Merge branch 'main' into eliperkins-patch-1

2021-01-15 16:02:17 -08:00 · 2021-01-15 16:02:17 -08:00 · 8e4bb39504
--- a/.github/allowed-actions.js
+++ b/.github/allowed-actions.js
@ -13,6 +13,7 @@ module.exports = [
  'actions/stale@af4072615903a8b031f986d25b1ae3bf45ec44d4', //actions/stale@v3.0.13
  'crowdin/github-action@fd9429dd63d6c0f8a8cb4b93ad8076990bd6e688',
  'crykn/copy_folder_to_another_repo_action@abc264e1c16eb3d7b1f7763bfdb0e1699ad43120',
+  'cschleiden/actions-linter@43fd4e08e52ed40c0e2782dc2425694388851576',
  'dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911',
  'docker://chinthakagodawita/autoupdate-action:v1',
  'fkirc/skip-duplicate-actions@36feb0d8d062137530c2e00bd278d138fe191289',
--- a/.github/workflows/autoupdate-branch.yml
+++ b/.github/workflows/autoupdate-branch.yml
@ -7,7 +7,7 @@ jobs:
  autoupdate:
    if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
    name: autoupdate
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
    steps:
      - uses: docker://chinthakagodawita/autoupdate-action:v1
        env:
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -2,9 +2,11 @@ name: CodeQL analysis

 on:
  push:
-    branches: main
+    branches:
+      - main
  pull_request:
-    branches: main
+    branches:
+      - main
    paths:
      - '**/*.js'
      - '.github/workflows/codeql.yml'
--- a/.github/workflows/site-policy-sync.yml
+++ b/.github/workflows/site-policy-sync.yml
@ -8,6 +8,8 @@ on:
      - main
    types:
      - closed
+    paths:
+      - 'content/github/site-policy/**'

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
@ -33,8 +35,8 @@ jobs:
        with:
          source_folder: 'content/github/site-policy'
          destination_repo: 'github/site-policy'
-          destination_branch: 'non-substantive-changes'
+          destination_branch: 'repo-sync'
          destination_folder: 'Policies'
          user_email: 'pcihon@users.noreply.github.com'
          user_name: 'pcihon'
-          commit_msg: 'Mirroring non-substantive changes.'
+          commit_msg: 'Automatic sync from GitHub Docs.'
--- a/.github/workflows/test-windows.yml
+++ b/.github/workflows/test-windows.yml
@ -4,12 +4,14 @@ name: Node.js Tests - Windows

 on:
  workflow_dispatch:
+  pull_request:
  schedule:
    - cron: '50 19 * * *' # once a day at 19:50 UTC / 11:50 PST

 jobs:
  test:
    runs-on: windows-latest
+    if: (github.event_name != 'pull_request') || (github.event_name == 'pull_request' && (contains(github.event.pull_request.labels.*.name, 'Windows') || contains(github.event.pull_request.labels.*.name, 'windows')))
    strategy:
      fail-fast: false
      matrix:
--- a/.github/workflows/triage-unallowed-contributions.yml
+++ b/.github/workflows/triage-unallowed-contributions.yml
@ -104,6 +104,7 @@ jobs:
              body: reviewMessage,
              event: 'REQUEST_CHANGES'
            })
+            exit 1 # prevents further steps from running and fails workflow
      # When the most recent review was CHANGES_REQUESTED and the existing
      # PR no longer contains unallowed changes, dismiss the previous review
      - name: Dismiss pull request review
--- a/.github/workflows/workflow-lint.yml
+++ b/.github/workflows/workflow-lint.yml
@ -0,0 +1,22 @@
+name: Lint workflows
+
+on:
+  workflow_dispatch:
+  # push:
+  #   branches:
+  #     - main
+  # pull_request:
+  #   branches-ignore:
+  #     - translations
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Run linter
+        uses: cschleiden/actions-linter@43fd4e08e52ed40c0e2782dc2425694388851576
+        with:
+          workflows: '[".github/workflows/*.yml"]'
--- a/README.md
+++ b/README.md
@ -18,7 +18,7 @@ We accept a lot of [different contributions](CONTRIBUTING.md/#types-of-contribut

 #### Click **make a contribution** from docs

-As you're using the GitHub Docs, you may find something in an article that you'd like to add to, update, or change. Click on **make a contribution** to navigate directly to that article in the codebase, so that you can begin making your contribution.
+As you're using GitHub Docs, you may find something in an article that you'd like to add to, update, or change. Click on **make a contribution** to navigate directly to that article in the codebase, so that you can begin making your contribution.

 <img src="./assets/images/contribution_cta.png" width="400">

--- a/assets/images/enterprise/management-console/actions-aws-s3-storage.png
+++ b/assets/images/enterprise/management-console/actions-aws-s3-storage.png
--- a/assets/images/enterprise/management-console/actions-azure-storage.png
+++ b/assets/images/enterprise/management-console/actions-azure-storage.png
--- a/assets/images/enterprise/management-console/actions-minio-force-path-style.png
+++ b/assets/images/enterprise/management-console/actions-minio-force-path-style.png
--- a/assets/images/enterprise/management-console/actions-minio-s3-storage.png
+++ b/assets/images/enterprise/management-console/actions-minio-s3-storage.png
--- a/assets/images/enterprise/management-console/click-mobile.png
+++ b/assets/images/enterprise/management-console/click-mobile.png
--- a/assets/images/enterprise/management-console/code-scanning-disable.png
+++ b/assets/images/enterprise/management-console/code-scanning-disable.png
--- a/assets/images/enterprise/management-console/enable-code-scanning-checkbox.png
+++ b/assets/images/enterprise/management-console/enable-code-scanning-checkbox.png
--- a/assets/images/enterprise/management-console/enable-github-actions.png
+++ b/assets/images/enterprise/management-console/enable-github-actions.png
--- a/assets/images/enterprise/management-console/enable-secret-scanning-checkbox.png
+++ b/assets/images/enterprise/management-console/enable-secret-scanning-checkbox.png
--- a/assets/images/enterprise/management-console/secret-scanning-disable.png
+++ b/assets/images/enterprise/management-console/secret-scanning-disable.png
--- a/assets/images/enterprise/management-console/select-enable-github-mobile-apps.png
+++ b/assets/images/enterprise/management-console/select-enable-github-mobile-apps.png
--- a/assets/images/enterprise/management-console/sidebar-actions.png
+++ b/assets/images/enterprise/management-console/sidebar-actions.png
--- a/assets/images/enterprise/management-console/sidebar-advanced-security.png
+++ b/assets/images/enterprise/management-console/sidebar-advanced-security.png
--- a/assets/images/enterprise/site-admin-settings/add-announcement-button.png
+++ b/assets/images/enterprise/site-admin-settings/add-announcement-button.png
--- a/assets/images/enterprise/site-admin-settings/add-mandatory-message-button.png
+++ b/assets/images/enterprise/site-admin-settings/add-mandatory-message-button.png
--- a/assets/images/enterprise/site-admin-settings/edit-message.png
+++ b/assets/images/enterprise/site-admin-settings/edit-message.png
--- a/assets/images/enterprise/site-admin-settings/mandatory-message-text-box.png
+++ b/assets/images/enterprise/site-admin-settings/mandatory-message-text-box.png
--- a/assets/images/enterprise/site-admin-settings/message-preview-button.png
+++ b/assets/images/enterprise/site-admin-settings/message-preview-button.png
--- a/assets/images/enterprise/site-admin-settings/message-save-changes-button.png
+++ b/assets/images/enterprise/site-admin-settings/message-save-changes-button.png
--- a/assets/images/enterprise/site-admin-settings/sign-out-add-message-button.png
+++ b/assets/images/enterprise/site-admin-settings/sign-out-add-message-button.png
--- a/assets/images/help/branch/branch-rename-rename.png
+++ b/assets/images/help/branch/branch-rename-rename.png
--- a/assets/images/help/branch/branch-rename-type.png
+++ b/assets/images/help/branch/branch-rename-type.png
--- a/assets/images/help/business-accounts/billing-license-info-click-view-details-or-download.png
+++ b/assets/images/help/business-accounts/billing-license-info-click-view-details-or-download.png
--- a/assets/images/help/business-accounts/billing-license-info.png
+++ b/assets/images/help/business-accounts/billing-license-info.png
--- a/assets/images/help/gist/create-secret-gist-button.png
+++ b/assets/images/help/gist/create-secret-gist-button.png
--- a/assets/images/help/gist/gist-visibility-drop-down-ae.png
+++ b/assets/images/help/gist/gist-visibility-drop-down-ae.png
--- a/assets/images/help/gist/gist-visibility-drop-down.png
+++ b/assets/images/help/gist/gist-visibility-drop-down.png
--- a/assets/images/help/organizations/security-and-analysis-disable-or-enable-all-ghe.png
+++ b/assets/images/help/organizations/security-and-analysis-disable-or-enable-all-ghe.png
--- a/assets/images/help/organizations/security-and-analysis-disable-or-enable-secret-scanning-ghe.png
+++ b/assets/images/help/organizations/security-and-analysis-disable-or-enable-secret-scanning-ghe.png
--- a/assets/images/help/organizations/security-and-analysis-enable-or-disable-secret-scanning-checkbox-ghe.png
+++ b/assets/images/help/organizations/security-and-analysis-enable-or-disable-secret-scanning-checkbox-ghe.png
--- a/assets/images/help/organizations/security-and-analysis-enable-secret-scanning-ghe.png
+++ b/assets/images/help/organizations/security-and-analysis-enable-secret-scanning-ghe.png
--- a/assets/images/help/organizations/security-and-analysis-secret-scanning-enable-by-default-ghe.png
+++ b/assets/images/help/organizations/security-and-analysis-secret-scanning-enable-by-default-ghe.png
--- a/assets/images/help/package-registry/azure-blob-storage-settings.png
+++ b/assets/images/help/package-registry/azure-blob-storage-settings.png
--- a/assets/images/help/package-registry/enable-github-packages.png
+++ b/assets/images/help/package-registry/enable-github-packages.png
--- a/assets/images/help/package-registry/ghes-packages-diagram.png
+++ b/assets/images/help/package-registry/ghes-packages-diagram.png
--- a/assets/images/help/package-registry/s3-aws-storage-bucket-details.png
+++ b/assets/images/help/package-registry/s3-aws-storage-bucket-details.png
--- a/assets/images/help/projects/visibility-radio-buttons-ae.png
+++ b/assets/images/help/projects/visibility-radio-buttons-ae.png
--- a/assets/images/help/projects/visibility-radio-buttons.png
+++ b/assets/images/help/projects/visibility-radio-buttons.png
--- a/assets/images/help/repository/code-scanning-click-alert.png
+++ b/assets/images/help/repository/code-scanning-click-alert.png
--- a/assets/images/help/repository/code-scanning-set-up-this-workflow.png
+++ b/assets/images/help/repository/code-scanning-set-up-this-workflow.png
--- a/assets/images/help/repository/delete-branch-protection-rule.png
+++ b/assets/images/help/repository/delete-branch-protection-rule.png
--- a/assets/images/help/repository/edit-branch-protection-rule.png
+++ b/assets/images/help/repository/edit-branch-protection-rule.png
--- a/assets/images/help/repository/enable-dependabot-security-updates-button.png
+++ b/assets/images/help/repository/enable-dependabot-security-updates-button.png
--- a/assets/images/help/repository/enable-dependabot-security-updates-drop-down.png
+++ b/assets/images/help/repository/enable-dependabot-security-updates-drop-down.png
--- a/assets/images/help/repository/enable-secret-scanning-ghe.png
+++ b/assets/images/help/repository/enable-secret-scanning-ghe.png
--- a/assets/images/help/repository/save-branch-protection-rule.png
+++ b/assets/images/help/repository/save-branch-protection-rule.png
--- a/assets/images/help/repository/secret-scanning-click-alert-ghe.png
+++ b/assets/images/help/repository/secret-scanning-click-alert-ghe.png
--- a/assets/images/help/repository/secret-scanning-click-alert.png
+++ b/assets/images/help/repository/secret-scanning-click-alert.png
--- a/assets/images/help/repository/secret-scanning-resolve-alert-ghe.png
+++ b/assets/images/help/repository/secret-scanning-resolve-alert-ghe.png
--- a/assets/images/help/repository/secret-scanning-resolve-alert.png
+++ b/assets/images/help/repository/secret-scanning-resolve-alert.png
--- a/assets/images/help/repository/security-and-analysis-disable-or-enable-ghe.png
+++ b/assets/images/help/repository/security-and-analysis-disable-or-enable-ghe.png
--- a/assets/images/help/repository/security-and-analysis-security-alerts-person-or-team-search-ghe.png
+++ b/assets/images/help/repository/security-and-analysis-security-alerts-person-or-team-search-ghe.png
--- a/assets/images/help/repository/security-and-analysis-security-alerts-username-x-ghe.png
+++ b/assets/images/help/repository/security-and-analysis-security-alerts-username-x-ghe.png
--- a/assets/images/help/sponsors/export-all.png
+++ b/assets/images/help/sponsors/export-all.png
--- a/assets/images/help/sponsors/export-your-sponsors.png
+++ b/assets/images/help/sponsors/export-your-sponsors.png
--- a/assets/images/help/sponsors/filter-drop-down.png
+++ b/assets/images/help/sponsors/filter-drop-down.png
--- a/content/README.md
+++ b/content/README.md
@ -24,6 +24,7 @@ See the [contributing docs](/CONTRIBUTING.md) for general information about work
  - [Escaping single quotes](#escaping-single-quotes)
 - [Autogenerated mini TOCs](#autogenerated-mini-tocs)
 - [Versioning](#versioning)
+  - [Free-pro-team vs. GitHub.com versioning](#free-pro-team-vs.-github.com-versioning)
 - [Filenames](#filenames)
 - [Whitespace control](#whitespace-control)
 - [Links and image paths](#links-and-image-paths)
@ -213,6 +214,12 @@ A content file can have **two** types of versioning:
 * Liquid statements in content (**optional**)
    * Conditionally render content depending on the current version being viewed. See [contributing/liquid-helpers](../contributing/liquid-helpers.md) for more info. Note Liquid conditionals can also appear in `data` and `include` files.

+### Free-pro-team vs. GitHub.com versioning
+
+As of early 2021, the `free-pro-team@latest` version is **only** supported in content files (in both frontmatter and Liquid versioning) and throughout the docs site backend. It is **not** user facing. A helper function called `lib/remove-fpt-from-path.js` removes the version from URLs. Users now select `GitHub.com` in the Article Versions dropdown instead of `Free, Pro, Team`.
+
+The convenience function allows us to continue supporting a consistent versioning structure under-the-hood while not displaying plan information to users that may be potentially confusing.
+
 ## Filenames

 When adding a new article, make sure the filename is a [kebab-cased](https://en.wikipedia.org/wiki/Letter_case#Special_case_styles) version of the title you use in the article's [`title`](#title) frontmatter. This can get tricky when a title has punctuation (such as "GitHub's Billing Plans"). A test will flag any discrepancies between title and filename. To override this requirement for a given article, you can add [`allowTitleToDifferFromFilename`](#allowtitletodifferfromfilename) frontmatter.
@ -224,7 +231,7 @@ When using Liquid conditionals in lists or tables, you can use [whitespace contr
 Just add a hyphen on either the left, right, or both sides to indicate that there should be no newline on that side. For example, this statement removes a newline on the left side:

 ```
-{%- if page.version == 'dotcom' %}
+{%- if currentVersion == 'free-pro-team@latest' %}
 ```

 These characters are especially important in [index pages](#index-pages) comprised of list items.
@ -238,9 +245,9 @@ For example, if you include the following link in a content file:
 ```
 /github/writing-on-github/creating-a-saved-reply
 ```
-When viewed on GitHub.com docs, the link gets rendered with the language code and version:
+When viewed on GitHub.com docs, the link gets rendered with the language code:
 ```
-/en/free-pro-team@latest/github/writing-on-github/creating-a-saved-reply
+/en/github/writing-on-github/creating-a-saved-reply
 ```
 and when viewed on GitHub Enterprise Server docs, the version is included as well:
 ```
--- a/content/actions/guides/building-and-testing-net.md
+++ b/content/actions/guides/building-and-testing-net.md
@ -0,0 +1,248 @@
+---
+title: Building and testing .NET
+intro: You can create a continuous integration (CI) workflow to build and test your .NET project.
+product: '{% data reusables.gated-features.actions %}'
+versions:
+  free-pro-team: '*'
+  enterprise-server: '>=2.22'
+---
+
+### Introduction
+
+This guide shows you how to build, test, and publish a .NET package.
+
+{% data variables.product.prodname_dotcom %}-hosted runners have a tools cache with preinstalled software, which includes the .NET Core SDK. For a full list of up-to-date software and the preinstalled versions of .NET Core SDK, see [software installed on {% data variables.product.prodname_dotcom %}-hosted runners](/actions/reference/specifications-for-github-hosted-runners).
+
+### Prerequisites
+
+You should already be familiar with YAML syntax and how it's used with {% data variables.product.prodname_actions %}. For more information, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions)."
+
+We recommend that you have a basic understanding of the .NET Core SDK. For more information, see [Getting started with .NET](https://dotnet.microsoft.com/learn).
+
+### Starting with the .NET workflow template
+
+{% data variables.product.prodname_dotcom %} provides a .NET workflow template that should work for most .NET projects, and this guide includes examples that show you how to customize this template. For more information, see the [.NET workflow template](https://github.com/actions/setup-dotnet).
+
+To get started quickly, add the template to the `.github/workflows` directory of your repository.
+
+{% raw %}
+```yaml
+name: dotnet package
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        dotnet-version: [ '2.2.103', '3.0', '3.1.x' ]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Setup .NET Core SDK ${{ matrix.dotnet }}
+      uses: actions/setup-dotnet@v1.6.0
+      with:
+        dotnet-version: {{ matrix.dotnet-version }}
+    - name: Install dependencies
+      run: dotnet restore
+    - name: Build
+      run: dotnet build --configuration Release --no-restore
+    - name: Test
+      run: dotnet test --no-restore --verbosity normal
+```
+{% endraw %}
+
+### Specifying a .NET version
+
+To use a preinstalled version of the .NET Core SDK on a {% data variables.product.prodname_dotcom %}-hosted runner, use the `setup-dotnet` action. This action finds a specific version of .NET from the tools cache on each runner, and adds the necessary binaries to `PATH`. These changes will persist for the remainder of the job.
+ 
+The `setup-dotnet` action is the recommended way of using .NET with {% data variables.product.prodname_actions %}, because it ensures consistent behavior across different runners and different versions of .NET. If you are using a self-hosted runner, you must install .NET and add it to `PATH`. For more information, see the [`setup-dotnet`](https://github.com/marketplace/actions/setup-dotnet).
+
+#### Using multiple .NET versions
+
+{% raw %}
+```yaml
+name: dotnet package
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        dotnet: [ '2.2.103', '3.0', '3.1.x' ]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Setup dotnet ${{ matrix.dotnet-version }}
+      uses: actions/setup-dotnet@v1.6.0
+      with:
+        dotnet-version: ${{ matrix.dotnet-version }}
+    # You can test your matrix by printing the current dotnet version
+    - name: Display dotnet version
+      run: dotnet --version
+```
+{% endraw %}
+
+#### Using a specific .NET version
+
+You can configure your job to use a specific version of .NET, such as `3.1.3`. Alternatively, you can use semantic version syntax to get the latest minor release. This example uses the latest minor release of .NET 3.
+
+{% raw %}
+```yaml
+    - name: Setup .NET 3.x
+      uses: actions/setup-dotnet@v2
+      with:
+        # Semantic version range syntax or exact version of a dotnet version
+        dotnet-version: '3.x' 
+```
+{% endraw %}
+
+### Installing dependencies
+
+{% data variables.product.prodname_dotcom %}-hosted runners have the NuGet package manager installed. You can use the dotnet CLI to install dependencies from the NuGet package registry before building and testing your code. For example, the YAML below installs the `Newtonsoft` package.
+
+{% raw %}
+```yaml
+steps:
+- uses: actions/checkout@v2
+- name: Setup dotnet
+  uses: actions/setup-dotnet@v1.6.0
+  with:
+    dotnet-version: '3.1.x'
+- name: Install dependencies
+  run: dotnet add package Newtonsoft.Json --version 12.0.1
+```
+{% endraw %}
+
+{% if currentVersion == "free-pro-team@latest" %}
+
+#### Caching dependencies
+
+You can cache NuGet dependencies using a unique key, which allows you to restore the dependencies for future workflows with the [`cache`](https://github.com/marketplace/actions/cache) action. For example, the YAML below installs the `Newtonsoft` package.
+
+For more information, see "[Caching dependencies to speed up workflows](/actions/guides/caching-dependencies-to-speed-up-workflows)."
+
+{% raw %}
+```yaml
+steps:
+- uses: actions/checkout@v2
+- name: Setup dotnet
+  uses: actions/setup-dotnet@v1.6.0
+  with:
+    dotnet-version: '3.1.x'
+- uses: actions/cache@v2
+  with:
+    path: ~/.nuget/packages
+    # Look to see if there is a cache hit for the corresponding requirements file
+    key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
+    restore-keys: |
+      ${{ runner.os }}-nuget
+- name: Install dependencies
+  run: dotnet add package Newtonsoft.Json --version 12.0.1
+```
+{% endraw %}
+
+{% note %}
+
+**Note:** Depending on the number of dependencies, it may be faster to use the dependency cache. Projects with many large dependencies should see a performance increase as it cuts down the time required for downloading. Projects with fewer dependencies may not see a significant performance increase and may even see a slight decrease due to how NuGet installs cached dependencies. The performance varies from project to project.
+
+{% endnote %}
+
+{% endif %}
+
+### Building and testing your code
+
+You can use the same commands that you use locally to build and test your code. This example demonstrates how to use `dotnet build` and `dotnet test` in a job:
+
+{% raw %}
+```yaml
+steps:
+- uses: actions/checkout@v2
+- name: Setup dotnet
+  uses: actions/setup-dotnet@v1.6.0
+  with:
+    dotnet-version: '3.1.x'
+- name: Install dependencies
+  run: dotnet restore
+- name: Build
+  run: dotnet build
+- name: Test with the dotnet CLI
+  run: dotnet test
+```
+{% endraw %}
+
+### Packaging workflow data as artifacts
+
+After a workflow completes, you can upload the resulting artifacts for analysis. For example, you may need to save log files, core dumps, test results, or screenshots. The following example demonstrates how you can use the `upload-artifact` action to upload test results.
+
+For more information, see "[Persisting workflow data using artifacts](/github/automating-your-workflow-with-github-actions/persisting-workflow-data-using-artifacts)."
+
+{% raw %}
+```yaml
+name: dotnet package
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        dotnet-version: [ '2.2.103', '3.0', '3.1.x' ]
+
+      steps:
+      - uses: actions/checkout@v2
+      - name: Setup dotnet
+        uses: actions/setup-dotnet@v1.6.0
+        with:
+          dotnet-version: ${{ matrix.dotnet-version }}
+      - name: Install dependencies
+        run: dotnet restore
+      - name: Test with dotnet
+        run: dotnet test --logger trx --results-directory "TestResults-${{ matrix.dotnet-version }}"
+      - name: Upload dotnet test results
+        uses: actions/upload-artifact@v2
+        with:
+          name: dotnet-results-${{ matrix.dotnet-version }}
+          path: TestResults-${{ matrix.dotnet-version }}
+        # Use always() to always run this step to publish test results when there are test failures
+        if: ${{ always() }}
+```
+{% endraw %}
+
+### Publishing to package registries
+
+You can configure your workflow to publish your Dotnet package to a package registry when your CI tests pass. You can use repository secrets to store any tokens or credentials needed to publish your binary. The following example creates and publishes a package to {% data variables.product.prodname_registry %} using `dotnet core cli`.
+
+{% raw %}
+```yaml
+name: Upload dotnet package
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-dotnet@v1
+    with:
+        dotnet-version: '3.1.x' # SDK Version to use.
+        source-url: https://nuget.pkg.github.com/<owner>/index.json
+    env:
+        NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+    - run: dotnet build <my project>
+    - name: Create the package
+    run: dotnet pack --configuration Release <my project>
+    - name: Publish the package to GPR
+    run: dotnet nuget push <my project>/bin/Release/*.nupkg
+```
+{% endraw %}
--- a/content/actions/guides/building-and-testing-nodejs.md
+++ b/content/actions/guides/building-and-testing-nodejs.md
@ -37,7 +37,11 @@ To get started quickly, add the template to the `.github/workflows` directory of
 ```yaml{:copy}
 name: Node.js CI

-on: [push]
+on:
+  push:
+    branches: [ $default-branch ]
+  pull_request:
+    branches: [ $default-branch ]

 jobs:
  build:
@ -46,7 +50,7 @@ jobs:

    strategy:
      matrix:
-        node-version: [8.x, 10.x, 12.x]
+        node-version: [10.x, 12.x, 14.x, 15.x]

    steps:
    - uses: actions/checkout@v2
@ -54,11 +58,9 @@ jobs:
      uses: actions/setup-node@v1
      with:
        node-version: ${{ matrix.node-version }}
-    - run: npm install
+    - run: npm ci
    - run: npm run build --if-present
    - run: npm test
-      env:
-        CI: true
 ```
 {% endraw %}

@ -70,7 +72,7 @@ The easiest way to specify a Node.js version is by using the `setup-node` action

 The `setup-node` action takes a Node.js version as an input and configures that version on the runner. The `setup-node` action finds a specific version of Node.js from the tools cache on each runner and adds the necessary binaries to `PATH`, which persists for the rest of the job. Using the `setup-node` action is the recommended way of using Node.js with {% data variables.product.prodname_actions %} because it ensures consistent behavior across different runners and different versions of Node.js. If you are using a self-hosted runner, you must install Node.js and add it to `PATH`.

-The template includes a matrix strategy that builds and tests your code with three Node.js versions: 8.x, 10.x, and 12.x. The 'x' is a wildcard character that matches the latest minor and patch release available for a version. Each version of Node.js specified in the `node-version` array creates a job that runs the same steps.
+The template includes a matrix strategy that builds and tests your code with four Node.js versions: 10.x, 12.x, 14.x, and 15.x. The 'x' is a wildcard character that matches the latest minor and patch release available for a version. Each version of Node.js specified in the `node-version` array creates a job that runs the same steps.

 Each job can access the value defined in the matrix `node-version` array using the `matrix` context. The `setup-node` action uses the context as the `node-version` input. The `setup-node` action configures each job with a different Node.js version before building and testing code. For more information about matrix strategies and contexts, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix)" and "[Context and expression syntax for {% data variables.product.prodname_actions %}](/actions/reference/context-and-expression-syntax-for-github-actions)."

@ -78,7 +80,7 @@ Each job can access the value defined in the matrix `node-version` array using t
 ```yaml
 strategy:
  matrix:
-    node-version: [8.x, 10.x, 12.x]
+    node-version: [10.x, 12.x, 14.x, 15.x]

 steps:
 - uses: actions/checkout@v2
@ -116,11 +118,9 @@ jobs:
      uses: actions/setup-node@v1
      with:
        node-version: '12.x'
-    - run: npm install
+    - run: npm ci
    - run: npm run build --if-present
    - run: npm test
-      env:
-        CI: true
 ```
 {% endraw %}

--- a/content/actions/guides/building-and-testing-python.md
+++ b/content/actions/guides/building-and-testing-python.md
@ -123,7 +123,7 @@ jobs:

 #### Using a specific Python version

-You can configure a specific version of python. For example, 3.8. Alternatively, you can semantic version syntax to get the latest minor release. This example uses the latest minor release of Python 3.
+You can configure a specific version of python. For example, 3.8. Alternatively, you can use semantic version syntax to get the latest minor release. This example uses the latest minor release of Python 3.

 {% raw %}
 ```yaml
--- a/content/actions/guides/index.md
+++ b/content/actions/guides/index.md
@ -28,6 +28,7 @@ layout: product-sublanding
 <!-- {% link_in_list /about-continuous-integration %} -->
 <!-- {% link_in_list /setting-up-continuous-integration-using-workflow-templates %} -->
 <!-- {% link_in_list /building-and-testing-nodejs %} -->
+<!-- {% link_in_list /building-and-testing-net %} -->
 <!-- {% link_in_list /building-and-testing-powershell %} -->
 <!-- {% link_in_list /building-and-testing-python %} -->
 <!-- {% link_in_list /building-and-testing-ruby %} -->
--- a/content/actions/hosting-your-own-runners/adding-self-hosted-runners.md
+++ b/content/actions/hosting-your-own-runners/adding-self-hosted-runners.md
@ -13,6 +13,10 @@ type: 'tutorial'
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}

+You can add a self-hosted runner to a repository, an organization, or an enterprise.
+
+If you are an organization or enterprise administrator, you might want to add your self-hosted runners at the organization or enterprise level. This approach makes the runner available to multiple repositories in your organization or enterprise, and also lets you to manage your runners in one place.
+
 For information on supported operating systems for self-hosted runners, or using self-hosted runners with a proxy server, see "[About self-hosted runners](/github/automating-your-workflow-with-github-actions/about-self-hosted-runners)."

 {% warning %}
@ -45,6 +49,8 @@ You can add self-hosted runners at the organization level, where they can be use
 {% data reusables.github-actions.self-hosted-runner-configure %}
 {% data reusables.github-actions.self-hosted-runner-check-installation-success %}

+{% data reusables.github-actions.self-hosted-runner-public-repo-access %}
+
 ### Adding a self-hosted runner to an enterprise

 You can add self-hosted runners to an enterprise, where they can be assigned to multiple organizations. The organization admins are then able to control which repositories can use it.
@ -62,3 +68,13 @@ To add a self-hosted runner at the enterprise level of {% data variables.product
 1. Click **Add new**, then click **New runner**. New runners are assigned to the default group. You can modify the runner's group after you've registered the runner. For more information, see "[Managing access to self-hosted runners](/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group)."
 {% data reusables.github-actions.self-hosted-runner-configure %}
 {% data reusables.github-actions.self-hosted-runner-check-installation-success %}
+
+{% data reusables.github-actions.self-hosted-runner-public-repo-access %}
+
+#### Making enterprise runners available to repositories
+
+By default, runners in an enterprise's "Default" self-hosted runner group are available to all organizations in the enterprise, but are not available to all repositories in each organization.
+
+To make an enterprise-level self-hosted runner group available to an organization repository, you might need to change the organization's inherited settings for the runner group to make the runner available to repositories in the organization.
+
+For more information on changing runner group access settings, see "[Managing access to self-hosted runners using groups](/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group)."
--- a/content/actions/reference/context-and-expression-syntax-for-github-actions.md
+++ b/content/actions/reference/context-and-expression-syntax-for-github-actions.md
@ -75,6 +75,10 @@ In order to use property dereference syntax, the property name must:
 - start with `a-Z` or `_`.
 - be followed by `a-Z` `0-9` `-` or `_`.

+#### Determining when to use contexts
+
+{% data reusables.github-actions.using-context-or-environment-variables %}
+
 #### `github` context

 The `github` context contains information about the workflow run and the event that triggered the run. You can read most of the `github` context data in environment variables. For more information about environment variables, see "[Using environment variables](/actions/automating-your-workflow-with-github-actions/using-environment-variables)."
@ -107,15 +111,14 @@ The `github` context contains information about the workflow run and the event t

 The `env` context contains environment variables that have been set in a workflow, job, or step. For more information about setting environment variables in your workflow, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#env)."

-The `env` context syntax allows you to use the value of an environment variable in your workflow file. If you want to use the value of an environment variable inside a runner, use the runner operating system's normal method for reading environment variables.
+The `env` context syntax allows you to use the value of an environment variable in your workflow file. You can use the `env` context in the value of any key in a **step** except for the `id` and `uses` keys. For more information on the step syntax, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idsteps)."

-You can only use the `env` context in the value of the `with` and `name` keys, or in a step's `if` conditional. For more information on the step syntax, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idsteps)."
+If you want to use the value of an environment variable inside a runner, use the runner operating system's normal method for reading environment variables.

 | Property name | Type | Description |
 |---------------|------|-------------|
 | `env` | `object` | This context changes for each step in a job. You can access this context from any step in a job. |
-| `env.<env name>` | `string` | The value of a specific environment variable. |
-
+| `env.<env_name>` | `string` | The value of a specific environment variable. |

 #### `job` context

--- a/content/actions/reference/environment-variables.md
+++ b/content/actions/reference/environment-variables.md
@ -57,6 +57,16 @@ We strongly recommend that actions use environment variables to access the files
 | `GITHUB_API_URL` | Returns the API URL. For example: `{% data variables.product.api_url_code %}`.
 | `GITHUB_GRAPHQL_URL` | Returns the GraphQL API URL. For example: `{% data variables.product.graphql_url_code %}`.

+{% tip %}
+
+**Note:** If you need to use a workflow run's URL from within a job, you can combine these environment variables: `$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID`
+
+{% endtip %}
+
+#### Determining when to use default environment variables or contexts
+
+{% data reusables.github-actions.using-context-or-environment-variables %}
+
 ### Naming conventions for environment variables

 {% note %}
--- a/content/actions/reference/events-that-trigger-workflows.md
+++ b/content/actions/reference/events-that-trigger-workflows.md
@ -80,6 +80,8 @@ You can use these operators in any of the five fields:

 You can use [crontab guru](https://crontab.guru/) to help generate your cron syntax and confirm what time it will run. To help you get started, there is also a list of [crontab guru examples](https://crontab.guru/examples.html).

+Notifications for scheduled workflows are sent to the user who last modified the cron syntax in the workflow file. For more information, please see "[Notifications for workflow runs](/actions/guides/about-continuous-integration#notifications-for-workflow-runs)."
+
 ### Manual events

 You can manually trigger workflow runs. To trigger specific workflows in a repository, use the `workflow_dispatch` event. To trigger more than one workflow in a repository and create custom events and event types, use the `repository_dispatch` event. 
--- a/content/actions/reference/specifications-for-github-hosted-runners.md
+++ b/content/actions/reference/specifications-for-github-hosted-runners.md
@ -83,44 +83,11 @@ If there is a tool that you'd like to request, please open an issue at [actions/

 {% endnote %}

-Windows and Ubuntu runners are hosted in Azure and have the same IP address ranges as Azure Data centers. Currently, all Windows and Ubuntu {% data variables.product.prodname_dotcom %}-hosted runners are in the following Azure regions:
+Windows and Ubuntu runners are hosted in Azure and subsequently have the same IP address ranges as the Azure datacenters. macOS runners are hosted in {% data variables.product.prodname_dotcom %}'s own macOS cloud.

- East US (`eastus`)
- East US 2 (`eastus2`)
- West US 2 (`westus2`)
- Central US (`centralus`)
- South Central US (`southcentralus`)
+To get a list of IP address ranges that {% data variables.product.prodname_actions %} uses for {% data variables.product.prodname_dotcom %}-hosted runners, you can use the {% data variables.product.prodname_dotcom %} REST API . For more information, see the `actions` key in the response of the "[Get GitHub meta information](/rest/reference/meta#get-github-meta-information)" endpoint. You can use this list of IP addresses if you require an allow-list to prevent unauthorized access to your internal resources.

-Microsoft updates the Azure IP address ranges weekly in a JSON file that you can download from the [Azure IP Ranges and Service Tags - Public Cloud](https://www.microsoft.com/en-us/download/details.aspx?id=56519) website. You can use this range of IP addresses if you require an allow-list to prevent unauthorized access to your internal resources.
-
-The JSON file contains an array called `values`. Inside that array, you can find the supported IP addresses in an object with a `name` and `id` of the Azure region, for example `"AzureCloud.eastus2"`.
-
-You can find the supported IP address ranges in the `"addressPrefixes"` object. This is a condensed example of the JSON file.
-
-```json
-{
-  "changeNumber": 84,
-  "cloud": "Public",
-  "values": [
-    {
-      "name": "AzureCloud.eastus2",
-      "id": "AzureCloud.eastus2",
-      "properties": {
-        "changeNumber": 33,
-        "region": "eastus2",
-        "platform": "Azure",
-        "systemService": "",
-        "addressPrefixes": [
-          "13.68.0.0/17",
-          "13.77.64.0/18",
-          "13.104.147.0/25",
-          ...
-        ]
-      }
-    }
-  ]
-}
-```
+The list of {% data variables.product.prodname_actions %} IP addresses returned by the API is updated once a week. 

 ### File systems

--- a/content/actions/reference/workflow-syntax-for-github-actions.md
+++ b/content/actions/reference/workflow-syntax-for-github-actions.md
@ -187,7 +187,7 @@ For more information about cron syntax, see "[Events that trigger workflows](/ac

 ### `env`

-A `map` of environment variables that are available to all jobs and steps in the workflow. You can also set environment variables that are only available to a job or step. For more information, see [`jobs.<job_id>.env`](#jobsjob_idenv) and [`jobs.<job_id>.steps[*].env`](#jobsjob_idstepsenv).
+A `map` of environment variables that are available to the steps of all jobs in the workflow. You can also set environment variables that are only available to the steps of a single job or to a single step. For more information, see [`jobs.<job_id>.env`](#jobsjob_idenv) and [`jobs.<job_id>.steps[*].env`](#jobsjob_idstepsenv).

 {% data reusables.repositories.actions-env-var-note %}

--- a/content/admin/configuration/command-line-utilities.md
+++ b/content/admin/configuration/command-line-utilities.md
@ -466,20 +466,23 @@ ghe-webhook-logs
 ```

 To show all failed hook deliveries in the past day:
+{% if currentVersion ver_gt "enterprise-server@2.22" %}
+```shell
+ghe-webhook-logs -f -a <em>YYYY-MM-DD</em>
+```
+
+The date format should be `YYYY-MM-DD`, `YYYY-MM-DD HH:MM:SS`, or `YYYY-MM-DD HH:MM:SS (+/-) HH:M`.
+{% else %}
 ```shell
 ghe-webhook-logs -f -a <em>YYYYMMDD</em>
 ```
+{% endif %}

 To show the full hook payload, result, and any exceptions for the delivery:
 ```shell
 ghe-webhook-logs -g <em>delivery-guid</em> -v
 ```

-To show global webhook deliveries:
-```shell
-ghe-webhook-logs --global
-```
-
 ### Clustering

 #### ghe-cluster-status
--- a/content/admin/configuration/configuring-backups-on-your-appliance.md
+++ b/content/admin/configuration/configuring-backups-on-your-appliance.md
@ -80,6 +80,14 @@ If backup attempts overlap, the `ghe-backup` command will abort with an error me

 In the event of prolonged outage or catastrophic event at the primary site, you can restore {% data variables.product.product_location %} by provisioning another {% data variables.product.prodname_enterprise %} appliance and performing a restore from the backup host. You must add the backup host's SSH key to the target {% data variables.product.prodname_enterprise %} appliance as an authorized SSH key before restoring an appliance.

+{%if currentVersion ver_gt "enterprise-server@2.22"%}
+{% note %}
+
+**Note:** If {% data variables.product.product_location %} has {% data variables.product.prodname_actions %} enabled, you must first configure the {% data variables.product.prodname_actions %} external storage provider on the replacement appliance before running the the `ghe-restore` command. For more information, see "[Backing up and restoring {% data variables.product.prodname_ghe_server %} with {% data variables.product.prodname_actions %} enabled](/admin/github-actions/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled)."
+
+{% endnote %}
+{% endif %}
+
 To restore {% data variables.product.product_location %} from the last successful snapshot, use the `ghe-restore` command. You should see output similar to this:

 ```shell
--- a/content/admin/configuration/configuring-code-scanning-for-your-appliance.md
+++ b/content/admin/configuration/configuring-code-scanning-for-your-appliance.md
@ -29,11 +29,11 @@ For the users of {% data variables.product.product_location %} to be able to ena
 1. Check if there is an **{% data variables.product.prodname_advanced_security %}** entry in the left sidebar.
 ![Advanced Security sidebar](/assets/images/enterprise/management-console/sidebar-advanced-security.png)

-If you can't see **{% data variables.product.prodname_advanced_security %}** in the sidebar, it means that your license doesn't include support for {% data variables.product.prodname_advanced_security %} features including {% data variables.product.prodname_code_scanning %}. The {% data variables.product.prodname_advanced_security %} license gives you and your users access to features that help you make your repositories and code more secure. 
+{% data reusables.enterprise_management_console.advanced-security-license %}

 ### Enabling {% data variables.product.prodname_code_scanning %}

-{% data reusables.enterprise_management_console.enable-disable-code-scanning %}
+{% data reusables.enterprise_management_console.enable-disable-security-features %}

 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
@ -47,35 +47,41 @@ If you can't see **{% data variables.product.prodname_advanced_security %}** in

 #### Setting up a self-hosted runner

-If you are enrolled in the {% data variables.product.prodname_actions %} beta, then {% data variables.product.prodname_ghe_server %} can run {% data variables.product.prodname_code_scanning %} using a {% data variables.product.prodname_actions %} workflow. First, you need to provision one or more self-hosted {% data variables.product.prodname_actions %} runners in your environment. You can provision self-hosted runners at the repository, organization, or enterprise account level. For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners)" and "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
+{% data variables.product.prodname_ghe_server %} can run {% data variables.product.prodname_code_scanning %} using a {% data variables.product.prodname_actions %} workflow. First, you need to provision one or more self-hosted {% data variables.product.prodname_actions %} runners in your environment. You can provision self-hosted runners at the repository, organization, or enterprise account level. For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners)" and "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."

 You must ensure that Git is in the PATH variable on any self-hosted runners you use to run {% data variables.product.prodname_codeql %} actions.

-#### Provisioning the action
-To run {% data variables.product.prodname_code_scanning %} on {% data variables.product.prodname_ghe_server %} with {% data variables.product.prodname_actions %}, the appropriate action must be available locally. You can make the action available in three ways.
+{% if currentVersion == "enterprise-server@2.22" %}
+#### Provisioning the actions
+To run {% data variables.product.prodname_code_scanning %} on {% data variables.product.prodname_ghe_server %} with {% data variables.product.prodname_actions %}, the appropriate actions must be available locally. You can make the actions available in three ways.

- **Recommended** You can use [{% data variables.product.prodname_github_connect %}](/enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud) to automatically download actions from {% data variables.product.prodname_dotcom_the_website %}. The machine that hosts your instance must be able to access {% data variables.product.prodname_dotcom_the_website %}. This approach ensures that you get the latest software automatically. For more information, see "[Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}](/enterprise/admin/configuration/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)."
+- **Recommended**: You can use [{% data variables.product.prodname_github_connect %}](/enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud) to automatically download actions from {% data variables.product.prodname_dotcom_the_website %}. The machine that hosts your instance must be able to access {% data variables.product.prodname_dotcom_the_website %}. This approach ensures that you get the latest software automatically. For more information, see "[Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}](/enterprise/admin/configuration/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)."
 - If you want to use the {% data variables.product.prodname_codeql_workflow %}, you can sync the repository from {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.prodname_ghe_server %}, by using the {% data variables.product.prodname_codeql %} Action sync tool available at [https://github.com/github/codeql-action-sync-tool](https://github.com/github/codeql-action-sync-tool/). You can use this tool regardless of whether {% data variables.product.product_location %} or your {% data variables.product.prodname_actions %} runners have access to the internet, as long as you can access both {% data variables.product.product_location %} and {% data variables.product.prodname_dotcom_the_website %} simultaneously on your computer.
- You can create a local copy of the action's repository on your server, by cloning the {% data variables.product.prodname_dotcom_the_website %} repository with the action. For example, if you want to use the {% data variables.product.prodname_codeql %} action, you can create a repository in your instance called `github/codeql-action`, then clone the [repository](https://github.com/github/codeql-action) from {% data variables.product.prodname_dotcom_the_website %}, and then push that repository to your instance's `github/codeql-action` repository. You will also need to download any of the releases from the repository on {% data variables.product.prodname_dotcom_the_website %} and upload them to your instance's `github/codeql-action` repository as releases. 
-
+- You can create a local copy of an action's repository on your server, by cloning the {% data variables.product.prodname_dotcom_the_website %} repository that contains the action. For example, if you want to use the actions for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can create a repository in your instance called `github/codeql-action`, then clone the [repository](https://github.com/github/codeql-action) from {% data variables.product.prodname_dotcom_the_website %}, and then push that repository to your instance's `github/codeql-action` repository. You will also need to download any of the releases from the repository on {% data variables.product.prodname_dotcom_the_website %} and upload them to your instance's `github/codeql-action` repository as releases. 

 ##### Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}
-
 1. If you want to download action workflows on demand from {% data variables.product.prodname_dotcom_the_website %}, you need to enable {% data variables.product.prodname_github_connect %}. For more information, see "[Enabling {% data variables.product.prodname_github_connect %}](/enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud#enabling-github-connect)."
-2. You'll also need to enable {% data variables.product.prodname_actions %} for {% data variables.product.product_location %}. For more information, see "[Enabling {% data variables.product.prodname_actions %} and configuring storage](/enterprise/admin/github-actions/enabling-github-actions-and-configuring-storage)."
+2. You'll also need to enable {% data variables.product.prodname_actions %} for {% data variables.product.product_location %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for {% data variables.product.prodname_ghe_server %}](/admin/github-actions/getting-started-with-github-actions-for-github-enterprise-server)."
 3. The next step is to configure access to actions on {% data variables.product.prodname_dotcom_the_website %} using {% data variables.product.prodname_github_connect %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect)."
 4. Add a self-hosted runner to your repository, organization, or enterprise account. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
+{% endif %}

-After you configure a self-hosted runner, users can enable {% data variables.product.prodname_code_scanning %} for individual repositories on {% data variables.product.product_location %}. For more information, see "[Enabling {% data variables.product.prodname_code_scanning %} for a repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository)."
+{% if currentVersion ver_gt "enterprise-server@2.22" %}
+#### Configuring {% data variables.product.prodname_codeql %} on a server without internet access
+If the server on which you are running {% data variables.product.prodname_ghe_server %} is not connected to the internet, and you want to allow users to enable {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} for their repositories, you must use the {% data variables.product.prodname_codeql %} Action sync tool to copy the {% data variables.product.prodname_codeql %} actions and query bundle from {% data variables.product.prodname_dotcom_the_website %} to your server. The tool, and details of how to use it, are available at [https://github.com/github/codeql-action-sync-tool](https://github.com/github/codeql-action-sync-tool/).
+{% endif %}
+
+#### Enabling code scanning for individual repositories
+After you configure a self-hosted runner, {% if currentVersion == "enterprise-server@2.22" %}and provision the actions,{% endif %} users can enable {% data variables.product.prodname_code_scanning %} for individual repositories on {% data variables.product.product_location %}. For more information, see "[Enabling {% data variables.product.prodname_code_scanning %} for a repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository)."

 ### Running {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_runner %}
-If your organization isn't taking part in the beta for {% data variables.product.prodname_actions %}, or if you don't want to use {% data variables.product.prodname_actions %}, you can run {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_runner %}. 
+If you don't want to use {% data variables.product.prodname_actions %}, you can run {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_runner %}. 

 The {% data variables.product.prodname_codeql_runner %} is a command-line tool that you can add to your third-party CI/CD system. The tool runs {% data variables.product.prodname_codeql %} analysis on a checkout of a {% data variables.product.prodname_dotcom %} repository. For more information, see "[Running {% data variables.product.prodname_code_scanning %} in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system)."

 ### Disabling {% data variables.product.prodname_code_scanning %}

-{% data reusables.enterprise_management_console.enable-disable-code-scanning %}
+{% data reusables.enterprise_management_console.enable-disable-security-features %}

 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
--- a/content/admin/configuration/configuring-secret-scanning-for-your-appliance.md
+++ b/content/admin/configuration/configuring-secret-scanning-for-your-appliance.md
@ -0,0 +1,69 @@
+---
+title: Configuring secret scanning for your appliance
+shortTitle: Configuring secret scanning
+intro: 'You can enable, configure, and disable {% data variables.product.prodname_secret_scanning %} for {% data variables.product.product_location %}. {% data variables.product.prodname_secret_scanning_caps %} allows users to scan code for accidentally committed secrets.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+miniTocMaxHeadingLevel: 4
+versions:
+  enterprise-server: '>=3.0'
+---
+
+{% data reusables.secret-scanning.beta %}
+
+### About {% data variables.product.prodname_secret_scanning %}
+
+{% data reusables.secret-scanning.about-secret-scanning %} For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)."
+
+### Prerequisites
+
+To use {% data variables.product.prodname_secret_scanning %} in {% data variables.product.product_location %} you need these two prerequisites.
+
+- The [SSSE3](https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf#G3.1106470) (Supplemental Streaming SIMD Extensions 3) CPU flag needs to be enabled on the VM/KVM that runs {% data variables.product.product_location %}. 
+
+- You need an {% data variables.product.prodname_advanced_security %} license.
+
+#### Checking support for the SSSE3 flag on your vCPUs
+
+The SSSE3 set of instructions is required because {% data variables.product.prodname_secret_scanning %} leverages hardware accelerated pattern matching to find potential credentials committed to your {% data variables.product.prodname_dotcom %} repositories. SSSE3 is enabled for most modern CPUs. You can check whether SSSE3 is enabled for the vCPUs available to your {% data variables.product.prodname_ghe_server %} instance.
+
+1. Connect to the administrative shell for your {% data variables.product.prodname_ghe_server %} instance. For more information, see "[Accessing the administrative shell (SSH)](/admin/configuration/accessing-the-administrative-shell-ssh)."
+2. Enter the following command:
+
+```shell
+grep -iE '^flags.*ssse3' /proc/cpuinfo >/dev/null | echo $?
+```
+
+If this returns the value `0`, it means that the SSSE3 flag is available and enabled. You can now enable {% data variables.product.prodname_secret_scanning %} for {% data variables.product.product_location %}. For more information, see "[Enabling secret scanning](#enabling-secret-scanning)" below.
+
+If this doesn't return `0`, SSSE3 is not enabled on your VM/KVM. You need to refer to the documentation of the hardware/hypervisor on how to enable the flag, or make it available to guest VMs.
+
+#### Checking whether you have an {% data variables.product.prodname_advanced_security %} license
+
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+1. Check if there is an **{% data variables.product.prodname_advanced_security %}** entry in the left sidebar.
+![Advanced Security sidebar](/assets/images/enterprise/management-console/sidebar-advanced-security.png)
+
+{% data reusables.enterprise_management_console.advanced-security-license %}
+
+### Enabling {% data variables.product.prodname_secret_scanning %}
+
+{% data reusables.enterprise_management_console.enable-disable-security-features %}
+
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+{% data reusables.enterprise_management_console.advanced-security-tab %}
+1. Under "{% data variables.product.prodname_advanced_security %}," click **{% data variables.product.prodname_secret_scanning_caps %}**.
+![Checkbox to enable or disable {% data variables.product.prodname_secret_scanning %}](/assets/images/enterprise/management-console/enable-secret-scanning-checkbox.png)
+{% data reusables.enterprise_management_console.save-settings %}
+
+### Disabling {% data variables.product.prodname_secret_scanning %}
+
+{% data reusables.enterprise_management_console.enable-disable-security-features %}
+
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+{% data reusables.enterprise_management_console.advanced-security-tab %}
+1. Under "{% data variables.product.prodname_advanced_security %}", unselect **{% data variables.product.prodname_secret_scanning_caps %}**.
+![Checkbox to enable or disable {% data variables.product.prodname_secret_scanning %}](/assets/images/enterprise/management-console/secret-scanning-disable.png)
+{% data reusables.enterprise_management_console.save-settings %}
--- a/content/admin/configuration/enabling-subdomain-isolation.md
+++ b/content/admin/configuration/enabling-subdomain-isolation.md
@ -15,7 +15,7 @@ Subdomain isolation mitigates cross-site scripting and other related vulnerabili

 When subdomain isolation is enabled, {% data variables.product.prodname_ghe_server %} replaces several paths with subdomains.

-{% if currentVersion ver_gt "enterprise-server@2.21" %}
+{% if currentVersion == "enterprise-server@2.22" %}
 To use Docker with {% data variables.product.prodname_registry %}, you must also enable subdomain isolation. For more information, see "[Configuring Docker for use with {% data variables.product.prodname_registry %}](/enterprise/{{ currentVersion }}/user/packages/using-github-packages-with-your-projects-ecosystem/configuring-docker-for-use-with-github-packages)."

 {% data reusables.package_registry.packages-ghes-release-stage %}
@ -33,8 +33,9 @@ To use Docker with {% data variables.product.prodname_registry %}, you must also
 | `http(s)://HOSTNAME/raw/`         | `http(s)://raw.HOSTNAME/`         |
 | `http(s)://HOSTNAME/render/`      | `http(s)://render.HOSTNAME/`      |
 | `http(s)://HOSTNAME/reply/`       | `http(s)://reply.HOSTNAME/`       |
-| `http(s)://HOSTNAME/uploads/`     | `http(s)://uploads.HOSTNAME/`     |{% if currentVersion ver_gt "enterprise-server@2.21" %}
-|  N/A, Docker with {% data variables.product.prodname_registry %} will not work with subdomain isolation disabled. | `http(s)://docker.HOSTNAME/` |
+| `http(s)://HOSTNAME/uploads/`     | `http(s)://uploads.HOSTNAME/`     |{% if currentVersion == "enterprise-server@2.22" %}
+|  N/A, Docker with {% data variables.product.prodname_registry %} will not work with subdomain isolation disabled for the {% data variables.product.prodname_registry %} 2.22 beta. | `http(s)://docker.HOSTNAME/` |{% endif %} {% if currentVersion ver_gt "enterprise-server@2.22" %}
+| `https://HOSTNAME/_registry/docker/` | `http(s)://docker.HOSTNAME/`{% endif %}{% if currentVersion ver_gt "enterprise-server@2.22" %}
 | `https://HOSTNAME/_registry/npm/` | `https://npm.HOSTNAME/`
 | `https://HOSTNAME/_registry/rubygems/` | `https://rubygems.HOSTNAME/`
 | `https://HOSTNAME/_registry/maven/` | `https://maven.HOSTNAME/`
--- a/content/admin/configuration/index.md
+++ b/content/admin/configuration/index.md
@ -29,6 +29,7 @@ versions:
    {% link_in_list /configuring-backups-on-your-appliance %}
    {% link_in_list /site-admin-dashboard %}
    {% link_in_list /enabling-private-mode %}
+    {% link_in_list /managing-github-for-mobile-for-your-enterprise %}
    {% link_in_list /configuring-email-for-notifications %}
    {% link_in_list /configuring-rate-limits %}
    {% link_in_list /configuring-applications %}
@ -56,3 +57,4 @@ versions:
    {% link_in_list /enabling-automatic-user-license-sync-between-github-enterprise-server-and-github-enterprise-cloud %}
 {% topic_link_in_list /configuring-advanced-security-features %}
    {% link_in_list /configuring-code-scanning-for-your-appliance %}
+    {% link_in_list /configuring-secret-scanning-for-your-appliance %}
--- a/content/admin/configuration/managing-github-for-mobile-for-your-enterprise.md
+++ b/content/admin/configuration/managing-github-for-mobile-for-your-enterprise.md
@ -0,0 +1,28 @@
+---
+title: Managing GitHub for mobile for your enterprise
+intro: You can decide whether authenticated users can connect to {% data variables.product.product_location %} with {% data variables.product.prodname_mobile %}.
+permissions: Enterprise owners can manage {% data variables.product.prodname_mobile %} for an enterprise on {% data variables.product.product_name %}.
+versions:
+  enterprise-server: '>=3.0'
+---
+
+{% if enterpriseServerVersions contains currentVersion %}
+{% data reusables.mobile.ghes-release-phase %}
+{% endif %}
+
+### About {% data variables.product.prodname_mobile %}
+
+{% data reusables.mobile.about-mobile %} For more information, see "[GitHub for mobile](/github/getting-started-with-github/github-for-mobile)."
+
+Members of your enterprise can use {% data variables.product.prodname_mobile %} to triage, collaborate, and manage work on {% data variables.product.product_location %} from a mobile device. By default, {% data variables.product.prodname_mobile %} is enabled for {% data variables.product.product_location %}. You can allow or disallow enterprise members from using {% data variables.product.prodname_mobile %} to authenticate to {% data variables.product.product_location %} and access your enterprise's data.
+
+### Enabling or disabling {% data variables.product.prodname_mobile %}
+
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+{% data reusables.enterprise_management_console.type-management-console-password %}
+1. In the left sidebar, click **Mobile**.
+  !["Mobile" in the left sidebar for the {% data variables.product.prodname_ghe_server %} management console](/assets/images/enterprise/management-console/click-mobile.png)
+1. Under "GitHub for mobile", select or deselect **Enable GitHub Mobile Apps**.
+  ![Checkbox for "Enable GitHub Mobile Apps" in the {% data variables.product.prodname_ghe_server %} management console](/assets/images/enterprise/management-console/select-enable-github-mobile-apps.png)
+{% data reusables.enterprise_management_console.save-settings %}
--- a/content/admin/enterprise-management/about-clustering.md
+++ b/content/admin/enterprise-management/about-clustering.md
@ -24,6 +24,8 @@ Learn more about [services required for clustering](/enterprise/{{ currentVersio

 Clustering provides redundancy, but it is not intended to replace a High Availability configuration. For more information, see [High Availability configuration](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-github-enterprise-server-for-high-availability). A primary/secondary failover configuration is far simpler than clustering and will serve the needs of many organizations. For more information, see [Differences between Clustering and High Availability](/enterprise/{{ currentVersion }}/admin/guides/clustering/differences-between-clustering-and-high-availability-ha/).

+{% data reusables.package_registry.packages-cluster-support %}
+
 ### How do I get access to clustering?

 Clustering is designed for specific scaling situations and is not intended for every organization. If clustering is something you'd like to consider, please contact your dedicated representative or {% data variables.contact.contact_enterprise_sales %}.
--- a/content/admin/enterprise-management/index.md
+++ b/content/admin/enterprise-management/index.md
@ -23,7 +23,6 @@ versions:
    {% link_in_list /increasing-storage-capacity %}
    {% link_in_list /increasing-cpu-or-memory-resources %}
    {% link_in_list /migrating-from-github-enterprise-1110x-to-2123 %}
-    {% link_in_list /migrating-elasticsearch-indices-to-github-enterprise-server-214-or-later %}
 {% topic_link_in_list /configuring-clustering %}
    {% link_in_list /about-clustering %}
    {% link_in_list /differences-between-clustering-and-high-availability-ha %}
--- a/content/admin/enterprise-management/migrating-elasticsearch-indices-to-github-enterprise-server-214-or-later.md
+++ b/content/admin/enterprise-management/migrating-elasticsearch-indices-to-github-enterprise-server-214-or-later.md
@ -1,132 +0,0 @@
---
-title: Migrating Elasticsearch indices to GitHub Enterprise Server 2.14 or later
-intro: 'To prepare for an upgrade to {% data variables.product.prodname_ghe_server %} 2.14, you''ll need to migrate your indices to Elasticsearch 5.6 with our migration script.'
-redirect_from:
-  - /enterprise/admin/installation/migrating-elasticsearch-indices-to-github-enterprise-2-14-or-later/
-  - /enterprise/admin/guides/installation/migrating-elasticsearch-indices-to-github-enterprise-2-14-or-later/
-  - /enterprise/admin/guides/installation/migrating-elasticsearch-indices-to-github-enterprise-server-2-14-or-later
-  - /enterprise/admin/enterprise-management/migrating-elasticsearch-indices-to-github-enterprise-server-214-or-later
-versions:
-  enterprise-server: '*'
---
-
-<!-- This guide is here for longevity for support purposes. Please do not delete or add to index.md file-->
-
-
-{% data variables.product.prodname_ghe_server %} 2.14 includes an upgrade to Elasticsearch 5.6. Before upgrading to {% data variables.product.prodname_ghe_server %} 2.14 or later from 2.12 or 2.13, we recommend you download, install, and run the Elasticsearch migration tools, so your largest indices are migrated online while your appliance still has online access.
-
-### Search indices
-
-The migration script checks for any `search` indices first while the appliance is online. Migrating `search` indices can take a few minutes to a few days, depending on their size. For an example of large indices, these indices took a couple of days to migrate in our test environment.
-
-```
-admin@ip-172-31-2-141:~$ curl -s http://localhost:9200/_cat/indices?v | sort -n -k 6
-green  open   blog-1                     1   0          0            0       144b           144b
-green  open   projects-1                 1   0          0            0       144b           144b
-green  open   registry-packages-1        1   0          0            0       144b           144b
-green  open   showcases-1                1   0          0            0       144b           144b
-health status index                    pri rep docs.count docs.deleted store.size pri.store.size
-green  open   pull-requests-1            1   0          1            0      9.3kb          9.3kb
-green  open   wikis-1                    1   0          2            0        5kb            5kb
-green  open   hookshot-logs-2018-05-29   5   0         25            0    124.2kb        124.2kb
-green  open   repos-1                    1   0       1638            1      1.4mb          1.4mb
-green  open   gists-1                    1   0       3531           64    291.9kb        291.9kb
-green  open   audit_log-1-2018-06-1      1   0      11108            0        3mb            3mb
-green  open   users-1                    1   0      19866           56      2.7mb          2.7mb
-green  open   hookshot-logs-2018-05-31   5   0      20000            0     33.4mb         33.4mb
-green  open   hookshot-logs-2018-06-04   5   0      20000            0     32.6mb         32.6mb
-green  open   issues-1                   1   0      26405            6     82.8mb         82.8mb
-green  open   hookshot-logs-2018-05-30   5   0     119744            0    196.8mb        196.8mb
-green  open   audit_log-1-2018-05-1      1   0     191664            0       50mb           50mb
-green  open   code-search-1              1   0    6932626           44     42.9gb         42.9gb
-green  open   commits-1                  1   0   63753587         1485     45.4gb         45.4gb
-```
-
-The `search` indices start with:
-
- blog-
- code-search-
- commits-
- gists-
- issues-
- labels-
- marketplace-listings-
- non-marketplace-listings-
- projects-
- pull-requests-
- registry-packages-
- repos-
- showcases-
- topics-
- users-
-
-### Webhook indices
-
-After the migration script rebuilds the necessary `search` indices online, the script will check if any `webhook` indices need to be rebuilt. If you've run your appliance with {% data variables.product.prodname_ghe_server %} 2.12 or 2.13 for 14 days or longer, then you likely will not need your `webhook` indices rebuilt since `webhook` indices have a default retention policy of seven days. If you're updating your appliance from {% data variables.product.prodname_enterprise %} 2.11 or earlier, then you may need to rebuild the `webhook` indices.
-
-If any `webhook` indices need to be rebuilt, then you'll be prompted to enable maintenance mode before the script can rebuild the `webhook` indices. Although migrating `webhook` indices requires some downtime, large maintenance windows or downtime is not necessary.
-
-The `webhook` indices start with `hookshot-logs-`.
-
-### Available indices
-
-You can see available indices on your appliance using curl.
-
-```
-admin@ip-172-31-2-141:~$ curl -s http://localhost:9200/_cat/indices?v | sort -n -k 6
-green  open   blog-1                     1   0          0            0       144b           144b
-green  open   projects-1                 1   0          0            0       144b           144b
-green  open   registry-packages-1        1   0          0            0       144b           144b
-green  open   showcases-1                1   0          0            0       144b           144b
-health status index                    pri rep docs.count docs.deleted store.size pri.store.size
-green  open   pull-requests-1            1   0          1            0      9.3kb          9.3kb
-green  open   wikis-1                    1   0          2            0        5kb            5kb
-green  open   hookshot-logs-2018-05-29   5   0         25            0    124.2kb        124.2kb
-green  open   repos-1                    1   0       1638            1      1.4mb          1.4mb
-green  open   gists-1                    1   0       3531           64    291.9kb        291.9kb
-green  open   audit_log-1-2018-06-1      1   0      11108            0        3mb            3mb
-green  open   users-1                    1   0      19866           56      2.7mb          2.7mb
-green  open   hookshot-logs-2018-05-31   5   0      20000            0     33.4mb         33.4mb
-green  open   hookshot-logs-2018-06-04   5   0      20000            0     32.6mb         32.6mb
-green  open   issues-1                   1   0      26405            6     82.8mb         82.8mb
-green  open   hookshot-logs-2018-05-30   5   0     119744            0    196.8mb        196.8mb
-green  open   audit_log-1-2018-05-1      1   0     191664            0       50mb           50mb
-green  open   code-search-1              1   0    6932626           44     42.9gb         42.9gb
-green  open   commits-1                  1   0   63753587         1485     45.4gb         45.4gb
-```
-
-### Preparing a {% data variables.product.prodname_ghe_server %} 2.12 or 2.13 appliance
-
-If you upgrade to {% data variables.product.prodname_ghe_server %} 2.14 or later without running the migration tools, the existing Elasticsearch indices may be invalid and won't work correctly. To run the Elasticsearch migration script, your {% data variables.product.prodname_ghe_server %} appliance must be running {% data variables.product.prodname_enterprise %} 2.12 or 2.13.
-
-{% warning %}
-
-**Warning:**
- Using {% data variables.product.prodname_enterprise_backup_utilities %} will destroy old Elasticsearch indices not compatible with 5.X after restoring. In this case, manual reindexing could be necessary.
- If {% data variables.product.prodname_ghe_server %} is configured for High Availability, the migration script **must** run while replication is still running. The changes must be allowed to fully replicate to the other appliance before starting the upgrade. If replication is not running while the migration script runs, your Elasticsearch indexes may become invalid.
-
-{% endwarning %}
-
-1. Authenticate to the primary appliance with High Availability enabled using SSH.
-2. Download and install the migration script to the appliance:
-   ```shell
-   $ wget https://github-enterprise.s3.amazonaws.com/util/es-5x-transition-tools.tar.gz
-   $ sudo tar -C / -xvf es-5x-transition-tools.tar.gz
-   ```
-   If you manage a {% data variables.product.prodname_ghe_server %} Cluster, authenticate to one of the Elasticsearch server nodes using SSH and install the migration tools there. Locate them using:
-    ```shell
-    $ ghe-cluster-each -r elasticsearch -p
-    ghe-test-data-0
-    ghe-test-data-1
-    ghe-test-data-2
-    ```
-2. Run the migration script:
-   ```shell
-   $ /usr/local/share/enterprise/ghe-es-5x-migration -r
-   ```
- {% note %}
-
- **Note:** If you have `webhook` indices to migrate, after running the online migrations, you'll be prompted to enable maintenance mode.
-
- {% endnote %}
-3. If you’re running a {% data variables.product.prodname_ghe_server %} Cluster, follow the official upgrade documentation for single VMs or High Availability environments or the cluster upgrade guide. For more information, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/guides/installation/upgrading-github-enterprise-server/)" or "[Upgrading a cluster](/enterprise/{{ currentVersion }}/admin/guides/clustering/upgrading-a-cluster/)".
--- a/content/admin/enterprise-management/removing-a-high-availability-replica.md
+++ b/content/admin/enterprise-management/removing-a-high-availability-replica.md
@ -31,3 +31,11 @@ versions:
  ```shell
  $ ghe-repl-teardown
  ```
+
+  {% if currentVersion ver_gt "enterprise-server@2.22" %}
+  {% note %}
+  
+  **Note:** If you have {% data variables.product.prodname_actions %} enabled, you should decommission the former replica server or update its {% data variables.product.prodname_actions %} configuration to use different external storage. For more information, see "[High availability for {% data variables.product.prodname_actions %}](/admin/github-actions/high-availability-for-github-actions#high-availability-replicas)."
+  
+  {% endnote %}
+  {% endif %}
--- a/content/admin/enterprise-management/upgrading-github-enterprise-server.md
+++ b/content/admin/enterprise-management/upgrading-github-enterprise-server.md
@ -220,3 +220,9 @@ For more information, see "[Command-line utilities](/enterprise/{{ currentVersio
 #### Rolling back a feature release

 To roll back from a feature release, restore from a VM snapshot to ensure that root and data partitions are in a consistent state. For more information, see "[Taking a snapshot](#taking-a-snapshot)."
+
+{% if currentVersion ver_gt "enterprise-server@2.22" %}
+### Further reading
+
+- "[About upgrades to new releases](/admin/overview/about-upgrades-to-new-releases)"
+{% endif %}
--- a/content/admin/enterprise-support/providing-data-to-github-support.md
+++ b/content/admin/enterprise-support/providing-data-to-github-support.md
@ -59,7 +59,9 @@ After you submit your support request, we may ask you to share a support bundle
 - `configuration-logs/ghe-config.log`: {% data variables.product.prodname_ghe_server %} configuration logs
 - `collectd/logs/collectd.log`: Collectd logs
 - `mail-logs/mail.log`: SMTP email delivery logs
+{% if currentVersion ver_lt "enterprise-server@3.0" %}
 - `hookshot-logs/exceptions.log`: Webhook delivery errors
+{% endif %}

 For more information, see "[Audit logging](/enterprise/{{ currentVersion }}/admin/guides/installation/audit-logging)."

--- a/content/admin/github-actions/about-using-githubcom-actions-on-github-enterprise-server.md
+++ b/content/admin/github-actions/about-using-githubcom-actions-on-github-enterprise-server.md
@ -1,8 +1,9 @@
 ---
-title: About using GitHub.com actions on GitHub Enterprise Server
+title: About using actions on GitHub Enterprise Server
 intro: '{% data variables.product.prodname_ghe_server %} includes most {% data variables.product.prodname_dotcom %}-authored actions, and has options for enabling access to other actions from {% data variables.product.prodname_dotcom_the_website %} and {% data variables.product.prodname_marketplace %}.'
 redirect_from:
  - /enterprise/admin/github-actions/about-using-githubcom-actions-on-github-enterprise-server
+  - /admin/github-actions/about-using-githubcom-actions-on-github-enterprise-server
 versions:
  enterprise-server: '>=2.22'
 ---
@ -10,11 +11,13 @@ versions:
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}

+{% data variables.product.prodname_actions %} workflows can use _actions_, which are individual tasks that you can combine to create jobs and customize your workflow. You can create your own actions, or use and customize actions shared by the {% data variables.product.prodname_dotcom %} community.
+
 {% data reusables.actions.enterprise-no-internet-actions %}

 ### Official actions bundled with {% data variables.product.prodname_ghe_server %}

-Most official {% data variables.product.prodname_dotcom %}-authored actions are automatically bundled with {% data variables.product.prodname_ghe_server %}, and are captured at a point in time from {% data variables.product.prodname_marketplace %}. When your {% data variables.product.prodname_ghe_server %} instance receives updates, the bundled official actions are also updated.
+Most official {% data variables.product.prodname_dotcom %}-authored actions are automatically bundled with {% data variables.product.prodname_ghe_server %}, and are captured at a point in time from {% data variables.product.prodname_marketplace %}. When your {% data variables.product.prodname_ghe_server %} instance is updated, the bundled official actions are also updated.

 The bundled official actions include `actions/checkout`, `actions/upload-artifact`, `actions/download-artifact`, `actions/labeler`, and various `actions/setup-` actions, among others. To see all the official actions included on your enterprise instance, browse to the `actions` organization on your instance: <code>https://<em>HOSTNAME</em>/actions</code>.

@ -30,6 +33,6 @@ Each action is a repository in the `actions` organization, and each action repos

 If users on your enterprise instance need access to other actions from {% data variables.product.prodname_dotcom_the_website %} or {% data variables.product.prodname_marketplace %}, there are a few configuration options.

-You can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. For more information, see "[Manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)."
+The recommended approach is to enable automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %}. You can do this by using {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.prodname_ghe_server %} with {% data variables.product.prodname_ghe_cloud %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect)". {% data reusables.actions.enterprise-limit-actions-use %}

-Alternatively, you can enable automatic access to all actions from {% data variables.product.prodname_dotcom_the_website %} by connecting {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_ghe_cloud %} using {% data variables.product.prodname_github_connect %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect)".
+Alternatively, if you want stricter control over which actions are allowed in your enterprise, you can manually download and sync actions onto your enterprise instance using the `actions-sync` tool. For more information, see "[Manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}](/enterprise/admin/github-actions/manually-syncing-actions-from-githubcom)."
--- a/content/admin/github-actions/advanced-configuration-and-troubleshooting.md
+++ b/content/admin/github-actions/advanced-configuration-and-troubleshooting.md
@ -0,0 +1,7 @@
+---
+title: Advanced configuration and troubleshooting
+intro: 'Configure high availability for {% data variables.product.prodname_actions %}, and troubleshoot {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_server %}.'
+mapTopic: true
+versions:
+  enterprise-server: '>=3.0'
+---
--- a/content/admin/github-actions/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled.md
+++ b/content/admin/github-actions/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled.md
@ -0,0 +1,22 @@
+---
+title: Backing up and restoring GitHub Enterprise Server with GitHub Actions enabled
+shortTitle: Backing up and restoring
+intro: '{% data variables.product.prodname_actions %} data on your external storage provider is not included in regular {% data variables.product.prodname_ghe_server %} backups, and must be backed up separately.'
+versions:
+  enterprise-server: '>=3.0'
+---
+
+{% data reusables.actions.enterprise-storage-ha-backups %}
+
+If you use {% data variables.product.prodname_enterprise_backup_utilities %} to back up {% data variables.product.product_location %}, it's important to note that {% data variables.product.prodname_actions %} data stored on your external storage provider is not included in the backup.
+
+This is an overview of the steps required to restore {% data variables.product.product_location %} with {% data variables.product.prodname_actions %} to a new appliance:
+
+1. Confirm that the original appliance is offline.
+1. Manually configure network settings on the replacement {% data variables.product.prodname_ghe_server %} appliance. Network settings are excluded from the backup snapshot, and are not overwritten by `ghe-restore`.
+1. Configure the replacement appliance to use the same {% data variables.product.prodname_actions %} external storage configuration as the original appliance.
+1. Enable {% data variables.product.prodname_actions %} on the replacement appliance. This will connect the replacement appliance to the same  external storage for {% data variables.product.prodname_actions %}.
+1. After {% data variables.product.prodname_actions %} is configured with the external storage provider, use the `ghe-restore` command to restore the rest of the data from the backup. For more information, see "[Restoring a backup](/admin/configuration/configuring-backups-on-your-appliance#restoring-a-backup)."
+1. Re-register your self-hosted runners on the replacement appliance. For more information, see [Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners).
+
+For more information on backing up and restoring {% data variables.product.prodname_ghe_server %}, see "[Configuring backups on your appliance](/admin/configuration/configuring-backups-on-your-appliance)."
--- a/content/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect.md
+++ b/content/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect.md
@ -13,7 +13,7 @@ versions:

 By default, {% data variables.product.prodname_actions %} workflows on {% data variables.product.prodname_ghe_server %} cannot use actions directly from {% data variables.product.prodname_dotcom_the_website %} or [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions).

-To make all actions from {% data variables.product.prodname_dotcom_the_website %} available on your enterprise instance, you can connect {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_ghe_cloud %} using {% data variables.product.prodname_github_connect %}. For other ways of accessing actions from {% data variables.product.prodname_dotcom_the_website %}, see "[About using {% data variables.product.prodname_dotcom_the_website %} actions on {% data variables.product.prodname_ghe_server %}](/enterprise/admin/github-actions/about-using-githubcom-actions-on-github-enterprise-server)."
+To make all actions from {% data variables.product.prodname_dotcom_the_website %} available on your enterprise instance, you can use {% data variables.product.prodname_github_connect %} to integrate {% data variables.product.prodname_ghe_server %} with {% data variables.product.prodname_ghe_cloud %}. For other ways of accessing actions from {% data variables.product.prodname_dotcom_the_website %}, see "[About using actions on {% data variables.product.prodname_ghe_server %}](/admin/github-actions/about-using-actions-on-github-enterprise-server)."

 ### Enabling automatic access to all {% data variables.product.prodname_dotcom_the_website %} actions

@ -24,3 +24,4 @@ Before enabling access to all actions from {% data variables.product.prodname_do
 {% data reusables.enterprise-accounts.github-connect-tab %}
 1. Under "Server can use actions from GitHub.com in workflows runs", use the drop-down menu and select **Enabled**.
  ![Drop-down menu to actions from GitHub.com in workflows runs](/assets/images/enterprise/site-admin-settings/enable-marketplace-actions-drop-down.png)
+1. {% data reusables.actions.enterprise-limit-actions-use %}
--- a/content/admin/github-actions/enabling-github-actions-and-configuring-storage.md
+++ b/content/admin/github-actions/enabling-github-actions-and-configuring-storage.md
@ -1,51 +0,0 @@
---
-title: Enabling GitHub Actions and configuring storage
-intro: 'External storage must be configured as part of enabling {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_server %}.'
-permissions: 'Site administrators can enable {% data variables.product.prodname_actions %} and configure enterprise settings.'
-redirect_from:
-  - /enterprise/admin/github-actions/enabling-github-actions-and-configuring-storage
-versions:
-  enterprise-server: '>=2.22'
---
-
-{% if currentVersion == "enterprise-server@2.22" %}
-{% note %}
-
-**Note:** {% data variables.product.prodname_actions %} support on {% data variables.product.prodname_ghe_server %} 2.22 is a limited public beta. Review the external storage requirements below and [sign up for the beta](https://resources.github.com/beta-signup/).
-
-{% endnote %}
-{% endif %}
-{% data reusables.actions.enterprise-github-hosted-runners %}
-
-### About external storage requirements
-
-To enable {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_server %}, you must have access to external blob storage.
-
-{% data variables.product.prodname_actions %} uses blob storage to store artifacts generated by workflow runs, such as workflow logs and user-uploaded build artifacts. The amount of storage required depends on your usage of {% data variables.product.prodname_actions %}.
-
-{% data variables.product.prodname_actions %} supports these storage providers:
-
-* Amazon S3
-* Azure Blob storage
-* S3-compatible MinIO Gateway for NAS
-
-#### Amazon S3 permissions
-
-If you use Amazon S3, {% data variables.product.prodname_actions %} requires the following permissions for your AWS access key ID and secret:
-
-* `s3:PutObject`
-* `s3:GetObject`
-* `s3:ListBucketMultipartUploads`
-* `s3:ListMultipartUploadParts`
-* `s3:AbortMultipartUpload`
-* `s3:DeleteObject`
-
-### Enabling {% data variables.product.prodname_actions %}
-
-{% if currentVersion == "enterprise-server@2.22" %}
-{% data variables.product.prodname_actions %} support on {% data variables.product.prodname_ghe_server %} 2.22 is a limited public beta. [Sign up for the beta](https://resources.github.com/beta-signup/).
-{% endif %}
-
-### Further reading
-
- "Hardware considerations" for your platform in "[Setting up a {% data variables.product.prodname_ghe_server %} instance](/enterprise/admin/installation/setting-up-a-github-enterprise-server-instance)"
--- a/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server.md
+++ b/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server.md
@ -0,0 +1,7 @@
+---
+title: Enabling GitHub Actions for GitHub Enterprise Server
+intro: 'Learn how to configure storage and enable {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_server %}.'
+mapTopic: true
+versions:
+  enterprise-server: '>=2.22'
+---
--- a/content/admin/github-actions/enabling-github-actions-with-amazon-s3-storage.md
+++ b/content/admin/github-actions/enabling-github-actions-with-amazon-s3-storage.md
@ -0,0 +1,36 @@
+---
+title: Enabling GitHub Actions with Amazon S3 storage
+intro: 'You can enable {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_server %} and use Amazon S3 storage to store artifacts generated by workflow runs.'
+permissions: 'Site administrators can enable {% data variables.product.prodname_actions %} and configure enterprise settings.'
+versions:
+  enterprise-server: '>=3.0'
+---
+
+### Prerequisites
+
+{% data reusables.actions.enterprise-s3-support-warning %}
+
+Before enabling {% data variables.product.prodname_actions %}, make sure you have completed the following steps:
+
+* Create your Amazon S3 bucket for storing artifacts generated by workflow runs. {% indented_data_reference site.data.reusables.actions.enterprise-s3-permission spaces=2 %}
+  
+{% data reusables.actions.enterprise-common-prereqs %}
+
+### Enabling {% data variables.product.prodname_actions %} with Amazon S3 storage
+
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+{% data reusables.enterprise_management_console.actions %}
+{% data reusables.actions.enterprise-enable-checkbox %}
+1. Under "Artifact & Log Storage", select **Amazon S3**, and enter your storage bucket's details:
+
+   * **AWS Service URL**: The service URL for your bucket. For example, if your S3 bucket was created in the `us-west-2` region, this value should be `https://s3.us-west-2.amazonaws.com`.
+
+     For more information, see "[AWS service endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html)" in the AWS documentation.
+   * **AWS S3 Bucket**: The name of your S3 bucket.
+   * **AWS S3 Access Key** and **AWS S3 Secret Key**: The AWS access key ID and secret key for your bucket. For more information on managing AWS access keys, see the "[AWS Identity and Access Management Documentation](https://docs.aws.amazon.com/iam/index.html)."
+
+   ![Radio button for selecting Amazon S3 Storage and fields for S3 configuration](/assets/images/enterprise/management-console/actions-aws-s3-storage.png)
+{% data reusables.enterprise_management_console.save-settings %}
+
+{% data reusables.actions.enterprise-postinstall-nextsteps %}
--- a/content/admin/github-actions/enabling-github-actions-with-azure-blob-storage.md
+++ b/content/admin/github-actions/enabling-github-actions-with-azure-blob-storage.md
@ -0,0 +1,36 @@
+---
+title: Enabling GitHub Actions with Azure Blob storage
+intro: 'You can enable {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_server %} and use Azure Blob storage to store artifacts generated by workflow runs.'
+permissions: 'Site administrators can enable {% data variables.product.prodname_actions %} and configure enterprise settings.'
+versions:
+  enterprise-server: '>=3.0'
+---
+
+### Prerequisites
+
+Before enabling {% data variables.product.prodname_actions %}, make sure you have completed the following steps:
+
+* Create your Azure storage account for storing workflow artifacts. {% data variables.product.prodname_actions %} stores its data as block blobs, and two storage account types are supported:
+  * A **general-purpose** storage account (also known as `general-purpose v1` or `general-purpose v2`) using the **standard** performance tier.
+
+    {% warning %}
+
+    **Warning:** Using the **premium** performance tier with a general-purpose storage account is not supported. The **standard** performance tier must be selected when creating the storage account, and it cannot be changed later.
+
+    {% endwarning %}
+  * A **BlockBlobStorage** storage account, which uses the **premium** performance tier.
+
+  For more information on Azure storage account types and performance tiers, see the [Azure documentation](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview?toc=/azure/storage/blobs/toc.json#types-of-storage-accounts).
+{% data reusables.actions.enterprise-common-prereqs %}
+
+### Enabling {% data variables.product.prodname_actions %} with Azure Blob storage
+
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+{% data reusables.enterprise_management_console.actions %}
+{% data reusables.actions.enterprise-enable-checkbox %}
+1. Under "Artifact & Log Storage", select **Azure Blob Storage**, and enter your Azure storage account's connection string. For more information on getting the connection string for your storage account, see the [Azure documentation](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#view-account-access-keys).
+  ![Radio button for selecting Azure Blob Storage and the Connection string field](/assets/images/enterprise/management-console/actions-azure-storage.png)
+{% data reusables.enterprise_management_console.save-settings %}
+
+{% data reusables.actions.enterprise-postinstall-nextsteps %}
--- a/content/admin/github-actions/enabling-github-actions-with-minio-gateway-for-nas-storage.md
+++ b/content/admin/github-actions/enabling-github-actions-with-minio-gateway-for-nas-storage.md
@ -0,0 +1,37 @@
+---
+title: Enabling GitHub Actions with MinIO Gateway for NAS storage
+intro: 'You can enable {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_server %} and use MinIO Gateway for NAS storage to store artifacts generated by workflow runs.'
+permissions: 'Site administrators can enable {% data variables.product.prodname_actions %} and configure enterprise settings.'
+versions:
+  enterprise-server: '>=3.0'
+---
+
+### Prerequisites
+
+{% data reusables.actions.enterprise-s3-support-warning %}
+
+Before enabling {% data variables.product.prodname_actions %}, make sure you have completed the following steps:
+
+* To avoid resource contention on the appliance, we recommend that MinIO be hosted separately from {% data variables.product.product_location %}.
+* Create your bucket for storing workflow artifacts. To set up your bucket and access key, see the [MinIO documentation](https://docs.min.io/docs/minio-gateway-for-nas.html). {% indented_data_reference site.data.reusables.actions.enterprise-s3-permission spaces=2 %}
+  
+{% data reusables.actions.enterprise-common-prereqs %}
+
+### Enabling {% data variables.product.prodname_actions %} with MinIO Gateway for NAS storage
+
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+{% data reusables.enterprise_management_console.actions %}
+{% data reusables.actions.enterprise-enable-checkbox %}
+1. Under "Artifact & Log Storage", select **Amazon S3**, and enter your storage bucket's details:
+
+   * **AWS Service URL**: The URL to your MinIO service. For example, `https://my-minio.example:9000`.
+   * **AWS S3 Bucket**: The name of your S3 bucket.
+   * **AWS S3 Access Key** and **AWS S3 Secret Key**: The `MINIO_ACCESS_KEY` and `MINIO_SECRET_KEY` used for your MinIO instance. For more information, see the [MinIO documentation](https://docs.min.io/docs/minio-gateway-for-nas.html).
+
+   ![Radio button for selecting Amazon S3 Storage and fields for MinIO configuration](/assets/images/enterprise/management-console/actions-minio-s3-storage.png)
+1. Under "Artifact & Log Storage", select **Force path style**.
+   ![Checkbox to Force path style](/assets/images/enterprise/management-console/actions-minio-force-path-style.png)
+{% data reusables.enterprise_management_console.save-settings %}
+
+{% data reusables.actions.enterprise-postinstall-nextsteps %}
--- a/content/admin/github-actions/enforcing-github-actions-policies-for-your-enterprise.md
+++ b/content/admin/github-actions/enforcing-github-actions-policies-for-your-enterprise.md
@ -8,7 +8,6 @@ versions:
 ---

 {% data reusables.actions.enterprise-beta %}
-{% data reusables.actions.enterprise-github-hosted-runners %}

 ### About {% data variables.product.prodname_actions %} permissions for your enterprise

--- a/content/admin/github-actions/getting-started-with-github-actions-for-github-enterprise-server.md
+++ b/content/admin/github-actions/getting-started-with-github-actions-for-github-enterprise-server.md
@ -0,0 +1,96 @@
+---
+title: Getting started with GitHub Actions for GitHub Enterprise Server
+intro: 'Learn about enabling and configuring {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_server %} for the first time.'
+permissions: 'Site administrators can enable {% data variables.product.prodname_actions %} and configure enterprise settings.'
+redirect_from:
+  - /enterprise/admin/github-actions/enabling-github-actions-and-configuring-storage
+  - /admin/github-actions/enabling-github-actions-and-configuring-storage
+versions:
+  enterprise-server: '>=2.22'
+---
+
+{% if currentVersion == "enterprise-server@2.22" %}
+{% note %}
+
+**Note:** {% data variables.product.prodname_actions %} support on {% data variables.product.prodname_ghe_server %} 2.22 is a limited public beta. Review the external storage requirements below and [sign up for the beta](https://resources.github.com/beta-signup/).
+
+{% endnote %}
+{% endif %}
+
+{% data reusables.actions.enterprise-github-hosted-runners %}
+
+{% if currentVersion ver_gt "enterprise-server@2.22" %}
+
+This article explains how site administrators can configure {% data variables.product.prodname_ghe_server %} to use {% data variables.product.prodname_actions %}. It covers the hardware and software requirements, presents the storage options, and describes the security management policies.
+
+### Review hardware considerations
+
+{% data reusables.actions.enterprise-hardware-considerations %}
+
+{% endif %}
+
+### External storage requirements
+
+To enable {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_server %}, you must have access to external blob storage.
+
+{% data variables.product.prodname_actions %} uses blob storage to store artifacts generated by workflow runs, such as workflow logs and user-uploaded build artifacts. The amount of storage required depends on your usage of {% data variables.product.prodname_actions %}. Only a single external storage configuration is supported, and you can't use multiple storage providers at the same time.
+
+{% data variables.product.prodname_actions %} supports these storage providers:
+
+* Azure Blob storage
+* Amazon S3
+* S3-compatible MinIO Gateway for NAS
+
+{% note %}
+
+**Note:** These are the only storage providers that {% data variables.product.company_short %} supports and can provide assistance with. Other S3 API-compatible storage providers are unlikely to work due to differences from the S3 API. [Contact us](https://support.github.com/contact) to request support for additional storage providers.
+
+{% endnote %}
+
+{% if currentVersion == "enterprise-server@2.22" %}
+
+#### Amazon S3 permissions
+
+{% data reusables.actions.enterprise-s3-permission %}
+
+### Enabling {% data variables.product.prodname_actions %}
+
+{% data variables.product.prodname_actions %} support on {% data variables.product.prodname_ghe_server %} 2.22 is a limited public beta. [Sign up for the beta](https://resources.github.com/beta-signup/).
+
+### Further reading
+
+- "Hardware considerations" for your platform in "[Setting up a {% data variables.product.prodname_ghe_server %} instance](/enterprise/admin/installation/setting-up-a-github-enterprise-server-instance)"
+
+{% endif %}
+
+{% if currentVersion ver_gt "enterprise-server@2.22" %}
+
+### Enabling {% data variables.product.prodname_actions %} with your storage provider
+
+Follow one of the procedures below to enable {% data variables.product.prodname_actions %} with your chosen storage provider:
+
+* [Enabling GitHub Actions with Azure Blob storage](/admin/github-actions/enabling-github-actions-with-azure-blob-storage)
+* [Enabling GitHub Actions with Amazon S3 storage](/admin/github-actions/enabling-github-actions-with-amazon-s3-storage)
+* [Enabling GitHub Actions with MinIO Gateway for NAS storage](/admin/github-actions/enabling-github-actions-with-minio-gateway-for-nas-storage)
+
+### Managing access permissions for {% data variables.product.prodname_actions %} in your enterprise
+
+You can use policies to manage access to {% data variables.product.prodname_actions %}. For more information, see "[Enforcing GitHub Actions policies for your enterprise](/admin/github-actions/enforcing-github-actions-policies-for-your-enterprise)."
+
+### Adding self-hosted runners
+
+{% data reusables.actions.enterprise-github-hosted-runners %}
+
+To run {% data variables.product.prodname_actions %} workflows, you need to add self-hosted runners. You can add self-hosted runners at the enterprise, organization, or repository levels. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
+
+### Managing which actions can be used in your enterprise
+
+You can control which actions your users are allowed to use in your enterprise. This includes setting up {% data variables.product.prodname_github_connect %} for automatic access to actions from {% data variables.product.prodname_dotcom_the_website %}, or manually syncing actions from {% data variables.product.prodname_dotcom_the_website %}.
+
+For more information, see "[About using actions on {% data variables.product.prodname_ghe_server %}](/admin/github-actions/about-using-actions-on-github-enterprise-server)."
+
+### General security hardening for {% data variables.product.prodname_actions %} 
+
+If you want to learn more about security practices for {% data variables.product.prodname_actions %}, see "[Security hardening for {% data variables.product.prodname_actions %}](/actions/learn-github-actions/security-hardening-for-github-actions)."
+
+{% endif %}
--- a/content/admin/github-actions/high-availability-for-github-actions.md
+++ b/content/admin/github-actions/high-availability-for-github-actions.md
@ -0,0 +1,29 @@
+---
+title: High availability for GitHub Actions
+intro: 'There are some special considerations for administering {% data variables.product.prodname_actions %} in a high availability configuration.'
+versions:
+  enterprise-server: '>=3.0'
+---
+
+### Replication or redundancy of your {% data variables.product.prodname_actions %} data
+
+{% data reusables.actions.enterprise-storage-ha-backups %}
+
+We strongly recommend that you configure your {% data variables.product.prodname_actions %} external storage to use data redundancy or replication. For more information, refer to your storage provider's documentation:
+
+* [Azure Storage redundancy documentation](https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy)
+* [Amazon S3 replication documentation](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html)
+
+### High availability replicas
+
+#### Promoting a replica
+
+When enabling a high availability configuration, any replicas are automatically configured to use the {% data variables.product.prodname_actions %} external storage configuration. If you need to initiate a failover to promote a replica, no extra configuration changes are required for {% data variables.product.prodname_actions %}.
+
+For more information, see "[Initiating a failover to your replica appliance](/admin/enterprise-management/initiating-a-failover-to-your-replica-appliance)."
+
+#### Removing a high availability replica
+
+Avoid letting multiple instances to write to the same {% data variables.product.prodname_actions %} external storage. This could occur when using the `ghe-repl-teardown` command to stop and permanently remove a {% data variables.product.prodname_actions %}-enabled replica. This is because the replica will be converted into a standalone {% data variables.product.prodname_ghe_server %}, and after the teardown it will still use the same external storage configuration as the primary.
+
+To help avoid this issue, we recommend either decommissioning the replica server or updating its {% data variables.product.prodname_actions %} configuration with different external storage.
--- a/Показать больше
+++ b/Показать больше