diff --git a/content/contributing/style-guide-and-content-model/style-guide.md b/content/contributing/style-guide-and-content-model/style-guide.md index afb41a974bc5..630db3b36fdc 100644 --- a/content/contributing/style-guide-and-content-model/style-guide.md +++ b/content/contributing/style-guide-and-content-model/style-guide.md @@ -277,10 +277,14 @@ Workflow runs are delayed when too many workflows run at once. Since many users ## Emphasis -Use italics to emphasize words or parts of a sentence. Use emphasis sparingly for terminology or context that someone must be aware of to successfully complete the task that they're working on. Do not use italics to emphasize words that have other formatting applied such as all caps for placeholder text or bold for UI elements. +Use bold to emphasize words or parts of a sentence. Use emphasis sparingly (no more than five contiguous words), and remember that it is a visual aid for scannability for sighted users. -* **Use:** _{% data variables.product.pat_v2 %}s_ have several security advantages over {% data variables.product.pat_v1_plural %}. -* **Use:** _For types of packages other than containers_, to the right of the package version click **Delete**. +* Do not bold words that have other formatting applied, such as all caps for placeholder text. +* For accessibility, do not use bolding as the only way to convey meaning or emphasis. + +For example: + +* **Use:** Managed user accounts **cannot create public content** or collaborate outside your enterprise. * **Avoid:** Next to _**Title**_, add a descriptive label for your new key. ## Error messages diff --git a/data/release-notes/enterprise-server/3-14/0-rc1.yml b/data/release-notes/enterprise-server/3-14/0-rc1.yml index b79fa5dd5e9e..b9b246f563c4 100644 --- a/data/release-notes/enterprise-server/3-14/0-rc1.yml +++ b/data/release-notes/enterprise-server/3-14/0-rc1.yml @@ -1,6 +1,6 @@ date: '2024-08-07' release_candidate: true -deprecated: false +deprecated: true intro: | > [!NOTE] Release candidate (RC) builds are intended solely for use in a test environment. Do not install an RC in a production environment. > diff --git a/data/release-notes/enterprise-server/3-14/0.yml b/data/release-notes/enterprise-server/3-14/0.yml new file mode 100644 index 000000000000..dfa85a05128d --- /dev/null +++ b/data/release-notes/enterprise-server/3-14/0.yml @@ -0,0 +1,223 @@ +date: '2024-08-27' +release_candidate: false +deprecated: false +intro: | + For upgrade instructions, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/admin/upgrading-your-instance/preparing-to-upgrade/overview-of-the-upgrade-process)." + +sections: + + features: + - heading: Instance administration + notes: + # https://github.com/github/releases/issues/4262 + - | + On an instance with multiple replica nodes, to start or stop replication for all nodes in a single configuration run, administrators can use the `ghe-repl-start-all` and `ghe-repl-stop-all` commands. + + - heading: Instance services + notes: + # https://github.com/github/releases/issues/4178 + - | + Administrators can scale the appliance using generation 2 virtual machines, with support for booting in UEFI mode. This requires deploying a new instance and restoring data onto it. See "[AUTOTITLE](/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/using-generation-2-virtual-machines)." + # https://github.com/github/releases/issues/4179 + - | + Nomad has been upgraded to 1.5.17 and Consul has been upgraded to 1.17.4. These services are used in {% data variables.product.prodname_ghe_server %} to orchestrate containers and configuration. + + - heading: Identity and access management + notes: + # https://github.com/github/releases/issues/4087 + - | + Automated user provisioning via the System for Cross-domain Identity Management (SCIM) standard is available in public beta. Instances that use SAML authentication can enable SCIM to provision user accounts and manage their lifecycle from an identity provider (IdP). You can configure SCIM using an application for supported IdPs, or using the REST API endpoints for SCIM. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes)." + + * If your instance already uses SAML, you will need to configure a new IdP application that supports automated provisioning via SCIM. + * Existing private beta customers should also reconfigure their implementation with an updated application. + * During the public beta, we recommend testing SCIM support for your identity system in a non-production instance before adding SCIM to your current setup. + # https://github.com/github/releases/issues/3905 + - | + Organization owners can create and assign custom organization roles, delegating administrative duties to trusted teams and users. See "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles)." + # https://github.com/github/releases/issues/4026 + - | + Users can use the account switcher to switch between multiple accounts. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/switching-between-accounts)." + # https://github.com/github/releases/issues/4025 + - | + On an instance that uses built-in authentication, users can use passkeys to sign in securely to GitHub, without needing to input their password. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey)." + # https://github.com/github/releases/issues/3789 + - | + Enterprises that use an SSH certificate authority can allow SSH certificates to be used to access user-owned repositories. See "[AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-access-to-user-owned-repositories)." + + - heading: Audit logs + notes: + # https://github.com/github/releases/issues/3793 + - | + Every 24 hours, a health check runs for each audit log stream. If a stream is set up incorrectly, an email will be sent to the enterprise owners as notification that their audit log stream is not properly configured. + + - heading: Secret scanning + notes: + # https://github.com/github/releases/issues/3179 + - | + Users can specify which teams or roles have the ability to bypass push protection. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection)." + # https://github.com/github/releases/issues/3567 + - | + Secret scanning detects secrets leaked in discussions and in pull request titles, bodies, and comments. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." + # https://github.com/github/releases/issues/3740 + - | + Secret scanning blocks contributors from uploading files with detected secrets if push protection is enabled for a repository. This feature is in public beta and subject to change. + # https://github.com/github/releases/issues/3741 + - | + Audit log events are created when secret scanning non-provider patterns are enabled or disabled at the repository, organization, or enterprise level. + + - heading: Code scanning + notes: + # https://github.com/github/releases/issues/3707 + - | + Users can create a dedicated code scanning rule to block pull request merges, instead of relying on status checks. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection)." + # https://github.com/github/releases/issues/3734 + - | + Users can use CodeQL threat model settings for C# to adapt CodeQL's code scanning analysis to detect the most relevant security vulnerabilities in their code. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#including-local-sources-of-tainted-data-in-default-setup)." + # https://github.com/github/releases/issues/3936 + - | + Organizations that use default setup for code scanning can use organization-level model packs to extend the coverage of multiple repositories. This feature is in public beta and subject to change. See "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup)." + # https://github.com/github/releases/issues/3663 + - | + CodeQL can scan Java projects without a build. This feature is in public beta and subject to change. + # https://github.com/github/releases/issues/3865 + - | + This release comes installed with version **2.17.6** of the CodeQL CLI, used in the CodeQL action for code scanning. Significant updates since the default version installed on GitHub Enterprise Server 3.13 include: + + * Support for Java 22, Swift 5.10, TS 5.4, and C# 12 + * New queries for C/C++, Go, Java, and Ruby: + * `cpp/type-confusion`: Detects casts to invalid types + * `cpp/iterator-to-expired-container`: Detects the creation of iterators owned by temporary objects that are about to be destroyed + * `go/uncontrolled-allocation-size`: Detects slice memory allocation with excessive size value + * `java/unvalidated-url-forward`: Prevents information disclosure caused by unsafe URL construction + * `rb/insecure-mass-assignment`: Detects instances of mass assignment operations accepting arbitrary parameters + * `rb/csrf-protection-not-enabled`: Detects cases where Cross-Site Request Forgery protection is not enabled in Ruby on Rails controllers + + - heading: Dependabot + notes: + # https://github.com/github/releases/issues/3344 + - | + Users can consolidate Dependabot pull requests by enabling grouped security updates for related dependencies in a package ecosystem. See "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates)." + # https://github.com/github/releases/issues/3839 + - | + Dependabot can access Cargo private registries to provide updates to Rust dependencies. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#about-configuring-private-registries-for-dependabot)." + # https://github.com/github/releases/issues/3848 + - | + Dependabot pauses scheduled jobs after 15 failures. This gives an earlier indication of potential issues while still ensuring that critical security updates continue to be applied without interruption. + # https://github.com/github/releases/issues/3850 + - | + Dependabot uses private registry configurations specified in the `dependabot.yml` file as expected, even if there is a configuration with `target-branch`. This ensures that security updates are applied correctly, regardless of your repository's configuration settings. See "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)." + + - heading: Code security + notes: + # https://github.com/github/releases/issues/4036 + - | + The security overview dashboard, with the ability to view secret scanning metrics and trending data for the enablement of security features, is available at the enterprise level. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)." + # https://github.com/github/releases/issues/4212 + - | + The security overview dashboard for organizations is now generally available. + # https://github.com/github/releases/issues/3913 + - | + On the security overview dashboard, users can view alert trends grouped by tool. The group-by option is designed to improve the ability to track and analyze the effectiveness of scanning tools, enabling more strategic decision-making. See "[AUTOTITLE](/code-security/security-overview/viewing-security-insights#viewing-the-security-overview-dashboard-for-your-organization)." + # https://github.com/github/releases/issues/3912 + - | + On the security overview dashboard, users can filter by security tool. This feature is in public beta and subject to change. + # https://github.com/github/releases/issues/4115 + - | + In the dependency graph, a software bill of materials (SBOM) generated for a package now includes the package URL for more packages. Previously, the package URL was not included if the manifest file referenced a package with a version range. + + - heading: GitHub Actions + notes: + # Required Actions Runner version + - | + {% data reusables.actions.actions-runner-release-note %} + # https://github.com/github/releases/issues/3866 + - | + Deployment views across environments are now generally available. Users can pin environments and use additional filters to filter the views. See "[AUTOTITLE](/actions/deployment/managing-your-deployments/viewing-deployment-history)." + + - heading: GitHub Pages + notes: + # https://github.com/github/releases/issues/3872 + - | + Users can configure custom GitHub Actions workflows to build and deploy sites on GitHub Pages. See "[AUTOTITLE](/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site#publishing-with-a-custom-github-actions-workflow)." + + - heading: Repositories + notes: + # https://github.com/github/releases/issues/3947 + - | + Users can enhance security by adding deploy keys as a bypass type to rulesets. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset)." + # https://github.com/github/releases/issues/3826 + - | + Users can select Dependabot in the bypass list of a ruleset. See "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-push-ruleset)." + + - heading: Projects + notes: + # https://github.com/github/releases/issues/3910 + - | + Users can use the auto-close issue workflow to automatically close issues when a project item moves to a specific "completed" status. See "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)." + + - heading: Integrations and extensions + notes: + # https://github.com/github/releases/issues/3679 + # https://github.com/github/releases/issues/4047 + - | + When authenticating to a native GitHub App or OAuth app, users will be prompted to select which account they want to sign in to using an account picker. Developers of apps can append `?prompt=select_account` to their login flow to show users the account picker. + # https://github.com/github/releases/issues/3898 + - | + When using a JSON Web Token (JWT) to authenticate or request an installation token, developers of GitHub Apps can use the app's client ID for the JWT's `iss` claim. The application ID remains valid, but is considered deprecated. + + changes: + # https://github.com/github/releases/issues/3927 + - | + Pushes that update over 5,000 branches no longer trigger webhooks or GitHub Actions workflows. + + known_issues: + - | + Complete SCIM payloads are written to the audit log, including SCIM attributes that are not required or supported per [API docs](/rest/enterprise-admin/scim?apiVersion=2022-11-28#supported-scim-user-attributes). Customers using Okta with SCIM may notice that a placeholder password attribute is among the data passed to audit logs in its current configuration. This placeholder data is associated with Okta’s password synchronization feature that is not expected or required by GitHub. See [okta-scim](https://developer.okta.com/docs/api/openapi/okta-scim/guides/scim-20/#create-the-user) for more information. + - | + Custom firewall rules are removed during the upgrade process. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Repositories originally imported using ghe-migrator will not correctly track Advanced Security contributions. + - | + When log forwarding is enabled, some forwarded log entries may be duplicated. + - | + REST API endpoints for admin stats may time out on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-and-managing-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shut down the node and repeat the steps. + - | + If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected. + - | + When restoring data originally backed up from a 3.13 appliance, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + The global search bar does not have suggestions enabled due to the redesigned navigation and pending new search experience. + - | + Upgrades include an error concerning `Error deregistering job` for `consul-template`. This message does not indicate any problems with your install and can be safely ignored. + - | + Some links to GitHub Docs from GitHub Enterprise Server may lead to a "Page not found," because an `enterprise-cloud@latest` portion is incorrectly added to the URL. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + In the header bar displayed to site administrators, some icons are not available. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + {% data reusables.release-notes.2024-08-resolvconf-wont-start %} + - | + Services may respond with a 503 status due to an out of date haproxy configuration. This can usually be resolved with a `ghe-config-apply` run. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + + deprecations: + - | + The Manage GHES API reached feature parity with the Management Console API in GHES 3.12. As a result, we will remove the Management Console API in GitHub Enterprise Server 3.15. For information about updating tooling that relies on the Management Console API, see "[AUTOTITLE](/rest/enterprise-admin/management-console)." diff --git a/src/audit-logs/data/ghes-3.14/enterprise.json b/src/audit-logs/data/ghes-3.14/enterprise.json index 66e3b374ee68..727396680d8d 100644 --- a/src/audit-logs/data/ghes-3.14/enterprise.json +++ b/src/audit-logs/data/ghes-3.14/enterprise.json @@ -159,11 +159,6 @@ "description": "An enterprise owner cleared a restriction on repository creation in organizations in the enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation" }, - { - "action": "business.code_scanning_autofix_policy_update", - "description": "The policy for Code scanning autofix was updated for an enterprise.", - "docs_reference_links": "N/A" - }, { "action": "business.create", "description": "An enterprise was created.", @@ -184,11 +179,6 @@ "description": "N/A", "docs_reference_links": "N/A" }, - { - "action": "business.disable_open_scim", - "description": "SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.", - "docs_reference_links": "N/A" - }, { "action": "business.disable_source_ip_disclosure", "description": "Display of IP addresses within audit log events for the enterprise was disabled.", @@ -199,11 +189,6 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was disabled.", "docs_reference_links": "N/A" }, - { - "action": "business.enable_open_scim", - "description": "SCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.", - "docs_reference_links": "N/A" - }, { "action": "business.enable_source_ip_disclosure", "description": "Display of IP addresses within audit log events for the enterprise was enabled.", @@ -244,11 +229,6 @@ "description": "The slug for the enterprise URL was renamed.", "docs_reference_links": "N/A" }, - { - "action": "business.revoke_sso_session", - "description": "The SAML single sign-on session for a member in an enterprise was revoked.", - "docs_reference_links": "N/A" - }, { "action": "business_secret_scanning_automatic_validity_checks.disabled", "description": "Automatic partner validation checks have been disabled at the business level", @@ -309,16 +289,6 @@ "description": "Secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise" }, - { - "action": "business_secret_scanning_non_provider_patterns.disabled", - "description": "Secret scanning for non-provider patterns was disabled at the enterprise level.", - "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" - }, - { - "action": "business_secret_scanning_non_provider_patterns.enabled", - "description": "Secret scanning for non-provider patterns was enabled at the enterprise level.", - "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" - }, { "action": "business_secret_scanning_push_protection_custom_message.disable", "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.", @@ -429,11 +399,6 @@ "description": "Logs in a check suite were deleted.", "docs_reference_links": "N/A" }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search" - }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", @@ -739,41 +704,6 @@ "description": "The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners" }, - { - "action": "enterprise_team.add_member", - "description": "A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.", - "docs_reference_links": "N/A" - }, - { - "action": "enterprise_team.copilot_assignment", - "description": "A license for GitHub Copilot was assigned to an enterprise team.", - "docs_reference_links": "N/A" - }, - { - "action": "enterprise_team.copilot_unassignment", - "description": "A license for GitHub Copilot was unassigned from an enterprise team.", - "docs_reference_links": "N/A" - }, - { - "action": "enterprise_team.create", - "description": "A new enterprise team was created.", - "docs_reference_links": "N/A" - }, - { - "action": "enterprise_team.destroy", - "description": "An enterprise team was deleted.", - "docs_reference_links": "N/A" - }, - { - "action": "enterprise_team.remove_member", - "description": "A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.", - "docs_reference_links": "N/A" - }, - { - "action": "enterprise_team.rename", - "description": "The name of an enterprise team was changed.", - "docs_reference_links": "N/A" - }, { "action": "environment.add_protection_rule", "description": "A GitHub Actions deployment protection rule was created via the API.", @@ -829,81 +759,6 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules" }, - { - "action": "external_group.add_member", - "description": "A user was added to an external group.", - "docs_reference_links": "N/A" - }, - { - "action": "external_group.delete", - "description": "An external group was deleted.", - "docs_reference_links": "N/A" - }, - { - "action": "external_group.link", - "description": "An external group was linked to a GitHub team.", - "docs_reference_links": "N/A" - }, - { - "action": "external_group.provision", - "description": "An external group was created.", - "docs_reference_links": "N/A" - }, - { - "action": "external_group.remove_member", - "description": "A user was removed from an external group.", - "docs_reference_links": "N/A" - }, - { - "action": "external_group.scim_api_failure", - "description": "Failed external group SCIM API request.", - "docs_reference_links": "/rest/scim/scim" - }, - { - "action": "external_group.scim_api_success", - "description": "Successful external group SCIM API request. Excludes GET API requests.", - "docs_reference_links": "/rest/scim/scim" - }, - { - "action": "external_group.unlink", - "description": "An external group was unlinked to a GitHub team.", - "docs_reference_links": "N/A" - }, - { - "action": "external_group.update", - "description": "An external group was updated.", - "docs_reference_links": "N/A" - }, - { - "action": "external_group.update_display_name", - "description": "An external group's display name was updated.", - "docs_reference_links": "N/A" - }, - { - "action": "external_identity.deprovision", - "description": "An external identity was deprovisioned, suspending the linked GitHub user.", - "docs_reference_links": "N/A" - }, - { - "action": "external_identity.provision", - "description": "An external identity was created and linked to a GitHub user.", - "docs_reference_links": "N/A" - }, - { - "action": "external_identity.scim_api_failure", - "description": "Failed external identity SCIM API request.", - "docs_reference_links": "/rest/scim/scim" - }, - { - "action": "external_identity.scim_api_success", - "description": "Successful external identity SCIM API request. Excludes GET API requests.", - "docs_reference_links": "/rest/scim/scim" - }, - { - "action": "external_identity.update", - "description": "An external identity was updated.", - "docs_reference_links": "N/A" - }, { "action": "git.clone", "description": "A repository was cloned.", @@ -1379,16 +1234,6 @@ "description": "N/A", "docs_reference_links": "N/A" }, - { - "action": "org.code_scanning_autofix_disabled", - "description": "Autofix for code scanning alerts was disabled for an organization.", - "docs_reference_links": "N/A" - }, - { - "action": "org.code_scanning_autofix_enabled", - "description": "Autofix for code scanning alerts was enabled for an organization.", - "docs_reference_links": "N/A" - }, { "action": "org.codeql_disabled", "description": "Code scanning using the default setup was disabled for an organization.", @@ -1649,36 +1494,6 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern" }, - { - "action": "org_secret_scanning_non_provider_patterns.disabled", - "description": "Secret scanning for non-provider patterns was disabled at the organization level.", - "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" - }, - { - "action": "org_secret_scanning_non_provider_patterns.enabled", - "description": "Secret scanning for non-provider patterns was enabled at the organization level.", - "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" - }, - { - "action": "org_secret_scanning_push_protection_bypass_list.add", - "description": "A role or team was added to the push protection bypass list at the organization level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, - { - "action": "org_secret_scanning_push_protection_bypass_list.disable", - "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, - { - "action": "org_secret_scanning_push_protection_bypass_list.enable", - "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, - { - "action": "org_secret_scanning_push_protection_bypass_list.remove", - "description": "A role or team was removed from the push protection bypass list at the organization level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, { "action": "org.secret_scanning_push_protection_custom_message_disabled", "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", @@ -2345,19 +2160,29 @@ "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, { - "action": "repo.code_scanning_autofix_disabled", - "description": "Autofix for code scanning alerts was disabled for a repository.", + "action": "repo.code_scanning_configuration_for_branch_deleted", + "description": "A code scanning configuration for a branch of a repository was deleted.", + "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch" + }, + { + "action": "repo.code_scanning_third_party_tools_disabled", + "description": "N/A", "docs_reference_links": "N/A" }, { - "action": "repo.code_scanning_autofix_enabled", - "description": "Autofix for code scanning alerts was enabled for a repository.", + "action": "repo.code_scanning_third_party_tools_enabled", + "description": "N/A", "docs_reference_links": "N/A" }, { - "action": "repo.code_scanning_configuration_for_branch_deleted", - "description": "A code scanning configuration for a branch of a repository was deleted.", - "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch" + "action": "repo.codeql_advanced_disabled", + "description": "N/A", + "docs_reference_links": "N/A" + }, + { + "action": "repo.codeql_advanced_enabled", + "description": "N/A", + "docs_reference_links": "N/A" }, { "action": "repo.codeql_disabled", @@ -2369,11 +2194,6 @@ "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" }, - { - "action": "repo.codeql_updated", - "description": "Code scanning using the default setup was updated for a repository.", - "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" - }, { "action": "repo.collaborators_only", "description": "N/A", @@ -2784,36 +2604,6 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A" }, - { - "action": "repository_secret_scanning_non_provider_patterns.disabled", - "description": "Secret scanning for non-provider patterns was disabled at the repository level.", - "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" - }, - { - "action": "repository_secret_scanning_non_provider_patterns.enabled", - "description": "Secret scanning for non-provider patterns was enabled at the repository level.", - "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" - }, - { - "action": "repository_secret_scanning_push_protection_bypass_list.add", - "description": "A role or team was added to the push protection bypass list at the repository level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, - { - "action": "repository_secret_scanning_push_protection_bypass_list.disable", - "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, - { - "action": "repository_secret_scanning_push_protection_bypass_list.enable", - "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, - { - "action": "repository_secret_scanning_push_protection_bypass_list.remove", - "description": "A role or team was removed from the push protection bypass list at the repository level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, { "action": "repository_secret_scanning_push_protection.disable", "description": "Secret scanning push protection was disabled for a repository.", @@ -2884,21 +2674,6 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret" }, - { - "action": "secret_scanning_push_protection_request.approve", - "description": "A request to bypass secret scanning push protection was approved by a user.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection" - }, - { - "action": "secret_scanning_push_protection_request.deny", - "description": "A request to bypass secret scanning push protection was denied by a user.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection" - }, - { - "action": "secret_scanning_push_protection_request.request", - "description": "A user requested to bypass secret scanning push protection.", - "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" - }, { "action": "security_key.register", "description": "A security key was registered for an account.", @@ -3369,16 +3144,6 @@ "description": "N/A", "docs_reference_links": "N/A" }, - { - "action": "user_email.confirm_claim", - "description": "An enterprise managed user claimed an email address.", - "docs_reference_links": "N/A" - }, - { - "action": "user_email.mark_as_unclaimed", - "description": "N/A", - "docs_reference_links": "An enterprise managed user unclaimed an email address." - }, { "action": "user.enable_collaborators_only", "description": "N/A", @@ -3639,11 +3404,6 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A" }, - { - "action": "workflows.pin_workflow", - "description": "A workflow was pinned.", - "docs_reference_links": "N/A" - }, { "action": "workflows.prepared_workflow_job", "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", @@ -3658,10 +3418,5 @@ "action": "workflows.rerun_workflow_run", "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs" - }, - { - "action": "workflows.unpin_workflow", - "description": "A workflow was unpinned after previously being pinned.", - "docs_reference_links": "N/A" } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.14/organization.json b/src/audit-logs/data/ghes-3.14/organization.json index 4efd1492ca83..e7959eb1ec7f 100644 --- a/src/audit-logs/data/ghes-3.14/organization.json +++ b/src/audit-logs/data/ghes-3.14/organization.json @@ -84,11 +84,6 @@ "description": "Logs in a check suite were deleted.", "docs_reference_links": "N/A" }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search" - }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", @@ -239,11 +234,6 @@ "description": "A knowledge base was updated in the organization.", "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" }, - { - "action": "copilot.plan_changed", - "description": "The plan for GitHub Copilot was updated.", - "docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot" - }, { "action": "custom_hosted_runner.create", "description": "N/A", @@ -834,21 +824,6 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.", "docs_reference_links": "N/A" }, - { - "action": "network_configuration.create", - "description": "A network configuration for a hosted compute service was created.", - "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products" - }, - { - "action": "network_configuration.delete", - "description": "A network configuration for a hosted compute service was deleted.", - "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products" - }, - { - "action": "network_configuration.update", - "description": "A network configuration for a hosted compute service was updated.", - "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products" - }, { "action": "oauth_application.create", "description": "An OAuth application was created.", @@ -994,16 +969,6 @@ "description": "N/A", "docs_reference_links": "N/A" }, - { - "action": "org.code_scanning_autofix_disabled", - "description": "Autofix for code scanning alerts was disabled for an organization.", - "docs_reference_links": "N/A" - }, - { - "action": "org.code_scanning_autofix_enabled", - "description": "Autofix for code scanning alerts was enabled for an organization.", - "docs_reference_links": "N/A" - }, { "action": "org.codeql_disabled", "description": "Code scanning using the default setup was disabled for an organization.", @@ -1464,36 +1429,6 @@ "description": "Generic secrets have been enabled at the organization level", "docs_reference_links": "N/A" }, - { - "action": "org_secret_scanning_non_provider_patterns.disabled", - "description": "Secret scanning for non-provider patterns was disabled at the organization level.", - "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" - }, - { - "action": "org_secret_scanning_non_provider_patterns.enabled", - "description": "Secret scanning for non-provider patterns was enabled at the organization level.", - "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" - }, - { - "action": "org_secret_scanning_push_protection_bypass_list.add", - "description": "A role or team was added to the push protection bypass list at the organization level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, - { - "action": "org_secret_scanning_push_protection_bypass_list.disable", - "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, - { - "action": "org_secret_scanning_push_protection_bypass_list.enable", - "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, - { - "action": "org_secret_scanning_push_protection_bypass_list.remove", - "description": "A role or team was removed from the push protection bypass list at the organization level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, { "action": "org.secret_scanning_push_protection_custom_message_disabled", "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", @@ -2270,19 +2205,29 @@ "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, { - "action": "repo.code_scanning_autofix_disabled", - "description": "Autofix for code scanning alerts was disabled for a repository.", + "action": "repo.code_scanning_configuration_for_branch_deleted", + "description": "A code scanning configuration for a branch of a repository was deleted.", + "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch" + }, + { + "action": "repo.code_scanning_third_party_tools_disabled", + "description": "N/A", "docs_reference_links": "N/A" }, { - "action": "repo.code_scanning_autofix_enabled", - "description": "Autofix for code scanning alerts was enabled for a repository.", + "action": "repo.code_scanning_third_party_tools_enabled", + "description": "N/A", "docs_reference_links": "N/A" }, { - "action": "repo.code_scanning_configuration_for_branch_deleted", - "description": "A code scanning configuration for a branch of a repository was deleted.", - "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch" + "action": "repo.codeql_advanced_disabled", + "description": "N/A", + "docs_reference_links": "N/A" + }, + { + "action": "repo.codeql_advanced_enabled", + "description": "N/A", + "docs_reference_links": "N/A" }, { "action": "repo.codeql_disabled", @@ -2294,11 +2239,6 @@ "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" }, - { - "action": "repo.codeql_updated", - "description": "Code scanning using the default setup was updated for a repository.", - "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" - }, { "action": "repo.codespaces_trusted_repo_access_granted", "description": "GitHub Codespaces was granted trusted repository access to this repository.", @@ -2769,36 +2709,6 @@ "description": "Generic secrets have been enabled at the repository level", "docs_reference_links": "N/A" }, - { - "action": "repository_secret_scanning_non_provider_patterns.disabled", - "description": "Secret scanning for non-provider patterns was disabled at the repository level.", - "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" - }, - { - "action": "repository_secret_scanning_non_provider_patterns.enabled", - "description": "Secret scanning for non-provider patterns was enabled at the repository level.", - "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" - }, - { - "action": "repository_secret_scanning_push_protection_bypass_list.add", - "description": "A role or team was added to the push protection bypass list at the repository level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, - { - "action": "repository_secret_scanning_push_protection_bypass_list.disable", - "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, - { - "action": "repository_secret_scanning_push_protection_bypass_list.enable", - "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, - { - "action": "repository_secret_scanning_push_protection_bypass_list.remove", - "description": "A role or team was removed from the push protection bypass list at the repository level.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" - }, { "action": "repository_secret_scanning_push_protection.disable", "description": "Secret scanning push protection was disabled for a repository.", @@ -2969,21 +2879,6 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret" }, - { - "action": "secret_scanning_push_protection_request.approve", - "description": "A request to bypass secret scanning push protection was approved by a user.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection" - }, - { - "action": "secret_scanning_push_protection_request.deny", - "description": "A request to bypass secret scanning push protection was denied by a user.", - "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection" - }, - { - "action": "secret_scanning_push_protection_request.request", - "description": "A user requested to bypass secret scanning push protection.", - "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" - }, { "action": "sponsors.agreement_sign", "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", @@ -3319,11 +3214,6 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A" }, - { - "action": "workflows.pin_workflow", - "description": "A workflow was pinned.", - "docs_reference_links": "N/A" - }, { "action": "workflows.prepared_workflow_job", "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", @@ -3338,10 +3228,5 @@ "action": "workflows.rerun_workflow_run", "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs" - }, - { - "action": "workflows.unpin_workflow", - "description": "A workflow was unpinned after previously being pinned.", - "docs_reference_links": "N/A" } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.14/user.json b/src/audit-logs/data/ghes-3.14/user.json index 0bb45c86dfdb..82520f05cbd9 100644 --- a/src/audit-logs/data/ghes-3.14/user.json +++ b/src/audit-logs/data/ghes-3.14/user.json @@ -1639,16 +1639,6 @@ "description": "N/A", "docs_reference_links": "N/A" }, - { - "action": "user_email.confirm_claim", - "description": "An enterprise managed user claimed an email address.", - "docs_reference_links": "N/A" - }, - { - "action": "user_email.mark_as_unclaimed", - "description": "N/A", - "docs_reference_links": "An enterprise managed user unclaimed an email address." - }, { "action": "user.enable_collaborators_only", "description": "N/A", @@ -1854,19 +1844,9 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A" }, - { - "action": "workflows.pin_workflow", - "description": "A workflow was pinned.", - "docs_reference_links": "N/A" - }, { "action": "workflows.reject_workflow_job", "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments" - }, - { - "action": "workflows.unpin_workflow", - "description": "A workflow was unpinned after previously being pinned.", - "docs_reference_links": "N/A" } ] \ No newline at end of file diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json index 8b6df5fcd611..795b7030c395 100644 --- a/src/audit-logs/lib/config.json +++ b/src/audit-logs/lib/config.json @@ -3,5 +3,5 @@ "apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "apiRequestEvent": "This event is only available via audit log streaming." }, - "sha": "48d93f096c9b24362268913446e70d6b984ac658" + "sha": "c71e46fe140dc7b1f1ebaad92471dd1abc1942e9" } \ No newline at end of file diff --git a/src/content-linter/scripts/pretty-print-results.js b/src/content-linter/scripts/pretty-print-results.js index 2d2147c885b5..fb938cfcea6c 100644 --- a/src/content-linter/scripts/pretty-print-results.js +++ b/src/content-linter/scripts/pretty-print-results.js @@ -75,10 +75,10 @@ export function prettyPrintResults(results, { fixed = false } = {}) { ruleNames, chalk.dim(indentWrappedString(result.ruleDescription, ruleNames.length)), ) - if (!distinctDetails) { + if (!distinctDetails && result.errorDetail) { console.log( label('Detail'), - `${indentWrappedString(result.errorDetail?.replace(/\n/g, ' ').trim(), PREFIX_PADDING.length * 8)}`, + `${indentWrappedString(result.errorDetail.replace(/\n/g, ' ').trim(), PREFIX_PADDING.length * 8)}`, ) } @@ -93,11 +93,11 @@ export function prettyPrintResults(results, { fixed = false } = {}) { if (isNumber(result.columnNumber) && result.columnNumber !== 1) { position += ` (col ${chalk.yellow(result.columnNumber)})` } - if (distinctDetails) { + if (distinctDetails && result.errorDetail) { console.log( label('Detail'), indentWrappedString( - result.errorDetail?.replace(/\n/g, ' ').trim(), + result.errorDetail.replace(/\n/g, ' ').trim(), PREFIX_PADDING.length * 8, ), ) diff --git a/src/versions/lib/enterprise-server-releases.js b/src/versions/lib/enterprise-server-releases.js index 8b88acf2cf9c..4254d4a2e755 100644 --- a/src/versions/lib/enterprise-server-releases.js +++ b/src/versions/lib/enterprise-server-releases.js @@ -15,7 +15,7 @@ export const nextNext = '3.16' export const supported = ['3.14', '3.13', '3.12', '3.11', '3.10'] // Edit this to `null` when it's no longer the release candidate -export const releaseCandidate = '3.14' +export const releaseCandidate = null // Ensure that: // "next" is ahead of "latest" by one minor or major release.