Merge branch 'main' into fix-typos

.github/CODEOWNERS

@@ -27,6 +27,9 @@ package.json @github/docs-engineering
 # Content strategy
 /contributing/content-markup-reference.md @github/docs-content-strategy
 /contributing/content-style-guide.md @github/docs-content-strategy
+/contributing/content-model.md @github/docs-content-strategy
+/contributing/content-style-guide.md @github/docs-content-strategy
+/contributing/content-templates.md @github/docs-content-strategy
 
 # Make sure that Octokit maintainers get notified about changes
 # relevant to the Octokit libraries (https://github.com/octokit)

.github/PULL_REQUEST_TEMPLATE.md

@@ -24,7 +24,7 @@ Closes [issue link]
 
 ### Check off the following:
 
-- [ ] I have reviewed my changes in staging (look for the **deploy-to-heroku** link in your pull request, then click **View deployment**).
+- [ ] I have reviewed my changes in staging (look for the latest deployment event in your pull request's timeline, then click **View deployment**).
 - [ ] For content changes, I have completed the [self-review checklist](https://github.com/github/docs/blob/main/CONTRIBUTING.md#self-review).
 
 ### Writer impact (This section is for GitHub staff members only):

.github/workflows/browser-test.yml

@@ -41,5 +41,5 @@ jobs:
       - name: Install dependencies
         run: npm ci --include=optional
 
-      - name: Run brower-test
+      - name: Run browser-test
         run: npm run browser-test

.github/workflows/move-new-issues-to-correct-docs-repo.yml

@@ -48,7 +48,7 @@ jobs:
               owner: owner,
               repo: originalRepo,
               issue_number: issueNo,
-              body: `👋  Moving forward, we're asking that folks create all new Docs issues in the [${process.env.TEAM_ENGINEERING_REPO}](${process.env.TEAM_ENGINEERING_REPO}) repo and all new content issues in [${process.env.TEAM_CONTENT_REPO}](${process.env.TEAM_CONTENT_REPO}). We transferred it for you!`
+              body: `👋  You opened this issue in `${context.repo.repo}`. Moving forward, we're asking that folks create new issues in the following repositories instead:\n- For issues with the docs site, please submit to the [${process.env.TEAM_ENGINEERING_REPO}](/${owner}/${process.env.TEAM_ENGINEERING_REPO}) repo.\n- For all new content issues, please submit to the [${process.env.TEAM_CONTENT_REPO}](/${owner}/${process.env.TEAM_CONTENT_REPO}) repo.\n\nWe will transfer this issue for you!`
             })
 
             // Transfer the issue to the correct repo

.github/workflows/repo-sync.yml

@@ -136,6 +136,24 @@ jobs:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           number: ${{ steps.find-pull-request.outputs.number }}
 
+      # Because we get far too much spam ;_;
+      - name: Lock conversations
+        if: ${{ github.repository == 'github/docs' && steps.find-pull-request.outputs.number }}
+        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        with:
+          script: |
+            try {
+              await github.issues.lock({
+                ...context.repo,
+                issue_number: parseInt(${{ steps.find-pull-request.outputs.number }}),
+                lock_reason: 'spam'
+              })
+              console.log('Locked the pull request to prevent spam!')
+            } catch (error) {
+              // Log the error but don't fail the workflow
+              console.error(`Failed to lock the pull request. Error: ${error}`)
+            }
+
       # There are cases where the branch becomes out-of-date in between the time this workflow began and when the pull request is created/updated
       - name: Update branch
         if: ${{ steps.find-pull-request.outputs.number }}

.github/workflows/staging-deploy-pr.yml

@@ -0,0 +1,201 @@
+name: Staging - Deploy PR
+
+# **What it does**: To deploy PRs to a Heroku staging environment.
+# **Why we have it**: To deploy with high visibility in case of failures.
+# **Who does it impact**: All contributors.
+
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - unlocked
+  workflow_dispatch:
+    inputs:
+      pullRequestUrl:
+        description: 'Pull Request URL'
+        required: true
+        default: 'https://github.com/github/docs/pull/1234'
+      forceRebuild:
+        description: 'Force the Heroku App to be rebuilt from scratch? (true/false)'
+        required: false
+        default: 'false'
+
+jobs:
+  validate-inputs:
+    if: ${{ github.repository == 'github/docs-internal' || github.repository == 'github/docs' }}
+    name: Validate inputs
+    runs-on: ubuntu-latest
+    timeout-minutes: 2
+    outputs:
+      headRef: ${{ steps.validate.outputs.headRef }}
+    steps:
+      - if: ${{ github.event_name == 'workflow_dispatch' }}
+        name: Check out repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+        with:
+          # Enables cloning the Early Access repo later with the relevant PAT
+          persist-credentials: 'false'
+
+      - if: ${{ github.event_name == 'workflow_dispatch' }}
+        name: Setup node
+        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        with:
+          node-version: 16.x
+
+      - if: ${{ github.event_name == 'workflow_dispatch' }}
+        name: Get npm cache directory
+        id: npm-cache
+        run: |
+          echo "::set-output name=dir::$(npm config get cache)"
+
+      - if: ${{ github.event_name == 'workflow_dispatch' }}
+        name: Cache node modules
+        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
+        with:
+          path: ${{ steps.npm-cache.outputs.dir }}
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - if: ${{ github.event_name == 'workflow_dispatch' }}
+        name: Install dependencies
+        run: npm ci
+
+      - if: ${{ github.event_name == 'workflow_dispatch' }}
+        name: Validate and get head.ref
+        id: validate
+        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        env:
+          PR_URL: ${{ github.event.inputs.pullRequestUrl }}
+          FORCE_REBUILD: ${{ github.event.inputs.forceRebuild }}
+        with:
+          script: |
+            const parsePrUrl = require('./script/deployment/parse-pr-url')
+
+            // Manually resolve workflow_dispatch inputs
+            const { PR_URL, FORCE_REBUILD } = process.env
+
+            if (!['true', 'false'].includes(FORCE_REBUILD)) {
+              throw new Error(`'forceRebuild' input must be either 'true' or 'false' but was '${FORCE_REBUILD}'`)
+            }
+
+            const { owner, repo, pullNumber } = parsePrUrl(PR_URL)
+            if (!owner || !repo || !pullNumber) {
+              throw new Error(`'pullRequestUrl' input must match URL format 'https://github.com/github/(docs|docs-internal)/pull/123' but was '${PR_URL}'`)
+            }
+
+            const { data: pullRequest } = await github.pulls.get({
+              owner,
+              repo,
+              pull_number: pullNumber
+            })
+
+            core.setOutput('headRef', pullRequest.head.ref)
+
+  deploy:
+    if: ${{ github.repository == 'github/docs-internal' || github.repository == 'github/docs' }}
+    needs: validate-inputs
+    name: Deploy
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    concurrency:
+      group: staging_${{ needs.validate-inputs.outputs.headRef || github.head_ref }}
+      cancel-in-progress: true
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+        with:
+          # Enables cloning the Early Access repo later with the relevant PAT
+          persist-credentials: 'false'
+
+      - name: Setup node
+        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        with:
+          node-version: 16.x
+
+      - name: Get npm cache directory
+        id: npm-cache
+        run: |
+          echo "::set-output name=dir::$(npm config get cache)"
+
+      - name: Cache node modules
+        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
+        with:
+          path: ${{ steps.npm-cache.outputs.dir }}
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Deploy
+        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          HEROKU_API_TOKEN: ${{ secrets.HEROKU_API_TOKEN }}
+          DOCUBOT_REPO_PAT: ${{ secrets.DOCUBOT_REPO_PAT }}
+          HYDRO_ENDPOINT: ${{ secrets.HYDRO_ENDPOINT }}
+          HYDRO_SECRET: ${{ secrets.HYDRO_SECRET }}
+          PR_URL: ${{ github.event.inputs.pullRequestUrl }}
+          FORCE_REBUILD: ${{ github.event.inputs.forceRebuild }}
+        with:
+          script: |
+            const { GITHUB_TOKEN, HEROKU_API_TOKEN } = process.env
+
+            // Exit if GitHub Actions PAT is not found
+            if (!GITHUB_TOKEN) {
+              throw new Error('You must supply a GITHUB_TOKEN environment variable!')
+            }
+
+            // Exit if Heroku API token is not found
+            if (!HEROKU_API_TOKEN) {
+              throw new Error('You must supply a HEROKU_API_TOKEN environment variable!')
+            }
+
+            const parsePrUrl = require('./script/deployment/parse-pr-url')
+            const getOctokit = require('./script/helpers/github')
+            const deployToStaging = require('./script/deployment/deploy-to-staging')
+
+            // This helper uses the `GITHUB_TOKEN` implicitly!
+            // We're using our usual version of Octokit vs. the provided `github`
+            // instance to avoid versioning discrepancies.
+            const octokit = getOctokit()
+
+            try {
+              let pullRequest = null
+              let forceRebuild = false
+
+              // Manually resolve workflow_dispatch inputs
+              if (context.eventName === 'workflow_dispatch') {
+                const { PR_URL, FORCE_REBUILD } = process.env
+
+                forceRebuild = FORCE_REBUILD === 'true'
+
+                const { owner, repo, pullNumber } = parsePrUrl(PR_URL)
+                if (!owner || !repo || !pullNumber) {
+                  throw new Error(`'pullRequestUrl' input must match URL format 'https://github.com/github/(docs|docs-internal)/pull/123' but was '${PR_URL}'`)
+                }
+
+                const { data: pr } = await octokit.pulls.get({
+                  owner,
+                  repo,
+                  pull_number: pullNumber
+                })
+                pullRequest = pr
+              }
+
+              await deployToStaging({
+                herokuToken: HEROKU_API_TOKEN,
+                octokit,
+                pullRequest: pullRequest || context.payload.pull_request,
+                forceRebuild,
+                runId: context.runId
+              })
+            } catch (error) {
+              console.error(`Failed to deploy to staging: ${error.message}`)
+              console.error(error)
+              throw error
+            }

.github/workflows/staging-undeploy-pr.yml

@@ -0,0 +1,88 @@
+name: Staging - Undeploy PR
+
+# **What it does**: To undeploy PRs from a Heroku staging environment, i.e. destroy the Heroku App.
+# **Why we have it**: To save money spent on deployments for closed PRs.
+# **Who does it impact**: All contributors.
+
+on:
+  pull_request:
+    types:
+      - closed
+      - locked
+
+jobs:
+  undeploy:
+    if: ${{ github.repository == 'github/docs-internal' || github.repository == 'github/docs' }}
+    name: Undeploy
+    runs-on: ubuntu-latest
+    timeout-minutes: 2
+    concurrency:
+      group: staging_${{ github.head_ref }}
+      cancel-in-progress: true
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+        with:
+          # Enables cloning the Early Access repo later with the relevant PAT
+          persist-credentials: 'false'
+
+      - name: Setup node
+        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        with:
+          node-version: 16.x
+
+      - name: Get npm cache directory
+        id: npm-cache
+        run: |
+          echo "::set-output name=dir::$(npm config get cache)"
+
+      - name: Cache node modules
+        uses: actions/cache@0781355a23dac32fd3bac414512f4b903437991a
+        with:
+          path: ${{ steps.npm-cache.outputs.dir }}
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Undeploy
+        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          HEROKU_API_TOKEN: ${{ secrets.HEROKU_API_TOKEN }}
+        with:
+          script: |
+            const { GITHUB_TOKEN, HEROKU_API_TOKEN } = process.env
+
+            // Exit if GitHub Actions PAT is not found
+            if (!GITHUB_TOKEN) {
+              throw new Error('You must supply a GITHUB_TOKEN environment variable!')
+            }
+
+            // Exit if Heroku API token is not found
+            if (!HEROKU_API_TOKEN) {
+              throw new Error('You must supply a HEROKU_API_TOKEN environment variable!')
+            }
+
+            const getOctokit = require('./script/helpers/github')
+            const undeployFromStaging = require('./script/deployment/undeploy-from-staging')
+
+            // This helper uses the `GITHUB_TOKEN` implicitly!
+            // We're using our usual version of Octokit vs. the provided `github`
+            // instance to avoid versioning discrepancies.
+            const octokit = getOctokit()
+
+            try {
+              await undeployFromStaging({
+                herokuToken: HEROKU_API_TOKEN,
+                octokit,
+                pullRequest: context.payload.pull_request,
+                runId: context.runId
+              })
+            } catch (error) {
+              console.error(`Failed to undeploy from staging: ${error.message}`)
+              console.error(error)
+              throw error
+            }

.github/workflows/workflow-lint.yml

@@ -26,4 +26,4 @@ jobs:
       - name: Run linter
         uses: cschleiden/actions-linter@0ff16d6ac5103cca6c92e6cbc922b646baaea5be
         with:
-          workflows: '[".github/workflows/*.yml"]'
+          workflows: '[".github/workflows/*.yml", "!.github/workflows/staging-deploy-pr.yml", "!.github/workflows/staging-undeploy-pr.yml"]'

components/DefaultLayout.tsx

@@ -11,7 +11,7 @@ import { useTranslation } from './hooks/useTranslation'
 
 type Props = { children?: React.ReactNode }
 export const DefaultLayout = (props: Props) => {
-  const { builtAssets, page, error, isHomepageVersion } = useMainContext()
+  const { page, error, isHomepageVersion } = useMainContext()
   const { t } = useTranslation('errors')
   return (
     <div className="d-lg-flex">
@@ -22,8 +22,6 @@ export const DefaultLayout = (props: Props) => {
           <title>{page.fullTitle}</title>
         ) : null}
 
-        <script src={builtAssets.main.js} />
-
         {/* For Google and Bots */}
         {page.introPlainText && <meta name="description" content={page.introPlainText} />}
 

components/Header.tsx

@@ -34,7 +34,7 @@ export const Header = () => {
         style={{ zIndex: 2 }}
       >
         {/* desktop header */}
-        <div className="d-none d-lg-flex flex-justify-end">
+        <div className="d-none d-lg-flex flex-justify-end" data-testid="desktop-header">
           {showVersionPicker && (
             <div className="py-2 mr-4">
               <HomepageVersionPicker />
@@ -54,7 +54,7 @@ export const Header = () => {
         </div>
 
         {/* mobile header */}
-        <div className="d-lg-none">
+        <div className="d-lg-none" data-testid="mobile-header">
           <div className="d-flex flex-justify-between">
             <div className="d-flex flex-items-center" id="github-logo-mobile" role="banner">
               <Link aria-hidden="true" tabIndex={-1} href={`/${router.locale}`}>
@@ -71,6 +71,7 @@ export const Header = () => {
 
             <div>
               <ButtonOutline
+                data-testid="mobile-menu-button"
                 css
                 onClick={() => setIsMenuOpen(!isMenuOpen)}
                 aria-label="Navigation Menu"

components/LanguagePicker.tsx

@@ -32,7 +32,7 @@ export const LanguagePicker = ({ variant }: Props) => {
               <Link
                 key={lang.code}
                 href={router.asPath}
-                locale={lang.hreflang}
+                locale={lang.code}
                 className={cx(
                   'd-block py-2',
                   lang.code === router.locale
@@ -71,7 +71,7 @@ export const LanguagePicker = ({ variant }: Props) => {
         {langs.map((lang) => {
           return (
             <Dropdown.Item key={lang.code}>
-              <Link href={router.asPath} locale={lang.hreflang}>
+              <Link href={router.asPath} locale={lang.code}>
                 {lang.nativeName ? (
                   <>
                     {lang.nativeName} ({lang.name})

components/Link.tsx

@@ -4,7 +4,7 @@ import { useMainContext } from 'components/context/MainContext'
 
 const { NODE_ENV } = process.env
 
-const enableNextLinks = false
+const enableNextLinks = true
 
 type Props = { locale?: string } & ComponentProps<'a'>
 export function Link(props: Props) {

components/PrintAction.tsx

@@ -0,0 +1,16 @@
+import React from 'react'
+
+type Props = {
+  children: React.ReactElement
+}
+export function PrintAction({ children }: Props) {
+  const onClick = () => {
+    try {
+      document.execCommand('print', false)
+    } catch (e) {
+      window.print()
+    }
+  }
+
+  return React.cloneElement(React.Children.only(children), { onClick })
+}

components/Search.tsx

@@ -5,6 +5,7 @@ import { useTranslation } from 'components/hooks/useTranslation'
 import { sendEvent, EventType } from '../javascripts/events'
 import { useMainContext } from './context/MainContext'
 import { useVersion } from 'components/hooks/useVersion'
+import cx from 'classnames'
 
 type SearchResult = {
   url: string
@@ -22,7 +23,8 @@ type Props = {
 // Homepage and 404 should be `isStandalone`, all others not
 // `updateSearchParams` should be false on the GraphQL explorer page
 export function Search({ isStandalone = false, updateSearchParams = true, children }: Props) {
-  const [query, setQuery] = useState('')
+  const router = useRouter()
+  const [query, setQuery] = useState(router.query.query || '')
   const [results, setResults] = useState<Array<SearchResult>>([])
   const [activeHit, setActiveHit] = useState(0)
   const inputRef = useRef<HTMLInputElement>(null)
@@ -31,18 +33,14 @@ export function Search({ isStandalone = false, updateSearchParams = true, childr
 
   // Figure out language and version for index
   const { languages, searchVersions, nonEnterpriseDefaultVersion } = useMainContext()
-  const router = useRouter()
   // fall back to the non-enterprise default version (FPT currently) on the homepage, 404 page, etc.
   const version = searchVersions[currentVersion] || searchVersions[nonEnterpriseDefaultVersion]
   const language = (Object.keys(languages).includes(router.locale || '') && router.locale) || 'en'
 
   // If the user shows up with a query in the URL, go ahead and search for it
   useEffect(() => {
-    const params = new URLSearchParams(location.search)
-    if (params.has('query')) {
-      const xquery = params.get('query')?.trim() || ''
-      setQuery(xquery)
-      /* await */ fetchSearchResults(xquery)
+    if (router.query.query) {
+      /* await */ fetchSearchResults((router.query.query as string).trim())
     }
   }, [])
 
@@ -182,7 +180,7 @@ export function Search({ isStandalone = false, updateSearchParams = true, childr
       </div>
       {/* eslint-disable-next-line jsx-a11y/click-events-have-key-events, jsx-a11y/no-static-element-interactions */}
       <div
-        className={'search-overlay-desktop' + (!isStandalone && query ? ' js-open' : '')}
+        className={cx('search-overlay-desktop', !isStandalone && query ? 'js-open' : '')}
         onClick={closeSearch}
       ></div>
     </>
@@ -193,8 +191,9 @@ export function Search({ isStandalone = false, updateSearchParams = true, childr
       <div className="ais-SearchBox">
         <form role="search" className="ais-SearchBox-form" noValidate onSubmit={preventRefresh}>
           <input
+            data-testid="site-search-input"
             ref={inputRef}
-            className={'ais-SearchBox-input' + (isStandalone || query ? ' js-open' : '')}
+            className={cx('ais-SearchBox-input', isStandalone || query ? 'js-open' : '')}
             type="search"
             placeholder={t`placeholder`}
             /* eslint-disable-next-line jsx-a11y/no-autofocus */

components/SidebarNav.tsx

@@ -55,6 +55,7 @@ export const SidebarNav = () => {
             width: 280px;
             height: 100vh;
             flex-shrink: 0;
+            padding-bottom: 32px;
           }
         `}
       </style>

components/Survey.tsx

@@ -35,7 +35,7 @@ export const Survey = () => {
   }
 
   return (
-    <form className="f5" onSubmit={submit} ref={formRef}>
+    <form className="f5" onSubmit={submit} ref={formRef} data-testid="survey-form">
       <h2 className="mb-1 f4">
         {t`able_to_find`}
 
@@ -128,7 +128,9 @@ export const Survey = () => {
         </>
       )}
 
-      {state === ViewState.END && <p className="color-text-secondary f6">{t`feedback`}</p>}
+      {state === ViewState.END && (
+        <p className="color-text-secondary f6" data-testid="survey-end">{t`feedback`}</p>
+      )}
     </form>
   )
 }

components/article/ArticleTitle.tsx

@@ -1,6 +1,8 @@
 import { Tooltip } from '@primer/components'
 import { PrinterIcon } from './PrinterIcon'
 
+import { PrintAction } from 'components/PrintAction'
+
 type Props = {
   children: React.ReactNode
 }
@@ -10,18 +12,11 @@ export const ArticleTitle = ({ children }: Props) => {
       <h1 className="my-4 border-bottom-0">{children}</h1>
       <div className="d-none d-lg-block ml-2">
         <Tooltip aria-label="Print this article" noDelay direction="n">
-          <button
-            className="btn-link Link--muted"
-            onClick={() => {
-              try {
-                document.execCommand('print', false)
-              } catch (e) {
-                window.print()
-              }
-            }}
-          >
-            <PrinterIcon />
-          </button>
+          <PrintAction>
+            <button className="btn-link Link--muted">
+              <PrinterIcon />
+            </button>
+          </PrintAction>
         </Tooltip>
       </div>
     </div>

components/context/MainContext.tsx

@@ -68,7 +68,6 @@ export type MainContextT = {
     maptopic?: BreadcrumbT
     article?: BreadcrumbT
   }
-  builtAssets: { main: { js: string } }
   activeProducts: Array<ProductT>
   currentProduct?: ProductT
   currentLayoutName: string
@@ -112,13 +111,12 @@ export type MainContextT = {
 
 export const getMainContextFromRequest = (req: any): MainContextT => {
   return {
-    builtAssets: { main: { js: req.context.builtAssets.main.js } },
     breadcrumbs: req.context.breadcrumbs || {},
     activeProducts: req.context.activeProducts,
     currentProduct: req.context.productMap[req.context.currentProduct] || null,
     currentLayoutName: req.context.currentLayoutName,
     isHomepageVersion: req.context.currentVersion === 'homepage',
-    error: req.context.error || '',
+    error: req.context.error ? req.context.error.toString() : '',
     data: {
       ui: req.context.site.data.ui,
       reusables: {

components/context/ProductLandingContext.tsx

@@ -79,7 +79,7 @@ export const getFeaturedLinksFromReq = (req: any): Record<string, Array<Featured
     Object.entries(req.context.featuredLinks || {}).map(([key, entries]) => {
       return [
         key,
-        (entries as Array<any> || []).map((entry: any) => ({
+        ((entries as Array<any>) || []).map((entry: any) => ({
           href: entry.href,
           title: entry.title,
           intro: entry.intro,
@@ -144,7 +144,7 @@ export const getProductLandingContextFromRequest = (req: any): ProductLandingCon
               ? req.context.page.featuredLinks.popularHeading || req.context.site.data.ui.toc[key]
               : req.context.site.data.ui.toc[key],
           viewAllHref:
-            key === 'guides' && !req.context.currentCategory && hasGuidesPage 
+            key === 'guides' && !req.context.currentCategory && hasGuidesPage
               ? `${req.context.currentPath}/guides`
               : '',
           articles: links.map((link: any) => {

components/context/ProductSubLandingContext.tsx

@@ -5,7 +5,7 @@ export type FeaturedTrack = {
   trackName: string
   title: string
   description: string
-  guides?: Array<{ href: string; page: { type: string }; title: string; intro: string }>
+  guides?: Array<{ href: string; page?: { type: string }; title: string; intro: string }>
 } | null
 
 export type ArticleGuide = {
@@ -60,7 +60,10 @@ export const getProductSubLandingContextFromRequest = (req: any): ProductSubLand
       }),
     })),
     includeGuides: (page.includeGuides || []).map((guide: any) => {
-      return pick(guide, ['href', 'title', 'intro', 'type', 'topics'])
+      return {
+        ...pick(guide, ['href', 'title', 'intro', 'topics']),
+        type: guide.type || '',
+      }
     }),
   }
 }

components/landing/ArticleList.tsx

@@ -41,7 +41,7 @@ export const ArticleList = ({
         </div>
       )}
 
-      <ul className="list-style-none">
+      <ul className="list-style-none" data-testid="article-list">
         {articles.map((link) => {
           return (
             <li key={link.href} className={cx(variant === 'compact' && 'border-top')}>

components/landing/CodeExampleCard.tsx

@@ -9,6 +9,7 @@ export const CodeExampleCard = ({ example }: Props) => {
   return (
     <a
       className="Box d-flex flex-column flex-justify-between height-full color-shadow-medium hover-shadow-large no-underline color-text-primary"
+      data-testid="code-example-card"
       href={`https://github.com/${example.href}`}
     >
       <div className="p-4">

components/landing/CodeExamples.tsx

@@ -32,6 +32,7 @@ export const CodeExamples = () => {
     <div>
       <div className="pr-lg-3 mb-5 mt-3">
         <input
+          data-testid="code-examples-input"
           className="input-lg py-2 px-3 col-12 col-lg-8 form-control"
           placeholder={t('search_code_examples')}
           type="search"
@@ -53,6 +54,7 @@ export const CodeExamples = () => {
 
       {numVisible < productCodeExamples.length && !isSearching && (
         <button
+          data-testid="code-examples-show-more"
           className="btn btn-outline float-right"
           onClick={() => setNumVisible(numVisible + PAGE_SIZE)}
         >
@@ -61,7 +63,10 @@ export const CodeExamples = () => {
       )}
 
       {isSearching && searchResults.length === 0 && (
-        <div className="py-4 text-center color-text-secondary font-mktg">
+        <div
+          data-testid="code-examples-no-results"
+          className="py-4 text-center color-text-secondary font-mktg"
+        >
           <div className="mb-3">
             <SearchIcon size={24} />{' '}
           </div>

components/landing/LandingSection.tsx

@@ -12,7 +12,13 @@ export const LandingSection = ({ title, children, className, sectionLink, descri
     <div className={cx('container-xl px-3 px-md-6', className)} id={sectionLink}>
       {title && (
         <h2 className={cx('font-mktg h1 color-text-primary', !description ? 'mb-3' : 'mb-4')}>
-          {sectionLink ? <a className="color-unset" href={`#${sectionLink}`}>{title}</a> : title}
+          {sectionLink ? (
+            <a className="color-unset" href={`#${sectionLink}`}>
+              {title}
+            </a>
+          ) : (
+            title
+          )}
         </h2>
       )}
       {description && (

components/landing/ProductArticlesList.tsx

@@ -16,7 +16,7 @@ export const ProductArticlesList = () => {
   }
 
   return (
-    <div className="d-flex gutter flex-wrap">
+    <div className="d-flex gutter flex-wrap" data-testid="product-articles-list">
       {currentProductTree.childPages.map((treeNode, i) => {
         if (treeNode.page.documentType === 'article') {
           return null
@@ -34,7 +34,9 @@ const ProductTreeNodeList = ({ treeNode }: { treeNode: ProductTreeNode }) => {
   return (
     <div className="col-12 col-lg-4 mb-6 height-full">
       <h4 className="mb-3">
-        <Link className="color-unset" href={treeNode.href}>{treeNode.renderedFullTitle}</Link>
+        <Link className="color-unset" href={treeNode.href}>
+          {treeNode.renderedFullTitle}
+        </Link>
       </h4>
 
       <ul className="list-style-none">

components/landing/ProductLanding.tsx

@@ -37,7 +37,11 @@ export const ProductLanding = () => {
       </LandingSection>
 
       {productCodeExamples.length > 0 && (
-        <LandingSection title={t('code_examples')} sectionLink="code-examples" className="my-6 pb-6">
+        <LandingSection
+          title={t('code_examples')}
+          sectionLink="code-examples"
+          className="my-6 pb-6"
+        >
           <CodeExamples />
         </LandingSection>
       )}
@@ -68,7 +72,7 @@ export const ProductLanding = () => {
         </div>
       )}
 
-      <LandingSection title={`All ${shortTitle} docs`} sectionLink="all-docs"  className="pt-9">
+      <LandingSection title={`All ${shortTitle} docs`} sectionLink="all-docs" className="pt-9">
         <ProductArticlesList />
       </LandingSection>
     </DefaultLayout>

components/release-notes/GHESReleaseNotePatch.tsx

@@ -6,6 +6,7 @@ import { PatchNotes } from './PatchNotes'
 import { Link } from 'components/Link'
 import { CurrentVersion, ReleaseNotePatch, GHESMessage } from './types'
 import { useOnScreen } from 'components/hooks/useOnScreen'
+import { PrintAction } from 'components/PrintAction'
 
 type Props = {
   patch: ReleaseNotePatch
@@ -65,7 +66,9 @@ export function GHESReleaseNotePatch({
             </Link>
           )}
 
-          <button className="js-print btn-link ml-3 text-small text-bold">Print</button>
+          <PrintAction>
+            <button className="btn-link ml-3 text-small text-bold">Print</button>
+          </PrintAction>
         </div>
 
         <p className="color-text-secondary mt-1">{dayjs(patch.date).format('MMMM, DD, YYYY')}</p>

components/release-notes/GHESReleaseNotes.tsx

@@ -36,7 +36,7 @@ export function GHESReleaseNotes({ context }: Props) {
           {prevRelease ? (
             <Link
               className="btn btn-outline"
-              href={`/${currentLanguage}/${currentVersion.plan}@${prevRelease}/${currentProduct}/release-notes`}
+              href={`/${currentLanguage}/${currentVersion.plan}@${prevRelease}/${currentProduct?.id}/release-notes`}
             >
               <ChevronLeftIcon /> {prevRelease}
             </Link>
@@ -51,7 +51,7 @@ export function GHESReleaseNotes({ context }: Props) {
           {nextRelease ? (
             <Link
               className="btn btn-outline"
-              href={`/${currentLanguage}/${currentVersion.plan}@${nextRelease}/${currentProduct}/release-notes`}
+              href={`/${currentLanguage}/${currentVersion.plan}@${nextRelease}/${currentProduct?.id}/release-notes`}
             >
               {nextRelease} <ChevronRightIcon />
             </Link>

components/sublanding/ArticleCard.tsx

@@ -7,16 +7,19 @@ type Props = {
 
 export const ArticleCard = ({ card, typeLabel }: Props) => {
   return (
-    <div className="d-flex col-12 col-md-4 pr-0 pr-md-6 pr-lg-8">
+    <div data-testid="article-card" className="d-flex col-12 col-md-4 pr-0 pr-md-6 pr-lg-8">
       <a className="no-underline d-flex flex-column py-3 border-bottom" href={card.href}>
         <h4 className="h4 color-text-primary mb-1">{card.title}</h4>
-        <div className="h6 text-uppercase">{typeLabel}</div>
+        <div className="h6 text-uppercase" data-testid="article-card-type">
+          {typeLabel}
+        </div>
         <p className="color-text-secondary my-3">{card.intro}</p>
         {card.topics.length > 0 && (
           <div>
             {card.topics.map((topic) => {
               return (
                 <span
+                  data-testid="article-card-topic"
                   key={topic}
                   className="IssueLabel bg-gradient--pink-blue color-text-inverse mr-1"
                 >

components/sublanding/ArticleCards.tsx

@@ -50,6 +50,7 @@ export const ArticleCards = () => {
             className="form-select f4 text-bold border-0 rounded-0 border-top box-shadow-none pl-0"
             name="type"
             aria-label="guide types"
+            data-testid="card-filter-dropdown"
             onChange={onChangeTypeFilter}
           >
             <option value="">{t('filters.all')}</option>
@@ -70,6 +71,7 @@ export const ArticleCards = () => {
             value={topicFilter}
             className="form-select f4 text-bold border-0 rounded-0 border-top box-shadow-none pl-0"
             name="topics"
+            data-testid="card-filter-dropdown"
             aria-label="guide topics"
             onChange={onChangeTopicFilter}
           >

components/sublanding/LearningTrack.tsx

@@ -7,17 +7,17 @@ type Props = {
   track: FeaturedTrack
 }
 
-const MAX_VISIBLE_GUIDES = 4
+const DEFAULT_VISIBLE_GUIDES = 4
 export const LearningTrack = ({ track }: Props) => {
-  const [visibleGuides, setVisibleGuides] = useState(track?.guides?.slice(0, 4))
+  const [numVisible, setNumVisible] = useState(DEFAULT_VISIBLE_GUIDES)
   const showAll = () => {
-    setVisibleGuides(track?.guides)
+    setNumVisible(track?.guides?.length || 0)
   }
   const { t } = useTranslation('product_sublanding')
 
   return (
     <div className="my-3 px-4 col-12 col-md-6 learning-track">
-      <div className="Box js-show-more-container d-flex flex-column">
+      <div className="Box d-flex flex-column">
         <div className="Box-header bg-gradient--blue-pink p-4 d-flex flex-1 flex-items-start flex-wrap">
           <div className="d-flex flex-auto flex-items-start col-8 col-md-12 col-xl-8">
             <div className="my-xl-0 mr-xl-3">
@@ -38,10 +38,11 @@ export const LearningTrack = ({ track }: Props) => {
             </span>
           </a>
         </div>
-        {visibleGuides?.map((guide) => (
-          <div>
+
+        {track?.guides?.slice(0, numVisible).map((guide) => (
+          <div key={guide.href + track?.trackName}>
             <a
-              className="Box-row d-flex flex-items-center color-text-primary no-underline js-show-more-item"
+              className="Box-row d-flex flex-items-center color-text-primary no-underline"
               href={`${guide.href}?learn=${track?.trackName}`}
             >
               <div className="circle color-bg-tertiary d-inline-flex mr-4">
@@ -53,27 +54,28 @@ export const LearningTrack = ({ track }: Props) => {
               </div>
               <h5 className="flex-auto pr-2">{guide.title}</h5>
               <div className="color-text-tertiary h6 text-uppercase flex-shrink-0">
-                {t('guide_types')[guide.page.type]}
+                {t('guide_types')[guide.page?.type || '']}
               </div>
             </a>
-            {track?.guides && track?.guides?.indexOf(guide) + 1 === MAX_VISIBLE_GUIDES ? (
-              <button
-                className="Box-footer btn-link border-top-0 position-relative text-center text-bold color-text-link pt-1 pb-3 col-12 js-show-more-button"
-                onClick={showAll}
-              >
-                <div
-                  className="position-absolute left-0 right-0 py-5 fade-background-bottom"
-                  style={{ bottom: '50px' }}
-                ></div>
-                <span>
-                  Show {track?.guides?.length - MAX_VISIBLE_GUIDES} {t(`more_guides`)}
-                </span>
-              </button>
-            ) : (
-              <div />
-            )}
           </div>
         ))}
+
+        {(track?.guides?.length || 0) > numVisible ? (
+          <button
+            className="Box-footer btn-link border-top-0 position-relative text-center text-bold color-text-link pt-1 pb-3 col-12"
+            onClick={showAll}
+          >
+            <div
+              className="position-absolute left-0 right-0 py-5 fade-background-bottom"
+              style={{ bottom: '50px' }}
+            ></div>
+            <span>
+              Show {(track?.guides?.length || 0) - numVisible} {t(`more_guides`)}
+            </span>
+          </button>
+        ) : (
+          <div />
+        )}
       </div>
     </div>
   )

components/sublanding/SubLandingHero.tsx

@@ -9,7 +9,7 @@ export const SubLandingHero = () => {
   const { t } = useTranslation('product_sublanding')
 
   const guideItems = featuredTrack?.guides?.map((guide) => (
-    <li className="px-2 d-flex flex-shrink-0">
+    <li className="px-2 d-flex flex-shrink-0" key={guide.href}>
       <Link
         href={`${guide.href}?learn=${featuredTrack.trackName}`}
         className="d-inline-block Box p-5 color-bg-primary color-border-primary no-underline"
@@ -26,7 +26,7 @@ export const SubLandingHero = () => {
             )}
           </div>
           <div className="color-text-tertiary h6 text-uppercase">
-            {t('guide_types')[guide.page.type]}
+            {t('guide_types')[guide.page?.type || '']}
           </div>
         </div>
         <h3 className="font-mktg h3-mktg my-4 color-text-primary">{guide.title}</h3>

content/actions/guides/building-and-testing-python.md

@@ -397,17 +397,22 @@ jobs:
 
 ## Publishing to package registries
 
-You can configure your workflow to publish your Python package to any package registry you'd like when your CI tests pass.
+You can configure your workflow to publish your Python package to a package registry once your CI tests pass. This section demonstrates how you can use {% data variables.product.prodname_actions %} to upload your package to PyPI each time you [publish a release](/github/administering-a-repository/managing-releases-in-a-repository). 
 
-You can store any access tokens or credentials needed to publish your package using secrets. The following example creates and publishes a package to PyPI using `twine` and `dist`. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
+For this example, you will need to create two [PyPI API tokens](https://pypi.org/help/#apitoken). You can use secrets to store the access tokens or credentials needed to publish your package. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
 
 {% raw %}
 ```yaml{:copy}
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
 name: Upload Python Package
 
 on:
   release:
-    types: [created]
+    types: [published]
 
 jobs:
   deploy:
@@ -421,14 +426,14 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install setuptools wheel twine
-      - name: Build and publish
-        env:
-          TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
-          TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
-        run: |
-          python setup.py sdist bdist_wheel
-          twine upload dist/*
+          pip install build
+      - name: Build package
+        run: python -m build
+      - name: Publish package
+        uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
+        with:
+          user: __token__
+          password: ${{ secrets.PYPI_API_TOKEN }}
 ```
 {% endraw %}
 

content/actions/guides/publishing-docker-images.md

@@ -36,8 +36,9 @@ We recommend that you have a basic understanding of workflow configuration optio
 You might also find it helpful to have a basic understanding of the following:
 
 - "[Encrypted secrets](/actions/reference/encrypted-secrets)"
-- "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow)"
-- "[Working with the Docker registry](/packages/working-with-a-github-packages-registry/working-with-the-docker-registry)"
+- "[Authentication in a workflow](/actions/reference/authentication-in-a-workflow)"{% if currentVersion == "free-pro-team@latest" %}
+- "[Working with the {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)"{% else %}
+- "[Working with the Docker registry](/packages/working-with-a-github-packages-registry/working-with-the-docker-registry)"{% endif %}
 
 ## About image configuration
 
@@ -63,9 +64,11 @@ The `build-push-action` options required for Docker Hub are:
 * `tags`: The tag of your new image in the format `DOCKER-HUB-NAMESPACE/DOCKER-HUB-REPOSITORY:VERSION`. You can set a single tag as shown below, or specify multiple tags in a list.
 * `push`: If set to `true`, the image will be pushed to the registry if it is built successfully.
 
-{% raw %}
 ```yaml{:copy}
 name: Publish Docker image
+
+{% data reusables.actions.actions-not-certified-by-github %}
+
 on:
   release:
     types: [published]
@@ -79,35 +82,50 @@ jobs:
       - name: Log in to Docker Hub
         uses: docker/login-action@v1
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          username: {% raw %}${{ secrets.DOCKER_USERNAME }}{% endraw %}
+          password: {% raw %}${{ secrets.DOCKER_PASSWORD }}{% endraw %}
       - name: Push to Docker Hub
         uses: docker/build-push-action@v2
         with:
           push: true
           tags: my-docker-hub-namespace/my-docker-hub-repository:latest
 ```
-{% endraw %}
 
-{% data reusables.github-actions.docker-tag-with-ref %}
+The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to: build a Docker image based on your repository's `Dockerfile`; push the image to Docker Hub, and apply a tag to the image.
 
 ## Publishing images to {% data variables.product.prodname_registry %}
 
 {% data reusables.github-actions.release-trigger-workflow %}
 
-In the example workflow below, we use the Docker `login-action` and `build-push-action` actions to build the Docker image, and if the build succeeds, push the built image to {% data variables.product.prodname_registry %}.
+In the example workflow below, we use the Docker `login-action`{% if currentVersion == "free-pro-team@latest" %}, `metadata-action`,{% endif %} and `build-push-action` actions to build the Docker image, and if the build succeeds, push the built image to {% data variables.product.prodname_registry %}.
 
 The `login-action` options required for {% data variables.product.prodname_registry %} are:
-* `registry`: Must be set to `docker.pkg.github.com`.
+* `registry`: Must be set to {% if currentVersion == "free-pro-team@latest" %}`ghcr.io`{% else %}`docker.pkg.github.com`{% endif %}.
 * `username`: You can use the {% raw %}`${{ github.actor }}`{% endraw %} context to automatically use the username of the user that triggered the workflow run. For more information, see "[Context and expression syntax for GitHub Actions](/actions/reference/context-and-expression-syntax-for-github-actions#github-context)."
 * `password`: You can use the automatically-generated `GITHUB_TOKEN` secret for the password. For more information, see "[Authenticating with the GITHUB_TOKEN](/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token)."
 
-The `build-push-action` options required for {% data variables.product.prodname_registry %} are:
-* `tags`: Must be set in the format `docker.pkg.github.com/OWNER/REPOSITORY/IMAGE_NAME:VERSION`. For example, for an image named `octo-image` stored on {% data variables.product.prodname_dotcom %} at `http://github.com/octo-org/octo-repo`, the `tags` option should be set to `docker.pkg.github.com/octo-org/octo-repo/octo-image:latest`. You can set a single tag as shown below, or specify multiple tags in a list.
-* `push`: If set to `true`, the image will be pushed to the registry if it is built successfully.
+{% if currentVersion == "free-pro-team@latest" %}
+The `metadata-action` option required for {% data variables.product.prodname_registry %} is:
+* `images`: The namespace and name for the Docker image you are building.
+{% endif %}
 
+The `build-push-action` options required for {% data variables.product.prodname_registry %} are:{% if currentVersion == "free-pro-team@latest" %}
+* `context`: Defines the build's context as the set of files located in the specified path.{% endif %}
+* `push`: If set to `true`, the image will be pushed to the registry if it is built successfully.{% if currentVersion == "free-pro-team@latest" %}
+* `tags` and `labels`: These are populated by output from `metadata-action`.{% else %}
+* `tags`: Must be set in the format `docker.pkg.github.com/OWNER/REPOSITORY/IMAGE_NAME:VERSION`. For example, for an image named `octo-image` stored on {% data variables.product.prodname_dotcom %} at `http://github.com/octo-org/octo-repo`, the `tags` option should be set to `docker.pkg.github.com/octo-org/octo-repo/octo-image:latest`. You can set a single tag as shown below, or specify multiple tags in a list.{% endif %}
+
+{% if currentVersion == "free-pro-team@latest" %}
+{% data reusables.package_registry.publish-docker-image %}
+
+The above workflow if triggered by a push to the "release" branch. It checks out the GitHub repository, and uses the `login-action` to log in to the {% data variables.product.prodname_container_registry %}. It then extracts labels and tags for the Docker image. Finally, it and uses the `build-push-action` action to build the image and publish it on the {% data variables.product.prodname_container_registry %}.
+
+{% else %}
 ```yaml{:copy}
 name: Publish Docker image
+
+{% data reusables.actions.actions-not-certified-by-github %}
+
 on:
   release:
     types: [published]
@@ -133,10 +151,11 @@ jobs:
           push: true
           tags: |
             {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/octo-image:${{ github.sha }}{% endraw %}
-            {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/octo-image:${{ github.ref }}{% endraw %}
+            {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/octo-image:${{ github.event.release.tag_name }}{% endraw %}
 ```
 
-{% data reusables.github-actions.docker-tag-with-ref %}
+The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to: build a Docker image based on your repository's `Dockerfile`; push the image to the Docker registry, and apply the commit SHA and release version as image tags.
+{% endif %}
 
 ## Publishing images to Docker Hub and {% data variables.product.prodname_registry %}
 
@@ -144,8 +163,13 @@ In a single workflow, you can publish your Docker image to multiple registries b
 
 The following example workflow uses the steps from the previous sections ("[Publishing images to Docker Hub](#publishing-images-to-docker-hub)" and "[Publishing images to {% data variables.product.prodname_registry %}](#publishing-images-to-github-packages)") to create a single workflow that pushes to both registries.
 
+
+
 ```yaml{:copy}
 name: Publish Docker image
+
+{% data reusables.actions.actions-not-certified-by-github %}
+
 on:
   release:
     types: [published]
@@ -164,22 +188,33 @@ jobs:
         with:
           username: {% raw %}${{ secrets.DOCKER_USERNAME }}{% endraw %}
           password: {% raw %}${{ secrets.DOCKER_PASSWORD }}{% endraw %}
-      - name: Log in to GitHub Docker Registry
+      - name: Log in to the {% if currentVersion == "free-pro-team@latest" %}Container{% else %}Docker{% endif %} registry
         uses: docker/login-action@v1
         with:
-          registry: {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}
+          registry: {% if currentVersion == "free-pro-team@latest" %}ghcr.io{% elsif currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}
           username: {% raw %}${{ github.actor }}{% endraw %}
           password: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
-      - name: Push to Docker Hub
+      - name: Build and push to Docker Hub
         uses: docker/build-push-action@v2
         with:
           push: true
-          tags: my-docker-hub-namespace/my-docker-hub-repository:{% raw %}${{ github.ref }}{% endraw %}
-      - name: Build container image
+          tags: my-docker-hub-namespace/my-docker-hub-repository:{% raw %}${{ github.event.release.tag_name }}{% endraw %}{% if currentVersion == "free-pro-team@latest" %}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ghcr.io/{% raw %}${{ github.repository }}{% endraw %}{% endif %}
+      - name: Build and push to {% data variables.product.prodname_registry %}
         uses: docker/build-push-action@v2
         with:
-          push: true
-          tags: {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/my-image:${{ github.ref }}{% endraw %}
+          push: true{% if currentVersion == "free-pro-team@latest" %}
+          context: .
+          tags: {% raw %}${{ steps.meta.outputs.tags }}{% endraw %}
+          labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}{% else %}
+          tags: {% if currentVersion == "github-ae@latest" %}docker.YOUR-HOSTNAME.com{% else %}docker.pkg.github.com{% endif %}{% raw %}/${{ github.repository }}/my-image:${{ github.event.release.tag_name }}{% endraw %}{% endif %}
 ```
 
-The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` twice to log in to both registries, and then uses the `build-push-action` action twice to build and push the Docker image to Docker Hub and {% data variables.product.prodname_registry %}. For both steps, it tags the built Docker image with the Git reference of the workflow event. This workflow is triggered on publishing a {% data variables.product.prodname_dotcom %} release, so the reference for both registries will be the Git tag for the release.
+The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` twice to log in to both registries, and then uses the `build-push-action` action twice to build and push the Docker image to Docker Hub and the 
+{% if currentVersion == "free-pro-team@latest" %}{% data variables.product.prodname_container_registry %}. For Docker Hub, it tags the built Docker image with the version tag for the release that triggered the workflow. For the {% data variables.product.prodname_container_registry %}, tags and labels are automatically generated by the `metadata-action` action. 
+{% else %}Docker registry. For both steps, it tags the built Docker image with the version tag for the release that triggered the workflow.
+{% endif %}

content/actions/hosting-your-own-runners/about-self-hosted-runners.md

@@ -42,7 +42,7 @@ For more information about installing and using self-hosted runners, see "[Addin
 - Use free minutes on your {% data variables.product.prodname_dotcom %} plan, with per-minute rates applied after surpassing the free minutes.
 
 **Self-hosted runners:**
-- Receive automatic updates for the self-hosted runner application only. You are responsible updating the operating system and all other software. 
+- Receive automatic updates for the self-hosted runner application only. You are responsible for updating the operating system and all other software. 
 - Can use cloud services or local machines that you already pay for.
 - Are customizable to your hardware, operating system, software, and security requirements.
 - Don't need to have a clean instance for every job execution.

content/actions/learn-github-actions/migrating-from-gitlab-cicd-to-github-actions.md

@@ -112,7 +112,7 @@ linux_job:
 {% raw %}
 ```yaml
 windows_job:
-  runs-on : windows-latest
+  runs-on: windows-latest
   steps:
     - run: echo Hello, %USERNAME%!
 

content/actions/reference/authentication-in-a-workflow.md

@@ -79,16 +79,16 @@ jobs:
       issues: write {% endif %}
     steps:
       - name: Create issue using REST API
-        run: {% raw %}|
+        run: |
           curl --request POST \
-          --url https://api.github.com/repos/${{ github.repository }}/issues \
-          --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
+          --url {% data variables.product.api_url_code %}/repos/${% raw %}{{ github.repository }}{% endraw %}/issues \
+          --header 'authorization: Bearer ${% raw %}{{ secrets.GITHUB_TOKEN }}{% endraw %}' \
           --header 'content-type: application/json' \
           --data '{
-            "title": "Automated issue for commit: ${{ github.sha }}",
-            "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_."
+            "title": "Automated issue for commit: ${% raw %}{{ github.sha }}{% endraw %}",
+            "body": "This issue was automatically created by the GitHub Action workflow **${% raw %}{{ github.workflow }}{% endraw %}**. \n\n The commit hash was: _${% raw %}{{ github.sha }}{% endraw %}_."
             }' \
-          --fail{% endraw %}
+          --fail
 ```
 
 ## Permissions for the `GITHUB_TOKEN`

content/actions/reference/context-and-expression-syntax-for-github-actions.md

@@ -502,3 +502,42 @@ For example, consider an array of objects named `fruits`.
 ```
 
 The filter `fruits.*.name` returns the array `[ "apple", "orange", "pear" ]`
+
+## Context availability
+
+Different contexts are available throughout a workflow run. For example, the `secrets` context may only be used at certain places within a job.
+
+In addition, some functions may only be used in certain places. For example, the `hashFiles` function is not available everywhere.
+
+The following table indicates where each context and special function can be used within a workflow. Unless listed below, a function can be used anywhere.
+
+| Path | Context | Special functions |
+| ---- | ------- | ----------------- |
+| <code>concurrency</code> | <code>github</code> | |
+| <code>env</code> | <code>github, secrets</code> | |
+| <code>jobs.&lt;job_id&gt;.concurrency</code> | <code>github, needs, strategy, matrix</code> | |
+| <code>jobs.&lt;job_id&gt;.container</code> | <code>github, needs, strategy, matrix</code> | |
+| <code>jobs.&lt;job_id&gt;.container.credentials</code> | <code>github, needs, strategy, matrix, env, secrets</code> | |
+| <code>jobs.&lt;job_id&gt;.container.env.&lt;env_id&gt;</code> | <code>github, needs, strategy, matrix, job, runner, env, secrets</code> | |
+| <code>jobs.&lt;job_id&gt;.continue-on-error</code> | <code>github, needs, strategy, matrix</code> | |
+| <code>jobs.&lt;job_id&gt;.defaults.run</code> | <code>github, needs, strategy, matrix, env</code> | |
+| <code>jobs.&lt;job_id&gt;.env</code> | <code>github, needs, strategy, matrix, secrets</code> | |
+| <code>jobs.&lt;job_id&gt;.environment</code> | <code>github, needs, strategy, matrix</code> | |
+| <code>jobs.&lt;job_id&gt;.environment.url</code> | <code>github, needs, strategy, matrix, job, runner, env, steps</code> | |
+| <code>jobs.&lt;job_id&gt;.if</code> | <code>github, needs</code> | <code>always, cancelled, success, failure</code> |
+| <code>jobs.&lt;job_id&gt;.name</code> | <code>github, needs, strategy, matrix</code> | |
+| <code>jobs.&lt;job_id&gt;.outputs.&lt;output_id&gt;</code> | <code>github, needs, strategy, matrix, job, runner, env, secrets, steps</code> | |
+| <code>jobs.&lt;job_id&gt;.runs-on</code> | <code>github, needs, strategy, matrix</code> | |
+| <code>jobs.&lt;job_id&gt;.services</code> | <code>github, needs, strategy, matrix</code> | |
+| <code>jobs.&lt;job_id&gt;.services.&lt;service_id&gt;.credentials</code> | <code>github, needs, strategy, matrix, env, secrets</code> | |
+| <code>jobs.&lt;job_id&gt;.services.&lt;service_id&gt;.env.&lt;env_id&gt;</code> | <code>github, needs, strategy, matrix, job, runner, env, secrets</code> | |
+| <code>jobs.&lt;job_id&gt;.steps.continue-on-error</code> | <code>github, needs, strategy, matrix, job, runner, env, secrets, steps</code> | <code>hashFiles</code> |
+| <code>jobs.&lt;job_id&gt;.steps.env</code> | <code>github, needs, strategy, matrix, job, runner, env, secrets, steps</code> | <code>hashFiles</code> |
+| <code>jobs.&lt;job_id&gt;.steps.if</code> | <code>github, needs, strategy, matrix, job, runner, env, steps</code> | <code>always, cancelled, success, failure, hashFiles</code> |
+| <code>jobs.&lt;job_id&gt;.steps.name</code> | <code>github, needs, strategy, matrix, job, runner, env, secrets, steps</code> | <code>hashFiles</code> |
+| <code>jobs.&lt;job_id&gt;.steps.run</code> | <code>github, needs, strategy, matrix, job, runner, env, secrets, steps</code> | <code>hashFiles</code> |
+| <code>jobs.&lt;job_id&gt;.steps.timeout-minutes</code> | <code>github, needs, strategy, matrix, job, runner, env, secrets, steps</code> | <code>hashFiles</code> |
+| <code>jobs.&lt;job_id&gt;.steps.with</code> | <code>github, needs, strategy, matrix, job, runner, env, secrets, steps</code> | <code>hashFiles</code> |
+| <code>jobs.&lt;job_id&gt;.steps.working-directory</code> | <code>github, needs, strategy, matrix, job, runner, env, secrets, steps</code> | <code>hashFiles</code> |
+| <code>jobs.&lt;job_id&gt;.strategy</code> | <code>github, needs</code> | |
+| <code>jobs.&lt;job_id&gt;.timeout-minutes</code> | <code>github, needs, strategy, matrix</code> | |

content/actions/using-github-hosted-runners/about-github-hosted-runners.md

@@ -69,7 +69,7 @@ Workflow logs list the runner used to run a job. For more information, see "[Vie
 The software tools included in {% data variables.product.prodname_dotcom %}-hosted runners are updated weekly. The update process takes several days, and the list of preinstalled software on the `main` branch is updated after the whole deployment ends. 
 ### Preinstalled software
 
-Workflow logs include a link to the preinstalled tools on the exact runner. To find this information in the workflow log, expand the `Set up job` section. Under that section, expand the `Virtual Environment` section. The link following `Included Software` will tell you the the preinstalled tools on the runner that ran the workflow.
+Workflow logs include a link to the preinstalled tools on the exact runner. To find this information in the workflow log, expand the `Set up job` section. Under that section, expand the `Virtual Environment` section. The link following `Included Software` will describe the preinstalled tools on the runner that ran the workflow.
 ![Installed software link](/assets/images/actions-runner-installed-software-link.png)
 For more information, see "[Viewing workflow run history](/actions/managing-workflow-runs/viewing-workflow-run-history)."
 

content/admin/authentication/managing-identity-and-access-for-your-enterprise/configuring-user-provisioning-for-your-enterprise.md

@@ -84,7 +84,7 @@ You must have administrative access on your IdP to configure the application for
 
   | Value | Other names | Description | Example |
   | :- | :- | :- | :- |
-  | URL | Tenant URL | URL to the SCIM provisioning API for your enterprise on {% data variables.product.prodname_ghe_managed %} | <pre>https&colon;//api.<em>YOUR-GITHUB-AE-HOSTNAME</em>/scim/v2</pre> |
+  | URL | Tenant URL | URL to the SCIM provisioning API for your enterprise on {% data variables.product.prodname_ghe_managed %} | <nobr><code>{% data variables.product.api_url_pre %}</nobr></code> |
   | Shared secret | Personal access token, secret token | Token for application on your IdP to perform provisioning tasks on behalf of an enterprise owner | Personal access token you created in step 1 |
 
 {% endif %}

content/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode.md

@@ -33,7 +33,7 @@ We recommend that you schedule a maintenance window for at least 30 minutes in t
 
 ![End user banner about scheduled maintenance](/assets/images/enterprise/maintenance/maintenance-scheduled.png)
 
-When the instance is in maintenance mode, all normal HTTP and Git access is refused. Git fetch, clone, and push operations are also rejected with an error message indicating that the site is temporarily unavailable. Visiting the site in a browser results in a maintenance page.
+When the instance is in maintenance mode, all normal HTTP and Git access is refused. Git fetch, clone, and push operations are also rejected with an error message indicating that the site is temporarily unavailable. GitHub Actions jobs will not be executed. Visiting the site in a browser results in a maintenance page.
 
 ![The maintenance mode splash screen](/assets/images/enterprise/maintenance/maintenance-mode-maintenance-page.png)
 

content/admin/managing-github-advanced-security-for-your-enterprise/about-licensing-for-github-advanced-security.md

@@ -1,39 +0,0 @@
----
-title: About licensing for GitHub Advanced Security
-intro: 'You need a license to use {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}.'
-product: '{% data reusables.gated-features.ghas %}'
-versions:
-  enterprise-server: '>=3.1'
-type: overview
-topics:
-  - Advanced Security
-  - Enterprise
-  - Licensing
-  - Security
-redirect_from:
-  - /admin/advanced-security/about-licensing-for-github-advanced-security
----
-
-## About licensing for {% data variables.product.prodname_GH_advanced_security %}
-
-You can make extra features for code security available to users by buying and uploading a license for {% data variables.product.prodname_GH_advanced_security %}. For more information about {% data variables.product.prodname_GH_advanced_security %}, see "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)."
-
-{% data reusables.advanced-security.license-overview %}
-
-To discuss licensing {% data variables.product.prodname_GH_advanced_security %} for {% data variables.product.product_name %}, contact {% data variables.contact.contact_enterprise_sales %}. To enable {% data variables.product.prodname_GH_advanced_security %}, see "[Enabling {% data variables.product.prodname_GH_advanced_security %} for your appliance](/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise)."
-
-## About committer numbers for {% data variables.product.prodname_GH_advanced_security %}
-
-{% data reusables.advanced-security.about-committer-numbers-ghec-ghes %}
-
-## Managing your license usage for {% data variables.product.prodname_GH_advanced_security %}
-
-{% data reusables.advanced-security.managing-license-usage-ghec-ghes %}
-
-You can enforce policies to allow or disallow the use of {% data variables.product.prodname_advanced_security %} by organizations owned by your enterprise account. For more information, see "[Enforcing policies for {% data variables.product.prodname_advanced_security %} in your enterprise](/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise)."
-
-For more information on viewing license usage, see "[Viewing your {% data variables.product.prodname_GH_advanced_security %} usage](/admin/advanced-security/viewing-your-github-advanced-security-usage)."
-
-## Getting the most out of your {% data variables.product.prodname_GH_advanced_security %} license
-
-{% data reusables.advanced-security.getting-the-most-from-your-license %}

content/admin/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md

@@ -1,80 +0,0 @@
----
-title: Configuring code scanning for your appliance
-shortTitle: Configuring code scanning
-intro: 'You can enable, configure and disable {% data variables.product.prodname_code_scanning %} for {% data variables.product.product_location %}. {% data variables.product.prodname_code_scanning_capc %} allows users to scan code for vulnerabilities and errors.'
-product: '{% data reusables.gated-features.code-scanning %}'
-miniTocMaxHeadingLevel: 3
-redirect_from:
-  - /enterprise/admin/configuration/configuring-code-scanning-for-your-appliance
-  - /admin/configuration/configuring-code-scanning-for-your-appliance
-  - /admin/advanced-security/configuring-code-scanning-for-your-appliance
-versions:
-  enterprise-server: '>=2.22'
-type: how_to
-topics:
-  - Advanced Security
-  - Code scanning
-  - Enterprise
-  - Security
----
-
-{% data reusables.code-scanning.beta %}
-
-## About {% data variables.product.prodname_code_scanning %}
-
-{% data reusables.code-scanning.about-code-scanning %}
-
-You can configure {% data variables.product.prodname_code_scanning %} to run {% data variables.product.prodname_codeql %} analysis and third-party analysis. {% data variables.product.prodname_code_scanning_capc %} also supports running analysis natively using {% data variables.product.prodname_actions %} or externally using existing CI/CD infrastructure. The table below summarizes all the options available to users when you configure {% data variables.product.product_location %} to allow {% data variables.product.prodname_code_scanning %} using actions.
-
-{% data reusables.code-scanning.enabling-options %}
-
-## Prerequisites for {% data variables.product.prodname_code_scanning %}
-
-- A license for {% data variables.product.prodname_GH_advanced_security %}{% if currentVersion ver_gt "enterprise-server@3.0" %} (see "[About licensing for {% data variables.product.prodname_GH_advanced_security %}](/admin/advanced-security/about-licensing-for-github-advanced-security)"){% endif %}
-
-- {% data variables.product.prodname_code_scanning_capc %} enabled in the management console (see "[Enabling {% data variables.product.prodname_GH_advanced_security %} for your enterprise](/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise)")
-
-- A VM or container for {% data variables.product.prodname_code_scanning %} analysis to run in.
-
-## Running {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_actions %}
-
-### Setting up a self-hosted runner
-
-{% data variables.product.prodname_ghe_server %} can run {% data variables.product.prodname_code_scanning %} using a {% data variables.product.prodname_actions %} workflow. First, you need to provision one or more self-hosted {% data variables.product.prodname_actions %} runners in your environment. You can provision self-hosted runners at the repository, organization, or enterprise account level. For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners)" and "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
-
-You must ensure that Git is in the PATH variable on any self-hosted runners you use to run {% data variables.product.prodname_codeql %} actions.
-
-### Provisioning the actions for {% data variables.product.prodname_code_scanning %}
-
-{% if currentVersion ver_gt "enterprise-server@2.22" %}
-If you want to use actions to run {% data variables.product.prodname_code_scanning %} on {% data variables.product.prodname_ghe_server %}, the actions must be available on your appliance.
-
-The {% data variables.product.prodname_codeql %} action is included in your installation of {% data variables.product.prodname_ghe_server %}. If {% data variables.product.prodname_ghe_server %} has access to the internet, the action will automatically download the {% data variables.product.prodname_codeql %} bundle required to perform analysis. Alternatively, you can use a synchronization tool to make the {% data variables.product.prodname_codeql %} analysis bundle available locally. For more information, see "[Configuring {% data variables.product.prodname_codeql %} analysis on a server without internet access](#configuring-codeql-analysis-on-a-server-without-internet-access)" below.
-
-You can also make third-party actions available to users for {% data variables.product.prodname_code_scanning %}, by setting up {% data variables.product.prodname_github_connect %}. For more information, see "[Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}](/enterprise/admin/configuration/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)" below.
-
-### Configuring {% data variables.product.prodname_codeql %} analysis on a server without internet access
-If the server on which you are running {% data variables.product.prodname_ghe_server %} is not connected to the internet, and you want to allow users to enable {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} for their repositories, you must use the {% data variables.product.prodname_codeql %} action sync tool to copy the {% data variables.product.prodname_codeql %} analysis bundle from {% data variables.product.prodname_dotcom_the_website %} to your server. The tool, and details of how to use it, are available at [https://github.com/github/codeql-action-sync-tool](https://github.com/github/codeql-action-sync-tool/).
-
-If you set up the {% data variables.product.prodname_codeql %} action sync tool, you can use it to sync the latest releases of the {% data variables.product.prodname_codeql %} action and associated {% data variables.product.prodname_codeql %} analysis bundle. These are compatible with {% data variables.product.prodname_ghe_server %}.
-
-{% endif %}
-
-{% if currentVersion == "enterprise-server@2.22" %}
-To run {% data variables.product.prodname_code_scanning %} on {% data variables.product.prodname_ghe_server %} with {% data variables.product.prodname_actions %}, the appropriate actions must be available locally. You can make the actions available in three ways.
-
-- **Recommended**: You can use [{% data variables.product.prodname_github_connect %}](/enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud) to automatically download actions from {% data variables.product.prodname_dotcom_the_website %}. The machine that hosts your instance must be able to access {% data variables.product.prodname_dotcom_the_website %}. This approach ensures that you get the latest software automatically. For more information, see "[Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}](/enterprise/admin/configuration/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)."
-- If you want to use the {% data variables.product.prodname_codeql_workflow %}, you can sync the repository from {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.prodname_ghe_server %}, by using the {% data variables.product.prodname_codeql %} Action sync tool available at [https://github.com/github/codeql-action-sync-tool](https://github.com/github/codeql-action-sync-tool/). You can use this tool regardless of whether {% data variables.product.product_location %} or your {% data variables.product.prodname_actions %} runners have access to the internet, as long as you can access both {% data variables.product.product_location %} and {% data variables.product.prodname_dotcom_the_website %} simultaneously on your computer.
-- You can create a local copy of an action's repository on your server, by cloning the {% data variables.product.prodname_dotcom_the_website %} repository that contains the action. For example, if you want to use the actions for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can create a repository in your instance called `github/codeql-action`, then clone the [repository](https://github.com/github/codeql-action) from {% data variables.product.prodname_dotcom_the_website %}, and then push that repository to your instance's `github/codeql-action` repository. You will also need to download any of the releases from the repository on {% data variables.product.prodname_dotcom_the_website %} and upload them to your instance's `github/codeql-action` repository as releases.
-{% endif %}
-
-### Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}
-1. If you want to download action workflows on demand from {% data variables.product.prodname_dotcom_the_website %}, you need to enable {% data variables.product.prodname_github_connect %}. For more information, see "[Enabling {% data variables.product.prodname_github_connect %}](/enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud#enabling-github-connect)."
-2. You'll also need to enable {% data variables.product.prodname_actions %} for {% data variables.product.product_location %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for {% data variables.product.prodname_ghe_server %}](/admin/github-actions/getting-started-with-github-actions-for-github-enterprise-server)."
-3. The next step is to configure access to actions on {% data variables.product.prodname_dotcom_the_website %} using {% data variables.product.prodname_github_connect %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect)."
-4. Add a self-hosted runner to your repository, organization, or enterprise account. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
-
-## Running {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_runner %}
-If you don't want to use {% data variables.product.prodname_actions %}, you can run {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_runner %}. 
-
-The {% data variables.product.prodname_codeql_runner %} is a command-line tool that you can add to your third-party CI/CD system. The tool runs {% data variables.product.prodname_codeql %} analysis on a checkout of a {% data variables.product.prodname_dotcom %} repository. For more information, see "[Running {% data variables.product.prodname_code_scanning %} in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system)."

content/admin/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance.md

@@ -1,79 +0,0 @@
----
-title: Configuring secret scanning for your appliance
-shortTitle: Configuring secret scanning
-intro: 'You can enable, configure, and disable {% data variables.product.prodname_secret_scanning %} for {% data variables.product.product_location %}. {% data variables.product.prodname_secret_scanning_caps %} allows users to scan code for accidentally committed secrets.'
-product: '{% data reusables.gated-features.secret-scanning %}'
-miniTocMaxHeadingLevel: 3
-redirect_from:
-  - /admin/configuration/configuring-secret-scanning-for-your-appliance
-  - /admin/advanced-security/configuring-secret-scanning-for-your-appliance
-versions:
-  enterprise-server: '>=3.0'
-type: how_to
-topics:
-  - Advanced Security
-  - Enterprise
-  - Secret scanning
-  - Security
----
-
-{% data reusables.secret-scanning.beta %}
-
-## About {% data variables.product.prodname_secret_scanning %}
-
-{% data reusables.secret-scanning.about-secret-scanning %} For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/about-secret-scanning)."
-
-## Prerequisites for {% data variables.product.prodname_secret_scanning %}
-
-
-- The [SSSE3](https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf#G3.1106470) (Supplemental Streaming SIMD Extensions 3) CPU flag needs to be enabled on the VM/KVM that runs {% data variables.product.product_location %}.
-
-- A license for {% data variables.product.prodname_GH_advanced_security %}{% if currentVersion ver_gt "enterprise-server@3.0" %} (see "[About licensing for {% data variables.product.prodname_GH_advanced_security %}](/admin/advanced-security/about-licensing-for-github-advanced-security)"){% endif %}
-
-- {% data variables.product.prodname_secret_scanning_caps %} enabled in the management console (see "[Enabling {% data variables.product.prodname_GH_advanced_security %} for your enterprise](/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise)")
-
-## Checking support for the SSSE3 flag on your vCPUs
-
-The SSSE3 set of instructions is required because {% data variables.product.prodname_secret_scanning %} leverages hardware accelerated pattern matching to find potential credentials committed to your {% data variables.product.prodname_dotcom %} repositories. SSSE3 is enabled for most modern CPUs. You can check whether SSSE3 is enabled for the vCPUs available to your {% data variables.product.prodname_ghe_server %} instance.
-
-1. Connect to the administrative shell for your {% data variables.product.prodname_ghe_server %} instance. For more information, see "[Accessing the administrative shell (SSH)](/admin/configuration/accessing-the-administrative-shell-ssh)."
-2. Enter the following command:
-
-```shell
-grep -iE '^flags.*ssse3' /proc/cpuinfo >/dev/null | echo $?
-```
-
-If this returns the value `0`, it means that the SSSE3 flag is available and enabled. You can now enable {% data variables.product.prodname_secret_scanning %} for {% data variables.product.product_location %}. For more information, see "[Enabling {% data variables.product.prodname_secret_scanning %}](#enabling-secret-scanning)" below.
-
-If this doesn't return `0`, SSSE3 is not enabled on your VM/KVM. You need to refer to the documentation of the hardware/hypervisor on how to enable the flag, or make it available to guest VMs.
-
-### Checking whether you have an {% data variables.product.prodname_advanced_security %} license
-
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.management-console %}
-1. Check if there is an **{% data variables.product.prodname_advanced_security %}** entry in the left sidebar.
-![Advanced Security sidebar](/assets/images/enterprise/management-console/sidebar-advanced-security.png)
-
-{% data reusables.enterprise_management_console.advanced-security-license %}
-
-## Enabling {% data variables.product.prodname_secret_scanning %}
-
-{% data reusables.enterprise_management_console.enable-disable-security-features %}
-
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.management-console %}
-{% data reusables.enterprise_management_console.advanced-security-tab %}
-1. Under "{% data variables.product.prodname_advanced_security %}," click **{% data variables.product.prodname_secret_scanning_caps %}**.
-![Checkbox to enable or disable {% data variables.product.prodname_secret_scanning %}](/assets/images/enterprise/management-console/enable-secret-scanning-checkbox.png)
-{% data reusables.enterprise_management_console.save-settings %}
-
-## Disabling {% data variables.product.prodname_secret_scanning %}
-
-{% data reusables.enterprise_management_console.enable-disable-security-features %}
-
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.management-console %}
-{% data reusables.enterprise_management_console.advanced-security-tab %}
-1. Under "{% data variables.product.prodname_advanced_security %}", unselect **{% data variables.product.prodname_secret_scanning_caps %}**.
-![Checkbox to enable or disable {% data variables.product.prodname_secret_scanning %}](/assets/images/enterprise/management-console/secret-scanning-disable.png)
-{% data reusables.enterprise_management_console.save-settings %}

content/admin/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise.md

@@ -1,94 +0,0 @@
----
-title: Enabling GitHub Advanced Security for your enterprise
-shortTitle: Enabling GitHub Advanced Security
-intro: 'You can configure {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}. This provides extra features that help users find and fix security problems in their code.'
-product: '{% data reusables.gated-features.ghas %}'
-versions:
-  enterprise-server: '>=2.22'
-type: how_to
-topics:
-  - Advanced Security
-  - Code scanning
-  - Enterprise
-  - Secret scanning
-  - Security
-redirect_from:
-  - /admin/advanced-security/enabling-github-advanced-security-for-your-enterprise
----
-
-## About enabling {% data variables.product.prodname_GH_advanced_security %}
-
-{% data reusables.advanced-security.ghas-helps-developers %}
-
-{% if currentVersion ver_gt "enterprise-server@3.0" %}
-When you enable {% data variables.product.prodname_GH_advanced_security %} for your enterprise, repository administrators in all organizations can enable the features unless you set up a policy to restrict access. For more information, see "[Enforcing policies for {% data variables.product.prodname_advanced_security %} in your enterprise](/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise)."
-{% else %}
-When you enable {% data variables.product.prodname_GH_advanced_security %} for your enterprise, repository administrators in all organizations can enable the features. {% if currentVersion == "enterprise-server@3.0" %}For more information, see "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)" and "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."{% endif %}
-{% endif %}
-
-## Prerequisites for enabling {% data variables.product.prodname_GH_advanced_security %}
-
-1. Upgrade your license for {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}.{% if currentVersion ver_gt "enterprise-server@3.0" %} For information about licensing, see "[About licensing for {% data variables.product.prodname_GH_advanced_security %}](/admin/advanced-security/about-licensing-for-github-advanced-security)."{% endif %}
-2. Upload the new license to {% data variables.product.product_location %}. For more information, see "[Managing your GitHub Enterprise license](/admin/overview/managing-your-github-enterprise-license#uploading-a-new-license-to-github-enterprise-server)."{% if currentVersion ver_gt "enterprise-server@2.22" %}
-3. Review the prerequisites for the features you plan to enable.
-
-    - {% data variables.product.prodname_code_scanning_capc %}, see "[Configuring {% data variables.product.prodname_code_scanning %} for your appliance](/admin/advanced-security/configuring-code-scanning-for-your-appliance#prerequisites-for-code-scanning)."
-    - {% data variables.product.prodname_secret_scanning_caps %}, see "[Configuring {% data variables.product.prodname_secret_scanning %} for your appliance](/admin/advanced-security/configuring-secret-scanning-for-your-appliance#prerequisites-for-secret-scanning)."{% endif %}
-
-## Checking whether your license includes {% data variables.product.prodname_GH_advanced_security %}
-
-{% if currentVersion ver_gt "enterprise-server@3.0" %}
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
-1. If your license includes {% data variables.product.prodname_GH_advanced_security %}, the license page includes a section showing details of current usage.
-![{% data variables.product.prodname_GH_advanced_security %} section of Enterprise license](/assets/images/help/billing/ghas-orgs-list-enterprise-ghes.png)
-{% endif %}
-
-{% if currentVersion == "enterprise-server@2.22" or currentVersion == "enterprise-server@3.0" %}
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.management-console %}
-1. If your license includes {% data variables.product.prodname_GH_advanced_security %}, there is an **{% data variables.product.prodname_advanced_security %}** entry in the left sidebar.
-![Advanced Security sidebar](/assets/images/enterprise/management-console/sidebar-advanced-security.png)
-
-{% data reusables.enterprise_management_console.advanced-security-license %}
-{% endif %}
-
-## Enabling and disabling {% data variables.product.prodname_GH_advanced_security %} features
-
-{% data reusables.enterprise_management_console.enable-disable-security-features %}
-
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.management-console %}
-{% data reusables.enterprise_management_console.advanced-security-tab %}{% if currentVersion ver_gt "enterprise-server@2.22" %}
-1. Under "{% data variables.product.prodname_advanced_security %}," select the features that you want to enable and deselect any features you want to disable.
-![Checkbox to enable or disable {% data variables.product.prodname_advanced_security %} features](/assets/images/enterprise/management-console/enable-advanced-security-checkboxes.png){% else %}
-1. Under "{% data variables.product.prodname_advanced_security %}," click **{% data variables.product.prodname_code_scanning_capc %}**.
-![Checkbox to enable or disable {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/management-console/enable-code-scanning-checkbox.png){% endif %}
-{% data reusables.enterprise_management_console.save-settings %}
-
-When {% data variables.product.product_name %} has finished restarting, you're ready to set up any additional resources required for newly enabled features. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %} for your appliance](/admin/advanced-security/configuring-code-scanning-for-your-appliance)."
-
-## Enabling or disabling {% data variables.product.prodname_GH_advanced_security %} via the administrative shell (SSH)
-
-You can enable or disable features programmatically on {% data variables.product.product_location %}. For more information about the administrative shell and command-line utilities for {% data variables.product.prodname_ghe_server %}, see "[Accessing the administrative shell (SSH)](/admin/configuration/accessing-the-administrative-shell-ssh)" and "[Command-line utilities](/admin/configuration/command-line-utilities#ghe-config)."
-
-For example, you can enable {% data variables.product.prodname_code_scanning %} with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.
-
-1. SSH into {% data variables.product.product_location %}.
-1. Enable {% data variables.product.prodname_code_scanning %}.
-    ```shell
-    ghe-config app.minio.enabled true
-    ghe-config app.code-scanning.enabled true
-    ```
-2. Optionally, disable {% data variables.product.prodname_code_scanning %}.
-    ```shell
-    ghe-config app.minio.enabled false
-    ghe-config app.code-scanning.enabled false
-    ```
-3. Apply the configuration.
-    ```shell
-  ghe-config-apply
-  ```
-
-{% if currentVersion ver_gt "enterprise-server@2.22" %}To enable and disable {% data variables.product.prodname_secret_scanning %} in the same way, set: `ghe-config app.secret-scanning.enabled` true or false and apply the configuration.{% endif %}

content/admin/managing-github-advanced-security-for-your-enterprise/index.md

@@ -1,22 +0,0 @@
----
-title: Managing GitHub Advanced Security for your enterprise
-shortTitle: Managing GitHub Advanced Security
-intro: 'You can configure {% data variables.product.prodname_advanced_security %} and manage use by your enterprise to suit your organization''s needs.'
-product: '{% data reusables.gated-features.ghas %}'
-redirect_from:
-  - /enterprise/admin/configuration/configuring-advanced-security-features
-  - /admin/configuration/configuring-advanced-security-features
-  - /admin/advanced-security
-  - /admin/advanced-security/index
-versions:
-  enterprise-server: '>=2.22'
-topics:
-  - Enterprise
-children:
-  - /about-licensing-for-github-advanced-security
-  - /enabling-github-advanced-security-for-your-enterprise
-  - /configuring-code-scanning-for-your-appliance
-  - /configuring-secret-scanning-for-your-appliance
-  - /viewing-your-github-advanced-security-usage
----
-

content/admin/managing-github-advanced-security-for-your-enterprise/viewing-your-github-advanced-security-usage.md

@@ -1,29 +0,0 @@
----
-title: Viewing your GitHub Advanced Security usage
-intro: 'You can view usage of your {% data variables.product.prodname_GH_advanced_security %} license.'
-permissions: 'Enterprise owners can view usage for {% data variables.product.prodname_GH_advanced_security %}.'
-product: '{% data reusables.gated-features.ghas %}'
-versions:
-  enterprise-server: '>=3.1'
-topics:
-  - Enterprise
-redirect_from:
-  - /admin/advanced-security/viewing-your-github-advanced-security-usage
----
-
-{% data reusables.advanced-security.about-ghas-license-seats %} For more information, see "[About licensing for {% data variables.product.prodname_GH_advanced_security %}](/admin/advanced-security/about-licensing-for-github-advanced-security)."
-
-## Viewing license usage for {% data variables.product.prodname_GH_advanced_security %}
-
-You can check how many seats your license includes and how many seats are currently in use.
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
-   The "{% data variables.product.prodname_GH_advanced_security %}" section shows details of the current usage. You can see the total number of seats used, as well as a table with the number of committers and unique committers for each organization.
-  ![{% data variables.product.prodname_GH_advanced_security %} section of Enterprise license](/assets/images/help/billing/ghas-orgs-list-enterprise-ghes.png)
-5. Optionally, click the name of an organization where you are an owner to display the security and analysis settings for the organization.
-  ![Owned organization in {% data variables.product.prodname_GH_advanced_security %} section of enterprise billing settings](/assets/images/help/billing/ghas-orgs-list-enterprise-click-org.png)
-6. On the "Security & analysis" settings page, scroll to the "{% data variables.product.prodname_GH_advanced_security %} repositories" section to see a detailed breakdown of usage by repository for this organization.
-  ![{% data variables.product.prodname_GH_advanced_security %} repositories section](/assets/images/help/enterprises/settings-security-analysis-ghas-repos-list.png)
-  For more information, see "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."

content/billing/managing-billing-for-github-packages/about-billing-for-github-packages.md

@@ -20,7 +20,7 @@ topics:
 
 {% note %}
 
-**Billing update for container image storage:** During the beta phase of the {% data variables.product.prodname_container_registry %}, Docker image storage and bandwidth are free for both the previous `docker.pkg.github.com` and current `ghcr.io` hosting services. For more information, see "[Introduction to {% data variables.product.prodname_registry %}](/packages/learn-github-packages/introduction-to-github-packages)."
+**Billing update for container image storage:** The period of free use for container image storage and bandwidth for the {% data variables.product.prodname_container_registry %} has been extended. If you are using {% data variables.product.prodname_container_registry %} you'll be informed at least one month in advance of billing commencing and you'll be given an estimate of how much you should expect to pay. For more information about the {% data variables.product.prodname_container_registry %}, see "[Working with the Container registry](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)."
 
 {% endnote %}
 

content/code-security/guides.md

@@ -39,8 +39,9 @@ includeGuides:
   - /code-security/secure-coding/integrating-with-code-scanning/sarif-support-for-code-scanning
   - /code-security/secure-coding/integrating-with-code-scanning/uploading-a-sarif-file-to-github
   - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system
+  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system
   - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-runner-in-your-ci-system
-  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-cli-in-your-ci-system
+  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system
   - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system
   - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-runner-in-your-ci-system
   - /code-security/security-advisories/about-coordinated-disclosure-of-security-vulnerabilities

content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/index.md

@@ -21,5 +21,6 @@ children:
   - /configuring-the-codeql-workflow-for-compiled-languages
   - /troubleshooting-the-codeql-workflow
   - /running-codeql-code-scanning-in-a-container
+  - /viewing-code-scanning-logs
 ---
 <!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->

content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md

@@ -65,6 +65,17 @@ You need write permission to view a summary of all the alerts for a repository o
 1. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code.
   ![Details for an alert](/assets/images/help/repository/code-scanning-alert-details.png)
 
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" %}
+{% note %}
+
+**Note:** For {% data variables.product.prodname_code_scanning %} analysis with {% data variables.product.prodname_codeql %}, you can see information about the latest run in a header at the top of the list of {% data variables.product.prodname_code_scanning %} alerts for the repository. 
+
+For example, you can see when the last scan ran, the number of lines of code analyzed compared to the total number of lines of code in your repository, and the total number of alerts that were generated.
+  ![UI banner](/assets/images/help/repository/code-scanning-ui-banner.png)
+
+{% endnote %}
+{% endif %}
+
 {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" %}
 ## Searching {% data variables.product.prodname_code_scanning %} alerts
 

content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container.md

@@ -29,7 +29,7 @@ topics:
 If you're setting up {% data variables.product.prodname_code_scanning %} for a compiled language, and you're building the code in a containerized environment, the analysis may fail with the error message "No source code was seen during the build." This indicates that {% data variables.product.prodname_codeql %} was unable to monitor your code as it was compiled.
 
 {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}
-You must run {% data variables.product.prodname_codeql %} inside the container in which you build your code. This applies whether you are using the {% data variables.product.prodname_codeql_cli %}, the {% data variables.product.prodname_codeql_runner %}, or {% data variables.product.prodname_actions %}. For the {% data variables.product.prodname_codeql_cli %} or the {% data variables.product.prodname_codeql_runner %}, see "[Running {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/running-codeql-cli-in-your-ci-system)" or "[Running {% data variables.product.prodname_codeql_runner %} in your CI system](/code-security/secure-coding/running-codeql-runner-in-your-ci-system)" for more information. If you're using {% data variables.product.prodname_actions %}, configure your workflow to run all the actions in the same container. For more information, see "[Example workflow](#example-workflow)."
+You must run {% data variables.product.prodname_codeql %} inside the container in which you build your code. This applies whether you are using the {% data variables.product.prodname_codeql_cli %}, the {% data variables.product.prodname_codeql_runner %}, or {% data variables.product.prodname_actions %}. For the {% data variables.product.prodname_codeql_cli %} or the {% data variables.product.prodname_codeql_runner %}, see "[Installing {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system)" or "[Running {% data variables.product.prodname_codeql_runner %} in your CI system](/code-security/secure-coding/running-codeql-runner-in-your-ci-system)" for more information. If you're using {% data variables.product.prodname_actions %}, configure your workflow to run all the actions in the same container. For more information, see "[Example workflow](#example-workflow)."
 {% else %}
 You must run {% data variables.product.prodname_codeql %} inside the container in which you build your code. This applies whether you are using the {% data variables.product.prodname_codeql_runner %} or {% data variables.product.prodname_actions %}. For the {% data variables.product.prodname_codeql_runner %}, see "[Running {% data variables.product.prodname_codeql_runner %} in your CI system](/code-security/secure-coding/running-codeql-runner-in-your-ci-system)" for more information. If you're using {% data variables.product.prodname_actions %}, configure your workflow to run all the actions in the same container. For more information, see "[Example workflow](#example-workflow)."
 {% endif %}

content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository.md

@@ -58,38 +58,6 @@ In the default {% data variables.product.prodname_codeql_workflow %}, {% data va
 ## Bulk set up of {% data variables.product.prodname_code_scanning %} 
 You can set up {% data variables.product.prodname_code_scanning %} in many repositories at once using a script. For an example of a script that raises pull requests to add a {% data variables.product.prodname_actions %} workflow to multiple repositories, see the [`jhutchings1/Create-ActionsPRs`](https://github.com/jhutchings1/Create-ActionsPRs) repository.
 
-## Viewing the logging output from {% data variables.product.prodname_code_scanning %}
-
-After setting up {% data variables.product.prodname_code_scanning %} for your repository, you can watch the output of the actions as they run.
-
-{% data reusables.repositories.actions-tab %}
-
-  You'll see a list that includes an entry for running the {% data variables.product.prodname_code_scanning %} workflow. The text of the entry is the title you gave your commit message.
-
-  ![Actions list showing {% data variables.product.prodname_code_scanning %} workflow](/assets/images/help/repository/code-scanning-actions-list.png)
-
-1. Click the entry for the {% data variables.product.prodname_code_scanning %} workflow.
-
-1. Click the job name on the left. For example, **Analyze (LANGUAGE)**.
-
-  ![Log output from the {% data variables.product.prodname_code_scanning %} workflow](/assets/images/help/repository/code-scanning-logging-analyze-action.png)
-
-1. Review the logging output from the actions in this workflow as they run.
-
-1. Once all jobs are complete, you can view the details of any {% data variables.product.prodname_code_scanning %} alerts that were identified. For more information, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
-
-{% note %}
-
-**Note:** If you raised a pull request to add the {% data variables.product.prodname_code_scanning %} workflow to the repository, alerts from that pull request aren't displayed directly on the {% data variables.product.prodname_code_scanning_capc %} page until the pull request is merged. If any alerts were found you can view these, before the pull request is merged, by clicking the **_n_ alerts found** link in the banner on the {% data variables.product.prodname_code_scanning_capc %} page.
-
-{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1"%}
-  ![Click the "n alerts found" link](/assets/images/help/repository/code-scanning-alerts-found-link.png)
-{% else %}
-  ![Click the "n alerts found" link](/assets/images/enterprise/3.1/help/repository/code-scanning-alerts-found-link.png)
-{% endif %}
-
-{% endnote %}
-
 ## Understanding the pull request checks
 
 Each {% data variables.product.prodname_code_scanning %} workflow you set to run on pull requests always has at least two entries listed in the checks section of a pull request. There is one entry for each of the analysis jobs in the workflow, and a final one for the results of the analysis.
@@ -135,5 +103,6 @@ After setting up {% data variables.product.prodname_code_scanning %}, and allowi
 - View all of the {% data variables.product.prodname_code_scanning %} alerts generated for this repository. For more information, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)."
 - View any alerts generated for a pull request submitted after you set up {% data variables.product.prodname_code_scanning %}. For more information, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."
 - Set up notifications for completed runs. For more information, see "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#github-actions-notification-options)."
+- View the logs generated by the {% data variables.product.prodname_code_scanning %} analysis. For more information, see "[Viewing {% data variables.product.prodname_code_scanning %} logs](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/viewing-code-scanning-logs)."
 - Investigate any problems that occur with the initial setup of {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}. For more information, see "[Troubleshooting the {% data variables.product.prodname_codeql %} workflow](/code-security/secure-coding/troubleshooting-the-codeql-workflow)."
 - Customize how {% data variables.product.prodname_code_scanning %} scans the code in your repository. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning)."

content/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/viewing-code-scanning-logs.md

@@ -0,0 +1,78 @@
+---
+title: Viewing code scanning logs
+intro: 'You can view the output generated during {% data variables.product.prodname_code_scanning %} analysis in {% data variables.product.product_location %}.'
+product: '{% data reusables.gated-features.code-scanning %}'
+permissions: 'If you have write permissions to a repository, you can view the {% data variables.product.prodname_code_scanning %} logs for that repository.'
+miniTocMaxHeadingLevel: 4
+versions:
+  free-pro-team: '*'
+  enterprise-server: '>=3.0'
+  github-ae: '*'
+topics:
+  - Security
+---
+
+{% data reusables.code-scanning.beta %}
+{% data reusables.code-scanning.enterprise-enable-code-scanning-actions %}
+
+## About your {% data variables.product.prodname_code_scanning %} setup 
+
+You can use a variety of tools to set up {% data variables.product.prodname_code_scanning %} in your repository. For more information, see  "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository#options-for-setting-up-code-scanning)."
+
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1"%}
+The log and diagnostic information available to you depends on the method you use for {% data variables.product.prodname_code_scanning %} in your repository. You can check the type of {% data variables.product.prodname_code_scanning %} you're using in the **Security** tab of your repository, by using the **Tool** drop-down menu in the alert list. For more information, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
+
+## About analysis and diagnostic information
+
+You can see analysis and diagnostic information for {% data variables.product.prodname_code_scanning %} run using {% data variables.product.prodname_codeql %} analysis on {% data variables.product.prodname_dotcom %}. 
+
+**Analysis** information is shown for the most recent analysis in a header at the top of the list of alerts. For more information, see "[Managing code scanning alerts for your repository](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
+
+**Diagnostic** information is displayed in the Action workflow logs and consists of summary metrics and extractor diagnostics. For information about accessing {% data variables.product.prodname_code_scanning %} logs on {% data variables.product.prodname_dotcom %}, see "[Viewing the logging output from {% data variables.product.prodname_code_scanning %}](#viewing-the-logging-output-from-code-scanning)" below.
+
+If you're using the {% data variables.product.prodname_codeql_cli %} outside {% data variables.product.prodname_dotcom %}, you'll see diagnostic information in the output generated during database analysis. This information is also included in the SARIF results file you upload to {% data variables.product.prodname_dotcom %} with the {% data variables.product.prodname_code_scanning %} results.
+
+For information about the {% data variables.product.prodname_codeql_cli %}, see "[Running {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-cli-in-your-ci-system#viewing-log-and-diagnostic-information)."
+
+### About summary metrics
+
+{% data reusables.code-scanning.summary-metrics %}
+
+### About {% data variables.product.prodname_codeql %} source code extraction diagnostics
+
+{% data reusables.code-scanning.extractor-diagnostics %}
+
+{% endif %}
+## Viewing the logging output from {% data variables.product.prodname_code_scanning %}
+
+This section applies to {% data variables.product.prodname_code_scanning %} run using {% data variables.product.prodname_actions %} ({% data variables.product.prodname_codeql %} or third-party).
+
+After setting up {% data variables.product.prodname_code_scanning %} for your repository, you can watch the output of the actions as they run.
+
+{% data reusables.repositories.actions-tab %}
+
+  You'll see a list that includes an entry for running the {% data variables.product.prodname_code_scanning %} workflow. The text of the entry is the title you gave your commit message.
+
+  ![Actions list showing {% data variables.product.prodname_code_scanning %} workflow](/assets/images/help/repository/code-scanning-actions-list.png)
+
+1. Click the entry for the {% data variables.product.prodname_code_scanning %} workflow.
+
+2. Click the job name on the left. For example, **Analyze (LANGUAGE)**.
+
+  ![Log output from the {% data variables.product.prodname_code_scanning %} workflow](/assets/images/help/repository/code-scanning-logging-analyze-action.png)
+
+1. Review the logging output from the actions in this workflow as they run.
+
+1. Once all jobs are complete, you can view the details of any {% data variables.product.prodname_code_scanning %} alerts that were identified. For more information, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
+
+{% note %}
+
+**Note:** If you raised a pull request to add the {% data variables.product.prodname_code_scanning %} workflow to the repository, alerts from that pull request aren't displayed directly on the {% data variables.product.prodname_code_scanning_capc %} page until the pull request is merged. If any alerts were found you can view these, before the pull request is merged, by clicking the **_n_ alerts found** link in the banner on the {% data variables.product.prodname_code_scanning_capc %} page.
+
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1"%}
+  ![Click the "n alerts found" link](/assets/images/help/repository/code-scanning-alerts-found-link.png)
+{% else %}
+  ![Click the "n alerts found" link](/assets/images/enterprise/3.1/help/repository/code-scanning-alerts-found-link.png)
+{% endif %}
+
+{% endnote %}

content/code-security/secure-coding/integrating-with-code-scanning/sarif-support-for-code-scanning.md

@@ -32,7 +32,7 @@ To upload a SARIF file from a third-party static code analysis engine, you'll ne
 If you're using {% data variables.product.prodname_actions %} with the {% data variables.product.prodname_codeql_workflow %} or using the {% data variables.product.prodname_codeql_runner %}, then the {% data variables.product.prodname_code_scanning %} results will automatically use the supported subset of SARIF 2.1.0. For more information, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/code-security/secure-coding/setting-up-code-scanning-for-a-repository)" or "[Running {% data variables.product.prodname_codeql_runner %} in your CI system](/code-security/secure-coding/running-codeql-runner-in-your-ci-system)."
 
 {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}
-If you're using the {% data variables.product.prodname_codeql_cli %}, then you can specify the version of SARIF to use. For more information, see "[Running {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/running-codeql-cli-in-your-ci-system#uploading-results-to-github)."{% endif %}
+If you're using the {% data variables.product.prodname_codeql_cli %}, then you can specify the version of SARIF to use. For more information, see "[Configuring {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system#analyzing-a-codeql-database)."{% endif %}
 
 {% if currentVersion == "free-pro-team@latest" %}
 You can upload multiple SARIF files for the same tool and commit, and analyze each file using {% data variables.product.prodname_code_scanning %}. You can indicate a "category" for each analysis by specifying a `runAutomationDetails.id` in each file. Only SARIF files with the same category will overwrite each other. For more information about this property, see [`runAutomationDetails` object](#runautomationdetails-object) below.

content/code-security/secure-coding/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md

@@ -37,7 +37,7 @@ You can upload the results using {% data variables.product.prodname_actions %},
 
 - {% data variables.product.prodname_actions %} to run the {% data variables.product.prodname_codeql %} action, there is no further action required. The {% data variables.product.prodname_codeql %} action uploads the SARIF file automatically when it completes analysis.
 - {% data variables.product.prodname_actions %} to run a SARIF-compatible analysis tool, you could update the workflow to include a final step that uploads the results (see below). {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}
- - The {% data variables.product.prodname_codeql_cli %} to run {% data variables.product.prodname_code_scanning %} in your CI system, you can use the CLI to upload results to {% data variables.product.prodname_dotcom %} (for more information, see "[Running {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/running-codeql-cli-in-your-ci-system)").{% endif %}
+ - The {% data variables.product.prodname_codeql_cli %} to run {% data variables.product.prodname_code_scanning %} in your CI system, you can use the CLI to upload results to {% data variables.product.prodname_dotcom %} (for more information, see "[Installing {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system)").{% endif %}
 - The {% data variables.product.prodname_codeql_runner %}, to run {% data variables.product.prodname_code_scanning %} in your CI system, by default the runner automatically uploads results to {% data variables.product.prodname_dotcom %} on completion. If you block the automatic upload, when you are ready to upload results you can use the `upload` command (for more information, see "[Running {% data variables.product.prodname_codeql_runner %} in your CI system](/code-security/secure-coding/running-codeql-runner-in-your-ci-system)").
 - A tool that generates results as an artifact outside of your repository, you can use the {% data variables.product.prodname_code_scanning %} API to upload the file (for more information, see "[Upload an analysis as SARIF data](/rest/reference/code-scanning#upload-an-analysis-as-sarif-data)").
 

content/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system.md

@@ -19,6 +19,8 @@ topics:
 redirect_from:
   - /code-security/secure-coding/about-codeql-code-scanning-in-your-ci-system
 ---
+<!--UI-LINK: When GitHub Enterprise Server 3.1+ doesn't have GitHub Actions set up, the Security > Code scanning alerts view links to this article.-->
+
 {% data reusables.code-scanning.beta %}
 {% data reusables.code-scanning.enterprise-enable-code-scanning %}
 
@@ -26,9 +28,35 @@ redirect_from:
 
 {% data reusables.code-scanning.about-code-scanning %} For information, see "[About {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/about-code-scanning)."
 
-You can run {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} within {% data variables.product.product_name %} using actions. Alternatively, if you use a third-party continuous integration or continuous delivery/deployment (CI/CD) system, you can run {% data variables.product.prodname_codeql %} analysis in your existing system and upload the results to {% data variables.product.product_location %}.
+You can run {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} within {% data variables.product.product_name %} using {% data variables.product.prodname_actions %}. Alternatively, if you use a third-party continuous integration or continuous delivery/deployment (CI/CD) system, you can run {% data variables.product.prodname_codeql %} analysis in your existing system and upload the results to {% data variables.product.product_location %}.
 
-{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}
+<!--Content for GitHub.com, GHAE next, and GHES 3.2. Both CodeQL CLI and CodeQL runner are available, but CodeQL CLI preferred -->
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
+
+You add the {% data variables.product.prodname_codeql_cli %} to your third-party system, then call the tool to analyze code and upload the SARIF results to {% data variables.product.product_name %}. The resulting {% data variables.product.prodname_code_scanning %} alerts are shown alongside any alerts generated within {% data variables.product.product_name %}.
+
+{% data reusables.code-scanning.upload-sarif-ghas %}
+
+## About the {% data variables.product.prodname_codeql_cli %}
+
+{% data reusables.code-scanning.what-is-codeql-cli %}
+
+Use the {% data variables.product.prodname_codeql_cli %} to analyze:
+
+- Dynamic languages, for example, JavaScript and Python.
+- Compiled languages, for example, C/C++, C# and Java.
+- Codebases written in a mixture of languages.
+
+For more information, see "[Installing {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system)."
+
+{% data reusables.code-scanning.licensing-note %}
+
+{% data reusables.code-scanning.use-codeql-runner-not-cli %}
+
+{% endif %}
+
+<!--Content for GHES 3.1 only. Both CodeQL CLI and CodeQL runner are available -->
+{% if currentVersion == "enterprise-server@3.1" %}
 You add the {% data variables.product.prodname_codeql_cli %} or the {% data variables.product.prodname_codeql_runner %} to your third-party system, then call the tool to analyze code and upload the SARIF results to {% data variables.product.product_name %}. The resulting {% data variables.product.prodname_code_scanning %} alerts are shown alongside any alerts generated within {% data variables.product.product_name %}.
 
 {% data reusables.code-scanning.upload-sarif-ghas %}
@@ -44,22 +72,18 @@ Use the {% data variables.product.prodname_codeql_cli %} to analyze:
 - Dynamic languages, for example, JavaScript and Python.
 - Codebases with a compiled language that can be built with a single command or by running a single script.
 
-For more information, see "[Running {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/running-codeql-cli-in-your-ci-system)."
+For more information, see "[Installing {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system)."
 
-{% if currentVersion == "free-pro-team@latest" %}
-If you need to set up the CI system to orchestrate compiler invocations as well as running {% data variables.product.prodname_codeql %} analysis, you must use the {% data variables.product.prodname_codeql_runner %}.
-{% else %}
-You will need to use the {% data variables.product.prodname_codeql_runner %} if you need to:
-- Set up the CI system to orchestrate compiler invocations as well as running {% data variables.product.prodname_codeql %} analysis.
-- Analyze more than one language in a repository.
-{% endif %}
+{% data reusables.code-scanning.use-codeql-runner-not-cli %}
 
 {% data reusables.code-scanning.beta-codeql-runner %}
 
 For more information, see "[Running {% data variables.product.prodname_codeql_runner %} in your CI system](/code-security/secure-coding/running-codeql-runner-in-your-ci-system)."
 
-{% else %}
+{% endif %}
 
+<!--Content for GHAE and GHES 3.0 only. Only CodeQL runner is available -->
+{% if currentVersion == "enterprise-server@3.0" or currentVersion == "github-ae@latest" %}
 {% data reusables.code-scanning.upload-sarif-ghas %}
 
 You add the {% data variables.product.prodname_codeql_runner %} to your third-party system, then call the tool to analyze code and upload the SARIF results to {% data variables.product.product_name %}. The resulting {% data variables.product.prodname_code_scanning %} alerts are shown alongside any alerts generated within {% data variables.product.product_name %}.

content/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system.md

@@ -0,0 +1,287 @@
+---
+title: Configuring CodeQL CLI in your CI system
+shortTitle: Configuring CodeQL CLI
+intro: 'You can configure your continuous integration system to run the {% data variables.product.prodname_codeql_cli %}, perform {% data variables.product.prodname_codeql %} analysis, and upload the results to {% data variables.product.product_name %} for display as {% data variables.product.prodname_code_scanning %} alerts.'
+product: '{% data reusables.gated-features.code-scanning %}'
+miniTocMaxHeadingLevel: 3
+versions:
+  free-pro-team: '*'
+  enterprise-server: '>=3.1'
+  github-ae: 'next'
+type: how_to
+topics:
+  - Advanced Security
+  - Code scanning
+  - CodeQL
+  - Repositories
+  - Pull requests
+  - Integration
+  - CI
+  - SARIF
+---
+{% data reusables.code-scanning.enterprise-enable-code-scanning %}
+
+## About generating code scanning results with {% data variables.product.prodname_codeql_cli %}
+
+Once you've made the {% data variables.product.prodname_codeql_cli %} available to servers in your CI system, and ensured that they can authenticate with {% data variables.product.product_name %}, you're ready to generate data.
+
+You use three different commands to generate results and upload them to {% data variables.product.product_name %}:
+
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
+<!--Option to analyze multiple languages with one call-->
+1. `database create` to create a {% data variables.product.prodname_codeql %} database to represent the hierarchical structure of each supported programming language in the repository.
+2. ` database analyze` to run queries to analyze each {% data variables.product.prodname_codeql %} database and summarize the results in a SARIF file.
+3. `github upload-results` to upload the resulting SARIF files to {% data variables.product.product_name %} where the results are matched to a branch or pull request and displayed as {% data variables.product.prodname_code_scanning %} alerts.
+{% else %}
+<!--Only one language can be analyzed-->
+1. `database create` to create a {% data variables.product.prodname_codeql %} database to represent the hierarchical structure of a supported programming language in the repository.
+2. ` database analyze` to run queries to analyze the {% data variables.product.prodname_codeql %} database and summarize the results in a SARIF file.
+3. `github upload-results` to upload the resulting SARIF file to {% data variables.product.product_name %} where the results are matched to a branch or pull request and displayed as {% data variables.product.prodname_code_scanning %} alerts.
+{% endif %}
+
+You can display the command-line help for any command using the <nobr>`--help`</nobr> option.
+
+{% data reusables.code-scanning.upload-sarif-ghas %}
+
+## Creating {% data variables.product.prodname_codeql %} databases to analyze
+
+1. Check out the code that you want to analyze:
+    - For a branch, check out the head of the branch that you want to analyze.
+    - For a pull request, check out either the head commit of the pull request, or check out a {% data variables.product.product_name %}-generated merge commit of the pull request.
+2. Set up the environment for the codebase, making sure that any dependencies are available. For more information, see [Creating databases for non-compiled languages](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/#creating-databases-for-non-compiled-languages) and [Creating databases for compiled languages](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/#creating-databases-for-compiled-languages) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
+3. Find the build command, if any, for the codebase. Typically this is available in a configuration file in the CI system.
+4. Run `codeql database create` from the checkout root of your repository and build the codebase. 
+  {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
+  ```shell
+  # Single supported language - create one CodeQL databsae
+  codeql database create &lt;database&gt; --command&lt;build&gt; --language=&lt;language-identifier&gt; 
+
+  # Multiple supported languages - create one CodeQL database per langauge
+  codeql database create &lt;database&gt; --command&lt;build&gt; \
+        --db-cluster --language=&lt;language-identifier&gt;,&lt;language-identifier&gt; 
+  ```
+  {% else %}
+    ```shell
+  codeql database create &lt;database&gt; --command&lt;build&gt; --language=&lt;language-identifier&gt;
+  ```
+  {% endif %}
+  {% note %}
+
+  **Note:** If you use a containerized build, you need to run the {% data variables.product.prodname_codeql_cli %} inside the container where your build task takes place.
+
+  {% endnote %}
+
+| Option | Required | Usage |
+|--------|:--------:|-----|
+| `<database>` | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the name and location of a directory to create for the {% data variables.product.prodname_codeql %} database. The command will fail if you try to overwrite an existing directory. If you also specify `--db-cluster`, this is the parent directory and a subdirectory is created for each language analyzed.|
+| <nobr>`--language`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the identifier for the language to create a database for, one of: `{% data reusables.code-scanning.codeql-languages-keywords %}` (use `javascript` to analyze TypeScript code). {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}When used with <nobr>`--db-cluster`</nobr>, the option accepts a comma-separated list, or can be specified more than once.{% endif %}
+| <nobr>`--command`</nobr> | | Recommended. Use to specify the build command or script that invokes the build process for the codebase. Commands are run from the current folder or, where it is defined, from <nobr>`--source-root`</nobr>. Not needed for Python and JavaScript/TypeScript analysis. | {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
+| <nobr>`--db-cluster`</nobr> | | Optional. Use in multi-language codebases to generate one database for each language specified by <nobr>`--language`</nobr>.
+| <nobr>`--no-run-unnecessary-builds`</nobr> | | Recommended. Use to suppress the build command for languages where the {% data variables.product.prodname_codeql_cli %} does not need to monitor the build (for example, Python and JavaScript/TypeScript). {% endif %}
+| <nobr>`--source-root`</nobr> | | Optional. Use if you run the CLI outside the checkout root of the repository. By default, the `database create` command assumes that the current directory is the root directory for the source files, use this option to specify a different location. |
+
+For more information, see [Creating {% data variables.product.prodname_codeql %} databases](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
+
+### {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}Single language example{% else %}Basic example{% endif %}
+
+This example creates a {% data variables.product.prodname_codeql %} database for the repository checked out at `/checkouts/example-repo`. It uses the JavaScript extractor to create a hierarchical representation of the JavaScript and TypeScript code in the repository. The resulting database is stored in `/codeql-dbs/example-repo`.
+
+```
+$ codeql database create /codeql-dbs/example-repo --language=javascript \
+    --source-root /checkouts/example-repo
+
+> Initializing database at /codeql-dbs/example-repo.
+> Running command [/codeql-home/codeql/javascript/tools/autobuild.cmd]
+    in /checkouts/example-repo.
+> [build-stdout] Single-threaded extraction.
+> [build-stdout] Extracting
+... 
+> Finalizing database at /codeql-dbs/example-repo.
+> Successfully created database at /codeql-dbs/example-repo.
+```
+
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
+### Multiple language example
+
+This example creates two {% data variables.product.prodname_codeql %} databases for the repository checked out at `/checkouts/example-repo-multi`. It uses:
+
+- `--db-cluster` to request analysis of more than one language.
+- `--language` to specify which languages to create databases for.
+- `--command` to tell the tool the build command for the codebase, here `make`.
+- `--no-run-unnecessary-builds` to tell the tool to skip the build command for languages where it is not needed (like Python).
+
+The resulting databases are stored in `python` and `cpp` subdirectories of `/codeql-dbs/example-repo-multi`.
+
+```
+$ codeql database create /codeql-dbs/example-repo-multi \
+    --db-cluster --language python,cpp \
+    --command make --no-run-unnecessary-builds \
+    --source-root /checkouts/example-repo-multi
+Initializing databases at /codeql-dbs/example-repo-multi.
+Running build command: [make]
+[build-stdout] Calling python3 /codeql-bundle/codeql/python/tools/get_venv_lib.py
+[build-stdout] Calling python3 -S /codeql-bundle/codeql/python/tools/python_tracer.py -v -z all -c /codeql-dbs/example-repo-multi/python/working/trap_cache -p ERROR: 'pip' not installed.
+[build-stdout] /usr/local/lib/python3.6/dist-packages -R /checkouts/example-repo-multi
+[build-stdout] [INFO] Python version 3.6.9
+[build-stdout] [INFO] Python extractor version 5.16
+[build-stdout] [INFO] [2] Extracted file /checkouts/example-repo-multi/hello.py in 5ms
+[build-stdout] [INFO] Processed 1 modules in 0.15s
+[build-stdout] <output from calling 'make' to build the C/C++ code>
+Finalizing databases at /codeql-dbs/example-repo-multi.
+Successfully created databases at /codeql-dbs/example-repo-multi.
+$
+```
+{% endif %}
+
+## Analyzing a {% data variables.product.prodname_codeql %} database
+
+1. Create a {% data variables.product.prodname_codeql %} database (see above).
+2. Run `codeql database analyze` on the database and specify which queries to use.
+  ```shell
+  codeql database analyze &lt;database&gt; --format=&lt;format&gt; \
+      --output=&lt;output&gt;  &lt;queries&gt; 
+  ```
+
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
+{% note %}
+
+**Note:** If you analyze more than one {% data variables.product.prodname_codeql %} database for a single commit, you must specify a SARIF category for each set of results generated by this command. When you upload the results to {% data variables.product.product_name %}, {% data variables.product.prodname_code_scanning %} uses this category to store the results for each language separately. If you forget to do this, each upload overwrites the previous results.
+
+```shell
+codeql database analyze &lt;database&gt; --format=&lt;format&gt; \
+    --sarif-category=&lt;language-specifier&gt; --output=&lt;output&gt;  &lt;queries&gt; 
+```
+{% endnote %}
+{% endif %}
+
+| Option | Required | Usage |
+|--------|:--------:|-----|
+| `<database>` | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the path for the directory that contains the {% data variables.product.prodname_codeql %} database to analyze. |
+| `<queries>` | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the queries to run. To run the standard queries used for {% data variables.product.prodname_code_scanning %}, use: `<language>-code-scanning.qls` where `<language>` is the short code for the language of the database. To see the other query suites included in the {% data variables.product.prodname_codeql_cli %} bundle, look in `/<extraction-root>/codeql/qlpacks/codeql-<language>/codeql-suites`. For information about creating your own query suite, see [Creating CodeQL query suites](https://codeql.github.com/docs/codeql-cli/creating-codeql-query-suites/) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
+| <nobr>`--format`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the format for the results file generated by the command. For upload to {% data variables.product.company_short %} this should be: {% if currentVersion == "free-pro-team@latest" or currentVersion == "github-ae@latest" %}`sarif-latest`{% else %}`sarifv2.1.0`{% endif %}. For more information, see "[SARIF support for {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/sarif-support-for-code-scanning)."
+| <nobr>`--output`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify where to save the SARIF results file.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
+| <nobr>`--sarif-category`<nobr> | {% octicon "question" aria-label="Required with multiple results sets" %} | Optional for single database analysis. Required to define the language when you analyze multiple databases for a single commit in a repository. Specify a category to include in the SARIF results file for this analysis. A category is used to distinguish multiple analyses for the same tool and commit, but performed on different languages or different parts of the code.|{% endif %}
+| <nobr>`--threads`</nobr> | | Optional. Use if you want to use more than one thread to run queries. The default value is `1`. You can specify more threads to speed up query execution. To set the number of threads to the number of logical processors, specify `0`.
+| <nobr>`--verbose`</nobr> | | Optional. Use to get more detailed information about the analysis process{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %} and diagnostic data from the database creation process{% endif %}.
+
+For more information, see [Analyzing databases with the {% data variables.product.prodname_codeql_cli %}](https://codeql.github.com/docs/codeql-cli/analyzing-databases-with-the-codeql-cli/) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
+
+### Basic example
+
+This example analyzes a {% data variables.product.prodname_codeql %} database stored at `/codeql-dbs/example-repo` and saves the results as a SARIF file: `/temp/example-repo-js.sarif`. {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}It uses `--sarif-category` to include extra information in the SARIF file that identifies the results as JavaScript. This is essential when you have more than one {% data variables.product.prodname_codeql %} database to analyze for a single commit in a repository.{% endif %}
+
+```
+$ codeql database analyze /codeql-dbs/example-repo  \
+    javascript-code-scanning.qls {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}--sarif-category=javascript{% endif %}
+    --format={% if currentVersion == "free-pro-team@latest" or currentVersion == "github-ae@latest" %}sarif-latest{% else %}sarifv2.1.0{% endif %} --output=/temp/example-repo-js.sarif
+
+> Running queries.
+> Compiling query plan for /codeql-home/codeql/qlpacks/
+    codeql-javascript/AngularJS/DisablingSce.ql.
+... 
+> Shutting down query evaluator.
+> Interpreting results.
+```
+
+## Uploading results to {% data variables.product.product_name %}
+
+{% data reusables.code-scanning.upload-sarif-alert-limit %}
+
+Before you can upload results to {% data variables.product.product_name %}, you must determine the best way to pass the {% data variables.product.prodname_github_app %} or personal access token you created earlier to the {% data variables.product.prodname_codeql_cli %} (see [Installing {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system#generating-a-token-for-authentication-with-github)). We recommend that you review your CI system's guidance on the secure use of a secret store. The {% data variables.product.prodname_codeql_cli %} supports:
+
+- Passing the token to the CLI via standard input using the `--github-auth-stdin` option (recommended).
+- Saving the secret in the environment variable `GITHUB_TOKEN` and running the CLI without including the `--github-auth-stdin` option.
+
+When you have decided on the most secure and reliable method for your CI server, run `codeql github upload-results` on each SARIF results file and include `--github-auth-stdin` unless the token is available in the environment variable `GITHUB_TOKEN`.
+
+  ```shell
+  echo "$UPLOAD_TOKEN" | codeql github upload-results --repository=&lt;repository-name&gt; \
+      --ref=&lt;ref&gt; --commit=&lt;commit&gt; --sarif=&lt;file&gt; \
+      {% if currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}--github-url=&lt;URL&gt; {% endif %}--github-auth-stdin
+  ```
+
+| Option | Required | Usage |
+|--------|:--------:|-----|
+| <nobr>`--repository`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the *OWNER/NAME* of the repository to upload data to. The owner must be an organization within an enterprise that has a license for {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_GH_advanced_security %} must be enabled for the repository{% if currentVersion == "free-pro-team@latest" %}, unless the repository is public{% endif %}. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."
+| <nobr>`--ref`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the name of the `ref` you checked out and analyzed so that the results can be matched to the correct code. For a branch use: `refs/heads/BRANCH-NAME`, for the head commit of a pull request use `refs/pulls/NUMBER/head`, or for the {% data variables.product.product_name %}-generated merge commit of a pull request use `refs/pulls/NUMBER/merge`.
+| <nobr>`--commit`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the full SHA of the commit you analyzed.
+| <nobr>`--sarif`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the SARIF file to load.{% if currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}
+| <nobr>`--github-url`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the URL for {% data variables.product.product_name %}.{% endif %}
+| <nobr>`--github-auth-stdin`</nobr> | | Optional. Use to pass the CLI the {% data variables.product.prodname_github_app %} or personal access token created for authentication with {% data variables.product.company_short %}'s REST API via standard input. This is not needed if the command has access to a `GITHUB_TOKEN` environment variable set with this token.
+
+For more information, see [github upload-results](https://codeql.github.com/docs/codeql-cli/manual/github-upload-results/) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
+
+### Basic example
+
+This example uploads results from the SARIF file `temp/example-repo-js.sarif` to the repository `my-org/example-repo`. It tells the {% data variables.product.prodname_code_scanning %} API that the results are for the commit `deb275d2d5fe9a522a0b7bd8b6b6a1c939552718` on the `main` branch.
+
+```
+$ echo $UPLOAD_TOKEN | codeql  github upload-results --repository=my-org/example-repo \
+    --ref=refs/heads/main --commit=deb275d2d5fe9a522a0b7bd8b6b6a1c939552718 \
+    --sarif=/temp/example-repo-js.sarif {% if currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}--github-url={% data variables.command_line.git_url_example %} \
+    {% endif %}--github-auth-stdin
+```
+
+There is no output from this command unless the upload was unsuccessful. The command prompt returns when the upload is complete and data processing has begun. On smaller codebases, you should be able to explore the {% data variables.product.prodname_code_scanning %} alerts in {% data variables.product.product_name %} shortly afterward. You can see alerts directly in the pull request or on the **Security** tab for branches, depending on the code you checked out. For more information, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)" and "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)."
+
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
+## Example CI configuration for {% data variables.product.prodname_codeql %} analysis
+
+This is an example of the series of commands that you might use to analyze a codebase with two supported languages and then upload the results to {% data variables.product.product_name %}.
+
+```shell
+# Create CodeQL databases for Java and Python in the 'codeql-dbs' directory
+# Call the normal build script for the codebase: 'myBuildScript'
+
+codeql database create codeql-dbs --source-root=src \
+    --db-cluster --language=java,python --command=./myBuildScript
+
+# Analyze the CodeQL database for Java, 'codeql-dbs/java'
+# Tag the data as 'java' results and store in: 'java-results.sarif'
+
+codeql database analyze codeql-dbs/java java-code-scanning.qls \
+    --format=sarif-latest --sarif-category=java --output=java-results.sarif
+
+# Analyze the CodeQL database for Python, 'codeql-dbs/python'
+# Tag the data as 'python' results and store in: 'python-results.sarif'
+
+codeql database analyze codeql-dbs/python python-code-scanning.qls \
+    --format=sarif-latest --sarif-category=python --output=python-results.sarif
+
+# Upload the SARIF file with the Java results: 'java-results.sarif'
+
+echo $UPLOAD_TOKEN | codeql github upload-results --repository=my-org/example-repo \
+    --ref=refs/heads/main --commit=deb275d2d5fe9a522a0b7bd8b6b6a1c939552718 \
+    --sarif=java-results.sarif --github-auth-stdin
+
+# Upload the SARIF file with the Python results: 'python-results.sarif'
+
+echo $UPLOAD_TOKEN | codeql github upload-results --repository=my-org/example-repo \
+    --ref=refs/heads/main --commit=deb275d2d5fe9a522a0b7bd8b6b6a1c939552718 \
+    --sarif=python-results.sarif --github-auth-stdin
+```
+
+## Troubleshooting the {% data variables.product.prodname_codeql_cli %} in your CI system
+
+### Viewing log and diagnostic information
+
+When you analyze a {% data variables.product.prodname_codeql %} database using a {% data variables.product.prodname_code_scanning %} query suite, in addition to generating detailed information about alerts, the CLI reports diagnostic data from the database generation step and summary metrics. For repositories with few alerts, you may find this information useful for determining if there are genuinely few problems in the code, or if there were errors generating the {% data variables.product.prodname_codeql %} database. For more detailed output from `codeql database analyze`, use the `--verbose` option.
+
+For more information about the type of diagnostic information available, see "[Viewing {% data variables.product.prodname_code_scanning %} logs](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/viewing-code-scanning-logs#about-analysis-and-diagnostic-information)".
+
+### {% data variables.product.prodname_code_scanning_capc %} only shows analysis results from one of the analyzed languages
+
+By default, {% data variables.product.prodname_code_scanning %} expects one SARIF results file per analysis for a repository. Consequently, when you upload a second SARIF results file for a commit, it is treated as a replacement for the original set of data.
+
+If you want to upload more than one set of results to the {% data variables.product.prodname_code_scanning %} API for a commit in a repository, you must identify each set of results as a unique set. For repositories where you create more than one {% data variables.product.prodname_codeql %} database to analyze for each commit, use the `--sarif-category` option to specify a language or other unique category for each SARIF file that you generate for that repository.
+
+### Alternative if your CI system cannot trigger the {% data variables.product.prodname_codeql_cli %}
+
+{% data reusables.code-scanning.use-codeql-runner-not-cli %}
+
+{% endif %}
+
+## Further reading
+
+- [Creating CodeQL databases](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/)
+- [Analyzing databases with the CodeQL CLI](https://codeql.github.com/docs/codeql-cli/analyzing-databases-with-the-codeql-cli/)

content/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/index.md

@@ -18,7 +18,8 @@ topics:
   - CodeQL
 children:
   - /about-codeql-code-scanning-in-your-ci-system
-  - /running-codeql-cli-in-your-ci-system
+  - /installing-codeql-cli-in-your-ci-system
+  - /configuring-codeql-cli-in-your-ci-system
   - /running-codeql-runner-in-your-ci-system
   - /configuring-codeql-runner-in-your-ci-system
   - /troubleshooting-codeql-runner-in-your-ci-system

content/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system.md

@@ -0,0 +1,99 @@
+---
+title: Installing CodeQL CLI in your CI system
+shortTitle: Installing CodeQL CLI
+intro: 'You can install the {% data variables.product.prodname_codeql_cli %} and use it to perform {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} in a third-party continuous integration system.'
+product: '{% data reusables.gated-features.code-scanning %}'
+miniTocMaxHeadingLevel: 3
+versions:
+  free-pro-team: '*'
+  enterprise-server: '>=3.1'
+  github-ae: 'next'
+type: how_to
+topics:
+  - Advanced Security
+  - Code scanning
+  - CodeQL
+  - Repositories
+  - Pull requests
+  - Integration
+  - CI
+  - SARIF
+redirect_from:
+  - /code-security/secure-coding/running-codeql-cli-in-your-ci-system
+  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-cli-in-your-ci-system
+---
+{% data reusables.code-scanning.enterprise-enable-code-scanning %}
+
+## About using the {% data variables.product.prodname_codeql_cli %} for {% data variables.product.prodname_code_scanning %}
+
+You can use the {% data variables.product.prodname_codeql_cli %} to run {% data variables.product.prodname_code_scanning %} on code that you're processing in a third-party continuous integration (CI) system. {% data reusables.code-scanning.about-code-scanning %} For information, see "[About {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/about-code-scanning)."
+
+{% data reusables.code-scanning.what-is-codeql-cli %}
+
+Alternatively, you can use {% data variables.product.prodname_actions %} to run {% data variables.product.prodname_code_scanning %} within {% data variables.product.product_name %}. For information about {% data variables.product.prodname_code_scanning %} using actions, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/code-security/secure-coding/setting-up-code-scanning-for-a-repository)." For an overview of the options for CI systems, see "[About CodeQL {% data variables.product.prodname_code_scanning %} in your CI system](/code-security/secure-coding/about-codeql-code-scanning-in-your-ci-system)".
+
+{% data reusables.code-scanning.licensing-note %}
+
+## Downloading the {% data variables.product.prodname_codeql_cli %}
+
+You should download the {% data variables.product.prodname_codeql %} bundle from https://github.com/github/codeql-action/releases. The bundle contains:
+
+- {% data variables.product.prodname_codeql_cli %} product
+- A compatible version of the queries and libraries from https://github.com/github/codeql
+- Precompiled versions of all the queries included in the bundle
+
+You should always use the {% data variables.product.prodname_codeql %} bundle as this ensures compatibility and also gives much better performance than a separate download of the {% data variables.product.prodname_codeql_cli %} and checkout of the {% data variables.product.prodname_codeql %} queries. If you will only be running the CLI on one specific platform, download the appropriate `codeql-bundle-PLATFORM.tar.gz` file. Alternatively, you can download `codeql-bundle.tar.gz`, which contains the CLI for all supported platforms.
+
+## Setting up the {% data variables.product.prodname_codeql_cli %} in your CI system
+
+You need to make the full contents of the {% data variables.product.prodname_codeql_cli %} bundle available to every CI server that you want to run CodeQL {% data variables.product.prodname_code_scanning %} analysis on. For example, you might configure each server to copy the bundle from a central, internal location and extract it. Alternatively, you could use the REST API to get the bundle directly from {% data variables.product.prodname_dotcom %}, ensuring that you benefit from the latest improvements to queries. Updates to the {% data variables.product.prodname_codeql_cli %} are released every 2-3 weeks. For example:
+
+```shell
+$ wget https://{% if currentVersion == "free-pro-team@latest" %}github.com{% else %}<em>HOSTNAME</em>{% endif %}/github/codeql-action/releases/latest/download/codeql-bundle-linux64.tar.gz
+$ tar -xvzf ../codeql-bundle-linux64.tar.gz
+```
+
+After you extract the {% data variables.product.prodname_codeql_cli %} bundle, you can run the `codeql` executable on the server:
+
+- By executing `/<extraction-root>/codeql/codeql`, where `<extraction-root>` is the folder where you extracted the {% data variables.product.prodname_codeql_cli %} bundle.
+- By adding `/<extraction-root>/codeql` to your `PATH`, so that you can run the executable as just `codeql`.
+
+## Testing the {% data variables.product.prodname_codeql_cli %} set up
+
+After you extract the {% data variables.product.prodname_codeql_cli %} bundle, you can run the following command to verify that the CLI is correctly set up to create and analyze databases.
+
+- `codeql resolve qlpacks` if `/<extraction-root>/codeql` is on the `PATH`.
+- `/<extraction-root>/codeql/codeql resolve qlpacks` otherwise.
+
+**Extract from successful output:**
+```
+codeql-cpp (/<extraction-root>/codeql/qlpacks/codeql-cpp)
+codeql-cpp-examples (/<extraction-root>/codeql/qlpacks/codeql-cpp-examples)
+codeql-cpp-upgrades (/<extraction-root>/codeql/qlpacks/codeql-cpp-upgrades)
+codeql-csharp (/<extraction-root>/codeql/qlpacks/codeql-csharp)
+codeql-csharp-examples (/<extraction-root>/codeql/qlpacks/codeql-csharp-examples)
+codeql-csharp-upgrades (/<extraction-root>/codeql/qlpacks/codeql-csharp-upgrades)
+codeql-go (/<extraction-root>/codeql/qlpacks/codeql-go)
+codeql-go-examples (/<extraction-root>/codeql/qlpacks/codeql-go-examples)
+codeql-go-upgrades (/<extraction-root>/codeql/qlpacks/codeql-go-upgrades)
+codeql-java (/<extraction-root>/codeql/qlpacks/codeql-java)
+codeql-java-examples (/<extraction-root>/codeql/qlpacks/codeql-java-examples)
+codeql-java-upgrades (/<extraction-root>/codeql/qlpacks/codeql-java-upgrades)
+codeql-javascript (/<extraction-root>/codeql/qlpacks/codeql-javascript)
+codeql-javascript-examples (/<extraction-root>/codeql/qlpacks/codeql-javascript-examples)
+codeql-javascript-upgrades (/<extraction-root>/codeql/qlpacks/codeql-javascript-upgrades)
+codeql-python (/<extraction-root>/codeql/qlpacks/codeql-python)
+codeql-python-examples (/<extraction-root>/codeql/qlpacks/codeql-python-examples)
+codeql-python-upgrades (/<extraction-root>/codeql/qlpacks/codeql-python-upgrades)
+...
+```
+
+You should check that the output contains the expected languages and also that the directory location for the qlpack files is correct. The location should be within the extracted {% data variables.product.prodname_codeql_cli %} bundle, shown above as `<extraction root>`, unless you are using a checkout of `github/codeql`. If the {% data variables.product.prodname_codeql_cli %} is unable to locate the qlpacks for the expected languages, check that you downloaded the {% data variables.product.prodname_codeql %} bundle and not a standalone copy of the {% data variables.product.prodname_codeql_cli %}.
+
+## Generating a token for authentication with {% data variables.product.product_name %}
+
+Each CI server needs a {% data variables.product.prodname_github_app %} or personal access token for the {% data variables.product.prodname_codeql_cli %} to use to upload results to {% data variables.product.product_name %}. You must use an access token or a {% data variables.product.prodname_github_app %} with the `security_events` write permission. If CI servers already use a token with this scope to checkout repositories from {% data variables.product.product_name %}, you could potentially allow the {% data variables.product.prodname_codeql_cli %} to use the same token. Otherwise, you should create a new token with the `security_events` write permission and add this to the CI system's secret store. For information, see "[Building {% data variables.product.prodname_github_apps %}](/developers/apps/building-github-apps)" and "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
+
+## Next steps
+
+You're now ready to configure the CI system to run {% data variables.product.prodname_codeql %} analysis, generate results, and upload them to {% data variables.product.product_name %} where the results will be matched to a branch or pull request and displayed as {% data variables.product.prodname_code_scanning %} alerts. For detailed information, see "[Configuring {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system)."

content/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-cli-in-your-ci-system.md

@@ -1,225 +0,0 @@
----
-title: Running CodeQL CLI in your CI system
-shortTitle: Running CodeQL CLI
-intro: 'You can use the {% data variables.product.prodname_codeql_cli %} to perform {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} in a third-party continuous integration system.'
-product: '{% data reusables.gated-features.code-scanning %}'
-miniTocMaxHeadingLevel: 3
-versions:
-  free-pro-team: '*'
-  enterprise-server: '>=3.1'
-  github-ae: 'next'
-type: how_to
-topics:
-  - Advanced Security
-  - Code scanning
-  - CodeQL
-  - Repositories
-  - Pull requests
-  - Integration
-  - CI
-  - SARIF
-redirect_from:
-  - /code-security/secure-coding/running-codeql-cli-in-your-ci-system
----
-{% data reusables.code-scanning.enterprise-enable-code-scanning %}
-
-## About the {% data variables.product.prodname_codeql_cli %}
-
-You can use the {% data variables.product.prodname_codeql_cli %} to run {% data variables.product.prodname_code_scanning %} on code that you're processing in a third-party continuous integration (CI) system. {% data reusables.code-scanning.about-code-scanning %} For information, see "[About {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/about-code-scanning)."
-
-{% data reusables.code-scanning.what-is-codeql-cli %}
-
-Alternatively, you can use {% data variables.product.prodname_codeql_runner %} in your CI system, or {% data variables.product.prodname_actions %} to run {% data variables.product.prodname_code_scanning %} within {% data variables.product.product_name %}. For an overview of the options for CI systems, see "[About CodeQL {% data variables.product.prodname_code_scanning %} in your CI system](/code-security/secure-coding/about-codeql-code-scanning-in-your-ci-system)". For information about {% data variables.product.prodname_code_scanning %} using actions, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/code-security/secure-coding/setting-up-code-scanning-for-a-repository)."
-
-{% note %}
-
-**Note:** {% if currentVersion == "free-pro-team@latest" %}
-The {% data variables.product.prodname_codeql_cli %} is free to use on public repositories that are maintained on {% data variables.product.prodname_dotcom_the_website %}, and available to use on private repositories that are owned by customers with an {% data variables.product.prodname_advanced_security %} license. For information, see "[{% data variables.product.product_name %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://securitylab.github.com/tools/codeql/license)" and "[{% data variables.product.prodname_codeql %} CLI](https://codeql.github.com/docs/codeql-cli/)."
-{%- else %}The {% data variables.product.prodname_codeql_cli %} is available to customers with an {% data variables.product.prodname_advanced_security %} license.
-{% endif %}
-{% endnote %}
-
-## Downloading the {% data variables.product.prodname_codeql_cli %}
-
-You should download the {% data variables.product.prodname_codeql %} bundle from https://github.com/github/codeql-action/releases. The bundle contains:
-
-- {% data variables.product.prodname_codeql_cli %} product
-- A compatible version of the queries and libraries from https://github.com/github/codeql
-- Precompiled versions of all the queries included in the bundle
-
-You should always use the {% data variables.product.prodname_codeql %} bundle as this ensures compatibility and also gives much better performance than a separate download of the {% data variables.product.prodname_codeql_cli %} and checkout of the {% data variables.product.prodname_codeql %} queries. If you will only be running the CLI on one specific platform, download the appropriate `codeql-bundle-PLATFORM.tar.gz` file. Alternatively, you can download `codeql-bundle.tar.gz`, which contains the CLI for all supported platforms.
-
-## Setting up the {% data variables.product.prodname_codeql_cli %} in your CI system
-
-You need to make the full contents of the {% data variables.product.prodname_codeql_cli %} bundle available to every CI server that you want to run CodeQL {% data variables.product.prodname_code_scanning %} analysis on. For example, you might configure each server to copy the bundle from a central, internal location and extract it. Alternatively, you could use the REST API to get the bundle directly from {% data variables.product.prodname_dotcom %}, ensuring that you benefit from the latest improvements to queries. Updates to the {% data variables.product.prodname_codeql_cli %} are released every 2-3 weeks. For example:
-
-```shell
-$ wget https://{% if currentVersion == "free-pro-team@latest" %}github.com{% else %}<em>HOSTNAME</em>{% endif %}/github/codeql-action/releases/latest/download/codeql-bundle-linux64.tar.gz
-$ tar -xvzf ../codeql-bundle-linux64.tar.gz
-```
-
-After you extract the {% data variables.product.prodname_codeql_cli %} bundle, you can run the `codeql` executable on the server:
-
-- By executing `/extraction-root/codeql/codeql`, where `<extraction-root>` is the folder where you extracted the {% data variables.product.prodname_codeql_cli %} bundle.
-- By adding `/extraction-root/codeql` to your `PATH`, so that you can run the executable as just `codeql`.
-
-## Testing the {% data variables.product.prodname_codeql_cli %} set up
-
-After you extract the {% data variables.product.prodname_codeql_cli %} bundle, you can run the following command to verify that the CLI is correctly set up to create and analyze databases.
-
-- `codeql resolve languages` if `/extraction-root/codeql` is on the `PATH`.
-- `/extraction-root/codeql/codeql resolve languages` otherwise.
-
-**Example of successful output:**
-```
-cpp (/extraction-root/codeql/cpp)
-csharp (/extraction-root/codeql/csharp)
-csv (/extraction-root/codeql/csv)
-go (/extraction-root/codeql/go)
-html (/extraction-root/codeql/html)
-java (/extraction-root/codeql/java)
-javascript (/extraction-root/codeql/javascript)
-properties (/extraction-root/codeql/properties)
-python (/extraction-root/codeql/python)
-xml (/extraction-root/codeql/xml)
-```
-
-If the {% data variables.product.prodname_codeql_cli %} is unable to resolve the expected languages, check that you downloaded the {% data variables.product.prodname_codeql %} bundle and not a standalone copy of the {% data variables.product.prodname_codeql_cli %}.
-
-## Generating a token for authentication with {% data variables.product.product_name %}
-
-Each CI server needs a {% data variables.product.prodname_github_app %} or personal access token for the {% data variables.product.prodname_codeql_cli %} to use to upload results to {% data variables.product.product_name %}. You must use an access token or a {% data variables.product.prodname_github_app %} with the `security_events` write permission. If CI servers already use a token with this scope to checkout repositories from {% data variables.product.product_name %}, you could potentially allow the {% data variables.product.prodname_codeql_cli %} to use the same token. Otherwise, you should create a new token with the `security_events` write permission and add this to the CI system's secret store. For information, see "[Building {% data variables.product.prodname_github_apps %}](/developers/apps/building-github-apps)" and "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
-
-## Using the {% data variables.product.prodname_codeql_cli %} to generate data and upload it to {% data variables.product.product_name %}
-
-You call the {% data variables.product.prodname_codeql_cli %} to analyze the codebase in three steps:
-
-1. Create a {% data variables.product.prodname_codeql %} database to represent a single programming language in the repository using: `codeql database create`
-2. Run queries to analyze the {% data variables.product.prodname_codeql %} database and summarize the results in a SARIF file using: `codeql database analyze`
-3. Upload the SARIF file to {% data variables.product.product_name %} where the results are matched to a branch or pull request and displayed as {% data variables.product.prodname_code_scanning %} alerts using: `codeql github upload-results`
-
-Each command has a few mandatory options with additional options that you can use to modify the behavior of the command. You can display the command-line help for any command using the <nobr>`--help`</nobr> option.
-
-{% data reusables.code-scanning.upload-sarif-ghas %}
-
-### Creating a {% data variables.product.prodname_codeql %} database to analyze
-
-1. Check out the code that you want to analyze:
-    - For a branch checkout the head of the branch that you want to analyze.
-    - For a pull request checkout either the head commit of the pull request, or check out a {% data variables.product.product_name %}-generated merge commit of the pull request.
-2. Set up the environment for the codebase, making sure that any dependencies are available. For more information, see [Creating databases for non-compiled languages](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/#creating-databases-for-non-compiled-languages) and [Creating databases for compiled languages](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/#creating-databases-for-compiled-languages) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
-3. Run `codeql database create` from the checkout root of your repository.
-  ```shell
-  codeql database create &lt;database&gt; --language=&lt;language-identifier&gt;
-  ```
-  {% note %}
-
-  **Note:** If you use a containerized build, you need to run the {% data variables.product.prodname_codeql_cli %} inside the container where your build task takes place.
-
-  {% endnote %}
-
-| Option | Required | Usage |
-|--------|:--------:|-----|
-| `<database>` | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the name and location of a directory to create for the {% data variables.product.prodname_codeql %} database. The command will fail if you try to overwrite an existing directory. |
-| <nobr>`--language`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the identifier for the language to create a database for, one of: `{% data reusables.code-scanning.codeql-languages-keywords %}` (use `javascript` to analyze TypeScript code).
-| <nobr>`--source-root`</nobr> | | Optional. Use if you run the CLI outside the checkout root of the repository. By default, the `database create` command assumes that the current directory is the root directory for the source files, use this option to specify a different location. |
-| <nobr>`--command`</nobr> | | Optional for compiled languages. Use if you want to override the CLI's automatic build system detection and compilation. Specify the build command or script that invokes the compiler. Commands are run from the current folder or, where it is defined, from <nobr>`--source-root`</nobr>. Do not use this option for Python and JavaScript/TypeScript analysis. |
-
-For more information, see [Creating {% data variables.product.prodname_codeql %} databases](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
-
-#### Basic example
-
-```
-$ codeql database create /codeql-dbs/example-repo --language=javascript \
-    --source-root /checkouts/example-repo
-
-> Initializing database at /codeql-dbs/example-repo.
-> Running command [/codeql-home/codeql/javascript/tools/autobuild.cmd]
-    in /checkouts/example-repo.
-> [build-stdout] Single-threaded extraction.
-> [build-stdout] Extracting
-... 
-> Finalizing database at /codeql-dbs/example-repo.
-> Successfully created database at /codeql-dbs/example-repo.
-```
-
-For more information and examples, see [Creating {% data variables.product.prodname_codeql %} databases ](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
-
-### Analyzing a {% data variables.product.prodname_codeql %} database
-
-1. Create a {% data variables.product.prodname_codeql %} database (see above).
-2. Run `codeql database analyze` on the database and specify which queries to use.
-  ```shell
-  codeql database analyze &lt;database&gt; --format=&lt;format&gt; \
-      --output=&lt;output&gt;  &lt;queries&gt; 
-  ```
-
-| Option | Required | Usage |
-|--------|:--------:|-----|
-| `<database>` | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the path for the directory that contains the {% data variables.product.prodname_codeql %} database to analyze. |
-| `<queries>` | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the queries to run. To run the standard queries used for {% data variables.product.prodname_code_scanning %}, use: `<language>-code-scanning.qls` where `<language>` is the short code for the language of the database. To see the other query suites included in the {% data variables.product.prodname_codeql_cli %} bundle look in `/extraction-root/codeql/qlpacks/codeql-<language>/codeql-suites`. For information about creating your own query suite, see [Creating CodeQL query suites](https://codeql.github.com/docs/codeql-cli/creating-codeql-query-suites/) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
-| <nobr>`--format`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the format for the results file generated by the command. For upload to {% data variables.product.company_short %} this should be: {% if currentVersion == "free-pro-team@latest" %}`sarif-latest`{% else %}`sarifv2.1.0`{% endif %}. For more information, see "[SARIF support for {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/sarif-support-for-code-scanning)."
-| <nobr>`--output`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify where to save the SARIF results file.{% if currentVersion == "free-pro-team@latest" %}
-| <nobr>`--sarif-category`<nobr> | | Optional. Specify a category to include in the SARIF results  file for this analysis. A category can be used to distinguish multiple analyses for the same tool and commit, but performed on different languages or different parts of the code. This value will appear in the `<run>.automationId` property in SARIF v1, the `<run>.automationLogicalId` property in SARIF v2, and the `<run>.automationDetails.id` property in SARIF v2.1.0. |{% endif %}
-| <nobr>`--threads`</nobr> | | Optional. Use if you want to use more than one thread to run queries. The default value is `1`. You can specify more threads to speed up query execution. To set the number of threads to the number of logical processors, specify `0`.
-
-For more information, see [Analyzing databases with the {% data variables.product.prodname_codeql_cli %}](https://codeql.github.com/docs/codeql-cli/analyzing-databases-with-the-codeql-cli/) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
-
-#### Basic example
-
-```
-$ codeql database analyze /codeql-dbs/example-repo  \
-    javascript-code-scanning.qls --format={% if currentVersion == "free-pro-team@latest" %}sarif-latest{% else %}sarifv2.1.0{% endif %} \
-    --output=/temp/example-repo-js.sarif
-
-> Running queries.
-> Compiling query plan for /codeql-home/codeql/qlpacks/
-    codeql-javascript/AngularJS/DisablingSce.ql.
-... 
-> Shutting down query evaluator.
-> Interpreting results.
-```
-
-### Uploading results to {% data variables.product.product_name %}
-
-{% data reusables.code-scanning.upload-sarif-alert-limit %}
-
-Before you can upload results to {% data variables.product.product_name %}, you must determine the best way to pass the {% data variables.product.prodname_github_app %} or personal access token you created earlier to the {% data variables.product.prodname_codeql_cli %} (see [Generating a token for authentication with {% data variables.product.product_name %}](#generating-a-token-for-authentication-with-github) above). We recommend that you review your CI system's guidance on the secure use of the secret store. The {% data variables.product.prodname_codeql_cli %} supports:
-
-- Passing the token to the CLI via standard input using the `--github-auth-stdin` option (recommended).
-- Saving the secret in the environment variable `GITHUB_TOKEN` and running the CLI without including the `--github-auth-stdin` option.
-
-When you have decided on the most secure and reliable method for your CI server, run `codeql github upload-results` on the SARIF results file and include `--github-auth-stdin` unless the token is available in the environment variable `GITHUB_TOKEN`.
-
-  ```shell
-  echo "$UPLOAD_TOKEN" | codeql github upload-results --repository=&lt;repository-name&gt; \
-      --ref=&lt;ref&gt; --commit=&lt;commit&gt; --sarif=&lt;file&gt; \
-      {% if currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}--github-url=&lt;URL&gt; {% endif %}--github-auth-stdin
-  ```
-
-| Option | Required | Usage |
-|--------|:--------:|-----|
-| <nobr>`--repository`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the *OWNER/NAME* of the repository to upload data to. The owner must be an organization within an enterprise that has a license for {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_GH_advanced_security %} must be enabled for the repository{% if currentVersion == "free-pro-team@latest" %}, unless the repository is public{% endif %}. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."
-| <nobr>`--ref`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the name of the `ref` you checked out and analyzed so that the results can be matched to the correct code. For a branch use: `refs/heads/BRANCH-NAME`, for the head commit of a pull request use `refs/pulls/NUMBER/head`, or for the {% data variables.product.product_name %}-generated merge commit of a pull request use `refs/pulls/NUMBER/merge`.
-| <nobr>`--commit`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the full SHA of the commit you analyzed.
-| <nobr>`--sarif`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the SARIF file to load.{% if currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}
-| <nobr>`--github-url`</nobr> | {% octicon "check-circle-fill" aria-label="Required" %} | Specify the URL for {% data variables.product.product_name %}.{% endif %}
-| <nobr>`--github-auth-stdin`</nobr> | | Optional. Use to pass the CLI the {% data variables.product.prodname_github_app %} or personal access token created for authentication with {% data variables.product.company_short %}'s REST API via standard input. This is not needed if the command has access to a `GITHUB_TOKEN` environment variable set with this token.
-
-For more information, see [github upload-results](https://codeql.github.com/docs/codeql-cli/manual/github-upload-results/) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
-
-#### Basic example
-
-```
-$ echo $UPLOAD_TOKEN | codeql  github upload-results --repository=my-org/example-repo \
-    --ref=refs/heads/main --commit=deb275d2d5fe9a522a0b7bd8b6b6a1c939552718 \
-    --sarif=/temp/example-repo-js.sarif {% if currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}--github-url={% data variables.command_line.git_url_example %} \
-    {% endif %}--github-auth-stdin
-```
-
-There is no output from this command unless the upload was unsuccessful. The command prompt returns when the upload is complete and data processing has begun. On smaller codebases, you should be able to explore the {% data variables.product.prodname_code_scanning %} alerts in {% data variables.product.product_name %} shortly afterward. Alerts are shown directly in the pull request or on the **Security** tab for branches, depending on the code that was checked out. For more information, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)" and "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)."
-
-## Further reading
-
-- [Creating CodeQL databases](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/)
-- [Analyzing databases with the CodeQL CL](https://codeql.github.com/docs/codeql-cli/analyzing-databases-with-the-codeql-cli/)

content/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system.md

@@ -24,7 +24,7 @@ topics:
   - SARIF
 ---
 <!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
-<!--UI-LINK: When GitHub Enterprise Server doesn't have GitHub Actions set up, the Security > Code scanning alerts view links to this article.-->
+<!--UI-LINK: When GitHub Enterprise Server <=3.0 doesn't have GitHub Actions set up, the Security > Code scanning alerts view links to this article.-->
 
 {% data reusables.code-scanning.beta-codeql-runner %}
 {% data reusables.code-scanning.beta %}
@@ -44,7 +44,7 @@ The {% data variables.product.prodname_codeql_runner %} is a command-line tool t
 
 {% note %}
 
-**Note:** 
+**Note:**
 {% if currentVersion == "free-pro-team@latest" %}
 * The {% data variables.product.prodname_codeql_runner %} uses the {% data variables.product.prodname_codeql %} CLI to analyze code and therefore has the same license conditions. It's free to use on public repositories that are maintained on {% data variables.product.prodname_dotcom_the_website %}, and available to use on private repositories that are owned by customers with an {% data variables.product.prodname_advanced_security %} license. For information, see "[{% data variables.product.product_name %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://securitylab.github.com/tools/codeql/license)" and "[{% data variables.product.prodname_codeql %} CLI](https://codeql.github.com/docs/codeql-cli/)."
 {% else %}

content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot.md

@@ -79,3 +79,7 @@ When creating a secret in an organization, you can use a policy to limit which r
    The name of the secret is listed on the Dependabot secrets page. You can click **Update** to change the secret value or its access policy. You can click **Remove** to delete the secret.
 
    ![Update or remove an organization secret](/assets/images/help/dependabot/update-remove-repo-secret.png)
+   
+## Adding {% data variables.product.prodname_dependabot %} to your registries IP allow list
+
+If your private registry is configured with an IP allow list, you can find the IP addresses {% data variables.product.prodname_dependabot %} uses to access the registry in the meta API endpoint, under the `dependabot` key. For more information, see "[Meta](/rest/reference/meta)."

content/codespaces/developing-in-codespaces/deleting-a-codespace.md

@@ -18,6 +18,12 @@ topics:
 
 {% data reusables.codespaces.concurrent-codespace-limit %}
 
+{% note %}
+
+**Note:** Only the person who created a codespace can delete it. There is currently no way for organization owners to delete codespaces created within their organization.
+
+{% endnote %}
+
 1. Navigate to the repository where you created the codespace. Select **{% octicon "codespaces" aria-label="The codespaces icon" %} Codespaces** and then click {% octicon "gear" aria-label="The Settings gear" %}. This will display all {% data variables.product.prodname_codespaces %} that you have created in the repository.
   ![Codespaces tab](/assets/images/help/codespaces/codespaces-manage.png)
   

content/codespaces/managing-your-codespaces/managing-access-and-security-for-your-codespaces.md

@@ -9,7 +9,7 @@ topics:
 
 {% data reusables.codespaces.release-stage %}
 
-When you enable access and security for a repository owned by your user account, any codespaces that are created for that repository will have read and write permissions to all other repositories you own. If you want to restrict the repositories a codespace can access, you can limit to it to either the repository the codespace was opened for or specific repositories. You should only enable access and security for repositories you trust. 
+When you enable access and security for a repository owned by your user account, any codespaces that are created for that repository will have read permissions to all other repositories you own. If you want to restrict the repositories a codespace can access, you can limit to it to either the repository the codespace was opened for or specific repositories. You should only enable access and security for repositories you trust. 
 
 {% data reusables.user_settings.access_settings %}
 {% data reusables.user_settings.codespaces-tab %}

content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates.md

@@ -22,19 +22,25 @@ You can create default issue and pull request templates for your organization or
 
 ## Issue templates
 
-When you create issue templates for your repository using the issue template builder, they'll be available for contributors to use when they open new issues in the repository.
+When you create issue templates for your repository using the issue template builder{% if currentVersion == "free-pro-team@latest" %} or with issue forms{% endif %}, contributors can select the appropriate template when they open new issues in the repository.
 
 ![New issue page showing issue template choices](/assets/images/help/issues/new-issue-page-with-multiple-templates.png)
 
+Issue templates are helpful when you want to provide guidance for opening issues while allowing contributors to specify the content of their issues. {% if currentVersion == "free-pro-team@latest" %} If you want contributors to provide specific, structured information when they open issues, issue forms help ensure that you receive your desired information.{% endif %}
+
 Using the template builder, you can specify a title and description for each template, add the template content, and either commit the template to the default branch or open a pull request in the repository. The template builder automatically adds the YAML front matter markup that is required for the template to show on the new issue page. For more information, see "[Configuring issue templates for your repository](/articles/configuring-issue-templates-for-your-repository)."
 
+{% if currentVersion == "free-pro-team@latest" %}
+With issue forms, you can create templates that have web form fields using the {% data variables.product.prodname_dotcom %} form schema. When a contributor opens an issue using an issue form, the form inputs are converted to a standard markdown issue comment. You can specify different input types and set inputs as required to help contributors open actionable issues in your repository. For more information, see "[Configuring issue templates for your repository](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#creating-issue-forms)" and "[Syntax for issue forms](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms)."
+{% endif %}
+
 {% if currentVersion == "free-pro-team@latest" or currentVersion == "github-ae@latest" or currentVersion ver_gt "enterprise-server@2.19" %}
 {% data reusables.repositories.issue-template-config %} For more information, see "[Configuring issue templates for your repository](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser)."
 {% endif %}
 
-Issue templates are stored on the repository's default branch, in a hidden `.github/ISSUE_TEMPLATE` directory. If you create a template in another branch, it will not be available for collaborators to use. Issue template filenames are not case sensitive, and need a *.md* extension. {% data reusables.repositories.valid-community-issues %}
+Issue templates are stored on the repository's default branch, in a hidden `.github/ISSUE_TEMPLATE` directory. If you create a template in another branch, it will not be available for collaborators to use. Issue template filenames are not case sensitive, and need a *.md* extension.{% if currentVersion == "free-pro-team@latest" %} Issue templates created with issue forms need a *.yml* extension.{% endif %} {% data reusables.repositories.valid-community-issues %}
 
-It is possible to manually create a single issue template in Markdown using the legacy issue template workflow, and project contributors will automatically see the template's contents in the issue body. However, we recommend using the upgraded multiple issue template builder to create issue templates. For more information about the legacy workflow, see "[Manually creating a single issue template for your repository](/articles/manually-creating-a-single-issue-template-for-your-repository)."
+It is possible to manually create a single issue template in Markdown using the legacy issue template workflow, and project contributors will automatically see the template's contents in the issue body. However, we recommend using the upgraded multiple issue template builder{% if currentVersion == "free-pro-team@latest" %} or issue forms{% endif %} to create issue templates. For more information about the legacy workflow, see "[Manually creating a single issue template for your repository](/articles/manually-creating-a-single-issue-template-for-your-repository)."
 
 {% data reusables.repositories.security-guidelines %}