Merge pull request #27366 from github/repo-sync

docs-bot · web-flow · commit ba552dab7488 · 2023-08-10T11:36:19.000-05:00
Repo sync
diff --git a/content/rest/actions/artifacts.md b/content/rest/actions/artifacts.md
@@ -19,6 +19,4 @@ autogenerated: rest
 
 You can use the REST API to download, delete, and retrieve information about workflow artifacts in {% data variables.product.prodname_actions %}. {% data reusables.actions.about-artifacts %} For more information, see "[AUTOTITLE](/actions/using-workflows/storing-workflow-data-as-artifacts)."
 
-{% data reusables.actions.actions-authentication %} {% data reusables.actions.actions-app-actions-permissions-api %}
-
 <!-- Content after this section is automatically generated -->
diff --git a/content/rest/actions/index.md b/content/rest/actions/index.md
@@ -28,6 +28,4 @@ children:
 autogenerated: rest
 ---
 
-You can use the REST API to manage and control {% data variables.product.prodname_actions %} for an organization or repository. {% data reusables.actions.actions-authentication %} {% data variables.product.prodname_github_apps %} require the permissions mentioned in each endpoint. For more information, see "[AUTOTITLE](/actions)."
-
 <!-- Content after this section is automatically generated -->
diff --git a/content/rest/actions/oidc.md b/content/rest/actions/oidc.md
@@ -14,6 +14,8 @@ versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
 autogenerated: rest
 ---
 
+## About {% data variables.product.prodname_actions %} OIDC
 
+You can use the REST API to query and manage a customization template for an OpenID Connect (OIDC) subject claim. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)."
 
 <!-- Content after this section is automatically generated -->
diff --git a/content/rest/actions/secrets.md b/content/rest/actions/secrets.md
@@ -19,6 +19,4 @@ autogenerated: rest
 
 You can use the REST API to create, update, delete, and retrieve information about encrypted secrets that can be used in workflows in {% data variables.product.prodname_actions %}. {% data reusables.actions.about-secrets %} For more information, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets)."
 
-{% data reusables.actions.actions-authentication %} {% data variables.product.prodname_github_apps %} must have the `secrets` permission to use these endpoints. Authenticated users must have collaborator access to a repository to create, update, or read secrets.
-
 <!-- Content after this section is automatically generated -->
diff --git a/content/rest/actions/self-hosted-runners.md b/content/rest/actions/self-hosted-runners.md
@@ -17,6 +17,4 @@ autogenerated: rest
 
 You can use the REST API to register, view, and delete self-hosted runners in {% data variables.product.prodname_actions %}. {% data reusables.actions.about-self-hosted-runners %} For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners)."
 
-{% data reusables.actions.actions-authentication %} {% data variables.product.prodname_github_apps %} must have the `administration` permission for repositories and the `organization_self_hosted_runners` permission for organizations. Authenticated users must have admin access to repositories or organizations, or the `manage_runners:enterprise` scope for enterprises to use these endpoints.
-
 <!-- Content after this section is automatically generated -->
diff --git a/content/rest/actions/variables.md b/content/rest/actions/variables.md
@@ -16,8 +16,6 @@ autogenerated: rest
 
 ## About variables in {% data variables.product.prodname_actions %}
 
-You can use the REST API to create, update, delete, and retrieve information about variables that can be used in workflows in {% data variables.product.prodname_actions %}. {% data reusables.actions.about-variables %}
-
-{% data reusables.actions.actions-authentication %} {% data variables.product.prodname_github_apps %} must have the `actions_variables/environments/organization_actions_variables` permission to use these endpoints. Authenticated users must have collaborator access to a repository to create, update, or read variables.
+You can use the REST API to create, update, delete, and retrieve information about variables that can be used in workflows in {% data variables.product.prodname_actions %}. {% data reusables.actions.about-variables %} For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables)" in the {% data variables.product.prodname_actions %} documentation.
 
 <!-- Content after this section is automatically generated -->
diff --git a/content/rest/actions/workflow-jobs.md b/content/rest/actions/workflow-jobs.md
@@ -15,8 +15,6 @@ autogenerated: rest
 
 ## About workflow jobs in {% data variables.product.prodname_actions %}
 
-You can use the REST API to view logs and workflow jobs in {% data variables.product.prodname_actions %}. {% data reusables.actions.about-workflow-jobs %} For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions)".
-
-{% data reusables.actions.actions-authentication %} {% data reusables.actions.actions-app-actions-permissions-api %}
+You can use the REST API to view logs and workflow jobs in {% data variables.product.prodname_actions %}. {% data reusables.actions.about-workflow-jobs %} For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions)."
 
 <!-- Content after this section is automatically generated -->
diff --git a/content/rest/actions/workflow-runs.md b/content/rest/actions/workflow-runs.md
@@ -17,6 +17,4 @@ autogenerated: rest
 
 You can use the REST API to view, re-run, cancel, and view logs for workflow runs in {% data variables.product.prodname_actions %}. {% data reusables.actions.about-workflow-runs %} For more information, see "[AUTOTITLE](/actions/managing-workflow-runs)."
 
-{% data reusables.actions.actions-authentication %} {% data reusables.actions.actions-app-actions-permissions-api %}
-
 <!-- Content after this section is automatically generated -->
diff --git a/content/rest/actions/workflows.md b/content/rest/actions/workflows.md
@@ -15,8 +15,6 @@ autogenerated: rest
 
 ## About workflows in {% data variables.product.prodname_actions %}
 
-You can use the REST API to view workflows for a repository in {% data variables.product.prodname_actions %}. {% data reusables.actions.about-workflows %} For more information, see "[AUTOTITLE](/actions)."
-
-{% data reusables.actions.actions-authentication %} {% data reusables.actions.actions-app-actions-permissions-api %}
+You can use the REST API to view workflows for a repository in {% data variables.product.prodname_actions %}. {% data reusables.actions.about-workflows %} For more information, see "[AUTOTITLE](/actions/using-workflows/about-workflows)" in the {% data variables.product.prodname_actions %} documentation.
 
 <!-- Content after this section is automatically generated -->
diff --git a/data/release-notes/enterprise-server/3-6/17.yml b/data/release-notes/enterprise-server/3-6/17.yml
@@ -0,0 +1,46 @@
+date: '2023-08-10'
+sections:
+  security_fixes:
+    - |
+      **LOW:**  An attacker could circumvent branch protection by changing a PR base branch to an invalid ref name. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). 
+    - |
+      Packages have been updated to the latest security versions. 
+  bugs:
+    - | 
+      On an instance in a high availability configuration, on some platforms, replication could perform poorly over links with very high latency. 
+    - |
+      On an instance with custom firewall rules defined, a configuration run with `ghe-config-apply` could take longer than expected. 
+    - |
+      Events related to repository notifications did not appear in the audit log. 
+    - |
+      A collaborator with the "Set the social preview" permission inherited from the "Read" role couldnt upload the social preview image of a repository. 
+    - |
+      On an instance in a high availability configuration, existing nodes with out-of-sync repositories prevented new nodes from replicating those repositories. 
+    - |
+      GitHub Enterprise Server was queuing zip jobs unnecessarily. 
+  changes:
+    - |
+      The secondary abuse rate limits of the GraphQL API are now configurable in the Management Console. 
+    - |
+      The description of the `ghe-cluster-balance` command line utility clarifies that it can be used to balance jobs other than `github-unicorn`. 
+    - |
+      Administrators can display all repositories in a network with `spokesctl` by using the `repositories` subcommand. 
+  known_issues:
+    - |
+      Custom firewall rules are removed during the upgrade process.
+    - |
+      Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - |
+      The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - |
+      In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
+    - |
+      Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
+    - |
+      {% data reusables.release-notes.repository-inconsistencies-errors %}
+    - |
+      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
+    - |
+      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
+    - |
+      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
diff --git a/data/release-notes/enterprise-server/3-7/15.yml b/data/release-notes/enterprise-server/3-7/15.yml
@@ -0,0 +1,56 @@
+date: '2023-08-10'
+sections:
+  security_fixes:
+    - |
+      **LOW:**  An attacker could circumvent branch protection by changing a PR base branch to an invalid ref name. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). 
+    - |
+      In some cases, users could reopen a pull request that should not have been able to be reopened. 
+    - |
+      Packages have been updated to the latest security versions. 
+  bugs:
+    - |
+      In rare circumstances, Git commits signed with SSH keys using the RSA algorithm would incorrectly indicate the signature was invalid. 
+    - |
+      Issues with cross references to pull requests from deleted accounts would not load. 
+    - |
+      The site admin page for organizations erroneously included a "Blocked Copilot Repositories" link. 
+    - |
+      The checks in the merge box for a pull request did not always match the the checks for the most recent commit in the pull request. 
+    - |
+      When a site administrator used GitHub Enterprise Importer on versions 3.7 and below to migrate repositories from GitHub Enterprise Server, the system backup size would increase after running many migrations due to storage files not being cleaned up. 
+    - |
+      API results were incomplete, and ordering of results was incorrect if `asc` or `desc` appeared in lowercase within the API query. 
+    - | 
+      A collaborator with the "Set the social preview" permission inherited from the "Read" role couldnt upload the social preview image of a repository. 
+    - |
+      In some cases, on an instance with GitHub Actions enabled, deployment of GitHub Pages site using a GitHub Actions workflow failed with a status of `deployment_lost`. 
+    - |
+      On an instance in a high availability configuration, existing nodes with out-of-sync repositories prevented new nodes from replicating those repositories. 
+    - | 
+      GitHub Enterprise Server was queuing zip jobs unnecessarily. 
+  changes:
+    - |
+      The description of the `ghe-cluster-balance` command line utility clarifies that it can be used to balance jobs other than `github-unicorn`. 
+    - |
+      Administrators can display all repositories in a network with `spokesctl` by using the `repositories` subcommand. 
+    - |
+      Site administrators can see improved diagnostic information about repositories that have been deleted. 
+  known_issues:
+    - |
+      Custom firewall rules are removed during the upgrade process.
+    - |
+      The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - |
+      In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
+    - |
+      Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
+    - |
+      {% data reusables.release-notes.repository-inconsistencies-errors %}
+    - |
+      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+    - |
+      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
+    - |
+      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
+    - |
+      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
diff --git a/data/release-notes/enterprise-server/3-8/8.yml b/data/release-notes/enterprise-server/3-8/8.yml
@@ -0,0 +1,48 @@
+date: '2023-08-10'
+sections:
+  security_fixes:
+    - |
+      **LOW:**  An attacker could circumvent branch protection by changing a PR base branch to an invalid ref name. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). 
+    - |
+      Packages have been updated to the latest security versions. 
+  bugs:
+    - |
+      API results were incomplete, and ordering of results was incorrect if `asc` or `desc` appeared in lowercase within the API query. 
+    - |
+      The checks in the merge box for a pull request did not always match the the checks for the most recent commit in the pull request. 
+    - |
+      When a site administrator used GitHub Enterprise Importer on versions 3.7 and below to migrate repositories from GitHub Enterprise Server, the system backup size would increase after running many migrations due to storage files not being cleaned up. 
+    - |
+      A collaborator with the "Set the social preview" permission inherited from the "Read" role couldnt upload the social preview image of a repository. 
+    - |
+      When running the `ghe-migrator`, certain error messages contained an invalid link to import documentation. 
+    - |
+      In some cases, on an instance with GitHub Actions enabled, deployment of GitHub Pages site using a GitHub Actions workflow failed with a status of `deployment_lost`. 
+    - |
+      On an instance in a high availability configuration, existing nodes with out-of-sync repositories prevented new nodes from replicating those repositories. 
+    - |
+      GitHub Enterprise Server was queuing zip jobs unnecessarily. 
+  changes:
+    - |
+      The description of the `ghe-cluster-balance` command line utility clarifies that it can be used to balance jobs other than `github-unicorn`. 
+    - |
+      On GitHub Enterprise Server 3.8 and above, a blob storage provider must be configured in the Management Console in order to use the GitHub Enterprise Importer CLI, "startRepositoryMigration" GraphQL API, or "Start an organization migration" REST API. The "Migrations" section in the Management Console was mistakenly removed and has been added back. 
+    - |
+      Administrators can display all repositories in a network with `spokesctl` by using the `repositories` subcommand. 
+  known_issues:
+    - |
+      Custom firewall rules are removed during the upgrade process.
+    - |
+      The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - |
+      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+    - |
+      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](https://docs.github.com/en/enterprise-server@3.8/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
+    - |
+      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
+    - |
+      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
+    - |
+      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
+    - |
+      On an instance with subdomain isolation disabled, Mermaid diagrams in the web UI display an "Unable to render rich display" error and fail to render.
diff --git a/data/release-notes/enterprise-server/3-9/3.yml b/data/release-notes/enterprise-server/3-9/3.yml
diff --git a/data/reusables/actions/actions-app-actions-permissions-api.md b/data/reusables/actions/actions-app-actions-permissions-api.md
