables.product.prodname_marketplace %} that might affect your listing, new feature releases, marketing opportunities, payouts, and information on conferences and sponsorships. ## Editing your listing diff --git a/apps/github-marketplace/listing-an-app-on-github-marketplace/setting-pricing-plans-for-your-listing.md b/apps/github-marketplace/listing-an-app-on-github-marketplace/setting-pricing-plans-for-your-listing.md index 61b042d14..882a2c9ef 100644 --- a/apps/github-marketplace/listing-an-app-on-github-marketplace/setting-pricing-plans-for-your-listing.md +++ b/apps/github-marketplace/listing-an-app-on-github-marketplace/setting-pricing-plans-for-your-listing.md @@ -75,11 +75,8 @@ Once you publish a pricing plan for an app that is already listed in {% data var Once you remove a pricing plan, users won't be able to purchase your app using that plan. Existing users on the removed pricing plan will continue to stay on the plan until they cancel their plan subscription. -{% note %} - -**Note:** {% data variables.product.product_name %} can't remove users from a removed pricing plan. You can run a campaign to encourage users to upgrade or downgrade from the removed pricing plan onto a new pricing plan. - -{% endnote %} +> [!NOTE] +> {% data variables.product.product_name %} can't remove users from a removed pricing plan. You can run a campaign to encourage users to upgrade or downgrade from the removed pricing plan onto a new pricing plan. You can disable GitHub Marketplace free trials without retiring the pricing plan, but this prevents you from initiating future free trials for that plan. If you choose to disable free trials for a pricing plan, users already signed up can complete their free trial. diff --git a/apps/github-marketplace/selling-your-app-on-github-marketplace/pricing-plans-for-github-marketplace-apps.md b/apps/github-marketplace/selling-your-app-on-github-marketplace/pricing-plans-for-github-marketplace-apps.md index 3708fa823..c17b52b0d 100644 --- a/apps/github-marketplace/selling-your-app-on-github-marketplace/pricing-plans-for-github-marketplace-apps.md +++ b/apps/github-marketplace/selling-your-app-on-github-marketplace/pricing-plans-for-github-marketplace-apps.md @@ -57,8 +57,5 @@ Free trials have a fixed length of 14 days. Customers are notified 4 days before For more information, see: "[AUTOTITLE](/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials)." -{% note %} - -**Note:** GitHub expects you to delete any private customer data within 30 days of a canceled trial, beginning at the receipt of the cancellation event. - -{% endnote %} +> [!NOTE] +> GitHub expects you to delete any private customer data within 30 days of a canceled trial, beginning at the receipt of the cancellation event. diff --git a/apps/github-marketplace/selling-your-app-on-github-marketplace/receiving-payment-for-app-purchases.md b/apps/github-marketplace/selling-your-app-on-github-marketplace/receiving-payment-for-app-purchases.md index 96c03547f..a3a3fa54f 100644 --- a/apps/github-marketplace/selling-your-app-on-github-marketplace/receiving-payment-for-app-purchases.md +++ b/apps/github-marketplace/selling-your-app-on-github-marketplace/receiving-payment-for-app-purchases.md @@ -26,8 +26,5 @@ Once your revenue reaches a minimum of 500 US dollars for the month, you'll rece For transactions made before January 1, 2021, {% data variables.product.company_short %} retains 25% of transaction income. For transactions made after that date, only 5% is retained by {% data variables.product.company_short %}. This change will be reflected in payments received from the end of January 2021 onward. -{% note %} - -**Note:** For details of the current pricing and payment terms, see "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-marketplace-developer-agreement)." - -{% endnote %} +> [!NOTE] +> For details of the current pricing and payment terms, see "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-marketplace-developer-agreement)." diff --git a/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials.md b/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials.md index 49bc2e183..7f774e33b 100644 --- a/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials.md +++ b/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials.md @@ -45,11 +45,8 @@ If your app is a {% data variables.product.prodname_github_app %}, {% data varia At this point, if you specified a **Setup URL** in your {% data variables.product.prodname_github_app %} settings, {% data variables.product.product_name %} will redirect the customer to that URL. If you do not specify a setup URL, you will not be able to handle purchases of your {% data variables.product.prodname_github_app %}. -{% note %} - -**Note:** The **Setup URL** is described as optional in {% data variables.product.prodname_github_app %} settings, but it is a required field if you want to offer your app in {% data variables.product.prodname_marketplace %}. For more information, see "[AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/about-the-setup-url)." - -{% endnote %} +> [!NOTE] +> The **Setup URL** is described as optional in {% data variables.product.prodname_github_app %} settings, but it is a required field if you want to offer your app in {% data variables.product.prodname_marketplace %}. For more information, see "[AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/about-the-setup-url)." If your app is an {% data variables.product.prodname_oauth_app %}, {% data variables.product.product_name %} does not install it anywhere. Instead, {% data variables.product.product_name %} redirects the customer to the **Installation URL** you specified in your [{% data variables.product.prodname_marketplace %} listing](/apps/github-marketplace/listing-an-app-on-github-marketplace/writing-a-listing-description-for-your-app#listing-urls). @@ -67,11 +64,8 @@ For either type of app, the first step is to redirect the customer to [https://g After the customer completes the authorization, your app receives an OAuth access token for the customer. You'll need this token for the next step. -{% note %} - -**Note:** When authorizing a customer on a free trial, grant them the same access they would have on the paid plan. You'll move them to the paid plan after the trial period ends. - -{% endnote %} +> [!NOTE] +> When authorizing a customer on a free trial, grant them the same access they would have on the paid plan. You'll move them to the paid plan after the trial period ends. ## Step 4. Provisioning customer accounts diff --git a/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-cancellations.md b/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-cancellations.md index 5d6f2921c..ca4356152 100644 --- a/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-cancellations.md +++ b/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-cancellations.md @@ -33,8 +33,5 @@ When a customer cancels a free or paid plan, your app must perform these steps t 1. If your app is an {% data variables.product.prodname_oauth_app %}, remove all webhooks your app created for repositories. 1. Remove all customer data within 30 days of receiving the `cancelled` event. -{% note %} - -**Note:** We recommend using the [`marketplace_purchase`](/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/webhook-events-for-the-github-marketplace-api) webhook's `effective_date` to determine when a plan change will occur and periodically synchronizing the [List accounts for a plan](/rest/apps/marketplace#list-accounts-for-a-plan). For more information on webhooks, see "[AUTOTITLE](/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/webhook-events-for-the-github-marketplace-api)." - -{% endnote %} +> [!NOTE] +> We recommend using the [`marketplace_purchase`](/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/webhook-events-for-the-github-marketplace-api) webhook's `effective_date` to determine when a plan change will occur and periodically synchronizing the [List accounts for a plan](/rest/apps/marketplace#list-accounts-for-a-plan). For more information on webhooks, see "[AUTOTITLE](/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/webhook-events-for-the-github-marketplace-api)." diff --git a/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-changes.md b/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-changes.md index fe4755bb0..ba48be038 100644 --- a/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-changes.md +++ b/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-plan-changes.md @@ -40,11 +40,8 @@ When a customer downgrades a plan, it's recommended to review whether a customer To encourage people to upgrade you can display an upgrade URL in your app's UI. See "[About upgrade URLs](#about-upgrade-urls)" for more details. -{% note %} - -**Note:** We recommend performing a periodic synchronization using `GET /marketplace_listing/plans/:id/accounts` to ensure your app has the correct plan, billing cycle information, and unit count (for per-unit pricing) for each account. - -{% endnote %} +> [!NOTE] +> We recommend performing a periodic synchronization using `GET /marketplace_listing/plans/:id/accounts` to ensure your app has the correct plan, billing cycle information, and unit count (for per-unit pricing) for each account. ## Failed upgrade payments @@ -62,8 +59,5 @@ For example, if you notice that a customer is on a 5 person plan and needs to mo Use the `LISTING_PLAN_NUMBER` for the plan the customer would like to purchase. When you create new pricing plans they receive a `LISTING_PLAN_NUMBER`, which is unique to each plan across your listing, and a `LISTING_PLAN_ID`, which is unique to each plan in the {% data variables.product.prodname_marketplace %}. You can find these numbers when you [List plans](/rest/apps#list-plans), which identifies your listing's pricing plans. Use the `LISTING_PLAN_ID` and the "[`GET /marketplace_listing/plans/{plan_id}/accounts`](/rest/apps/marketplace#list-accounts-for-a-plan)" endpoint to get the `CUSTOMER_ACCOUNT_ID`. -{% note %} - -**Note:** If your customer upgrades to additional units (such as seats), you can still send them to the appropriate plan for their purchase, but we are unable to support `unit_count` parameters at this time. - -{% endnote %} +> [!NOTE] +> If your customer upgrades to additional units (such as seats), you can still send them to the appropriate plan for their purchase, but we are unable to support `unit_count` parameters at this time. diff --git a/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/rest-endpoints-for-the-github-marketplace-api.md b/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/rest-endpoints-for-the-github-marketplace-api.md index cb4bca5ad..41c94e246 100644 --- a/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/rest-endpoints-for-the-github-marketplace-api.md +++ b/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/rest-endpoints-for-the-github-marketplace-api.md @@ -30,8 +30,5 @@ See these pages for details on how to authenticate when using the {% data variab * [Authorization options for {% data variables.product.prodname_oauth_apps %}](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps) * [Authentication options for {% data variables.product.prodname_github_apps %}](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) -{% note %} - -**Note:** [Rate limits for the REST API](/rest/using-the-rest-api/rate-limits-for-the-rest-api) apply to all {% data variables.product.prodname_marketplace %} API endpoints. - -{% endnote %} +> [!NOTE] +> [Rate limits for the REST API](/rest/using-the-rest-api/rate-limits-for-the-rest-api) apply to all {% data variables.product.prodname_marketplace %} API endpoints. diff --git a/apps/maintaining-github-apps/activating-optional-features-for-github-apps.md b/apps/maintaining-github-apps/activating-optional-features-for-github-apps.md index 9eab002e2..1b2208abf 100644 --- a/apps/maintaining-github-apps/activating-optional-features-for-github-apps.md +++ b/apps/maintaining-github-apps/activating-optional-features-for-github-apps.md @@ -14,11 +14,9 @@ topics: - GitHub Apps shortTitle: Activate optional features --- -{% warning %} -**Warning:** Optional features are subject to change. - -{% endwarning %} +> [!WARNING] +> Optional features are subject to change. ## Activating optional features for {% data variables.product.prodname_github_apps %} diff --git a/apps/maintaining-github-apps/deleting-a-github-app.md b/apps/maintaining-github-apps/deleting-a-github-app.md index a0bcd0a92..1b50989a5 100644 --- a/apps/maintaining-github-apps/deleting-a-github-app.md +++ b/apps/maintaining-github-apps/deleting-a-github-app.md @@ -15,11 +15,8 @@ topics: - GitHub Apps --- -{% note %} - -**Note**: If you want to remove a {% data variables.product.prodname_github_app %} that you use but do not own, see "[AUTOTITLE](/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access)" instead. - -{% endnote %} +> [!NOTE] +> If you want to remove a {% data variables.product.prodname_github_app %} that you use but do not own, see "[AUTOTITLE](/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access)" instead. ## About deleting {% data variables.product.prodname_github_apps %} @@ -29,11 +26,8 @@ When you delete a {% data variables.product.prodname_github_app %} registration, {% ifversion ghec or fpt %} -{% note %} - -**Note**: If your {% data variables.product.prodname_github_app %} is published on {% data variables.product.prodname_marketplace %}, you must remove your app from {% data variables.product.prodname_marketplace %} before you can delete your app. For more information, see "[AUTOTITLE](/apps/publishing-apps-to-github-marketplace/listing-an-app-on-github-marketplace/deleting-your-github-app-listing-from-github-marketplace)." - -{% endnote %} +> [!NOTE] +> If your {% data variables.product.prodname_github_app %} is published on {% data variables.product.prodname_marketplace %}, you must remove your app from {% data variables.product.prodname_marketplace %} before you can delete your app. For more information, see "[AUTOTITLE](/apps/publishing-apps-to-github-marketplace/listing-an-app-on-github-marketplace/deleting-your-github-app-listing-from-github-marketplace)." {% endif %} diff --git a/apps/maintaining-github-apps/suspending-a-github-app-installation.md b/apps/maintaining-github-apps/suspending-a-github-app-installation.md index dfcb00a9c..2714d61c7 100644 --- a/apps/maintaining-github-apps/suspending-a-github-app-installation.md +++ b/apps/maintaining-github-apps/suspending-a-github-app-installation.md @@ -14,11 +14,8 @@ topics: shortTitle: Suspend an installation --- -{% note %} - -**Note**: If you want to suspend a {% data variables.product.prodname_github_app %} that you use but do not own, see "[AUTOTITLE](/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access)" instead. - -{% endnote %} +> [!NOTE] +> If you want to suspend a {% data variables.product.prodname_github_app %} that you use but do not own, see "[AUTOTITLE](/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access)" instead. When a {% data variables.product.prodname_github_app %} is suspended for an installation, the {% data variables.product.prodname_github_app %} cannot access resources owned by that installation account. For example, you might want to suspend your {% data variables.product.prodname_github_app %} if you are worried that your app's credentials were leaked. diff --git a/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md b/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md index 6b039372c..c27305aa2 100644 --- a/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md +++ b/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md @@ -18,15 +18,12 @@ topics: - OAuth apps --- -{% note %} - -**Note**: Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. - -Both {% data variables.product.prodname_oauth_apps %} and {% data variables.product.prodname_github_apps %} use OAuth 2.0. - -{% data variables.product.prodname_github_apps %} can act on behalf of a user, similar to an {% data variables.product.prodname_oauth_app %}, or as themselves, which is beneficial for automations that do not require user input. Additionally, {% data variables.product.prodname_github_apps %} use fine-grained permissions, give the user more control over which repositories the app can access, and use short-lived tokens. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." - -{% endnote %} +> [!NOTE] +> Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. +> +> Both {% data variables.product.prodname_oauth_apps %} and {% data variables.product.prodname_github_apps %} use OAuth 2.0. +> +> {% data variables.product.prodname_github_apps %} can act on behalf of a user, similar to an {% data variables.product.prodname_oauth_app %}, or as themselves, which is beneficial for automations that do not require user input. Additionally, {% data variables.product.prodname_github_apps %} use fine-grained permissions, give the user more control over which repositories the app can access, and use short-lived tokens. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." {% data variables.product.product_name %}'s OAuth implementation supports the standard [authorization code grant type](https://tools.ietf.org/html/rfc6749#section-4.1) and the OAuth 2.0 [Device Authorization Grant](https://tools.ietf.org/html/rfc8628) for apps that don't have access to a web browser. @@ -45,11 +42,8 @@ To authorize your {% data variables.product.prodname_oauth_app %}, consider whic ## Web application flow -{% note %} - -**Note:** If you are building a GitHub App, you can still use the OAuth web application flow, but the setup has some important differences. See "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)" for more information. - -{% endnote %} +> [!NOTE] +> If you are building a GitHub App, you can still use the OAuth web application flow, but the setup has some important differences. See "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)" for more information. The web application flow to authorize users for your app is: @@ -323,11 +317,8 @@ To build this link, you'll need your {% data variables.product.prodname_oauth_ap {% data variables.product.oauth_host_code %}/settings/connections/applications/:client_id ``` -{% tip %} - -**Tip:** To learn more about the resources that your {% data variables.product.prodname_oauth_app %} can access for a user, see "[AUTOTITLE](/rest/guides/discovering-resources-for-a-user)." - -{% endtip %} +> [!TIP] +> To learn more about the resources that your {% data variables.product.prodname_oauth_app %} can access for a user, see "[AUTOTITLE](/rest/guides/discovering-resources-for-a-user)." ## Troubleshooting diff --git a/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md b/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md index 439ed9d5f..2c29ffe5e 100644 --- a/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md +++ b/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md @@ -14,26 +14,22 @@ topics: - OAuth apps --- -{% note %} - -**Note**: Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. - -Both {% data variables.product.prodname_oauth_apps %} and {% data variables.product.prodname_github_apps %} use OAuth 2.0. - -{% data variables.product.prodname_oauth_apps %} can only act on behalf of a user while {% data variables.product.prodname_github_apps %} can either act on behalf of a user or independently of a user. - -{% data variables.product.prodname_github_apps %} use fine-grained permissions, give the user more control over which repositories the app can access, and use short-lived tokens. - -For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." - -{% endnote %} +> [!NOTE] +> Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. +> +> Both {% data variables.product.prodname_oauth_apps %} and {% data variables.product.prodname_github_apps %} use OAuth 2.0. +> +> {% data variables.product.prodname_oauth_apps %} can only act on behalf of a user while {% data variables.product.prodname_github_apps %} can either act on behalf of a user or independently of a user. +> +> {% data variables.product.prodname_github_apps %} use fine-grained permissions, give the user more control over which repositories the app can access, and use short-lived tokens. +> +> For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." {% ifversion fpt or ghec %} -{% note %} - **Note:** {% data reusables.apps.maximum-oauth-apps-allowed %} +> [!NOTE] +> {% data reusables.apps.maximum-oauth-apps-allowed %} -{% endnote %} {% endif %} {% data reusables.user-settings.access_settings %} @@ -41,27 +37,21 @@ For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/diff {% data reusables.user-settings.oauth_apps %} 1. Click **New OAuth App**. - {% note %} - - **Note:** If you haven't created an app before, this button will say, **Register a new application**. + > [!NOTE] + > If you haven't created an app before, this button will say, **Register a new application**. - {% endnote %} 1. In "Application name", type the name of your app. - {% warning %} - - **Warning:** Only use information in your {% data variables.product.prodname_oauth_app %} that you consider public. Avoid using sensitive data, such as internal URLs, when creating an {% data variables.product.prodname_oauth_app %}. - - {% endwarning %} + > [!WARNING] + > Only use information in your {% data variables.product.prodname_oauth_app %} that you consider public. Avoid using sensitive data, such as internal URLs, when creating an {% data variables.product.prodname_oauth_app %}. 1. In "Homepage URL", type the full URL to your app's website. 1. Optionally, in "Application description", type a description of your app that users will see. 1. In "Authorization callback URL", type the callback URL of your app. - {% note %} - **Note:** {% data variables.product.prodname_oauth_apps %} cannot have multiple callback URLs, unlike {% data variables.product.prodname_github_apps %}. + > [!NOTE] + > {% data variables.product.prodname_oauth_apps %} cannot have multiple callback URLs, unlike {% data variables.product.prodname_github_apps %}. - {% endnote %} 1. If your {% data variables.product.prodname_oauth_app %} will use the device flow to identify and authorize users, click **Enable Device Flow**. For more information about the device flow, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." 1. Click **Register application**. diff --git a/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps.md b/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps.md index bc4bc9fb0..d7d09058e 100644 --- a/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps.md +++ b/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps.md @@ -71,11 +71,8 @@ An _authorized_ {% data variables.product.prodname_oauth_app %} has access to al ## Token-based identification -{% note %} - -**Note:** GitHub Apps can also use a user-based token. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)." - -{% endnote %} +> [!NOTE] +> GitHub Apps can also use a user-based token. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)." | GitHub Apps | {% data variables.product.prodname_oauth_apps %} | | ----- | ----------- | diff --git a/apps/oauth-apps/building-oauth-apps/rate-limits-for-oauth-apps.md b/apps/oauth-apps/building-oauth-apps/rate-limits-for-oauth-apps.md index 08f95595c..d417fd9f1 100644 --- a/apps/oauth-apps/building-oauth-apps/rate-limits-for-oauth-apps.md +++ b/apps/oauth-apps/building-oauth-apps/rate-limits-for-oauth-apps.md @@ -10,11 +10,8 @@ topics: shortTitle: Rate limits --- -{% note %} - -**Note**: Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. The rate limit for {% data variables.product.prodname_github_apps %} using an installation access token scales with the number of repositories and number of organization users. Conversely, {% data variables.product.prodname_oauth_apps %} have lower rate limits and do not scale. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." - -{% endnote %} +> [!NOTE] +> Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. The rate limit for {% data variables.product.prodname_github_apps %} using an installation access token scales with the number of repositories and number of organization users. Conversely, {% data variables.product.prodname_oauth_apps %} have lower rate limits and do not scale. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." ## About rate limits for {% data variables.product.prodname_oauth_apps %} diff --git a/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md b/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md index 343af94d9..f59c64709 100644 --- a/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md +++ b/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md @@ -15,19 +15,13 @@ topics: - OAuth apps --- -{% note %} - -**Note**: Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. {% data variables.product.prodname_github_apps %} use fine-grained permissions instead of scopes, which give you more control over what your app can do. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." - -{% endnote %} +> [!NOTE] +> Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. {% data variables.product.prodname_github_apps %} use fine-grained permissions instead of scopes, which give you more control over what your app can do. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps)" and "[AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps)." When setting up an {% data variables.product.prodname_oauth_app %} on GitHub, requested scopes are displayed to the user on the authorization form. -{% note %} - -**Note:** If you're building a GitHub App, you don’t need to provide scopes in your authorization request. For more on this, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)." - -{% endnote %} +> [!NOTE] +> If you're building a GitHub App, you don’t need to provide scopes in your authorization request. For more on this, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps)." If your {% data variables.product.prodname_oauth_app %} doesn't have access to a browser, such as a CLI tool, then you don't need to specify a scope for users to authenticate to your app. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." @@ -49,7 +43,7 @@ Name | Description -----|-----------| **`(no scope)`** | Grants read-only access to public information (including user profile info, repository info, and gists){% ifversion ghes %} **`site_admin`** | Grants site administrators access to [{% data variables.product.prodname_ghe_server %} Administration API endpoints](/rest/enterprise-admin).{% endif %} -**`repo`** | Grants full access to public{% ifversion ghec or ghes %}, internal,{% endif %} and private repositories including read and write access to code, commit statuses, repository invitations, collaborators, deployment statuses, and repository webhooks. **Note**: In addition to repository related resources, the `repo` scope also grants access to manage organization-owned resources including projects, invitations, team memberships and webhooks. This scope also grants the ability to manage projects owned by users. +**`repo`** | Grants full access to public{% ifversion ghec or ghes %}, internal,{% endif %} and private repositories including read and write access to code, commit statuses, repository invitations, collaborators, deployment statuses, and repository webhooks. **Note:** In addition to repository related resources, the `repo` scope also grants access to manage organization-owned resources including projects, invitations, team memberships and webhooks. This scope also grants the ability to manage projects owned by users.  `repo:status`| Grants read/write access to commit statuses in {% ifversion fpt %}public and private{% elsif ghec or ghes %}public, private, and internal{% endif %} repositories. This scope is only necessary to grant other users or services access to private repository commit statuses _without_ granting access to the code.  `repo_deployment`| Grants access to [deployment statuses](/rest/repos#deployments) for public and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, _without_ granting access to the code.  `public_repo`| Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories. @@ -89,16 +83,15 @@ Name | Description  `manage_billing:enterprise` | Read and write enterprise billing data. For more information, see "[AUTOTITLE](/rest/billing)." {% endif %}  `read:enterprise` | Read all data on an enterprise profile. Does not include profile data of enterprise members or organizations.{% endif %}{% ifversion read-audit-scope %} **`read:audit_log`** | Read audit log data.{% endif %} -{% note %} - -**Note:** Your {% data variables.product.prodname_oauth_app %} can request the scopes in the initial redirection. You -can specify multiple scopes by separating them with a space using `%20`: - - https://github.com/login/oauth/authorize? - client_id=...& - scope=user%20repo_deployment -{% endnote %} +> [!NOTE] +> Your {% data variables.product.prodname_oauth_app %} can request the scopes in the initial redirection. You can specify multiple scopes by separating them with a space using `%20`: +> +> ```text +> https://github.com/login/oauth/authorize? +> client_id=...& +> scope=user%20repo_deployment +> ``` ## Requested scopes and granted scopes diff --git a/apps/oauth-apps/maintaining-oauth-apps/activating-optional-features-for-oauth-apps.md b/apps/oauth-apps/maintaining-oauth-apps/activating-optional-features-for-oauth-apps.md index 647fe4b09..3b460ab85 100644 --- a/apps/oauth-apps/maintaining-oauth-apps/activating-optional-features-for-oauth-apps.md +++ b/apps/oauth-apps/maintaining-oauth-apps/activating-optional-features-for-oauth-apps.md @@ -9,11 +9,9 @@ topics: - OAuth apps shortTitle: Activate optional features --- -{% warning %} -**Warning:** Optional features are subject to change. - -{% endwarning %} +> [!WARNING] +> Optional features are subject to change. ## Activating optional features for {% data variables.product.prodname_oauth_apps %} diff --git a/apps/oauth-apps/maintaining-oauth-apps/troubleshooting-oauth-app-access-token-request-errors.md b/apps/oauth-apps/maintaining-oauth-apps/troubleshooting-oauth-app-access-token-request-errors.md index bdc109d8e..f085f84f1 100644 --- a/apps/oauth-apps/maintaining-oauth-apps/troubleshooting-oauth-app-access-token-request-errors.md +++ b/apps/oauth-apps/maintaining-oauth-apps/troubleshooting-oauth-app-access-token-request-errors.md @@ -14,11 +14,9 @@ topics: - OAuth apps shortTitle: Troubleshoot token request --- -{% note %} -**Note:** These examples only show JSON responses. - -{% endnote %} +> [!NOTE] +> These examples only show JSON responses. ## Incorrect client credentials diff --git a/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md b/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md index 8b68cf377..e45e08ae7 100644 --- a/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md +++ b/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md @@ -18,11 +18,8 @@ When an {% data variables.product.prodname_oauth_app %} wants to identify you by {% ifversion fpt or ghec %} -{% tip %} - -**Tip:** You must [verify your email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address) before you can authorize an {% data variables.product.prodname_oauth_app %}. - -{% endtip %} +> [!TIP] +> You must [verify your email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address) before you can authorize an {% data variables.product.prodname_oauth_app %}. {% endif %} @@ -33,11 +30,8 @@ When an {% data variables.product.prodname_oauth_app %} wants to identify you by * **Read access** only allows an app to _look at_ your data. * **Write access** allows an app to _change_ your data. -{% tip %} - -**Tip:** {% data reusables.user-settings.review_oauth_tokens_tip %} - -{% endtip %} +> [!TIP] +> {% data reusables.user-settings.review_oauth_tokens_tip %} ### About OAuth scopes @@ -45,11 +39,8 @@ _Scopes_ are named groups of permissions that an {% data variables.product.prodn When you want to use an {% data variables.product.prodname_oauth_app %} that integrates with {% data variables.product.product_name %}, that app lets you know what type of access to your data will be required. If you grant access to the app, then the app will be able to perform actions on your behalf, such as reading or modifying data. For example, if you want to use an app that requests `user:email` scope, the app will have read-only access to your private email addresses. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps)." -{% tip %} - -**Note:** Currently, you can't scope source code access to read-only. - -{% endtip %} +> [!NOTE] +> Currently, you can't scope source code access to read-only. {% data reusables.user-settings.token_access_capabilities %} For example, an application can create an access token that is configured with an `admin:org` scope, but if the user of the application is not an organization owner, the application will not be granted administrative access to the organization. @@ -90,11 +81,8 @@ When you authorize an {% data variables.product.prodname_oauth_app %} for your p If you belong to any organizations with SAML single sign-on (SSO) enabled, and you have created a linked identity for that organization by authenticating via SAML in the past, you must have an active SAML session for each organization each time you authorize an {% data variables.product.prodname_oauth_app %}. -{% note %} - -**Note:** If you're encountering issues with an authorized {% data variables.product.prodname_oauth_app %} or {% data variables.product.prodname_github_app %} accessing an organization that is protected by SAML, you may need to revoke the app from your [Authorized {% data variables.product.prodname_github_apps %}](https://github.com/settings/applications) or [Authorized {% data variables.product.prodname_oauth_apps %}](https://github.com/settings/apps/authorizations) page, visit the organization to authenticate and establish an active SAML session, and then attempt to reauthorize the app by accessing it. - -{% endnote %} +> [!NOTE] +> If you're encountering issues with an authorized {% data variables.product.prodname_oauth_app %} or {% data variables.product.prodname_github_app %} accessing an organization that is protected by SAML, you may need to revoke the app from your [Authorized {% data variables.product.prodname_github_apps %}](https://github.com/settings/applications) or [Authorized {% data variables.product.prodname_oauth_apps %}](https://github.com/settings/apps/authorizations) page, visit the organization to authenticate and establish an active SAML session, and then attempt to reauthorize the app by accessing it. ## Further reading diff --git a/apps/oauth-apps/using-oauth-apps/connecting-with-third-party-applications.md b/apps/oauth-apps/using-oauth-apps/connecting-with-third-party-applications.md index 51a8bf48e..1c4be9d6b 100644 --- a/apps/oauth-apps/using-oauth-apps/connecting-with-third-party-applications.md +++ b/apps/oauth-apps/using-oauth-apps/connecting-with-third-party-applications.md @@ -37,17 +37,11 @@ _Scopes_ are named groups of permissions that an application can request to acce When you want to use a third-party application that integrates with {% data variables.product.product_name %}, that application lets you know what type of access to your data will be required. If you grant access to the application, then the application will be able to perform actions on your behalf, such as reading or modifying data. For example, if you want to use an app that requests `user:email` scope, the app will have read-only access to your private email addresses. For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps)." -{% tip %} +> [!NOTE] +> Currently, you can't scope source code access to read-only. -**Note:** Currently, you can't scope source code access to read-only. - -{% endtip %} - -{% tip %} - -**Tip:** {% data reusables.user-settings.review_oauth_tokens_tip %} - -{% endtip %} +> [!TIP] +> {% data reusables.user-settings.review_oauth_tokens_tip %} ### Types of requested data diff --git a/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md b/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md index 9265fc8b3..58c756198 100644 --- a/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md +++ b/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md @@ -172,11 +172,8 @@ To complete the handshake, send the temporary `code` in a `POST` request to the You must complete this step of the {% data variables.product.prodname_github_app %} Manifest flow within one hour. -{% note %} - -**Note:** This endpoint is rate limited. See [Rate limits](/rest/rate-limit/rate-limit) to learn how to get your current rate limit status. - -{% endnote %} +> [!NOTE] +> This endpoint is rate limited. See [Rate limits](/rest/rate-limit/rate-limit) to learn how to get your current rate limit status. POST /app-manifests/{code}/conversions diff --git a/apps/using-github-apps/authorizing-github-apps.md b/apps/using-github-apps/authorizing-github-apps.md index 6e17b938d..ea3c73047 100644 --- a/apps/using-github-apps/authorizing-github-apps.md +++ b/apps/using-github-apps/authorizing-github-apps.md @@ -28,11 +28,10 @@ When authorizing the {% data variables.product.prodname_github_app %}, you shoul You can review and revoke your authorization at any time. For more information, see "[AUTOTITLE](/apps/using-github-apps/reviewing-your-authorized-integrations)." {% ifversion ghec %} -{% note %} -**Note**: If your organization uses SAML SSO and you cannot see your organization's resources after you authorize a {% data variables.product.prodname_github_app %}, you may need to reauthorize the app after starting an active SAML session for your organization. For more information, see "[AUTOTITLE](/apps/using-github-apps/saml-and-github-apps)." +> [!NOTE] +> If your organization uses SAML SSO and you cannot see your organization's resources after you authorize a {% data variables.product.prodname_github_app %}, you may need to reauthorize the app after starting an active SAML session for your organization. For more information, see "[AUTOTITLE](/apps/using-github-apps/saml-and-github-apps)." -{% endnote %} {% endif %} ## About {% data variables.product.prodname_github_apps %} acting on your behalf diff --git a/apps/using-github-apps/installing-a-github-app-from-a-third-party.md b/apps/using-github-apps/installing-a-github-app-from-a-third-party.md index 219f0660d..8ed8085e2 100644 --- a/apps/using-github-apps/installing-a-github-app-from-a-third-party.md +++ b/apps/using-github-apps/installing-a-github-app-from-a-third-party.md @@ -55,11 +55,10 @@ During the installation process, the app owner will direct you to a {% data vari 1. Select the location where you want to install the {% data variables.product.prodname_github_app %}. You can select your personal account or an organization that you are a member of. {% ifversion ghec %} - {% note %} - **Note**: {% data reusables.apps.github_app_install_saml %} + > [!NOTE] + > {% data reusables.apps.github_app_install_saml %} - {% endnote %} {% endif %} 1. If the app requires repository permissions, select **All repositories** or **Only select repositories**. The app will always have at least read-only access to all public repositories on {% data variables.product.company_short %}. diff --git a/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner.md b/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner.md index b3130bab6..4f80dac47 100644 --- a/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner.md +++ b/apps/using-github-apps/requesting-a-github-app-from-your-organization-owner.md @@ -7,12 +7,9 @@ versions: shortTitle: Request for org --- -{% note %} - -**Note**: Currently, you can only request a {% data variables.product.prodname_github_app %} from your organization owner when installing the {% data variables.product.prodname_github_app %} directly from the {% data variables.product.prodname_github_app %} owner, not when installing a {% data variables.product.prodname_github_app %} from {% data variables.product.prodname_marketplace %}. - -If you find a {% data variables.product.prodname_github_app %} on {% data variables.product.prodname_marketplace %} that you want your organization owner to install, you must make the request from the {% data variables.product.prodname_github_app %}'s public installation page. The URL for a {% data variables.product.prodname_github_app %} public installation page is `https://github.com/apps/APP-NAME/installations/new`, where `APP-NAME` is the name of the {% data variables.product.prodname_github_app %}. - -{% endnote %} +> [!NOTE] +> Currently, you can only request a {% data variables.product.prodname_github_app %} from your organization owner when installing the {% data variables.product.prodname_github_app %} directly from the {% data variables.product.prodname_github_app %} owner, not when installing a {% data variables.product.prodname_github_app %} from {% data variables.product.prodname_marketplace %}. +> +> If you find a {% data variables.product.prodname_github_app %} on {% data variables.product.prodname_marketplace %} that you want your organization owner to install, you must make the request from the {% data variables.product.prodname_github_app %}'s public installation page. The URL for a {% data variables.product.prodname_github_app %} public installation page is `https://github.com/apps/APP-NAME/installations/new`, where `APP-NAME` is the name of the {% data variables.product.prodname_github_app %}. Organization members can send a request for their organization owner to install a {% data variables.product.prodname_github_app %} on the organization. To do so, follow the steps outlined in "[AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-a-third-party#installing-a-github-app)." If you don't have permission to install the {% data variables.product.prodname_github_app %} on the organization, {% data variables.product.company_short %} will send an email to the organization owner to notify them of the request. The organization owner can modify the repositories that you selected and choose whether to install the {% data variables.product.prodname_github_app %}. diff --git a/apps/using-github-apps/reviewing-and-modifying-installed-github-apps.md b/apps/using-github-apps/reviewing-and-modifying-installed-github-apps.md index 152eba9b4..b3707cfda 100644 --- a/apps/using-github-apps/reviewing-and-modifying-installed-github-apps.md +++ b/apps/using-github-apps/reviewing-and-modifying-installed-github-apps.md @@ -34,11 +34,8 @@ In addition to reviewing {% data variables.product.prodname_github_apps %} that * For a repository where a {% data variables.product.prodname_github_app %} was granted access: - {% note %} - - **Note**: In the following steps, you will be taken to the account settings for the organization or personal account where the {% data variables.product.prodname_github_app %} is installed. The settings will affect all repositories where the app is installed under that account, not just the repository where you navigated from. - - {% endnote %} + > [!NOTE] + > In the following steps, you will be taken to the account settings for the organization or personal account where the {% data variables.product.prodname_github_app %} is installed. The settings will affect all repositories where the app is installed under that account, not just the repository where you navigated from. 1. Navigate to the main page of the organization or repository. 1. Click {% octicon "gear" aria-label="The Settings gear" %} **Settings**. diff --git a/authentication/authenticating-with-a-passkey/managing-your-passkeys.md b/authentication/authenticating-with-a-passkey/managing-your-passkeys.md index 39b597a6e..fb28e0430 100644 --- a/authentication/authenticating-with-a-passkey/managing-your-passkeys.md +++ b/authentication/authenticating-with-a-passkey/managing-your-passkeys.md @@ -24,14 +24,9 @@ For information on how to remove a passkey from your account, see "[Removing a p ## Upgrading an existing security key to a passkey -{% note %} - -**Notes:** - -* Platform support for upgrading security keys is inconsistent, so if you're seeing failures from your operating system or browser when trying to register an existing credential, we suggest that you remove and re-register the security key. -* If you have used a security key recently and it's eligible for an upgrade, an upgrade button will be shown next to the security key in the settings menu. You can use the button to trigger the upgrade flow. You can also attempt to upgrade other keys by registering them as a passkey, even if the upgrade button isn't shown. - -{% endnote %} +> [!NOTE] +> * Platform support for upgrading security keys is inconsistent, so if you're seeing failures from your operating system or browser when trying to register an existing credential, we suggest that you remove and re-register the security key. +> * If you have used a security key recently and it's eligible for an upgrade, an upgrade button will be shown next to the security key in the settings menu. You can use the button to trigger the upgrade flow. You can also attempt to upgrade other keys by registering them as a passkey, even if the upgrade button isn't shown. Before starting the upgrade procedure, make sure that you are using the device that's linked to the existing security key. Then, when you click **Add a passkey** in your account settings, {% data variables.product.company_short %} will automatically bump you into the "Upgrade to a passkey" flow. diff --git a/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on.md b/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on.md index 962b32513..804d284ba 100644 --- a/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on.md +++ b/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on.md @@ -21,11 +21,8 @@ You can authorize an existing SSH key, or create a new SSH key and then authoriz {% data reusables.saml.authorized-creds-info %} -{% note %} - -**Note:** If your SSH key authorization is revoked by an organization, you will not be able to reauthorize the same key. You will need to create a new SSH key and authorize it. For more information about creating a new SSH key, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)." - -{% endnote %} +> [!NOTE] +> If your SSH key authorization is revoked by an organization, you will not be able to reauthorize the same key. You will need to create a new SSH key and authorize it. For more information about creating a new SSH key, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)." You do not need to authorize SSH certificates signed by your organization's SSH certificate authority (CA). diff --git a/authentication/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions.md b/authentication/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions.md index 4f9d359ce..c7e4b31fa 100644 --- a/authentication/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions.md +++ b/authentication/authenticating-with-saml-single-sign-on/viewing-and-managing-your-active-saml-sessions.md @@ -21,11 +21,8 @@ You can view a list of devices that have logged into your account, and revoke an 1. To see the session details, next to the session, click **See more**. 1. To revoke a session, in the session details, click **Revoke SAML**. - {% note %} - - **Note:** When you revoke a session, you remove your SAML authentication to that organization. To access the organization again, you will need to single sign-on through your identity provider. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on)." - - {% endnote %} + > [!NOTE] + > When you revoke a session, you remove your SAML authentication to that organization. To access the organization again, you will need to single sign-on through your identity provider. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on)." ## Further reading diff --git a/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md b/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md index 1dbd51dff..4e5369702 100644 --- a/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md +++ b/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md @@ -39,11 +39,8 @@ Before you generate a new SSH key, you should check your local machine for exist * _id_ecdsa.pub_ * _id_ed25519.pub_ - {% tip %} - - **Tip**: If you receive an error that _~/.ssh_ doesn't exist, you do not have an existing SSH key pair in the default location. You can create a new SSH key pair in the next step. - - {% endtip %} + > [!TIP] + > If you receive an error that _~/.ssh_ doesn't exist, you do not have an existing SSH key pair in the default location. You can create a new SSH key pair in the next step. 1. Either generate a new SSH key or upload an existing key. * If you don't have a supported public and private key pair, or don't wish to use any that are available, generate a new SSH key. diff --git a/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md b/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md index 4acead231..f35c4710b 100644 --- a/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md +++ b/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md @@ -45,15 +45,12 @@ If you are a site administrator for {% data variables.location.product_location_ ssh-keygen -t ed25519 -C "your_email@example.com" ``` - {% note %} - - **Note:** If you are using a legacy system that doesn't support the Ed25519 algorithm, use: - - ```shell - ssh-keygen -t rsa -b 4096 -C "your_email@example.com" - ``` - - {% endnote %} + > [!NOTE] + > If you are using a legacy system that doesn't support the Ed25519 algorithm, use: + > + > ```shell + > ssh-keygen -t rsa -b 4096 -C "your_email@example.com" + > ``` This creates a new SSH key, using the provided email as a label. @@ -126,20 +123,14 @@ Before adding a new SSH key to the ssh-agent to manage your keys, you should hav IdentityFile ~/.ssh/id_ed25519 ``` - {% note %} - - **Notes:** - - * If you chose not to add a passphrase to your key, you should omit the `UseKeychain` line. - - * If you see a `Bad configuration option: usekeychain` error, add an additional line to the configuration's' `Host *.{% ifversion ghes %}HOSTNAME{% else %}github.com{% endif %}` section. - - ```text copy - Host {% ifversion ghes %}HOSTNAME{% else %}github.com{% endif %} - IgnoreUnknown UseKeychain - ``` - - {% endnote %} + > [!NOTE] + > * If you chose not to add a passphrase to your key, you should omit the `UseKeychain` line. + > * If you see a `Bad configuration option: usekeychain` error, add an additional line to the configuration's' `Host *.{% ifversion ghes %}HOSTNAME{% else %}github.com{% endif %}` section. + > + > ```text copy + > Host {% ifversion ghes %}HOSTNAME{% else %}github.com{% endif %} + > IgnoreUnknown UseKeychain + > ``` 1. Add your SSH private key to the ssh-agent and store your passphrase in the keychain. {% data reusables.ssh.add-ssh-key-to-ssh-agent %} @@ -223,15 +214,12 @@ If you are using macOS or Linux, you may need to update your SSH client or insta {% endlinux %} - {% note %} - - **Note:** If the command fails and you receive the error `invalid format` or `feature not supported,` you may be using a hardware security key that does not support the Ed25519 algorithm. Enter the following command instead. - - ```shell - ssh-keygen -t ecdsa-sk -C "your_email@example.com" - ``` - - {% endnote %} + > [!NOTE] + > If the command fails and you receive the error `invalid format` or `feature not supported,` you may be using a hardware security key that does not support the Ed25519 algorithm. Enter the following command instead. + > + > ```shell + > ssh-keygen -t ecdsa-sk -C "your_email@example.com" + > ``` 1. When you are prompted, touch the button on your hardware security key. 1. When you are prompted to "Enter a file in which to save the key," press Enter to accept the default file location. diff --git a/authentication/connecting-to-github-with-ssh/managing-deploy-keys.md b/authentication/connecting-to-github-with-ssh/managing-deploy-keys.md index d1f0d655d..59e336391 100644 --- a/authentication/connecting-to-github-with-ssh/managing-deploy-keys.md +++ b/authentication/connecting-to-github-with-ssh/managing-deploy-keys.md @@ -167,15 +167,12 @@ If your server needs to access multiple repositories, you can create a new accou {% ifversion fpt or ghec %} -{% tip %} - -**Tip:** Our [terms of service][tos] state: - -> _Accounts registered by "bots" or other automated methods are not permitted._ - -This means that you cannot automate the creation of accounts. But if you want to create a single machine user for automating tasks such as deploy scripts in your project or organization, that is totally cool. - -{% endtip %} +> [!TIP] +> Our [terms of service][tos] state: +> +> > _Accounts registered by "bots" or other automated methods are not permitted._ +> +> This means that you cannot automate the creation of accounts. But if you want to create a single machine user for automating tasks such as deploy scripts in your project or organization, that is totally cool. {% endif %} diff --git a/authentication/connecting-to-github-with-ssh/testing-your-ssh-connection.md b/authentication/connecting-to-github-with-ssh/testing-your-ssh-connection.md index 4a5108d8d..b4bb6b5e8 100644 --- a/authentication/connecting-to-github-with-ssh/testing-your-ssh-connection.md +++ b/authentication/connecting-to-github-with-ssh/testing-your-ssh-connection.md @@ -65,10 +65,7 @@ You'll need to authenticate this action using your password, which is the SSH ke {% endlinux %} - {% note %} - - **Note:** The remote command should exit with code 1. - - {% endnote %} + > [!NOTE] + > The remote command should exit with code 1. 1. Verify that the resulting message contains your username. If you receive a "permission denied" message, see "[AUTOTITLE](/authentication/troubleshooting-ssh/error-permission-denied-publickey)." diff --git a/authentication/connecting-to-github-with-ssh/using-ssh-agent-forwarding.md b/authentication/connecting-to-github-with-ssh/using-ssh-agent-forwarding.md index 7430f64bc..e0988ff8b 100644 --- a/authentication/connecting-to-github-with-ssh/using-ssh-agent-forwarding.md +++ b/authentication/connecting-to-github-with-ssh/using-ssh-agent-forwarding.md @@ -45,11 +45,8 @@ We're off to a great start. Let's set up SSH to allow agent forwarding to your s Host example.com ForwardAgent yes -{% warning %} - -**Warning:** You may be tempted to use a wildcard like `Host *` to just apply this setting to all SSH connections. That's not really a good idea, as you'd be sharing your local SSH keys with _every_ server you SSH into. They won't have direct access to the keys, but they will be able to use them _as you_ while the connection is established. **You should only add servers you trust and that you intend to use with agent forwarding.** - -{% endwarning %} +> [!WARNING] +> You may be tempted to use a wildcard like `Host *` to just apply this setting to all SSH connections. That's not really a good idea, as you'd be sharing your local SSH keys with _every_ server you SSH into. They won't have direct access to the keys, but they will be able to use them _as you_ while the connection is established. **You should only add servers you trust and that you intend to use with agent forwarding.** ## Testing SSH agent forwarding diff --git a/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases.md b/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases.md index aa481da83..636de271b 100644 --- a/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases.md +++ b/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases.md @@ -67,11 +67,8 @@ unset env If your private key is not stored in one of the default locations (like `~/.ssh/id_rsa`), you'll need to tell your SSH authentication agent where to find it. To add your key to ssh-agent, type `ssh-add ~/path/to/my_key`. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)" -{% tip %} - -**Tip:** If you want `ssh-agent` to forget your key after some time, you can configure it to do so by running `ssh-add -t `. - -{% endtip %} +> [!TIP] +> If you want `ssh-agent` to forget your key after some time, you can configure it to do so by running `ssh-add -t `. Now, when you first run Git Bash, you are prompted for your passphrase: diff --git a/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md b/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md index 16d775747..fcfa4480a 100644 --- a/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md +++ b/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md @@ -58,11 +58,10 @@ If you need to use multiple accounts on {% data variables.location.product_locat * In addition to authentication with a TOTP application{% ifversion fpt or ghec %} or a text message{% endif %}, you can optionally add an alternative method of authentication with {% ifversion fpt or ghec %}{% data variables.product.prodname_mobile %} or{% endif %} a security key using WebAuthn. For more information, see {% ifversion fpt or ghec %}"[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-github-mobile)" and {% endif %}"[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key)." {% ifversion fpt or ghec %} - {% note %} - **Note:** {% data reusables.two_fa.unlink-email-address %} + > [!NOTE] + > {% data reusables.two_fa.unlink-email-address %} - {% endnote %} {% endif %}{% ifversion passkeys %} * **Passkey** * You can add a passkey to your account to enable a secure, passwordless login. Passkeys satisfy both password and 2FA requirements, so you can complete your sign in with a single step. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)."{% endif %} diff --git a/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md b/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md index 6c98ad6fe..376741ee4 100644 --- a/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md +++ b/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md @@ -27,11 +27,8 @@ If you access {% data variables.product.github %} on a subdomain of {% data vari {% endif %} -{% note %} - -**Note:** The list of {% data variables.product.prodname_dotcom %} IP addresses returned by the Meta API is not intended to be an exhaustive list. For example, IP addresses for some {% data variables.product.prodname_dotcom %} services might not be listed, such as LFS or {% data variables.product.prodname_registry %}. - -{% endnote %} +> [!NOTE] +> The list of {% data variables.product.prodname_dotcom %} IP addresses returned by the Meta API is not intended to be an exhaustive list. For example, IP addresses for some {% data variables.product.prodname_dotcom %} services might not be listed, such as LFS or {% data variables.product.prodname_registry %}. These IP addresses are used by {% data variables.product.prodname_dotcom %} to serve our content, deliver webhooks, and perform hosted {% data variables.product.prodname_actions %} builds. diff --git a/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md b/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md index ae005010c..b05d59632 100644 --- a/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md +++ b/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md @@ -20,11 +20,8 @@ topics: - Access management --- -{% warning %} - -**Warning**: Treat your access tokens like passwords. For more information, see "[Keeping your {% data variables.product.pat_generic %}s secure](#keeping-your-personal-access-tokens-secure)." - -{% endwarning %} +> [!WARNING] +> Treat your access tokens like passwords. For more information, see "[Keeping your {% data variables.product.pat_generic %}s secure](#keeping-your-personal-access-tokens-secure)." ## About {% data variables.product.pat_generic %}s @@ -76,11 +73,8 @@ For more information about best practices, see "[AUTOTITLE](/rest/overview/keepi ## Creating a {% data variables.product.pat_v2 %} -{% note %} - -**Note**: {% data reusables.user-settings.pat-v2-beta %} - -{% endnote %} +> [!NOTE] +> {% data reusables.user-settings.pat-v2-beta %} {% ifversion fpt or ghec %}1. [Verify your email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address), if it hasn't been verified yet.{% endif %} {% data reusables.user-settings.access_settings %} @@ -104,17 +98,11 @@ If you selected an organization as the resource owner and the organization requi ## Creating a {% data variables.product.pat_v1 %} -{% note %} - -**Note**: Organization owners can restrict the access of {% data variables.product.pat_v1 %} to their organization. If you try to use a {% data variables.product.pat_v1 %} to access resources in an organization that has disabled {% data variables.product.pat_v1 %} access, your request will fail with a 403 response. Instead, you must use a {% data variables.product.prodname_github_app %}, {% data variables.product.prodname_oauth_app %}, or {% data variables.product.pat_v2 %}. - -{% endnote %} - -{% warning %} - -**Note**: Your {% data variables.product.pat_v1 %} can access every repository that you can access. {% data variables.product.company_short %} recommends that you use {% data variables.product.pat_v2 %}s instead, which you can restrict to specific repositories. {% data variables.product.pat_v2_caps %}s also enable you to specify fine-grained permissions instead of broad scopes. +> [!NOTE] +> Organization owners can restrict the access of {% data variables.product.pat_v1 %} to their organization. If you try to use a {% data variables.product.pat_v1 %} to access resources in an organization that has disabled {% data variables.product.pat_v1 %} access, your request will fail with a 403 response. Instead, you must use a {% data variables.product.prodname_github_app %}, {% data variables.product.prodname_oauth_app %}, or {% data variables.product.pat_v2 %}. -{% endwarning %} +> [!WARNING] +> Your {% data variables.product.pat_v1 %} can access every repository that you can access. {% data variables.product.company_short %} recommends that you use {% data variables.product.pat_v2 %}s instead, which you can restrict to specific repositories. {% data variables.product.pat_v2_caps %}s also enable you to specify fine-grained permissions instead of broad scopes. {% ifversion fpt or ghec %}1. [Verify your email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address), if it hasn't been verified yet.{% endif %} {% data reusables.user-settings.access_settings %} diff --git a/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys.md b/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys.md index 952a864ef..962434f5b 100644 --- a/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys.md +++ b/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys.md @@ -23,11 +23,8 @@ You can delete unauthorized (or possibly compromised) SSH keys to ensure that an {% data reusables.user-settings.ssh %} 1. Under "SSH keys", take note of the SSH keys associated with your account. For those that you don't recognize, or that are out-of-date, click **Delete**. If there are valid SSH keys you'd like to keep, click **Approve**. - {% note %} - - **Note:** If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. - - {% endnote %} + > [!NOTE] + > If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. 1. Open Terminal. @@ -50,11 +47,8 @@ You can delete unauthorized (or possibly compromised) SSH keys to ensure that an {% data reusables.user-settings.ssh %} 1. Under "SSH keys", take note of the SSH keys associated with your account. For those that you don't recognize, or that are out-of-date, click **Delete**. If there are valid SSH keys you'd like to keep, click **Approve**. - {% note %} - - **Note:** If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. - - {% endnote %} + > [!NOTE] + > If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. 1. Open Git Bash. @@ -81,11 +75,8 @@ You can delete unauthorized (or possibly compromised) SSH keys to ensure that an {% data reusables.user-settings.ssh %} 1. Under "SSH keys", take note of the SSH keys associated with your account. For those that you don't recognize, or that are out-of-date, click **Delete**. If there are valid SSH keys you'd like to keep, click **Approve**. - {% note %} - - **Note:** If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. - - {% endnote %} + > [!NOTE] + > If you're auditing your SSH keys due to an unsuccessful Git operation, the unverified key that caused the [SSH key audit error](/articles/error-we-re-doing-an-ssh-key-audit) will be highlighted in the list of SSH keys. 1. Open Terminal. @@ -102,8 +93,5 @@ You can delete unauthorized (or possibly compromised) SSH keys to ensure that an {% endlinux %} -{% warning %} - -**Warning**: If you see an SSH key you're not familiar with on {% data variables.product.product_name %}, delete it immediately and contact {% data variables.contact.contact_support %} for further help. An unidentified public key may indicate a possible security concern. - -{% endwarning %} +> [!WARNING] +> If you see an SSH key you're not familiar with on {% data variables.product.product_name %}, delete it immediately and contact {% data variables.contact.contact_support %} for further help. An unidentified public key may indicate a possible security concern. diff --git a/authentication/keeping-your-account-and-data-secure/security-log-events.md b/authentication/keeping-your-account-and-data-secure/security-log-events.md index c32cda4c9..3fa0218da 100644 --- a/authentication/keeping-your-account-and-data-secure/security-log-events.md +++ b/authentication/keeping-your-account-and-data-secure/security-log-events.md @@ -11,13 +11,10 @@ topics: autogenerated: audit-logs --- -{% note %} - -{% ifversion ghes %}**Notes**: -* This article contains the events available in the latest version of {% data variables.product.prodname_ghe_server %}. Some of the events may not be available in previous versions. --{% else %}**Note:**{% endif %} This article contains the events that may appear in your user account's security log. For the events that can appear in an organization's audit log{% ifversion ghec or ghes %} or the audit log for an enterprise{% endif %}, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization){% ifversion ghec or ghes %}" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)."{% else %}."{% endif %} - -{% endnote %} +> [!NOTE] +{% ifversion ghes %} +> * This article contains the events available in the latest version of {% data variables.product.prodname_ghe_server %}. Some of the events may not be available in previous versions. +> *{% else %}>{% endif %} This article contains the events that may appear in your user account's security log. For the events that can appear in an organization's audit log{% ifversion ghec or ghes %} or the audit log for an enterprise{% endif %}, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization){% ifversion ghec or ghes %}" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)."{% else %}."{% endif %} ## About security log events diff --git a/authentication/keeping-your-account-and-data-secure/sudo-mode.md b/authentication/keeping-your-account-and-data-secure/sudo-mode.md index 3a91d89ed..529634af2 100644 --- a/authentication/keeping-your-account-and-data-secure/sudo-mode.md +++ b/authentication/keeping-your-account-and-data-secure/sudo-mode.md @@ -27,20 +27,14 @@ After you authenticate to perform a sensitive action, your session is temporaril {% ifversion ghes %} -{% note %} - -**Note**: If {% data variables.location.product_location_enterprise %} uses an external authentication method like CAS or SAML SSO, you will not receive prompts to enter sudo mode. For more information, contact your site administrator. - -{% endnote %} +> [!NOTE] +> If {% data variables.location.product_location_enterprise %} uses an external authentication method like CAS or SAML SSO, you will not receive prompts to enter sudo mode. For more information, contact your site administrator. {% endif %} {% ifversion ghec %} -{% note %} - -**Note**: If your enterprise uses {% data variables.product.prodname_emus %}, only the setup user will receive prompts to enter sudo mode, as {% data variables.enterprise.prodname_managed_users %} don't have credentials stored on {% data variables.product.product_name %}. - -{% endnote %} +> [!NOTE] +> If your enterprise uses {% data variables.product.prodname_emus %}, only the setup user will receive prompts to enter sudo mode, as {% data variables.enterprise.prodname_managed_users %} don't have credentials stored on {% data variables.product.product_name %}. {% endif %} diff --git a/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md b/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md index aa392720a..76a3dc6ac 100644 --- a/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md +++ b/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md @@ -31,11 +31,8 @@ When you add a new account to the account switcher, both the account you are cur When you have added accounts to the account switcher, you can quickly change between them without always needing to reauthenticate. -{% note %} - -**Note:** The "{% octicon "arrow-switch" aria-hidden="true" %} Switch account" option will not be available if all sessions have expired. You can instead click on {% octicon "arrow-switch" aria-hidden="true" %} **See all accounts** in the menu to reauthenticate. - -{% endnote %} +> [!NOTE] +> The "{% octicon "arrow-switch" aria-hidden="true" %} Switch account" option will not be available if all sessions have expired. You can instead click on {% octicon "arrow-switch" aria-hidden="true" %} **See all accounts** in the menu to reauthenticate. 1. In the upper-right corner of any page, click your profile photo to open the menu. 1. In the menu, click {% octicon "arrow-switch" aria-hidden="true" %} **Switch account**. diff --git a/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md b/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md index 2b63dee86..fa862465d 100644 --- a/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md +++ b/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md @@ -17,11 +17,8 @@ When a token has expired or has been revoked, it can no longer be used to authen This article explains the possible reasons your {% data variables.product.product_name %} token might be revoked or expire. -{% note %} - -**Note:** When a {% data variables.product.pat_generic %} or OAuth token expires or is revoked, you may see an `oauth_authorization.destroy` action in your security log. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)." - -{% endnote %} +> [!NOTE] +> When a {% data variables.product.pat_generic %} or OAuth token expires or is revoked, you may see an `oauth_authorization.destroy` action in your security log. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)." ## Token revoked after reaching its expiration date diff --git a/authentication/keeping-your-account-and-data-secure/viewing-and-managing-your-sessions.md b/authentication/keeping-your-account-and-data-secure/viewing-and-managing-your-sessions.md index 67750dea7..fabdefc97 100644 --- a/authentication/keeping-your-account-and-data-secure/viewing-and-managing-your-sessions.md +++ b/authentication/keeping-your-account-and-data-secure/viewing-and-managing-your-sessions.md @@ -22,11 +22,8 @@ You can view a list of devices that have logged into your account, and revoke an {% ifversion fpt or ghec %} 1. Optionally, to revoke a {% data variables.product.prodname_mobile %} session, go back to the Sessions overview page and click **Revoke** next to the device you want to revoke. - {% note %} - - **Note:** Revoking a mobile session signs you out of the {% data variables.product.prodname_mobile %} application on that device and removes it as a second-factor option. - - {% endnote %} + > [!NOTE] + > Revoking a mobile session signs you out of the {% data variables.product.prodname_mobile %} application on that device and removes it as a second-factor option. {% endif %} diff --git a/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys.md b/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys.md index b24c0a445..ec0e4600e 100644 --- a/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys.md +++ b/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys.md @@ -16,11 +16,8 @@ shortTitle: Existing GPG keys --- {% data reusables.gpg.supported-gpg-key-algorithms %} -{% note %} - -**Note:** GPG does not come installed by default on macOS or Windows. To install GPG command line tools, see [GnuPG's Download page](https://www.gnupg.org/download/). - -{% endnote %} +> [!NOTE] +> GPG does not come installed by default on macOS or Windows. To install GPG command line tools, see [GnuPG's Download page](https://www.gnupg.org/download/). {% data reusables.command_line.open_the_multi_os_terminal %} {% data reusables.gpg.list-keys-with-note %} diff --git a/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md b/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md index 5a9fc3a12..a3c944e51 100644 --- a/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md +++ b/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md @@ -17,11 +17,8 @@ topics: ## Generating a GPG key -{% note %} - -**Note:** Before generating a new GPG key, make sure you've verified your email address. If you haven't verified your email address, you won't be able to sign commits and tags with GPG.{% ifversion fpt or ghec %} For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address)."{% endif %} - -{% endnote %} +> [!NOTE] +> Before generating a new GPG key, make sure you've verified your email address. If you haven't verified your email address, you won't be able to sign commits and tags with GPG.{% ifversion fpt or ghec %} For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address)."{% endif %} 1. Download and install [the GPG command line tools](https://www.gnupg.org/download/) for your operating system. We generally recommend installing the latest version for your operating system. {% data reusables.command_line.open_the_multi_os_terminal %} @@ -44,11 +41,8 @@ topics: 1. Verify that your selections are correct. 1. Enter your user ID information. - {% note %} - - **Note:** When asked to enter your email address, ensure that you enter the verified email address for your GitHub account. {% data reusables.gpg.private-email %} {% ifversion fpt or ghec %} For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address)" and "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)."{% endif %} - - {% endnote %} + > [!NOTE] + > When asked to enter your email address, ensure that you enter the verified email address for your GitHub account. {% data reusables.gpg.private-email %} {% ifversion fpt or ghec %} For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address)" and "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)."{% endif %} 1. Type a secure passphrase. {% data reusables.gpg.list-keys-with-note %} diff --git a/authentication/managing-commit-signature-verification/signing-commits.md b/authentication/managing-commit-signature-verification/signing-commits.md index 20ee61f97..38749a0b0 100644 --- a/authentication/managing-commit-signature-verification/signing-commits.md +++ b/authentication/managing-commit-signature-verification/signing-commits.md @@ -17,19 +17,14 @@ topics: --- {% data reusables.gpg.desktop-support-for-commit-signing %} -{% tip %} - -**Tips:** - -To configure your Git client to sign commits by default for a local repository, in Git versions 2.0.0 and above, run `git config commit.gpgsign true`. To sign all commits by default in any local repository on your computer, run `git config --global commit.gpgsign true`. - -To store your GPG key passphrase so you don't have to enter it every time you sign a commit, we recommend using the following tools: -* For Mac users, the [GPG Suite](https://gpgtools.org/) allows you to store your GPG key passphrase in the macOS Keychain. -* For Windows users, the [Gpg4win](https://www.gpg4win.org/) integrates with other Windows tools. - -You can also manually configure [gpg-agent](http://linux.die.net/man/1/gpg-agent) to save your GPG key passphrase, but this doesn't integrate with macOS Keychain like ssh-agent and requires more setup. - -{% endtip %} +> [!TIP] +> To configure your Git client to sign commits by default for a local repository, in Git versions 2.0.0 and above, run `git config commit.gpgsign true`. To sign all commits by default in any local repository on your computer, run `git config --global commit.gpgsign true`. +> +> To store your GPG key passphrase so you don't have to enter it every time you sign a commit, we recommend using the following tools: +> * For Mac users, the [GPG Suite](https://gpgtools.org/) allows you to store your GPG key passphrase in the macOS Keychain. +> * For Windows users, the [Gpg4win](https://www.gpg4win.org/) integrates with other Windows tools. +> +> You can also manually configure [gpg-agent](http://linux.die.net/man/1/gpg-agent) to save your GPG key passphrase, but this doesn't integrate with macOS Keychain like ssh-agent and requires more setup. If you have multiple keys or are attempting to sign commits or tags with a key that doesn't match your committer identity, you should [tell Git about your signing key](/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key). diff --git a/authentication/securing-your-account-with-two-factor-authentication-2fa/about-mandatory-two-factor-authentication.md b/authentication/securing-your-account-with-two-factor-authentication-2fa/about-mandatory-two-factor-authentication.md index 8cfc0bc03..3959040db 100644 --- a/authentication/securing-your-account-with-two-factor-authentication-2fa/about-mandatory-two-factor-authentication.md +++ b/authentication/securing-your-account-with-two-factor-authentication-2fa/about-mandatory-two-factor-authentication.md @@ -24,11 +24,8 @@ Your account is selected for mandatory 2FA if you have taken some action on {% d {% data variables.product.prodname_dotcom %} is continually assessing improvements to our account security features and 2FA requirements, so these criteria may change over time. -{% note %} - -**Note:** If your account has an education coupon active, it is exempt from mandatory 2FA. - -{% endnote %} +> [!NOTE] +> If your account has an education coupon active, it is exempt from mandatory 2FA. ### About mandatory 2FA for organizations and enterprises @@ -36,11 +33,8 @@ Mandatory 2FA is required by {% data variables.product.prodname_dotcom %} itself Your account's eligibility for mandatory 2FA **does not** impact the eligibility of other individuals. For example, if you are an organization owner, and your account is eligible for mandatory 2FA, that does not impact the eligibility of other accounts within your organization. -{% note %} - -**Note:** {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_emus %} and on-premise {% data variables.product.prodname_ghe_server %} users are **not** required to enable 2FA. Mandatory 2FA enablement only applies to users with a password on {% data variables.product.prodname_dotcom_the_website %}. - -{% endnote %} +> [!NOTE] +> {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_emus %} and on-premise {% data variables.product.prodname_ghe_server %} users are **not** required to enable 2FA. Mandatory 2FA enablement only applies to users with a password on {% data variables.product.prodname_dotcom_the_website %}. ## About failure to enable mandatory 2FA @@ -58,11 +52,8 @@ Currently, we don't support passkeys or security keys as primary 2FA methods sin * [About SAML SSO and mandatory 2FA](#about-saml-sso-and-mandatory-2fa) * [About email verification and mandatory 2FA](#about-email-verification-and-mandatory-2fa) -{% note %} - -**Note:** We recommend retaining cookies on {% data variables.product.prodname_dotcom_the_website %}. If you set your browser to wipe your cookies every day, you'll never have a verified device for account recovery purposes, as the [`_device_id` cookie](https://github.com/privacy/cookies) is used to securely prove you've used that device previously. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials#authenticating-with-a-verified-device-ssh-token-or-personal-access-token)." - -{% endnote %} +> [!NOTE] +> We recommend retaining cookies on {% data variables.product.prodname_dotcom_the_website %}. If you set your browser to wipe your cookies every day, you'll never have a verified device for account recovery purposes, as the [`_device_id` cookie](https://github.com/privacy/cookies) is used to securely prove you've used that device previously. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials#authenticating-with-a-verified-device-ssh-token-or-personal-access-token)." ### About TOTP apps and mandatory 2FA @@ -72,11 +63,8 @@ If you do not want to download an app on your mobile device, there are multiple You can also manually set up any app that generates a code compatible with RFC 6238. For more information on manually setting up a TOTP app, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-totp-app)." For more information on RFC 6238, see [TOTP: Time-Based One-Time Password Algorithm](https://datatracker.ietf.org/doc/html/rfc6238) in the IETF documentation. -{% note %} - -**Note:** If you are using FreeOTP for 2FA, you may see a warning about weak cryptographic parameters. {% data variables.product.prodname_dotcom %} uses an 80 bit secret to ensure compatibility with older versions of Google Authenticator. 80 bits is lower than the 128 bits recommended by the HOTP RFC, but at this time we have no plans to change this and recommend ignoring this message. For more information, see [HOTP: An HMAC-Based One-Time Password Algorithm](https://www.ietf.org/rfc/rfc4226.txt) in the IETF documentation. - -{% endnote %} +> [!NOTE] +> If you are using FreeOTP for 2FA, you may see a warning about weak cryptographic parameters. {% data variables.product.prodname_dotcom %} uses an 80 bit secret to ensure compatibility with older versions of Google Authenticator. 80 bits is lower than the 128 bits recommended by the HOTP RFC, but at this time we have no plans to change this and recommend ignoring this message. For more information, see [HOTP: An HMAC-Based One-Time Password Algorithm](https://www.ietf.org/rfc/rfc4226.txt) in the IETF documentation. ### About SAML SSO and mandatory 2FA @@ -96,8 +84,5 @@ Unattended or shared access accounts in your organization, such as bots and serv If you have been selected for mandatory 2FA, that **does not** mean you have to provide {% data variables.product.prodname_dotcom %} with your phone number. You only have to provide your phone number if you use SMS for 2FA. Instead, we recommend configuring a TOTP app as your primary 2FA method. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-totp-app)." -{% note %} - -**Note:** Your region may not be listed in the available SMS options. We monitor SMS delivery success rates on a per region basis, and disallow setup for regions that have poor delivery rates. If you don't see your region on the list, you must set up a TOTP app instead. For more information on supported regions for SMS, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported)." - -{% endnote %} +> [!NOTE] +> Your region may not be listed in the available SMS options. We monitor SMS delivery success rates on a per region basis, and disallow setup for regions that have poor delivery rates. If you don't see your region on the list, you must set up a TOTP app instead. For more information on supported regions for SMS, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported)." diff --git a/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md b/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md index b3b52fb9e..13b12e83d 100644 --- a/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md +++ b/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md @@ -33,11 +33,10 @@ You can also use {% data variables.product.prodname_mobile %} for 2FA after conf You can also configure additional recovery methods in case you lose access to your two-factor authentication credentials. For more information on setting up 2FA, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)" and "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods)." {% ifversion fpt or ghec %} -{% note %} -**Note:** {% data reusables.two_fa.unlink-email-address %} +> [!NOTE] +> {% data reusables.two_fa.unlink-email-address %} -{% endnote %} {% endif %} We **strongly** urge you to enable 2FA for the safety of your account, not only on {% data variables.product.product_name %}, but on other websites and apps that support 2FA. You can enable 2FA to access {% data variables.product.product_name %} and {% data variables.product.prodname_desktop %}. @@ -54,11 +53,8 @@ For more information, see "[AUTOTITLE](/authentication/securing-your-account-wit {% ifversion fpt or ghec %} -{% warning %} - -**Warning**: {% data reusables.two_fa.support-may-not-help %} For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials)." - -{% endwarning %} +> [!WARNING] +> {% data reusables.two_fa.support-may-not-help %} For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials)." {% endif %} diff --git a/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md b/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md index cc6270fd1..e8f391cae 100644 --- a/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md +++ b/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md @@ -70,11 +70,9 @@ If you have installed and signed in to {% data variables.product.prodname_mobile 1. Sign in to {% data variables.product.product_name %} with your browser, using your username and password. 1. {% data variables.product.product_name %} will send you a push notification to verify your sign in attempt. Opening the push notification or opening the {% data variables.product.prodname_mobile %} app will display a prompt, asking you to approve or reject this sign in attempt. - {% note %} - **Note**: This prompt may require you to enter a two-digit number displayed within the browser you are signing in to. - - {% endnote %} + > [!NOTE] + > This prompt may require you to enter a two-digit number displayed within the browser you are signing in to. * Upon approving the login attempt using {% data variables.product.prodname_mobile %}, your browser will complete the sign in attempt automatically. * Rejecting the sign in attempt will prevent the authentication from finishing. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure)." @@ -119,11 +117,10 @@ When you access a repository via Subversion, you must provide a {% data variable If you lose access to your two-factor authentication credentials, you can use your recovery codes or another recovery method (if you've set one up) to regain access to your account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials)." {% ifversion fpt or ghec %} -{% note %} -**Note:** {% data reusables.two_fa.unlink-email-address %} +> [!NOTE] +> {% data reusables.two_fa.unlink-email-address %} -{% endnote %} {% endif %} If your authentication fails several times, you may wish to synchronize your phone's clock with your mobile provider. Often, this involves checking the "Set automatically" option on your phone's clock, rather than providing your own time zone. diff --git a/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method.md b/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method.md index 722044e9f..3f2dec5e1 100644 --- a/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method.md +++ b/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method.md @@ -34,11 +34,8 @@ You can change the time-based one-time password (TOTP) application you use to ge {% data reusables.two_fa.enable-totp-app-method %} {% data reusables.two_fa.save-2fa-method-when-editing %} -{% warning %} - -**Warning:** Changes to an existing 2FA method will only take effect after you have provided a valid code from the new method and clicked **Save**. Only replace the existing 2FA method on your device (e.g. the {% data variables.product.prodname_dotcom %} entry in your TOTP app) after your new method is saved to your {% data variables.product.prodname_dotcom %} account completely. - -{% endwarning %} +> [!WARNING] +> Changes to an existing 2FA method will only take effect after you have provided a valid code from the new method and clicked **Save**. Only replace the existing 2FA method on your device (e.g. the {% data variables.product.prodname_dotcom %} entry in your TOTP app) after your new method is saved to your {% data variables.product.prodname_dotcom %} account completely. {% data reusables.two_fa.manual-totp-app-setup %} diff --git a/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md b/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md index 9331c16cf..162159172 100644 --- a/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md +++ b/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md @@ -36,31 +36,23 @@ If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %} {% endif %} {% endif %} -{% warning %} - -**Warning:** -* If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a private repository of an organization that requires two-factor authentication, you must leave the organization before you can disable 2FA. -* If you disable 2FA, you will automatically lose access to the organization and any private forks you have of the organization's private repositories. To regain access to the organization and your forks, re-enable two-factor authentication and contact an organization owner. - -{% endwarning %} +> [!WARNING] +> * If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a private repository of an organization that requires two-factor authentication, you must leave the organization before you can disable 2FA. +> * If you disable 2FA, you will automatically lose access to the organization and any private forks you have of the organization's private repositories. To regain access to the organization and your forks, re-enable two-factor authentication and contact an organization owner. {% ifversion 2fa-reconfiguration-inline-update %} -{% note %} -**Note:** You can reconfigure your 2FA settings without disabling 2FA entirely, allowing you to keep both your recovery codes and your membership in organizations that require 2FA. +> [!NOTE] +> You can reconfigure your 2FA settings without disabling 2FA entirely, allowing you to keep both your recovery codes and your membership in organizations that require 2FA. -{% endnote %} {% endif %} ## Configuring two-factor authentication using a TOTP app A time-based one-time password (TOTP) application automatically generates an authentication code that changes after a certain period of time. These apps can be downloaded to your phone or desktop. We recommend using cloud-based TOTP apps. {% data variables.product.prodname_dotcom %} is app-agnostic when it comes to TOTP apps, so you have the freedom to choose any TOTP app you prefer. Just search for `TOTP app` in your browser to find various options. You can also refine your search by adding keywords like `free` or `open source` to match your preferences. -{% tip %} - -**Tip**: To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time or save the "setup key", which is the TOTP secret. If 2FA is already enabled and you want to add another device, you must re-configure your TOTP app from your security settings. - -{% endtip %} +> [!TIP] +> To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time or save the "setup key", which is the TOTP secret. If 2FA is already enabled and you want to add another device, you must re-configure your TOTP app from your security settings. 1. Download a TOTP app of your choice to your phone or desktop. {% data reusables.user-settings.access_settings %} @@ -97,11 +89,8 @@ If you're unable to configure a TOTP app, you can also register your phone numbe {% data reusables.passkeys.about-passkeys %} See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys)." -{% note %} - -**Note:** Platform authenticators like Windows Hello, Face ID, or Touch ID can be registered as a passkey instead. - -{% endnote %} +> [!NOTE] +> Platform authenticators like Windows Hello, Face ID, or Touch ID can be registered as a passkey instead. 1. You must have already configured 2FA via a TOTP mobile app{% ifversion fpt or ghec %} or via SMS{% endif %}. {% data reusables.passkeys.adding-a-passkey %} diff --git a/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account.md b/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account.md index 00bf0a6e4..1afa0c626 100644 --- a/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account.md +++ b/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account.md @@ -18,11 +18,8 @@ shortTitle: Disable 2FA {% data reusables.two_fa.mandatory-2fa-contributors-2023 %} {% endif %} -{% warning %} - -**Warning:** If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a public repository of an organization that requires two-factor authentication and you disable 2FA, you'll be automatically removed from the organization, and you'll lose your access to their repositories. To regain access to the organization, re-enable two-factor authentication and contact an organization owner. - -{% endwarning %} +> [!WARNING] +> If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a public repository of an organization that requires two-factor authentication and you disable 2FA, you'll be automatically removed from the organization, and you'll lose your access to their repositories. To regain access to the organization, re-enable two-factor authentication and contact an organization owner. We strongly recommend using two-factor authentication (2FA) to secure your account. If you need to disable 2FA, we recommend re-enabling it as soon as possible. diff --git a/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md b/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md index b68c0cf1d..33ebb5b56 100644 --- a/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md +++ b/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md @@ -17,19 +17,11 @@ shortTitle: Recover an account with 2FA --- {% ifversion fpt or ghec %} -{% warning %} +> [!WARNING] +> * {% data reusables.two_fa.support-may-not-help %} -**Warnings**: - -* {% data reusables.two_fa.support-may-not-help %} - -{% endwarning %} - -{% note %} - -**Note:** {% data reusables.two_fa.unlink-email-address %} - -{% endnote %} +> [!NOTE] +> {% data reusables.two_fa.unlink-email-address %} {% endif %} @@ -39,11 +31,8 @@ Use one of your recovery codes to automatically regain entry into your account. 1. Type your username and password to prompt authentication. - {% warning %} - - **Warning**: {% data reusables.accounts.you-must-know-your-password %} - - {% endwarning %} + > [!WARNING] + > {% data reusables.accounts.you-must-know-your-password %} 1. Under "Having problems?", click **Use a recovery code{% ifversion fpt or ghec %} or begin 2FA account recovery{% endif %}**. 1. Type one of your recovery codes, then click **Verify**. @@ -64,11 +53,8 @@ If you configured two-factor authentication using a security key, you can use yo ## Authenticating with a fallback number -{% note %} - -**Note:** Configuring a fallback SMS number in addition to your primary SMS number is no longer supported. Instead, we strongly recommend registering multiple authentication methods. - -{% endnote %} +> [!NOTE] +> Configuring a fallback SMS number in addition to your primary SMS number is no longer supported. Instead, we strongly recommend registering multiple authentication methods. If you lose access to your preferred TOTP app or phone number, you can provide a two-factor authentication code sent to your fallback number to automatically regain access to your account. @@ -76,21 +62,16 @@ If you lose access to your preferred TOTP app or phone number, you can provide a If you know your password for {% data variables.product.prodname_dotcom %} but don't have the two-factor authentication credentials or your two-factor authentication recovery codes, you can have a one-time password sent to your verified email address to begin the verification process and regain access to your account. -{% note %} - -**Note**: For security reasons, regaining access to your account by authenticating with a one-time password can take up to three business days. {% data variables.product.company_short %} will not review additional requests submitted during this time. - -{% endnote %} +> [!NOTE] +> For security reasons, regaining access to your account by authenticating with a one-time password can take up to three business days. {% data variables.product.company_short %} will not review additional requests submitted during this time. You can use your two-factor authentication credentials or two-factor authentication recovery codes to regain access to your account anytime during the 3-5 day waiting period. 1. Type your username and password to prompt authentication. - {% warning %} - - **Warning**: {% data reusables.accounts.you-must-know-your-password %} + > [!WARNING] + > {% data reusables.accounts.you-must-know-your-password %} - {% endwarning %} 1. Under "Having problems?", click **Use a recovery code or begin 2FA account recovery**. 1. Under "Locked out?", click **Try 2FA account recovery, or unlink your account email address(es)**. 1. Click **I understand, get started** to request a reset of your authentication settings. diff --git a/authentication/troubleshooting-ssh/error-permission-denied-publickey.md b/authentication/troubleshooting-ssh/error-permission-denied-publickey.md index d49f49063..29db4a936 100644 --- a/authentication/troubleshooting-ssh/error-permission-denied-publickey.md +++ b/authentication/troubleshooting-ssh/error-permission-denied-publickey.md @@ -119,11 +119,8 @@ You should see this output: The `ssh-add` command _should_ print out a long string of numbers and letters. If it does not print anything, you will need to [generate a new SSH key](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent) and associate it with {% data variables.product.product_name %}. -{% tip %} - -**Tip**: On most systems the default private keys (`~/.ssh/id_rsa` and `~/.ssh/identity`) are automatically added to the SSH authentication agent. You shouldn't need to run `ssh-add path/to/key` unless you override the file name when you generate a key. - -{% endtip %} +> [!TIP] +> On most systems the default private keys (`~/.ssh/id_rsa` and `~/.ssh/identity`) are automatically added to the SSH authentication agent. You shouldn't need to run `ssh-add path/to/key` unless you override the file name when you generate a key. ### Getting more details @@ -247,8 +244,5 @@ You must provide your public key to {% data variables.product.product_name %} to If you don't see your public key in {% data variables.product.product_name %}, you'll need to [add your SSH key to {% data variables.product.product_name %}](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account) to associate it with your computer. -{% warning %} - -**Warning**: If you see an SSH key you're not familiar with on {% data variables.product.product_name %}, delete it immediately and contact {% data variables.contact.contact_support %} for further help. An unidentified public key may indicate a possible security concern. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys)." - -{% endwarning %} +> [!WARNING] +> If you see an SSH key you're not familiar with on {% data variables.product.product_name %}, delete it immediately and contact {% data variables.contact.contact_support %} for further help. An unidentified public key may indicate a possible security concern. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys)." diff --git a/authentication/troubleshooting-ssh/error-ssh-add-illegal-option----apple-use-keychain.md b/authentication/troubleshooting-ssh/error-ssh-add-illegal-option----apple-use-keychain.md index f5fc67344..df8ac233b 100644 --- a/authentication/troubleshooting-ssh/error-ssh-add-illegal-option----apple-use-keychain.md +++ b/authentication/troubleshooting-ssh/error-ssh-add-illegal-option----apple-use-keychain.md @@ -25,14 +25,9 @@ To add your SSH private key to the ssh-agent, you can specify the path to the Ap /usr/bin/ssh-add --apple-use-keychain ~/.ssh/id_ed25519 ``` -{% note %} - -**Notes:** - -* The `--apple-use-keychain` option is in Apple's standard version of `ssh-add`. In macOS versions prior to Monterey (12.0), use `-K` instead of `--apple-use-keychain`. -* {% data reusables.ssh.add-ssh-key-to-ssh-agent %} - -{% endnote %} +> [!NOTE] +> * The `--apple-use-keychain` option is in Apple's standard version of `ssh-add`. In macOS versions prior to Monterey (12.0), use `-K` instead of `--apple-use-keychain`. +> * {% data reusables.ssh.add-ssh-key-to-ssh-agent %} ## Further reading diff --git a/authentication/troubleshooting-ssh/error-unknown-key-type.md b/authentication/troubleshooting-ssh/error-unknown-key-type.md index d736a9b0b..6f1502c9d 100644 --- a/authentication/troubleshooting-ssh/error-unknown-key-type.md +++ b/authentication/troubleshooting-ssh/error-unknown-key-type.md @@ -21,13 +21,10 @@ You must have Homebrew installed. For more information, see the [installation gu ## Solving the issue -{% warning %} - -**Warning:** If you install OpenSSH, your computer will not be able to retrieve passphrases that are stored in the Apple keychain. You will need to enter your passphrase or interact with your hardware security key every time you authenticate with SSH to {% data variables.product.prodname_dotcom %} or another web service. - -If you remove OpenSSH, the passphrases that are stored in your keychain will once again be retrievable. You can remove OpenSSH by entering the command `brew uninstall openssh` in Terminal. - -{% endwarning %} +> [!WARNING] +> If you install OpenSSH, your computer will not be able to retrieve passphrases that are stored in the Apple keychain. You will need to enter your passphrase or interact with your hardware security key every time you authenticate with SSH to {% data variables.product.prodname_dotcom %} or another web service. +> +> If you remove OpenSSH, the passphrases that are stored in your keychain will once again be retrievable. You can remove OpenSSH by entering the command `brew uninstall openssh` in Terminal. 1. Open Terminal. 1. Enter the command `brew install openssh`. diff --git a/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md b/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md index 9702aec86..c6cb9b53c 100644 --- a/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md +++ b/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md @@ -80,6 +80,12 @@ For example, you link your Azure subscription to your organization {% ifversion * You must know your Azure subscription ID. See [Get subscription and tenant IDs in the Azure portal](https://learn.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id) in the Microsoft Docs or [contact Azure support](https://azure.microsoft.com/support/). +## Video demonstration of connecting a subscription + +To connect an Azure subscription, you'll need appropriate access permissions on both {% data variables.product.product_name %} and the Azure billing portal. This may require coordination between two different people. + +To see a demo of the process from beginning to end, see [Billing GitHub consumption through an Azure subscription](https://www.youtube.com/watch?v=Y-f7JKJ4_8Y) on {% data variables.product.company_short %}'s YouTube channel. This video demonstrates the process for an enterprise account. If you're connecting a subscription to an organization account, see "[Connecting your Azure subscription to your organization account](/free-pro-team@latest/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#connecting-your-azure-subscription-to-your-organization-account)." + {% ifversion fpt %} ## Connecting your Azure subscription to your organization account diff --git a/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md b/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md index eb50148a5..36a443f6a 100644 --- a/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md +++ b/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md @@ -313,6 +313,86 @@ This SARIF output file has example values to show the minimum required propertie } ``` +### Relative URI Guidance for SARIF Producers + +This SARIF output file has example of values for the field `originalUriBaseIds`, showing the minimum required properties a SARIF producer should include when using relative URI references. + +{% note %} + +**Note:** While this property is not required by {% data variables.product.prodname_dotcom %} for the {% data variables.product.prodname_code_scanning %} results to be displayed correctly, it is required to produce a valid SARIF output when using relative URI references. + +{% endnote %} + +```json +{ + "$schema": "https://json.schemastore.org/sarif-2.1.0.json", + "version": "2.1.0", + "runs": [ + { + "tool": { + "driver": { + "name": "Tool Name", + "rules": [ + { + "id": "R01" + ... + "properties" : { + "id" : "java/unsafe-deserialization", + "kind" : "path-problem", + "name" : "...", + "problem.severity" : "error", + "security-severity" : "9.8", + } + } + ] + } + }, + "originalUriBaseIds": { + "PROJECTROOT": { + "uri": "file:///C:/Users/Mary/code/TheProject/", + "description": { + "text": "The root directory for all project files." + } + }, + "%SRCROOT%": { + "uri": "src/", + "uriBaseId": "PROJECTROOT", + "description": { + "text": "The root of the source tree." + } + } + }, + "results": [ + { + "ruleId": "R01", + "message": { + "text": "Result text. This result does not have a rule associated." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "fileURI", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 2, + "startColumn": 7, + "endColumn": 10 + } + } + } + ], + "partialFingerprints": { + "primaryLocationLineHash": "39fa2ee980eb94b0:1" + } + } + ] + } + ] +} +``` + ### Example showing all supported SARIF properties This SARIF output file has example values to show all supported SARIF properties for {% data variables.product.prodname_code_scanning %}. diff --git a/code-security/codeql-cli/codeql-cli-manual/generate-query-help.md b/code-security/codeql-cli/codeql-cli-manual/generate-query-help.md index 1ffeffead..3ac61d927 100644 --- a/code-security/codeql-cli/codeql-cli-manual/generate-query-help.md +++ b/code-security/codeql-cli/codeql-cli-manual/generate-query-help.md @@ -35,7 +35,7 @@ Generate end-user query help from .qhelp files. ### Primary Options -#### `...` +#### `...` \[Mandatory] Query help files to render. Each argument is one of: diff --git a/organizations/managing-organization-settings/deleting-an-organization-account.md b/organizations/managing-organization-settings/deleting-an-organization-account.md index c46f739e5..cd60fb2a3 100644 --- a/organizations/managing-organization-settings/deleting-an-organization-account.md +++ b/organizations/managing-organization-settings/deleting-an-organization-account.md @@ -27,12 +27,6 @@ shortTitle: Delete organization {% endif %} Deleting your organization account removes all repositories, forks of private repositories, wikis, issues, pull requests, and project or organization pages. {% ifversion fpt or ghec %}Your billing will end and, after 90 days, the organization name becomes available for use on a new user or organization account. -{% tip %} - -**Tip**: If you rename an organization, you can create a new organization with the same name immediately. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/renaming-an-organization)." - -{% endtip %} - {% endif %} {% ifversion fpt or ghec %} diff --git a/organizations/managing-organization-settings/renaming-an-organization.md b/organizations/managing-organization-settings/renaming-an-organization.md index dc0ad799f..3c720b4d3 100644 --- a/organizations/managing-organization-settings/renaming-an-organization.md +++ b/organizations/managing-organization-settings/renaming-an-organization.md @@ -22,7 +22,7 @@ topics: ## What happens when I change my organization's name? -After changing your organization's name, your old organization name becomes available for someone else to claim. When you change your organization's name, most references to your repositories under the old organization name automatically change to the new name. However, some links to your profile won't automatically redirect. +After changing your organization's name, your previous organization name will be unavailable for anyone to claim for 90 days. When you change your organization's name, most references to your repositories under the previous organization name automatically change to the new name. However, some links to your profile won't automatically redirect. ### Changes that occur automatically diff --git a/pages/setting-up-a-github-pages-site-with-jekyll/creating-a-github-pages-site-with-jekyll.md b/pages/setting-up-a-github-pages-site-with-jekyll/creating-a-github-pages-site-with-jekyll.md index 18a791347..9ba19aad8 100644 --- a/pages/setting-up-a-github-pages-site-with-jekyll/creating-a-github-pages-site-with-jekyll.md +++ b/pages/setting-up-a-github-pages-site-with-jekyll/creating-a-github-pages-site-with-jekyll.md @@ -82,7 +82,7 @@ Before you can use Jekyll to create a {% data variables.product.prodname_pages % # Removes the contents from your default branch from the working directory ``` -1. To create a new Jekyll site, use the `jekyll new` command: +1. To create a new Jekyll site, use the `jekyll new` command in your repository's root directory: ```shell $ jekyll new --skip-bundle . diff --git a/pages/setting-up-a-github-pages-site-with-jekyll/troubleshooting-jekyll-build-errors-for-github-pages-sites.md b/pages/setting-up-a-github-pages-site-with-jekyll/troubleshooting-jekyll-build-errors-for-github-pages-sites.md index c88c1c8e4..888f16fc7 100644 --- a/pages/setting-up-a-github-pages-site-with-jekyll/troubleshooting-jekyll-build-errors-for-github-pages-sites.md +++ b/pages/setting-up-a-github-pages-site-with-jekyll/troubleshooting-jekyll-build-errors-for-github-pages-sites.md @@ -65,7 +65,7 @@ To troubleshoot, make sure that your `_config.yml` file follows these rules: This error means that one of the pages on your site includes an invalid datetime. -To troubleshoot, search the file in the error message and the file's layouts for calls to any date-related Liquid filters. Make sure that any variables passed into date-related Liquid filters have values in all cases and never pass `nil` or `""`. For more information, see "[Liquid filters](https://help.shopify.com/en/themes/liquid/filters)" in the Liquid documentation. +To troubleshoot, search the file in the error message and the file's layouts for calls to any date-related Liquid filters. Make sure that any variables passed into date-related Liquid filters have values in all cases and never pass `nil` or `""`. For more information, see [Filters](https://shopify.dev/docs/api/liquid/filters) in the Liquid documentation. ## File does not exist in includes directory @@ -121,7 +121,7 @@ To troubleshoot, make sure the YAML files in your __data_ folder follow these ru {% data reusables.pages.yaml-linter %} -For more information about Jekyll data files, see "[Data Files](https://jekyllrb.com/docs/datafiles/)" in the Jekyll documentation. +For more information about Jekyll data files, see [Data Files](https://jekyllrb.com/docs/datafiles/) in the Jekyll documentation. ## Markdown errors @@ -129,14 +129,14 @@ This error means that your repository contains Markdown errors. To troubleshoot, make sure you are using a supported Markdown processor. For more information, see "[AUTOTITLE](/pages/setting-up-a-github-pages-site-with-jekyll/setting-a-markdown-processor-for-your-github-pages-site-using-jekyll)." -Then, make sure the file in the error message uses valid Markdown syntax. For more information, see "[Markdown: Syntax](https://daringfireball.net/projects/markdown/syntax)" on Daring Fireball. +Then, make sure the file in the error message uses valid Markdown syntax. For more information, see [Markdown: Syntax](https://daringfireball.net/projects/markdown/syntax) on Daring Fireball. ## Missing docs folder This error means that you have chosen the `docs` folder on a branch as your publishing source, but there is no `docs` folder in the root of your repository on that branch. To troubleshoot, if your `docs` folder was accidentally moved, try moving the `docs` folder back to the root of your repository on the branch you chose for your publishing source. If the `docs` folder was accidentally deleted, you can either: -* Use Git to revert or undo the deletion. For more information, see "[git-revert](https://git-scm.com/docs/git-revert.html)" in the Git documentation. +* Use Git to revert or undo the deletion. For more information, see [git-revert](https://git-scm.com/docs/git-revert.html) in the Git documentation. * Create a new `docs` folder in the root of your repository on the branch you chose for your publishing source and add your site's source files to the folder. For more information, see "[AUTOTITLE](/repositories/working-with-files/managing-files/creating-new-files)." * Change your publishing source. For more information, see "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site)." @@ -146,13 +146,13 @@ This error means that your repository includes a submodule that doesn't exist or {% data reusables.pages.remove-submodule %} -If you do want to use a submodule, initialize the submodule. For more information, see "[Git Tools - Submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules)" in the _Pro Git_ book. +If you do want to use a submodule, initialize the submodule. For more information, see [Git Tools - Submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules) in the _Pro Git_ book. ## Relative permalinks configured This errors means that you have relative permalinks, which are not supported by {% data variables.product.prodname_pages %}, in your `_config.yml` file. -Permalinks are permanent URLs that reference a particular page on your site. Absolute permalinks begin with the root of the site, while relative permalinks begin with the folder containing the referenced page. {% data variables.product.prodname_pages %} and Jekyll no longer support relative permalinks. For more information about permalinks, see "[Permalinks](https://jekyllrb.com/docs/permalinks/)" in the Jekyll documentation. +Permalinks are permanent URLs that reference a particular page on your site. Absolute permalinks begin with the root of the site, while relative permalinks begin with the folder containing the referenced page. {% data variables.product.prodname_pages %} and Jekyll no longer support relative permalinks. For more information about permalinks, see [Permalinks](https://jekyllrb.com/docs/permalinks/) in the Jekyll documentation. To troubleshoot, remove the `relative_permalinks` line from your `_config.yml` file and reformat any relative permalinks in your site with absolute permalinks. For more information, see "[AUTOTITLE](/repositories/working-with-files/managing-files/editing-files)." @@ -160,24 +160,24 @@ To troubleshoot, remove the `relative_permalinks` line from your `_config.yml` f This error means that your code includes invalid syntax in a Liquid `for` loop declaration. -To troubleshoot, make sure all `for` loops in the file in the error message have proper syntax. For more information about proper syntax for `for` loops, see "[Iteration tags](https://help.shopify.com/en/themes/liquid/tags/iteration-tags#for)" in the Liquid documentation. +To troubleshoot, make sure all `for` loops in the file in the error message have proper syntax. For more information about proper syntax for `for` loops, see [Tags](https://shopify.dev/docs/api/liquid/tags/for) in the Liquid documentation. ## Tag not properly closed This error message means that your code includes a logic tag that is not properly closed. For example, {% raw %}`{% capture example_variable %}` must be closed by `{% endcapture %}`{% endraw %}. -To troubleshoot, make sure all logic tags in the file in the error message are properly closed. For more information, see "[Liquid tags](https://help.shopify.com/en/themes/liquid/tags)" in the Liquid documentation. +To troubleshoot, make sure all logic tags in the file in the error message are properly closed. For more information, see [Tags](https://shopify.dev/docs/api/liquid/tags) in the Liquid documentation. ## Tag not properly terminated This error means that your code includes an output tag that is not properly terminated. For example, {% raw %}`{{ page.title }` instead of `{{ page.title }}`{% endraw %}. -To troubleshoot, make sure all output tags in the file in the error message are terminated with `}}`. For more information, see "[Liquid objects](https://help.shopify.com/en/themes/liquid/objects)" in the Liquid documentation. +To troubleshoot, make sure all output tags in the file in the error message are terminated with `}}`. For more information, see [Objects](https://shopify.dev/docs/api/liquid/objects) in the Liquid documentation. ## Unknown tag error This error means that your code contains an unrecognized Liquid tag. -To troubleshoot, make sure all Liquid tags in the file in the error message match Jekyll's default variables and there are no typos in the tag names. For a list of default variables, see "[Variables](https://jekyllrb.com/docs/variables/)" in the Jekyll documentation. +To troubleshoot, make sure all Liquid tags in the file in the error message match Jekyll's default variables and there are no typos in the tag names. For a list of default variables, see [Variables](https://jekyllrb.com/docs/variables/) in the Jekyll documentation. Unsupported plugins are a common source of unrecognized tags. If you use an unsupported plugin in your site by generating your site locally and pushing your static files to {% data variables.product.product_name %}, make sure the plugin is not introducing tags that are not in Jekyll's default variables. For a list of supported plugins, see "[AUTOTITLE](/pages/setting-up-a-github-pages-site-with-jekyll/about-github-pages-and-jekyll#plugins)." diff --git a/video-transcripts/transcript-billing-github-consumption-through-an-azure-subscription.md b/video-transcripts/transcript-billing-github-consumption-through-an-azure-subscription.md index 134cc5880..f6747fbb0 100644 --- a/video-transcripts/transcript-billing-github-consumption-through-an-azure-subscription.md +++ b/video-transcripts/transcript-billing-github-consumption-through-an-azure-subscription.md @@ -3,7 +3,7 @@ title: Transcript - "Billing GitHub consumption through an Azure subscription" intro: Audio and visual transcript. shortTitle: Billing through Azure allowTitleToDifferFromFilename: true -product_video: 'https://www.youtube.com/watch?v=DAiIhJKCt8s' +product_video: 'https://www.youtube.com/watch?v=Y-f7JKJ4_8Y' topics: - Transcripts versions: @@ -27,7 +27,9 @@ And finally, if a Microsoft customer has an Azure discount, it will automaticall If a Microsoft customer also has a Microsoft Azure Consumption Commitment, or MACC, all future GitHub consumption will decrement their MACC as well. -So what GitHub products are eligible for Azure billing? Any GitHub consumption products are eligible today, meaning products that customers pay for based on actual usage, including Copilot for Business, GitHub-hosted actions, larger hosted runners, GitHub Packages and storage, and GitHub Codespaces. Please note that GitHub Enterprise and GitHub Advanced Security are currently not able to be billed through Azure, but are instead invoiced on an annual basis. +So what GitHub products are eligible for Azure billing? Any GitHub consumption products are eligible today, meaning products that customers pay for based on actual usage, including things like GitHub Copilot, GitHub-hosted actions, larger hosted runners, GitHub Packages and storage, and GitHub Codespaces. + +Historically, GitHub Enterprise and Advanced Security were only available through an annual license. However, as of August 1, 2024, they are now also available for metered billing through Azure, for additional flexibility and pay-as-you-go pricing. For existing licensed customers, be sure to connect with your GitHub seller to learn more, as certain restrictions may apply. [A table shows eligibility for Azure billing and MACCs for the products mentioned. In the table, all products eligible for Azure billing are also eligible for MACCs.]