Merge pull request github#36630 from github/repo-sync

Repo sync

Author: docs-bot

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-accessibility-settings.md

@@ -18,6 +18,8 @@ To create an experience on {% data variables.product.github %} that fits your ne
 
 You can decide whether you want to use some or all keyboard shortcuts, and control the display of animated images and how links are displayed.
 
+This article will help you customize your experience on the {% data variables.product.github %} website as a whole. For information on using specific {% data variables.product.github %} products with screen readers and other assistive technologies, see the [{% data variables.product.github %} Accessibility Documentation](https://accessibility.github.com/documentation).
+
 ## Managing the appearance of links
 
 You can control whether links in text blocks are underlined and therefore more distinguishable.

content/billing/using-the-new-billing-platform/estimating-spending.md

@@ -15,6 +15,13 @@ product: '{% data reusables.billing.enhanced-billing-platform-product %}'
 shortTitle: Estimate spending
 ---
 
+<!-- expires 2025-04-06 -->
+
+> [!NOTE]
+> Coming April 6, 2025: Usage ingestion for {% data variables.product.github %}’s [enhanced billing platform](/billing/using-the-new-billing-platform/about-the-new-billing-platform) will change from every minute to every hour.
+
+<!-- end expires 2025-04-06 -->
+
 The new billing platform provides a high-level view of your spending trends based on the usage across products. You can use this information to estimate your spending and make informed decisions about your budget.
 
 {% ifversion fpt %}

content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md

@@ -0,0 +1,41 @@
+---
+title: Enabling delegated alert dismissal for code scanning
+intro: 'You can use delegated alert dismissal to control who can dismiss an alert found by {% data variables.product.prodname_code_scanning %}.'
+permissions: '{% data reusables.permissions.delegated-alert-dismissal %}'
+versions:
+  feature: security-delegated-alert-dismissal
+type: how_to
+topics:
+  - Code scanning
+  - Advanced Security
+  - Alerts
+  - Repositories
+shortTitle: Enable delegated alert dismissal
+---
+
+## About enabling delegated alert dismissal
+
+{% data reusables.code-scanning.delegated-alert-dismissal-beta %}
+
+{% data reusables.security.delegated-alert-dismissal-intro %}
+
+## Configuring delegated dismissal for a repository
+
+>[!NOTE] If an organization owner configures delegated alert dismissal via an enforced security configuration, the settings can't be changed at the repository level.
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-ghas-settings %}
+
+1. Under "{% data variables.product.prodname_code_scanning_caps %}", toggle the option "Prevent direct alert dismissals".
+
+## Configuring delegated dismissal for an organization
+
+You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
+
+1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
+1. When creating the custom security configuration, under "{% data variables.product.prodname_code_scanning_caps %}", set "Prevent direct alert dismissals" to **Enabled**.
+1. Click **Save configuration**.
+1. Apply the security configuration to all (or selected) repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).
+
+To learn more about security configurations, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).

content/code-security/code-scanning/managing-your-code-scanning-configuration/index.md

@@ -15,6 +15,7 @@ children:
   - /about-the-tool-status-page
   - /editing-your-configuration-of-default-setup
   - /set-code-scanning-merge-protection
+  - /enabling-delegated-alert-dismissal-for-code-scanning
   - /codeql-query-suites
   - /configuring-larger-runners-for-default-setup
   - /viewing-code-scanning-logs

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md

@@ -0,0 +1,41 @@
+---
+title: Enabling delegated alert dismissal for secret scanning
+intro: 'You can use delegated alert dismissal to control who can dismiss an alert found by {% data variables.product.prodname_secret_scanning %}.'
+permissions: '{% data reusables.permissions.delegated-alert-dismissal %}'
+versions:
+  feature: security-delegated-alert-dismissal
+type: how_to
+topics:
+  - Secret scanning
+  - Advanced Security
+  - Alerts
+  - Repositories
+shortTitle: Enable delegated alert dismissal
+---
+
+## About enabling delegated alert dismissal
+
+{% data reusables.secret-scanning.delegated-alert-dismissal-beta %}
+
+{% data reusables.security.delegated-alert-dismissal-intro %}
+
+## Configuring delegated dismissal for a repository
+
+>[!NOTE] If an organization owner configures delegated alert dismissal via an enforced security configuration, the settings can't be changed at the repository level.
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-ghas-settings %}
+
+1. Under "{% data variables.product.prodname_secret_scanning_caps %}", toggle the option "Prevent direct alert dismissals".
+
+## Configuring delegated dismissal for an organization
+
+You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
+
+1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
+1. When creating the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menus for "Alerts" and "Prevent direct alert dismissals" are set to **Enabled**.
+1. Click **Save configuration**.
+1. Apply the security configuration to all (or selected) repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).
+
+To learn more about security configurations, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/index.md

@@ -17,4 +17,5 @@ children:
   - /non-provider-patterns
   - /custom-patterns
   - /delegated-bypass-for-push-protection
+  - /enabling-delegated-alert-dismissal-for-secret-scanning
 ---

content/enterprise-onboarding/github-actions-for-your-enterprise/about-billing-for-github-actions.md

@@ -146,6 +146,12 @@ For example, if you use 3 GB of storage for 10 days of March and 12 GB for 21 da
 At the end of the month, {% data variables.product.prodname_dotcom %} rounds your storage to the nearest MB. Therefore, your storage usage for March would be 9.097 GB.
 
 Your {% data variables.product.prodname_actions %} usage shares your account's existing billing date, payment method, and receipt. {% data reusables.dotcom_billing.view-all-subscriptions %}
+<!-- expires 2025-04-06 -->
+
+> [!NOTE]
+> Coming April 6, 2025: Usage ingestion for {% data variables.product.github %}’s [enhanced billing platform](/billing/using-the-new-billing-platform/about-the-new-billing-platform) will change from every minute to every hour.
+
+<!-- end expires 2025-04-06 -->
 
 ## About spending limits
 

content/migrations/using-github-enterprise-importer/migrating-between-github-products/overview-of-a-migration-between-github-products.md

@@ -113,7 +113,7 @@ For repository migrations, we recommend creating a test organization to use as a
 1. If your source organization uses IP allow lists, configure the list to allow access by {% data variables.product.prodname_importer_proper_name %}. For more information, see [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#configuring-ip-allow-lists-for-migrations).
 {% data reusables.enterprise-migration-tool.trial-migrations-tasks %}
 {% data reusables.enterprise-migration-tool.configure-destination-ip-allow-list %} For more information, see [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#configuring-ip-allow-lists-for-migrations).
-1. If you're running a repository migration and you want to migrate {% data variables.product.prodname_GH_advanced_security %} settings, enable {% data variables.product.prodname_GH_advanced_security %} for the destination organization. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).
+1. If you're running a repository migration and you want to migrate settings for {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %}, enable {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %} for the destination organization. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).
 1. Run your production migrations. For more information, see [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-repositories-with-github-enterprise-importer) or [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-organizations-with-github-enterprise-importer).
 {% data reusables.enterprise-migration-tool.delete-test-organization %}
 
@@ -127,7 +127,7 @@ For repository migrations, we recommend creating a test organization to use as a
 * [Setting repository visibility](#setting-repository-visibility)
 * [Configuring {% data variables.product.prodname_actions %}](#configuring-github-actions)
 * [Configuring IP allow lists](#configuring-ip-allow-lists)
-* [Managing {% data variables.product.prodname_GH_advanced_security %}](#managing-github-advanced-security)
+* [Managing {% data variables.product.prodname_GHAS %} features](#managing-github-advanced-security-features)
 * [Enabling webhooks](#enabling-webhooks)
 * [Reinstalling {% data variables.product.prodname_github_apps %}](#reinstalling-github-apps)
 * [Recreating teams](#recreating-teams)
@@ -181,9 +181,9 @@ If you added the IP ranges for {% data variables.product.prodname_importer_prope
 
 For more information, see [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#configuring-ip-allow-lists-for-migrations).
 
-### Managing {% data variables.product.prodname_GH_advanced_security %}
+### Managing {% data variables.product.prodname_GHAS %} features
 
-If you enabled {% data variables.product.prodname_GH_advanced_security %} for the destination organization before migrating repositories, the settings for individual features were migrated. If not, you'll need to re-enable individual features after the migration. For more information, see [AUTOTITLE](/enterprise-cloud@latest/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository).
+If you enabled {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %} for the destination organization before migrating repositories, the settings for individual features were migrated. If not, you'll need to re-enable individual features after the migration. For more information, see [AUTOTITLE](/enterprise-cloud@latest/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository).
 
 There are additional post-migration steps for each feature.
 

data/features/ghas-products.yml

@@ -6,4 +6,4 @@ versions:
   ghes: '> 3.16'
   #fpt: '*'
   #ghec: '*'
-  #ghes: '>= 3.16'
+  #ghes: '> 3.16'

data/features/security-delegated-alert-dismissal.yml

@@ -0,0 +1,3 @@
+versions:
+  ghec: '*'
+  ghes: '>3.16'

data/reusables/actions/azure-vnet-supported-regions.md

@@ -5,37 +5,39 @@ The {% data variables.product.prodname_actions %} service supports a subset of a
 The following regions are supported on {% data variables.product.prodname_dotcom_the_website %}.
 
 <ul style="-webkit-column-count: 2; -moz-column-count: 2; column-count: 2;">
+<li><code>AustraliaEast</code></li>
+<li><code>BrazilSouth</code></li>
+<li><code>CentralUs</code></li>
+<li><code>EastAsia</code></li>
 <li><code>EastUs</code></li>
 <li><code>EastUs2</code></li>
-<li><code>WestUs2</code></li>
-<li><code>WestUs3</code></li>
-<li><code>CentralUs</code></li>
-<li><code>NorthCentralUs</code></li>
-<li><code>AustraliaEast</code></li>
-<li><code>JapanEast</code></li>
 <li><code>FranceCentral</code></li>
 <li><code>GermanyWestCentral</code></li>
+<li><code>JapanEast</code></li>
+<li><code>KoreaCentral</code></li>
+<li><code>NorthCentralUs</code></li>
 <li><code>NorthEurope</code></li>
 <li><code>NorwayEast</code></li>
+<li><code>SoutheastAsia</code></li>
 <li><code>SwedenCentral</code></li>
 <li><code>SwitzerlandNorth</code></li>
 <li><code>UkSouth</code></li>
-<li><code>SoutheastAsia</code></li>
-<li><code>KoreaCentral</code></li>
+<li><code>WestUs2</code></li>
+<li><code>WestUs3</code></li>
 </ul>
 
 Azure private networking supports GPU runners in the following regions.
 
 * `EastUs`
-* `WestUs`
 * `NorthCentralUs`
+* `WestUs`
 
 Azure private networking supports arm64 runners in the following regions.
 
 * `EastUs`
 * `EastUs2`
+* `NorthCentralUs`
 * `WestUs2`
 * `WestUs3`
-* `NorthCentralUs`
 
 If your desired region is not supported, please submit a request for new region availability in [this GitHub form](https://resources.github.com/private-networking-for-github-hosted-runners-with-azure-virtual-networks/). You may also use global virtual network peering to connect virtual networks across Azure regions. For more information, see [Virtual network peering](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview) in the Azure documentation.

data/reusables/code-scanning/delegated-alert-dismissal-beta.md

@@ -0,0 +1,6 @@
+{% ifversion security-delegated-alert-dismissal %}
+
+> [!NOTE]
+> The ability to use delegated alert dismissal for {% data variables.product.prodname_code_scanning %} is currently in {% data variables.release-phases.public_preview %} and subject to change.
+
+{% endif %}

data/reusables/permissions/delegated-alert-dismissal.md

@@ -0,0 +1 @@
+Organization owners, security managers, and repository administrators can enable delegated alert dismissals. Once enabled, organization owners and security managers can dismiss alerts.

data/reusables/secret-scanning/delegated-alert-dismissal-beta.md

@@ -0,0 +1,6 @@
+{% ifversion security-delegated-alert-dismissal %}
+
+> [!NOTE]
+> The ability to use delegated alert dismissal for {% data variables.product.prodname_secret_scanning %} is currently in {% data variables.release-phases.public_preview %} and subject to change.
+
+{% endif %}

data/reusables/security/delegated-alert-dismissal-intro.md

@@ -0,0 +1,9 @@
+Delegated alert dismissal lets you restrict which users can directly dismiss an alert. When enabled, users attempting to dismiss an alert will instead create a request for dismissal.
+When this happens, security managers and organization owners will be notified via email so they can review the request and approve it or deny it. The alert will only be dismissed if the dismissal request is approved; otherwise, the alert will remain open.
+
+When you enable this feature, only security managers and organization owners will be able to approve or deny dismissal requests for alerts.
+This might create friction and you should ensure to have sufficient coverage in your security managers team before you start.
+
+In addition, dismissal request emails are sent to all organization owners and security managers. Be sure to review these lists periodically to ensure that these are the correct people to take action on these requests.
+
+To learn more about the security manager role, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).

src/article-api/middleware/article.ts

@@ -33,6 +33,11 @@ async function getArticleBody(req: ExtendedRequestWithPageInfo) {
   // and is in the ExtendedRequestWithPageInfo
   const { page, pathname } = req.pageinfo
 
+  // for anything that's not an article (like index pages), don't try to render and
+  // tell the user what's going on
+  if (page.documentType !== 'article') {
+    throw new Error(`Page ${pathname} isn't yet available in markdown.`)
+  }
   // these parts allow us to render the page
   const mockedContext: Context = {}
   const renderingReq = {
@@ -69,7 +74,12 @@ router.get(
   catchMiddlewareError(async function (req: ExtendedRequestWithPageInfo, res: Response) {
     // First, fetch metadata
     const metaData = await getArticleMetadata(req)
-    const bodyContent = await getArticleBody(req)
+    let bodyContent
+    try {
+      bodyContent = await getArticleBody(req)
+    } catch (error) {
+      return res.status(403).json({ error: (error as Error).message })
+    }
 
     defaultCacheControl(res)
     return res.json({
@@ -84,9 +94,14 @@ router.get(
   pathValidationMiddleware as RequestHandler,
   pageValidationMiddleware as RequestHandler,
   catchMiddlewareError(async function (req: ExtendedRequestWithPageInfo, res: Response) {
-    const rendered = await getArticleBody(req)
+    let bodyContent
+    try {
+      bodyContent = await getArticleBody(req)
+    } catch (error) {
+      return res.status(403).json({ error: (error as Error).message })
+    }
     defaultCacheControl(res)
-    return res.type('text/markdown').send(rendered)
+    return res.type('text/markdown').send(bodyContent)
   }),
 )