diff --git a/.github/workflows/delete-orphan-translation-files.yml b/.github/workflows/delete-orphan-translation-files.yml index da1e7cec5edb..350f9992cff6 100644 --- a/.github/workflows/delete-orphan-translation-files.yml +++ b/.github/workflows/delete-orphan-translation-files.yml @@ -129,7 +129,8 @@ jobs: --title "Delete orphan files ($current_daystamp)" \ --body '👋 humans. This PR was generated from docs-internal/.github/workflows/delete-orphan-translation-files.yml. ' \ - --repo "${{ matrix.language_repo }}" + --repo "${{ matrix.language_repo }}" \ + --head=$branch_name echo "Merge created PR..." retry_command gh pr merge --merge --auto --delete-branch "$branch_name" diff --git a/.github/workflows/sync-audit-logs.yml b/.github/workflows/sync-audit-logs.yml index f0226617d16b..8ae0705622e7 100644 --- a/.github/workflows/sync-audit-logs.yml +++ b/.github/workflows/sync-audit-logs.yml @@ -33,7 +33,7 @@ jobs: # need to use a token from a user with access to github/audit-log-allowlists for this step GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }} run: | - npm run audit-log-sync + npm run sync-audit-log - name: Get the audit-log-allowlists SHA being synced id: audit-log-allowlists @@ -54,7 +54,11 @@ jobs: # If nothing to commit, exit now. It's fine. No orphans. changes=$(git diff --name-only | wc -l) untracked=$(git status --untracked-files --short | wc -l) - if [[ $changes -eq 0 ]] && [[ $untracked -eq 0 ]]; then + filesChanged=$(git diff --name-only) + # There will always be at least one file changed: + # src/audit-logs/lib/config.json + # If the config file is the only file changed, exit. + if [[ $changes -eq 1 ]] && [[ $untracked -eq 1 ]] && [[ $filesChanged == *lib/config.json ]]; then echo "There are no changes to commit or untracked files. Exiting..." exit 0 fi @@ -83,7 +87,8 @@ jobs: If CI does not pass or other problems arise, contact #docs-engineering on slack.' \ --repo github/docs-internal \ - --label audit-log-pipeline + --label audit-log-pipeline \ + --head=$branchname # can't approve your own PR, approve with Actions unset GITHUB_TOKEN @@ -93,7 +98,7 @@ jobs: # Actions can't merge the PR so back to docs-bot to merge the PR unset GITHUB_TOKEN gh auth login --with-token <<< "${{ secrets.DOCS_BOT_PAT_WORKFLOW_READORG }}" - gh pr merge --auto --delete-branch + gh pr merge --auto - uses: ./.github/actions/slack-alert if: ${{ failure() && github.event_name != 'workflow_dispatch' }} diff --git a/.github/workflows/sync-graphql.yml b/.github/workflows/sync-graphql.yml index c8acb219c641..3b00847876bf 100644 --- a/.github/workflows/sync-graphql.yml +++ b/.github/workflows/sync-graphql.yml @@ -25,7 +25,7 @@ jobs: env: # need to use a token from a user with access to github/github for this step GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }} - run: npm run graphql-sync + run: npm run sync-graphql - name: Create pull request id: create-pull-request uses: peter-evans/create-pull-request@6cd32fd93684475c31847837f87bb135d40a2b79 # pin @v7.0.3 diff --git a/.github/workflows/sync-secret-scanning.yml b/.github/workflows/sync-secret-scanning.yml index 8a1ef68e338a..9d90f9b9606a 100644 --- a/.github/workflows/sync-secret-scanning.yml +++ b/.github/workflows/sync-secret-scanning.yml @@ -76,7 +76,8 @@ jobs: If CI does not pass or other problems arise, contact #docs-engineering on Slack.' \ --repo github/docs-internal \ - --label secret-scanning-pipeline,'skip FR board',ready-for-doc-review + --label secret-scanning-pipeline,'skip FR board',ready-for-doc-review \ + --head=$branchname - uses: ./.github/actions/slack-alert if: ${{ failure() && github.event_name != 'workflow_dispatch' }} diff --git a/Dockerfile b/Dockerfile index ca3381d9c512..d4ce7e2c8793 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,11 +5,23 @@ # -------------------------------------------------------------------------------- # BASE IMAGE # -------------------------------------------------------------------------------- -# To update the sha, run `docker pull node:$VERSION-alpine` -# look for something like: `Digest: sha256:0123456789abcdef` -FROM node:22-alpine@sha256:c13b26e7e602ef2f1074aef304ce6e9b7dd284c419b35d89fcf3cc8e44a8def9 AS base +# To update the sha: +# https://github.com/github/gh-base-image/pkgs/container/gh-base-image%2Fgh-base-noble +FROM ghcr.io/github/gh-base-image/gh-base-noble:20250108-185521-gcd4825276 AS base + +# Install git for cloning docs-early-access & translations repos +# Install curl for determining the early access branch +RUN apt-get -qq update && apt-get -qq install --no-install-recommends git curl + +# Install Node.js latest LTS +# https://github.com/nodejs/release#release-schedule +# Ubuntu's apt-get install nodejs is _very_ outdated +RUN curl -sL https://deb.nodesource.com/setup_22.x | bash - +RUN apt-get install -y nodejs +RUN node --version # This directory is owned by the node user +RUN useradd -ms /bin/bash node ARG APP_HOME=/home/node/app RUN mkdir -p $APP_HOME && chown -R node:node $APP_HOME WORKDIR $APP_HOME @@ -17,10 +29,6 @@ WORKDIR $APP_HOME # Switch to root to ensure we have permissions to copy, chmod, and install USER root -# Install git for cloning docs-early-access & translations repos -# Install curl for determining the early access branch -RUN apk add --no-cache git curl - # Copy in build scripts COPY src/deployments/production/build-scripts/*.sh ./build-scripts/ @@ -39,12 +47,12 @@ COPY data ./data # We use --mount-type=secret to avoid the secret being copied into the image layers for security # The secret passed via --secret can only be used in this RUN command RUN --mount=type=secret,id=DOCS_BOT_PAT_READPUBLICKEY \ - # We don't cache because Docker can't know if we need to fetch new content from remote repos - echo "Don't cache this step by printing date: $(date)" && \ - . ./build-scripts/fetch-repos.sh + # We don't cache because Docker can't know if we need to fetch new content from remote repos + echo "Don't cache this step by printing date: $(date)" && \ + . ./build-scripts/fetch-repos.sh # Give node user access to the copied content since we cloned as root -RUN chown -R node:node $APP_HOME/content +RUN chown -R node:node $APP_HOME/content RUN chown -R node:node $APP_HOME/assets RUN chown -R node:node $APP_HOME/data # Give node user access to translations repos @@ -105,7 +113,7 @@ RUN npm run precompute-pageinfo -- --max-versions 2 RUN npm prune --production # -------------------------------------------------------------------------------- -# PRODUCTION IMAGE +# PRODUCTION IMAGE # -------------------------------------------------------------------------------- FROM base AS production @@ -140,7 +148,7 @@ COPY --chown=node:node --from=builder $APP_HOME/next.config.js ./ COPY --chown=node:node --from=builder $APP_HOME/tsconfig.json ./ # - - - -# Environment variables are set in the Moda +# Environment variables are set in the Moda # configuration: config/moda/configuration/*/env.yaml # - - - diff --git a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/index.md b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/index.md index 08a6da63ce2d..d5b30b53132e 100644 --- a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/index.md +++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/index.md @@ -17,5 +17,5 @@ children: - /managing-your-profile-readme - /pinning-items-to-your-profile - /setting-your-profile-to-private + - /using-your-github-profile-to-enhance-your-resume --- - diff --git a/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/using-your-github-profile-to-enhance-your-resume.md b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/using-your-github-profile-to-enhance-your-resume.md new file mode 100644 index 000000000000..78342c0af42a --- /dev/null +++ b/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/using-your-github-profile-to-enhance-your-resume.md @@ -0,0 +1,107 @@ +--- +title: Using your GitHub profile to enhance your resume +intro: 'Demonstrate your skills to hiring managers with your {% data variables.product.github %} profile.' +versions: + fpt: '*' +topics: + - Profiles +shortTitle: Enhance your resume +--- + +## How can my {% data variables.product.github %} profile enhance my resume? + +When you include a link to your {% data variables.product.github %} profile in your resume, you showcase your skills and experience to potential employers. In this article, you'll find practical tips for preparing your {% data variables.product.github %} profile for a job search. + +After you complete these steps, you can be confident that hiring managers will have a good sense of your technical skills when they are reviewing your {% data variables.product.github %} profile. + +## Step 1: Create a professional bio + +Your bio is a sentence or two that appears under your profile picture. Use your bio to give potential employers a high-level overview of who you are and what kind of work you're looking for. + +Navigate to your [profile settings](https://github.com/settings/profile) to update your bio. Keep this description short and concise. Consider something like, "Hello! My name is Mona and I'm looking for work as a front end developer." + +> [!NOTE] While you're here, you can update the rest of your profile settings. Consider including a profile picture, a link to your personal website or portfolio, and links to your social profiles. + +## Step 2: Create a profile README + +Compared to your bio, your profile README is flexible and allows for more creativity. You can write more in your profile README to showcase your skills and interests. + +Things you may want to add to your profile README include: + +* **An introduction**: Write a brief introduction of yourself and your professional background. +* **Skills and experience**: List your technical skills, including any programming languages, frameworks, and tools you are proficient in. +* **Your professional experience**: Describe where you've worked before and what sort of professional skills you've built. These can even be non-technical skills, such as communication and empathy. +* **Some of your best projects**: Describe some projects you're proud of. You'll also pin these repositories later, but your README gives you a chance to provide more commentary. +* **Achievements or awards**: Show off any of your achievements, including certifications or awards you've received for your work. + +For instructions for creating a profile README, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme#adding-a-profile-readme). + +> [!NOTE] Updating and customizing your profile README also helps demonstrate fluency using Markdown and HTML, which are useful skills for technical jobs. To show off your skills for potential employers, look for ways to use more advanced Markdown or HTML elements in your profile README. + +## Step 3: Choose projects to showcase + +Pick your favorite 3-5 projects to highlight for your job application. For the best chances at an interview, pick projects that show your diverse skills and are relevant to your specific job search. + +These can be projects you created or projects that you contributed to: + +* Projects you own are fully under your control, so you can prepare the project using the rest of the steps below. +* Open source projects highlight your ability to collaborate with others. + +To take advantage of both, pin some of each to your profile. + +Repositories you pin will be prominently displayed on your profile, allowing you to direct hiring managers' attention to the projects you're most proud of. + +To get started, click **Customize your pins** in the "Popular repositories" section of your profile. + +## Step 4: Prepare the projects you want to showcase + +Hiring managers usually consider many applicants for each role. Expect that they will only look at your projects for a couple minutes. To give the best impression during this brief time, you should make your projects easy to understand and explore. + +Below, you'll find some practical suggestions for preparing your showcase projects, as well as some tips on using {% data variables.product.prodname_copilot_short %} to help. + +> [!NOTE] Always verify the answers that {% data variables.product.prodname_copilot_short %} provides. + +### Update the repository details + +On the main page of the repository, to the right of "About," click {% octicon "gear" aria-label="Edit repository metadata" %}. Here, you can provide information that helps hiring managers quickly understand the project: +* A brief description of your project +* A website where you can see the project in action +* Topic tags that categorize your project + +### Write a helpful README + +The README for your project's repository is a perfect space to give a concise project overview. Helpful project README details include: +* A list of key features of the project +* Details on how to set up and run the project +* An example or demo of the project +* Instructions on testing your code + +You can use [Copilot Chat](https://github.com/copilot) to help write your README. Use a prompt like this: +>Write a README for my `lottery-number-generator` repository. + +### Make the code easy to understand + +To give the best impression, you'll want to make sure that hiring managers can understand your project quickly. In general, a few best practices can help give any readers an understanding of your project and how you work with code: + +* Maintain a consistent coding style with descriptive file and directory names throughout the project +* Use helpful comments and documentation for any complex or important snippets +* Refine your code according to popular style guides +* Simplify complex functions, break down large classes, and remove redundant code +* Provide tests to validate that your code is working as expected + +You can use [{% data variables.product.prodname_copilot_extension_vsc %}](https://marketplace.visualstudio.com/items?itemName=GitHub.copilot) to interact with {% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_vscode_shortname %}. Here, {% data variables.product.prodname_copilot_short %} can help answer more specific questions about your project, make edits across multiple files, provide suggestions for simplifying your code, and write tests. For more information, see [AUTOTITLE](/copilot/using-github-copilot/guides-on-using-github-copilot/writing-tests-with-github-copilot). + +### Update your project's dependencies + +To showcase your understanding of security best practices, ensure your project is using the latest versions of any dependencies. You can use {% data variables.product.prodname_dependabot_alerts %} and security updates to view alerts about dependencies with known security vulnerabilities. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts). + +## Looking forward: Maintaining your projects + +Your profile is now ready to be included on your resume! The changes you made today will have a big impact on your job search and will make your {% data variables.product.github %} profile stand out to hiring managers. + +If you want to improve your profile even more, incorporate these practices into your coding routines: + +* **Maintain a clean commit history**. To make your project history understandable, use descriptive commit messages and work in smaller batches. +* **Use issues, pull requests, and {% data variables.product.prodname_projects_v2 %}**. Showcase your task management and project planning skills by tracking bugs and feature requests with issues and using {% data variables.product.prodname_projects_v2 %} to organize them. +* **Keep dependencies updated**. Use {% data variables.product.prodname_dependabot_version_updates %} to automatically update your project's dependencies with the latest security features and bug fixes. +* **Contribute to open source**. Open source contributions showcase your collaboration skills and prove that you can work in complex code bases. For more information, see [AUTOTITLE](/get-started/exploring-projects-on-github/finding-ways-to-contribute-to-open-source-on-github). diff --git a/content/actions/security-for-github-actions/using-artifact-attestations/enforcing-artifact-attestations-with-a-kubernetes-admission-controller.md b/content/actions/security-for-github-actions/using-artifact-attestations/enforcing-artifact-attestations-with-a-kubernetes-admission-controller.md index 27ed0f68b719..01a913b94008 100644 --- a/content/actions/security-for-github-actions/using-artifact-attestations/enforcing-artifact-attestations-with-a-kubernetes-admission-controller.md +++ b/content/actions/security-for-github-actions/using-artifact-attestations/enforcing-artifact-attestations-with-a-kubernetes-admission-controller.md @@ -55,7 +55,7 @@ First, install the Helm chart that deploys the Sigstore Policy Controller: helm upgrade policy-controller --install --atomic \ --create-namespace --namespace artifact-attestations \ oci://ghcr.io/github/artifact-attestations-helm-charts/policy-controller \ - --version v0.10.0-github9 + --version v0.12.0-github10 ``` This installs the Policy Controller into the `artifact-attestations` namespace. At this point, no policies have been configured, and it will not enforce any attestations. @@ -139,7 +139,7 @@ To see the full set of options you may configure with the Helm chart, you can ru For policy controller options: ```bash copy -helm show values oci://ghcr.io/github/artifact-attestations-helm-charts/policy-controller --version v0.10.0-github9 +helm show values oci://ghcr.io/github/artifact-attestations-helm-charts/policy-controller --version v0.12.0-github10 ``` For trust policy options: diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-governance.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-governance.md new file mode 100644 index 000000000000..d6bb07cae274 --- /dev/null +++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-governance.md @@ -0,0 +1,149 @@ +--- +title: Enforcing code governance in your enterprise with rulesets +allowTitleToDifferFromFilename: true +intro: 'You can create a ruleset to target multiple repositories in your enterprise.' +versions: + feature: enterprise-code-rulesets +permissions: 'Enterprise owners' +shortTitle: Create rulesets +type: how_to +topics: + - Enterprise + - Policies + - Repositories + - Security +--- + +## Introduction + +>[!NOTE] Enterprise code rulesets are currently in public preview and subject to change. + +You can create rulesets to control how users can interact with code in repositories across your enterprise. You can: + +* Create a **branch or tag ruleset** to control things like who can push commits to a certain branch, how commits must be formatted, or who can delete or rename a tag. +* Create a **push ruleset** to block pushes to a private or internal repository and the repository's entire fork network. Push rulesets allow you to block pushes based on file extensions, file path lengths, file and folder paths, and file sizes. + +To learn more, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets). + +## Importing prebuilt rulesets + +To import a prebuilt ruleset created by {% data variables.product.company_short %}, see [`github/ruleset-recipes`](https://github.com/github/ruleset-recipes). + +{% ifversion repo-rules-management %} +{% data reusables.repositories.import-a-ruleset-conceptual %} For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization#using-ruleset-history)." +{% endif %} + +## How will I define where my ruleset applies? + +Rulesets allow you to flexibly target the organizations, repositories, and branches where you want rules to apply. + +* To target **organizations**, you can select all, choose from a list, or define a dynamic pattern for organization names using `fnmatch` syntax. For syntax details, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#using-fnmatch-syntax). +* Within those organizations, you can target all **repositories**, or target a dynamic list by custom property. See [AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization). +* Within the repositories, you can target certain **branches or tags**: all branches, the default branch, or a dynamic list using `fnmatch` syntax. + +When you create a ruleset that targets branches in a repository, repository administrators can no longer rename branches or change the default branch in the targeted repository. They can still create and delete branches if they have the appropriate permissions. + +## How can I control the format of commits? + +In branch or tag rulesets, you can add a rule that restricts the format of commit metadata such as commit message or author email. + +If you select **Must match a given regex pattern restriction**, you can use regular expression syntax to define patterns that the metadata must or must not match. For syntax details and examples, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#using-regular-expressions-for-commit-metadata). + +## Using ruleset enforcement statuses + +{% data reusables.repositories.rulesets-about-enforcement-statuses %} + +## Creating a branch or tag ruleset + +{% data reusables.enterprise-accounts.access-enterprise %} +{% data reusables.enterprise-accounts.policies-tab %} +1. Under "Policies", click **Code**. +{% data reusables.repositories.create-ruleset-step %} +{% data reusables.repositories.rulesets-general-step %} + +### Granting bypass permissions for your branch or tag ruleset + +You can grant certain roles, teams, or apps bypass permissions as well as the ability to approve bypass requests for your ruleset. + +The following are eligible for bypass access: +* Repository admins, organization owners, and enterprise owners +* The maintain or write role, or deploy keys. + +1. To grant bypass permissions for the ruleset, in the "Bypass list" section, click **Add bypass**. + +1. In the "Add bypass" modal dialog that appears, search for the role, team, or app you would like to grant bypass permissions, then select the role, team, or app from the "Suggestions" section and click Add Selected. + +{% data reusables.repositories.rulesets-branch-tag-bypass-optional-step %} + +### Choosing which organizations to target in your enterprise + +Select all organizations, choose a selection of existing organizations, or set a dynamic list by name. If you use {% data variables.product.prodname_emus %}, you can also choose to target all repositories owned by users in your enterprise. + +If you set a dynamic list, you'll add one or more naming patterns using `fnmatch` syntax. For example, the string `*open-source` would match any organization with a name that ends with `open-source`. For syntax details, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#using-fnmatch-syntax)." + +### Choosing which repositories to target in your enterprise + +Within the selected organizations, you can target all repositories or target a dynamic list by custom property. See [AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization). + +### Choosing which branches or tags to target + +{% data reusables.repositories.rulesets-target-branches %} + +### Selecting branch or tag protections + +In the "Branch protections" or "Tag protections" section, select the rules you want to include in the ruleset. When you select a rule, you may be able to enter additional settings for the rule. For more information on the rules, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets)" + +### Adding metadata restrictions + +{% data reusables.repositories.rulesets-metadata-step %} + +### Finalizing your branch or tag ruleset and next steps + +{% data reusables.repositories.rulesets-create-and-insights-step %} + +{% ifversion push-rulesets %} + +## Creating a push ruleset + +{% data reusables.repositories.push-rules-fork-network-note %} + +You can create a push ruleset for private or internal repositories in your enterprise. + +{% data reusables.enterprise-accounts.access-enterprise %} +1. In the left sidebar, in the "Policies" section, click **Code**. +1. Click **New ruleset**. +1. Click **New push ruleset**. +1. Under "Ruleset name," type a name for the ruleset. +1. Optionally, to change the default enforcement status, click **Disabled** and select an enforcement status. For more information about enforcement statuses, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets) + +### Granting bypass permissions for your push ruleset + +>[!NOTE] Bypass permissions for push rulesets that target a repository will be inherited by the entire fork network for this repository. {% data reusables.repositories.rulesets-push-rulesets-bypass-permissions %} + +You can grant certain roles, teams, or apps bypass permissions as well as the ability to approve bypass requests for your ruleset. The following are eligible for bypass access: + +* Repository admins, organization owners, and enterprise owners +* The maintain or write role, or deploy keys + +1. To grant bypass permissions for the ruleset, in the "Bypass list" section, click **Add bypass**. +1. In the "Add bypass" modal dialog that appears, search for the role, team, or app you would like to grant bypass permissions, then select the role, team, or app from the "Suggestions" section and click Add Selected. + +### Choosing which organizations to target in your enterprise + +Select all organizations, choose a selection of existing organizations, or set a dynamic list by name. If you use {% data variables.product.prodname_emus %}, you can also choose to target all repositories owned by users in your enterprise. + +If you set a dynamic list, you'll add one or more naming patterns using `fnmatch` syntax. For example, the string `*open-source` would match any organization with a name that ends with `open-source`. For syntax details, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#using-fnmatch-syntax)." + +### Choosing which repositories to target in your enterprise + +Within your chosen organizations, you can target all repositories, or target a dynamic list using custom properties. See [AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization). + +### Selecting push protections + +{% data reusables.repositories.rulesets-push-rules-step %} + +### Finalizing your push ruleset and next steps + +{% data reusables.repositories.rulesets-create-and-insights-step %} + +{% endif %} diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/index.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/index.md index 6b8414d2ec58..4b6d5ea647a5 100644 --- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/index.md +++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/index.md @@ -25,6 +25,8 @@ children: - /enforcing-policies-for-github-codespaces-in-your-enterprise - /enforcing-policies-for-code-security-and-analysis-for-your-enterprise - /enforcing-policies-for-personal-access-tokens-in-your-enterprise + - /enforcing-policies-for-code-governance + - /managing-policies-for-code-governance shortTitle: Enforce policies --- diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/managing-policies-for-code-governance.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/managing-policies-for-code-governance.md new file mode 100644 index 000000000000..ea36de1701f6 --- /dev/null +++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/managing-policies-for-code-governance.md @@ -0,0 +1,83 @@ +--- +title: Managing code rulesets for repositories in your enterprise +intro: 'You can edit, monitor, and delete existing rulesets to alter how people can interact with repositories in your enterprise.' +allowTitleToDifferFromFilename: true +versions: + feature: enterprise-code-rulesets +permissions: 'Enterprise owners' +shortTitle: Manage rulesets +--- + +After creating a ruleset at the enterprise level, you can make changes to the ruleset to alter how people can interact with the targeted repositories. For example, you can: + +* Add rules to better protect the branches or tags in those repositories +* Switch your ruleset from "Evaluate" mode to "Active" after testing its effects on the contributor experience + +{% data reusables.repositories.rulesets-anyone-can-view %} + +{% ifversion push-rule-delegated-bypass %} + +## About delegated bypass + +{% data reusables.repositories.about-push-rule-delegated-bypass %} + +{% endif %} + +## Editing a ruleset + +You can edit a ruleset to change parts of the ruleset, such as the name, bypass permissions, or rules. You can also edit a ruleset to change its status, such as if you want to enable or temporarily disable a ruleset. + +{% data reusables.enterprise-accounts.access-enterprise %} +1. In the left sidebar, in the "Policies" section, click **Code**, then click **Rulesets**. +1. On the "Rulesets" page, click the name of the ruleset you want to edit. +1. Change the ruleset as required. + + For information on the available rules, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets)" + +1. At the bottom of the page, click **Save changes**. + +## Deleting a ruleset + +{% data reusables.repositories.rulesets-anyone-can-view %} + +{% data reusables.enterprise-accounts.access-enterprise %} +1. In the left sidebar, in the "Policies" section, click **Code**, then click **Rulesets**. +1. To the right of the ruleset's name, select {% octicon "kebab-horizontal" aria-label="Open additional options" %}, then click **{% octicon "trash" aria-hidden="true" %} Delete ruleset**. + +## Using ruleset history + +{% data reusables.repositories.ruleset-beta-note %} + +{% data reusables.repositories.ruleset-history-conceptual %} + +{% data reusables.enterprise-accounts.access-enterprise %} +1. In the left sidebar, in the "Policies" section, click **Code**, then click **Rulesets**. +1. To view the history of changes to the ruleset, select {% octicon "kebab-horizontal" aria-label="Open additional options" %} to the right of the ruleset's name, then click **{% octicon "history" aria-hidden="true" %} History**. +1. To the right of the specific iteration, select {% octicon "kebab-horizontal" aria-label="Open additional options" %}, then click **Compare changes**, **Restore**, or **Download**. + +## Importing a ruleset + +You can import a ruleset from another repository, organization or enterprise using the exported JSON file from the previous section. This can be useful if you want to apply the same ruleset to multiple repositories, organizations or enterprises. + +{% data reusables.enterprise-accounts.access-enterprise %} +1. In the left sidebar, in the "Policies" section, click **Code**, then click **Rulesets**. +1. Select the **New ruleset** dropdown, then click **Import a ruleset**. +1. Open the exported JSON file. +1. Review the imported ruleset and click **Create**. + +## Viewing insights for rulesets + +You can view insights for rulesets to see how rulesets are affecting the repositories in your enterprise. {% data reusables.repositories.about-ruleset-insights %} + +If a ruleset is running in "Evaluate" mode, you can see actions that would have passed or failed if the ruleset had been active. + +{% data reusables.enterprise-accounts.access-enterprise %} +1. In the left sidebar, in the "Policies" section, click **Code**, then click **Rulesets**. +1. On the "Rule insights" page, use the dropdown menus at the top of the page to filter the actions by ruleset, repository, actor, and time period. +1. To see which specific rules failed or required a bypass, click {% octicon "kebab-horizontal" aria-label="View rule runs" %}, then expand the name of the ruleset. + +{% ifversion push-rule-delegated-bypass %} + +{% data reusables.repositories.managing-delegated-bypass %} + +{% endif %} diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported.md index 2b8070616b99..cad349f09c26 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported.md @@ -14,9 +14,9 @@ shortTitle: Countries supporting SMS --- If we don't support two-factor authentication via text message for your country of residence, you can set up authentication via a TOTP mobile application. For more information, see [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication). -## Supported countries for SMS authentication +## Supported countries and regions for SMS authentication -If your country is not on this list, then we aren't currently able to reliably deliver text messages to your country. We update this list periodically. +If your country or region is not on this list, then we aren't currently able to reliably deliver text messages to your country. We update this list periodically.