GitHub Enterprise Server 3.9 release candidate (#36631)

Co-authored-by: Rachael Sewell <rachmari@github.com>
Co-authored-by: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com>
Co-authored-by: David Jarzebowski <davidjarzebowski@github.com>
Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com>
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
Co-authored-by: Steve Guntrip <stevecat@github.com>
Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com>
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
Co-authored-by: Torsten Walter <torstenwalter@github.com>
Co-authored-by: Henry Mercer <henrymercer@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>

assets/ghes-3.9-opentelemetry-attribute-mappings.csv

@@ -0,0 +1,497 @@
+Category,Old Attribute,New Attribute
+All Services,now,Timestamp
+All Services,msg or message,Body
+All Services,All Services,SeverityText
+Discussions,action_name,code.function
+Discussions,actor_id,actor_id
+Discussions,old_org,gh.org.old_name
+Discussions,new_org,gh.org.login
+Discussions,new_path,gh.controller.new_path
+Discussions,issue_id,gh.issue.id
+Discussions,issue_number,gh.issue.number
+Discussions,issue_comments_count,gh.issue.comments.count
+Discussions,discussion,gh.discussion.id
+Discussions,discussion_number,gh.discussion.number
+Discussions,discussion_cached_comments_count,gh.discussion.cached_comments.count
+Discussions,discussion_live_comments_count,gh.discussion.live_comments.count
+Discussions,discussion_converted_at,gh.discussion.converted_at
+Discussions,discussion_state,gh.discussion.state
+Discussions,discussion_error_reason,gh.discussion.error_reason
+Discussions,discussion_reaction_count,gh.discussion.reaction.count
+Discussions,team_id,gh.team_post.team_id
+Discussions,team_post_id,gh.team_post.id
+Discussions,team_post_number,gh.team_post.number
+Stratocaster,stratocaster_name,gh.stratocaster.adapter_name
+Stratocaster,stratocaster_event_type,gh.stratocaster.event_type
+Stratocaster,stratocaster_event_id,gh.stratocaster.event.id
+Stratocaster,stratocaster_event_action,gh.stratocaster.event.action
+Stratocaster,stratocaster_event_actor_id,gh.stratocaster.event.actor_id
+Stratocaster,stratocaster_event_sender_id,gh.stratocaster.event.sender_id
+Stratocaster,stratocaster_event_repo_id,gh.stratocaster.event.repo_id
+Stratocaster,stratocaster_processor_indexes_count,gh.stratocaster.processor.indexes.count
+Stratocaster,stratocaster_processor_received_batch_size,gh.stratocaster.processor.received_batch_size
+Stratocaster,stratocaster_processor_index,gh.stratocaster.processor.index
+Stratocaster,stratocaster_processor_index_updates,gh.stratocaster.processor.index_updates
+Stratocaster,stratocaster_processor_updates,gh.stratocaster.processor.updates
+Stratocaster,stratocaster_processor_update_differences,gh.stratocaster.processor.update_differences
+Stratocaster,stratocaster_keys,gh.stratocaster.keys
+Stratocaster,stratocaster_event_time,gh.stratocaster.event_time
+Stratocaster,stratocaster_timeline_processor_group_id,gh.stratocaster.timeline_processor.group.id
+Stratocaster,stratocaster_timeline_processor_subscribe_to,gh.stratocaster.timeline_processor.subscribe_to
+Audit Log,org_id,gh.org.id
+Audit Log,org_name,gh.org.name
+Audit Log,busines_id,gh.business.id
+Audit Log,busines_name,gh.business.name
+Profile,actor,gh.actor.login
+Profile,notes,gh.rename.notes
+Profile,reason,gh.rename.reason
+Profile,dormant,gh.rename.dormant
+Profile,active_keys,gh.rename.active_keys
+Profile,team_id,gh.team.id
+Profile,context,gh.context
+Profile,processor,gh.processor.name
+Profile,topic,gh.processor.message.topic
+Profile,partition,gh.processor.message.partition
+Profile,offset,gh.processor.message.offset
+Profile,replication_wait,gh.processor.replication_wait
+Profile,event,gh.user_metadata.event.name
+Profile,skip,gh.user_metadata.event.skip
+Profile,skip_reason,gh.user_metadata.event.skip_reason
+Profile,updates,gh.user_metadata.updates
+Profile,affected_rows,gh.user_metadata.affected_rows
+Profile,user_id,gh.user.id
+Profile,internal_view,gh.internal_view
+Profile,viewer,gh.viewer.login
+Profile,current_user,gh.actor.login
+Profile,items_to_unpin_ids,gh.items_to_unpin_ids
+Profile,items_to_pin_ids,gh.items_to_pin_ids
+feature_management,execution_id,gh.feature_management.execution_id
+feature_management,all_features_id,gh.feature_management.all_features_id
+feature_management,reload_task_id,gh.feature_management.reload_task_id
+feature_management,rollout_last_updated_at,gh.feature_management.rollout_last_updated_at
+feature_management,feature,gh.feature_management.feature
+feature_management,after_fork,gh.feature_management.after_fork
+devtools,notifyd_science_experiment,gh.devtools.notifyd_science_experiment
+devtools,notification_source,gh.devtools.notification_source
+devtools,experiment_id,gh.devtools.experiment_id
+devtools,recipient_id,gh.devtools.recipient_id
+devtools,candidate_type,gh.devtools.candidate_type
+devtools,notification_id,gh.devtools.notification_id
+script/enterprise-stream-processor,n/a,n/a
+insights,org_id,gh.org.id
+insights,tenant_id,gh.insights.tenant.id
+insights,entity_name,gh.insights.entity.name
+insights,entity_id,gh.insights.entity.id
+insights,parent_entity,gh.insights.entity.parent_entity
+insights,insights_domain_event,gh.hydro.topic
+insights,source_time,gh.insights.source.time
+insights,attempt_number,gh.insights.attempt.number
+insights,topic,gh.hydro.topic
+insights,rails_timestamp,gh.insights.rails.timestamp
+insights,rails_offset,gh.insights.rails.offset
+insights,mysql_timestamp,gh.insights.mysql.timestamp
+insights,mysql_offset,gh.insights.mysql.offset
+insights,mysql_timestamp_before_type_cast,gh.insights.mysql.timestamp_before_type_cast
+insights,mysql_timestamp_before_type_cast_offset,gh.insights.mysql.timestamp_before_type_cast_offset
+insights,request_id,gh.request.id
+insights,current_repo_id,gh.insights.event.current_repo_id
+insights,target_repo_id,gh.insights.event.target_repo_id
+LDAP authentication,op,code.function or code.op 
+LDAP authentication,group,ldap.dn
+LDAP authentication,timeout_sec,ldap.timeout_sec
+LDAP authentication,remote_address,net.peer.name
+LDAP authentication,error_message,exception.message
+LDAP authentication,transaction_id,ldap.transaction_id
+LDAP authentication,result,ldap.bind.result
+LDAP authentication,"duration for log field with `at: ""Bind result""`","replaced with the new ""ldap.bind"" timing metric"
+LDAP authentication,capabilities,ldap.search.capabilities
+LDAP authentication,filter,ldap.search.filter
+LDAP authentication,attributes,ldap.search.attributes
+LDAP authentication,base,ldap.search.base
+LDAP authentication,result_code,ldap.search.result.code
+LDAP authentication,matched_dn,ldap.search.matched_dn
+LDAP authentication,result_count,ldap.search.result.count
+LDAP authentication,page_count,ldap.search.page.count
+LDAP authentication,scope,gh.ldap.search.scope
+LDAP authentication,limit,ldap.search.limit
+LDAP authentication,"duration for log field with `at: ""Search""`","n/a, captured by the new ""ldap.search"" timing metric"
+LDAP authentication,"runtime for log field with `at: ""New user sync""`","n/a, captured by the ldap.sync.new_members.runtime metric "
+LDAP authentication,"runtime for log field with `at: ""Team member search""`","n/a, captured by the ""ldap.sync.team_member_search.runtime"" metric"
+LDAP authentication,"runtime for log field with `at: ""Team sync error""`","n/a, captured by the ldap.team_sync_error metric"
+LDAP authentication,at,Body
+LDAP authentication,"runtime for log field with `at: Bulk team sync""`","n/a, captured by the ldap.sync.teams.runtime metric"
+LDAP authentication,count for log field with `at: Bulk team sync`,gh.ldap.bulk_team_sync.count
+LDAP authentication,"runtime for log field with `at: ""User sync""`",ldap.sync.user.runtime
+LDAP authentication,count for log field with `at: User sync`,gh.ldap.user_sync_event.count
+LDAP authentication,"runtime for log field with `at: Bulk user sync""","n/a, captured by the ""ldap.sync.users.runtime"" metric"
+LDAP authentication,runtime for log field with `at: Team sync`,"n/a, captured by the ""ldap.sync.team.runtime"" timing metric"
+LDAP authentication,"unidentfied top level keys for log field with `at: Team sync""",top level keys from that log field are now nested under gh.ldap.team_sync.event_payload
+LDAP authentication,error for log field with `at: Team sync error`,exception.message
+LDAP authentication,user,gh.user.login
+LDAP authentication,result_code,ldap.operation.result.code
+LDAP authentication,message,ldap.operation.result.message
+Auth,hashed_token,gh.auth.hashed_token
+Auth,token_type,gh.auth.token_type
+Auth,programmatic_access_type,gh.auth.programmatic_access_type
+Auth,,gh.auth.result.message
+Auth,,gh.auth.token_attempt
+Auth,gh.billing.result.success,nested under gh.auth.auth_attempt_data
+Auth,message,gh.auth.result
+Auth,from,gh.auth.origin
+Auth,login,gh.auth.login
+Auth,raw_login,gh.auth.raw_login
+Auth,user_id,gh.enduser.id
+Auth,failure_type,gh.auth.failure.type
+Auth,failure_reason,gh.auth.failure.reason
+Auth,two_factor_type,gh.auth.result.two_factor_type
+Auth,sign_in_verification_method,gh.auth.result.sign_in_verification_method
+Auth,user,gh.enduser.login
+Auth,error,exception.message
+Auth,options,oauth.strategy.options
+Auth,configuration,strategy.configuration
+Auth,dn,ldap.dn
+Auth,base_name,ldap.base
+Auth,"login, for log message with body ""Invalid ldap credentials""",ldap.dn
+Auth,groups,ldap.auth_groups
+Auth,collision,gh.auth.login
+Auth,ip,http.client_ip
+Auth,"login, for log message with body ""omniauth success"" or ""omniauth failure""",omniauth.uid
+Auth,"raw, for log message with body ""starting SAML auth""",gh.saml.raw_request
+Auth,"message, for log message with body ""SAML success""",gh.saml.result.message
+Auth,login,gh.saml.login
+Auth,errors,gh.saml.errors
+Auth,params,gh.saml.params
+Auth,uid,gh.auth.login
+Auth,authentication_success,gh.auth.result
+Auth,configuration,omniauth.cas.configuration
+Auth,return_to_url,omniauth.cas.return_to_url
+Auth,ticket,omniauth.cas.ticket
+Auth,authentication_success,omniauth.cas.result
+Auth,authentication_success,gh.authentication.cas.result
+Auth,user_info,omniauth.user_info
+Auth,options,gh.auth.cas.options
+Auth,configuration,gh.auth.cas.configuration
+Auth,callback_url,gh.auth.cas.callback_url
+Auth,login_url,gh.auth.cas.login_url
+Auth,code,ldap.search.result.code
+Auth,message,ldap.search.result
+Auth,user_id,gh.enduser.id
+Auth,login,gh.enduser.login
+Auth,expires,saml.session.expires_at
+gh-migrator Script,n/a,n/a
+gh-migrator Script,at ,n/a
+gh-migrator Script,migration_path,gh.gh_migrator.migration_path
+gh-migrator Script,cli_args,gh.gh_migrator.cli_args
+gh-migrator Script,command ,process.command
+gh-migrator Script,guid,gh.gh_migrator.guid
+Marketplace,metric_types,gh.marketplace.metric.types
+Marketplace,marketplace_listing_id,gh.marketplace.listing.id
+Marketplace,installs,gh.marketplace.listing.install.count
+Marketplace,recorded_on,gh.marketplace.listing.recorded_on
+Marketplace,new_purchases,gh.marketplace.new_purchases
+Marketplace,pageviews,gh.marketplace.pageviews
+Marketplace,visitors,gh.marketplace.visitors
+Marketplace,organization email id,gh.organization.profile_email_id
+Apps,catalog_service,gh.catalog_serivce
+Background Jobs,job_id,gh.job.active_job_id / gh.job.aqueduct_job_id
+Background Jobs,,gh.job.aqueduct_job_id
+Background Jobs,job,gh.job.name
+Background Jobs,correlation_id,gh.correlation_id
+Background Jobs,queue,gh.job.queue
+Background Jobs,fn,code.namespace + code.function
+Background Jobs,,messaging.source.name
+Background Jobs,partition,messaging.kafka.source.partition
+Background Jobs,offset,messaging.kafka.message.offset
+Background Jobs,error + backtrace,exception
+Background Jobs,sleep_secs,gh.hydro_processor.dead_letter_retrying.sleep_secs
+Background Jobs,retries,gh.hydro_processor.dead_letter_retrying.retries
+Background Jobs,error_class,gh.hydro_processor.dead_letter_retrying.original_error_class
+Background Jobs,ns,code.namespace / code.filepath
+Background Jobs,signal,process.signal
+Background Jobs,,process.status
+Background Jobs,now,Timestamp
+Background Jobs,class,gh.timerd.timer.class
+Background Jobs,timer,gh.timerd.timer.name
+Background Jobs,interval,gh.timerd.timer.interval_seconds
+Background Jobs,at,code.function / Body
+Background Jobs,test,Body
+Background Jobs,duration,gh.test_job.duration
+Background Jobs,alloc,gh.test_job.alloc
+Background Jobs,should_raise,gh.test_job.should_raise
+Background Jobs,should_write,gh.test_job.should_write
+Background Jobs,catalog_service,gh.catalog_serivce
+Hydro,"old log line: Processing messages in consumer #{client_id} with options #{options}""","New log line with tags: 
+""hydro.kafka_source.batch_processed""
+  "
+Hydro,,messaging.consumer.id
+Hydro,,messaging.consumer.group_id
+Hydro,,messaging.consumer.max_bytes_per_partition
+Hydro,,messaging.consumer.start_from_beginning
+Hydro,"old log line: Processing messages in consumer #{client_id} with options #{options}""","New log line with tags: 
+""hydro.kafka_source.processing_message""
+  "
+Hydro,old log line: Starting consumer '#{@group_id}' with options #{consumer_options},New log line with tags: hydro.kafka_source.consumer_initialize
+Hydro,,messaging.consumer.id
+Hydro,,messaging.consumer.group_id
+Hydro,,messaging.consumer.options
+Hydro,old log line: Subscribing consumer '#{@group_id}' to topic #{topic} with options #{subscribe_options},new log line with tags: hydro.kafka_source.consumer_subscribed
+Hydro,,messaging.consumer.id
+Hydro,,messaging.consumer.group_id
+Hydro,,messaging.consumer.max_bytes_per_partition
+Hydro,,messaging.consumer.start_from_beginning
+Hydro,,messaging.destination.name
+Hydro,"old log line: Failed to deliver all messages while closing, retrying",new log line with tags: hydro.kafka_sink.close.message_flush_retry
+Hydro,,exception.type
+Hydro,,exception.message
+Hydro,,exception.backtrace
+Hydro,,hydro.kafka_sink.close.message_flush_retry
+Hydro,old log line: Failed to deliver all messages while closing,new log line with tags: hydro.kafka_sink.close.message_flush_failure
+Hydro,,exception.type
+Hydro,,exception.message
+Hydro,,exception.backtrace
+Billing/Gitcoin,job,gh.job
+Billing/Gitcoin,subscription_item,gh.billing.subscription_item.id
+Billing/Gitcoin,plan_subscription_id,gh.billing.plan_subscription.id
+Billing/Gitcoin,organization_id,gh.org.id
+Billing/Gitcoin,at,code.namespace + code.function
+Billing/Gitcoin,catalog_service,gh.catalog_service
+Billing/Gitcoin,refund_success,gh.billing.refund_success
+Billing/Gitcoin,cancel_success,gh.billing.subscription_item.cancelled
+Billing/Gitcoin,refund_result,gh.billing.refund_result
+Billing/Gitcoin,billing_transaction,gh.billing.billing_transaction
+Billing/Gitcoin,refund_amount,gh.billing.refund_amount
+Billing/Gitcoin,update_result,gh.billing.update_result
+Billing/Gitcoin,preview_result,gh.billing.preview_result
+Billing/Gitcoin,product_key,gh.billing.product_uuid.product_key
+Billing/Gitcoin,product_type,gh.billing.product_uuid.product_type
+Billing/Gitcoin,free_trial,gh.billing.free_trial
+Billing/Gitcoin,payment_collected,gh.billing.payment_collected
+Billing/Gitcoin,plan_subscription,gh.billing.plan_subscription
+Billing/Gitcoin,customer_id,gh.billing.customer.id
+Billing/Gitcoin,plan_subscription_active,gh.billing.plan_subscription.active
+Billing/Gitcoin,fn,code.namespace + code.function
+Billing/Gitcoin,vss_subscription_event_id,gh.billing.vss_subscription_event.id
+Billing/Gitcoin,subscription_id,gh.billing.vss_subscription_event.subscription_id
+Billing/Gitcoin,invoice_amount,gh.billing.zuora.invoice.amount
+Billing/Gitcoin,invoice_balance,gh.billing.zuora.invoice.balance
+Billing/Gitcoin,invoice_id,gh.billing.zuora.invoice.id
+Billing/Gitcoin,invoice_number,gh.billing.zuora.invoice.number
+Billing/Gitcoin,sponsors_invoice_item_adjustments,gh.billing.sponsors_invoice_item_adjustments
+Billing/Gitcoin,copilot_invoice_item_adjustments,gh.billing.copilot_invoice_item_adjustments
+Billing/Gitcoin,zuora_response_results,gh.billing.zuora.response_results
+Billing/Gitcoin,slug + business_id with conditional statement of login + user_id,gh.billing.billable_entity.id + gh.billing.billable_entity.type
+Billing/Gitcoin,billable_entity,gh.billing.billable_entity.id + gh.billing.billable_entity.type
+Billing/Gitcoin,error,exception.type + exception.message
+Billing/Gitcoin,login,gh.user.login
+Billing/Gitcoin,plan,gh.billing.billable_entity.plan_name
+Billing/Gitcoin,billed_on,gh.billing.billable_entity.billed_on
+Billing/Gitcoin,billing_attempts,gh.billing.billable_entity.billing_attempts
+Billing/Gitcoin,payment_amount,gh.billing.billable_entity.payment_amount
+Billing/Gitcoin,active_subscription_items,gh.billing.billable_entity.has_active_subscription_items
+Billing/Gitcoin,has_valid_payment_method,gh.billing.billable_entity.has_valid_payment_method
+Billing/Gitcoin,discount,gh.billing.coupon.discount
+Billing/Gitcoin,expires_at,gh.billing.coupon_redemption.expires_at
+Billing/Gitcoin,expired,gh.billing.coupon_redemption.expired
+Billing/Gitcoin,stale,gh.billing.coupon_redemption.stale
+Billing/Gitcoin,account_update_response,gh.billing.zuora.update_account.response
+Billing/Gitcoin,zuora_account_id,gh.billing.zuora.account.id
+Billing/Gitcoin,rate_limit_reset,gh.billing.zuora.rate_limit_reset
+Billing/Gitcoin,headers,gh.billing.zuora.http.headers
+Billing/Gitcoin,attempts,gh.job.attempts
+Billing/Gitcoin,account_id,gh.billing.zuora.account.id
+Billing/Gitcoin,credit_balance_adjustment_id,gh.billing.zuora.credit_balance_adjustment.id
+Billing/Gitcoin,credit_balance_adjustment_amount,gh.billing.zuora.credit_balance_adjustment.amount
+Billing/Gitcoin,log_message,Body
+Billing/Gitcoin,payment_id,gh.billing.zuora.payment.id
+Billing/Gitcoin,refund_id,gh.billing.zuora.refund.id
+Billing/Gitcoin,business_id,gh.business.id
+Billing/Gitcoin,message_id,gh.processor.message.id
+Billing/Gitcoin,message_owner_id,gh.billing.artifact.repository_owner.id
+Billing/Gitcoin,message_repository_id,gh.billing.artifact.repository.id
+Billing/Gitcoin,artifact_event_id,gh.billing.artifact.event.id
+Billing/Gitcoin,artifact_event_owner_id,gh.billing.artifact.event.owner.id
+Billing/Gitcoin,artifact_event_repository_id,gh.billing.artifact.event.repository.id
+Billing/Gitcoin,package_type,gh.registry.package.type
+Billing/Gitcoin,repository_name,gh.registry.package.repository_name
+Billing/Gitcoin,package_name,gh.registry.package.name
+Billing/Gitcoin,package_id,gh.registry.package.id
+Billing/Gitcoin,namespace,gh.registry.package.namespace
+Billing/Gitcoin,owner_id,gh.registry.package.owner_id
+Billing/Gitcoin,user,gh.user.login
+Billing/Gitcoin,version_count,gh.registry.package.version_count
+Billing/Gitcoin,versions_migrated_count,gh.registry.package.versions_migrated_count
+Billing/Gitcoin,original_error,gh.billing.client.original_error
+Billing/Gitcoin,"{ fn: ""billing.client.#{method}"", original_error: error.to_s }.merge!(request_params)",gh.billing.client.request_params
+Billing/Gitcoin,collect,gh.billing.collect_payment_for_upgrade.collect
+Billing/Gitcoin,success,gh.billing.collect_payment_for_upgrade.success
+Billing/Gitcoin,elapsed_ms,gh.billing.collect_payment_for_upgrade.elapsed_ms
+Billing/Gitcoin,from_plan,gh.billing.collect_payment_for_upgrade.from_plan
+Billing/Gitcoin,to_plan,gh.billing.collect_payment_for_upgrade.to_plan
+Billing/Gitcoin,from_seats,gh.billing.collect_payment_for_upgrade.from_seats
+Billing/Gitcoin,to_seats,gh.billing.collect_payment_for_upgrade.to_seats
+Billing/Gitcoin,from_subscription_item_quantity,gh.billing.collect_payment_for_upgrade.from_subscription_item_quantity
+Billing/Gitcoin,to_subscription_item_quantity,gh.billing.collect_payment_for_upgrade.to_subscription_item_quantity
+Billing/Gitcoin,subscription_item_name,gh.billing.subscription_item.name
+Billing/Gitcoin,business_slug,gh.business.slug
+Billing/Gitcoin,business_name,gh.business.name
+Billing/Gitcoin,success,gh.billing.create_customer.success
+Billing/Gitcoin,error,gh.billing.create_customer.error
+Billing/Gitcoin,error_class,exception.type
+Billing/Gitcoin,owner,gh.billing.billable_entity.name
+Billing/Gitcoin,dunning,gh.billing.billable_entity.dunning
+Billing/Gitcoin,zuora_response_success,gh.billing.zuora.success
+Billing/Gitcoin,zuora_response,gh.billing.zuora.response
+Billing/Gitcoin,synchronization_id,gh.billing.synchronization_id
+Billing/Gitcoin,event,gh.billing.synchronization_event
+Billing/Gitcoin,success,gh.billing.result.success
+Billing/Gitcoin,billing_type,gh.billing.billable_entity.billing_type
+Billing/Gitcoin,plan_duration,gh.billing.billable_entity.plan_duration
+Billing/Gitcoin,zuora_subscription_number,gh.billing.plan_subscription.zuora_subscription_number
+Billing/Gitcoin,params,gh.billing.zuora.params
+Billing/Gitcoin,number_of_retries_remaining,gh.billing.synchronization.number_of_retries_remaining
+Billing/Gitcoin,on_last_retry,gh.billing.synchronization.on_last_retry
+Billing/Gitcoin,external_sync_status,gh.billing.synchronization.external_sync_status
+Billing/Gitcoin,owner_id,gh.billing.current_usage.owner.id
+Billing/Gitcoin,repository_id,gh.repo.id
+Billing/Gitcoin,id,gh.billing.current_usage.id
+Billing/Gitcoin,class,code.namespace
+Billing/Gitcoin,old_size,gh.billing.current_usage.old_size
+Billing/Gitcoin,new_size,gh.billing.current_usage.new_size
+Billing/Gitcoin,invoice_item_adjustments,gh.billing.zuora.invoice_item_adjustments
+Billing/Gitcoin,slug,gh.business.slug
+Billing/Gitcoin,ns,code.namespace
+Billing/Gitcoin,result,gh.early_access_subscribers.get_subscriber_ids.result
+Billing/Gitcoin,member_id,gh.early_access_subscribers.get_subscriber_ids.member_id
+Billing/Gitcoin,value,gh.early_access_subscribers.get_subscriber_ids.value
+Billing/Gitcoin,"log_message: ""Aleph index request failed with reason: #{index_response.error}"",",exception.message
+Billing/Gitcoin,organization_name,gh.org.name
+Billing/Gitcoin,network_id,gh.repository.network_id
+Billing/Gitcoin,method,gh.dormant.method
+Billing/Gitcoin,"""Activity #{activity.inspect}""",gh.dormant.activity
+Dependabot Alerts (security_alerts),severity,gh.security_alerts.severity
+Dependabot Alerts (security_alerts),cvss_severity,gh.security_alerts.cvss_severity
+Dependabot Alerts (security_alerts),cvss_vector,gh.security_alerts.cvss_vector
+Dependabot Alerts (security_alerts),"""Index request failed for repository with id #{repository_id} with reason: #{index_response.error}""",gh.security_alerts.vulnerability_exposure.index_error
+Dependabot Alerts (security_alerts),content_analysis_enabled,gh.ghes.content_analysis.enabled
+Dependabot Alerts (security_alerts),github_connect_enabled,gh.ghes.github_connect.enabled
+Dependabot Alerts (security_alerts),,gh.security_alerts.vulnerable_version_range_alerting_process.id
+Dependabot Alerts (security_alerts),,gh.security_alerts.vulnerable_version_range.id
+Dependabot Alerts (security_alerts),,gh.security_alerts.vulnerability.id
+Dependabot Alerts (security_alerts),,gh.security_alerts.vulnerability.ghsa_id
+Dependabot Alerts (security_alerts),,gh.security_alerts.create_vulnerability_alerts_job.cursor
+Dependabot Alerts (security_alerts),"""Setting GitHub.dotcom_api_host_name to #{gh_connect_dotcom_hostname}""",gh.security_alerts.sync.connect_dotcom_hostname
+Dependabot Alerts (security_alerts),"""Setting GitHub.dotcom_host_protocol to #{gh_connect_dotcom_protocol}""",gh.security_alerts.sync.gh_connect_dotcom_protocol
+Dependabot Alerts (security_alerts),"category: ""newsletter"", at: :invalid",gh.security_alerts.newsletter.stage
+Dependabot Alerts (security_alerts),name,gh.security_alerts.newsletter.subscription_name
+Dependabot Alerts (security_alerts),period,gh.security_alerts.newsletter.subscription_period
+Pull Requests,base_owner_id,gh.pull_request.base_repository.owner_id
+Pull Requests,base_ref,gh.pull_request.base_ref
+Pull Requests,base_repo_id,gh.pull_request.base_repository.id
+Pull Requests,base_sha,gh.pull_request.base_sha
+Pull Requests,cmd,code.function
+Pull Requests,codeowners_file_size,gh.pull_request.codeowners.file_size
+Pull Requests,current_base_sha,gh.pull_request.current_base_sha
+Pull Requests,cv_comment_id,gh.pull_request.convod.comment.id
+Pull Requests,cv_conversation_id,gh.pull_request.convod.conversation.id
+Pull Requests,details,exception.message
+Pull Requests,equivalent_pr_ids,gh.pull_request.equivalent_pr_ids
+Pull Requests,error,exception.message
+Pull Requests,error_class,exception.type
+Pull Requests,error_message,exception.message
+Pull Requests,ex_type,exception.type
+Pull Requests,fn,code.namespace + code.function
+Pull Requests,gh_parent_comment_id,gh.pull_request.convod.parent_comment.id
+Pull Requests,head_owner_id,gh.pull_request.head_repository.owner_id
+Pull Requests,head_ref,gh.pull_request.head_ref
+Pull Requests,head_repo_id,gh.pull_request.head_repository.id
+Pull Requests,head_sha,gh.pull_request.head_sha
+Pull Requests,hidden_files,gh.pull_request.hidden_files_count
+Pull Requests,integration_id,gh.integration.id
+Pull Requests,integration_name,deleted it
+Pull Requests,issues_closed,gh.pull_request.issues_closed
+Pull Requests,issues_closed_count,gh.pull_request.issues_closed_count
+Pull Requests,issues_failed_to_close,gh.pull_request.issues_failed_to_close
+Pull Requests,issues_failed_to_close_count,gh.pull_request.issues_failed_to_close_count
+Pull Requests,job,gh.job.name
+Pull Requests,line,gh.pull_request.review_comments.line
+Pull Requests,merge_commit_sha,gh.pull_request.merge_commit_sha
+Pull Requests,method,code.function
+Pull Requests,num_paths,gh.pull_request.codeowners.num_paths
+Pull Requests,num_rules,gh.pull_request.codeowners.num_rules
+Pull Requests,number_of_equivalent_prs,gh.pull_request.number_of_equivalent_prs
+Pull Requests,owner_id,gh.repo.owner_id
+Pull Requests,position,gh.pull_request.review_comments.position
+Pull Requests,pr_author_id,gh.actor.id
+Pull Requests,pr_id,gh.pull_request.id
+Pull Requests,pr_repo_id,gh.repo.id
+Pull Requests,pull_request_id,gh.pull_request.id
+Pull Requests,pull_request_number,gh.pull_request.id
+Pull Requests,ref,gh.pull_request.codeowners.ref
+Pull Requests,repository_id,gh.repo.id
+Pull Requests,request_id,gh.request_id
+Pull Requests,result,code.function
+Pull Requests,start_line,gh.pull_request.review_comments.start_line
+Pull Requests,start_side,gh.pull_request.review_comments.start_side
+Pull Requests,total_duraction,metric
+Pull Requests,user_login,gh.actor.login
+Branch Protection,rename_id,gh.branch_protection_rule.repository_branch_renamer.id
+Branch Protection,human_error,gh.branch_protection_rule.repository_branch_renamer.human_error
+Branch Protection,protected_branch_id,gh.branch_protection_rule.id
+Branch Protection,actor,gh.actor.id / gh.actor.name / gh.actor.slug
+Branch Protection,actor_type,gh.actor.type
+Branch Protection,actor_class_name,gh.actor.class_name
+Branch Protection,result,gh.branch_protection_rule.result
+Branch Protection,enforcement_level,gh.branch_protection_rule.enforcement_level
+Branch Protection,type,gh.branch_protection_rule.type
+Branch Protection,details,gh.branch_protection_rule.rule.details
+Branch Protection,commit,gh.commit.oid
+Branch Protection,ref,gh.branch_protection_rule.rule.ref
+Branch Protection,aggregation_status,gh.branch_protection_rule.rule.aggregation_status
+Branch Protection,head_sha,gh.commit.oid
+Branch Protection,user_merged_pr_id,gh.pull_request.id
+Branch Protection,user_merged_pr_number,gh.pull_request.number
+Branch Protection,user_merged_pr_approvals,gh.branch_protection_rule.rule.user_merged_pr_approvals
+Branch Protection,approved_pr_ids,gh.branch_protection_rule.rule.approved_pr_ids
+Branch Protection,total_approvals,gh.branch_protection_rule.rule.total_approvals
+Branch Protection,max_single_pr_approvals,gh.branch_protection_rule.rule.max_single_pr_approvals
+Branch Protection,required_approvals,gh.branch_protection_rule.rule.required_approvals
+Branch Protection,pr_id,gh.pull_request.id
+Branch Protection,pr_number,gh.pull_request.number
+Branch Protection,direct_approvals,gh.branch_protection_rule.rule.direct_approvals
+Branch Protection,other_approvals,gh.branch_protection_rule.rule.other_approvals
+Branch Protection,number_of_other_prs,gh.branch_protection_rule.rule.number_of_other_prs
+Branch Protection,required_approvals,gh.branch_protection_rule.rule.required_approvals
+Branch Protection,approval_requirement_fulfilled_directly,gh.branch_protection_rule.rule.approval_requirement_fulfilled_directly
+Branch Protection,approval_requirement_fulfilled_aggregated,gh.branch_protection_rule.rule.approval_requirement_fulfilled_aggregated
+Branch Protection,related_known_pr_ids,gh.branch_protection_rule.rule.related_known_pr_ids
+Branch Protection,related_number_of_known_prs,gh.branch_protection_rule.rule.related_number_of_known_prs
+Branch Protection,branch,gh.branch_protection_rule.rule.branch
+Branch Protection,before,gh.branch_protection_rule.rule.before
+Branch Protection,after,gh.branch_protection_rule.rule.after
+Branch Protection,rules_fulfilled,gh.branch_protection_rule.rule.rules_fulfilled
+Branch Protection,available_bypasses,gh.branch_protection_rule.rule.available_bypasses
+Branch Protection,overridable_codes,gh.branch_protection_rule.rule.overridable_codes
+Branch Protection,overridden_codes,gh.branch_protection_rule.rule.overridden_codes
+Branch Protection,can_override_status_checks,gh.branch_protection_rule.rule.override_status_checks
+Branch Protection,can_override_review_policy,gh.branch_protection_rule.rule.override_review_policy
+Branch Protection,can_override_required_signatures,gh.branch_protection_rule.rule.override_required_signatures
+Branch Protection,can_override_required_linear_history,gh.branch_protection_rule.rule.override_required_linear_history
+Branch Protection,can_override_required_deployments,gh.branch_protection_rule.rule.override_required_deployments
+Branch Protection,can_override_merge_queue,gh.branch_protection_rule.rule.override_merge_queue
+Branch Protection,reasons,gh.branch_protection_rule.rule.reasons
+Branch Protection,effected_pr_ids,gh.branch_protection_rule.rule.effected_pr_ids
+Branch Protection,effected_pr_numbers,gh.branch_protection_rule.rule.effected_pr_numbers
+Branch Protection,number_of_prs,gh.branch_protection_rule.rule.number_of_prs
+Branch Protection,number_of_uniq_head_refs,gh.branch_protection_rule.rule.number_of_uniq_head_refs
+Branch Protection,number_of_uniq_base_refs,gh.branch_protection_rule.rule.number_of_uniq_base_refs
+Branch Protection,pull_status,gh.pull_request.status
+Branch Protection,pull_mergeable,gh.pull_request.mergeable
+Repos,state,gh.commit_verification.state
+Repos,at,code.namespace
+Repos,line,gh.diff.line
+Repos,status,gh.spokes.maintenance.status
+Repos,linked_filter,gh.search.error.linked_filter
+Repos,repository.name_with_owner,gh.repo.name_with_owner
+Repos,code_path,gh.gitauth.code_path
+Repos,msg,used as logger.info message
+Repos,index,elasticsearch.index.name

content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/about-your-profile.md

@@ -33,8 +33,12 @@ People who visit your profile can also see the following information.
 - Repositories you've starred{% ifversion fpt or ghec %} and organized into lists{% endif %}. For more information, see "[AUTOTITLE](/get-started/exploring-projects-on-github/saving-repositories-with-stars)."
 - An overview of your activity in organizations, repositories, and teams you're most active in. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-an-overview-of-your-activity-on-your-profile)."{% ifversion fpt or ghec %}
 - Badges and Achievements that highlight your activity and show if you use {% data variables.product.prodname_pro %} or participate in programs like the {% data variables.product.prodname_arctic_vault %}, {% data variables.product.prodname_sponsors %}, or the {% data variables.product.company_short %} Developer Program. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#displaying-badges-on-your-profile)."{% endif %}
-- Your pronouns if you've set them. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#adding-pronouns-to-your-profile)." {% ifversion fpt or ghec %}
-- Mutual connections you share with someone who is viewing your profile. The person viewing your profile can see which of the people they follow are also followed by you.{% endif %}
+{%- ifversion profile-pronouns %}
+- Your pronouns if you've set them. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#adding-pronouns-to-your-profile).
+{%- endif %}
+{%- ifversion fpt or ghec %}
+- Mutual connections you share with someone who is viewing your profile. The person viewing your profile can see which of the people they follow are also followed by you.
+{%- endif %}
 
 You can also set a status on your profile to provide information about your availability. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile#setting-a-status)."
 

content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/personalizing-your-profile.md

@@ -104,6 +104,8 @@ For a longer-form and more prominent way of displaying customized information ab
 
 {% data reusables.profile.update-profile %}
 
+{% ifversion profile-pronouns %}
+
 ## Adding pronouns to your profile
 
 Add pronouns to your public user profile to share information about yourself with other {% data variables.product.product_name %} users. Your pronouns will only be visible to users that are signed in to {% data variables.product.product_name %}.
@@ -113,6 +115,8 @@ Add pronouns to your public user profile to share information about yourself wit
 
 {% data reusables.profile.update-profile %}
 
+{% endif %}
+
 {% ifversion profile-time-zone %}
 
 ## Setting your location and time zone

content/admin/configuration/administering-your-instance-from-the-management-console/about-the-management-console.md

@@ -23,6 +23,12 @@ To access the {% data variables.enterprise.management_console %}, {% ifversion e
 
 The {% data variables.enterprise.management_console %} password hash is stored in `/data/user/common/secrets.conf`. If high availability or clustering is configured, the file is automatically synced from the primary node to any additional nodes. Any change to the primary's password will automatically be replicated to all of the instance's nodes. For more information about high availability, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/about-high-availability-configuration)."
 
+{% ifversion management-console-events-audit-log %}
+
+When someone performs an action in the {% data variables.enterprise.management_console %} via the web interface or REST API, an event appears in the audit log. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)."
+
+{% endif %}
+
 ## Examples of activities in the {% data variables.enterprise.management_console %}
 
 In the {% data variables.enterprise.management_console %}, you can perform administrative tasks for {% data variables.location.product_location %}, including:

content/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console.md

@@ -38,7 +38,7 @@ The root site administrator can provision one of two roles for {% data variables
 - **Editor**: A {% data variables.enterprise.management_console %} user with the editor role can perform basic administrative tasks for {% data variables.location.product_location %} in the {% data variables.enterprise.management_console %}. Editors cannot add public SSH keys to the {% data variables.enterprise.management_console %} to grant administrative SSH access to the instance.
 - **Operator**: A {% data variables.enterprise.management_console %} user with the operator role can perform basic administrative tasks for {% data variables.location.product_location %} in the {% data variables.enterprise.management_console %}. Users with the operator role can add SSH keys to the {% data variables.enterprise.management_console %} to grant administrative access to the instance via SSH.
 
-### Creating or deleting a user account for the {% data variables.enterprise.management_console %}
+## Creating or deleting a user account for the {% data variables.enterprise.management_console %}
 
 While signed into the {% data variables.enterprise.management_console %} as the root site administrator, you can create new {% data variables.enterprise.management_console %} user accounts.
 

content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md

@@ -1,6 +1,6 @@
 ---
 title: Enabling Dependabot for your enterprise
-intro: 'You can allow users of {% data variables.location.product_location %} to find and fix vulnerabilities in code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}.'
+intro: 'You can allow users of {% data variables.location.product_location %} to find and fix vulnerabilities in code dependencies by {% ifversion dependabot-alerts-ghes-enablement %} setting up {% else %}enabling{% endif %} {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}.'
 shortTitle: Dependabot
 redirect_from:
   - /enterprise/admin/installation/enabling-security-alerts-for-vulnerable-dependencies-on-github-enterprise-server
@@ -11,7 +11,7 @@ redirect_from:
   - /admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server
   - /admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account
   - /admin/configuration/configuring-github-connect/enabling-the-dependency-graph-and-dependabot-alerts-for-your-enterprise
-permissions: 'Enterprise owners can enable {% data variables.product.prodname_dependabot %}.'
+permissions: 'Enterprise owners can{% ifversion dependabot-alerts-ghes-enablement %} set up{% else %} enable{% endif %} {% data variables.product.prodname_dependabot %}.'
 versions:
   ghes: '*'
   ghae: '*'
@@ -25,7 +25,7 @@ topics:
 
 ## About {% data variables.product.prodname_dependabot %} for {% data variables.product.product_name %}
 
-{% data variables.product.prodname_dependabot %} helps users of {% data variables.location.product_location %} find and fix vulnerabilities in their dependencies.{% ifversion ghes %} You can enable {% data variables.product.prodname_dependabot_alerts %} to notify users about vulnerable dependencies and {% data variables.product.prodname_dependabot_updates %} to fix the vulnerabilities and keep dependencies updated to the latest version.
+{% data variables.product.prodname_dependabot %} helps users of {% data variables.location.product_location %} find and fix vulnerabilities in their dependencies.{% ifversion ghes %} You {% ifversion dependabot-alerts-ghes-enablement %} must first set up {% data variables.product.prodname_dependabot %} for your enterprise, and then you {% endif %} can enable {% data variables.product.prodname_dependabot_alerts %} to notify users about vulnerable dependencies and {% data variables.product.prodname_dependabot_updates %} to fix the vulnerabilities and keep dependencies updated to the latest version.
 
 {% data variables.product.prodname_dependabot %} is just one of many features available to harden supply chain security for {% data variables.location.product_location %}. For more information about the other features, see "[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise)."
 
@@ -38,7 +38,7 @@ With {% data variables.product.prodname_dependabot_alerts %}, {% data variables.
 
 {% data reusables.repositories.tracks-vulnerabilities %}
 
-After you enable {% data variables.product.prodname_dependabot_alerts %} for your enterprise, vulnerability data is synced from the {% data variables.product.prodname_advisory_database %} to your instance once every hour. Only {% data variables.product.company_short %}-reviewed advisories are synchronized. {% data reusables.security-advisory.link-browsing-advisory-db %}
+After you {% ifversion dependabot-alerts-ghes-enablement %} set up {% data variables.product.prodname_dependabot %}{% else %} enable {% data variables.product.prodname_dependabot_alerts %}{% endif %} for your enterprise, vulnerability data is synced from the {% data variables.product.prodname_advisory_database %} to your instance once every hour. Only {% data variables.product.company_short %}-reviewed advisories are synchronized. {% data reusables.security-advisory.link-browsing-advisory-db %}
 
 You can also choose to manually sync vulnerability data at any time. For more information, see "[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise)."
 
@@ -79,17 +79,21 @@ With {% data variables.product.prodname_dependabot_updates %}, {% data variables
 
 ## Enabling {% data variables.product.prodname_dependabot_alerts %}
 
-Before you can enable {% data variables.product.prodname_dependabot_alerts %}:
+{% ifversion dependabot-alerts-ghes-enablement %}
+Before you can enable {% data variables.product.prodname_dependabot_alerts %}, you must first set up {% data variables.product.prodname_dependabot %} for your enterprise{% else %}Before you can enable {% data variables.product.prodname_dependabot_alerts %}{% endif %}:
 - You must enable {% data variables.product.prodname_github_connect %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/managing-github-connect)."{% ifversion ghes %}
 - You must enable the dependency graph. For more information, see "[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)."{% endif %}
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.github-connect-tab %}
 {%- ifversion dependabot-updates-github-connect %}
-1. Under "{% data variables.product.prodname_dependabot %}", to the right of "Users can receive vulnerability alerts for open source code dependencies", select the dropdown menu and click **Enabled without notifications**. Optionally, to enable alerts with notifications, click **Enabled with notifications**.
+1. Under "{% data variables.product.prodname_dependabot %}", to the right of {% ifversion dependabot-alerts-ghes-enablement %}"Periodically download the {% data variables.product.prodname_advisory_database %} so that users can receive vulnerability alerts for open source code dependencies"{% else %}"Users can receive vulnerability alerts for open source code dependencies"{% endif %}, select the dropdown menu and click **Enabled without notifications**. Optionally, to enable alerts with notifications, click **Enabled with notifications**.
 
+{% ifversion dependabot-alerts-ghes-enablement %}
+    ![Screenshot of the "Enable" dropdown menu for {% data variables.product.prodname_dependabot_alerts %}, showing the available options.](/assets/images/enterprise/site-admin-settings/dependabot-alerts-setup-dropdown.png)
+{% else %}
    ![Screenshot of the "Enable" dropdown menu for {% data variables.product.prodname_dependabot_alerts %}, showing the available options.](/assets/images/enterprise/site-admin-settings/dependabot-alerts-dropdown.png)
-
+{% endif %}
 {%- else %}
 1. Under "Repositories can be scanned for vulnerabilities", select the drop-down menu and click **Enabled without notifications**. Optionally, to enable alerts with notifications, click **Enabled with notifications**.
 {%- endif %}
@@ -99,6 +103,9 @@ Before you can enable {% data variables.product.prodname_dependabot_alerts %}:
 
    {% endtip %}
 
+{% ifversion dependabot-alerts-ghes-enablement %}
+You can now enable {% data variables.product.prodname_dependabot_alerts %} for all existing or new private and internal repositories in the enterprise settings page for "Code security and analysis." Alternatively, repository administrators and organization owners can enable {% data variables.product.prodname_dependabot_alerts %} for each repository and organization. Public repositories are always enabled by default. For more information, see "[AUTOTITLE](/enterprise-server@latest/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts)."{% endif %}
+
 {% ifversion dependabot-updates-github-connect %}
 ## Enabling {% data variables.product.prodname_dependabot_updates %}
 

content/admin/configuration/configuring-your-enterprise/command-line-utilities.md

@@ -574,6 +574,54 @@ ghe-webhook-logs -g DELIVERY_GUID
 
 ## Clustering
 
+{% ifversion cluster-rebalancing %}
+
+### ghe-cluster-balance
+
+This utility allows you to enforce an even distribution of allocations across your cluster nodes by checking the status of your cluster's allocations, then rebalancing problematic allocations. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/rebalancing-cluster-workloads)."
+
+To output a list of balanceable jobs and their associated allocation spread:
+
+```shell
+$ ghe-cluster-balance status
+```
+
+To output allocation counts for a given job or comma-delimited list of jobs:
+
+```shell
+$ ghe-cluster-balance -j JOB
+```
+
+To rebalance problematic allocations for a given job or comma-delimited list of jobs:
+
+```shell
+$ ghe-cluster-balance rebalance -j JOB
+```
+
+You can use the following flags with `ghe-cluster-balance rebalance`.
+
+Flag | Description
+---- | ----------
+`-j/--job-names` | Specify the jobs to rebalance. Accepts a job name or comma-delimited list of names.
+`-n/--dry-run` | Output the Nomad operations that the utility will run, without actually running them. Can be used in tandem with `-j/--job-name`.
+`-y/--yes` | Skip the user prompt.
+`w/--workers` | Specify the maximum number of simultaneous jobs to stop and wait for reallocation to complete on. Defaults to 4.
+`-t/--timeout` | Specify how many seconds to wait for a stopped allocation for a job to be replaced. Defaults to 300 seconds.
+
+To output completion scripts for the given shell:
+
+```shell
+$ ghe-cluster-balance completion
+```
+
+To display a short description of the utility and any valid subcommands:
+
+```shell
+$ ghe-cluster-balance help
+```
+
+{% endif %}
+
 ### ghe-cluster-status
 
 Check the health of your nodes and services in a cluster deployment of {% data variables.product.prodname_ghe_server %}.
@@ -597,17 +645,17 @@ $ ssh -p 122 admin@HOSTNAME -- 'ghe-cluster-support-bundle -o' > cluster-support
 
 To create a standard bundle including data from the last 3 hours:
 ```shell
-$ ssh -p 122 admin@HOSTNAME -- "ghe-cluster-support-bundle -p '3 hours' -o" > support-bundle.tgz
+$ ssh -p 122 admin@HOSTNAME -- "ghe-cluster-support-bundle -p {% ifversion bundle-cli-syntax-no-quotes %}3hours {% elsif ghes < 3.9 %}'3 hours' {% endif %} -o" > support-bundle.tgz
 ```
 
 To create a standard bundle including data from the last 2 days:
 ```shell
-$ ssh -p 122 admin@HOSTNAME -- "ghe-cluster-support-bundle -p '2 days' -o" > support-bundle.tgz
+$ ssh -p 122 admin@HOSTNAME -- "ghe-cluster-support-bundle -p {% ifversion bundle-cli-syntax-no-quotes %}2days {% elsif ghes < 3.9 %}'2 days' {% endif %} -o" > support-bundle.tgz
 ```
 
 To create a standard bundle including data from the last 4 days and 8 hours:
 ```shell
-$ ssh -p 122 admin@HOSTNAME -- "ghe-cluster-support-bundle -p '4 days 8 hours' -o" > support-bundle.tgz
+$ ssh -p 122 admin@HOSTNAME -- "ghe-cluster-support-bundle -p {% ifversion bundle-cli-syntax-no-quotes %}4days8hours {% elsif ghes < 3.9 %}'4 days 8 hours' {% endif %} -o" > support-bundle.tgz
 ```
 
 To create an extended bundle including data from the last 8 days:
@@ -644,9 +692,32 @@ To evacuate a {% data variables.product.prodname_pages %} storage service before
 ghe-dpages evacuate pages-server-UUID
 ```
 
+{% ifversion ghe-spokes-deprecation-phase-1 %}
+
+### ghe-spokesctl
+
+This utility allows you to manage replication of repositories on the distributed Git servers.
+
+```shell
+ghe-spokesctl
+```
+
+To show the servers where the repository is stored:
+
+```shell
+ghe-spokesctl routes
+```
+
+To evacuate storage services on a cluster node:
+```shell
+ghe-spokesctl server set evacuating git-server-UUID
+```
+
+{% else %}
+
 ### ghe-spokes
 
-This utility allows you to manage the three copies of each repository on the distributed git servers.
+This utility allows you to manage the three copies of each repository on the distributed Git servers.
 
 ```shell
 ghe-spokes
@@ -670,6 +741,8 @@ To evacuate storage services on a cluster node:
 ghe-spokes server evacuate git-server-UUID
 ```
 
+{% endif %}
+
 ### ghe-storage
 
 This utility allows you to evacuate all storage services before evacuating a cluster node.
@@ -678,6 +751,64 @@ This utility allows you to evacuate all storage services before evacuating a clu
 ghe-storage evacuate storage-server-UUID
 ```
 
+{% ifversion node-eligibility-service %}
+
+### nes
+
+This utility allows you to monitor the health of cluster nodes using {% data variables.product.prodname_nes %}. By default, {% data variables.product.prodname_nes %} is disabled. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service)."
+
+To view the health of the cluster's nodes:
+
+```shell
+nes get-cluster-health
+```
+
+To verify TTL settings:
+
+```shell
+nes get-node-ttl all
+```
+
+To set the TTL for the `fail` state in minutes:
+
+```shell
+nes set-node-ttl fail MINUTES
+```
+
+The TTL for the `fail` state must be higher than the TTL for the `warn` state.
+
+To set the TTL for the `warn` state in minutes:
+
+```shell
+nes set-node-ttl warn TIME
+```
+
+To review whether {% data variables.product.prodname_nes %} can take administrative action when a node with the hostname HOSTNAME goes offline:
+
+```shell
+nes get-node-adminaction HOSTNAME
+```
+
+To allow {% data variables.product.prodname_nes %} to automatically take administrative action when a node with the hostname HOSTNAME goes offline:
+
+```shell
+nes set-node-adminaction approved HOSTNAME
+```
+
+To revoke {% data variables.product.prodname_nes %}'s ability to take the node with hostname HOSTNAME offline:
+
+```shell
+nes set-node-adminaction approved HOSTNAME
+```
+
+To manually update a node's eligibility for re-addition to the cluster:
+
+```shell
+nes set-node-eligibility eligible HOSTNAME
+```
+
+{% endif %}
+
 ## Git
 
 ### ghe-btop
@@ -771,6 +902,77 @@ If your storage system is configured correctly, you'll see the following output.
 All Storage tests passed
 ```
 
+## High availability
+
+### ghe-repl-promote
+
+This command disables replication on an existing replica node and converts the replica node to a primary node using the same settings as the original primary node. All replication services are enabled. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/initiating-a-failover-to-your-replica-appliance)."
+
+{% data reusables.enterprise_installation.promoting-a-replica %}
+
+```shell
+ghe-repl-promote
+```
+
+
+### ghe-repl-setup
+
+Run this utility on an existing node to begin enabling a high availability configuration. The utility puts the node in standby mode before you begin replication with [`ghe-repl-start`](#ghe-repl-start). For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/creating-a-high-availability-replica)."
+
+After running the utility, the following configuration occurs on the node.
+
+- An encrypted WireGuard VPN tunnel is established for communication between the nodes.
+- Database services are configured for replication and started.
+- Application services are disabled. Attempts to access the replica node over HTTP or HTTPS, Git, or other supported protocols will display "Server in replication mode" message, a maintenance page, or an error message.
+
+When running this utility, replace PRIMARY-NODE-IP with the IP address of your instance's primary node.
+
+```shell
+ghe-repl-setup PRIMARY-NODE-IP
+```
+
+### ghe-repl-start
+
+This utility begins replication of all datastores on a node. Run this utility after running [`ghe-repl-setup`](#ghe-repl-setup). For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/creating-a-high-availability-replica)."
+
+```shell
+ghe-repl-start
+```
+
+### ghe-repl-status
+
+This utility displays the status of replication on a node, returning an `OK`, `WARNING` or `CRITICAL` status for each datastore's replication stream. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/monitoring-a-high-availability-configuration)."
+
+- If any of the replication channels are in a `WARNING` state, the command will exit with code `1`.
+- If any of the channels are in a `CRITICAL` state, the command will exit with code `2`.
+- The output conforms to the expectations of Nagios' check_by_ssh plugin. For more information, see the [check_by_ssh plugin](https://nagios-plugins.org/doc/man/check_by_ssh.html) on the official Nagios plugins page.
+
+```shell
+ghe-repl-status
+```
+
+The `-v` and `-vv` options provide additional details about each datastore's replication state.
+
+```shell
+ghe-repl-status -v
+```
+
+### ghe-repl-stop
+
+This command temporarily disables replication for all datastores on an existing replica node. All replication services are stopped. To resume replication, use [`ghe-repl-start`](#ghe-repl-start).
+
+```shell
+ghe-repl-stop
+```
+
+### ghe-repl-teardown
+
+This utility completely disables replication on an existing replica node, removing the replica configuration. You can run the following command from a replica node, but if the replica node is unreachable, you can also run the command from the primary node.
+
+```
+ghe-repl-teardown
+```
+
 ## Import and export
 
 ### ghe-migrator
@@ -856,17 +1058,17 @@ $ ssh -p 122 admin@HOSTNAME -- 'ghe-support-bundle -o' > support-bundle.tgz
 
 To create a standard bundle including data from the last 3 hours:
 ```shell
-$ ssh -p 122 admin@HOSTNAME -- "ghe-support-bundle -p '3 hours' -o" > support-bundle.tgz
+$ ssh -p 122 admin@HOSTNAME -- "ghe-support-bundle -p {% ifversion bundle-cli-syntax-no-quotes %}3hours {% elsif ghes < 3.9 %}'3 hours' {% endif %} -o" > support-bundle.tgz
 ```
 
 To create a standard bundle including data from the last 2 days:
 ```shell
-$ ssh -p 122 admin@HOSTNAME -- "ghe-support-bundle -p '2 days' -o" > support-bundle.tgz
+$ ssh -p 122 admin@HOSTNAME -- "ghe-support-bundle -p {% ifversion bundle-cli-syntax-no-quotes %}2days {% elsif ghes < 3.9 %}'2 days' {% endif %} -o" > support-bundle.tgz
 ```
 
 To create a standard bundle including data from the last 4 days and 8 hours:
 ```shell
-$ ssh -p 122 admin@HOSTNAME -- "ghe-support-bundle -p '4 days 8 hours' -o" > support-bundle.tgz
+$ ssh -p 122 admin@HOSTNAME -- "ghe-support-bundle -p {% ifversion bundle-cli-syntax-no-quotes %}4days8hours {% elsif ghes < 3.9 %}'4 days 8 hours' {% endif %} -o" > support-bundle.tgz
 ```
 
 To create an extended bundle including data from the last 8 days:
@@ -903,6 +1105,44 @@ In this example, `ghe-repl-status -vv` sends verbose status information from a r
 
 ## Upgrading {% data variables.product.prodname_ghe_server %}
 
+{% ifversion ghe-migrations-cli-utility %}
+
+### ghe-migrations
+
+During an upgrade to a feature release, this utility displays the status of active database migrations on {% data variables.location.product_location %}. The output includes a version identifier for the migration, the migration's name, the migration's status, and the current duration of the migration.
+
+To display the list of migrations:
+
+```shell
+ghe-migrations
+```
+
+By default, the utility outputs a table with 10 lines. To adjust the height of the table in lines:
+
+```shell
+ghe-migrations -height LINES
+```
+
+By default, the visualizer refreshes every second. To specify the duration in seconds to refresh the visualizer:
+
+```shell
+ghe-migrations -refresh_rate SECONDS
+```
+
+{% endif %}
+
+### ghe-update-check
+
+This utility will check to see if a new patch release of {% data variables.product.prodname_enterprise %} is available. If it is, and if space is available on your instance, it will download the package. By default, it's saved to */var/lib/ghe-updates*. An administrator can then [perform the upgrade](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources).
+
+A file containing the status of the download is available at */var/lib/ghe-updates/ghe-update-check.status*.
+
+To check for the latest {% data variables.product.prodname_enterprise %} release, use the `-i` switch.
+
+```shell
+$ ssh -p 122 admin@HOSTNAME -- 'ghe-update-check'
+```
+
 ### ghe-upgrade
 
 This utility installs or verifies an upgrade package. You can also use this utility to roll back a patch release if an upgrade fails or is interrupted. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
@@ -941,18 +1181,6 @@ To remove scheduled installations for a package:
 $ ghe-upgrade-scheduler -r UPGRADE PACKAGE FILENAME
 ```
 
-### ghe-update-check
-
-This utility will check to see if a new patch release of {% data variables.product.prodname_enterprise %} is available. If it is, and if space is available on your instance, it will download the package. By default, it's saved to */var/lib/ghe-updates*. An administrator can then [perform the upgrade](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources).
-
-A file containing the status of the download is available at */var/lib/ghe-updates/ghe-update-check.status*.
-
-To check for the latest {% data variables.product.prodname_enterprise %} release, use the `-i` switch.
-
-```shell
-$ ssh -p 122 admin@HOSTNAME -- 'ghe-update-check'
-```
-
 ## User management
 
 ### ghe-license-usage
@@ -1011,4 +1239,4 @@ This utility unsuspends the specified user, granting them access to login, push,
 
 ```shell
 ghe-user-unsuspend USERNAME
-```
+```

content/admin/enterprise-management/configuring-clustering/about-cluster-nodes.md

@@ -1,6 +1,7 @@
 ---
 title: About cluster nodes
-intro: '*Nodes* are {% data variables.product.prodname_ghe_server %} instances that operate in a cluster. Each node runs a set of services that are provided to the cluster, and ultimately to the users.'
+product: '{% data reusables.gated-features.cluster %}'
+intro: 'In a {% data variables.product.product_name %} cluster, nodes are individual virtual machines (VMs) running the {% data variables.product.prodname_ghe_server %} software that comprise the instance. Each node runs a set of services.'
 redirect_from:
   - /enterprise/admin/clustering/about-cluster-nodes
   - /enterprise/admin/enterprise-management/about-cluster-nodes
@@ -12,35 +13,36 @@ topics:
   - Clustering
   - Enterprise
 ---
-## About cluster nodes
+## About {% data variables.product.product_name %} cluster nodes
 
-{% data reusables.enterprise_clustering.clustering-scale-recommendation %}
-
-Each node in your cluster is a virtual machine that runs the {% data variables.location.product_location %} software. Before you deploy a cluster, you can review hardware requirements, required services, and design recommendations. 
+Each node in a {% data variables.product.product_name %} cluster is a virtual machine (VM) that runs the {% data variables.product.product_name %} software. Before you deploy a cluster, you can review hardware requirements, required services, and design recommendations. 
 
 {% data reusables.enterprise_clustering.clustering-requires-https %}
 
-## Minimum hardware recommendations
+## Hardware requirements
 Each node must have a root volume, as well as a separate data volume. These are minimum recommendations. More resources may be required depending on your usage, such as user activity and selected integrations.
 
-| Services | Minimum Memory Required    | Minimum Data Volume Free Space Required |
-| :-: | :-: | :-: |
+| Services | Minimum memory required    | Minimum data volume free space Required |
+| :- | :- | :- |
 | `job-server`,<br/>`memcache-server`,<br/>`web-server` | 14 GB | 1 GB |
 | `consul-server`,<br/>`mysql-server`,<br/>`redis-server` | 14 GB | 10 GB |
 | `git-server`,<br/>`metrics-server`,<br/>`pages-server`,<br/>`storage-server` | 14 GB | 10 GB |
 | `elasticsearch-server` | 14 GB | 10 GB |
 
 ## Services required for clustering
+
+{% data variables.product.prodname_ghe_server %} comprises a set of services. In a cluster, these services run across multiple nodes, and the instance balances requests between the nodes. The instance automatically stores redundant copies of data on separate nodes. Most services are equal peers with other instances of the same service. The exceptions to this distribution are the `mysql-server` and `redis-server` services, which operate with a single primary node with one or more replica nodes. 
+
 For adequate redundancy, use these minimum nodes operating each service.
 
 {% tip %}
 
-**Note:** Your organization's needs for scalability will depend on many factors including the size and number of repositories, number of users, and overall utilization.
+**Note:** Your environment's scaling requirements depend on many factors, including the size and number of repositories, number of users, and overall utilization.
 
 {% endtip %}
 
-| Services | Minimum Nodes Required |
-| :-: | :-: |
+| Services | Minimum nodes required |
+| :- | :- |
 | `job-server`,<br/>`memcache-server`,<br/>`metrics-server`,<br/>`web-server` | 2 |
 | `mysql-server`,<br/>`redis-server` | 2 |
 | `consul-server` | 3 |

content/admin/enterprise-management/configuring-clustering/about-clustering.md

@@ -1,6 +1,7 @@
 ---
 title: About clustering
-intro: '{% data variables.product.prodname_ghe_server %} clustering allows services that make up {% data variables.product.prodname_ghe_server %} to be scaled out across multiple nodes.'
+intro: "The cluster topology for {% data variables.product.prodname_ghe_server %} is designed to support tens of thousands of users where other topologies would experience resource exhaustion. In a cluster, the instance's services scale horizontally across multiple nodes."
+product: "{% data variables.product.company_short %} determines eligibility for clustering, and must enable the configuration for your instance's license. Clustering requires careful planning and additional administrative overhead."
 redirect_from:
   - /enterprise/admin/clustering/overview
   - /enterprise/admin/clustering/about-clustering
@@ -20,22 +21,24 @@ topics:
   - Clustering
   - Enterprise
 ---
-## Clustering architecture
 
-{% data variables.product.prodname_ghe_server %} is comprised of a set of services. In a cluster, these services run across multiple nodes and requests are load balanced between them. Changes are automatically stored with redundant copies on separate nodes. Most of the services are equal peers with other instances of the same service. The exceptions to this are the `mysql-server` and `redis-server` services. These operate with a single _primary_ node with one or more _replica_ nodes.
+## About clustering for {% data variables.product.product_name %}
 
-Learn more about [services required for clustering](/admin/enterprise-management/configuring-clustering/about-cluster-nodes#services-required-for-clustering).
+The cluster topology for {% data variables.product.prodname_ghe_server %} provides horizontal scaling for companies with tens of thousands of developers. {% data variables.product.company_short %} recommends clustering if a single primary node would routinely experience resource exhaustion.
 
-## Is clustering right for my organization?
+In a cluster, the instance provides services and distributes data across multiple virtual machines (VMs) that run the {% data variables.product.product_name %}  software. Each VM is called a node. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/about-cluster-nodes)."
 
-{% data reusables.enterprise_clustering.clustering-scalability %} However, setting up a redundant and scalable cluster can be complex and requires careful planning. This additional complexity will need to be planned for during installation, disaster recovery scenarios, and upgrades.
+<a name="is-clustering-right-for-my-organization"></a>
+## Is clustering right for my environment?
 
-{% data variables.product.prodname_ghe_server %} requires low latency between nodes and is not intended for redundancy across geographic locations.
+{% data reusables.enterprise_clustering.clustering-scalability %} However, setting up a redundant and scalable cluster requires careful planning. Compared to other topologies like high availability (HA), additional complexity affects installation, configuration, disaster recovery, and upgrades.
 
-Clustering provides redundancy, but it is not intended to replace a High Availability configuration. For more information, see [High Availability configuration](/admin/enterprise-management/configuring-high-availability). A primary/secondary failover configuration is far simpler than clustering and will serve the needs of many organizations. For more information, see [Differences between Clustering and High Availability](/admin/enterprise-management/configuring-clustering/differences-between-clustering-and-high-availability-ha).
+{% data variables.product.product_name %} requires low latency between nodes and is not intended for redundancy across geographic locations.
+
+Clustering provides redundancy, but it is not intended to replace a high-availability configuration. Configuration and maintenance of a high-availability configuration is far simpler than clustering and will accommodate most environments. For more information, see [AUTOTITLE](/admin/enterprise-management/configuring-high-availability) and [AUTOTITLE](/admin/enterprise-management/configuring-clustering/differences-between-clustering-and-high-availability-ha).
 
 {% data reusables.package_registry.packages-cluster-support %}
 
 ## How do I get access to clustering?
 
-Clustering is designed for specific scaling situations and is not intended for every organization. If clustering is something you'd like to consider, please contact your dedicated representative or {% data variables.contact.contact_enterprise_sales %}.
+{% data variables.product.company_short %} designed the cluster topology for specific scaling situations. Clustering is not intended for every company or environment. If you're interested in clustering for your environment, contact your dedicated account manager or {% data variables.contact.contact_enterprise_sales %}.

content/admin/enterprise-management/configuring-clustering/cluster-network-configuration.md

@@ -1,6 +1,7 @@
 ---
 title: Cluster network configuration
-intro: '{% data variables.product.prodname_ghe_server %} clustering relies on proper DNS name resolution, load balancing, and communication between nodes to operate properly.'
+intro: 'A {% data variables.product.prodname_ghe_server %} cluster requires proper DNS name resolution, load balancing, and communication between nodes.'
+product: '{% data reusables.gated-features.cluster %}'
 redirect_from:
   - /enterprise/admin/clustering/cluster-network-configuration
   - /enterprise/admin/enterprise-management/cluster-network-configuration
@@ -16,11 +17,9 @@ topics:
 shortTitle: Configure a cluster network
 ---
 
-## About cluster networking
+## About networking for a {% data variables.product.product_name %} cluster
 
-{% data reusables.enterprise_clustering.clustering-scale-recommendation %}
-
-Each node in your cluster must be able to communicate with all of the other nodes in the cluster over the network. You can review the required ports and protocols for end users, administration, and communication between nodes. To distribute traffic among front-end nodes, {% data variables.product.company_short %} recommends that you configure an external load balancer.
+Each node in your {% data variables.product.product_name %} cluster must be able to communicate with all of the other nodes in the cluster over the network. You can review the required ports and protocols for end users, administration, and communication between nodes. To distribute traffic among front-end nodes, {% data variables.product.company_short %} recommends that you configure an external load balancer.
 
 ## Network considerations
 
@@ -28,6 +27,10 @@ The simplest network design for clustering is to place the nodes on a single LAN
 
 {% data reusables.enterprise_clustering.network-latency %}
 
+- [Application ports for end users](#application-ports-for-end-users)
+- [Administrative ports](#administrative-ports)
+- [Cluster communication ports](#cluster-communication-ports)
+
 ### Application ports for end users
 
 Application ports provide web application and Git access for end users.
@@ -128,12 +131,12 @@ $ ghe-config 'loadbalancer.http-forward' 'true' && ghe-cluster-config-apply
 
 {% data reusables.enterprise_clustering.without_proxy_protocol_ports %}
 
-### Configuring Health Checks
+### Configuring health checks
 Health checks allow a load balancer to stop sending traffic to a node that is not responding if a pre-configured check fails on that node. If a cluster node fails, health checks paired with redundant nodes provides high availability.
 
 {% data reusables.enterprise_clustering.health_checks %}
 {% data reusables.enterprise_site_admin_settings.maintenance-mode-status %}
 
-## DNS Requirements
+## DNS requirements
 
 {% data reusables.enterprise_clustering.load_balancer_dns %}

content/admin/enterprise-management/configuring-clustering/differences-between-clustering-and-high-availability-ha.md

@@ -1,6 +1,7 @@
 ---
 title: Differences between clustering and high availability (HA)
-intro: '{% data variables.product.prodname_ghe_server %} High Availability Configuration (HA) is a primary/secondary failover configuration that provides redundancy while Clustering provides redundancy and scalability by distributing read and write load across multiple nodes.'
+intro: 'Learn about the differences between deployment topologies for the virtual machines (VMs) that comprise a {% data variables.product.product_name %} instance.'
+product: '{% data reusables.gated-features.cluster %}'
 redirect_from:
   - /enterprise/admin/clustering/differences-between-clustering-and-high-availability-ha
   - /enterprise/admin/enterprise-management/differences-between-clustering-and-high-availability-ha
@@ -20,9 +21,9 @@ shortTitle: Choosing cluster or HA
 
 You can deploy the virtual machines for a {% data variables.product.prodname_ghe_server %} instance in different topologies depending on your environment and user needs.
 
-- To support a plan for disaster recovery and supplement backups, or to improve network and write performance for geographically distributed users, you can configure high availability. In a high-availability configuration, one node acts as a primary, while others act as replicas.
+- To support a plan for disaster recovery and supplement backups, or to improve network and write performance for geographically distributed users, you can configure high availability. In a high-availability configuration, one node acts as a primary, while others act as replicas. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/about-high-availability-configuration)."
 
-- To provide horizontal scaling for environments with tens of thousands of developers, a cluster topology is available. Clustering addresses situations where a single primary node would routinely experience resource exhaustion. This configuration requires careful planning and additional administrative overhead. {% data variables.product.company_short %} will work with you to determine your eligibility for clustering.
+- To provide horizontal scaling for environments with tens of thousands of developers, a cluster topology is available. Clustering addresses situations where a single primary node would routinely experience resource exhaustion. This configuration requires careful planning and additional administrative overhead. {% data variables.product.company_short %} will work with you to determine your eligibility for clustering. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/about-clustering)."
 
 ## Failure scenarios
 
@@ -47,8 +48,4 @@ Neither HA nor clustering should be considered a replacement for regular backups
 
 ## Monitoring
 
-Availability features, especially ones with automatic failover such as clustering, can mask a failure since service is usually not disrupted when something fails. Whether you are using HA or clustering, monitoring the health of each instance is important so that you are aware when a failure occurs. For more information on monitoring, see "[AUTOTITLE](/admin/enterprise-management/monitoring-your-appliance/recommended-alert-thresholds)" and "[Monitoring cluster nodes](/enterprise/{{ currentVersion}}/admin/guides/clustering/monitoring-cluster-nodes/)."
-
-## Further reading
-- For more information about {% data variables.product.prodname_ghe_server %} clustering, see "[About clustering](/enterprise/{{ currentVersion}}/admin/guides/clustering/about-clustering/)."
-- For more information about HA, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability)."
+Availability features, especially ones with automatic failover such as clustering, can mask a failure since service is usually not disrupted when something fails. Whether you are using HA or clustering, monitoring the health of each instance is important so that you are aware when a failure occurs. For more information about monitoring, see "[AUTOTITLE](/admin/enterprise-management/monitoring-your-appliance/recommended-alert-thresholds)" and "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/monitoring-the-health-of-your-cluster)."

content/admin/enterprise-management/configuring-clustering/evacuating-a-cluster-node-running-data-services.md

@@ -1,7 +1,8 @@
 ---
 title: Evacuating a cluster node running data services
 shortTitle: Evacuating a data node
-intro: If a node in your cluster runs services that store distributed data, you can ensure redundancy as you prepare to replace the node by evacuating the node's data.
+intro: If a node in your {% data variables.product.product_name %} cluster runs services that store distributed data, you can ensure redundancy as you prepare to replace the node by evacuating the node's data.
+product: '{% data reusables.gated-features.cluster %}'
 redirect_from:
   - /enterprise/admin/clustering/evacuating-a-cluster-node
   - /enterprise/admin/enterprise-management/evacuating-a-cluster-node
@@ -17,9 +18,7 @@ topics:
 
 ## About evacuation of cluster nodes running data services
 
-{% data reusables.enterprise_clustering.clustering-scale-recommendation %}
-
-In a cluster configuration for {% data variables.product.product_name %}, you may need to take an individual node offline. For example, you may need to replace the node's virtual machine. If the node you want to replace operates in the storage tier, {% data variables.product.company_short %} recommends that you first evacuate the node's data services. Evacuation ensures that the remaining nodes contain the minimum expected copies of the data.
+In a cluster configuration for {% data variables.product.product_name %}, you may need to take an individual node offline. For example, you may need to replace the node's virtual machine (VM). If the node you want to replace operates in the storage tier, {% data variables.product.company_short %} recommends that you first evacuate the node's data services. Evacuation ensures that the remaining nodes contain the minimum expected copies of the data.
 
 For more information about nodes and service tiers for {% data variables.product.prodname_ghe_server %}, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/about-cluster-nodes)."
 
@@ -54,12 +53,23 @@ If you plan to take a node offline and the node runs any of the following roles,
 
    - `git-server`:
 
+     {% ifversion ghe-spokes-deprecation-phase-1 %}
+     - Command:
+
+       ```shell
+       ghe-spokesctl server status git-server-UUID
+       ```
+
+     - Relevant output: `NETWORKS`, `GISTS`
+     {% else %}
      - Command:
 
        ```shell
        ghe-spokes evac-status git-server-UUID
        ```
+
      - Relevant output: `Networks`, `Gists`
+     {% endif %}
    - `pages-server`:
 
      - Command:
@@ -67,6 +77,7 @@ If you plan to take a node offline and the node runs any of the following roles,
        ```shell
        echo "select count(*) from pages_replicas where host = 'pages-server-UUID'" | ghe-dbconsole -y
        ```
+
    - `storage-server`:
 
      - Command:
@@ -74,6 +85,7 @@ If you plan to take a node offline and the node runs any of the following roles,
        ```shell
        ghe-storage evacuation-status storage-server-UUID
        ```
+
      - Relevant output: `Remaining item(s)`
 
 1. To evacuate an applicable service on the node, run the following commands. For each command, replace UUID with the UUID from the earlier step.
@@ -82,17 +94,23 @@ If you plan to take a node offline and the node runs any of the following roles,
 
      - Command (replace REASON FOR EVACUATION with the reason for evacuation):
 
+        {% ifversion ghe-spokes-deprecation-phase-1 %}
         ```shell
-        ghe-spokes server evacuate git-server-UUID \'REASON FOR EVACUATION\'
+        ghe-spokesctl server set evacuating git-server-UUID 'REASON FOR EVACUATION'
         ```
-
+        {% else %}
+        ```shell
+        ghe-spokes server evacuate git-server-UUID 'REASON FOR EVACUATION'
+        ```
+        {% endif %}
    - `pages-server`:
 
      - Command:
 
        ```shell
-      ghe-dpages evacuate pages-server-UUID
+       ghe-dpages evacuate pages-server-UUID
        ```
+
    - `storage-server`:
 
      1. Take the node's service offline by running the following command.
@@ -100,6 +118,7 @@ If you plan to take a node offline and the node runs any of the following roles,
         ```shell
         ghe-storage offline storage-server-UUID
         ```
+
      1. Evacuate the node by running the following command.
 
         ```shell
@@ -116,14 +135,21 @@ If you plan to take a node offline and the node runs any of the following roles,
 
    - `git-server`:
 
+     {% ifversion ghe-spokes-deprecation-phase-1 %}
+     ```shell
+     ghe-spokesctl server evac-status git-server-UUID
+     ```
+     {% else %}
      ```shell
      ghe-spokes evac-status git-server-UUID
      ```
+     {% endif %}
    - `pages-server`:
 
      ```shell
      echo "select count(*) from pages_replicas where host = 'pages-server-UUID'" | ghe-dbconsole -y
-       ```
+     ```
+
    - `storage-server`:
 
       ```shell

content/admin/enterprise-management/configuring-clustering/index.md

@@ -1,6 +1,7 @@
 ---
 title: Configuring clustering
-intro: Learn about clustering and differences with high availability.
+intro: The cluster topology for {% data variables.product.product_name %} provides horizontal scaling for environments with tens of thousands of developers.
+product: '{% data reusables.gated-features.cluster %}'
 redirect_from:
   - /enterprise/admin/clustering/setting-up-the-cluster-instances
   - /enterprise/admin/clustering/managing-a-github-enterprise-server-cluster
@@ -17,8 +18,9 @@ children:
   - /cluster-network-configuration
   - /initializing-the-cluster
   - /upgrading-a-cluster
-  - /monitoring-cluster-nodes
-  - /replacing-a-cluster-node
+  - /monitoring-the-health-of-your-cluster
+  - /monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service
+  - /rebalancing-cluster-workloads
   - /evacuating-a-cluster-node-running-data-services
+  - /replacing-a-cluster-node
 ---
-

content/admin/enterprise-management/configuring-clustering/initializing-the-cluster.md

@@ -1,6 +1,7 @@
 ---
 title: Initializing the cluster
 intro: 'A {% data variables.product.prodname_ghe_server %} cluster must be set up with a license and initialized using the administrative shell (SSH).'
+product: '{% data reusables.gated-features.cluster %}'
 redirect_from:
   - /enterprise/admin/clustering/initializing-the-cluster
   - /enterprise/admin/enterprise-management/initializing-the-cluster
@@ -13,21 +14,23 @@ topics:
   - Enterprise
 ---
 
-## About initialization of a cluster
+## About initialization of a {% data variables.product.product_name %} cluster
 
-{% data reusables.enterprise_clustering.clustering-scale-recommendation %}
-
-To deploy a cluster in your environment, you must install {% data variables.product.prodname_ghe_server %}, upload a cluster-enabled license, configure the first node, and initialize the node with a configuration file.
+To deploy a {% data variables.product.product_name %} cluster in your environment, you must install {% data variables.product.prodname_ghe_server %}, upload a cluster-enabled license, configure the first node, and initialize the node with a configuration file.
 
 {% data reusables.enterprise_clustering.clustering-requires-https %}
 
 ## Installing {% data variables.product.prodname_ghe_server %}
 
+To start setting up the cluster, install the {% data variables.product.prodname_ghe_server %} appliance on each node's virtual machine (VM), then configure an IP address.
+
 1. On each cluster node, provision and install {% data variables.product.prodname_ghe_server %}. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance)."
 2. Using the administrative shell or DHCP, **only** configure the IP address of each node. Don't configure any other settings.
 
 ## Configuring the first node
 
+On the node that will function as your primary MySQL node, install your {% data variables.product.product_name %} license.
+
 1. Connect to the node that will be designated as MySQL primary in `cluster.conf`. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/initializing-the-cluster#about-the-cluster-configuration-file)."
 2. In your web browser, visit `https://<ip address>:8443/setup/`.
 {% data reusables.enterprise_installation.upload-a-license-file %}

content/admin/enterprise-management/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service.md

@@ -0,0 +1,182 @@
+---
+title: Monitoring the health of your cluster nodes with Node Eligibility Service
+shortTitle: Node Eligibility Service
+intro: "You can monitor when nodes in a {% data variables.product.product_name %} cluster have been offline long enough to cause issues by using {% data variables.product.prodname_nes %}."
+permissions: People with administrative SSH access to a {% data variables.product.product_name %} instance can monitor cluster nodes.
+product: '{% data reusables.gated-features.cluster %}'
+versions:
+  feature: 'node-eligibility-service'
+type: how_to
+topics:
+  - Clustering
+  - Enterprise
+  - Fundamentals
+  - Infrastructure
+  - Monitoring
+  - Performance
+---
+
+## About {% data variables.product.prodname_nes %}
+
+In a {% data variables.product.product_name %} cluster, an individual node may become unreachable by other nodes due to a hardware or software failure. After time, even if you restore the node's health, the subsequent synchronization of data can negatively impact your instance's performance.
+
+You can proactively mitigate the impact of reduced node availability by using {% data variables.product.prodname_nes %}. This service monitors the state of your cluster's nodes and emits a warning if a node has been offline for too long. You can also prevent an offline node from rejoining the cluster. Optionally, you can allow {% data variables.product.prodname_nes %} to take ineligible nodes offline.
+
+By default, {% data variables.product.prodname_nes %} is disabled. If you enable {% data variables.product.prodname_nes %}, your instance will alert you of unhealthy nodes by displaying a banner in the administrative web UI for {% data variables.product.product_name %}, and in CLI output for some cluster-related utilities, such as `ghe-config-apply` and `ghe-cluster-diagnostics`.
+
+{% data variables.product.prodname_nes %} allows you to monitor the health of individual nodes. You can also monitor the overall health of your cluster. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/monitoring-the-health-of-your-cluster)."
+
+## About health and eligibility of cluster nodes
+
+To determine whether to emit a warning or automatically adjust the configuration of your cluster, {% data variables.product.prodname_nes %} continuously monitors the health of each node. Each node regularly reports a timestamped health state, which {% data variables.product.prodname_nes %} compares to a Time To Live (TTL) duration.
+
+Each node has a health state and an eligibility state.
+
+- Health refers to the accessibility of the node within the cluster and has three possible states: `healthy`, `warning`, or `critical`.
+- Eligibility refers to the ability of the node to work in the cluster and has two possible states: `eligible` or `ineligible`.
+
+{% data variables.product.prodname_nes %} provides a configurable TTL setting for two states, `warn` and `fail`.
+
+- `warn`: The node has been offline for a short period of time. This may indicate something is wrong with the node and that administrators should investigate. The default setting is 15 minutes.
+- `fail`: The node has been offline for a long period of time, and reintroduction into the cluster could cause performance issues due to resynchronization. The default setting is 60 minutes.
+
+For each node, {% data variables.product.prodname_nes %} determines health and eligibility for participation in the cluster in the following ways.
+
+- If a node has been observed to be healthy, the health state is `healthy` and the eligibility state is `eligible`.
+- If a node hasn't been observed to be healthy for longer than the `warn` TTL, the health state is `warning` and the eligibility state is `eligible`.
+- If a node hasn't been observed to be healthy for longer than the `fail` TTL, the health state is `critical` and its eligibility state is `ineligible`.
+
+## Enabling {% data variables.product.prodname_nes %} for your cluster
+
+By default, {% data variables.product.prodname_nes %} is disabled. You can enable {% data variables.product.prodname_nes %} by setting the value for `app.nes.enabled` using `ghe-config`.
+
+{% data reusables.enterprise_installation.ssh-into-cluster-node %}
+1. To verify whether {% data variables.product.prodname_nes %} is currently enabled, run the following command.
+
+   ```shell{:copy}
+   ghe-config app.nes.enabled
+   ```
+1. To enable {% data variables.product.prodname_nes %}, run the following command.
+
+   ```shell{:copy}
+   ghe-config app.nes.enabled true
+   ```
+{% data reusables.enterprise.apply-configuration %}
+1. To verify that {% data variables.product.prodname_nes %} is running, from any node, run the following command.
+
+   ```shell{:copy}
+   nomad status nes
+   ```
+
+## Configuring TTL settings for {% data variables.product.prodname_nes %} 
+
+To determine how {% data variables.product.prodname_nes %} notifies you, you can configure TTL settings for `fail` and `warn` states. The TTL for the `fail` state must be higher than the TTL for the `warn` state.
+
+{% data reusables.enterprise_installation.ssh-into-cluster-node %}
+1. To verify the current TTL settings, run the following command.
+
+   ```shell{:copy}
+   nes get-node-ttl all
+   ```
+1. To set the TTL for the `fail` state, run the following command. Replace MINUTES with the number of minutes to use for failures.
+
+   ```shell{:copy}
+   nes set-node-ttl fail MINUTES
+   ```
+1. To set the TTL for the `warn` state, run the following command. Replace MINUTES with the number of minutes to use for warnings.
+
+   ```shell{:copy}
+   nes set-node-ttl warn MINUTES
+   ```
+
+## Managing whether {% data variables.product.prodname_nes %} can take a node offline
+
+By default, {% data variables.product.prodname_nes %} provides alerts to notify you about changes to the health of cluster nodes. Optionally, if the service determines that an unhealthy node is ineligible to rejoin the cluster, you can allow the service to take the node offline.
+
+When a node is taken offline, the instance removes job allocations from the node. If the node runs data storage services, {% data variables.product.prodname_nes %} updates the configuration to reflect the node's ineligibility to rejoin the cluster.
+
+To manage whether {% data variables.product.prodname_nes %} can take a node and its services offline, you can configure `adminaction` states for the node. If a node is in the `approved` state, {% data variables.product.prodname_nes %} can take the node offline. If a node is in the `none` state, {% data variables.product.prodname_nes %} cannot take the node offline.
+
+{% data reusables.enterprise_installation.ssh-into-cluster-node %}
+1. To configure whether {% data variables.product.prodname_nes %} can take a node offline, run one of the following commands.
+   - To allow the service to automatically take administrative action when a node goes offline, run the following command. Replace HOSTNAME with the node's hostname.
+
+     ```shell{:copy}
+     nes set-node-adminaction approved HOSTNAME
+     ```
+   - To revoke {% data variables.product.prodname_nes %}'s ability to take a node offline, run the following command. Replace HOSTNAME with the node's hostname.
+
+     ```shell{:copy}
+     nes set-node-adminaction none HOSTNAME
+     ```
+
+## Viewing an overview of node health
+
+To view an overview of your nodes' health using {% data variables.product.prodname_nes %}, use one of the following methods.
+
+- SSH into any node in the cluster, then run `nes get-cluster-health`.
+- Navigate to the {% data variables.enterprise.management_console %}'s "Status" page. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/accessing-the-management-console)."
+
+## Re-enabling an ineligible node to join the cluster
+
+After {% data variables.product.prodname_nes %} detects that a node has exceeded the TTL for the `fail` state, and after the service marks the node as `ineligible`, the service will no longer update the health status for the node. To re-enable a node to join the cluster, you can remove the `ineligible` status from the node.
+
+{% data reusables.enterprise_installation.ssh-into-cluster-node %}
+1. To check the current `adminaction` state for the node, run the following command. Replace HOSTNAME with the hostname of the ineligible node.
+
+   ```shell{:copy}
+   nes get-node-adminaction HOSTNAME
+   ```
+1. If the `adminaction` state is currently set to `approved`, change the state to `none` by running the following command. Replace HOSTNAME with the hostname of the ineligible node.
+
+   ```shell{:copy}
+   nes set-node-adminaction none HOSTNAME
+   ```
+1. To ensure the node is in a healthy state, run the following command and confirm that the node's status is `ready`.
+
+   ```shell{:copy}
+   nomad node status
+   ```
+   
+   - If the node's status is `ineligible`, make the node eligible by connecting to the node via SSH and running the following command.
+
+     ```shell{:copy}
+     nomad node eligibility -enable -self
+     ```
+1. To update the node's eligibility in {% data variables.product.prodname_nes %}, run the following command. Replace HOSTNAME with the node's hostname.
+
+   ```shell{:copy}
+   nes set-node-eligibility eligible HOSTNAME
+   ```
+1. Wait 30 seconds, then check the cluster's health to confirm the target node is eligible by running the following command.
+
+   ```shell{:copy}
+   nes get-cluster-health
+   ```
+
+## Viewing logs for {% data variables.product.prodname_nes %}
+
+You can view logs for {% data variables.product.prodname_nes %} from any node in the cluster, or from the node that runs the service. If you generate a support bundle, the logs are included. For more information, see "[AUTOTITLE](/support/contacting-github-support/providing-data-to-github-support)."
+
+{% data reusables.enterprise_installation.ssh-into-cluster-node %}
+1. To view logs for {% data variables.product.prodname_nes %} from any node in the cluster, run the following command.
+
+   ```shell{:copy}
+   nomad alloc logs -job nes
+   ```
+1. Alternatively, you can view logs for {% data variables.product.prodname_nes %} on the node that runs the service. The service writes logs to the systemd journal.
+   
+   - To determine which node runs {% data variables.product.prodname_nes %}, run the following command.
+
+     ```shell{:copy}
+     nomad job status "nes" | grep running | grep "${nomad_node_id}" | awk 'NR==2{ print $1 }' | xargs nomad alloc status | grep "Node Name"
+     ```
+   - To view logs on the node, connect to the node via SSH, then run the following command.
+     
+     ```shell{:copy}
+     journalctl -t nes
+     ```
+
+## Further reading
+
+- "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#nes)"

content/admin/enterprise-management/configuring-clustering/monitoring-the-health-of-your-cluster.md

@@ -1,10 +1,13 @@
 ---
-title: Monitoring cluster nodes
-intro: 'A {% data variables.product.prodname_ghe_server %} cluster is comprised of redundant services that are distributed across two or more nodes. If an individual service or an entire node were to fail, it should not be immediately apparent to users of the cluster. However since performance and redundancy are affected, it is important to monitor the health of a {% data variables.product.prodname_ghe_server %} cluster.'
+title: Monitoring the health of your cluster
+shortTitle: Monitor cluster health
+intro: "To ensure the performance and redundancy of a {% data variables.product.product_name %} cluster, you can monitor the cluster's health."
+product: '{% data reusables.gated-features.cluster %}'
 redirect_from:
   - /enterprise/admin/clustering/monitoring-cluster-nodes
   - /enterprise/admin/enterprise-management/monitoring-cluster-nodes
   - /admin/enterprise-management/monitoring-cluster-nodes
+  - /admin/enterprise-management/configuring-clustering/monitoring-cluster-nodes
 versions:
   ghes: '*'
 type: how_to
@@ -17,11 +20,15 @@ topics:
   - Performance
 ---
 
-## About monitoring the health of your cluster
+## About {% data variables.product.product_name %} cluster health
 
-{% data reusables.enterprise_clustering.clustering-scale-recommendation %}
+A {% data variables.product.product_name %} cluster comprises multiple nodes, with redundant services distributed across two or more nodes. If an individual service or an entire node fails, users should not notice. Failures affect performance and redundancy, so it's important to monitor the health of your cluster. You can monitor the health of your cluster using a command-line utility or an external monitoring tool like Nagios.
 
-You can monitor the health of your entire {% data variables.product.prodname_ghe_server %} cluster using a command-line utility or an external monitoring tool like Nagios.
+{% ifversion node-eligibility-service %}
+
+You can also monitor the health of individual nodes using {% data variables.product.prodname_nes %}. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service)."
+
+{% endif %}
 
 ## Manually checking cluster status
 
@@ -123,4 +130,4 @@ You can configure [Nagios](https://www.nagios.org/) to monitor {% data variables
           }
    ```
 
-After you add the definition to Nagios, the service check executes according to your configuration. You should be able to see the newly configured service in the Nagios web interface.
+After you add the definition to Nagios, the service check executes according to your configuration. You should be able to see the newly configured service in the Nagios web interface.

content/admin/enterprise-management/configuring-clustering/rebalancing-cluster-workloads.md

@@ -0,0 +1,83 @@
+---
+title: Rebalancing cluster workloads
+shortTitle: Rebalance workloads
+intro: "You can force your {% data variables.product.product_name %} cluster to evenly distribute job allocations for workloads on the cluster's nodes."
+product: '{% data reusables.gated-features.cluster %}'
+permissions: People with administrative SSH access to a {% data variables.product.product_name %} instance can rebalance cluster workloads on the instance.
+versions:
+  feature: 'cluster-rebalancing'
+type: how_to
+topics:
+  - Clustering
+  - Enterprise
+---
+
+## About workload balance for a {% data variables.product.product_name %} cluster
+
+A {% data variables.product.product_name %} instance in a cluster configuration assigns each task to a node according to the node's role. This assignment is called an allocation.
+
+If a cluster node is unreachable by other nodes due to a hardware or software failure, your instance creates a new allocation to distribute jobs from the unhealthy node to another node that can handle the workload. In some situations, this distribution does not occur automatically, and a single node may run more jobs than expected.
+
+You can manage allocations using the `ghe-cluster-balance` utility, which can display the status of existing allocations or force your instance to balance allocations. For example, you should balance allocations after you add a new node to the cluster. Optionally, you can schedule regular balancing.
+
+You can run the following commands from any node in your cluster using the administrative shell. For more information, see "[Accessing the administrative shell (SSH)](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
+
+## Checking the distribution of cluster jobs
+
+In some cases, such as hardware failure, the underlying software that that manages allocations will migrate tasks from the unhealthy node to a healthy node. If the unhealthy node recovers, the task may remain assigned to the recovered node, which can result in unbalanced load. The risk of job failure may increase if allocations are unbalanced and additional nodes fail. You can check the distribution of allocations using the `ghe-cluster-balance status` utility.
+
+1. To see a list of allocations, run the following command. The utility displays healthy allocations in green. If any jobs are not properly distributed, the utility displays the allocation's count in red.
+
+   ```shell{:copy}
+   ghe-cluster-balance status
+   ```
+1. If a job is not properly distributed, inspect the allocations by running the following command. Replace JOB with a single job or comma-delimited list of jobs.
+
+   ```shell{:copy}
+    ghe-cluster-balance status -j JOB
+   ```
+
+   For example, to see the status of allocations for your instance's HTTP server and authorization service, you can run `ghe-cluster-balance status -j github-unicorn,authzd`.
+
+## Rebalancing allocations
+
+After you determine which jobs are unbalanced across your cluster's nodes, you can rebalance allocations using the `ghe-cluster-balance rebalance` utility. The utility checks the distribution of existing jobs. If any jobs are unbalanced, the utility displays the jobs and prompts you to continue. If you continue, the utility creates new allocations to redistribute the jobs.
+
+1. To perform a dry run and see the result of rebalancing without making changes, run the following command. Replace JOB with a single job or comma-delimited list of jobs.
+
+   ```shell{:copy}
+   ghe-cluster-balance rebalance --dry-run -j JOB
+   ```
+
+   For example, to perform a dry run of rebalancing jobs for your instance's HTTP server and authorization service, you can run `ghe-cluster-balance rebalance --dry-run -j github-unicorn,authzd`.
+1. To rebalance, run the following command. Replace JOB with a single job or comma-delimited list of jobs.
+
+   ```shell{:copy}
+   ghe-cluster-balance rebalance -j JOB
+   ```
+
+## Scheduling allocation rebalancing
+
+You can schedule rebalancing of jobs on your cluster by setting and applying configuration values for {% data variables.location.product_location %}.
+
+{% note %}
+
+**Note:** Currently, you can only schedule reallocation of jobs for the HTTP server, `github-unicorn`.
+
+{% endnote %}
+
+1. To configure automatic, hourly balancing of jobs, run the following command.
+
+   ```shell{:copy}
+   ghe-config app.cluster-rebalance.enabled true
+   ```
+1. Optionally, you can override the default schedule by defining a cron expression. For example, run the following command to balance jobs every three hours.
+
+   ```shell{:copy}
+   ghe-config app.cluster-rebalance.schedule '0 */3 * * *'
+   ```
+{% data reusables.enterprise.apply-configuration %}
+
+## Further reading
+
+- "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-cluster-balance)"

content/admin/enterprise-management/configuring-clustering/replacing-a-cluster-node.md

@@ -1,6 +1,7 @@
 ---
 title: Replacing a cluster node
-intro: 'To replace a {% data variables.product.prodname_ghe_server %} node, you must mark the affected nodes offline in the cluster configuration file (`cluster.conf`) and add the replacement nodes. This might be necessary if a node were to fail, or to add a node with more resources to increase performance.'
+intro: 'If a node fails in a {% data variables.product.product_name %} cluster, or if you want to add a new node with more resources, mark any nodes to replace as offline, then add the new node.'
+product: '{% data reusables.gated-features.cluster %}'
 redirect_from:
   - /enterprise/admin/clustering/replacing-a-cluster-node
   - /enterprise/admin/enterprise-management/replacing-a-cluster-node
@@ -14,19 +15,26 @@ topics:
   - Infrastructure
 ---
 
-## About replacement of cluster nodes
+## About replacement of {% data variables.product.product_name %} cluster nodes
 
-{% data reusables.enterprise_clustering.clustering-scale-recommendation %}
+You can replace a functional node in a {% data variables.product.product_name %} cluster, or you can replace a node that has failed unexpectedly.
 
-You can replace a functional node in a cluster, or you can replace a node that has failed unexpectedly.
+{% ifversion cluster-rebalancing %}
+After you replace a node, {% data variables.location.product_location %} does not automatically distribute jobs to the new node. You can force your instance to balance jobs across nodes. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/rebalancing-cluster-workloads)."
+{% endif %}
 
 {% warning %}
 
-**Warning:** To avoid conflicts, the replacement node must use a new hostname that has not been previously used in the cluster.
+**Warning:** To avoid conflicts, do not reuse a hostname that was previously assigned to a node in the cluster.
 
 {% endwarning %}
 
 ## Replacing a functional node
+
+You can replace an existing, functional node in your cluster. For example, you may want to provide a virtual machine (VM) with additional CPU, memory, or storage resources.
+
+To replace a functional node, install the {% data variables.product.product_name %} appliance on a new VM, configure an IP address, add the new node to the cluster configuration file, initialize the cluster and apply the configuration, then take the node you replaced offline.
+
 {% data reusables.enterprise_clustering.replacing-a-cluster-node-provision %}
 {% data reusables.enterprise_clustering.replacing-a-cluster-node-admin-configure-ip %}
 {% data reusables.enterprise_clustering.replacing-a-cluster-node-modify-cluster-conf %}
@@ -38,6 +46,11 @@ You can replace a functional node in a cluster, or you can replace a node that h
 {% data reusables.enterprise_clustering.replacing-a-cluster-node-replacement-name %}
 
 ## Replacing a node in an emergency
+
+You can replace a failed node in your cluster. For example, a software or hardware issue may affect a node's availability.
+
+To replace a node in an emergency, install the {% data variables.product.product_name %} appliance on a new VM, configure an IP address, take the failed node offline, apply the configuration, add the new node to the cluster configuration file, initialize the cluster and apply the configuration, and optionally, evacuate the failed node.
+
 {% data reusables.enterprise_clustering.replacing-a-cluster-node-provision %}
 {% data reusables.enterprise_clustering.replacing-a-cluster-node-admin-configure-ip %}
 {% data reusables.enterprise_clustering.replacing-a-cluster-node-mark-offline %}

content/admin/enterprise-management/configuring-clustering/upgrading-a-cluster.md

@@ -1,6 +1,7 @@
 ---
 title: Upgrading a cluster
-intro: 'Use the administrative shell (SSH) to upgrade a {% data variables.product.prodname_ghe_server %} cluster to the latest release.'
+intro: "To upgrade a {% data variables.product.prodname_ghe_server %} cluster to the latest release, use the administrative shell (SSH)."
+product: '{% data reusables.gated-features.cluster %}'
 redirect_from:
   - /enterprise/admin/clustering/upgrading-a-cluster
   - /enterprise/admin/enterprise-management/upgrading-a-cluster
@@ -13,7 +14,13 @@ topics:
   - Enterprise
   - Upgrades
 ---
+
+## About upgrades to a {% data variables.product.product_name %} cluster
+
+{% data reusables.enterprise.about-upgrades %}
+
 ## Upgrading with a hotpatch
+
 {% data reusables.enterprise_installation.hotpatching-explanation %} The hotpatch installation script installs the hotpatch on every node in the cluster and restarts the services in their proper sequence to avoid downtime.
 
 1. Back up your data with [{% data variables.product.prodname_enterprise_backup_utilities %}](https://github.com/github/backup-utils#readme).

content/admin/enterprise-management/configuring-high-availability/about-high-availability-configuration.md

@@ -56,135 +56,9 @@ During failover, you must place the primary appliance into maintenance mode. You
 
 ## Utilities for replication management
 
-To manage replication on {% data variables.product.prodname_ghe_server %}, use these command line utilities by connecting to the replica appliance using SSH.
-
-### ghe-repl-setup
-
-The `ghe-repl-setup` command puts a {% data variables.product.prodname_ghe_server %} appliance in replica standby mode.
-
-- An encrypted WireGuard VPN tunnel is configured for communication between the two appliances.
-- Database services are configured for replication and started.
-- Application services are disabled. Attempts to access the replica appliance over HTTP, Git, or other supported protocols will result in an "appliance in replica mode" maintenance page or error message.
-
-```shell
-admin@169-254-1-2:~$ ghe-repl-setup 169.254.1.1
-Verifying ssh connectivity with 169.254.1.1 ...
-Connection check succeeded.
-Configuring database replication against primary ...
-Success: Replica mode is configured against 169.254.1.1.
-To disable replica mode and undo these changes, run `ghe-repl-teardown'.
-Run `ghe-repl-start' to start replicating against the newly configured primary.
-```
-
-### ghe-repl-start
-
-The `ghe-repl-start` command turns on active replication of all datastores.
-
-```shell
-admin@169-254-1-2:~$ ghe-repl-start
-Starting MySQL replication ...
-Starting Redis replication ...
-Starting Elasticsearch replication ...
-Starting Pages replication ...
-Starting Git replication ...
-Success: replication is running for all services.
-Use `ghe-repl-status' to monitor replication health and progress.
-```
-
-### ghe-repl-status
-
-The `ghe-repl-status` command returns an `OK`, `WARNING` or `CRITICAL` status for each datastore replication stream. When any of the replication channels are in a `WARNING` state, the command will exit with the code `1`. Similarly, when any of the channels are in a `CRITICAL` state, the command will exit with the code `2`.
-
-```shell
-admin@169-254-1-2:~$ ghe-repl-status
-OK: mysql replication in sync
-OK: redis replication is in sync
-OK: elasticsearch cluster is in sync
-OK: git data is in sync (10 repos, 2 wikis, 5 gists)
-OK: pages data is in sync
-```
-
-The `-v` and `-vv` options give details about each datastore's replication state:
-
-```shell
-$ ghe-repl-status -v
-OK: mysql replication in sync
-  | IO running: Yes, SQL running: Yes, Delay: 0
-
-OK: redis replication is in sync
-  | master_host:169.254.1.1
-  | master_port:6379
-  | master_link_status:up
-  | master_last_io_seconds_ago:3
-  | master_sync_in_progress:0
-
-OK: elasticsearch cluster is in sync
-  | {
-  |   "cluster_name" : "github-enterprise",
-  |   "status" : "green",
-  |   "timed_out" : false,
-  |   "number_of_nodes" : 2,
-  |   "number_of_data_nodes" : 2,
-  |   "active_primary_shards" : 12,
-  |   "active_shards" : 24,
-  |   "relocating_shards" : 0,
-  |   "initializing_shards" : 0,
-  |   "unassigned_shards" : 0
-  | }
-
-OK: git data is in sync (366 repos, 31 wikis, 851 gists)
-  |                   TOTAL         OK      FAULT    PENDING      DELAY
-  | repositories        366        366          0          0        0.0
-  |        wikis         31         31          0          0        0.0
-  |        gists        851        851          0          0        0.0
-  |        total       1248       1248          0          0        0.0
-
-OK: pages data is in sync
-  | Pages are in sync
-```
-
-### ghe-repl-stop
-
-The `ghe-repl-stop` command temporarily disables replication for all datastores and stops the replication services. To resume replication, use the [ghe-repl-start](#ghe-repl-start) command.
-
-```shell
-admin@168-254-1-2:~$ ghe-repl-stop
-Stopping Pages replication ...
-Stopping Git replication ...
-Stopping MySQL replication ...
-Stopping Redis replication ...
-Stopping Elasticsearch replication ...
-Success: replication was stopped for all services.
-```
-
-### ghe-repl-promote
-
-The `ghe-repl-promote` command disables replication and converts the replica appliance to a primary. The appliance is configured with the same settings as the original primary and all services are enabled.
-
-{% data reusables.enterprise_installation.promoting-a-replica %}
-
-```shell
-admin@168-254-1-2:~$ ghe-repl-promote
-Enabling maintenance mode on the primary to prevent writes ...
-Stopping replication ...
-  | Stopping Pages replication ...
-  | Stopping Git replication ...
-  | Stopping MySQL replication ...
-  | Stopping Redis replication ...
-  | Stopping Elasticsearch replication ...
-  | Success: replication was stopped for all services.
-Switching out of replica mode ...
-  | Success: Replication configuration has been removed.
-  | Run `ghe-repl-setup' to re-enable replica mode.
-Applying configuration and starting services ...
-Success: Replica has been promoted to primary and is now accepting requests.
-```
-
-### ghe-repl-teardown
-
-The `ghe-repl-teardown` command disables replication mode completely, removing the replica configuration.
+People with administrative SSH access to an instance in a high-availability configuration can use command-line utilities to manage replication. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#high-availability)."
 
 ## Further reading
 
 - "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/creating-a-high-availability-replica)"
-- "[AUTOTITLE](/admin/configuration/configuring-network-settings/network-ports)"
+- "[AUTOTITLE](/admin/configuration/configuring-network-settings/network-ports)"

content/admin/enterprise-management/configuring-high-availability/index.md

@@ -14,6 +14,7 @@ topics:
 children:
   - /about-high-availability-configuration
   - /creating-a-high-availability-replica
+  - /monitoring-a-high-availability-configuration
   - /initiating-a-failover-to-your-replica-appliance
   - /recovering-a-high-availability-configuration
   - /removing-a-high-availability-replica

content/admin/enterprise-management/configuring-high-availability/monitoring-a-high-availability-configuration.md

@@ -0,0 +1,120 @@
+---
+title: Monitoring a high-availability configuration
+intro: "After configuration of high availability for {% data variables.location.product_location %}, you can monitor the status of data replication among to your instance's replica nodes."
+versions:
+  ghes: '*'
+permissions: Site administrators can monitor a high-availablity configuration for a {% data variables.product.product_name %} instance.
+type: how_to
+topics:
+  - Enterprise
+  - High availability
+  - Infrastructure
+  - Monitoring
+shortTitle: Monitor HA configuration
+---
+
+## About observability for high availability
+
+{% data reusables.enterprise.about-ha %} For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/about-high-availability-configuration)."
+
+After you configure high availability, you can proactively ensure redundancy by monitoring the overall health of replication and the status of each of your instance's replica nodes. You can use command-line utilities on the instance, an overview dashboard, {% ifversion replication-management-api %}the instance's REST API, {%endif %}or a remote monitoring system such as Nagios.
+
+With high availability, your instance uses several approaches to replicate data between primary and replica nodes. Database services that support a native replication mechanism, such as MySQL, replicate using the service's native mechanism. Other services, such as Git repositories, replicate using a custom mechanism developed for {% data variables.product.product_name %}, or using platform tools like rsync.
+
+## Monitoring replication from your instance
+
+To monitor the replication status of an existing replica node for {% data variables.location.product_location %}, connect to the node's administrative console (SSH) and run the `ghe-repl-status` command-line utility. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-repl-status)."
+
+You can also monitor replication status from the overview dashboard on your instance. In a browser, navigate to the following URL, replacing HOSTNAME with your instance's hostname.
+
+`http(s)://HOSTNAME/setup/replication`
+
+{% ifversion replication-management-api %}
+
+## Monitoring replication using the REST API
+
+You can monitor replication status on your instance using the REST API. For more information, see "[Manage {% data variables.product.product_name %}](/rest/enterprise-admin/manage-ghes#list-the-status-of-services-running-on-all-replica-nodes)" in the REST API documentation.
+
+{% endif %}
+
+## Monitoring replication from a remote system
+
+Output from the `ghe-repl-status` command-line utility conforms to the expectations of Nagios' check_by_ssh plugin. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-repl-status)."
+
+Additionally, you can monitor the availability of your instance by parsing the status code returned by a request to the following URL. For example, if you deploy a load balancer as part of your failover strategy, you can configure health checks that parse this output. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer#configuring-health-checks)."
+
+Depending on where and how you configure monitoring, replace HOST with either your instance's hostname or an individual node's IP address.
+
+`http(s)://HOST/status`
+
+An active node for geo-replication, which can respond to user requests, will return status code `200` (OK). Requests to individual nodes or the instance's hostname may return a `503` (Service Unavailable) error for the following reasons.
+
+- The individual node is a passive replica node, such as the replica node in a two-node high-availability configuration.
+- The individual node is part of a geo-replication configuration, but is a passive replica node.
+- The instance is in maintenance mode. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)."
+
+For more information about geo-replication, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/about-geo-replication)."
+
+## Troubleshooting replication issues
+
+To troubleshoot replication issues on your instance, ensure replication is running and that nodes can communicate with each other over the network. You can also use command-line utilities to investigate under-replication.
+
+### Replication is not running
+
+You must start replication on each node using the `ghe-repl-start` command-line utility. If replication is not running, connect to the affected node using SSH, then run `ghe-repl-start`. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-repl-start)."
+
+### Communication issues between nodes
+
+Replication requires that the primary node and all replica nodes can communicate with each other over the network. At minimum, ensure that ports 122/TCP and 1194/UDP are open for bidirectional communication between all of your instance's nodes. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/network-ports#administrative-ports)."
+
+### Under-replication
+
+If you run the `ghe-repl-status` command-line utility on a replica node and Git repositories, repository networks, or storage objects are under-replicated, one or more replica nodes are not fully synchronized with the primary node. Under-replication may occur if the primary node is unable to communicate with the replica nodes, or if the replica nodes are unable to communicate with the primary node. 
+
+If you've recently configured high availability or geo-replication, the initial sync will take some time. The duration of the initial sync depends on how much data exists and network conditions.
+
+- [Under-replicated repositories or repository networks](#under-replicated-repositories-or-repository-networks)
+- [Under-replicated storage objects](#under-replicated-storage-objects)
+
+#### Under-replicated repositories or repository networks
+
+You can view a specific repository's replication status by connecting to a node and running the following {% ifversion ghe-spokes-deprecation-phase-1 %}commands{% else %}command{% endif %}, replacing OWNER with the repository's owner and REPOSITORY with the repository's name.
+
+```
+{%- ifversion ghe-spokes-deprecation-phase-1 %}
+ghe-spokesctl check OWNER/REPOSITORY
+ghe-spokesctl info OWNER/REPOSITORY
+{%- else %}
+ghe-spokes diagnose OWNER/REPOSITORY
+{%- endif %}
+```
+
+Alternatively, if you want to view a repository network's replication status, replace NETWORK-ID/REPOSITORY-ID with the network ID and repository ID number.
+
+```
+{%- ifversion ghe-spokes-deprecation-phase-1 %}
+ghe-spokesctl check NETWORK-ID/REPOSITORY-ID
+ghe-spokesctl info NETWORK-ID/REPOSITORY-ID
+{%- else %}
+ghe-spokes diagnose NETWORK-ID/REPOSITORY-ID
+{%- endif %}
+```
+
+#### Under-replicated storage objects
+
+You can view a specific storage object's status by connecting to a node and running the following command, replacing OID with the object's ID.
+
+```
+ghe-storage info OID
+```
+
+### Getting support from {% data variables.product.company_short %}
+
+If you review the troubleshooting advice for replication and continue to experience issues on your instance, collect the following information, then contact {% data variables.contact.contact_ent_support %}. 
+
+- On each affected node, run `ghe-repl-status -vv`, then copy the output to your ticket. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-repl-status)."
+- On each affected node, create a support bundle to attach to your ticket. For more information, see "[AUTOTITLE](/support/contacting-github-support/providing-data-to-github-support#creating-and-sharing-support-bundles)."
+
+
+
+

content/admin/enterprise-management/monitoring-your-appliance/about-system-logs.md

@@ -26,11 +26,14 @@ Listed below are the main logs used by the {% data variables.product.product_nam
 | Path | Description​ |
 |------|-------------|
 | `/var/log/github/audit.log` | Audited user, repository and system events.
-| `/var/log/github/unicorn.log` | API and web interface traffic.
+| `/var/log/github/resqued.log` | Details about background jobs{% ifversion opentelemetry-and-otel-log-migration-phase-1 %}, including jobs that involve authentication{% endif %}.
+| `/var/log/github/unicorn.log` | API and web interface traffic{% ifversion opentelemetry-and-otel-log-migration-phase-1 %}, including authentication attempts{% endif %}.
 | `/var/log/github/exceptions.log` | Application-level errors.
 | `/var/log/haproxy.log` | All IP traffic reaching the appliance.
 | `/var/log/hookshot/resqued.log` | Webhook delivery and failures.
+{%- ifversion ghes < 3.9 %}
 | `/var/log/github/auth.log` | Authentication requests, whether through built in, LDAP, CAS or SAML methods.
+{%- endif %}
 | `/var/log/github/gitauth.log` | All Git authentication requests.
 
 Git activity and authentication requests are processed by the `babeld` service.

content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/index.md

@@ -17,6 +17,7 @@ children:
   - /increasing-storage-capacity
   - /increasing-cpu-or-memory-resources
   - /migrating-from-github-enterprise-1110x-to-2123
+  - /known-issues-with-upgrades-to-your-instance
 shortTitle: Update VM & resources
 ---
 

content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance.md

@@ -0,0 +1,110 @@
+---
+title: Known issues with upgrades to your instance
+intro: '{% data variables.product.company_short %} is aware of issues that impact the upgrade process for {% data variables.product.prodname_ghe_server %}, or impact your instance after you complete an upgrade.'
+versions:
+  ghes: '>=3.7'
+type: overview
+topics:
+  - Enterprise
+  - Troubleshooting
+  - Upgrades
+shortTitle: Known issues with upgrades
+---
+
+## About known issues with {% data variables.product.prodname_ghe_server %} upgrades
+
+{% data variables.product.company_short %} is aware of the following issues that could impact upgrades to new releases of {% data variables.product.prodname_ghe_server %}. For more information, see "Known issues" in the [{% data variables.product.prodname_ghe_server %} release notes](/admin/release-notes).
+
+{% data variables.product.company_short %} strongly recommends regular backups of your instance's configuration and data. Before you proceed with any upgrade, back up your instance, then validate the backup in a staging environment. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)" and "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)."
+
+{% ifversion mysql-8-upgrade %}
+
+## Known issue: increased I/O utilization from MySQL 8 upgrade
+
+If you upgrade from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9 or later, an upgrade to the database software on your instance will increase I/O utilization. In some cases, this may affect your instance's performance.
+
+{% data variables.product.prodname_ghe_server %} includes a MySQL database server supported by the InnoDB storage engine. {% data variables.product.prodname_ghe_server %} 3.8 and earlier use MySQL 5.7. In October 2023, Oracle will end extended support for MySQL 5.7. For more information, see [Oracle Lifetime Support Policy](https://www.oracle.com/us/support/library/lifetime-support-technology-069183.pdf) on the Oracle Support website.
+
+To future-proof {% data variables.product.prodname_ghe_server %} and provide the latest security updates, bug fixes, and performance improvements, {% data variables.product.prodname_ghe_server %} 3.9 and later use MySQL 8.0. MySQL 8.0 achieves a higher number of queries per second (QPS) due to a redesigned REDO log. For more information, see [MySQL Performance: 8.0 re-designed REDO log & ReadWrite Workloads Scalability](http://dimitrik.free.fr/blog/archives/2017/10/mysql-performance-80-redesigned-redo-log-readwrite-workloads-scalability.html) on DimitriK's (dim) Weblog.
+
+After the upgrade to {% data variables.product.prodname_ghe_server %} 3.9, if you experience unacceptable degradation in the performance of your instance, you can collect data from your instance's monitor dashboard to confirm the impact. You can attempt to mitigate the issue, and you can provide the data to {% data variables.contact.github_support %} to help profile and communicate the real-world impact of this change.
+
+{% warning %}
+
+**Warning**: Due to the nature of this upgrade, back up your instance's configuration and data before proceeding. Validate the backup in a staging environment. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)" and "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)."
+
+{% endwarning %}
+
+### Collecting baseline I/O utilization data before the MySQL upgrade
+
+Collect the baseline data before upgrading to {% data variables.product.prodname_ghe_server %} 3.9 or later. To collect baseline data, {% data variables.product.company_short %} recommends that you set up a staging instance of {% data variables.product.prodname_ghe_server %} running 3.7 or 3.8 and restore data from your production instance using {% data variables.product.prodname_enterprise_backup_utilities %}. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)" and "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)."
+
+You may not be able to simulate the load that your instance experiences in a production environment. However, it's useful if you can collect baseline data while simulating patterns of usage from your production environment on the staging instance.
+
+1. Browse to your instance's monitor dashboard. For more information, see "[AUTOTITLE](/admin/enterprise-management/monitoring-your-appliance/accessing-the-monitor-dashboard)."
+1. From the monitor dashboard, monitor relevant graphs.
+
+   - Under "Processes", monitor the graphs for "I/O operations (Read IOPS)" and "I/O operations (Write IOPS)", filtering for `mysqld`. These graphs display I/O operations for all of the node's services.
+   - Under "Storage", monitor the graph for "Disk utilization (Data Device DEVICE-ID)". This graph displays the amount of time spent on all of the node's I/O operations.
+
+### Reviewing I/O utilization data after the MySQL upgrade
+
+After the upgrade to {% data variables.product.prodname_ghe_server %} 3.9, review the instance's I/O utilization. {% data variables.product.company_short %} recommends that you upgrade a staging instance of {% data variables.product.prodname_ghe_server %} running 3.7 or 3.8 that includes restored data from your production instance, or that you restore data from your production instance to a new staging instance running 3.9. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)" and "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)."
+
+1. Browse to your instance's monitor dashboard. For more information, see "[AUTOTITLE](/admin/enterprise-management/monitoring-your-appliance/accessing-the-monitor-dashboard)."
+1. From the monitor dashboard, monitor relevant graphs.
+
+   - Under "Processes", monitor the graphs for "I/O operations (Read IOPS)" and "I/O operations (Write IOPS)", filtering for `mysqld`. These graphs display I/O operations for all of the node's services.
+   - Under "Storage", monitor the graphs for "Disk utilization (Data Device DEVICE ID)" and "Disk Latency (Data Device DEVICE-ID)". These graph display the amount of time spent on all of the node's I/O operations, as well as overall disk latency.
+     - Significant increases to disk latency could indicate that your instance is forcing disk IOPS to wait to complete.
+     - You can corroborate an observation of increased latency by reviewing the graph for "Disk pending operations (Data Device DEVICE-ID)", which could indicate that the disk cannot sufficiently address all operations.
+
+### Mitigating impact of the MySQL upgrade
+
+To address unacceptable degradation of performance, {% data variables.product.company_short %} recommends the following solutions.
+
+Before you test any mitigation procedure in a production environment, back up your instance, validate the backup, then test the procedure in a staging environment. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)" and "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)."
+- [Adjust InnoDB's flushing method](#adjust-innodbs-flushing-method)
+- [Upgrade your instance's storage](#upgrade-your-instances-storage)
+
+#### Adjust InnoDB's flushing method
+
+To attempt to mitigate the performance impact, you can adjust InnoDB's flushing method to skip the `fsync()` system call after each write operation. For more information, see [`innodb_flush_method`](https://dev.mysql.com/doc/refman/8.0/en/innodb-parameters.html#sysvar_innodb_flush_method) in the MySQL 8.0 Reference Manual.
+
+The following instructions are only intended for  {% data variables.product.product_name %} 3.9 and later.
+
+{% warning %}
+
+**Warning**: Adjustment of the flushing method requires that your instance's storage device has a battery-backed cache. If the device's cache is not battery-backed, you risk data loss.
+
+- If you host your instance using a virtualization hypervisor within an on-premises datacenter, review your storage specifications to confirm.
+- If you host your instance in a public cloud service, consult your provider's documentation or support team to confirm.
+
+{% endwarning %}
+
+{% data reusables.enterprise_installation.ssh-into-instance %}
+1. To validate the current flushing method for InnoDB, run the following command.
+   
+   ```shell{:copy}
+   ghe-config mysql.innodb-flush-no-fsync
+   ```
+
+   By default, the command returns `false`, indicating that your instance performs an `fsync()` system call after each write operation.
+1. To configure InnoDB to skip the `fsync()` system call after each write operation, run the following command.
+
+   ```shell{:copy}
+   ghe-config mysql.innodb-flush-no-fsync true
+   ```
+{% data reusables.enterprise.apply-configuration %}
+
+#### Upgrade your instance's storage
+
+You can reduce pending operations, increase IOPS, and improve performance by provisioning faster storage for your instance's nodes. To upgrade your instance's storage, back up your instance and restore the backup to a new replacement instance. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)."
+
+### Sharing data with {% data variables.product.company_short %} 
+
+Finally, if you're willing to help {% data variables.product.company_short %}  understand the real-world impact of the upgrade to MySQL 8, you can provide the data you've collected to {% data variables.contact.github_support %}. Provide the baseline and post-upgrade observations from the monitor dashboard, along with a support bundle that covers the period when you collected data. For more information, see "[AUTOTITLE](/support/learning-about-github-support/about-github-support)" and "[AUTOTITLE](/support/contacting-github-support/providing-data-to-github-support)."
+
+The data you submit helps {% data variables.product.company_short %} continue to provide a performant product, but {% data variables.product.company_short %} does not guarantee any additional mitigation steps or changes to the product as a result of the data you provide.
+
+{% endif %}

content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrade-requirements.md

@@ -47,6 +47,14 @@ curl -s http://localhost:9201/audit_log/_stats/store | jq ._all.primaries.store.
 ```
 Use the number to estimate the amount of disk space the MySQL audit logs will need. The script also monitors your free disk space while the import is in progress. Monitoring this number is especially useful if your free disk space is close to the amount of disk space necessary for migration.
 
+{% ifversion mysql-8-upgrade %}
+
+## Known issues
+
+Review known issues that may apply to your upgrade. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance)."
+
+{% endif %}
+
 ## Next steps
 
 After reviewing these recommendations and requirements, you can upgrade {% data variables.product.prodname_ghe_server %}. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."

content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server.md

@@ -199,20 +199,23 @@ While you can use a hotpatch to upgrade to the latest patch release within a fea
    *** verifying upgrade package signature...
    ```
 1. Confirm that you'd like to continue with the upgrade and restart after the package signature verifies. The new root filesystem writes to the secondary partition and the instance automatically restarts in maintenance mode:
-   ```shell
-   *** applying update...
-   This package will upgrade your installation to version VERSION-NUMBER
-   Current root partition: /dev/xvda1 [VERSION-NUMBER]
-   Target root partition:  /dev/xvda2
-   Proceed with installation? [y/N]
-   ```
+  ```shell
+  *** applying update...
+  This package will upgrade your installation to version VERSION-NUMBER
+  Current root partition: /dev/xvda1 [VERSION-NUMBER]
+  Target root partition:  /dev/xvda2
+  Proceed with installation? [y/N]
+  ```
+{%- ifversion ghe-migrations-cli-utility %}
+1. Optionally, during an upgrade to a feature release, you can monitor the status of database migrations using the `ghe-migrations` utility. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations)."
+{%- endif %}
 1. After the instance restarts, the upgrade will continue in the background. You cannot unset maintenance mode until the process completes. To monitor progress, read the output in `/data/user/common/ghe-config.log`. For example, you can tail the log by running the following command:
 
    ```shell
    tail -f /data/user/common/ghe-config.log
    ```
 {% ifversion ip-exception-list %}
-1. Optionally, to validate the upgrade, configure an IP exception list to allow access to a specified list of IP addresses. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode#validating-changes-in-maintenance-mode-using-the-ip-exception-list)."
+1. Optionally, after the upgrade, validate the upgrade by configuring an IP exception list to allow access to a specified list of IP addresses. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode#validating-changes-in-maintenance-mode-using-the-ip-exception-list)."
 {% endif %}
 1. For single node upgrades, disable maintenance mode so users can use {% data variables.location.product_location %}.
 

content/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md

@@ -19,19 +19,19 @@ topics:
 {% ifversion ghes %}
 ## About problems with SAML authentication
 
-{% data variables.product.product_name %} logs error messages for failed SAML authentication in the authentication log at _/var/log/github/auth.log_. You can review responses in this log file, and you can also configure more verbose logging.
+{% data variables.product.product_name %} logs error messages for failed SAML authentication in the {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}logs{% elsif ghes < 3.9 %}authentication log{% endif %} at {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}_/var/log/github/unicorn.log_ or _/var/log/github/resqued.log_{% elsif ghes < 3.9 %}_/var/log/github/auth.log_{% endif %}. You can review responses in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}these log files{% elsif ghes < 3.9 %}this log file{% endif %}, and you can also configure more verbose logging.
 
 For more information about SAML response requirements, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference#saml-response-requirements)."
 
 ## Configuring SAML debugging
 
-You can configure {% data variables.product.product_name %} to write verbose debug logs to _/var/log/github/auth.log_ for every SAML authentication attempt. You may be able to troubleshoot failed authentication attempts with this extra output.
+You can configure {% data variables.product.product_name %} to write verbose debug logs for every SAML authentication attempt. You may be able to troubleshoot failed authentication attempts with this extra output.
 
 {% warning %}
 
 **Warnings**:
 
-- Only enable SAML debugging temporarily, and disable debugging immediately after you finish troubleshooting. If you leave debugging enabled, the size of your log may increase much faster than usual, which can negatively impact the performance of {% data variables.product.product_name %}.
+- Only enable SAML debugging temporarily, and disable debugging immediately after you finish troubleshooting. If you leave debugging enabled, the size of the log {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}files increase{% elsif ghes < 3.9 %}file increase{% endif %} much faster than usual, which can negatively impact the performance of {% data variables.product.product_name %}.
 - Test new authentication settings for {% data variables.location.product_location %} in a staging environment before you apply the settings in your production environment. For more information, see "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance)."
 
 {% endwarning %}
@@ -41,12 +41,12 @@ You can configure {% data variables.product.product_name %} to write verbose deb
 {% data reusables.enterprise-accounts.options-tab %}
 1. Under "SAML debugging", select the drop-down and click **Enabled**.
 1. Attempt to sign into {% data variables.location.product_location %} through your SAML IdP.
-1. Review the debug output in _/var/log/github/auth.log_ on {% data variables.location.product_location %}.
+1. Review the debug output in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}_/var/log/github/unicorn.log_ or _/var/log/github/resqued.log_{% elsif ghes < 3.9 %}_/var/log/github/auth.log_{% endif %} on {% data variables.location.product_location %}.
 1. When you're done troubleshooting, select the drop-down and click **Disabled**.
 
-## Decoding responses in _auth.log_
+## Decoding responses
 
-Some output in _auth.log_ may be Base64-encoded. You can access the administrative shell and use the `base64` utility on {% data variables.location.product_location %} to decode these responses. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
+Some output in {% ifversion opentelemetry-and-otel-log-migration-phase-1 %}_/var/log/github/unicorn.log_ or _/var/log/github/resqued.log_{% elsif ghes < 3.9 %}_/var/log/github/auth.log_{% endif %} may be Base64-encoded. You can access the administrative shell and use the `base64` utility on {% data variables.location.product_location %} to decode these responses. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
 
 ```shell
 $ base64 --decode ENCODED_OUTPUT

content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics.md

@@ -26,7 +26,7 @@ We collect no personal data. We also don't collect any {% data variables.product
 
 Only owners of the connected enterprise account or organization on {% data variables.product.prodname_ghe_cloud %} can access the data.
 
-Only certain aggregate metrics are collected on repositories, issues, pull requests, and other features. To see the list of aggregate metrics collected, see "[{% data variables.product.prodname_server_statistics %} data collected](#server-statistics-data-collected)." 
+Only certain aggregate metrics are collected on repositories, issues, pull requests, and other features. To see the list of aggregate metrics collected, see "[{% data variables.product.prodname_server_statistics %} data collected](#server-statistics-data-collected)."
 
 Any updates to the collected metrics will happen in future feature releases of {% data variables.product.prodname_ghe_server %} and will be described in the [{% data variables.product.prodname_ghe_server %} release notes](/admin/release-notes). In addition, we will update this article with all metric updates.
 
@@ -64,7 +64,7 @@ G	| `collection_date` | The date the metrics were collected |
 H	| `schema_version` | The version of the database schema used to store this data |
 I	| `ghe_stats.comments.total_commit_comments` | Number of comments on commits |
 J	| `ghe_stats.comments.total_gist_comments` | Number of comments on gists |
-K	| `ghe_stats.comments.total_issue_comments` | Number of comments on issues | 
+K	| `ghe_stats.comments.total_issue_comments` | Number of comments on issues |
 L	| `ghe_stats.comments.total_pull_request_comments` | Number of comments on pull requests |
 M	| `ghe_stats.gists.total_gists` | Number of gists (both secret and public) |
 N	| `ghe_stats.gists.private_gists` | Number of secret gists |
@@ -95,7 +95,77 @@ AL | `ghe_stats.repos.total_pushes` | Number of pushes to repositories |
 AM | `ghe_stats.repos.total_wikis` | Number of wikis |
 AN | `ghe_stats.users.total_users` | Number of user accounts |
 AO | `ghe_stats.users.admin_users` | Number of user accounts that are site administrators |
-AP | `ghe_stats.users.suspended_users` | Number of user accounts that are suspended |
+AP | `ghe_stats.users.suspended_users` | Number of user accounts that are suspended |{% ifversion actions-server-statistics %}
+AQ | `actions_stats.number_of_repos_using_actions` | Number of repositories using {% data variables.product.prodname_actions %}
+AR | `actions_stats.percentage_of_repos_using_actions` | Percentage of repositories using {% data variables.product.prodname_actions %}
+AS | `packages_stats.registry_enabled` | Whether {% data variables.product.prodname_registry %} with repository-scoped packages is enabled for {% data variables.location.product_location %}
+AT | `packages_stats.registry_v2_enabled` | Whether {% data variables.product.prodname_registry %} with granular permissions is enabled for {% data variables.location.product_location %}
+AU | `packages_stats.ecosystems.docker.registry_enabled` | Whether Docker is enabled for {% data variables.product.prodname_registry %}
+AV | `packages_stats.ecosystems.docker.published_packages_count` | Number of published Docker images (private, public, and internal)
+AW | `packages_stats.ecosystems.docker.private_packages_count`| Number of private Docker images
+AX | `packages_stats.ecosystems.docker.public_packages_count` | Number of public Docker images
+AY | `packages_stats.ecosystems.docker.internal_packages_count` | Number of internal Docker images
+AZ | `packages_stats.ecosystems.docker.user_packages_count` | Number of Docker images owned by users
+BA | `packages_stats.ecosystems.docker.organization_packages_count` | Number of Docker images owned by organizations
+BB | `packages_stats.ecosystems.docker.daily_download_count` | Number of downloads of  Docker images
+BC | `packages_stats.ecosystems.docker.daily_update_count` | Number of Docker images updated
+BD | `packages_stats.ecosystems.docker.daily_delete_count` | Number of Docker images deleted
+BE | `packages_stats.ecosystems.docker.daily_create_count` | Number of Docker images created
+BF | `packages_stats.ecosystems.maven.registry_enabled` | Whether Maven is enabled for {% data variables.product.prodname_registry %}
+BG | `packages_stats.ecosystems.maven.published_packages_count` | Number of published Maven packages (private, public, and internal)
+BH | `packages_stats.ecosystems.maven.private_packages_count` | Number of private Maven packages
+BI | `packages_stats.ecosystems.maven.public_packages_count` | Number of public Maven packages
+BJ | `packages_stats.ecosystems.maven.internal_packages_count` | Number of internal Maven packages
+BK | `packages_stats.ecosystems.maven.user_packages_count` | Number of Maven packages owned by user accounts
+BL | `packages_stats.ecosystems.maven.organization_packages_count` |  Number of Maven packages owned by organizations
+BM | `packages_stats.ecosystems.maven.daily_download_count` | Number of downloads of  Maven packages
+BN | `packages_stats.ecosystems.maven.daily_update_count` | Number of Maven packages updated
+BO | `packages_stats.ecosystems.maven.daily_delete_count` | Number of Maven packages deleted
+BP | `packages_stats.ecosystems.maven.daily_create_count` | Number of Maven packages created
+BQ | `packages_stats.ecosystems.npm.registry_enabled` | Whether npm is enabled for {% data variables.product.prodname_registry %}
+BR | `packages_stats.ecosystems.npm.published_packages_count` | Number of published npm packages (private, public, and internal)
+BS | `packages_stats.ecosystems.npm.private_packages_count` | Number of private npm packages
+BT | `packages_stats.ecosystems.npm.public_packages_count` |  Number of public npm packages
+BU | `packages_stats.ecosystems.npm.internal_packages_count` | Number of internal npm packages
+BV | `packages_stats.ecosystems.npm.user_packages_count` | Number of npm packages owned by user accounts
+BW | `packages_stats.ecosystems.npm.organization_packages_count` | Number of npm packages owned by organizations
+BX |  `packages_stats.ecosystems.npm.daily_download_count` | Number of downloads of npm packages
+BY | `packages_stats.ecosystems.npm.daily_update_count` | Number of npm packages updated
+BZ | `packages_stats.ecosystems.npm.daily_delete_count` | Number of npm packages deleted
+CA | `packages_stats.ecosystems.npm.daily_create_count` | Number of npm packages created
+CB | `packages_stats.ecosystems.nuget.registry_enabled` | Whether NuGet is enabled for {% data variables.product.prodname_registry %}
+CC | `packages_stats.ecosystems.nuget.published_packages_count` | Number of published NuGet packages (private, public, and internal)
+CD | `packages_stats.ecosystems.nuget.private_packages_count` | Number of private NuGet packages
+CE | `packages_stats.ecosystems.nuget.public_packages_count` | Number of public NuGet packages
+CF | `packages_stats.ecosystems.nuget.internal_packages_count` | Number of internal NuGet packages
+CG | `packages_stats.ecosystems.nuget.user_packages_count` | Number of NuGet packages owned by user accounts
+CH | `packages_stats.ecosystems.nuget.organization_packages_count` | Number of NuGet packages owned by organizations
+CI | `packages_stats.ecosystems.nuget.daily_download_count` | Number of downloads of Nuget packages
+CJ | `packages_stats.ecosystems.nuget.daily_update_count` | Number of NuGet packages updated
+CK | `packages_stats.ecosystems.nuget.daily_delete_count` | Number of NuGet packages deleted
+CL | `packages_stats.ecosystems.nuget.daily_create_count` | Number of NuGet packages created
+CM | `packages_stats.ecosystems.ruby_gems.registry_enabled` | Whether Rubygems is enabled for {% data variables.product.prodname_registry %}
+CN | `packages_stats.ecosystems.ruby_gems.published_packages_count` | Number of published Rubygems packages (private, public, and internal)
+CO | `packages_stats.ecosystems.ruby_gems.private_packages_count` | Number of private Rubygems packages
+CP | `packages_stats.ecosystems.ruby_gems.public_packages_count` | Number of public Rubygems packages
+CQ | `packages_stats.ecosystems.ruby_gems.internal_packages_count` | Number of internal Rubygems packaes
+CR | `packages_stats.ecosystems.ruby_gems.user_packages_count` | Number of Rubygems packages owned by user accounts
+CS | `packages_stats.ecosystems.ruby_gems.organization_packages_count` | Number of Rubygems packages owned by organizations
+CT | `packages_stats.ecosystems.ruby_gems.daily_download_count` | Number of downloads of Rubygems packages
+CU | `packages_stats.ecosystems.ruby_gems.daily_update_count` | Number of Rubygems packages updated
+CV | `packages_stats.ecosystems.ruby_gems.daily_delete_count` | Number of Rubygems packages deleted
+CW | `packages_stats.ecosystems.ruby_gems.daily_create_count` | Number of Rubygems packages created
+CX | `packages_stats.ecosystems.containers.registry_enabled` | Whether {% data variables.product.prodname_container_registry %} is enabled for {% data variables.product.prodname_registry %}
+CY | `packages_stats.ecosystems.containers.published_packages_count` | Number of published container images (private, public, and internal)
+CZ | `packages_stats.ecosystems.containers.private_packages_count` | Number of private container images
+DA | `packages_stats.ecosystems.containers.public_packages_count` | Number of public container images
+DB | `packages_stats.ecosystems.containers.internal_packages_count` | Number of internal container images
+DC | `packages_stats.ecosystems.containers.user_packages_count` | Number of container images owned by user accounts
+DD | `packages_stats.ecosystems.containers.organization_packages_count` | Number of container images owned by organizations
+DE |`packages_stats.ecosystems.containers.daily_download_count` | Number of downloads of container images
+DF |`packages_stats.ecosystems.containers.daily_update_count` | Number of container images updated
+DG |`packages_stats.ecosystems.containers.daily_delete_count` | Number of container images deleted
+DH | `packages_stats.ecosystems.containers.daily_create_count` | Number of container images created | {% endif %}
 
 ## {% data variables.product.prodname_server_statistics %} data examples
 

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md

@@ -540,6 +540,51 @@ Before you'll see `git` category actions, you must enable Git events in the audi
 | `issues.deletes_enabled` | The ability for enterprise members to delete issues was enabled. Members can delete issues in any organizations in an enterprise. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues)."
 | `issues.deletes_policy_cleared` | An enterprise owner{% ifversion ghes %} or site administrator{% endif %} cleared the policy setting for allowing members to delete issues in an enterprise. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deleting-issues)."
 
+{% ifversion management-console-events-audit-log %}
+## `management_console` category actions
+
+| Action | Description
+|--------|-------------
+| `management_console.add_authorized_ssh_key` | Access to the administrative shell (SSH) was granted by adding a public key. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)." |
+| `management_console.change_password` | The password for the root site administrator was changed. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console)." |
+| `management_console.chatops_remove` | A configuration for the Microsoft Teams or Slack integration was removed. For more information, see "[AUTOTITLE](/get-started/exploring-integrations/github-extensions-and-integrations#team-communication-tools)." |
+| `management_console.configure_github_enterprise` | A configuration run was started on the instance. |
+| `management_console.create_user` | A new {% data variables.enterprise.management_console %} user was created. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#creating-or-deleting-a-user-account-for-the-management-console)." |
+| `management_console.delete_authorized_ssh_key` | Access to the administrative shell (SSH) was revoked due to the removal of a public key. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)." |
+| `management_console.delete_user` | A {% data variables.enterprise.management_console %} user was deleted. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#creating-or-deleting-a-user-account-for-the-management-console)." |
+| `management_console.diagnostics_file_download` | A diagnostic file for the instance was generated. For more information, see "[AUTOTITLE](/support/contacting-github-support/providing-data-to-github-support#creating-a-diagnostic-file-from-the-management-console)." |
+| `management_console.dns_test` | Domain settings were validated. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/validating-your-domain-settings)." |
+| `management_console.edit_user` | A {% data variables.enterprise.management_console %} user's name or role was edited. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console)." |
+| `management_console.email_test` | A test email was sent while enabling email notifications for the instance. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications#testing-email-delivery)." |
+| `management_console.initialize_cluster` | The instance was initialized as a cluster. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/initializing-the-cluster)." |
+| `management_console.initialize_management_console` | During initial configuration of the instance, a license was uploaded and the root site administrator password was set. |
+| `management_console.ldap_test` | LDAP connectivity was tested during configuration of LDAP for authentication. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#configuring-ldap-with-your-github-enterprise-server-instance)." |
+| `management_console.manage_maintenance_ip_exception_list` | The IP exception list to validate changes in maintenance mode was configured. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode#validating-changes-in-maintenance-mode-using-the-ip-exception-list)." |
+| `management_console.manage_maintenance_mode` | Maintenance mode was enabled, disabled, or scheduled for the instance. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode)." |
+| `management_console.modify_automatic_updates` | Automatic update checks were enabled or disabled for the instance. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks)." |
+| `management_console.msteams_app_manifest` | A manifest file was generated for the Microsoft Teams integration. For more information, see "[AUTOTITLE](/get-started/exploring-integrations/github-extensions-and-integrations#team-communication-tools)." |
+| `management_console.msteams_app_update` | The configuration for the Microsoft Teams integration was updated. For more information, see "[AUTOTITLE](/get-started/exploring-integrations/github-extensions-and-integrations#team-communication-tools)." |
+| `management_console.new_user_setup` | An invitation invitation was sent to a new {% data variables.enterprise.management_console %} user. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#inviting-new-management-console-users)." |
+| `management_console.request_tls_certificate` | A TLS certificate for the instance was requested from Let's Encrypt. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-tls#about-lets-encrypt-support)." |
+| `management_console.resend_user_invitation` | An invitation to a new {% data variables.enterprise.management_console %} user was re-sent. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#inviting-new-management-console-users)." |
+| `management_console.save_first_run_settings` | Settings were saved during the initial configuration of the instance. |
+| `management_console.save_settings` | Settings were saved. |
+| `management_console.select_installation_type` | An installation type was selected during initialization of the instance. |
+| `management_console.slack_app_generate` | An app for the Slack integration was generated. For more information, see "[AUTOTITLE](/get-started/exploring-integrations/github-extensions-and-integrations#team-communication-tools)." |
+| `management_console.slack_app_update` | The app-level token for the Slack integration was updated. For more information, see "[AUTOTITLE](/get-started/exploring-integrations/github-extensions-and-integrations#team-communication-tools)." |
+| `management_console.smtp_test` | An SMTP configuration was tested while enabling email notifications for the instance. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications#testing-email-delivery)." |
+| `management_console.ssh_command` | A command was run using the administrative shell (SSH). For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)." 
+| `management_console.storage_actions_test` | A storage configuration for {% data variables.product.prodname_actions %} was tested. For more information, see "[AUTOTITLE](/admin/github-actions/enabling-github-actions-for-github-enterprise-server)." |
+| `management_console.storage_migrations_test` | A storage configuration for {% data variables.product.prodname_importer_proper_name %} was tested. For more information, see "[AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-repositories-with-github-enterprise-importer/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud)." |
+| `management_console.storage_packages_test` | A storage configuration for {% data variables.product.prodname_registry %} was tested. For more information, see "[AUTOTITLE](/admin/packages)." |
+| `management_console.support_bundle_download` | A support bundle for the instance was generated. For more information, see "[AUTOTITLE](/support/contacting-github-support/providing-data-to-github-support#creating-a-support-bundle-from-the-management-console)." |
+| `management_console.unblock_user` | A {% data variables.enterprise.management_console %} user account was unlocked after the account was blocked for multiple failed sign-in attempts. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-a-management-console-user-account)." |
+| `management_console.update_user_password` | The password for a {% data variables.enterprise.management_console %} user was updated. |
+| `management_console.upgrade_license` | A new license for the instance was uploaded. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server)." |
+| `management_console.user_sign_in` | Someone signed into the {% data variables.enterprise.management_console %}. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/accessing-the-management-console)." |
+| `management_console.user_sign_out` | Someone signed out of the {% data variables.enterprise.management_console %}. |
+{% endif %}
+
 {%- ifversion fpt or ghec %}
 ## `marketplace_agreement_signature` category actions
 

content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md

@@ -70,7 +70,7 @@ A time-based one-time password (TOTP) application automatically generates an aut
 {% data reusables.user-settings.access_settings %}
 {% data reusables.user-settings.security %}
 {% data reusables.two_fa.enable-two-factor-authentication %}
-{%- ifversion fpt or ghec or ghes > 3.7 %}
+{%- ifversion fpt or ghec or ghes > 3.8 %}
 1. Under "Setup authenticator app", do one of the following:
     - Scan the QR code with your mobile device's app. After scanning, the app displays a six-digit code that you can enter on {% data variables.product.product_name %}.
     - If you can't scan the QR code, click **enter this text code** to see a code that you can manually enter in your TOTP app instead.

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale.md

@@ -74,10 +74,14 @@ You can use the "Security coverage" view in security overview to show repositori
 {%- endif %}
     - `code-scanning-default-setup:not-eligible` shows repositories that either have advanced setup configured already, or where the languages not are suitable for default setup.
 
+{% ifversion code-security-multi-repo-enablement %}
+
 You can select all of the displayed repositories, or a subset of them, and enable or disable default setup for {% data variables.product.prodname_code_scanning %} for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."
 
 {% endif %}
 
+{% endif %}
+
 ## Using a script to configure advanced setup
 
 For repositories that are not eligible for default setup, you can use a bulk configuration script to configure advanced setup across multiple repositories.

content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md

@@ -26,7 +26,7 @@ topics:
 You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for:
 * Your personal account
 * Your repository
-* Your organization{% ifversion dependabot-alerts-enterprise-enablement %}
+* Your organization{% ifversion dependabot-alerts-enterprise-enablement or ghes > 3.8 %}
 * Your enterprise{% endif %}
 
 ## Managing {% data variables.product.prodname_dependabot_alerts %} for your personal account
@@ -58,12 +58,16 @@ When you enable {% data variables.product.prodname_dependabot_alerts %} for exis
 
 ## Managing {% data variables.product.prodname_dependabot_alerts %} for your repository
 
-{% ifversion fpt or ghec %}You can manage {% data variables.product.prodname_dependabot_alerts %} for your public, private or internal repository.
+{% ifversion fpt or ghec or ghes > 3.8 %}You can manage {% data variables.product.prodname_dependabot_alerts %} for your public, private or internal repository.{% endif %}
 
 By default, we notify people with {% ifversion dependabot-alerts-permissions-write-maintain %}write, maintain, or {% endif %}admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}. {% data variables.product.product_name %} never publicly discloses insecure dependencies for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working on repositories that you own or have admin permissions for.
 
 {% data reusables.security.security-and-analysis-features-enable-read-only %}
 
+{% ifversion dependabot-alerts-ghes-enablement %}
+An enterprise owner must first set up {% data variables.product.prodname_dependabot %} for your enterprise before you can manage {% data variables.product.prodname_dependabot_alerts %} for your repository. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."{% endif %}
+
+{% ifversion fpt or ghec or ghes > 3.8 %}
 ### Enabling or disabling {% data variables.product.prodname_dependabot_alerts %} for a repository
 
 {% data reusables.repositories.navigate-to-repo %}
@@ -72,14 +76,17 @@ By default, we notify people with {% ifversion dependabot-alerts-permissions-wri
 1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** to enable alerts or **Disable** to disable alerts.
 
 {% endif %}
-{% ifversion ghes or ghae %}
+{% ifversion ghes < 3.9 or ghae %}
 
 {% data variables.product.prodname_dependabot_alerts %} for your repository can be enabled or disabled by your enterprise owner. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
 
 {% endif %}
 
 ## Managing {% data variables.product.prodname_dependabot_alerts %} for your organization
-{% ifversion fpt or ghec %}You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories owned by your organization. Your changes affect all repositories.
+{% ifversion fpt or ghec or ghes > 3.8 %}You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories owned by your organization. Your changes affect all repositories.
+
+{% ifversion dependabot-alerts-ghes-enablement %}
+An enterprise owner must first set up {% data variables.product.prodname_dependabot %} for your enterprise before you can manage {% data variables.product.prodname_dependabot_alerts %} for your repository. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."{% endif %}
 
 ### Enabling or disabling {% data variables.product.prodname_dependabot_alerts %} for all existing repositories
 
@@ -98,22 +105,28 @@ You can use the organization settings page for "Code security and analysis" to e
 1. Optionally, to enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories in your organization, in the dialog box, select "Enable by default for new repositories".
 1. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories in your organization.
 {% endif %}
-{% ifversion ghes or ghae %}
+
+{% ifversion ghes < 3.9 or ghae %}
 {% data variables.product.prodname_dependabot_alerts %} for your organization can be enabled or disabled by your enterprise owner. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
 {% endif %}
 
-{% ifversion dependabot-alerts-enterprise-enablement %}
+{% ifversion dependabot-alerts-enterprise-enablement or ghes > 3.8 %}
 
 ## Managing {% data variables.product.prodname_dependabot_alerts %} for your enterprise
 
 You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all current and future repositories owned by organizations in your enterprise. Your changes affect all repositories.
 
+{% endif %}
+
+{% ifversion dependabot-alerts-enterprise-enablement %}
 {% note %}
 
 **Note:** When {% data variables.product.prodname_dependabot_alerts %} are enabled or disabled at the enterprise level, it overrides the organization and repository level settings for {% data variables.product.prodname_dependabot_alerts %}.
 
 {% endnote%}
+{% endif %}
 
+{% ifversion dependabot-alerts-enterprise-enablement or ghes > 3.8 %}
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 1. In the left sidebar, click **Code security and analysis**.

content/code-security/getting-started/securing-your-organization.md

@@ -45,7 +45,12 @@ You can create a default security policy that will display in any of your organi
 {% endif %}
 
 {% data reusables.dependabot.dependabot-alerts-beta %}
+
+{% ifversion dependabot-alerts-ghes-enablement %}
+{% data reusables.dependabot.dependabot-alerts-enterprise-server-repo-org-enablement %}
+{% else %}
 {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %}
+{% endif %}
 
 For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)," "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)," and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
 

content/code-security/getting-started/securing-your-repository.md

@@ -60,7 +60,11 @@ For more information, see "[AUTOTITLE](/code-security/supply-chain-security/unde
 {% endif %}
 
 {% data reusables.dependabot.dependabot-alerts-beta %}
+{% ifversion dependabot-alerts-ghes-enablement %}
+{% data reusables.dependabot.dependabot-alerts-enterprise-server-repo-org-enablement %}
+{% else %}
 {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %}
+{% endif %}
 
 For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts){% ifversion fpt or ghec %}" and "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account){% endif %}."
 

content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/about-issue-and-pull-request-templates.md

@@ -24,23 +24,23 @@ You can create default issue and pull request templates for your organization or
 
 ## Issue templates
 
-When you create issue templates for your repository using the issue template builder{% ifversion fpt or ghec %} or with issue forms{% endif %}, contributors can select the appropriate template when they open new issues in the repository.
+When you create issue templates for your repository using the issue template builder{% ifversion issue-forms %} or with issue forms{% endif %}, contributors can select the appropriate template when they open new issues in the repository.
 
 ![Screenshot of the new issue page, with multiple templates to choose from.](/assets/images/help/issues/new-issue-page-with-multiple-templates.png)
 
-Issue templates are helpful when you want to provide guidance for opening issues while allowing contributors to specify the content of their issues. {% ifversion fpt or ghec %} If you want contributors to provide specific, structured information when they open issues, issue forms help ensure that you receive your desired information.{% endif %}
+Issue templates are helpful when you want to provide guidance for opening issues while allowing contributors to specify the content of their issues. {% ifversion issue-forms %} If you want contributors to provide specific, structured information when they open issues, issue forms help ensure that you receive your desired information.{% endif %}
 
 Using the template builder, you can specify a title and description for each template, add the template content, and either commit the template to the default branch or open a pull request in the repository. The template builder automatically adds the YAML front matter markup that is required for the template to show on the new issue page. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository)."
 
-{% ifversion fpt or ghec %}
+{% ifversion issue-forms %}
 With issue forms, you can create templates that have web form fields using the {% data variables.product.prodname_dotcom %} form schema. When a contributor opens an issue using an issue form, the form inputs are converted to a standard markdown issue comment. You can specify different input types and set inputs as required to help contributors open actionable issues in your repository. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#creating-issue-forms)" and "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms)."
 {% endif %}
 
 {% data reusables.repositories.issue-template-config %} For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser)."
 
-Issue templates are stored on the repository's default branch, in a hidden `.github/ISSUE_TEMPLATE` directory. If you create a template in another branch, it will not be available for collaborators to use. Issue template filenames are not case sensitive, and need a *.md* extension.{% ifversion fpt or ghec %} Issue templates created with issue forms need a *.yml* extension.{% endif %} {% data reusables.repositories.valid-community-issues %}
+Issue templates are stored on the repository's default branch, in a hidden `.github/ISSUE_TEMPLATE` directory. If you create a template in another branch, it will not be available for collaborators to use. Issue template filenames are not case sensitive, and need a *.md* extension.{% ifversion issue-forms %} Issue templates created with issue forms need a *.yml* extension.{% endif %} {% data reusables.repositories.valid-community-issues %}
 
-It is possible to manually create a single issue template in Markdown using the legacy issue template workflow, and project contributors will automatically see the template's contents in the issue body. However, we recommend using the upgraded multiple issue template builder{% ifversion fpt or ghec %} or issue forms{% endif %} to create issue templates. For more information about the legacy workflow, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/manually-creating-a-single-issue-template-for-your-repository)."
+It is possible to manually create a single issue template in Markdown using the legacy issue template workflow, and project contributors will automatically see the template's contents in the issue body. However, we recommend using the upgraded multiple issue template builder{% ifversion issue-forms %} or issue forms{% endif %} to create issue templates. For more information about the legacy workflow, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/manually-creating-a-single-issue-template-for-your-repository)."
 
 {% data reusables.repositories.security-guidelines %}
 

content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/common-validation-errors-when-creating-issue-forms.md

@@ -2,8 +2,7 @@
 title: Common validation errors when creating issue forms
 intro: 'You may see some of these common validation errors when creating, saving, or viewing issue forms.'
 versions:
-  fpt: '*'
-  ghec: '*'
+  feature: issue-forms
 topics:
   - Community
 ---

content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository.md

@@ -7,9 +7,9 @@ redirect_from:
   - /github/building-a-strong-community/configuring-issue-templates-for-your-repository
 versions:
   fpt: '*'
+  ghec: '*'
   ghes: '*'
   ghae: '*'
-  ghec: '*'
 topics:
   - Community
 shortTitle: Configure
@@ -39,7 +39,7 @@ shortTitle: Configure
 1. Below the commit message fields, select whether to commit your template directly to the default branch, or to create a new branch and open a pull request. For more information about pull requests, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests)."
 1. Click **Commit changes**. Once these changes are merged into the default branch, the template will be available for contributors to use when they open new issues in the repository.
 
-{% ifversion fpt or ghec %}
+{% ifversion issue-forms %}
 
 ## Creating issue forms
 

content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema.md

@@ -4,7 +4,7 @@ intro: 'You can use {% data variables.product.company_short %}''s form schema to
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '> 3.7'
+  ghes: '> 3.8'
 topics:
   - Community
 ---

content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms.md

@@ -2,8 +2,7 @@
 title: Syntax for issue forms
 intro: 'You can define different input types, validations, default assignees, and default labels for your issue forms.'
 versions:
-  fpt: '*'
-  ghec: '*'
+  feature: issue-forms
 topics:
   - Community
 ---

content/discussions/managing-discussions-for-your-community/creating-discussion-category-forms.md

@@ -6,8 +6,6 @@ versions:
   feature: discussion-category-forms
 ---
 
-{% data reusables.discussions.discussion-category-forms-beta %}
-
 ## About discussion category forms
 
 You can encourage community members to include specific, structured information in their discussions by using discussion forms in your repository. With discussion category forms, you can create discussion templates that have customizable web form fields. Discussion forms are written in YAML using the {% data variables.product.prodname_dotcom %} form schema. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema)." 

content/discussions/managing-discussions-for-your-community/syntax-for-discussion-category-forms.md

@@ -6,8 +6,6 @@ versions:
   feature: discussion-category-forms
 ---
 
-{% data reusables.discussions.discussion-category-forms-beta %}
-
 ## About YAML syntax for discussion category forms
 
 You can create custom discussion category forms by adding a YAML form definition file to the `/.github/DISCUSSION_TEMPLATE/` folder in your repository. {% data reusables.actions.learn-more-about-yaml %} 

content/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically.md

@@ -75,4 +75,6 @@ Once you have duplicated a workflow, you can click **Edit** to start making chan
 ## Further reading
 
 * "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-items-in-your-project/archiving-items-from-your-project)"
+{%- ifversion projects-v2-workflows %}
 * "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)"
+{%- endif %}

content/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically.md

@@ -42,4 +42,6 @@ Projects also have a limit on the number of archived items they can contain. You
 ## Further reading
 
 * "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-items-in-your-project/archiving-items-from-your-project)"
+{%- ifversion projects-v2-workflows %}
 * "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/using-the-built-in-automations)"
+{%- endif %}

content/issues/tracking-your-work-with-issues/planning-and-tracking-work-for-your-team-or-project.md

@@ -14,7 +14,7 @@ topics:
 ## Introduction
 You can use {% data variables.product.prodname_dotcom %} repositories, issues, project boards, and other tools to plan and track your work, whether working on an individual project or cross-functional team.
 
-In this guide, you will learn how to create and set up a repository for collaborating with a group of people, create issue templates{% ifversion fpt or ghec %} and forms{% endif %}, open issues and use task lists to break down work, and establish a project board for organizing and tracking issues.
+In this guide, you will learn how to create and set up a repository for collaborating with a group of people, create issue templates{% ifversion issue-forms %} and forms{% endif %}, open issues and use task lists to break down work, and establish a project board for organizing and tracking issues.
 
 ## Creating a repository
 When starting a new project, initiative, or feature, the first step is to create a repository. Repositories contain all of your project's files and give you a place to collaborate with others and manage your work. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository)."
@@ -47,7 +47,7 @@ You can use issues to track the different types of work that your cross-function
 - Feature requests: Your team or users can create issues to request an improvement to your product or project.
 - Bugs: Your team or users can create issues to report a bug.
 
-Depending on the type of repository and project you are working on, you may prioritize certain types of issues over others. Once you have identified the most common issue types for your team, you can create issue templates {% ifversion fpt or ghec %}and forms{% endif %} for your repository. Issue templates {% ifversion fpt or ghec %}and forms{% endif %} allow you to create a standardized list of templates that a contributor can choose from when they open an issue in your repository. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository)."
+Depending on the type of repository and project you are working on, you may prioritize certain types of issues over others. Once you have identified the most common issue types for your team, you can create issue templates {% ifversion issue-forms %}and forms{% endif %} for your repository. Issue templates {% ifversion issue-forms %}and forms{% endif %} allow you to create a standardized list of templates that a contributor can choose from when they open an issue in your repository. For more information, see "[AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository)."
 
 ### Issue template example
 Below we are creating an issue template for reporting a bug in Project Octocat.

content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization.md

@@ -25,8 +25,12 @@ By default, {% data variables.product.product_name %} does not display the sourc
 
 You are responsible for meeting any legal obligations that accompany the viewing or storage of IP addresses displayed within your organization's audit log.
 
+{% ifversion enterprise-audit-log-ip-addresses %}
+
 Alternatively, you can configure IP addresses at the enterprise level. For more information, see "[Displaying IP addresses in the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise)."
 
+{% endif %}
+
 {% data reusables.audit_log.users-agree-to-ip-collection %}
 
 After you enable the feature, you can access the audit log to view events that include IP addresses. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)."

content/packages/learn-github-packages/deleting-and-restoring-a-package.md

@@ -41,7 +41,7 @@ On {% data variables.product.prodname_dotcom %}, you can also restore an entire
 
 {% data reusables.package_registry.packages-classic-pat-only %}
 
-{% ifversion fpt or ghec %}
+{% ifversion packages-rest-api %}
 
 You can use the REST API to manage your packages. For more information, see the "[AUTOTITLE](/rest/packages)."
 
@@ -88,7 +88,7 @@ To delete a version of a {% ifversion packages-registries-v2 %}repository-scoped
 {% ifversion fpt or ghec or ghes %}
 ### Deleting a version of a {% ifversion packages-registries-v2 %}repository-scoped{% endif %} package with GraphQL
 
-{% data reusables.package_registry.about-graphql-support %}{% ifversion fpt or ghec %} For information on using the REST API instead, see the "[AUTOTITLE](/rest/packages)."{% endif %}
+{% data reusables.package_registry.about-graphql-support %}{% ifversion packages-rest-api %} For information on using the REST API instead, see the "[AUTOTITLE](/rest/packages)."{% endif %}
 
 Use the `deletePackageVersion` mutation in the GraphQL API. You must use a {% data variables.product.pat_v1 %} with the `read:packages`, `delete:packages`, and `repo` scopes. For more information about {% data variables.product.pat_v1_plural %}, see "[AUTOTITLE](/packages/learn-github-packages/introduction-to-github-packages#authenticating-to-github-packages)."
 

content/packages/learn-github-packages/introduction-to-github-packages.md

@@ -99,7 +99,7 @@ For more information about Docker and the {% data variables.product.prodname_con
 
 ## Managing packages
 
-You can delete a package in the {% data variables.product.product_name %} user interface{% ifversion fpt or ghec %} or using the REST API. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)" and the "[AUTOTITLE](/rest/packages)."{% else %}.{% endif %} {% data reusables.package_registry.about-graphql-support %}
+You can delete a package in the {% data variables.product.product_name %} user interface{% ifversion packages-rest-api %} or using the REST API. For more information, see "[AUTOTITLE](/packages/learn-github-packages/deleting-and-restoring-a-package)" and the "[AUTOTITLE](/rest/packages)."{% else %}.{% endif %} {% data reusables.package_registry.about-graphql-support %}
 
 When you use the GraphQL API to query and delete private packages, you must use the same {% data variables.product.pat_v1 %} you use to authenticate to {% data variables.product.prodname_registry %}.
 

content/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry.md

@@ -44,10 +44,14 @@ After a Docker image has been migrated to the {% data variables.product.prodname
 
 {% data reusables.package_registry.container-registry-migration-namespaces %}
 
-{% ifversion fpt or ghec %}
+{% ifversion packages-rest-api %}
 
 After migration, you'll no longer be able to use the GraphQL API to query for packages with a `PackageType` of "DOCKER". Instead, you can use the REST API to query for packages with a `package_type` of "container". For more information, see "[AUTOTITLE](/rest/packages)" in the REST API documentation.
 
+{% endif %}
+
+{% ifversion fpt or ghec %}
+
 ## About billing for {% data variables.product.prodname_container_registry %}
 
 For more information about billing for the {% data variables.product.prodname_container_registry %}, see "[AUTOTITLE](/billing/managing-billing-for-github-packages/about-billing-for-github-packages)."

content/rest/dependency-graph/sboms.md

@@ -1,10 +1,13 @@
 ---
 title: Software bill of materials (SBOM)
 shortTitle: Software bill of materials (SBOM)
-intro: 'Use the REST API to export the software bill of materials (SBOM) for a repository.'
+intro: >-
+  Use the REST API to export the software bill of materials (SBOM) for a
+  repository.
 versions:
   fpt: '*'
   ghec: '*'
+  ghes: '>=3.9'
 topics:
   - API
 autogenerated: rest

content/rest/enterprise-admin/index.md

@@ -22,14 +22,15 @@ children:
   - /global-webhooks
   - /ldap
   - /license
+  - /manage-ghes
   - /management-console
   - /org-pre-receive-hooks
   - /orgs
   - /pre-receive-environments
   - /pre-receive-hooks
   - /repo-pre-receive-hooks
-  - /users
   - /scim
+  - /users
 autogenerated: rest
 ---
 

content/rest/enterprise-admin/manage-ghes.md

@@ -0,0 +1,29 @@
+---
+title: Manage GitHub Enterprise Server
+allowTitleToDifferFromFilename: true
+shortTitle: Manage GHES
+intro: >-
+  Use the REST API to manage your {% data variables.product.product_name %}
+  instance.
+versions:
+  ghes: '>=3.9'
+topics:
+  - API
+autogenerated: rest
+---
+
+## About the Manage {% data variables.product.prodname_ghe_server %} API
+
+You can manage {% data variables.location.product_location %} using the Manage {% data variables.product.prodname_ghe_server %} API. For example, you can retrieve information about the version of the {% data variables.product.prodname_ghe_server %} software running on the instance, or on instances with multiple nodes, view the status of replication.
+
+Specify the port number when making API calls to endpoints for the Manage {% data variables.product.prodname_ghe_server %} API. If your instance uses TLS, the port number is 8443. Otherwise, the port number is 8080. If you cannot provide a port number, you'll need to configure your client to automatically follow redirects. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-tls)."
+
+### Authentication
+
+To authenticate requests to endpoints for the Manage {% data variables.product.prodname_ghe_server %} API, specify the password for the instance's root site administrator account as an authentication token. Use standard HTTP authentication to send the password. The `api_key` user identifies the root site administrator. The following example demonstrates authentication for this API. Replace ROOT-SITE-ADMINISTRATOR-PASSWORD with the password, and ADMINISTRATION-PORT with either 8442 or 8080.
+
+```shell
+curl -L -u "api_key:ROOT-SITE-ADMINISTRATOR-PASSWORD" 'http(s)://HOSTNAME:ADMINISTRATION-PORT/manage'
+```
+
+<!-- Content after this section is automatically generated -->

content/rest/overview/endpoints-available-for-fine-grained-personal-access-tokens.md

@@ -628,24 +628,24 @@ shortTitle: 'Endpoints for fine-grained PATs'
 {% ifversion fpt or ghec %}- [`DELETE /orgs/{org}/invitations/{invitation_id}`](/rest/orgs#cancel-an-organization-invitation){% endif %}
 {% ifversion fpt or ghec %}- [`GET /orgs/{org}/invitations/{invitation_id}/teams`](/rest/orgs#list-organization-invitation-teams){% endif %}
 
-{% ifversion fpt or ghec %}
+{% ifversion packages-rest-api %}
 
 ## packages
-{% ifversion fpt or ghec %}- [`GET /orgs/{org}/packages`](/rest/packages#list-packages-for-an-organization){% endif %}
-{% ifversion fpt or ghec %}- [`GET /orgs/{org}/packages/{package_type}/{package_name}`](/rest/packages#get-a-package-for-an-organization){% endif %}
-{% ifversion fpt or ghec %}- [`DELETE /orgs/{org}/packages/{package_type}/{package_name}`](/rest/packages#delete-a-package-for-an-organization){% endif %}
-{% ifversion fpt or ghec %}- [`GET /orgs/{org}/packages/{package_type}/{package_name}/versions`](/rest/packages#get-all-package-versions-for-a-package-owned-by-an-organization){% endif %}
-{% ifversion fpt or ghec %}- [`GET /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}`](/rest/packages#get-a-package-version-for-an-organization){% endif %}
-{% ifversion fpt or ghec %}- [`GET /user/packages`](/rest/packages#list-packages-for-the-authenticated-user){% endif %}
-{% ifversion fpt or ghec %}- [`GET /user/packages/{package_type}/{package_name}`](/rest/packages#get-a-package-for-the-authenticated-user){% endif %}
-{% ifversion fpt or ghec %}- [`DELETE /user/packages/{package_type}/{package_name}`](/rest/packages#delete-a-package-for-the-authenticated-user){% endif %}
-{% ifversion fpt or ghec %}- [`GET /user/packages/{package_type}/{package_name}/versions`](/rest/packages#get-all-package-versions-for-a-package-owned-by-the-authenticated-user){% endif %}
-{% ifversion fpt or ghec %}- [`GET /user/packages/{package_type}/{package_name}/versions/{package_version_id}`](/rest/packages#get-a-package-version-for-the-authenticated-user){% endif %}
-{% ifversion fpt or ghec %}- [`GET /users/{username}/packages`](/rest/packages#list-packages-for-user){% endif %}
-{% ifversion fpt or ghec %}- [`GET /users/{username}/packages/{package_type}/{package_name}`](/rest/packages#get-a-package-for-a-user){% endif %}
-{% ifversion fpt or ghec %}- [`DELETE /users/{username}/packages/{package_type}/{package_name}`](/rest/packages#delete-a-package-for-a-user){% endif %}
-{% ifversion fpt or ghec %}- [`GET /users/{username}/packages/{package_type}/{package_name}/versions`](/rest/packages#get-all-package-versions-for-a-package-owned-by-a-user){% endif %}
-{% ifversion fpt or ghec %}- [`GET /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}`](/rest/packages#get-a-package-version-for-a-user){% endif %}
+{% ifversion packages-rest-api %}- [`GET /orgs/{org}/packages`](/rest/packages#list-packages-for-an-organization){% endif %}
+{% ifversion packages-rest-api %}- [`GET /orgs/{org}/packages/{package_type}/{package_name}`](/rest/packages#get-a-package-for-an-organization){% endif %}
+{% ifversion packages-rest-api %}- [`DELETE /orgs/{org}/packages/{package_type}/{package_name}`](/rest/packages#delete-a-package-for-an-organization){% endif %}
+{% ifversion packages-rest-api %}- [`GET /orgs/{org}/packages/{package_type}/{package_name}/versions`](/rest/packages#get-all-package-versions-for-a-package-owned-by-an-organization){% endif %}
+{% ifversion packages-rest-api %}- [`GET /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}`](/rest/packages#get-a-package-version-for-an-organization){% endif %}
+{% ifversion packages-rest-api %}- [`GET /user/packages`](/rest/packages#list-packages-for-the-authenticated-user){% endif %}
+{% ifversion packages-rest-api %}- [`GET /user/packages/{package_type}/{package_name}`](/rest/packages#get-a-package-for-the-authenticated-user){% endif %}
+{% ifversion packages-rest-api %}- [`DELETE /user/packages/{package_type}/{package_name}`](/rest/packages#delete-a-package-for-the-authenticated-user){% endif %}
+{% ifversion packages-rest-api %}- [`GET /user/packages/{package_type}/{package_name}/versions`](/rest/packages#get-all-package-versions-for-a-package-owned-by-the-authenticated-user){% endif %}
+{% ifversion packages-rest-api %}- [`GET /user/packages/{package_type}/{package_name}/versions/{package_version_id}`](/rest/packages#get-a-package-version-for-the-authenticated-user){% endif %}
+{% ifversion packages-rest-api %}- [`GET /users/{username}/packages`](/rest/packages#list-packages-for-user){% endif %}
+{% ifversion packages-rest-api %}- [`GET /users/{username}/packages/{package_type}/{package_name}`](/rest/packages#get-a-package-for-a-user){% endif %}
+{% ifversion packages-rest-api %}- [`DELETE /users/{username}/packages/{package_type}/{package_name}`](/rest/packages#delete-a-package-for-a-user){% endif %}
+{% ifversion packages-rest-api %}- [`GET /users/{username}/packages/{package_type}/{package_name}/versions`](/rest/packages#get-all-package-versions-for-a-package-owned-by-a-user){% endif %}
+{% ifversion packages-rest-api %}- [`GET /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}`](/rest/packages#get-a-package-version-for-a-user){% endif %}
 
 {% endif %}
 

content/rest/packages.md

@@ -4,8 +4,7 @@ intro: >-
   Use the REST API to interact with {% data variables.product.prodname_registry
   %}.
 versions:
-  fpt: '*'
-  ghec: '*'
+  feature: packages-rest-api
 topics:
   - API
 redirect_from:
@@ -24,7 +23,8 @@ To use the REST API to manage {% data variables.product.prodname_registry %}, yo
 
 If your package is in a registry that supports granular permissions, then your token does not need the `repo` scope to access or manage this package. If your package is in a registry that only supports repository-scoped permissions, then your token must also include the `repo` scope since your package inherits permissions from a {% data variables.product.prodname_dotcom %} repository. For a list of registries that only support repository-scoped permissions, see "[AUTOTITLE](/packages/learn-github-packages/about-permissions-for-github-packages#permissions-for-repository-scoped-packages)."
 
-To access resources in an organization with SSO enabled, you must enable SSO for your {% data variables.product.pat_v1 %}. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on){% ifversion fpt %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
-
+{% ifversion ghec %}
+To access resources in an organization with SSO enabled, you must enable SSO for your {% data variables.product.pat_v1 %}. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)."
+{% endif %}
 
 <!-- Content after this section is automatically generated -->

content/rest/users/social-accounts.md

@@ -4,6 +4,7 @@ intro: Use the REST API to manage social accounts of authenticated users.
 versions:
   fpt: '*'
   ghec: '*'
+  ghes: '>=3.9'
 topics:
   - API
 autogenerated: rest

data/features/actions-server-statistics.yml

@@ -0,0 +1,2 @@
+versions:
+  ghes: '>=3.9'

data/features/bundle-cli-syntax-no-quotes.yml

@@ -0,0 +1,5 @@
+# Reference: #10290
+# Improved syntax for specifying log intervals for collection when using the ghe-support-bundle and ghe-cluster-support-bundle CLI utilities
+
+versions:
+  ghes: '>=3.9'

data/features/cluster-rebalancing.yml

@@ -0,0 +1,2 @@
+versions:
+  ghes: '>3.8'

data/features/dependabot-alerts-ghes-enablement.yml

@@ -0,0 +1,4 @@
+# Reference: issue #8959
+# Dependabot Alerts enablement at the repo, org and enterprise level for GHES
+versions:
+  ghes: '>= 3.9'

data/features/discussion-category-forms.yml

@@ -3,5 +3,5 @@
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>=3.8'
-  ghae: '>=3.8'
+  ghes: '>=3.9'
+  ghae: '>=3.9'

data/features/display-ip-org-audit-log.yml

@@ -1,3 +1,4 @@
 versions:
   fpt: '*'
   ghec: '*'
+  ghes: '>=3.9'

data/features/enterprise-manage-organization-members.yml

@@ -2,5 +2,3 @@
 # Documentation for organization invitation enhancements
 versions:
   ghec: '*'
-  ghes: '>=3.9'
-  ghae: '>=3.9'

data/features/ghas-billing-table-ui-update.yml

@@ -1,4 +1,2 @@
 versions:
   ghec: '*'
-  ghes: '>3.8'
-  ghae: '>3.8'

data/features/ghe-migrations-cli-utility.yml

@@ -0,0 +1,5 @@
+# Reference: #9926
+# ghe-migrations CLI utility
+
+versions:
+  ghes: '>=3.9'

data/features/ghe-spokes-deprecation-phase-1.yml

@@ -0,0 +1,4 @@
+# Reference: releases#3055
+# Description: First batch of subcommands of ghe-spokes which have been replaced by ghe-spokesctl
+versions:
+  ghes: '>=3.9'

data/features/issue-forms.yml

@@ -0,0 +1,6 @@
+# Issue forms
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>=3.9'
+  ghae: '>=3.9'

data/features/management-console-events-audit-log.yml

@@ -0,0 +1,5 @@
+# Reference: #9846
+# Management Console events in the enterprise audit log
+
+versions:
+  ghes: '>=3.9'

data/features/mysql-8-upgrade.yml

@@ -0,0 +1,5 @@
+# Reference: #10286
+# MySQL 8 upgrade for GHES
+
+versions:
+  ghes: '>=3.7 <=3.10'

data/features/node-eligibility-service.yml

@@ -0,0 +1,2 @@
+versions:
+  ghes: '>3.8'

data/features/opentelemetry-and-otel-log-migration-phase-1.yml

@@ -0,0 +1,5 @@
+# Reference: #9558
+# First batch of migrations to semantic log emission for monolith
+
+versions:
+  ghes: '>=3.9'

data/features/organization-invitation-enhancements.yml

@@ -3,5 +3,3 @@
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>=3.9'
-  ghae: '>=3.9'

data/features/packages-rest-api.yml

@@ -0,0 +1,6 @@
+# Feature flag for versions that include the Packages REST API
+# Content issue: 9325
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>=3.9'

data/features/pat-v2-enterprise.yml

@@ -3,5 +3,5 @@
 # PAT v2
 versions:
   ghec: '*'
-  ghes: '>=3.9'
-  ghae: '>=3.9'
+  ghes: '>=3.10'
+  ghae: '>=3.10'

data/features/pat-v2.yml

@@ -3,5 +3,5 @@
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>=3.9'
-  ghae: '>=3.9'
+  ghes: '>=3.10'
+  ghae: '>=3.10'

data/features/profile-pronouns.yml

@@ -0,0 +1,6 @@
+# Reference: #9659
+# Pronouns in user profiles
+
+versions:
+  fpt: '*'
+  ghec: '*'

data/features/projects-v2-colorful-selects.yml

@@ -3,3 +3,4 @@
 versions:
   fpt: '*'
   ghec: '*'
+  ghes: '>=3.9'

data/features/projects-v2-column-visibility.yml

@@ -2,3 +2,4 @@
 versions:
   fpt: '*'
   ghec: '*'
+  ghes: '>=3.9'

data/features/projects-v2-copy-a-project.yml

@@ -2,3 +2,4 @@
 versions:
   fpt: '*'
   ghec: '*'
+  ghes: '>=3.9'

data/features/projects-v2-numeric-summary.yml

@@ -2,3 +2,4 @@
 versions:
   fpt: '*'
   ghec: '*'
+  ghes: '>=3.9'

data/features/projects-v2-webhooks.yml

@@ -2,3 +2,4 @@
 versions:
   fpt: '*'
   ghec: '*'
+  ghes: '>=3.9'

data/features/projects-v2-workflows-ui-refresh.yml

@@ -2,4 +2,4 @@
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>=3.10'
+  ghes: '>=3.9'

data/features/projects-v2-workflows.yml

@@ -2,3 +2,4 @@
 versions:
   fpt: '*'
   ghec: '*'
+  ghes: '>=3.9'

data/features/replication-management-api.yml

@@ -0,0 +1,5 @@
+# Replication management API for GHES.
+# Reference: #9931
+
+versions:
+  ghes: '> 3.8'

data/features/security-advisories-credit-types.yml

@@ -3,4 +3,3 @@
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>=3.9'

data/features/team-discussions-migration.yml

@@ -1,4 +1,4 @@
 # Reference: #8869
 # Team Discussions migration and eventual deprecation announcement (for GHES - already deprecated for Dotcom and GHEC)
 versions:
-  ghes: '>3.8'
+  ghes: '>3.9'

data/graphql/ghes-3.9/graphql_previews.enterprise.yml

@@ -0,0 +1,138 @@
+- title: Access to package version deletion
+  description: >-
+    This preview adds support for the DeletePackageVersion mutation which
+    enables deletion of private package versions.
+  toggled_by: ':package-deletes-preview'
+  announcement: null
+  updates: null
+  toggled_on:
+    - Mutation.deletePackageVersion
+  owning_teams:
+    - '@github/pe-package-registry'
+- title: Deployments
+  description: >-
+    This preview adds support for deployments mutations and new deployments
+    features.
+  toggled_by: ':flash-preview'
+  announcement: null
+  updates: null
+  toggled_on:
+    - DeploymentStatus.environment
+    - Mutation.createDeploymentStatus
+    - CreateDeploymentStatusInput
+    - CreateDeploymentStatusPayload
+    - Mutation.createDeployment
+    - CreateDeploymentInput
+    - CreateDeploymentPayload
+  owning_teams:
+    - '@github/c2c-actions-service'
+- title: >-
+    MergeInfoPreview - More detailed information about a pull request's merge
+    state.
+  description: >-
+    This preview adds support for accessing fields that provide more detailed
+    information about a pull request's merge state.
+  toggled_by: ':merge-info-preview'
+  announcement: null
+  updates: null
+  toggled_on:
+    - PullRequest.canBeRebased
+    - PullRequest.mergeStateStatus
+  owning_teams:
+    - '@github/pe-pull-requests'
+- title: UpdateRefsPreview - Update multiple refs in a single operation.
+  description: This preview adds support for updating multiple refs in a single operation.
+  toggled_by: ':update-refs-preview'
+  announcement: null
+  updates: null
+  toggled_on:
+    - Mutation.updateRefs
+    - GitRefname
+    - RefUpdate
+    - UpdateRefsInput
+    - UpdateRefsPayload
+  owning_teams:
+    - '@github/reponauts'
+- title: Access to a Repository's Dependency Graph
+  description: This preview adds support for reading a dependency graph for a repository.
+  toggled_by: ':hawkgirl-preview'
+  announcement: null
+  updates: null
+  toggled_on:
+    - DependencyGraphManifest
+    - Repository.dependencyGraphManifests
+    - DependencyGraphManifestEdge
+    - DependencyGraphManifestConnection
+    - DependencyGraphDependency
+    - DependencyGraphDependencyEdge
+    - DependencyGraphDependencyConnection
+    - DependencyGraphPackageRelease.dependencies
+  owning_teams:
+    - '@github/dependency-graph'
+- title: Project Event Details
+  description: >-
+    This preview adds project, project card, and project column details to
+    project-related issue events.
+  toggled_by: ':starfox-preview'
+  announcement: null
+  updates: null
+  toggled_on:
+    - AddedToProjectEvent.project
+    - AddedToProjectEvent.projectCard
+    - AddedToProjectEvent.projectColumnName
+    - ConvertedNoteToIssueEvent.project
+    - ConvertedNoteToIssueEvent.projectCard
+    - ConvertedNoteToIssueEvent.projectColumnName
+    - MovedColumnsInProjectEvent.project
+    - MovedColumnsInProjectEvent.projectCard
+    - MovedColumnsInProjectEvent.projectColumnName
+    - MovedColumnsInProjectEvent.previousProjectColumnName
+    - RemovedFromProjectEvent.project
+    - RemovedFromProjectEvent.projectColumnName
+  owning_teams:
+    - '@github/github-projects'
+- title: Labels Preview
+  description: >-
+    This preview adds support for adding, updating, creating and deleting
+    labels.
+  toggled_by: ':bane-preview'
+  announcement: null
+  updates: null
+  toggled_on:
+    - Mutation.createLabel
+    - CreateLabelPayload
+    - CreateLabelInput
+    - Mutation.deleteLabel
+    - DeleteLabelPayload
+    - DeleteLabelInput
+    - Mutation.updateLabel
+    - UpdateLabelPayload
+    - UpdateLabelInput
+  owning_teams:
+    - '@github/pe-pull-requests'
+- title: Import Project
+  description: This preview adds support for importing projects.
+  toggled_by: ':slothette-preview'
+  announcement: null
+  updates: null
+  toggled_on:
+    - Mutation.importProject
+  owning_teams:
+    - '@github/pe-issues-projects'
+- title: Team Review Assignments Preview
+  description: >-
+    This preview adds support for updating the settings for team review
+    assignment.
+  toggled_by: ':stone-crop-preview'
+  announcement: null
+  updates: null
+  toggled_on:
+    - Mutation.updateTeamReviewAssignment
+    - UpdateTeamReviewAssignmentInput
+    - TeamReviewAssignmentAlgorithm
+    - Team.reviewRequestDelegationEnabled
+    - Team.reviewRequestDelegationAlgorithm
+    - Team.reviewRequestDelegationMemberCount
+    - Team.reviewRequestDelegationNotifyTeam
+  owning_teams:
+    - '@github/pe-pull-requests'

data/graphql/ghes-3.9/graphql_upcoming_changes.public-enterprise.yml

@@ -0,0 +1,283 @@
+---
+upcoming_changes:
+  - location: LegacyMigration.uploadUrlTemplate
+    description: '`uploadUrlTemplate` will be removed. Use `uploadUrl` instead.'
+    reason:
+      '`uploadUrlTemplate` is being removed because it is not a standard URL and
+      adds an extra user step.'
+    date: '2019-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: tambling
+  - location: AssignedEvent.user
+    description: '`user` will be removed. Use the `assignee` field instead.'
+    reason: Assignees can now be mannequins.
+    date: '2020-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: tambling
+  - location: UnassignedEvent.user
+    description: '`user` will be removed. Use the `assignee` field instead.'
+    reason: Assignees can now be mannequins.
+    date: '2020-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: tambling
+  - location: Issue.timeline
+    description: '`timeline` will be removed. Use Issue.timelineItems instead.'
+    reason: '`timeline` will be removed'
+    date: '2020-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: mikesea
+  - location: PullRequest.timeline
+    description: '`timeline` will be removed. Use PullRequest.timelineItems instead.'
+    reason: '`timeline` will be removed'
+    date: '2020-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: mikesea
+  - location: MergeStateStatus.DRAFT
+    description: '`DRAFT` will be removed. Use PullRequest.isDraft instead.'
+    reason:
+      DRAFT state will be removed from this enum and `isDraft` should be used
+      instead
+    date: '2021-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: nplasterer
+  - location: PackageType.DOCKER
+    description: '`DOCKER` will be removed.'
+    reason:
+      DOCKER will be removed from this enum as this type will be migrated to only
+      be used by the Packages REST API.
+    date: '2021-06-21'
+    criticality: breaking
+    owner: reybard
+  - location: ReactionGroup.users
+    description: '`users` will be removed. Use the `reactors` field instead.'
+    reason: Reactors can now be mannequins, bots, and organizations.
+    date: '2021-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: synthead
+  - location: AddPullRequestToMergeQueueInput.branch
+    description: '`branch` will be removed.'
+    reason:
+      PRs are added to the merge queue for the base branch, the `branch` argument
+      is now a no-op
+    date: '2022-07-01T00:00:00+00:00'
+    criticality: breaking
+    owner: jhunschejones
+  - location: DependencyGraphDependency.packageLabel
+    description:
+      '`packageLabel` will be removed. Use normalized `packageName` field
+      instead.'
+    reason: '`packageLabel` will be removed.'
+    date: '2022-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: github/dependency_graph
+  - location: RemovePullRequestFromMergeQueueInput.branch
+    description: '`branch` will be removed.'
+    reason:
+      PRs are removed from the merge queue for the base branch, the `branch` argument
+      is now a no-op
+    date: '2022-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: jhunschejones
+  - location: RepositoryVulnerabilityAlert.fixReason
+    description: '`fixReason` will be removed.'
+    reason:
+      The `fixReason` field is being removed. You can still use `fixedAt` and
+      `dismissReason`.
+    date: '2022-10-01T00:00:00+00:00'
+    criticality: breaking
+    owner: jamestran201
+  - location: Commit.changedFiles
+    description: '`changedFiles` will be removed. Use `changedFilesIfAvailable` instead.'
+    reason: '`changedFiles` will be removed.'
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: adamshwert
+  - location: ProjectNextFieldType.ASSIGNEES
+    description:
+      '`ASSIGNEES` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectNextFieldType.DATE
+    description:
+      '`DATE` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectNextFieldType.ITERATION
+    description:
+      '`ITERATION` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectNextFieldType.LABELS
+    description:
+      '`LABELS` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectNextFieldType.LINKED_PULL_REQUESTS
+    description:
+      '`LINKED_PULL_REQUESTS` will be removed. Follow the ProjectV2 guide
+      at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectNextFieldType.MILESTONE
+    description:
+      '`MILESTONE` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectNextFieldType.NUMBER
+    description:
+      '`NUMBER` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectNextFieldType.REPOSITORY
+    description:
+      '`REPOSITORY` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectNextFieldType.REVIEWERS
+    description:
+      '`REVIEWERS` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectNextFieldType.SINGLE_SELECT
+    description:
+      '`SINGLE_SELECT` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectNextFieldType.TEXT
+    description:
+      '`TEXT` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectNextFieldType.TITLE
+    description:
+      '`TITLE` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectNextFieldType.TRACKED_BY
+    description:
+      '`TRACKED_BY` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectNextFieldType.TRACKS
+    description:
+      '`TRACKS` will be removed. Follow the ProjectV2 guide at https://github.blog/changelog/2022-06-23-the-new-github-issues-june-23rd-update/,
+      to find a suitable replacement.'
+    reason:
+      The `ProjectNext` API is deprecated in favour of the more capable `ProjectV2`
+      API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: lukewar
+  - location: ProjectV2View.visibleFields
+    description:
+      '`visibleFields` will be removed. Check out the `ProjectV2View#fields`
+      API as an example for the more capable alternative.'
+    reason:
+      The `ProjectV2View#visibleFields` API is deprecated in favour of the more
+      capable `ProjectV2View#fields` API.
+    date: '2023-01-01T00:00:00+00:00'
+    criticality: breaking
+    owner: mattruggio
+  - location: ProjectV2View.groupBy
+    description:
+      '`groupBy` will be removed. Check out the `ProjectV2View#group_by_fields`
+      API as an example for the more capable alternative.'
+    reason:
+      The `ProjectV2View#order_by` API is deprecated in favour of the more capable
+      `ProjectV2View#group_by_field` API.
+    date: '2023-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: alcere
+  - location: ProjectV2View.sortBy
+    description:
+      '`sortBy` will be removed. Check out the `ProjectV2View#sort_by_fields`
+      API as an example for the more capable alternative.'
+    reason:
+      The `ProjectV2View#sort_by` API is deprecated in favour of the more capable
+      `ProjectV2View#sort_by_fields` API.
+    date: '2023-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: traumverloren
+  - location: ProjectV2View.verticalGroupBy
+    description:
+      '`verticalGroupBy` will be removed. Check out the `ProjectV2View#vertical_group_by_fields`
+      API as an example for the more capable alternative.'
+    reason:
+      The `ProjectV2View#vertical_group_by` API is deprecated in favour of the
+      more capable `ProjectV2View#vertical_group_by_fields` API.
+    date: '2023-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: traumverloren
+  - location: Repository.squashPrTitleUsedAsDefault
+    description:
+      '`squashPrTitleUsedAsDefault` will be removed. Use `Repository.squashMergeCommitTitle`
+      instead.'
+    reason: '`squashPrTitleUsedAsDefault` will be removed.'
+    date: '2023-04-01T00:00:00+00:00'
+    criticality: breaking
+    owner: github/pull_requests

data/release-notes/enterprise-server/3-9/0-rc1.yml

@@ -0,0 +1,429 @@
+date: '2023-06-08'
+release_candidate: true
+deprecated: false
+intro: |
+  {% note %}
+
+  **Note:** Release candidate (RC) builds are intended solely for use in a test environment. If {% data variables.location.product_location %} is running an RC, you cannot upgrade to the general availability (GA) release. You also cannot upgrade with a hotpatch.
+
+  {% endnote %}
+
+  For upgrade instructions, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server)."
+sections:
+  features:
+    - heading: Instance administration
+      notes:
+        # https://github.com/github/releases/issues/3019
+        - |
+          To improve security posture and protect data from threats, enterprise owners can see user activity from the Management Console within the enterprise audit log, including events from the UI, API, and administrative SSH access. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#management_console-category-actions)."
+
+        # https://github.com/github/releases/issues/3053
+        - |
+          During an upgrade of an instance to a new release, people with administrative SSH access to the instance can monitor the progress of routine migrations using the `ghe-migrations` utility. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-migrations)."
+
+        # https://github.com/github/releases/issues/3054
+        - |
+          On an instance with multiple nodes, site administrators can use the Manage GitHub Enterprise Server API to monitor the health of replication. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/monitoring-a-high-availability-configuration)."
+
+        # https://github.com/github/releases/issues/3097
+        - |
+          On an instance in a cluster configuration, administrators can ensure a balanced distribution of jobs across nodes by using the `ghe-cluster-rebalance` utility. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/rebalancing-cluster-workloads)."
+
+        # https://github.com/github/releases/issues/3096
+        - |
+          On an instance in a cluster configuration, administrators can proactively monitor the health of individual nodes and control the reintroduction of unhealthy nodes into the cluster using Node Eligibility Service. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/monitoring-the-health-of-your-cluster-nodes-with-node-eligibility-service)."
+
+    - heading: Identity and access management
+      notes:
+        # https://github.com/github/releases/issues/3019
+        - |
+          On an instance configured for SAML SSO, enterprise owners can review information about the Identity Provider (IdP) configured for user authentication using the GraphQL API. The personal access token (PAT) used to authenticate requests to this API requires the `read:enterprise` scope. Previously, the PAT required the `admin:enterprise` scope. For more information, see "[AUTOTITLE](/graphql/reference/objects#enterpriseidentityprovider)" in the GraphQL API documentation.
+
+    - heading: Authentication
+      notes:
+        # https://github.com/github/releases/issues/2833
+        - |
+          For an instance or organization with 2FA enabled, users can configure a 2FA method to be a preferred method. Users can also update 2FA methods from `http(s)://HOSTNAME/settings/security`. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)" and "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-preferred-two-factor-authentication-method)."
+
+    - heading: REST API
+      notes:
+        # https://github.com/github/releases/issues/2022
+        - |
+          To provide API integrators a smooth migration path and time to update integrations after GitHub makes occasional breaking changes, the REST API now uses calendar-based versioning. GitHub Enterprise Server 3.9 provides version `2022-11-28` of the REST API. For more information, see "[AUTOTITLE](/rest/overview/api-versions?apiVersion=2022-11-28)" in the REST API documentation.
+
+    - heading: GitHub Connect
+      notes:
+        # https://github.com/github/releases/issues/2783
+        - |
+          Enterprise owners who configure Server Statistics on an instance with GitHub Actions enabled will transmit usage metrics related to GitHub Actions. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics#server-statistics-data-collected)."
+
+    - heading: GitHub Advanced Security
+      notes:
+        # https://github.com/github/releases/issues/2452
+        - |
+          To more easily discover potential security or quality issues in code, users can configure code scanning directly through the web interface without adding a GitHub Actions workflow to the repository. This feature finds and sets up the best CodeQL configuration for the repository, detecting supported languages and enabling CodeQL analysis for every pull request and every push to the default branch and any protected branches. Analysis of JavaScript (including TypeScript), Python, and Ruby code, are currently supported. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically)."
+
+        # https://github.com/github/releases/issues/2888
+        - |
+          To simplify the configuration of code scanning, organization owners can enable code scanning for all eligible repositories in an organization using a default configuration, either via the web interface or REST API. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale)" and "[AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#enable-or-disable-a-security-feature-for-an-organization)" in the REST API documentation.
+
+        # https://github.com/github/releases/issues/2845
+        - |
+          To ensure that relevant alerts remain visible and actionable, users can manually remove stale alerts from code scanning. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch)."
+
+        # https://github.com/github/releases/issues/2796
+        - |
+          To better understand the status of CodeQL and other code scanning tools for a repository, and to help troubleshoot, users can review the tool status page. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page)."
+
+        # https://github.com/github/releases/issues/2943
+        - |
+          To customize the behavior of code scanning on a per-repository basis, repository administrators can configure what severity levels for code scanning alerts will cause checks in a pull request to fail. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests#code-scanning-results-check-failures)."
+
+        # https://github.com/github/releases/issues/2699
+        # https://github.com/github/releases/issues/2800
+        - |
+          To protect repositories from pushes that contain custom secret scanning patterns defined at the enterprise, organization, or repository level, users can enable push protection for those patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
+
+        # https://github.com/github/releases/issues/2794
+        - |
+          Organization owners can view the enablement status of security features for the organization's repositories using the REST API. The endpoint provides details for GitHub Advanced Security, secret scanning, and push protection. For more information, see "[Repositories](/rest/repos/repos?apiVersion=2022-11-28#list-organization-repositories)" in the REST API documentation.
+
+        # https://github.com/github/releases/issues/2840
+        - |
+          Repository administrators can programmatically enable code scanning with a default CodeQL configuration using the REST API.  For more information, see the following documentation.
+
+          - "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically)"
+          - "[Get the code scanning default setup configuration](/rest/code-scanning#get-a-code-scanning-default-setup-configuration)" in the Code Scanning REST API documentation
+          - "[Update the code scanning default setup configuration](/rest/code-scanning#update-a-code-scanning-default-setup-configuration)" in the Code Scanning REST API documentation
+
+    - heading: Dependabot
+      notes:
+        # https://github.com/github/releases/issues/2976
+        - |
+          To improve the security of GitHub Actions workflows that pin references, Dependabot can update the versioning for calls to reusable workflows within workflow files. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)."
+
+        # https://github.com/github/releases/issues/2911
+        - |
+          On an instance with GitHub Actions and the dependency graph enabled, as well as automatic access to GitHub.com actions using GitHub Connect, the web interface will suggest submission actions within a repository with supported languages. For more information, see the following documentation.
+          
+          - "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)"
+          - "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises)"
+          - "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)"
+          
+          For repositories that use a language that has a submission action, when users with write access visit their dependency graph (this page), we will show them a prompt that directs them to the Marketplace to find an action that would help them.
+
+        # https://github.com/github/releases/issues/3007
+        - |
+          To improve the security of projects that use npm v9, the dependency graph and Dependabot can parse and update `package-lock.json` files that specify `lockfileVersion: 3`. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)," "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)," and [`lockfileVersion`](https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json#lockfileversion) in the npm documentation.
+
+        # https://github.com/github/releases/issues/2980
+        - |
+          To improve the security of Gradle projects, the dependency graph and Dependabot can parse and update Gradle version catalogs in `settings.gradle`.  For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)" and [Sharing dependency versions between projects](https://docs.gradle.org/current/userguide/platforms.html) in the Gradle User Manual.
+
+        # https://github.com/github/releases/issues/2806
+        - |
+          To ensure that users receive the most relevant and actionable alerts about dependency updates, repository administrators and organization owners can enable or disable Dependabot alerts for an individual repository or organization. For more information, see "[AUTOTITLE](/code-security/getting-started/securing-your-repository#managing-dependabot-alerts)" or "[AUTOTITLE](/code-security/getting-started/securing-your-organization#managing-dependabot-alerts-and-the-dependency-graph)."
+
+        # https://github.com/github/releases/issues/2601
+        - |
+          If people with access to a repository do not interact with Dependabot security updates for over 90 days, Dependabot will pause automated pull request activity. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)."
+
+        # https://github.com/github/releases/issues/3068
+        - |
+          To help users evaluate the stability risk of a dependency update, Dependabot can fetch release notes, changelogs, and commit history in pull requests that update Docker dependencies. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#docker)."
+
+        # https://github.com/github/releases/issues/2873
+        - |
+          To assist with software security and supply chain risk management, people with read access to a repository can export a software bill of materials (SBOM) for a repository's dependency graph using the web interface or REST API. The SBOM adheres to the SPDX 2.3 specification. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api#generating-and-submitting-a-software-bill-of-materials-sbom)," "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository)," and [The Software Package Data Exchange® (SPDX®) Specification Version 2.3](https://spdx.github.io/spdx-spec/v2.3/) on the SPDX website.
+
+        # https://github.com/github/releases/issues/2871
+        - |
+          The dependency graph can parse Python dependencies for `pyproject.toml` files that follow the PEP 621 standard. For more information,  see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)" and [PEP 621 – Storing project metadata in pyproject.toml](https://peps.python.org/pep-0621/) in the Index of Python Enhancement Proposals.
+
+        # https://github.com/github/releases/issues/3023
+        - |
+          Users can use the GraphQL API to review dependencies submitted using the Dependency submission API. For more information, see "[AUTOTITLE](/graphql/overview/schema-previews#access-to-a-repositorys-dependency-graph-preview)."
+
+    - heading: GitHub Actions
+      notes:
+        # https://github.com/github/releases/issues/3006
+        - |
+          On instances in a cluster configuration, GitHub Actions is available as a private beta. Beta features are subject to change. For more information, and to enroll in the beta, [contact your representative on GitHub's Sales team](https://github.com/enterprise/contact).
+
+        # https://github.com/github/releases/issues/2617
+        - |
+          Administrators of self-hosted runners for GitHub Actions can configure auto-scaling runners using Actions Runner Controller and runner scale sets. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller)."
+
+        # https://github.com/github/releases/issues/2896
+        - |
+          Administrators can bypass all protection rules for a given environment and force the pending jobs referencing the environment to proceed. For more information, see "[ AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment#allow-administrators-to-bypass-configured-protection-rules)."
+
+        # https://github.com/github/releases/issues/2801
+        - |
+          Users who deploy with OIDC can define more advanced access policies by including additional custom claims within a token. To help uniquely verify the source of a workflow job, include the following claims.
+
+          - `actor_id`
+          - `repository_id`
+          - `repository_owner_id`
+          - `workflow_ref`
+          - `workflow_sha`
+          - `job_workflow_sha`
+
+          For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments).
+
+        # https://github.com/github/releases/issues/2905
+        - |
+          To improve security for workflows that use `GITHUB_TOKEN`, the following defaults apply to new organizations and repositories.
+
+          - New organizations that users create inherit permissions from the instance's enterprise-level configuration. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#configuring-the-default-github_token-permissions)."
+          - New repositories that users create within an organization inherit permissions from the organization. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-default-github_token-permissions)."
+          - New user-owned repositories have a read-only `GITHUB_TOKEN`. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-default-github_token-permissions)."
+
+        # https://github.com/github/releases/issues/2979
+        - |
+          To allow workflow authors to pin a required workflow file to a fully validated version, required workflows can be referenced using any branch, tag, or commit SHA from the repository containing the workflow file. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#configuring-a-required-workflow-for-your-organization)."
+        - |
+          To enforce required workflows throughout an organization, GitHub Enterprise Server blocks direct pushes to branches where required workflows are enforced. To allow direct pushes for a particular repository, remove the repository as a target for the required workflow. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#configuring-a-required-workflow-for-your-organization)."
+
+        # https://github.com/github/releases/issues/2861
+        - |
+          To improve performance for workflows that build Go, caching is enabled by default when using the `setup-go` action. For more information, see "[AUTOTITLE](/actions/automating-builds-and-tests/building-and-testing-go#caching-dependencies)."
+
+    # IN PROGRESS
+    #- heading: GitHub Packages
+    # notes:
+    #   # https://github.com/github/releases/issues/2924
+    #   - |
+    #     Users can manage packages in repositories and organizations using the Packages REST API. For more information, see "[AUTOTITLE](/rest/packages?apiVersion=2022-11-28)" in the REST API documentation.
+
+    - heading: Organizations
+      notes:
+        # https://github.com/github/releases/issues/2986
+        - |
+          Organization owners can improve security posture and protect data from threats by enabling the display of organization members' IP addresses in audit log events. This feature is in beta and is subject to change. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/displaying-ip-addresses-in-the-audit-log-for-your-organization)."
+
+        # https://github.com/github/releases/issues/2916
+        - |
+          To allow the management of branch protection rules without granting admin access, organization owners can create a custom role with the "Edit repository rules" permission. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization)."
+
+        # https://github.com/github/releases/issues/2462
+        # https://github.com/github/releases/issues/2556
+        - |
+          Users of the REST API can programmatically create and update least-privilege roles for repositories using the Custom Repository Roles REST API. The API is generally available, with a breaking change to the API's endpoint paths. Previously, the API was accessible at `/orgs/{org}/custom_roles`, and is now accessible at `/orgs/{org}/custom-repository-roles`. The [List custom repository roles in an organization](/rest/orgs/custom-roles#list-custom-repository-roles-in-an-organization will no longer be available in the next version of the REST API. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-repository-roles)" and "[AUTOTITLE](/rest/orgs/custom-roles?apiVersion=2022-11-28)" in the REST API documentation.
+
+        # https://github.com/github/releases/issues/3067
+        - |
+          Enterprise and organization owners can delete an organization and all of the organization's repositories using the REST API. After deletion, organization names are locked for 90 days. For more information, see "[AUTOTITLE](/rest/orgs/orgs?apiVersion=2022-11-28#delete-an-organization)" in the REST API documentation.
+
+    - heading: Repositories
+      notes:
+        # https://github.com/github/releases/issues/2707
+        - |
+          Within the "Insights" tab for a repository, the sidebar's "Forks" tab provides more information about a project's forks, including a sortable and filterable list of forks and more details about each fork.
+
+        # https://github.com/github/releases/issues/2791
+        - |
+          Repository administrators can unarchive a repository using the REST API. For more information, see "[AUTOTITLE](/rest/repos/repos?apiVersion=2022-11-28#update-a-repository)" in the REST API documentation.
+
+    - heading: Projects
+      notes:
+        # https://github.com/github/releases/issues/2827
+        - |
+          To visualize a project at a high level and across a configurable timespan, users can apply a roadmap layout to any project view. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/changing-the-layout-of-a-view#about-the-roadmap-layout)."
+
+        # https://github.com/github/releases/issues/2821
+        - |
+          To get started with a new project faster, users can copy an existing project, including the source project's views, custom fields, and draft issues. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/creating-projects/copying-an-existing-project)."
+
+        # https://github.com/github/releases/issues/2820
+        - |
+          To save time when adding items to a project, users can configure a workflow to automatically add new items from a repository as people create or update items that match specific criteria. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically)."
+
+        # https://github.com/github/releases/issues/2503
+        - |
+          To keep a long-lived project focused, users can define filters to automatically archive items. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/automating-your-project/archiving-items-automatically)."
+
+        # https://github.com/github/releases/issues/2826
+        - |
+          To easily organize items within a project's columns while using the board layout, users can sort the project by field values using the view configuration menu. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/customizing-the-board-layout)."
+
+        # https://github.com/github/releases/issues/2829
+        - |
+          To quickly add a new issue to a project without changing context, users can create a new issue from a project's omnibar by clicking `+`, then clicking **Create new issue**. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-items-in-your-project/adding-items-to-your-project#creating-issues)."
+
+        # https://github.com/github/releases/issues/2917
+        - |
+          To help people scan a project and take action, users can add a color and a text description to each value for a project's single select fields. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/understanding-fields/about-single-select-fields#editing-a-single-select-field)."
+
+        # https://github.com/github/releases/issues/2984
+        - |
+          Users of the GitHub CLI can manage projects from the command line. For more information, see "[AUTOTITLE](/github-cli/github-cli/about-github-cli)" and the [README](https://github.com/github/gh-projects#cli-extension-for-projects) for the `github/gh-projects` repository on GitHub.com.
+
+        # https://github.com/github/releases/issues/2978
+        - |
+          For users who programmatically access projects using the GraphQL API, additional mutations are available. For more information, see "[createProjectV2Field](/graphql/reference/mutations#createprojectv2field)," "[deleteProjectV2Field](/graphql/reference/mutations#deleteprojectv2field)," and "[deleteProjectV2](/graphql/reference/mutations#deleteprojectv2)" in the "Mutations" GraphQL documentation.
+
+    - heading: GitHub Discussions
+      notes:
+        # https://github.com/github/releases/issues/2967
+        - |
+          To indicate that a discussion is resolved, outdated, or a duplicate, users can close the discussion. For more information, see "[AUTOTITLE](/discussions/managing-discussions-for-your-community/managing-discussions#closing-a-discussion)."
+
+        # https://github.com/github/releases/issues/2825
+        - |
+          To encourage other users to include specific, structured information in discussions, users can create discussion category forms. For more information, see "[AUTOTITLE](/discussions/managing-discussions-for-your-community/creating-discussion-category-forms)."
+
+        # https://github.com/github/releases/issues/2675
+        - |
+          After a user locks a discussion and disallows further comments, the user can permit emoji reactions on the discussion. For more information, see "[AUTOTITLE](/discussions/managing-discussions-for-your-community/moderating-discussions#locking-discussions)."
+
+    - heading: Pull requests
+      notes:
+        # https://github.com/github/releases/issues/3026
+        - |
+          To provide feedback on an entire file, or a file that's been deleted, users can comment on a file from a pull request's "Files changed" tab. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request)."
+
+        # https://github.com/github/releases/issues/2857
+        - |
+          Users of the GraphQL API can revert a merged pull request by using the revertPullRequest mutation. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/reverting-a-pull-request)" and "[AUTOTITLE](/graphql/reference/mutations#revertpullrequest)" in the GraphQL API documentation.
+
+  changes:
+    # HOLD FOR GA:
+    #
+    # https://github.com/github/releases/issues/3050
+    #- |
+    # Before beginning a backup with GitHub Enterprise Server Backup Utilities 3.9.0 and later, the `ghe-host-check` utility will now perform a preflight check on the backup host to confirm the software version and disk space requirements. For more information, see the [3.9.0 release](https://github.com/github/backup-utils/releases/tag/v3.9.0) in the `github/backup-utils` repository on GitHub.com.
+
+    # https://github.com/github/releases/issues/3052
+    #- |
+    # GitHub Enterprise Server Backup Utilities 3.9.0 and later displays a progress indicator for backup and restoration operations. For more information, see the [3.9.0 release](https://github.com/github/backup-utils/releases/tag/v3.9.0) in the `github/backup-utils` repository on GitHub.com.
+      
+    # https://github.com/github/releases/issues/2909
+    - |
+      Field names for some service logs on GitHub Enterprise Server have changed as part of GitHub's gradual migration to internal semantic conventions for [OpenTelemetry](https://opentelemetry.io/). Additional field names will change in upcoming releases. If any tooling or processes in your environment rely on specific field names within logs, or log entries in specific files, the following changes may affect you.
+
+      - `level` is now `SeverityText`.
+      - `log_message`, `msg`, or `message` is now `Body`.
+      - `now` is now `Timestamp`.
+      - Custom field names such as `gh.repo.id` or `graphql.operation.name` use semantic names.
+      - Log statements that the instance would previously write to `auth.log`, `ldap.log`, or `ldap-sync.log` now appear in containerized logs for `github-unicorn` if the statement originated from a web request, or in logs for `github-resqued` if the statement originated from a background job.
+
+      For a full list of mappings, download the [OpenTelemetry attribute mapping CSV](/assets/ghes-3.9-opentelemetry-attribute-mappings.csv).
+
+    # https://github.com/github/ghes/issues/6342
+    - |
+      On a configured instance, the name for the HAProxy service is now `haproxy-frontend`. Previously, the name was `haproxy`. Additionally, on an unconfigured instance, there is a new service named `haproxy-pre-config`. If your instance forwards logs to an external system, update your rules to reflect these changes. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)" article
+
+    # https://github.com/github/releases/issues/2757
+    - |
+      For an instance or organization with 2FA enabled, when a user sets up 2FA, GitHub Enterprise Server suggests an authenticator app (TOTP) by default.
+
+    # https://github.com/github/releases/issues/3160
+    - |
+      When a person with administrative SSH access to an instance submits a support bundle using either the `ghe-support-bundle` or `ghe-cluster-support-bundle` utility, a period for log collection specified with the `-p` or `--period` no longer requires quotes to enclose the date value. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-support-bundle)."
+
+    # https://github.com/github/releases/issues/2745
+    - |
+      To provide additional context within the web interface on an instance where Dependabot alerts are enabled, links to Dependabot alerts in an issue or pull request comment display an improved label and hovercard with alert details.
+
+    # https://github.com/github/releases/issues/2599
+    - |
+      On an instance with Dependabot alerts enabled, people with write or maintain access to a repository can view or act on Dependabot alerts by default. Custom roles, the security manager role, organization permissions, and notification settings are not affected.
+
+    # https://github.com/github/releases/issues/2946
+    - |
+      On an instance with a GitHub Advanced Security license and GitHub Connect enabled for the synchronization of actions from GitHub.com, CodeQL code scanning is up to 16% faster. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)."
+
+    # https://github.com/github/releases/issues/2865
+    - |
+      On an instance with a GitHub Advanced Security license and email configured for notifications, users can receive notifications for secret scanning alerts by watching a repository and choosing "All activity" or "Security alerts". To continue receiving notifications for secret scanning alerts in GitHub Enterprise Server 3.9 and later, users must enable email notifications in the web interface at `http(s)://HOSTNAME/settings/notifications` under "Watching" by choosing "Email".
+
+    # https://github.com/github/releases/issues/2724
+    - |
+      On an instance with a GitHub Advanced Security license, secret scanning alerts display whether detected tokens from GitHub are valid.
+
+    # https://github.com/github/releases/issues/2776
+    - |
+      On an instance with a GitHub Advanced Security license, the enterprise and organization audit logs now display an event when an owner enables or disables a push protection for a custom pattern for a repository, organization, or the enterprise. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#org-category-actions)" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#business_secret_scanning_push_protection-category-actions)."
+
+    # https://github.com/github/releases/issues/2892
+    - |
+      Users can filter the lists of alerts for Dependabot, code scanning, and secret scanning by repository topic or team in the security overview for an organization. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
+
+    # https://github.com/github/releases/issues/3073
+    - |
+      In the security overview for an organization, the following improvements apply to the "Security coverage" view during feature enablement.
+
+      - To provide insight into the number of GitHub Advanced Security licenses used, active committers for the repository are visible. For repositories where GitHub Advanced Security is not enabled, the number indicates the number of licenses required to enable the feature.
+      - Unsaved changes are now labeled with a "Modified" tag, and the "Save security settings" button now displays the total number of changes to save.
+      - While a security feature is being enabled, the "Security coverage" view shows a status of "Updating..." to inform you of the ongoing process.
+      
+      For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
+
+    # https://github.com/github/releases/issues/2811
+    - |
+      In the security overview's "Security risk" and "Security coverage" views, when a user selects a team from the "Team" drop-down or filters by team, results appear for repositories where the team has write or administrative access or has been granted access to security alerts. Previously, users could only view results for repositories where the team had administrative access or had been granted access to security alerts.
+
+    # https://github.com/github/releases/issues/2822
+    - |
+      To provide more context within a project, users can share a deep link to a specific issue in a project to have the issue open in the project's side panel.
+
+    # https://github.com/github/releases/issues/2958
+    - |
+      Organization owners can create up to five custom repository roles. Previously, the limit was three. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-repository-roles)."
+
+    # https://github.com/github/releases/issues/2799
+    - |
+      When transferring a repository, users can also rename the repository. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/transferring-a-repository)."
+
+    # https://github.com/github/releases/issues/2961
+    - |
+      If a user archives a repository, responses from the GraphQL API that include information about the repository now include an `archivedAt` value with a timestamp representing the archival date.
+
+  known_issues:
+    - |
+      If you upgrade from {% data variables.product.prodname_ghe_server %} 3.7 or 3.8 to 3.9, the database server on your instance will be upgraded from MySQL 5.7 to MySQL 8.0. I/O utilization will increase as a result, and in some cases this may affect your instance's performance. Do not upgrade to this RC in a production environment, and ensure that you take and verify a backup of the instance before upgrading to the GA release. For more information, see "[AUTOTITLE](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/known-issues-with-upgrades-to-your-instance)."
+    - |
+      On an instance in a cluster configuration, after you upgrade nodes other than the primary MySQL node and before you upgrade the primary MySQL node, the following output may appear multiple times after you run `ghe-config-apply`.
+
+      ```
+      Error response from daemon: conflict: unable to delete IMAGE_ID (cannot be forced) - image is being used by running container CONTAINER_ID
+      ```
+
+      You can safely ignore this message.
+    - |
+      Custom firewall rules are removed during the upgrade process.
+    - |
+      The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - |
+      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
+    - |
+      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
+    - |
+      When using an outbound web proxy server, the `ghe-btop` command may fail in some circumstances with the error "Error querying allocation: Unexpected response code: 401".
+    - |
+      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
+    - |
+      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`. 
+      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+    - |
+      If the root site administrator is locked out of the Management Console after failed login attempts, the account will not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)."
+
+  deprecations:
+    # https://github.com/github/releases/issues/2826
+    - heading: Change to command-line utility for management of replication
+      notes:
+        - |
+          On an instance with multiple nodes, people with administrative SSH access to the instance should use `ghe-spokesctl` for management of Git replication instead of `ghe-spokes`. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-spokesctl)."
+
+    # https://github.com/github/releases/issues/2773
+    - heading: Dependency graph no longer ingests go.sum files
+      notes:
+        - |
+          Because `go.sum` files are not lock files and may result in false positive Dependabot alerts, on an instance with the dependency graph enabled, the `go.sum` files are no longer ingested for users' Go repositories. If Dependabot alerts are enabled, Dependabot will no longer alert users for vulnerabilities in a `go.sum` file's dependencies. The dependency graph continues to support `go.mod` files, the recommended format for Go projects. Use Go 1.17 or higher to ensure your `go.mod` file contains a comprehensive view of all direct and transitive dependencies. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."
+
+    # https://github.com/github/releases/issues/2938
+    - heading: Only GitHub Actions can publish a GitHub Pages site if source includes symbolic links
+      notes:
+        - |
+          To improve the security of an instance where users deploy sites using GitHub Pages, sites that contain symbolic links will no longer build outside of GitHub Actions. If a user's site is affected and a site administrator has configured email for the instance, the user will receive an email with instructions about how to fix the error. To continue using symbolic links in the site's source, the instance must be configured for GitHub Actions, and the user must write a GitHub Actions workflow to use as a publishing source. For more information, see "[AUTOTITLE](/pages/getting-started-with-github-pages/about-github-pages#publishing-sources-for-github-pages-sites)."

data/reusables/dependabot/dependabot-alerts-dependency-graph-enterprise.md

@@ -1,3 +1,2 @@
 {% ifversion ghes or ghae %}
-Enterprise owners can configure {% ifversion ghes %}the dependency graph and {% endif %}{% data variables.product.prodname_dependabot_alerts %} for an enterprise. For more information, see {% ifversion ghes %}"[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" and {% endif %}"[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
-{% endif %} 
+Enterprise owners can configure {% ifversion ghes %}the dependency graph and {% endif %}{% data variables.product.prodname_dependabot_alerts %} for an enterprise. For more information, see {% ifversion ghes %}"[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" and {% endif %}"[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."{% endif %}

data/reusables/dependabot/dependabot-alerts-enterprise-server-repo-org-enablement.md

@@ -0,0 +1,3 @@
+Enterprise owners must configure the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for an enterprise.
+
+Once {% data variables.product.prodname_dependabot_alerts %} have been configured, repository administrators and organization owners can enable {% data variables.product.prodname_dependabot_alerts %} for private and internal repositories in their "Code security and analysis" settings page. Public repositories are enabled by default. For more information, see "[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)", "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise), and [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts)."

data/reusables/discussions/discussion-category-forms-beta.md

@@ -1,5 +0,0 @@
-{% note %}
-
-**Note:** Discussion category forms are currently in limited public beta and subject to change.
-
-{% endnote %}

data/reusables/enterprise/about-ha.md

@@ -0,0 +1 @@
+To support your plan for disaster recovery and supplement your backups, or to improve network and write performance for geographically distributed users, you can configure high availability for {% data variables.location.product_location %}.

data/reusables/enterprise/about-upgrades.md

@@ -0,0 +1,3 @@
+{% data reusables.enterprise.constantly-improving %} You are responsible for upgrades to your instance. For more information, see "[AUTOTITLE](/admin/overview/about-upgrades-to-new-releases)."
+
+To upgrade an instance, you must plan and communicate the upgrade, choose the appropriate package, back up your data, and then perform the upgrade.

data/reusables/enterprise/apply-configuration.md

@@ -1,4 +1,4 @@
-1. To apply the configuration, enter the following command.
+1. To apply the configuration, run the following command.
 
    {% note %}
    
@@ -6,7 +6,7 @@
 
    {% endnote %}
 
-    ```shell
+    ```shell{:copy}
     ghe-config-apply
     ```
 1. Wait for the configuration run to complete.

data/reusables/enterprise_clustering/clustering-scale-recommendation.md

@@ -1 +0,0 @@
-The cluster topology for {% data variables.product.prodname_ghe_server %} provides horizontal scaling for companies with tens of thousands of developers. {% data variables.product.company_short %} recommends clustering if a single primary node would routinely experience resource exhaustion. Clustering requires careful planning and additional administrative overhead. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-clustering/about-clustering)."

data/reusables/enterprise_clustering/health_checks.md

@@ -1,5 +1,5 @@
-Configure the load balancer to check one of these URLs:
-- `https://HOSTNAME/status` if HTTPS is enabled (default)
-- `http://HOSTNAME/status` if HTTPS is disabled
+Configure the load balancer to check the following URL.
 
-The check will return status code `200` (OK) if the node is healthy and available to service end-user requests.
+`http(s)://HOSTNAME/status`
+
+The endpoint will return status code `200` (OK) if the node is healthy and available to service end-user requests. For more information, see "[AUTOTITLE](/admin/enterprise-management/configuring-high-availability/monitoring-a-high-availability-configuration#monitoring-replication-from-a-remote-system)."

data/reusables/enterprise_installation/ssh-into-cluster-node.md

@@ -0,0 +1,5 @@
+1. To connect to {% data variables.location.product_location %}, SSH into any of your cluster's nodes. From your workstation, run the following command. Replace HOSTNAME with the node's hostname. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
+
+   ```shell{:copy}
+   ssh -p 122 admin@HOSTNAME
+   ```