Merge pull request #35369 from github/repo-sync

Repo sync
2024-11-20 07:34:33 -08:00 · 2024-11-20 07:34:33 -08:00 · 17af2826c8
--- a/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md
+++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md
@ -297,7 +297,8 @@ To help improve security, compliance, and standardization, you can customize the
 Customizing the claims results in a new format for the entire `sub` claim, which replaces the default predefined `sub` format in the token described in "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#example-subject-claims)."

 > [!NOTE]
-> The `sub` claim uses the shortened form `repo` (for example, `repo:ORG-NAME/REPO-NAME`) instead of `repository` to reference the repository.
+> The `sub` claim uses the shortened form `repo` (for example, `repo:ORG-NAME/REPO-NAME`) instead of `repository` to reference the repository. {% ifversion fpt or ghec or ghes > 3.15 %}
+> Any `:` within the context value will be replaced with `%3A`. {% endif %}

 The following example templates demonstrate various ways to customize the subject claim. To configure these settings on {% data variables.product.prodname_dotcom %}, admins use the REST API to specify a list of claims that must be included in the subject (`sub`) claim.

@ -420,6 +421,26 @@ or:

 In your cloud provider's OIDC configuration, configure the `sub` condition to require a `repository_owner_id` claim that matches the required value.

+{% ifversion fpt or ghec or ghes > 3.15 %}
+
+#### Example: Context value with `:`
+
+This example demonstrates how to handle context value with `:`. For example, when the job references an environment named `production:eastus`.
+
+{% data reusables.actions.use-request-body-api %}
+
+```json
+{
+   "include_claim_keys": [
+       "environment",
+       "repository_owner"
+   ]
+}
+```
+
+In your cloud provider's OIDC configuration, configure the `sub` condition to require that claims must include a specific value for `environment` and `repository_owner`. For example: `"sub": "environment:production%3Aeastus:repository_owner:octo-org"`.
+{% endif %}
+
 #### Resetting organization template customizations

 This example template resets the subject claims to the default format. This template effectively opts out of any organization-level customization policy.
--- a/data/release-notes/enterprise-server/3-14/2.yml
+++ b/data/release-notes/enterprise-server/3-14/2.yml
@ -82,3 +82,9 @@ sections:
      {% data reusables.release-notes.2024-11-ghe-repl-promote-primary-down %}

      [Updated: 2024-11-13]
+      
+  deprecations:
+    - |
+      The option to "copy Storage settings from Actions" in the Management Console ("GitHub Packages" > "Packages Storage Settings") has been removed. [Updated: 2024-11-20]
+      
+  
--- a/data/release-notes/enterprise-server/3-15/0-rc1.yml
+++ b/data/release-notes/enterprise-server/3-15/0-rc1.yml
@ -226,6 +226,8 @@ sections:
    # https://github.com/github/releases/issues/4878
    - |
      The Management Console API has been removed. The Manage GHES API reached feature parity with the Management Console API in {% data variables.product.prodname_ghe_server %} version 3.12. For information about the Manage GHES API, see "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)."
+    - |
+      The option to "copy Storage settings from Actions" in the Management Console ("GitHub Packages" > "Packages Storage Settings") has been removed. [Updated: 2024-11-20]

  errata:
    # https://github.com/github/docs-content/issues/16489