зеркало из https://github.com/github/docs.git
Fix Commonmark issues
This commit is contained in:
Rachael Sewell
Родитель
85675f9f81
Коммит
a45822b457
|
|
@ -42,14 +42,13 @@ Since an email address can only be associated with a single {% data variables.pr
|
|||
{% else %}
|
||||
1. On the "Two-factor recovery" screen, click **Try recovering your account**.
|
||||
{% endif %}
|
||||
In the modal that appears, click **I understand, get started**.
|
||||
In the modal that appears, click **I understand, get started**.
|
||||
1. To send an email containing a one-time password to each email address associated with your account, click **Send one-time password**.
|
||||
1. To verify your identity, type the one-time password from your email in the "One-time password" text field, then click **Verify email address**.
|
||||
1. To begin unlinking an email address from the locked account, click **Start unlinking email**.
|
||||
1. On the "Unlink Email" screen, click **Continue**.
|
||||
1. In the inbox of the email account you want to unlink, open the email with the subject "[{% data variables.product.company_short %}] Unlink this email."
|
||||
|
||||
- Optionally, to unlink multiple email accounts, in the inbox of each account you want to unlink, open the email with the subject "[{% data variables.product.company_short %}] Unlink this email," then complete the following steps.
|
||||
- Optionally, to unlink multiple email accounts, in the inbox of each account you want to unlink, open the email with the subject "[{% data variables.product.company_short %}] Unlink this email," then complete the following steps.
|
||||
|
||||
1. In the email, click **Unlink this email**.
|
||||
|
||||
|
|
@ -58,10 +57,10 @@ Since an email address can only be associated with a single {% data variables.pr
|
|||
1. To finish unlinking your email, on {% data variables.product.prodname_dotcom_the_website %}, click **Unlink**.
|
||||
1. Optionally, to create a new account and link your newly unlinked email, click **Create a new account**.
|
||||
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
**Note:** You can also link your unlinked email to an existing {% data variables.product.prodname_dotcom %} account. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)."
|
||||
**Note:** You can also link your unlinked email to an existing {% data variables.product.prodname_dotcom %} account. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)."
|
||||
|
||||
{% endnote %}
|
||||
{% endnote %}
|
||||
|
||||
1. Optionally, if you have any form of payment set up on the locked account, contact [{% data variables.contact.github_support %}](https://support.github.com/contact) to cancel future payments. For example, you might have a paid subscription or sponsor developers through {% data variables.product.prodname_sponsors %}. If you are sponsored through {% data variables.product.prodname_sponsors %}, please mention this so that the team can help you migrate your sponsorships.
|
||||
|
|
|
|||
|
|
@ -45,15 +45,15 @@ Before you begin, you'll need to download Node.js and create a public {% data va
|
|||
|
||||
1. From your terminal, change directories into your new repository.
|
||||
|
||||
```shell{:copy}
|
||||
cd hello-world-javascript-action
|
||||
```
|
||||
```shell{:copy}
|
||||
cd hello-world-javascript-action
|
||||
```
|
||||
|
||||
1. From your terminal, initialize the directory with npm to generate a `package.json` file.
|
||||
|
||||
```shell{:copy}
|
||||
npm init -y
|
||||
```
|
||||
```shell{:copy}
|
||||
npm init -y
|
||||
```
|
||||
|
||||
## Creating an action metadata file
|
||||
|
||||
|
|
|
|||
|
|
@ -73,44 +73,44 @@ $ gcloud services enable \
|
|||
This procedure demonstrates how to create the service account for your GKE integration. It explains how to create the account, add roles to it, retrieve its keys, and store them as a base64-encoded encrypted repository secret named `GKE_SA_KEY`.
|
||||
|
||||
1. Create a new service account:
|
||||
{% raw %}
|
||||
```
|
||||
$ gcloud iam service-accounts create $SA_NAME
|
||||
```
|
||||
{% raw %}
|
||||
```
|
||||
$ gcloud iam service-accounts create $SA_NAME
|
||||
```
|
||||
{% endraw %}
|
||||
1. Retrieve the email address of the service account you just created:
|
||||
{% raw %}
|
||||
```
|
||||
$ gcloud iam service-accounts list
|
||||
```
|
||||
{% raw %}
|
||||
```
|
||||
$ gcloud iam service-accounts list
|
||||
```
|
||||
{% endraw %}
|
||||
1. Add roles to the service account. Note: Apply more restrictive roles to suit your requirements.
|
||||
{% raw %}
|
||||
```
|
||||
$ gcloud projects add-iam-policy-binding $GKE_PROJECT \
|
||||
--member=serviceAccount:$SA_EMAIL \
|
||||
--role=roles/container.admin
|
||||
$ gcloud projects add-iam-policy-binding $GKE_PROJECT \
|
||||
--member=serviceAccount:$SA_EMAIL \
|
||||
--role=roles/storage.admin
|
||||
$ gcloud projects add-iam-policy-binding $GKE_PROJECT \
|
||||
--member=serviceAccount:$SA_EMAIL \
|
||||
--role=roles/container.clusterViewer
|
||||
```
|
||||
{% endraw %}
|
||||
{% raw %}
|
||||
```
|
||||
$ gcloud projects add-iam-policy-binding $GKE_PROJECT \
|
||||
--member=serviceAccount:$SA_EMAIL \
|
||||
--role=roles/container.admin
|
||||
$ gcloud projects add-iam-policy-binding $GKE_PROJECT \
|
||||
--member=serviceAccount:$SA_EMAIL \
|
||||
--role=roles/storage.admin
|
||||
$ gcloud projects add-iam-policy-binding $GKE_PROJECT \
|
||||
--member=serviceAccount:$SA_EMAIL \
|
||||
--role=roles/container.clusterViewer
|
||||
```
|
||||
{% endraw %}
|
||||
1. Download the JSON keyfile for the service account:
|
||||
{% raw %}
|
||||
```
|
||||
$ gcloud iam service-accounts keys create key.json --iam-account=$SA_EMAIL
|
||||
```
|
||||
{% endraw %}
|
||||
{% raw %}
|
||||
```
|
||||
$ gcloud iam service-accounts keys create key.json --iam-account=$SA_EMAIL
|
||||
```
|
||||
{% endraw %}
|
||||
1. Store the service account key as a secret named `GKE_SA_KEY`:
|
||||
{% raw %}
|
||||
```
|
||||
$ export GKE_SA_KEY=$(cat key.json | base64)
|
||||
```
|
||||
{% endraw %}
|
||||
For more information about how to store a secret, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets)."
|
||||
{% raw %}
|
||||
```
|
||||
$ export GKE_SA_KEY=$(cat key.json | base64)
|
||||
```
|
||||
{% endraw %}
|
||||
For more information about how to store a secret, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets)."
|
||||
|
||||
### Storing your project name
|
||||
|
||||
|
|
|
|||
|
|
@ -32,17 +32,17 @@ To use OIDC with HashiCorp Vault, you will need to add a trust configuration for
|
|||
To configure your Vault server to accept JSON Web Tokens (JWT) for authentication:
|
||||
|
||||
1. Enable the JWT `auth` method, and use `write` to apply the configuration to your Vault.
|
||||
For `oidc_discovery_url` and `bound_issuer` parameters, use {% ifversion ghes %}`https://HOSTNAME/_services/token`{% else %}`https://token.actions.githubusercontent.com`{% endif %}. These parameters allow the Vault server to verify the received JSON Web Tokens (JWT) during the authentication process.
|
||||
For `oidc_discovery_url` and `bound_issuer` parameters, use {% ifversion ghes %}`https://HOSTNAME/_services/token`{% else %}`https://token.actions.githubusercontent.com`{% endif %}. These parameters allow the Vault server to verify the received JSON Web Tokens (JWT) during the authentication process.
|
||||
|
||||
```sh{:copy}
|
||||
vault auth enable jwt
|
||||
```
|
||||
```sh{:copy}
|
||||
vault auth enable jwt
|
||||
```
|
||||
|
||||
```sh{:copy}
|
||||
vault write auth/jwt/config \
|
||||
bound_issuer="{% ifversion ghes %}https://HOSTNAME/_services/token{% else %}https://token.actions.githubusercontent.com{% endif %}" \
|
||||
oidc_discovery_url="{% ifversion ghes %}https://HOSTNAME/_services/token{% else %}https://token.actions.githubusercontent.com{% endif %}"
|
||||
```
|
||||
```sh{:copy}
|
||||
vault write auth/jwt/config \
|
||||
bound_issuer="{% ifversion ghes %}https://HOSTNAME/_services/token{% else %}https://token.actions.githubusercontent.com{% endif %}" \
|
||||
oidc_discovery_url="{% ifversion ghes %}https://HOSTNAME/_services/token{% else %}https://token.actions.githubusercontent.com{% endif %}"
|
||||
```
|
||||
|
||||
{% ifversion ghec %}
|
||||
{% note %}
|
||||
|
|
@ -54,30 +54,30 @@ To configure your Vault server to accept JSON Web Tokens (JWT) for authenticatio
|
|||
|
||||
2. Configure a policy that only grants access to the specific paths your workflows will use to retrieve secrets. For more advanced policies, see the HashiCorp Vault [Policies documentation](https://www.vaultproject.io/docs/concepts/policies).
|
||||
|
||||
```sh{:copy}
|
||||
vault policy write myproject-production - <<EOF
|
||||
# Read-only permission on 'secret/data/production/*' path
|
||||
```sh{:copy}
|
||||
vault policy write myproject-production - <<EOF
|
||||
# Read-only permission on 'secret/data/production/*' path
|
||||
|
||||
path "secret/data/production/*" {
|
||||
capabilities = [ "read" ]
|
||||
}
|
||||
EOF
|
||||
```
|
||||
path "secret/data/production/*" {
|
||||
capabilities = [ "read" ]
|
||||
}
|
||||
OF
|
||||
```
|
||||
3. Configure roles to group different policies together. If the authentication is successful, these policies are attached to the resulting Vault access token.
|
||||
|
||||
```sh{:copy}
|
||||
vault write auth/jwt/role/myproject-production -<<EOF
|
||||
{
|
||||
"role_type": "jwt",
|
||||
"user_claim": "actor",
|
||||
"bound_claims": {
|
||||
"repository": "user-or-org-name/repo-name"
|
||||
},
|
||||
"policies": ["myproject-production"],
|
||||
"ttl": "10m"
|
||||
}
|
||||
EOF
|
||||
```
|
||||
```sh{:copy}
|
||||
vault write auth/jwt/role/myproject-production -<<EOF
|
||||
{
|
||||
"role_type": "jwt",
|
||||
"user_claim": "actor",
|
||||
"bound_claims": {
|
||||
"repository": "user-or-org-name/repo-name"
|
||||
},
|
||||
"policies": ["myproject-production"],
|
||||
"ttl": "10m"
|
||||
}
|
||||
EOF
|
||||
```
|
||||
|
||||
- `ttl` defines the validity of the resulting access token.
|
||||
- Ensure that the `bound_claims` parameter is defined for your security requirements, and has at least one condition. Optionally, you can also set the `bound_subject` as well as the `bound_audiences` parameter.
|
||||
|
|
@ -86,14 +86,12 @@ To configure your Vault server to accept JSON Web Tokens (JWT) for authenticatio
|
|||
|
||||
For more information, see the HashiCorp Vault [documentation](https://www.vaultproject.io/docs/auth/jwt).
|
||||
|
||||
|
||||
## Updating your {% data variables.product.prodname_actions %} workflow
|
||||
|
||||
To update your workflows for OIDC, you will need to make two changes to your YAML:
|
||||
1. Add permissions settings for the token.
|
||||
2. Use the [`hashicorp/vault-action`](https://github.com/hashicorp/vault-action) action to exchange the OIDC token (JWT) for a cloud access token.
|
||||
|
||||
|
||||
To add OIDC integration to your workflows that allow them to access secrets in Vault, you will need to add the following code changes:
|
||||
|
||||
- Grant permission to fetch the token from the {% data variables.product.prodname_dotcom %} OIDC provider:
|
||||
|
|
@ -105,7 +103,7 @@ This example demonstrates how to use OIDC with the official action to request a
|
|||
|
||||
### Adding permissions settings
|
||||
|
||||
{% data reusables.actions.oidc-permissions-token %}
|
||||
{% data reusables.actions.oidc-permissions-token %}
|
||||
|
||||
{% note %}
|
||||
|
||||
|
|
|
|||
|
|
@ -19,18 +19,16 @@ In the event that your IdP is unavailable, you can use a recovery code to sign i
|
|||
|
||||
If you did not save your recovery codes when you configured SSO, you can still access the codes from your enterprise's settings.
|
||||
|
||||
|
||||
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
{% data reusables.enterprise-accounts.settings-tab %}
|
||||
{% data reusables.enterprise-accounts.security-tab %}
|
||||
|
||||
1. Under{% ifversion oidc-for-emu %} either{% endif %} "Require SAML authentication"{% ifversion oidc-for-emu %} or "Require OIDC authentication"{% endif %}, click **Save your recovery codes**.{% ifversion oidc-for-emu %}
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
**Note:** OIDC SSO is only available for {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
|
||||
**Note:** OIDC SSO is only available for {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
|
||||
|
||||
{% endnote %}{% endif %}
|
||||
{% endnote %}{% endif %}
|
||||
|
||||
|
||||
|
||||
1. To save your recovery codes, click **Download**, **Print**, or **Copy**.
|
||||
|
|
|
|||
|
|
@ -111,27 +111,27 @@ Before your developers can use {% data variables.product.prodname_ghe_cloud %} w
|
|||
|
||||
1. To use {% data variables.product.prodname_emus %}, you need a separate type of enterprise account with {% data variables.product.prodname_emus %} enabled. To try out {% data variables.product.prodname_emus %} or to discuss options for migrating from your existing enterprise, please contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).
|
||||
|
||||
Your contact on the GitHub Sales team will work with you to create your new {% data variables.enterprise.prodname_emu_enterprise %}. You'll need to provide the email address for the user who will set up your enterprise and a short code that will be used as the suffix for your enterprise members' usernames. {% data reusables.enterprise-accounts.emu-shortcode %} For more information, see "[Usernames and profile information](#usernames-and-profile-information)."
|
||||
Your contact on the GitHub Sales team will work with you to create your new {% data variables.enterprise.prodname_emu_enterprise %}. You'll need to provide the email address for the user who will set up your enterprise and a short code that will be used as the suffix for your enterprise members' usernames. {% data reusables.enterprise-accounts.emu-shortcode %} For more information, see "[Usernames and profile information](#usernames-and-profile-information)."
|
||||
|
||||
2. After we create your enterprise, you will receive an email from {% data variables.product.prodname_dotcom %} inviting you to choose a password for your enterprise's setup user, which will be the first owner in the enterprise. Use an incognito or private browsing window when setting the password. The setup user is only used to configure single sign-on and SCIM provisioning integration for the enterprise. It will no longer have access to administer the enterprise account once SSO is successfully enabled. The setup user's username is your enterprise's shortcode suffixed with `_admin`.
|
||||
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
{% data reusables.enterprise-accounts.emu-password-reset-session %}
|
||||
{% data reusables.enterprise-accounts.emu-password-reset-session %}
|
||||
|
||||
{% endnote %}
|
||||
{% endnote %}
|
||||
|
||||
3. After you log in as the setup user, we recommend enabling two-factor authentication. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)."
|
||||
|
||||
1. To get started, configure {% ifversion oidc-for-emu %}how your members will authenticate. If you are using Azure Active Directory as your identity provider, you can choose between OpenID Connect (OIDC) and Security Assertion Markup Language (SAML). We recommend OIDC, which includes support for Conditional Access Policies (CAP). If you require multiple enterprises with {% data variables.enterprise.prodname_managed_users %} provisioned from one tenant, you must use SAML for each enterprise after the first. If you are using Okta as your identity provider, you can use SAML to authenticate your members.{% else %}SAML SSO for your enterprise. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users)."{% endif %}
|
||||
|
||||
{%- ifversion oidc-for-emu %}
|
||||
{%- ifversion oidc-for-emu %}
|
||||
|
||||
To get started, read the guide for your chosen authentication method.
|
||||
To get started, read the guide for your chosen authentication method.
|
||||
|
||||
- "[Configuring OIDC for Enterprise Managed Users](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)."
|
||||
- "[Configuring SAML single sign-on for Enterprise Managed Users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users)."
|
||||
{%- endif %}
|
||||
- "[Configuring OIDC for Enterprise Managed Users](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)."
|
||||
- "[Configuring SAML single sign-on for Enterprise Managed Users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users)."
|
||||
{%- endif %}
|
||||
|
||||
4. Once you have configured SSO, you can configure SCIM provisioning. SCIM is how your identity provider will create {% data variables.enterprise.prodname_managed_users %} on {% data variables.product.prodname_dotcom_the_website %}. For more information on configuring SCIM provisioning, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users)."
|
||||
|
||||
|
|
|
|||
|
|
@ -111,18 +111,18 @@ After you enable SCIM on a {% data variables.product.product_name %} instance, a
|
|||
|
||||
{%- ifversion ghae %}
|
||||
1. While signed into {% data variables.location.product_location %} as an enterprise owner, create a {% data variables.product.pat_v1 %} with **admin:enterprise** scope. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
**Notes**:
|
||||
- To create the {% data variables.product.pat_generic %}, we recommend using the account for the first enterprise owner that you created during initialization. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/initializing-github-ae)."
|
||||
- You'll need this {% data variables.product.pat_generic %} to configure the application for SCIM on your IdP. Store the token securely in a password manager until you need the token again later in these instructions.
|
||||
**Notes**:
|
||||
- To create the {% data variables.product.pat_generic %}, we recommend using the account for the first enterprise owner that you created during initialization. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/initializing-github-ae)."
|
||||
- You'll need this {% data variables.product.pat_generic %} to configure the application for SCIM on your IdP. Store the token securely in a password manager until you need the token again later in these instructions.
|
||||
|
||||
{% endnote %}
|
||||
{% warning %}
|
||||
{% endnote %}
|
||||
{% warning %}
|
||||
|
||||
**Warning**: If the user account for the enterprise owner who creates the {% data variables.product.pat_generic %} is deactivated or deprovisioned, your IdP will no longer provision and deprovision user accounts for your enterprise automatically. Another enterprise owner must create a new {% data variables.product.pat_generic %} and reconfigure provisioning on the IdP.
|
||||
**Warning**: If the user account for the enterprise owner who creates the {% data variables.product.pat_generic %} is deactivated or deprovisioned, your IdP will no longer provision and deprovision user accounts for your enterprise automatically. Another enterprise owner must create a new {% data variables.product.pat_generic %} and reconfigure provisioning on the IdP.
|
||||
|
||||
{% endwarning %}
|
||||
{% endwarning %}
|
||||
{%- elsif scim-for-ghes %}
|
||||
1. Create a built-in user account to perform provisioning actions on your instance. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/allowing-built-in-authentication-for-users-outside-your-provider#inviting-users-outside-your-provider-to-authenticate-to-your-instance)."
|
||||
1. Promote the dedicated user account to an enterprise owner. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise#adding-an-enterprise-administrator-to-your-enterprise-account)."
|
||||
|
|
@ -130,9 +130,9 @@ After you enable SCIM on a {% data variables.product.product_name %} instance, a
|
|||
1. Create a {% data variables.product.pat_v1 %} with **admin:enterprise** scope. Do not specify an expiration date for the {% data variables.product.pat_v1 %}. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
|
||||
|
||||
{% warning %}
|
||||
|
||||
|
||||
**Warning**: Ensure that you don't specify an expiration date for the {% data variables.product.pat_v1 %}. If you specify an expiration date, SCIM will no longer function after the expiration date passes.
|
||||
|
||||
|
||||
{% endwarning %}
|
||||
{% note %}
|
||||
|
||||
|
|
@ -163,17 +163,17 @@ After you enable SCIM on a {% data variables.product.product_name %} instance, a
|
|||
{%- endif %}
|
||||
1. Configure user provisioning in the application for {% data variables.product.product_name %} on your IdP.{% ifversion scim-for-ghes %} To request documentation for a supported IdP, contact your account manager on {% data variables.contact.contact_enterprise_sales %}. If your IdP is unsupported, you must create the application and configure SCIM manually.{% elsif ghae %}
|
||||
|
||||
The following IdPs provide documentation about configuring provisioning for {% data variables.product.product_name %}. If your IdP isn't listed, please contact your IdP to request support for {% data variables.product.product_name %}.
|
||||
The following IdPs provide documentation about configuring provisioning for {% data variables.product.product_name %}. If your IdP isn't listed, please contact your IdP to request support for {% data variables.product.product_name %}.
|
||||
|
||||
| IdP | More information |
|
||||
| :- | :- |
|
||||
| Azure AD | [Tutorial: Configure {% data variables.product.prodname_ghe_managed %} for automatic user provisioning](https://docs.microsoft.com/azure/active-directory/saas-apps/github-ae-provisioning-tutorial) in the Microsoft Docs. To configure Azure AD for {% data variables.product.product_name %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad)." |
|
||||
| Okta | (beta) To configure Okta for {% data variables.product.product_name %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-okta)." |
|
||||
| IdP | More information |
|
||||
| :- | :- |
|
||||
| Azure AD | [Tutorial: Configure {% data variables.product.prodname_ghe_managed %} for automatic user provisioning](https://docs.microsoft.com/azure/active-directory/saas-apps/github-ae-provisioning-tutorial) in the Microsoft Docs. To configure Azure AD for {% data variables.product.product_name %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad)." |
|
||||
| Okta | (beta) To configure Okta for {% data variables.product.product_name %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-authentication-and-provisioning-for-your-enterprise-using-okta)." |
|
||||
|
||||
The application on your IdP requires two values to provision or deprovision user accounts on {% data variables.location.product_location %}.
|
||||
The application on your IdP requires two values to provision or deprovision user accounts on {% data variables.location.product_location %}.
|
||||
|
||||
| Value | Other names | Description | Example |
|
||||
| :- | :- | :- | :- |
|
||||
| URL | Tenant URL | URL to the SCIM provisioning API for your enterprise on {% data variables.product.product_name %} | <nobr><code>{% data variables.product.api_url_pre %}/scim/v2</nobr></code> |
|
||||
| Shared secret | {% data variables.product.pat_generic_caps %}, secret token | Token for application on your IdP to perform provisioning tasks on behalf of an enterprise owner | {% data variables.product.pat_generic_caps %} you created in step 1 |
|
||||
{%- endif %}
|
||||
| Value | Other names | Description | Example |
|
||||
| :- | :- | :- | :- |
|
||||
| URL | Tenant URL | URL to the SCIM provisioning API for your enterprise on {% data variables.product.product_name %} | <nobr><code>{% data variables.product.api_url_pre %}/scim/v2</nobr></code> |
|
||||
| Shared secret | {% data variables.product.pat_generic_caps %}, secret token | Token for application on your IdP to perform provisioning tasks on behalf of an enterprise owner | {% data variables.product.pat_generic_caps %} you created in step 1 |
|
||||
{%- endif %}
|
||||
|
|
|
|||
|
|
@ -50,13 +50,12 @@ To view people who were automatically removed from your organization for non-com
|
|||
{% data reusables.audit_log.octicon_icon %}
|
||||
{% data reusables.enterprise_site_admin_settings.access-settings %}
|
||||
{% data reusables.audit_log.audit_log_sidebar_for_site_admins %}
|
||||
1. Enter your search query using `reason:two_factor_requirement_non_compliance`.
|
||||
To narrow your search for:
|
||||
- Organizations members removed, enter `action:org.remove_member AND reason:two_factor_requirement_non_compliance`
|
||||
- Outside collaborators removed, enter `action:org.remove_outside_collaborator AND reason:two_factor_requirement_non_compliance`
|
||||
1. Enter your search query using `reason:two_factor_requirement_non_compliance`. To narrow your search for:
|
||||
- Organizations members removed, enter `action:org.remove_member AND reason:two_factor_requirement_non_compliance`
|
||||
- Outside collaborators removed, enter `action:org.remove_outside_collaborator AND reason:two_factor_requirement_non_compliance`
|
||||
|
||||
You can also view people removed from a particular organization by using the organization name in your search:
|
||||
- `org:octo-org AND reason:two_factor_requirement_non_compliance`
|
||||
You can also view people removed from a particular organization by using the organization name in your search:
|
||||
- `org:octo-org AND reason:two_factor_requirement_non_compliance`
|
||||
1. Click **Search**.
|
||||
|
||||
## Helping removed members and outside collaborators rejoin your organization
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ You'll see a form where you can enter details about your app. See "[AUTOTITLE](/
|
|||
|
||||
* At the bottom of the Permissions & Webhooks page, under "Where can this {% data variables.product.prodname_github_app %} be installed?", specify whether this is a private app or a public app.
|
||||
|
||||
This refers to who can install it: just you, or anyone in the world? For now, leave the app as private by selecting **Only on this account**.
|
||||
This refers to who can install it: just you, or anyone in the world? For now, leave the app as private by selecting **Only on this account**.
|
||||
|
||||
Click **Create GitHub App** to create your app!
|
||||
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ You can view the enterprise account's current {% ifversion ghas-billing-UI-updat
|
|||
{% data reusables.enterprise-accounts.license-tab %}
|
||||
The "{% data variables.product.prodname_GH_advanced_security %}" section shows details of the current usage.
|
||||
|
||||
If you run out of licenses, the section will be red and show "Limit exceeded." You should either reduce your use of {% data variables.product.prodname_GH_advanced_security %} or purchase more licenses. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#getting-the-most-out-of-github-advanced-security)" and "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing)."
|
||||
If you run out of licenses, the section will be red and show "Limit exceeded." You should either reduce your use of {% data variables.product.prodname_GH_advanced_security %} or purchase more licenses. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#getting-the-most-out-of-github-advanced-security)" and "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing)."
|
||||
|
||||
{% elsif ghes %}
|
||||
|
||||
|
|
@ -50,7 +50,8 @@ You can view the enterprise account's current {% ifversion ghas-billing-UI-updat
|
|||
{% endif %}
|
||||
{%- ifversion ghas-billing-table-ui-update -%}
|
||||
1. Optionally, to see a detailed breakdown of usage per organization, in the enterprise account sidebar, click **Billing**.
|
||||
In the “{% data variables.product.prodname_GH_advanced_security %}” section, you can see a summary of your current license usage, as well as the number of committers and unique committers for each organization. The organizations in the billing table are sorted by the highest number of unique committers in descending order.
|
||||
|
||||
In the “{% data variables.product.prodname_GH_advanced_security %}” section, you can see a summary of your current license usage, as well as the number of committers and unique committers for each organization. The organizations in the billing table are sorted by the highest number of unique committers in descending order.
|
||||
{% endif %}
|
||||
1. Optionally, display the security and analysis settings for an organization.
|
||||
- Click the name of the organization.
|
||||
|
|
|
|||
|
|
@ -30,8 +30,7 @@ Before setting up {% data variables.visual_studio.prodname_vss_ghe %}, it's impo
|
|||
|
||||
## Prerequisites
|
||||
|
||||
- Your team's {% data variables.product.prodname_vs %} subscription must include {% data variables.product.prodname_enterprise %}. For more information, see [{% data variables.product.prodname_vs %} Subscriptions and Benefits](https://visualstudio.microsoft.com/subscriptions/) on the {% data variables.product.prodname_vs %} website and
|
||||
[Overview of admin responsibilities](https://docs.microsoft.com/en-us/visualstudio/subscriptions/admin-responsibilities) in Microsoft Docs.
|
||||
- Your team's {% data variables.product.prodname_vs %} subscription must include {% data variables.product.prodname_enterprise %}. For more information, see [{% data variables.product.prodname_vs %} Subscriptions and Benefits](https://visualstudio.microsoft.com/subscriptions/) on the {% data variables.product.prodname_vs %} website and [Overview of admin responsibilities](https://docs.microsoft.com/en-us/visualstudio/subscriptions/admin-responsibilities) in Microsoft Docs.
|
||||
|
||||
- Your team must have an enterprise on {% data variables.location.product_location %}. If you're not sure whether your team has an enterprise, contact your {% data variables.product.prodname_dotcom %} administrator. If you're not sure who on your team is responsible for {% data variables.product.prodname_dotcom %}, contact {% data variables.contact.contact_enterprise_sales %}. For more information, see "[AUTOTITLE](/admin/overview/about-enterprise-accounts)."
|
||||
|
||||
|
|
|
|||
|
|
@ -29,11 +29,11 @@ There are a few approaches for tackling newly committed credentials, but one exa
|
|||
1. **Notify**: Use webhooks to ensure that any new secret alerts are seen by the right teams as quickly as possible. A webhook fires when a secret alert is either created, resolved, or reopened. You can then parse the webhook payload, and integrate it into any tools you and your team use such Slack, Teams, Splunk, or email. For more information, see "[AUTOTITLE](/webhooks-and-events/webhooks/about-webhooks)" and "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#secret_scanning_alert)."
|
||||
2. **Follow Up**: Create a high-level remediation process that works for all secret types. For example, you could contact the developer who committed the secret and their technical lead on that project, highlighting the dangers of committing secrets to GitHub, and asking the them to revoke, and update the detected secret.
|
||||
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
**Note:** You can automate this step. For large enterprises and organizations with hundreds of repositories, manually following up is unsustainable. You could incorporate automation into the webhook process defined in the first step. The webhook payload contains repository and organization information about the leaked secret. Using this information, you can contact the current maintainers on the repository and create an email/message to the responsible people or open an issue.
|
||||
**Note:** You can automate this step. For large enterprises and organizations with hundreds of repositories, manually following up is unsustainable. You could incorporate automation into the webhook process defined in the first step. The webhook payload contains repository and organization information about the leaked secret. Using this information, you can contact the current maintainers on the repository and create an email/message to the responsible people or open an issue.
|
||||
|
||||
{% endnote %}
|
||||
{% endnote %}
|
||||
3. **Educate**: Create an internal training document assigned to the developer who committed the secret. Within this training document, you can explain the risks created by committing secrets and direct them to your best practice information about using secrets securely in development. If the a developer doesn't learn from the experience and continues to commit secrets, you could create an escalation process, but education usually works well.
|
||||
|
||||
Repeat the last two steps for any new secrets leaked. This process encourages developers to take responsibility for managing the secrets used in their code securely, and allows you to measure the reduction in newly committed secrets.
|
||||
|
|
@ -54,29 +54,29 @@ Once you have decided on the secret types, you can do the following:
|
|||
|
||||
1. Define a process for remediating each type of secret. The actual procedure for each secret type is often drastically different. Write down the process for each type of secret in a document or internal knowledge base.
|
||||
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
**Note:** When you create the process for revoking secrets, try and give the responsibility for revoking secrets to the team maintaining the repository instead of a central team. One of the principles of GHAS is developers taking ownership of security and having the responsibility of fixing security issues, especially if they have created them.
|
||||
**Note:** When you create the process for revoking secrets, try and give the responsibility for revoking secrets to the team maintaining the repository instead of a central team. One of the principles of GHAS is developers taking ownership of security and having the responsibility of fixing security issues, especially if they have created them.
|
||||
|
||||
{% endnote %}
|
||||
{% endnote %}
|
||||
|
||||
2. When you have created the process that teams will follow for revoking credentials, you can collate information about the types of secrets and other metadata associated with the leaked secrets so you can discern who to communicate the new process to.
|
||||
{% ifversion not ghae %}
|
||||
You can use security overview to collect this information. For more information about using security overview, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."{% endif %}
|
||||
{% ifversion not ghae %}
|
||||
You can use security overview to collect this information. For more information about using security overview, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."{% endif %}
|
||||
|
||||
Some information you may want to collect includes:
|
||||
Some information you may want to collect includes:
|
||||
|
||||
- Organization
|
||||
- Repository
|
||||
- Secret type
|
||||
- Secret value
|
||||
- Maintainers on repository to contact
|
||||
- Organization
|
||||
- Repository
|
||||
- Secret type
|
||||
- Secret value
|
||||
- Maintainers on repository to contact
|
||||
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
**Note:** Use the UI if you have few secrets leaked of that type. If you have hundreds of leaked secrets, use the API to collect information. For more information, see "[AUTOTITLE](/rest/secret-scanning)."
|
||||
**Note:** Use the UI if you have few secrets leaked of that type. If you have hundreds of leaked secrets, use the API to collect information. For more information, see "[AUTOTITLE](/rest/secret-scanning)."
|
||||
|
||||
{% endnote %}
|
||||
{% endnote %}
|
||||
|
||||
3. After you collect information about leaked secrets, create a targeted communication plan for the users who maintain the repositories affected by each secret type. You could use email, messaging, or even create GitHub issues in the affected repositories. If you can use APIs provided by these tools to send out the communications in an automated manner, this will make it easier for you to scale across multiple secret types.
|
||||
|
||||
|
|
|
|||
|
|
@ -117,7 +117,8 @@ For more information, see "[Reviewing and fixing alerts](#reviewing-and-fixing-a
|
|||
{% data reusables.repositories.sidebar-dependabot-alerts %}
|
||||
1. Optionally, to filter alerts, select a filter in a dropdown menu then click the filter that you would like to apply. You can also type filters into the search bar. {% ifversion dependabot-filter-label-security-advisory %}Alternatively, to filter by label, click a label assigned to an alert to automatically apply that filter to the alert list.{% endif %} For more information about filtering and sorting alerts, see "[Prioritizing {% data variables.product.prodname_dependabot_alerts %}](#prioritizing-dependabot-alerts)."
|
||||
{%- ifversion dependabot-bulk-alerts %}
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
1. Click the alert that you would like to view.
|
||||
{% else %}
|
||||
{% data reusables.repositories.navigate-to-repo %}
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ Anyone with write permissions to a security advisory can create a pull request f
|
|||
1. Scroll to the bottom of the advisory form. Then, under "Collaborate on a patch", click **Compare & pull request** to create a pull request for the associated branch.
|
||||
|
||||
|
||||
The "Open a pull request" includes a header showing the branches that will be compared in a three-dot Git diff comparison when the pull request is created. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-comparing-branches-in-pull-requests#three-dot-and-two-dot-git-diff-comparisons)."
|
||||
The "Open a pull request" includes a header showing the branches that will be compared in a three-dot Git diff comparison when the pull request is created. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-comparing-branches-in-pull-requests#three-dot-and-two-dot-git-diff-comparisons)."
|
||||
{% data reusables.repositories.create-pull-request %}
|
||||
|
||||
{% data reusables.repositories.merge-all-pulls-together %} For more information, see "[Merging changes in a security advisory](#merging-changes-in-a-security-advisory)."
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ You can use security overview to see which repositories and teams are free from
|
|||
{% data reusables.organizations.filter-security-overview %}
|
||||
{% ifversion security-overview-alert-views %}
|
||||
{% data reusables.organizations.security-overview-feature-specific-page %}
|
||||
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -30,11 +30,11 @@ If a comment is off-topic, outdated, or resolved, you may want to hide a comment
|
|||
|
||||
|
||||
3. Using the "Choose a reason" dropdown menu, choose a reason to hide the comment. Then select **Hide comment**.
|
||||
{% ifversion fpt or ghec %}
|
||||
|
||||
{% else %}
|
||||
|
||||
{% endif %}
|
||||
{% ifversion fpt or ghec %}
|
||||
|
||||
{% else %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
## Unhiding a comment
|
||||
|
||||
|
|
@ -43,7 +43,7 @@ If a comment is off-topic, outdated, or resolved, you may want to hide a comment
|
|||
1. Navigate to the comment you'd like to unhide.
|
||||
1. On the right side of the comment, click **{% octicon "fold" aria-hidden="true" %} Show comment**.
|
||||
1. On the right side of the expanded comment, select the {% octicon "kebab-horizontal" aria-label="Show options" %} dropdown menu, then click **Unhide**.
|
||||
|
||||
|
||||
|
||||
|
||||
## Editing a comment
|
||||
|
|
|
|||
|
|
@ -32,7 +32,6 @@ Before you authenticate, {% data reusables.desktop.get-an-account %}
|
|||
|
||||
## Authenticating an account on {% data variables.product.prodname_ghe_server %}
|
||||
|
||||
|
||||
{% data reusables.desktop.mac-select-desktop-menu %}
|
||||
1. In the "Preferences" window, on the **Accounts** pane, click the **Sign In** button next to "{% data variables.product.prodname_enterprise %}".
|
||||
|
||||
|
|
@ -42,7 +41,7 @@ Before you authenticate, {% data reusables.desktop.get-an-account %}
|
|||
{% data reusables.desktop.sign-in-browser %}
|
||||
1. To authenticate to {% data variables.location.product_location_enterprise %} account, type your account credentials and click **Sign in**.
|
||||
|
||||
Alternatively, if you were already signed in to {% data variables.location.product_location_enterprise %} account, follow the prompts to return to {% data variables.product.prodname_desktop %} to finish authenticating.
|
||||
Alternatively, if you were already signed in to {% data variables.location.product_location_enterprise %} account, follow the prompts to return to {% data variables.product.prodname_desktop %} to finish authenticating.
|
||||
|
||||
{% endmac %}
|
||||
|
||||
|
|
@ -183,8 +182,8 @@ This error can be caused by multiple events.
|
|||
If the `Command Processor` registry entries are modified, {% data variables.product.prodname_desktop %} will respond with an `Authentication failed` error. To check if these registry entries have been modified, follow these steps.
|
||||
|
||||
1. Open the Registry Editor (`regedit.exe`) and navigate to the following locations.
|
||||
`HKEY_CURRENT_USER\Software\Microsoft\Command Processor\`
|
||||
`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\`
|
||||
`HKEY_CURRENT_USER\Software\Microsoft\Command Processor\`
|
||||
`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\`
|
||||
2. Check to see if there is an `Autorun` value in either location.
|
||||
3. If there is an `Autorun` value, delete it.
|
||||
|
||||
|
|
|
|||
|
|
@ -37,29 +37,29 @@ For more information about the identity providers (IdPs) that {% data variables.
|
|||
{% data reusables.organizations.security %}
|
||||
1. Under "SAML single sign-on", select **Enable SAML authentication**.
|
||||
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
**Note:** After enabling SAML SSO, you can download your single sign-on recovery codes so that you can access your organization even if your IdP is unavailable. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes)."
|
||||
**Note:** After enabling SAML SSO, you can download your single sign-on recovery codes so that you can access your organization even if your IdP is unavailable. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/downloading-your-organizations-saml-single-sign-on-recovery-codes)."
|
||||
|
||||
{% endnote %}
|
||||
{% endnote %}
|
||||
|
||||
1. In the "Sign on URL" field, type the HTTPS endpoint of your IdP for single sign-on requests. This value is available in your IdP configuration.
|
||||
1. Optionally, in the "Issuer" field, type your SAML issuer's name. This verifies the authenticity of sent messages.
|
||||
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
**Note:** If you want to enable team synchronization for your organization, the "Issuer" field is a required. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization)."
|
||||
**Note:** If you want to enable team synchronization for your organization, the "Issuer" field is a required. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization)."
|
||||
|
||||
{% endnote %}
|
||||
{% endnote %}
|
||||
|
||||
1. Under "Public Certificate," paste a certificate to verify SAML responses.
|
||||
{% data reusables.saml.edit-signature-and-digest-methods %}
|
||||
1. Before enabling SAML SSO for your organization, click **Test SAML configuration** to ensure that the information you've entered is correct.
|
||||
{% tip %}
|
||||
{% tip %}
|
||||
|
||||
**Tip:** {% data reusables.saml.testing-saml-sso %}
|
||||
**Tip:** {% data reusables.saml.testing-saml-sso %}
|
||||
|
||||
{% endtip %}
|
||||
{% endtip %}
|
||||
1. To enforce SAML SSO and remove all organization members who haven't authenticated via your IdP, select **Require SAML SSO authentication for all members of the _organization name_ organization**. For more information on enforcing SAML SSO, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/enforcing-saml-single-sign-on-for-your-organization)."
|
||||
1. Click **Save**.
|
||||
|
||||
|
|
|
|||
|
|
@ -504,11 +504,11 @@ Using the `GITHUB_TOKEN`, instead of a {% data variables.product.pat_v1 %} with
|
|||
1. Navigate to your package landing page.
|
||||
{% data reusables.package_registry.package-settings-actions-access %}
|
||||
1. To ensure your package has access to your workflow, you must add the repository where the workflow is stored to your package. {% data reusables.package_registry.package-settings-add-repo %}
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
**Note:** Adding a repository to your package {% data variables.package_registry.package-settings-actions-access-menu %} is different than connecting your package to a repository. For more information, see "[AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#ensuring-workflow-access-to-your-package)" and "[AUTOTITLE](/packages/learn-github-packages/connecting-a-repository-to-a-package)."
|
||||
**Note:** Adding a repository to your package {% data variables.package_registry.package-settings-actions-access-menu %} is different than connecting your package to a repository. For more information, see "[AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#ensuring-workflow-access-to-your-package)" and "[AUTOTITLE](/packages/learn-github-packages/connecting-a-repository-to-a-package)."
|
||||
|
||||
{% endnote %}
|
||||
{% endnote %}
|
||||
1. Optionally, use {% data variables.package_registry.package-settings-actions-access-role-dropdown %}
|
||||
1. Open your workflow file. On the line where you log in to the registry, replace your {% data variables.product.pat_generic %} with {% raw %}`${{ secrets.GITHUB_TOKEN }}`{% endraw %}.
|
||||
|
||||
|
|
|
|||
|
|
@ -147,22 +147,22 @@ You can use an *.npmrc* file to configure the scope mapping for your project. In
|
|||
You can use `publishConfig` element in the *package.json* file to specify the registry where you want the package published. For more information, see "[publishConfig](https://docs.npmjs.com/files/package.json#publishconfig)" in the npm documentation.
|
||||
|
||||
1. Edit the *package.json* file for your package and include a `publishConfig` entry.
|
||||
{% ifversion ghes %}
|
||||
If your instance has subdomain isolation enabled:
|
||||
{% endif %}
|
||||
```shell
|
||||
"publishConfig": {
|
||||
"registry": "https://{% ifversion fpt or ghec %}npm.pkg.github.com{% else %}npm.HOSTNAME/{% endif %}"
|
||||
},
|
||||
```
|
||||
{% ifversion ghes %}
|
||||
If your instance has subdomain isolation disabled:
|
||||
{% ifversion ghes %}
|
||||
If your instance has subdomain isolation enabled:
|
||||
{% endif %}
|
||||
```shell
|
||||
"publishConfig": {
|
||||
"registry": "https://{% ifversion fpt or ghec %}npm.pkg.github.com{% else %}npm. HOSTNAME/{% endif %}"
|
||||
},
|
||||
```
|
||||
{% ifversion ghes %}
|
||||
If your instance has subdomain isolation disabled:
|
||||
```shell
|
||||
"publishConfig": {
|
||||
"registry": "https://HOSTNAME/_registry/npm/"
|
||||
},
|
||||
```
|
||||
{% endif %}
|
||||
```
|
||||
{% endif %}
|
||||
{% data reusables.package_registry.verify_repository_field %}
|
||||
{% data reusables.package_registry.publish_package %}
|
||||
|
||||
|
|
@ -195,24 +195,24 @@ By default, you can only use npm packages hosted on your enterprise, and you wil
|
|||
{% data reusables.package_registry.add-npmrc-to-repo-step %}
|
||||
1. Configure *package.json* in your project to use the package you are installing. To add your package dependencies to the *package.json* file for {% data variables.product.prodname_registry %}, specify the full-scoped package name, such as `@my-org/server`. For packages from *npmjs.com*, specify the full name, such as `@babel/core` or `@lodash`. Replace `ORGANIZATION_NAME/PACKAGE_NAME` with your package dependency.
|
||||
|
||||
```json
|
||||
{
|
||||
"name": "@my-org/server",
|
||||
"version": "1.0.0",
|
||||
"description": "Server app that uses the ORGANIZATION_NAME/PACKAGE_NAME package",
|
||||
"main": "index.js",
|
||||
"author": "",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"ORGANIZATION_NAME/PACKAGE_NAME": "1.0.0"
|
||||
}
|
||||
}
|
||||
```
|
||||
```json
|
||||
{
|
||||
"name": "@my-org/server",
|
||||
"version": "1.0.0",
|
||||
"description": "Server app that uses the ORGANIZATION_NAME/PACKAGE_NAME package",
|
||||
"main": "index.js",
|
||||
"author": "",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"ORGANIZATION_NAME/PACKAGE_NAME": "1.0.0"
|
||||
}
|
||||
}
|
||||
```
|
||||
5. Install the package.
|
||||
|
||||
```shell
|
||||
$ npm install
|
||||
```
|
||||
```shell
|
||||
$ npm install
|
||||
```
|
||||
|
||||
### Installing packages from other organizations
|
||||
|
||||
|
|
|
|||
|
|
@ -27,5 +27,5 @@ If you want to remove the current deployment of your site but do not want to del
|
|||
{% data reusables.pages.sidebar-pages %}
|
||||
1. Under "Build and deployment", under "Source", select **Deploy from a branch** even if the site is currently using {% data variables.product.prodname_actions %}.
|
||||
1. Under "Build and deployment", use the branch dropdown menu and select `None` as the publishing source.
|
||||
|
||||
|
||||
1. Click **Save**.
|
||||
|
|
|
|||
|
|
@ -32,11 +32,11 @@ Only the user who created the pull request can give you permission to push commi
|
|||
1. On {% data variables.product.product_name %}, navigate to the main page of the fork (or copy of your repository) where the pull request branch was created.
|
||||
{% data reusables.repositories.copy-clone-url %}
|
||||
{% data reusables.command_line.open_the_multi_os_terminal %}
|
||||
{% tip %}
|
||||
{% tip %}
|
||||
|
||||
**Tip:** If you prefer to clone the fork using {% data variables.product.prodname_desktop %}, then see "[AUTOTITLE](/repositories/creating-and-managing-repositories/cloning-a-repository#cloning-a-repository-to-github-desktop)."
|
||||
**Tip:** If you prefer to clone the fork using {% data variables.product.prodname_desktop %}, then see "[AUTOTITLE](/repositories/creating-and-managing-repositories/cloning-a-repository#cloning-a-repository-to-github-desktop)."
|
||||
|
||||
{% endtip %}
|
||||
{% endtip %}
|
||||
4. Change the current working directory to the location where you want to download the cloned directory.
|
||||
```shell
|
||||
$ cd open-source-projects
|
||||
|
|
|
|||
|
|
@ -27,9 +27,9 @@ When creating a file on {% data variables.product.product_name %}, consider the
|
|||
1. In the file contents text box, type content for the file.
|
||||
1. To review the new content, above the file contents, click **Preview**.
|
||||
{% ifversion code-search-code-view %}
|
||||
|
||||
|
||||
{% else %}
|
||||
|
||||
|
||||
{% endif %}
|
||||
{% data reusables.files.write_commit_message %}
|
||||
{% data reusables.files.choose-commit-email %}
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ You can search for topics on {% data variables.product.product_name %}, explore
|
|||
2. Type a topic keyword.
|
||||
3. In the left sidebar, to narrow your search to topics, click **Topics**.
|
||||
{% ifversion fpt or ghec %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
## Narrowing your search with search qualifiers
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
1. If you have configured two-factor authentication (2FA) for {% data variables.product.prodname_dotcom %}, do one of the following:
|
||||
- If you set up 2FA via SMS, retrieve your 2FA code from an SMS message.
|
||||
- If you set up 2FA with a TOTP application, generate a 2FA code.
|
||||
- If you set up 2FA via SMS, retrieve your 2FA code from an SMS message.
|
||||
- If you set up 2FA with a TOTP application, generate a 2FA code.
|
||||
|
||||
Then enter your 2FA code in the prompt on {% data variables.product.prodname_dotcom %} and click **Verify**.
|
||||
Then enter your 2FA code in the prompt on {% data variables.product.prodname_dotcom %} and click **Verify**.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
1. To authenticate to {% data variables.product.prodname_dotcom %}, in the browser, type your {% data variables.product.prodname_dotcom %}.com credentials and click **Sign in**.
|
||||
|
||||
Alternatively, if you were already signed in to {% data variables.product.prodname_dotcom %}, follow the prompts to return to {% data variables.product.prodname_desktop %} to finish authenticating.
|
||||
Alternatively, if you were already signed in to {% data variables.product.prodname_dotcom %}, follow the prompts to return to {% data variables.product.prodname_desktop %} to finish authenticating.
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
Alternatively, you can click {% octicon "plus" aria-label="The plus sign icon" %} in the file tree view on the left.
|
||||
|
||||
|
||||
|
||||
{% else %}
|
||||
1. Above the list of files, using the **Add file** drop-down, click **Create new file**.
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
1. Below the commit message fields, decide whether to add your commit to the current branch or to a new branch. If your current branch is the default branch, you should choose to create a new branch for your commit and then create a pull request. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request)."
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,16 +1,16 @@
|
|||
2. In the same directory as your `package.json` file, create or edit an `.npmrc` file to include a line specifying {% data variables.product.prodname_registry %} URL and the namespace where the package is hosted. Replace `NAMESPACE` with the name of the user or organization account {% ifversion packages-npm-v2 %}to which the package will be scoped{% else %}that owns the repository containing your project{% endif %}.
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
```shell
|
||||
@NAMESPACE:registry=https://npm.pkg.github.com
|
||||
```
|
||||
```shell
|
||||
@NAMESPACE:registry=https://npm.pkg.github.com
|
||||
```
|
||||
{% else %}
|
||||
If subdomain isolation is enabled:
|
||||
```shell
|
||||
@NAMESPACE:registry=https://npm.HOSTNAME
|
||||
```
|
||||
If subdomain isolation is disabled:
|
||||
```shell
|
||||
@NAMESPACE:registry=https://HOSTNAME/_registry/npm
|
||||
```
|
||||
If subdomain isolation is enabled:
|
||||
```shell
|
||||
@NAMESPACE:registry=https://npm.HOSTNAME
|
||||
```
|
||||
If subdomain isolation is disabled:
|
||||
```shell
|
||||
@NAMESPACE:registry=https://HOSTNAME/_registry/npm
|
||||
```
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
1. Publish the package:
|
||||
|
||||
```shell
|
||||
$ npm publish
|
||||
```
|
||||
```shell
|
||||
$ npm publish
|
||||
```
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче