Merge branch 'main' into ske-dep-api

.github/workflows/check-all-english-links.yml

@@ -17,7 +17,7 @@ jobs:
   check_all_english_links:
     name: Check all links
     if: github.repository == 'github/docs-internal'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04-xl
     env:
       GITHUB_TOKEN: ${{ secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES }}
       FIRST_RESPONDER_PROJECT: Docs content first responder
@@ -25,6 +25,9 @@ jobs:
       REPORT_LABEL: broken link report
       REPORT_REPOSITORY: github/docs-content
     steps:
+      - name: Check that gh CLI is installed
+        run: gh --version
+
       - name: Check out repo's default branch
         uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
       - name: Setup Node
@@ -50,18 +53,32 @@ jobs:
           NODE_ENV: production
           PORT: 4000
           DISABLE_OVERLOAD_PROTECTION: true
-          DISABLE_RENDER_CACHING: true
+          DISABLE_RENDERING_CACHE: true
           # We don't want or need the changelog entries in this context.
           CHANGELOG_DISABLED: true
           # The default is 10s. But because this runs overnight, we can
           # be a lot more patient.
           REQUEST_TIMEOUT: 20000
+          # Don't care about CDN caching image URLs
+          DISABLE_REWRITE_ASSET_URLS: true
         run: |
-          node server.mjs &
-          sleep 5
-          curl --retry-connrefused --retry 3 -I http://localhost:4000/
+          node server.mjs > /tmp/stdout.log 2> /tmp/stderr.log &
+          sleep 6
+          curl --retry-connrefused --retry 5 -I http://localhost:4000/
+
+      - if: ${{ failure() }}
+        name: Debug server outputs on errors
+        run: |
+          echo "____STDOUT____"
+          cat /tmp/stdout.log
+          echo "____STDERR____"
+          cat /tmp/stderr.log
 
       - name: Run script
+        env:
+          # The default is 300 which works OK on a fast macbook pro
+          # but not so well in Actions.
+          LINKINATOR_CONCURRENCY: 100
         run: |
           script/check-english-links.js > broken_links.md
 
@@ -73,11 +90,6 @@ jobs:
       #
       # https://docs.github.com/actions/reference/context-and-expression-syntax-for-github-actions#job-status-check-functions
 
-      - if: ${{ failure() }}
-        name: Debug broken_links.md
-        run: |
-          ls -lh broken_links.md
-          wc -l broken_links.md
       - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
         if: ${{ failure() }}
         with:

.github/workflows/link-check-all.yml

@@ -24,7 +24,7 @@ concurrency:
 
 jobs:
   check-links:
-    runs-on: ${{ fromJSON('["ubuntu-latest", "self-hosted"]')[github.repository == 'github/docs-internal'] }}
+    runs-on: ${{ fromJSON('["ubuntu-latest", "ubuntu-20.04-xl"]')[github.repository == 'github/docs-internal'] }}
     steps:
       - name: Checkout
         uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
@@ -49,6 +49,9 @@ jobs:
         run: cat $HOME/files.json
 
       - name: Link check (warnings, changed files)
+        env:
+          # Don't care about CDN caching image URLs
+          DISABLE_REWRITE_ASSET_URLS: true
         run: |
           ./script/rendered-content-link-checker.mjs \
             --language en \
@@ -59,6 +62,9 @@ jobs:
             --list $HOME/files.json
 
       - name: Link check (critical, all files)
+        env:
+          # Don't care about CDN caching image URLs
+          DISABLE_REWRITE_ASSET_URLS: true
         run: |
           ./script/rendered-content-link-checker.mjs \
             --language en \

.github/workflows/pa11y.yml

@@ -1,42 +0,0 @@
-name: Pa11y
-
-# **What it does**: Runs a static accessibility check on high traffic docs pages.
-# **Why we have it**: We want accessibility support for the docs.
-# **Who does it impact**: Docs engineering, users who need accessibility features.
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '25 17 * * *' # once a day at 17:25 UTC / 11:50 PST
-
-permissions:
-  contents: read
-
-jobs:
-  test:
-    if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
-
-      - name: Setup Node
-        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
-        with:
-          node-version: '16.15.0'
-          cache: npm
-
-      - name: Install dependencies
-        run: npm ci --include=optional
-
-      - name: Cache nextjs build
-        uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09
-        with:
-          path: .next/cache
-          key: ${{ runner.os }}-nextjs-${{ hashFiles('package*.json') }}
-
-      - name: Run build scripts
-        run: npm run build
-
-      - name: Run pa11y tests
-        run: npm run pa11y-test

.github/workflows/test.yml

@@ -23,9 +23,9 @@ concurrency:
 
 jobs:
   test:
-    # Run on self-hosted if the private repo or ubuntu-latest if the public repo
+    # Run on ubuntu-20.04-xl if the private repo or ubuntu-latest if the public repo
     # See pull # 17442 in the private repo for context
-    runs-on: ${{ fromJSON('["ubuntu-latest", "self-hosted"]')[github.repository == 'github/docs-internal'] }}
+    runs-on: ${{ fromJSON('["ubuntu-latest", "ubuntu-20.04-xl"]')[github.repository == 'github/docs-internal'] }}
     timeout-minutes: 60
     strategy:
       fail-fast: false

.pa11yci

@@ -1,102 +0,0 @@
-{
-  "urls": [
-    "http://localhost:4001/en",
-    "http://localhost:4001/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent",
-    "http://localhost:4001/en/github/working-with-github-pages",
-    "http://localhost:4001/en/github/authenticating-to-github/connecting-to-github-with-ssh",
-    "http://localhost:4001/en/github/site-policy/github-terms-of-service",
-    "http://localhost:4001/en/github/site-policy/github-privacy-statement",
-    "http://localhost:4001/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account",
-    "http://localhost:4001/en/github/authenticating-to-github/creating-a-strong-password",
-    "http://localhost:4001/en/github",
-    "http://localhost:4001/en/github/importing-your-projects-to-github/adding-locally-hosted-code-to-github",
-    "http://localhost:4001/en/actions",
-    "http://localhost:4001/en/github/authenticating-to-github/creating-a-personal-access-token",
-    "http://localhost:4001/en/github/authenticating-to-github/checking-for-existing-ssh-keys",
-    "http://localhost:4001/en/github/getting-started-with-github/managing-remote-repositories",
-    "http://localhost:4001/en/github/getting-started-with-github/set-up-git",
-    "http://localhost:4001/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository",
-    "http://localhost:4001/en/github/writing-on-github/basic-writing-and-formatting-syntax",
-    "http://localhost:4001/en/actions/reference/workflow-syntax-for-github-actions",
-    "http://localhost:4001/en/github/getting-started-with-github/about-remote-repositories",
-    "http://localhost:4001/en/github/collaborating-with-issues-and-pull-requests/resolving-a-merge-conflict-using-the-command-line",
-    "http://localhost:4001/en/github/getting-started-with-github/setting-your-username-in-git",
-    "http://localhost:4001/en/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address",
-    "http://localhost:4001/en/github/authenticating-to-github/configuring-two-factor-authentication",
-    "http://localhost:4001/en/rest",
-    "http://localhost:4001/en/pages/configuring-a-custom-domain-for-your-github-pages-site",
-    "http://localhost:4001/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests",
-    "http://localhost:4001/en/github/setting-up-and-managing-your-github-user-account/changing-your-primary-email-address",
-    "http://localhost:4001/en/github/setting-up-and-managing-your-github-profile/why-are-my-contributions-not-showing-up-on-my-profile",
-    "http://localhost:4001/en/github/authenticating-to-github/error-permission-denied-publickey",
-    "http://localhost:4001/en/github/collaborating-with-issues-and-pull-requests/creating-and-deleting-branches-within-your-repository",
-    "http://localhost:4001/en/github/committing-changes-to-your-project/changing-a-commit-message",
-    "http://localhost:4001/en/github/getting-started-with-github/types-of-github-accounts",
-    "http://localhost:4001/en/github/using-git/pushing-commits-to-a-remote-repository",
-    "http://localhost:4001/en/github/authenticating-to-github/testing-your-ssh-connection",
-    "http://localhost:4001/en/github/getting-started-with-github/fork-a-repo",
-    "http://localhost:4001/en/graphql",
-    "http://localhost:4001/en/pages/getting-started-with-github-pages/configuring-a-publishing-source-for-your-github-pages-site",
-    "http://localhost:4001/en/developers",
-    "http://localhost:4001/en/github/getting-started-with-github/supported-browsers",
-    "http://localhost:4001/en/github/managing-your-work-on-github/about-project-boards",
-    "http://localhost:4001/en/github/collaborating-with-issues-and-pull-requests/syncing-a-fork",
-    "http://localhost:4001/en/pages/getting-started-with-github-pages/creating-a-github-pages-site",
-    "http://localhost:4001/en/github/authenticating-to-github/working-with-ssh-key-passphrases",
-    "http://localhost:4001/en/github/authenticating-to-github",
-    "http://localhost:4001/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-npm-for-use-with-github-packages",
-    "http://localhost:4001/en/pages/configuring-a-custom-domain-for-your-github-pages-site/managing-a-custom-domain-for-your-github-pages-site",
-    "http://localhost:4001/en/pages/getting-started-with-github-pages/about-github-pages",
-    "http://localhost:4001/en/github/setting-up-and-managing-your-github-profile",
-    "http://localhost:4001/en/actions/getting-started-with-github-actions/about-github-actions",
-    "http://localhost:4001/en/github/getting-started-with-github",
-    "http://localhost:4001/en/github/creating-cloning-and-archiving-repositories/duplicating-a-repository",
-    "http://localhost:4001/en/actions/getting-started-with-github-actions",
-    "http://localhost:4001/en/actions/reference/events-that-trigger-workflows",
-    "http://localhost:4001/en/desktop/getting-started-with-github-desktop/installing-github-desktop",
-    "http://localhost:4001/en/github/getting-started-with-github/ignoring-files",
-    "http://localhost:4001/en/desktop",
-    "http://localhost:4001/en/packages",
-    "http://localhost:4001/en/actions/configuring-and-managing-workflows/configuring-a-workflow",
-    "http://localhost:4001/en/github/authenticating-to-github/managing-commit-signature-verification",
-    "http://localhost:4001/en/organizations/restricting-access-to-your-organizations-data/about-oauth-app-access-restrictions",
-    "http://localhost:4001/en/github/managing-files-in-a-repository/adding-a-file-to-a-repository-using-the-command-line",
-    "http://localhost:4001/en/github/getting-started-with-github/access-permissions-on-github",
-    "http://localhost:4001/en/github/getting-started-with-github/githubs-products",
-    "http://localhost:4001/en/packages/publishing-and-managing-packages/about-github-packages",
-    "http://localhost:4001/en/github/collaborating-with-issues-and-pull-requests/about-pull-request-reviews",
-    "http://localhost:4001/en/github/writing-on-github/creating-and-highlighting-code-blocks",
-    "http://localhost:4001/en/github/searching-for-information-on-github/searching-issues-and-pull-requests",
-    "http://localhost:4001/en/actions/reference/context-and-expression-syntax-for-github-actions",
-    "http://localhost:4001/en/github/managing-files-in-a-repository/navigating-code-on-github",
-    "http://localhost:4001/en/github/teaching-and-learning-with-github-education/applying-for-a-student-developer-pack",
-    "http://localhost:4001/en/github/getting-started-with-github/caching-your-github-credentials-in-git",
-    "http://localhost:4001/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request",
-    "http://localhost:4001/en/github/setting-up-and-managing-your-github-user-account/inviting-collaborators-to-a-personal-repository",
-    "http://localhost:4001/en/github/setting-up-and-managing-your-github-user-account/changing-your-github-username",
-    "http://localhost:4001/en/github/getting-started-with-github/create-a-repo",
-    "http://localhost:4001/en/pages/getting-started-with-github-pages",
-    "http://localhost:4001/en/github/administering-a-repository/deleting-a-repository",
-    "http://localhost:4001/en/actions/configuring-and-managing-workflows/using-environment-variables",
-    "http://localhost:4001/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets",
-    "http://localhost:4001/en/github/authenticating-to-github/removing-sensitive-data-from-a-repository",
-    "http://localhost:4001/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line",
-    "http://localhost:4001/en/github/setting-up-and-managing-billing-and-payments-on-github/setting-your-billing-email",
-    "http://localhost:4001/en/github/setting-up-and-managing-your-github-user-account",
-    "http://localhost:4001/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue",
-    "http://localhost:4001/en/github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates",
-    "http://localhost:4001/en/github/authenticating-to-github/about-two-factor-authentication",
-    "http://localhost:4001/en/pages/configuring-a-custom-domain-for-your-github-pages-site/about-custom-domains-and-github-pages",
-    "http://localhost:4001/en/github/searching-for-information-on-github/searching-code",
-    "http://localhost:4001/en/github/getting-started-with-github/configuring-git-to-handle-line-endings",
-    "http://localhost:4001/en/github/getting-started-with-github/getting-changes-from-a-remote-repository",
-    "http://localhost:4001/en/github/authenticating-to-github/generating-a-new-gpg-key",
-    "http://localhost:4001/en/github/authenticating-to-github/accessing-github-using-two-factor-authentication",
-    "http://localhost:4001/en/github/creating-cloning-and-archiving-repositories/licensing-a-repository",
-    "http://localhost:4001/en/github/getting-started-with-github/verifying-your-email-address",
-    "http://localhost:4001/en/github/setting-up-and-managing-your-github-profile/personalizing-your-profile",
-    "http://localhost:4001/en/pages/setting-up-a-github-pages-site-with-jekyll",
-    "http://localhost:4001/en/github/managing-subscriptions-and-notifications-on-github",
-    "http://localhost:4001/en/github/collaborating-with-issues-and-pull-requests/configuring-a-remote-for-a-fork"
-  ]
-}

components/context/ArticleContext.tsx

@@ -8,8 +8,11 @@ export type LearningTrack = {
 }
 
 export type MiniTocItem = {
-  platform: string
-  contents: string
+  platform?: string
+  contents: {
+    href: string
+    title: string
+  }
   items?: MiniTocItem[]
 }
 

components/context/RestContext.tsx

@@ -1,10 +1,5 @@
 import { createContext, useContext } from 'react'
-
-export type MiniTocItem = {
-  platform: string
-  contents: string & { title: string; href: string }
-  items?: MiniTocItem[]
-}
+import type { MiniTocItem } from 'components/context/ArticleContext'
 
 export type RestContextT = {
   title: string

components/landing/GuideCards.tsx

@@ -21,7 +21,7 @@ export const GuideCards = () => {
   return (
     <div>
       <div className="d-lg-flex flex-items-stretch">
-        <ul className="d-flex flex-wrap gutter">
+        <ul className="d-flex flex-wrap gutter width-full">
           {(featuredLinks.guideCards || []).map((guide) => {
             return <GuideCard key={guide.href} guide={guide} />
           })}

components/rest/ParameterRow.tsx

@@ -55,7 +55,7 @@ export function ParameterRow({
               </a>
             )}
             <div className="pt-2">
-              {defaultValue && (
+              {defaultValue !== undefined && (
                 <p>
                   <span>{t('rest.reference.default')}: </span>
                   <code>{defaultValue.toString()}</code>

components/sidebar/RestCollapsibleSection.tsx

@@ -7,7 +7,8 @@ import { ActionList } from '@primer/react'
 import { Link } from 'components/Link'
 import { ProductTreeNode } from 'components/context/MainContext'
 import { EventType, sendEvent } from 'components/lib/events'
-import { MiniTocItem, useRestContext } from 'components/context/RestContext'
+import { useRestContext } from 'components/context/RestContext'
+import type { MiniTocItem } from 'components/context/ArticleContext'
 import styles from './SidebarProduct.module.scss'
 
 type SectionProps = {

components/ui/MiniTocs/MiniTocs.tsx

@@ -1,7 +1,7 @@
 import cx from 'classnames'
 import { ActionList, Heading } from '@primer/react'
 
-import { MiniTocItem } from 'components/context/ArticleContext'
+import type { MiniTocItem } from 'components/context/ArticleContext'
 import { Link } from 'components/Link'
 import { useTranslation } from 'components/hooks/useTranslation'
 
@@ -14,7 +14,7 @@ const renderTocItem = (item: MiniTocItem) => {
   return (
     <ActionList.Item
       as="li"
-      key={item.contents}
+      key={item.contents.href}
       className={item.platform}
       sx={{
         listStyle: 'none',
@@ -30,7 +30,9 @@ const renderTocItem = (item: MiniTocItem) => {
       }}
     >
       <div className={cx('lh-condensed d-block width-full')}>
-        <div dangerouslySetInnerHTML={{ __html: item.contents }} />
+        <a className="d-block width-auto" href={item.contents.href}>
+          {item.contents.title}
+        </a>
         {item.items && item.items.length > 0 ? (
           <ul className="ml-3">{item.items.map(renderTocItem)}</ul>
         ) : null}

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address.md

@@ -41,7 +41,7 @@ For web-based Git operations, you can set your commit email address on {% ifvers
 
 {% endif %}
 
-{% ifversion fpt or ghec %}If you'd like to keep your personal email address private, you can use a `no-reply` email address from {% data variables.product.product_name %} as your commit email address. To use your `noreply` email address for commits you push from the command line, use that email address when you set your commit email address in Git. To use your `noreply` address for web-based Git operations, set your commit email address on GitHub and choose to **Keep my email address private**.
+{% ifversion fpt or ghec %}If you'd like to keep your personal email address private, you can use a `noreply` email address from {% data variables.product.product_name %} as your commit email address. To use your `noreply` email address for commits you push from the command line, use that email address when you set your commit email address in Git. To use your `noreply` address for web-based Git operations, set your commit email address on GitHub and choose to **Keep my email address private**.
 
 You can also choose to block commits you push from the command line that expose your personal email address. For more information, see "[Blocking command line pushes that expose your personal email](/articles/blocking-command-line-pushes-that-expose-your-personal-email-address)."{% endif %}
 
@@ -51,7 +51,7 @@ To ensure that commits are attributed to you and appear in your contributions gr
 
 {% note %}
 
-**Note:** If you created your account on {% data variables.product.product_location %} _after_ July 18, 2017, your `no-reply` email address for {% data variables.product.product_name %} is a seven-digit ID number and your username in the form of <code><em>ID+username</em>@users.noreply.github.com</code>. If you created your account on {% data variables.product.product_location %} _prior to_ July 18, 2017, your `no-reply` email address from {% data variables.product.product_name %} is <code><em>username</em>@users.noreply.github.com</code>. You can get an ID-based `no-reply` email address for {% data variables.product.product_name %} by selecting (or deselecting and reselecting) **Keep my email address private** in your email settings.
+**Note:** If you created your account on {% data variables.product.product_location %} _after_ July 18, 2017, your `noreply` email address for {% data variables.product.product_name %} is a seven-digit ID number and your username in the form of <code><em>ID+username</em>@users.noreply.github.com</code>. If you created your account on {% data variables.product.product_location %} _prior to_ July 18, 2017, your `noreply` email address from {% data variables.product.product_name %} is <code><em>username</em>@users.noreply.github.com</code>. You can get an ID-based `noreply` email address for {% data variables.product.product_name %} by selecting (or deselecting and reselecting) **Keep my email address private** in your email settings.
 
 {% endnote %}
 

content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-docker-to-azure-app-service.md

@@ -138,10 +138,10 @@ jobs:
       - name: Deploy to Azure Web App
         id: deploy-to-webapp
         uses: azure/webapps-deploy@0b651ed7546ecfc75024011f76944cb9b381ef1e
-          with:
-            app-name: {% raw %}${{ env.AZURE_WEBAPP_NAME }}{% endraw %}
-            publish-profile: {% raw %}${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}{% endraw %}
-            images: 'ghcr.io/{% raw %}${{ env.REPO }}{% endraw %}:{% raw %}${{ github.sha }}{% endraw %}'
+        with:
+          app-name: {% raw %}${{ env.AZURE_WEBAPP_NAME }}{% endraw %}
+          publish-profile: {% raw %}${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}{% endraw %}
+          images: 'ghcr.io/{% raw %}${{ env.REPO }}{% endraw %}:{% raw %}${{ github.sha }}{% endraw %}'
 ```
 
 ## Additional resources

content/actions/deployment/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows.md

@@ -7,7 +7,7 @@ redirect_from:
   - /actions/deployment/security-hardening-your-deployments/using-oidc-with-your-reusable-workflows
 versions:
   fpt: '*'
-  ghae: issue-4757-and-5856
+  ghae: issue-4757
   ghec: '*'
   ghes: '>=3.5'
 type: how_to

content/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs.md

@@ -0,0 +1,530 @@
+---
+title: Customizing the containers used by jobs
+intro: 'You can customize how your self-hosted runner invokes a container for a job.'
+versions:
+  feature: 'container-hooks'
+type: reference
+miniTocMaxHeadingLevel: 4
+shortTitle: Customize containers used by jobs
+---
+
+{% note %}
+
+**Note**: This feature is currently in beta and is subject to change.
+
+{% endnote %}
+
+## About container customization
+
+{% data variables.product.prodname_actions %} allows you to run a job within a container, using the `container:` statement in your workflow file. For more information, see "[Running jobs in a container](/actions/using-jobs/running-jobs-in-a-container)." To process container-based jobs, the self-hosted runner creates a container for each job.
+
+{% data variables.product.prodname_actions %} supports commands that let you customize the way your containers are created by the self-hosted runner. For example, you can use these commands to manage the containers through Kubernetes or Podman, and you can also customize the `docker run` or `docker create` commands used to invoke the container. The customization commands are run by a script, which is automatically triggered when a specific environment variable is set on the runner. For more information, see "[Triggering the customization script](#triggering-the-customization-script)" below.
+
+This customization is only available for Linux-based self-hosted runners, and root user access is not required.
+
+## Container customization commands
+
+{% data variables.product.prodname_actions %} includes the following commands for container customization:
+
+- [`prepare_job`](/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs#prepare_job): Called when a job is started.
+- [`cleanup_job`](/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs#cleanup_job): Called at the end of a job.
+- [`run_container_step`](/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs#run_container_step): Called once for each container action in the job.
+- [`run_script_step`](/actions/hosting-your-own-runners/customizing-the-containers-used-by-jobs#run_script_step): Runs any step that is not a container action.
+
+Each of these customization commands must be defined in its own JSON file. The file name must match the command name, with the extension `.json`. For example, the `prepare_job` command is defined in `prepare_job.json`. These JSON files will then be run together on the self-hosted runner, as part of the main `index.js` script. This process is described in more detail in "[Generating the customization script](#generating-the-customization-script)."
+
+These commands also include configuration arguments, explained below in more detail.
+
+### `prepare_job`
+
+The `prepare_job` command is called when a job is started. {% data variables.product.prodname_actions %} passes in any job or service containers the job has. This command will be called if you have any service or job containers in the job. 
+
+{% data variables.product.prodname_actions %} assumes that you will do the following tasks in the `prepare_job` command:
+
+- Prune anything from previous jobs, if needed.
+- Create a network, if needed.
+- Pull the job and service containers.
+- Start the job container.
+- Start the service containers.
+- Write to the response file any information that {% data variables.product.prodname_actions %} will need:
+  - Required: State whether the container is an `alpine` linux container (using the `isAlpine` boolean). 
+  - Optional: Any context fields you want to set on the job context, otherwise they will be unavailable for users to use. For more information, see "[`job` context](/actions/learn-github-actions/contexts#job-context)."
+- Return `0` when the health checks have succeeded and the job/service containers are started.
+
+#### Arguments
+
+- `jobContainer`: **Optional**. An object containing information about the specified job container.
+  - `image`: **Required**. A string containing the Docker image.
+  - `workingDirectory`: **Required**. A string containing the absolute path of the working directory.
+  - `createOptions`: **Optional**. The optional _create_ options specified in the YAML. For more information, see "[Example: Running a job within a container](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)."
+  - `environmentVariables`: **Optional**. Sets a map of key environment variables.
+  - `userMountVolumes`: **Optional**. An array of user mount volumes set in the YAML. For more information, see "[Example: Running a job within a container](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)."
+    - `sourceVolumePath`: **Required**. The source path to the volume that will be mounted into the Docker container.
+    - `targetVolumePath`: **Required**. The target path to the volume that will be mounted into the Docker container.
+    - `readOnly`: **Required**. Determines whether or not the mount should be read-only.
+  - `systemMountVolumes`: **Required**. An array of mounts to mount into the container, same fields as above.
+    - `sourceVolumePath`: **Required**. The source path to the volume that will be mounted into the Docker container.
+    - `targetVolumePath`: **Required**. The target path to the volume that will be mounted into the Docker container.
+    - `readOnly`: **Required**. Determines whether or not the mount should be read-only.
+  - `registry` **Optional**. The Docker registry credentials for a private container registry.
+    - `username`: **Optional**. The username of the registry account.
+    - `password`: **Optional**. The password to the registry account.
+    - `serverUrl`: **Optional**. The registry URL.
+  - `portMappings`: **Optional**. A key value hash of _source:target_ ports to map into the container.
+- `services`: **Optional**. An array of service containers to spin up.
+  - `contextName`: **Required**. The name of the service in the Job context.
+  - `image`: **Required**. A string containing the Docker image.
+  - `createOptions`: **Optional**. The optional _create_ options specified in the  YAML. For more information, see "[Example: Running a job within a container](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)."
+  - `environmentVariables`: **Optional**. Sets a map of key environment variables.
+  - `userMountVolumes`: **Optional**. An array of mounts to mount into the container, same fields as above.
+    - `sourceVolumePath`: **Required**. The source path to the volume that will be mounted into the Docker container.
+    - `targetVolumePath`: **Required**. The target path to the volume that will be mounted into the Docker container.
+    - `readOnly`: **Required**. Determines whether or not the mount should be read-only.
+  - `registry` **Optional**. The Docker registry credentials for the private container registry.
+    - `username`: **Optional**. The username of the registry account.
+    - `password`: **Optional**. The password to the registry account.
+    - `serverUrl`: **Optional**. The registry URL.
+  - `portMappings`: **Optional**. A key value hash of _source:target_ ports to map into the container.
+
+#### Example input
+
+```json{:copy}
+{
+  "command": "prepare_job",
+  "responseFile": "/users/octocat/runner/_work/{guid}.json",
+  "state": {},
+  "args": {
+    "jobContainer": {
+      "image": "node:14.16",
+      "workingDirectory": "/__w/octocat-test2/octocat-test2",
+      "createOptions": "--cpus 1",
+      "environmentVariables": {
+        "NODE_ENV": "development"
+      },
+      "userMountVolumes": [
+        {
+          "sourceVolumePath": "my_docker_volume",
+          "targetVolumePath": "/volume_mount",
+          "readOnly": false
+        }
+      ],
+      "systemMountVolumes": [
+        {
+          "sourceVolumePath": "/home/octocat/git/runner/_layout/_work",
+          "targetVolumePath": "/__w",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/octocat/git/runner/_layout/externals",
+          "targetVolumePath": "/__e",
+          "readOnly": true
+        },
+        {
+          "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_temp",
+          "targetVolumePath": "/__w/_temp",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_actions",
+          "targetVolumePath": "/__w/_actions",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_tool",
+          "targetVolumePath": "/__w/_tool",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_temp/_github_home",
+          "targetVolumePath": "/github/home",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_temp/_github_workflow",
+          "targetVolumePath": "/github/workflow",
+          "readOnly": false
+        }
+      ],
+      "registry": {
+        "username": "octocat",
+        "password": "examplePassword",
+        "serverUrl": "https://index.docker.io/v1"
+      },
+      "portMappings": { "80": "801" }
+    },
+    "services": [
+      {
+        "contextName": "redis",
+        "image": "redis",
+        "createOptions": "--cpus 1",
+        "environmentVariables": {},
+        "userMountVolumes": [],
+        "portMappings": { "80": "801" },
+        "registry": {
+          "username": "octocat",
+          "password": "examplePassword",
+          "serverUrl": "https://index.docker.io/v1"
+        }
+      }
+    ]
+  }
+}
+```
+
+#### Example output
+
+This example output is the contents of the `responseFile` defined in the input above.
+
+```json{:copy}
+{
+  "state": {
+    "network": "example_network_53269bd575972817b43f7733536b200c",
+    "jobContainer": "82e8219701fe096a35941d869cf3d71af1d943b5d8bdd718857fb87ac3042480",
+    "serviceContainers": {
+      "redis": "60972d9aa486605e66b0dad4abb678dc3d9116f536579e418176eedb8abb9105"
+    }
+  },
+  "context": {
+    "container": {
+      "id": "82e8219701fe096a35941d869cf3d71af1d943b5d8bdd718857fb87ac3042480",
+      "network": "example_network_53269bd575972817b43f7733536b200c"
+    },
+    "services": {
+      "redis": {
+        "id": "60972d9aa486605e66b0dad4abb678dc3d9116f536579e418176eedb8abb9105",
+        "ports": {
+          "8080": "8080"
+        },
+        "network": "example_network_53269bd575972817b43f7733536b200c"
+      }
+    },
+    "isAlpine": true
+  }
+}
+```
+
+### `cleanup_job`
+
+The `cleanup_job` command is called at the end of a job. {% data variables.product.prodname_actions %} assumes that you will do the following tasks in the `cleanup_job` command:
+
+- Stop any running service or job containers (or the equivalent pod).
+- Stop the network (if one exists).
+- Delete any job or service containers (or the equivalent pod).
+- Delete the network (if one exists).
+- Cleanup anything else that was created for the job.
+
+#### Arguments
+
+No arguments are provided for `cleanup_job`.
+
+#### Example input
+
+```json{:copy}
+{
+  "command": "cleanup_job",
+  "responseFile": null,
+  "state": {
+    "network": "example_network_53269bd575972817b43f7733536b200c",
+    "jobContainer": "82e8219701fe096a35941d869cf3d71af1d943b5d8bdd718857fb87ac3042480",
+    "serviceContainers": {
+      "redis": "60972d9aa486605e66b0dad4abb678dc3d9116f536579e418176eedb8abb9105"
+    }
+  },
+  "args": {}
+}
+```
+
+#### Example output
+
+No output is expected for `cleanup_job`.
+
+### `run_container_step`
+
+The `run_container_step` command is called once for each container action in your job. {% data variables.product.prodname_actions %} assumes that you will do the following tasks in the `run_container_step` command:
+
+- Pull or build the required container (or fail if you cannot).
+- Run the container action and return the exit code of the container.
+- Stream any step logs output to stdout and stderr.
+- Cleanup the container after it executes.
+
+#### Arguments
+
+- `image`: **Optional**. A string containing the docker image. Otherwise a dockerfile must be provided.
+- `dockerfile`: **Optional**. A string containing the path to the dockerfile, otherwise an image must be provided.
+- `entryPointArgs`: **Optional**. A list containing the entry point args.
+- `entryPoint`: **Optional**. The container entry point to use if the default image entrypoint should be overwritten.
+- `workingDirectory`: **Required**. A string containing the absolute path of the working directory.
+- `createOptions`: **Optional**. The optional _create_ options specified in the YAML. For more information, see "[Example: Running a job within a container](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)."
+- `environmentVariables`: **Optional**. Sets a map of key environment variables.
+- `prependPath`: **Optional**. An array of additional paths to prepend to the `$PATH` variable.
+- `userMountVolumes`: **Optional**. an array of user mount volumes set in the YAML. For more information, see "[Example: Running a job within a container](/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)."
+  - `sourceVolumePath`: **Required**. The source path to the volume that will be mounted into the Docker container.
+  - `targetVolumePath`: **Required**. The target path to the volume that will be mounted into the Docker container.
+  - `readOnly`: **Required**. Determines whether or not the mount should be read-only.
+- `systemMountVolumes`: **Required**. An array of mounts to mount into the container, using the same fields as above.
+  - `sourceVolumePath`: **Required**. The source path to the volume that will be mounted into the Docker container.
+  - `targetVolumePath`: **Required**. The target path to the volume that will be mounted into the Docker container.
+  - `readOnly`: **Required**. Determines whether or not the mount should be read-only.
+- `registry` **Optional**. The Docker registry credentials for a private container registry.
+  - `username`: **Optional**. The username of the registry account.
+  - `password`: **Optional**. The password to the registry account.
+  - `serverUrl`: **Optional**. The registry URL.
+- `portMappings`: **Optional**. A key value hash of the _source:target_ ports to map into the container.
+
+#### Example input for image
+
+If you're using a Docker image, you can specify the image name in the `"image":` parameter.
+
+```json{:copy}
+{
+  "command": "run_container_step",
+  "responseFile": null,
+  "state": {
+    "network": "example_network_53269bd575972817b43f7733536b200c",
+    "jobContainer": "82e8219701fe096a35941d869cf3d71af1d943b5d8bdd718857fb87ac3042480",
+    "serviceContainers": {
+      "redis": "60972d9aa486605e66b0dad4abb678dc3d9116f536579e418176eedb8abb9105"
+    }
+  },
+  "args": {
+    "image": "node:14.16",
+    "dockerfile": null,
+    "entryPointArgs": ["-f", "/dev/null"],
+    "entryPoint": "tail",
+    "workingDirectory": "/__w/octocat-test2/octocat-test2",
+    "createOptions": "--cpus 1",
+    "environmentVariables": {
+      "NODE_ENV": "development"
+    },
+    "prependPath": ["/foo/bar", "bar/foo"],
+    "userMountVolumes": [
+      {
+        "sourceVolumePath": "my_docker_volume",
+        "targetVolumePath": "/volume_mount",
+        "readOnly": false
+      }
+    ],
+    "systemMountVolumes": [
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/_work",
+        "targetVolumePath": "/__w",
+        "readOnly": false
+      },
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/externals",
+        "targetVolumePath": "/__e",
+        "readOnly": true
+      },
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_temp",
+        "targetVolumePath": "/__w/_temp",
+        "readOnly": false
+      },
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_actions",
+        "targetVolumePath": "/__w/_actions",
+        "readOnly": false
+      },
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_tool",
+        "targetVolumePath": "/__w/_tool",
+        "readOnly": false
+      },
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_temp/_github_home",
+        "targetVolumePath": "/github/home",
+        "readOnly": false
+      },
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_temp/_github_workflow",
+        "targetVolumePath": "/github/workflow",
+        "readOnly": false
+      }
+    ],
+    "registry": null,
+    "portMappings": { "80": "801" }
+  }
+}
+```
+
+#### Example input for Dockerfile
+
+If your container is defined by a Dockerfile, this example demonstrates how to specify the path to a `Dockerfile` in your input, using the `"dockerfile":` parameter.
+
+```json{:copy}
+{
+  "command": "run_container_step",
+  "responseFile": null,
+  "state": {
+    "network": "example_network_53269bd575972817b43f7733536b200c",
+    "jobContainer": "82e8219701fe096a35941d869cf3d71af1d943b5d8bdd718857fb87ac3042480",
+    "services": {
+      "redis": "60972d9aa486605e66b0dad4abb678dc3d9116f536579e418176eedb8abb9105"
+    }
+  },
+  "args": {
+    "image": null,
+    "dockerfile": "/__w/_actions/foo/dockerfile",
+    "entryPointArgs": ["hello world"],
+    "entryPoint": "echo",
+    "workingDirectory": "/__w/octocat-test2/octocat-test2",
+    "createOptions": "--cpus 1",
+    "environmentVariables": {
+      "NODE_ENV": "development"
+    },
+    "prependPath": ["/foo/bar", "bar/foo"],
+    "userMountVolumes": [
+      {
+        "sourceVolumePath": "my_docker_volume",
+        "targetVolumePath": "/volume_mount",
+        "readOnly": false
+      }
+    ],
+    "systemMountVolumes": [
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/_work",
+        "targetVolumePath": "/__w",
+        "readOnly": false
+      },
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/externals",
+        "targetVolumePath": "/__e",
+        "readOnly": true
+      },
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_temp",
+        "targetVolumePath": "/__w/_temp",
+        "readOnly": false
+      },
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_actions",
+        "targetVolumePath": "/__w/_actions",
+        "readOnly": false
+      },
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_tool",
+        "targetVolumePath": "/__w/_tool",
+        "readOnly": false
+      },
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_temp/_github_home",
+        "targetVolumePath": "/github/home",
+        "readOnly": false
+      },
+      {
+        "sourceVolumePath": "/home/octocat/git/runner/_layout/_work/_temp/_github_workflow",
+        "targetVolumePath": "/github/workflow",
+        "readOnly": false
+      }
+    ],
+    "registry": null,
+    "portMappings": { "80": "801" }
+  }
+}
+```
+
+#### Example output
+
+No output is expected for `run_container_step`.
+
+### `run_script_step`
+
+{% data variables.product.prodname_actions %} assumes that you will do the following tasks:
+
+- Invoke the provided script inside the job container and return the exit code.
+- Stream any step log output to stdout and stderr.
+
+#### Arguments
+
+- `entryPointArgs`: **Optional**. A list containing the entry point arguments.
+- `entryPoint`: **Optional**. The container entry point to use if the default image entrypoint should be overwritten.
+- `prependPath`: **Optional**. An array of additional paths to prepend to the `$PATH` variable.
+- `workingDirectory`: **Required**. A string containing the absolute path of the working directory.
+- `environmentVariables`: **Optional**. Sets a map of key environment variables.
+
+#### Example input
+
+```json{:copy}
+{
+  "command": "run_script_step",
+  "responseFile": null,
+  "state": {
+    "network": "example_network_53269bd575972817b43f7733536b200c",
+    "jobContainer": "82e8219701fe096a35941d869cf3d71af1d943b5d8bdd718857fb87ac3042480",
+    "serviceContainers": {
+      "redis": "60972d9aa486605e66b0dad4abb678dc3d9116f536579e418176eedb8abb9105"
+    }
+  },
+  "args": {
+    "entryPointArgs": ["-e", "/runner/temp/example.sh"],
+    "entryPoint": "bash",
+    "environmentVariables": {
+      "NODE_ENV": "development"
+    },
+    "prependPath": ["/foo/bar", "bar/foo"],
+    "workingDirectory": "/__w/octocat-test2/octocat-test2"
+  }
+}
+```
+
+#### Example output
+
+No output is expected for `run_script_step`.
+
+## Generating the customization script
+
+{% data variables.product.prodname_dotcom %} has created an example repository that demonstrates how to generate customization scripts for Docker and Kubernetes. 
+
+{% note %}
+
+**Note:** The resulting scripts are available for testing purposes, and you will need to determine whether they are appropriate for your requirements.
+
+{% endnote %}
+
+1. Clone the [actions/runner-container-hooks](https://github.com/actions/runner-container-hooks) repository to your self-hosted runner.
+
+1. The `examples/` directory contains some existing customization commands, each with its own JSON file. You can review these examples and use them as a starting point for your own customization commands.
+
+   - `prepare_job.json`
+   - `run_script_step.json`
+   - `run_container_step.json`
+
+1. Build the npm packages. These commands generate the `index.js` files inside `packages/docker/dist` and `packages/k8s/dist`.
+
+   ```shell
+   npm install && npm run bootstrap && npm run build-all
+   ```
+
+When the resulting `index.js` is triggered by {% data variables.product.prodname_actions %}, it will run the customization commands defined in the JSON files. To trigger the `index.js`, you will need to add it your `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` environment variable, as described in the next section.
+
+## Triggering the customization script
+
+The custom script must be located on the runner, but should not be stored in the self-hosted runner application directory. The scripts are executed in the security context of the service account that's running the runner service.
+
+{% note %}
+
+**Note**: The triggered script is processed synchronously, so it will block job execution while running.
+
+{% endnote %}
+
+The script is automatically executed when the runner has the following environment variable containing an absolute path to the script:
+
+- `ACTIONS_RUNNER_CONTAINER_HOOK`: The script defined in this environment variable is triggered when a job has been assigned to a runner, but before the job starts running.
+
+To set this environment variable, you can either add it to the operating system, or add it to a file named `.env` within the self-hosted runner application directory. For example, the following `.env` entry will have the runner automatically run the script at `/Users/octocat/runner/index.js` before each container-based job runs:
+
+```bash
+ACTIONS_RUNNER_CONTAINER_HOOK=/Users/octocat/runner/index.js
+```
+
+If you want to ensure that your job always runs inside a container, and subsequently always applies your container customizations, you can set the `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` variable on the self hosted runner to `true`. This will fail jobs that do not specify a job container.
+
+## Troubleshooting
+
+### No timeout setting
+
+There is currently no timeout setting available for the script executed by `ACTIONS_RUNNER_CONTAINER_HOOK`. As a result, you could consider adding timeout handling to your script.
+
+### Reviewing the workflow run log
+
+To confirm whether your scripts are executing, you can review the logs for that job. For more information on checking the logs, see "[Viewing logs to diagnose failures](/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs#viewing-logs-to-diagnose-failures)."

content/actions/hosting-your-own-runners/index.md

@@ -20,6 +20,7 @@ children:
   - /adding-self-hosted-runners
   - /autoscaling-with-self-hosted-runners
   - /running-scripts-before-or-after-a-job
+  - /customizing-the-containers-used-by-jobs
   - /configuring-the-self-hosted-runner-application-as-a-service
   - /using-a-proxy-server-with-self-hosted-runners
   - /using-labels-with-self-hosted-runners

content/actions/learn-github-actions/contexts.md

@@ -45,7 +45,7 @@ You can access contexts using the expression syntax. For more information, see "
 | `matrix` | `object` | Contains the matrix properties defined in the workflow that apply to the current job. For more information, see [`matrix` context](#matrix-context). |
 | `needs` | `object` | Contains the outputs of all jobs that are defined as a dependency of the current job. For more information, see [`needs` context](#needs-context). |
 {%- ifversion fpt or ghec or ghes > 3.3 or ghae-issue-4757 %}
-| `inputs` | `object` | Contains the inputs of a reusable workflow. For more information, see [`inputs` context](#inputs-context). |{% endif %}
+| `inputs` | `object` | Contains the inputs of a reusable {% ifversion actions-unified-inputs %}or manually triggered {% endif %}workflow. For more information, see [`inputs` context](#inputs-context). |{% endif %}
 
 As part of an expression, you can access context information using one of two syntaxes.
 
@@ -193,7 +193,7 @@ The `github` context contains information about the workflow run and the event t
 | `github.graphql_url` | `string` | The URL of the {% data variables.product.prodname_dotcom %} GraphQL API. |
 | `github.head_ref` | `string` | The `head_ref` or source branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is either `pull_request` or `pull_request_target`. |
 | `github.job` | `string` | The [`job_id`](/actions/reference/workflow-syntax-for-github-actions#jobsjob_id) of the current job. <br /> Note: This context property is set by the Actions runner, and is only available within the execution `steps` of a job. Otherwise, the value of this property will be `null`. |
-| `github.ref` | `string` | The branch or tag ref that triggered the workflow run. For branches this is the format  `refs/heads/<branch_name>`, and for tags it is `refs/tags/<tag_name>`. |
+| `github.ref` | `string` | {% data reusables.actions.ref-description %} |
 {%- ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5338 %}
 | `github.ref_name` | `string` | {% data reusables.actions.ref_name-description %} |
 | `github.ref_protected` | `string` | {% data reusables.actions.ref_protected-description %} |
@@ -714,33 +714,32 @@ jobs:
 {% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-4757 %}
 ## `inputs` context
 
-The `inputs` context contains input properties passed to a reusable workflow. The input names and types are defined in the [`workflow_call` event configuration](/actions/learn-github-actions/events-that-trigger-workflows#workflow-reuse-events) of a reusable workflow, and the input values are passed from [`jobs.<job_id>.with`](/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idwith) in an external workflow that calls the reusable workflow.
+The `inputs` context contains input properties passed to a reusable workflow{% ifversion actions-unified-inputs %} or to a manually triggered workflow{% endif %}. {% ifversion actions-unified-inputs %}For reusable workflows, the{% else %}The{% endif %} input names and types are defined in the [`workflow_call` event configuration](/actions/learn-github-actions/events-that-trigger-workflows#workflow-reuse-events) of a reusable workflow, and the input values are passed from [`jobs.<job_id>.with`](/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idwith) in an external workflow that calls the reusable workflow. {% ifversion actions-unified-inputs %}For manually triggered workflows, the inputs are defined in the [`workflow_dispatch` event configuration](/actions/learn-github-actions/events-that-trigger-workflows#workflow_dispatch) of a workflow.{% endif %}
 
-There are no standard properties in the `inputs` context, only those which are defined in the reusable workflow file.
+There are no standard properties in the `inputs` context, only those which are defined in the workflow file.
 
 {% data reusables.actions.reusable-workflows-ghes-beta %}
 
-For more information, see "[Reusing workflows](/actions/learn-github-actions/reusing-workflows)".
-
 | Property name | Type | Description |
 |---------------|------|-------------|
-| `inputs` | `object` | This context is only available in a [reusable workflow](/actions/learn-github-actions/reusing-workflows). You can access this context from any job or step in a workflow. This object contains the properties listed below. |
+| `inputs` | `object` | This context is only available in a [reusable workflow](/actions/learn-github-actions/reusing-workflows){% ifversion actions-unified-inputs %} or in a workflow triggered by the [`workflow_dispatch` event](/actions/learn-github-actions/events-that-trigger-workflows#workflow_dispatch){% endif %}. You can access this context from any job or step in a workflow. This object contains the properties listed below. |
 | `inputs.<name>` | `string` or `number` or `boolean` | Each input value passed from an external workflow. |
 
 ### Example contents of the `inputs` context
 
-The following example contents of the `inputs` context is from a job in a reusable workflow that has defined the `build_id` and `deploy_target` inputs.
+The following example contents of the `inputs` context is from a workflow that has defined the `build_id`, `deploy_target`, and `perform_deploy` inputs.
 
 ```yaml
 {
   "build_id": 123456768,
-  "deploy_target": "deployment_sys_1a"
+  "deploy_target": "deployment_sys_1a",
+  "perform_deploy": true
 }
 ```
 
-### Example usage of the `inputs` context
+### Example usage of the `inputs` context in a reusable workflow
 
-This example reusable workflow uses the `inputs` context to get the values of the `build_id` and `deploy_target` inputs that were passed to the reusable workflow from the caller workflow.
+This example reusable workflow uses the `inputs` context to get the values of the `build_id`, `deploy_target`, and `perform_deploy` inputs that were passed to the reusable workflow from the caller workflow.
 
 {% raw %}
 ```yaml{:copy}
@@ -761,10 +760,42 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
-    if: ${{ inputs.perform_deploy == 'true' }}
+    if: ${{ inputs.perform_deploy }}
+    steps:
+      - name: Deploy build to target
+        run: deploy --build ${{ inputs.build_id }} --target ${{ inputs.deploy_target }}
+```
+{% endraw %}
+
+{% ifversion actions-unified-inputs %}
+### Example usage of the `inputs` context in a manually triggered workflow
+
+This example workflow triggered by a `workflow_dispatch` event uses the `inputs` context to get the values of the `build_id`, `deploy_target`, and `perform_deploy` inputs that were passed to the workflow.
+
+{% raw %}
+```yaml{:copy}
+on:
+  workflow_dispatch:
+    inputs:
+      build_id:
+        required: true
+        type: string
+      deploy_target:
+        required: true
+        type: string
+      perform_deploy:
+        required: true
+        type: boolean
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    if: ${{ inputs.perform_deploy }}
     steps:
       - name: Deploy build to target
         run: deploy --build ${{ inputs.build_id }} --target ${{ inputs.deploy_target }}
 ```
 {% endraw %}
 {% endif %}
+
+{% endif %}

content/actions/learn-github-actions/environment-variables.md

@@ -143,7 +143,7 @@ We strongly recommend that actions use environment variables to access the files
 | `GITHUB_HEAD_REF` | The head ref or source branch of the pull request in a workflow run. This property is only set when the event that triggers a workflow run is either `pull_request` or `pull_request_target`. For example, `feature-branch-1`. |
 | `GITHUB_JOB` | The [job_id](/actions/reference/workflow-syntax-for-github-actions#jobsjob_id) of the current job. For example, `greeting_job`. |
 | `GITHUB_PATH` | The path on the runner to the file that sets system `PATH` variables from workflow commands. This file is unique to the current step and changes for each step in a job.  For example, `/home/runner/work/_temp/_runner_file_commands/add_path_899b9445-ad4a-400c-aa89-249f18632cf5`. For more information, see "[Workflow commands for {% data variables.product.prodname_actions %}](/actions/using-workflows/workflow-commands-for-github-actions#adding-a-system-path)." |
-| `GITHUB_REF` | The branch or tag ref that triggered the workflow run. For branches this is the format `refs/heads/<branch_name>`, for tags it is `refs/tags/<tag_name>`, and for pull requests it is `refs/pull/<pr_number>/merge`. This variable is only set if a branch or tag is available for the event type. For example, `refs/heads/feature-branch-1`. |
+| `GITHUB_REF` | {% data reusables.actions.ref-description %} |
 {%- ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5338 %}
 | `GITHUB_REF_NAME` | {% data reusables.actions.ref_name-description %} For example, `feature-branch-1`.|
 | `GITHUB_REF_PROTECTED` | {% data reusables.actions.ref_protected-description %} |

content/actions/managing-workflow-runs/re-running-workflows-and-jobs.md

@@ -17,7 +17,7 @@ versions:
 
 ## About re-running workflows and jobs
 
-Re-running a workflow{% ifversion re-run-jobs %} or jobs in a workflow{% endif %} uses the same `GITHUB_SHA` (commit SHA) and `GITHUB_REF` (Git ref) of the original event that triggered the workflow run. You can re-run a workflow{% ifversion re-run-jobs %} or jobs in a workflow{% endif %} for up to 30 days after the initial run.{% ifversion debug-reruns %} When you re-run a workflow or jobs in a workflow, you can enable debug logging for the re-run. This will enable runner diagnostic logging and step debug logging for the re-run. For more information about debug logging, see "[Enabling debug logging](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging)."{% endif %}
+Re-running a workflow{% ifversion re-run-jobs %} or jobs in a workflow{% endif %} uses the same `GITHUB_SHA` (commit SHA) and `GITHUB_REF` (Git ref) of the original event that triggered the workflow run. You can re-run a workflow{% ifversion re-run-jobs %} or jobs in a workflow{% endif %} for up to 30 days after the initial run.{% ifversion re-run-jobs %} You cannot re-run jobs in a workflow once its logs have passed their retention limits. For more information, see "[Usage limits, billing, and administration](/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy)."{% endif %}{% ifversion debug-reruns %} When you re-run a workflow or jobs in a workflow, you can enable debug logging for the re-run. This will enable runner diagnostic logging and step debug logging for the re-run. For more information about debug logging, see "[Enabling debug logging](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging)."{% endif %}
 
 ## Re-running all the jobs in a workflow
 

content/actions/managing-workflow-runs/removing-workflow-artifacts.md

@@ -16,7 +16,7 @@ shortTitle: Remove workflow artifacts
 
 {% warning %}
 
-**Warning:** Once you delete an artifact, it can not be restored.
+**Warning:** Once you delete an artifact, it cannot be restored.
 
 {% endwarning %}
 

content/actions/using-workflows/events-that-trigger-workflows.md

@@ -1250,12 +1250,13 @@ on: workflow_dispatch
 
 #### Providing inputs
 
-You can configure custom-defined input properties, default input values, and required inputs for the event directly in your workflow. When you trigger the event, you can provide the `ref` and any `inputs`. When the workflow runs, you can access the input values in the `github.event.inputs` context. For more information, see "[Contexts](/actions/learn-github-actions/contexts)."
+You can configure custom-defined input properties, default input values, and required inputs for the event directly in your workflow. When you trigger the event, you can provide the `ref` and any `inputs`. When the workflow runs, you can access the input values in the {% ifversion actions-unified-inputs %}`inputs`{% else %}`github.event.inputs`{% endif %} context. For more information, see "[Contexts](/actions/learn-github-actions/contexts)."
+
+{% data reusables.actions.inputs-vs-github-event-inputs %}
 
 {% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5511 %}
-This example defines inputs called `logLevel`, `tags`, and `environment`. You pass values for these inputs to the workflow when you run it. This workflow then prints the values to the log, using the `github.event.inputs.logLevel`, `github.event.inputs.tags`, and  `github.event.inputs.environment` context properties. 
+This example defines inputs called `logLevel`, `tags`, and `environment`. You pass values for these inputs to the workflow when you run it. This workflow then prints the values to the log, using the {% ifversion actions-unified-inputs %}`inputs.logLevel`, `inputs.tags`, and  `inputs.environment`{% else %}`github.event.inputs.logLevel`, `github.event.inputs.tags`, and  `github.event.inputs.environment`{% endif %} context properties. 
 
-{% raw %}
 ```yaml
 on: 
   workflow_dispatch:
@@ -1287,11 +1288,10 @@ jobs:
           echo "Tags: $TAGS"
           echo "Environment: $ENVIRONMENT"
         env:
-          LEVEL: ${{ github.event.inputs.logLevel }}
-          TAGS: ${{ github.event.inputs.tags }}
-          ENVIRONMENT: ${{ github.event.inputs.environment }}
+          LEVEL: {% ifversion actions-unified-inputs %}{% raw %}${{ inputs.logLevel }}{% endraw %}{% else %}{% raw %}${{ github.event.inputs.logLevel }}{% endraw %}{% endif %}
+          TAGS: {% ifversion actions-unified-inputs %}{% raw %}${{ inputs.tags }}{% endraw %}{% else %}{% raw %}${{ github.event.inputs.tags }}{% endraw %}{% endif %}
+          ENVIRONMENT: {% ifversion actions-unified-inputs %}{% raw %}${{ inputs.environment }}{% endraw %}{% else %}{% raw %}${{ github.event.inputs.environment }}{% endraw %}{% endif %}
 ```
-{% endraw %}
 
 If you run this workflow from a browser you must enter values for the required inputs manually before the workflow will run.
 
@@ -1306,7 +1306,7 @@ gh workflow run run-tests.yml -f logLevel=warning -f tags=false -f environment=s
 For more information, see the {% data variables.product.prodname_cli %} information in "[Manually running a workflow](/actions/managing-workflow-runs/manually-running-a-workflow)."
 
 {% else %}
-This example defines the `name` and `home` inputs and prints them using the `github.event.inputs.name` and `github.event.inputs.home` contexts. If a `home` isn't provided, the default value 'The Octoverse' is printed.
+This example defines the `name` and `home` inputs and prints them using the {% ifversion actions-unified-inputs %}`inputs.name` and `inputs.home`{% else %}`github.event.inputs.name` and `github.event.inputs.home`{% endif %} contexts. If a `home` isn't provided, the default value 'The Octoverse' is printed.
 
 ```yaml
 name: Manually triggered workflow
@@ -1330,8 +1330,8 @@ jobs:
           echo Hello $NAME!
           echo -in $HOME
         env:
-          NAME: {% raw %}${{ github.event.inputs.name }}{% endraw %}
-          HOME: {% raw %}${{ github.event.inputs.home }}{% endraw %}
+          NAME: {% ifversion actions-unified-inputs %}{% raw %}${{ inputs.name }}{% endraw %}{% else %}{% raw %}${{ github.event.inputs.name }}{% endraw %}{% endif %}
+          HOME: {% ifversion actions-unified-inputs %}{% raw %}${{ github.event.inputs.home }}{% endraw %}{% else %}{% raw %}${{ github.event.inputs.home }}{% endraw %}{% endif %}
 ```
 {% endif %}
 

content/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md

@@ -50,7 +50,7 @@ If your {% data variables.product.product_location %} uses clustering, you canno
     ```{% endif %}
    {% note %}
 
-   **Note**: For more information about enabling access to the administrative shell via SSH, see "[Accessing the administrative shell (SSH)](/enterprise/{{ currentVersion }}/admin/configuration/accessing-the-administrative-shell-ssh)."
+   **Note**: For more information about enabling access to the administrative shell via SSH, see "[Accessing the administrative shell (SSH)](/enterprise/admin/configuration/accessing-the-administrative-shell-ssh)."
 
    {% endnote %}
 2. Apply the configuration.

content/admin/configuration/configuring-github-connect/managing-github-connect.md

@@ -43,7 +43,7 @@ To use {% data variables.product.prodname_github_connect %}, you must have an or
 {% ifversion ghes %}
 If your organization or enterprise account on {% data variables.product.prodname_dotcom_the_website %} uses IP allow lists, you must add the IP address or network for {% data variables.product.product_location %} to your IP allow list on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[Managing allowed IP addresses for your organization](/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)" and "[Enforcing policies for security settings in your enterprise](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
 
-To configure a connection, your proxy configuration must allow connectivity to `github.com`, `api.github.com`, and `uploads.github.com`. For more information, see "[Configuring an outbound web proxy server](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-an-outbound-web-proxy-server)."
+To configure a connection, your proxy configuration must allow connectivity to `github.com`, `api.github.com`, and `uploads.github.com`. For more information, see "[Configuring an outbound web proxy server](/enterprise/admin/guides/installation/configuring-an-outbound-web-proxy-server)."
 {% endif %}
 
 ## Enabling {% data variables.product.prodname_github_connect %}

content/admin/configuration/configuring-network-settings/configuring-a-hostname.md

@@ -18,7 +18,7 @@ If you configure a hostname instead of a hard-coded IP address, you will be able
 
 The hostname setting in the {% data variables.enterprise.management_console %} should be set to an appropriate fully qualified domain name (FQDN) which is resolvable on the internet or within your internal network. For example, your hostname setting could be `github.companyname.com.` Web and API requests will automatically redirect to the hostname configured in the {% data variables.enterprise.management_console %}.
 
-After you configure a hostname, you can enable subdomain isolation to further increase the security of {% data variables.product.product_location %}. For more information, see "[Enabling subdomain isolation](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-subdomain-isolation/)."
+After you configure a hostname, you can enable subdomain isolation to further increase the security of {% data variables.product.product_location %}. For more information, see "[Enabling subdomain isolation](/enterprise/admin/guides/installation/enabling-subdomain-isolation/)."
 
 For more information on the supported hostname types, see [Section 2.1 of the HTTP RFC](https://tools.ietf.org/html/rfc1123#section-2).
 
@@ -34,4 +34,4 @@ For more information on the supported hostname types, see [Section 2.1 of the HT
 {% data reusables.enterprise_management_console.test-domain-settings-failure %}
 {% data reusables.enterprise_management_console.save-settings %}
 
-To help mitigate various cross-site scripting vulnerabilities, we recommend that you enable subdomain isolation for {% data variables.product.product_location %} after you configure a hostname. For more information, see "[Enabling subdomain isolation](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-subdomain-isolation/)."
+To help mitigate various cross-site scripting vulnerabilities, we recommend that you enable subdomain isolation for {% data variables.product.product_location %} after you configure a hostname. For more information, see "[Enabling subdomain isolation](/enterprise/admin/guides/installation/enabling-subdomain-isolation/)."

content/admin/configuration/configuring-network-settings/configuring-tls.md

@@ -31,9 +31,9 @@ To allow users to use FIDO U2F for two-factor authentication, you must enable TL
 
 To use TLS in production, you must have a certificate in an unencrypted PEM format signed by a trusted certificate authority.
 
-Your certificate will also need Subject Alternative Names configured for the subdomains listed in "[Enabling subdomain isolation](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-subdomain-isolation#about-subdomain-isolation)" and will need to include the full certificate chain if it has been signed by an intermediate certificate authority. For more information, see "[Subject Alternative Name](http://en.wikipedia.org/wiki/SubjectAltName)" on Wikipedia.
+Your certificate will also need Subject Alternative Names configured for the subdomains listed in "[Enabling subdomain isolation](/enterprise/admin/guides/installation/enabling-subdomain-isolation#about-subdomain-isolation)" and will need to include the full certificate chain if it has been signed by an intermediate certificate authority. For more information, see "[Subject Alternative Name](http://en.wikipedia.org/wiki/SubjectAltName)" on Wikipedia.
 
-You can generate a certificate signing request (CSR) for your instance using the `ghe-ssl-generate-csr` command. For more information, see "[Command-line utilities](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities/#ghe-ssl-generate-csr)."
+You can generate a certificate signing request (CSR) for your instance using the `ghe-ssl-generate-csr` command. For more information, see "[Command-line utilities](/enterprise/admin/guides/installation/command-line-utilities/#ghe-ssl-generate-csr)."
 
 ## Uploading a custom TLS certificate
 
@@ -65,7 +65,7 @@ Let's Encrypt is a public certificate authority that issues free, automated TLS
 
 When you enable automation of TLS certificate management using Let's Encrypt, {% data variables.product.product_location %} will contact the Let's Encrypt servers to obtain a certificate. To renew a certificate, Let's Encrypt servers must validate control of the configured domain name with inbound HTTP requests.
 
-You can also use the `ghe-ssl-acme` command line utility on {% data variables.product.product_location %} to automatically generate a Let's Encrypt certificate. For more information, see "[Command-line utilities](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities#ghe-ssl-acme)."
+You can also use the `ghe-ssl-acme` command line utility on {% data variables.product.product_location %} to automatically generate a Let's Encrypt certificate. For more information, see "[Command-line utilities](/enterprise/admin/guides/installation/command-line-utilities#ghe-ssl-acme)."
 
 ## Configuring TLS using Let's Encrypt
 

content/admin/configuration/configuring-network-settings/enabling-subdomain-isolation.md

@@ -48,13 +48,13 @@ When subdomain isolation is enabled, {% data variables.product.prodname_ghe_serv
 
 Before you enable subdomain isolation, you must configure your network settings for your new domain.
 
-- Specify a valid domain name as your hostname, instead of an IP address. For more information, see "[Configuring a hostname](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-a-hostname)."
+- Specify a valid domain name as your hostname, instead of an IP address. For more information, see "[Configuring a hostname](/enterprise/admin/guides/installation/configuring-a-hostname)."
 
 {% data reusables.enterprise_installation.changing-hostname-not-supported %}
 
 - Set up a wildcard Domain Name System (DNS) record or individual DNS records for the subdomains listed above. We recommend creating an A record for `*.HOSTNAME` that points to your server's IP address so you don't have to create multiple records for each subdomain.
 - Get a wildcard Transport Layer Security (TLS) certificate for `*.HOSTNAME` with a Subject Alternative Name (SAN) for both `HOSTNAME` and the wildcard domain `*.HOSTNAME`. For example, if your hostname is `github.octoinc.com`, get a certificate with the Common Name value set to `*.github.octoinc.com` and a SAN value set to both `github.octoinc.com` and `*.github.octoinc.com`.
-- Enable TLS on your appliance. For more information, see "[Configuring TLS](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-tls/)."
+- Enable TLS on your appliance. For more information, see "[Configuring TLS](/enterprise/admin/guides/installation/configuring-tls/)."
 
 ## Enabling subdomain isolation
 

content/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md

@@ -69,7 +69,7 @@ We strongly recommend enabling PROXY protocol support for both your instance and
 
 ## Configuring health checks
 
-Health checks allow a load balancer to stop sending traffic to a node that is not responding if a pre-configured check fails on that node. If the instance is offline due to maintenance or unexpected failure, the load balancer can display a status page. In a High Availability (HA) configuration, a load balancer can be used as part of a failover strategy. However, automatic failover of HA pairs is not supported. You must manually promote the replica instance before it will begin serving requests. For more information, see "[Configuring {% data variables.product.prodname_ghe_server %} for High Availability](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-github-enterprise-server-for-high-availability/)."
+Health checks allow a load balancer to stop sending traffic to a node that is not responding if a pre-configured check fails on that node. If the instance is offline due to maintenance or unexpected failure, the load balancer can display a status page. In a High Availability (HA) configuration, a load balancer can be used as part of a failover strategy. However, automatic failover of HA pairs is not supported. You must manually promote the replica instance before it will begin serving requests. For more information, see "[Configuring {% data variables.product.prodname_ghe_server %} for High Availability](/enterprise/admin/guides/installation/configuring-github-enterprise-server-for-high-availability/)."
 
 {% data reusables.enterprise_clustering.health_checks %}
 {% data reusables.enterprise_site_admin_settings.maintenance-mode-status %}

content/admin/configuration/configuring-your-enterprise/accessing-the-management-console.md

@@ -54,7 +54,7 @@ The first time that you access the {% data variables.enterprise.management_conso
 
 The {% data variables.enterprise.management_console %} locks after ten failed login attempts are made in the span of ten minutes. You must wait for the login screen to automatically unlock before attempting to log in again. The login screen automatically unlocks as soon as the previous ten minute period contains fewer than ten failed login attempts. The counter resets after a successful login occurs.
 
-To immediately unlock the {% data variables.enterprise.management_console %}, use the `ghe-reactivate-admin-login` command via the administrative shell. For more information, see "[Command line utilities](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities#ghe-reactivate-admin-login)" and "[Accessing the administrative shell (SSH)](/enterprise/{{ currentVersion }}/admin/guides/installation/accessing-the-administrative-shell-ssh/)."
+To immediately unlock the {% data variables.enterprise.management_console %}, use the `ghe-reactivate-admin-login` command via the administrative shell. For more information, see "[Command line utilities](/enterprise/admin/guides/installation/command-line-utilities#ghe-reactivate-admin-login)" and "[Accessing the administrative shell (SSH)](/enterprise/admin/guides/installation/accessing-the-administrative-shell-ssh/)."
 
 ## Troubleshooting failed connections to the {% data variables.enterprise.management_console %}
 

content/admin/configuration/configuring-your-enterprise/command-line-utilities.md

@@ -15,7 +15,7 @@ topics:
   - Enterprise
   - SSH
 ---
-You can execute these commands from anywhere on the VM after signing in as an SSH admin user. For more information, see "[Accessing the administrative shell (SSH)](/enterprise/{{ currentVersion }}/admin/guides/installation/accessing-the-administrative-shell-ssh/)."
+You can execute these commands from anywhere on the VM after signing in as an SSH admin user. For more information, see "[Accessing the administrative shell (SSH)](/enterprise/admin/guides/installation/accessing-the-administrative-shell-ssh/)."
 
 ## General
 
@@ -124,7 +124,7 @@ $ ghe-config app.github.rate-limiting-exempt-users "<em>hubot</em> <em>github-ac
 
 ### ghe-config-apply
 
-This utility applies {% data variables.enterprise.management_console %} settings, reloads system services, prepares a storage device, reloads application services, and runs any pending database migrations. It is equivalent to clicking **Save settings** in the {% data variables.enterprise.management_console %}'s web UI or to sending a POST request to [the `/setup/api/configure` endpoint](/enterprise/{{ currentVersion }}/user/rest/reference/enterprise-admin#management-console).
+This utility applies {% data variables.enterprise.management_console %} settings, reloads system services, prepares a storage device, reloads application services, and runs any pending database migrations. It is equivalent to clicking **Save settings** in the {% data variables.enterprise.management_console %}'s web UI or to sending a POST request to [the `/setup/api/configure` endpoint](/enterprise/user/rest/reference/enterprise-admin#management-console).
 
 You will probably never need to run this manually, but it's available if you want to automate the process of saving your settings via SSH.
 
@@ -352,7 +352,7 @@ stop/waiting
 
 ### ghe-set-password
 
-With `ghe-set-password`, you can set a new password to authenticate into the [{% data variables.enterprise.management_console %}](/enterprise/{{ currentVersion }}/admin/guides/installation/accessing-the-management-console).
+With `ghe-set-password`, you can set a new password to authenticate into the [{% data variables.enterprise.management_console %}](/enterprise/admin/guides/installation/accessing-the-management-console).
 
 ```shell
 ghe-set-password <new_password>
@@ -394,7 +394,7 @@ existing keys in /etc/ssh/ssh_host_* and generate new ones. [y/N]
 
 ### ghe-ssh-weak-fingerprints
 
-This utility returns a report of known weak SSH keys stored on the {% data variables.product.prodname_enterprise %} appliance. You can optionally revoke user keys as a bulk action. The utility will report weak system keys, which you must manually revoke in the [{% data variables.enterprise.management_console %}](/enterprise/{{ currentVersion }}/admin/guides/installation/accessing-the-management-console).
+This utility returns a report of known weak SSH keys stored on the {% data variables.product.prodname_enterprise %} appliance. You can optionally revoke user keys as a bulk action. The utility will report weak system keys, which you must manually revoke in the [{% data variables.enterprise.management_console %}](/enterprise/admin/guides/installation/accessing-the-management-console).
 
 ```shell
 # Print a report of weak user and system SSH keys
@@ -406,7 +406,7 @@ $ ghe-ssh-weak-fingerprints --revoke
 
 ### ghe-ssl-acme
 
-This utility allows you to install a Let's Encrypt certificate on your {% data variables.product.prodname_enterprise %} appliance. For more information, see "[Configuring TLS](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-tls)."
+This utility allows you to install a Let's Encrypt certificate on your {% data variables.product.prodname_enterprise %} appliance. For more information, see "[Configuring TLS](/enterprise/admin/guides/installation/configuring-tls)."
 
 You can use the `-x` flag to remove the ACME configuration.
 
@@ -418,7 +418,7 @@ ghe-ssl-acme -e
 
 This utility allows you to install a custom root CA certificate on your {% data variables.product.prodname_enterprise %} server. The certificate must be in PEM format. Furthermore, if your certificate provider includes multiple CA certificates in a single file, you must separate them into individual files that you then pass to `ghe-ssl-ca-certificate-install` one at a time.
 
-Run this utility to add a certificate chain for S/MIME commit signature verification. For more information, see "[About commit signature verification](/enterprise/{{ currentVersion }}/user/articles/about-commit-signature-verification/)."
+Run this utility to add a certificate chain for S/MIME commit signature verification. For more information, see "[About commit signature verification](/enterprise/user/articles/about-commit-signature-verification/)."
 
 Run this utility when {% data variables.product.product_location %} is unable to connect to another server because the latter is using a self-signed SSL certificate or an SSL certificate for which it doesn't provide the necessary CA bundle. One way to confirm this is to run `openssl s_client -connect host:port -verify 0 -CApath /etc/ssl/certs` from {% data variables.product.product_location %}. If the remote server's SSL certificate can be verified, your `SSL-Session` should have a return code of 0, as shown below.
 
@@ -470,7 +470,7 @@ ghe-ssl-certificate-setup
 
 ### ghe-ssl-generate-csr
 
-This utility allows you to generate a private key and certificate signing request (CSR), which you can share with a commercial or private certificate authority to get a valid certificate to use with your instance. For more information, see "[Configuring TLS](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-tls)."
+This utility allows you to generate a private key and certificate signing request (CSR), which you can share with a commercial or private certificate authority to get a valid certificate to use with your instance. For more information, see "[Configuring TLS](/enterprise/admin/guides/installation/configuring-tls)."
 
 For more information about this command or for additional options, use the `-h` flag.
 
@@ -812,7 +812,7 @@ In this example, `ghe-repl-status -vv` sends verbose status information from a r
 
 ### ghe-upgrade
 
-This utility installs or verifies an upgrade package. You can also use this utility to roll back a patch release if an upgrade fails or is interrupted. For more information, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/guides/installation/upgrading-github-enterprise-server/)."
+This utility installs or verifies an upgrade package. You can also use this utility to roll back a patch release if an upgrade fails or is interrupted. For more information, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/enterprise/admin/guides/installation/upgrading-github-enterprise-server/)."
 
 To verify an upgrade package:
 ```shell
@@ -872,7 +872,7 @@ ghe-license-usage
 
 ### ghe-org-membership-update
 
-This utility will enforce the default organization membership visibility setting on all members in your instance. For more information, see "[Configuring visibility for organization membership](/enterprise/{{ currentVersion }}/admin/guides/user-management/configuring-visibility-for-organization-membership)." Setting options are `public` or `private`.
+This utility will enforce the default organization membership visibility setting on all members in your instance. For more information, see "[Configuring visibility for organization membership](/enterprise/admin/guides/user-management/configuring-visibility-for-organization-membership)." Setting options are `public` or `private`.
 
 ```shell
 ghe-org-membership-update --visibility=<em>SETTING</em>

content/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance.md

@@ -72,7 +72,7 @@ More resources may be required depending on your usage, such as user activity an
   {% endnote %}
 
 4. Set the `GHE_DATA_DIR` value to the filesystem location where you want to store backup snapshots.
-5. Open your primary instance's settings page at `https://HOSTNAME/setup/settings` and add the backup host's SSH key to the list of authorized SSH keys. For more information, see [Accessing the administrative shell (SSH)](/enterprise/{{ currentVersion }}/admin/guides/installation/accessing-the-administrative-shell-ssh/).
+5. Open your primary instance's settings page at `https://HOSTNAME/setup/settings` and add the backup host's SSH key to the list of authorized SSH keys. For more information, see [Accessing the administrative shell (SSH)](/enterprise/admin/guides/installation/accessing-the-administrative-shell-ssh/).
 6. Verify SSH connectivity with {% data variables.product.product_location %} with the `ghe-host-check` command.
   ```shell
   $ bin/ghe-host-check		  

content/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications.md

@@ -98,7 +98,7 @@ If you want to allow email replies to notifications, you must configure your DNS
 
 ### Create a Support Bundle
 
-If you cannot determine what is wrong from the displayed error message, you can download a [support bundle](/enterprise/{{ currentVersion }}/admin/guides/enterprise-support/providing-data-to-github-support) containing the entire SMTP conversation between your mail server and {% data variables.product.prodname_ghe_server %}. Once you've downloaded and extracted the bundle, check the entries in *enterprise-manage-logs/unicorn.log* for the entire SMTP conversation log and any related errors.
+If you cannot determine what is wrong from the displayed error message, you can download a [support bundle](/enterprise/admin/guides/enterprise-support/providing-data-to-github-support) containing the entire SMTP conversation between your mail server and {% data variables.product.prodname_ghe_server %}. Once you've downloaded and extracted the bundle, check the entries in *enterprise-manage-logs/unicorn.log* for the entire SMTP conversation log and any related errors.
 
 The unicorn log should show a transaction similar to the following:
 

content/admin/configuration/configuring-your-enterprise/enabling-and-scheduling-maintenance-mode.md

@@ -86,7 +86,7 @@ You can also use a command-line utility to configure the IP exception list. For
 
 ## Scheduling maintenance mode with {% data variables.product.prodname_enterprise_api %}
 
-You can schedule maintenance for different times or dates with {% data variables.product.prodname_enterprise_api %}. For more information, see "[Management Console](/enterprise/{{ currentVersion }}/user/rest/reference/enterprise-admin#enable-or-disable-maintenance-mode)."
+You can schedule maintenance for different times or dates with {% data variables.product.prodname_enterprise_api %}. For more information, see "[Management Console](/enterprise/user/rest/reference/enterprise-admin#enable-or-disable-maintenance-mode)."
 
 ## Enabling or disabling maintenance mode for all nodes in a cluster
 

content/admin/configuration/configuring-your-enterprise/enabling-private-mode.md

@@ -25,7 +25,7 @@ You must enable private mode if {% data variables.product.product_location %} is
 
 {% data reusables.enterprise_installation.image-urls-viewable-warning %}
 
-With private mode enabled, you can allow unauthenticated Git operations (and anyone with network access to {% data variables.product.product_location %}) to read a public repository's code on your instance with anonymous Git read access enabled. For more information, see "[Allowing admins to enable anonymous Git read access to public repositories](/enterprise/{{ currentVersion }}/admin/guides/user-management/allowing-admins-to-enable-anonymous-git-read-access-to-public-repositories)."
+With private mode enabled, you can allow unauthenticated Git operations (and anyone with network access to {% data variables.product.product_location %}) to read a public repository's code on your instance with anonymous Git read access enabled. For more information, see "[Allowing admins to enable anonymous Git read access to public repositories](/enterprise/admin/guides/user-management/allowing-admins-to-enable-anonymous-git-read-access-to-public-repositories)."
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}

content/admin/configuration/configuring-your-enterprise/site-admin-dashboard.md

@@ -215,21 +215,21 @@ Refer to this section of the site admin dashboard to manage organizations, peopl
 
 This is a list of the repositories on {% data variables.product.product_location %}. You can click on a repository name and access functions for administering the repository.
 
-- [Blocking force pushes to a repository](/enterprise/{{ currentVersion }}/admin/guides/developer-workflow/blocking-force-pushes-to-a-repository/)
-- [Configuring {% data variables.large_files.product_name_long %}](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-git-large-file-storage/#configuring-git-large-file-storage-for-an-individual-repository)
-- [Archiving and unarchiving repositories](/enterprise/{{ currentVersion }}/admin/guides/user-management/archiving-and-unarchiving-repositories/)
+- [Blocking force pushes to a repository](/enterprise/admin/guides/developer-workflow/blocking-force-pushes-to-a-repository/)
+- [Configuring {% data variables.large_files.product_name_long %}](/enterprise/admin/guides/installation/configuring-git-large-file-storage/#configuring-git-large-file-storage-for-an-individual-repository)
+- [Archiving and unarchiving repositories](/enterprise/admin/guides/user-management/archiving-and-unarchiving-repositories/)
 
 ## All users
 
-Here you can see all of the users on {% data variables.product.product_location %}, and [initiate an SSH key audit](/enterprise/{{ currentVersion }}/admin/guides/user-management/auditing-ssh-keys).
+Here you can see all of the users on {% data variables.product.product_location %}, and [initiate an SSH key audit](/enterprise/admin/guides/user-management/auditing-ssh-keys).
 
 ## Site admins
 
-Here you can see all of the administrators on {% data variables.product.product_location %}, and [initiate an SSH key audit](/enterprise/{{ currentVersion }}/admin/guides/user-management/auditing-ssh-keys).
+Here you can see all of the administrators on {% data variables.product.product_location %}, and [initiate an SSH key audit](/enterprise/admin/guides/user-management/auditing-ssh-keys).
 
 ## Dormant users
 {% ifversion ghes %}
-Here you can see and [suspend](/enterprise/{{ currentVersion }}/admin/guides/user-management/suspending-and-unsuspending-users) all of the inactive users on {% data variables.product.product_location %}. A user account is considered to be inactive ("dormant") when it:
+Here you can see and [suspend](/enterprise/admin/guides/user-management/suspending-and-unsuspending-users) all of the inactive users on {% data variables.product.product_location %}. A user account is considered to be inactive ("dormant") when it:
 {% endif %}
 {% ifversion ghae %}
 Here you can see and suspend all of the inactive users on {% data variables.product.product_location %}. A user account is considered to be inactive ("dormant") when it:
@@ -239,8 +239,8 @@ Here you can see and suspend all of the inactive users on {% data variables.prod
 - Has not generated any activity within that time period.
 - Is not a site administrator.
 
-{% data reusables.enterprise_site_admin_settings.dormancy-threshold %} For more information, see "[Managing dormant users](/enterprise/{{ currentVersion }}/admin/guides/user-management/managing-dormant-users/#configuring-the-dormancy-threshold)."
+{% data reusables.enterprise_site_admin_settings.dormancy-threshold %} For more information, see "[Managing dormant users](/enterprise/admin/guides/user-management/managing-dormant-users/#configuring-the-dormancy-threshold)."
 
 ## Suspended users
 
-Here you can see all of the users who have been suspended on {% data variables.product.product_location %}, and [initiate an SSH key audit](/enterprise/{{ currentVersion }}/admin/guides/user-management/auditing-ssh-keys).
+Here you can see all of the users who have been suspended on {% data variables.product.product_location %}, and [initiate an SSH key audit](/enterprise/admin/guides/user-management/auditing-ssh-keys).

content/admin/enterprise-management/caching-repositories/configuring-a-repository-cache.md

@@ -62,10 +62,10 @@ Then, when told to fetch `https://github.example.com/myorg/myrepo`, Git will ins
    $ ghe-repl-setup <em>PRIMARY IP</em>
    ```
 
-1. Set a `cache_location` for the repository cache, replacing *CACHE-LOCATION* with an alphanumeric identifier, such as the region where the cache is deployed.
+1. Set a `cache_location` for the repository cache, replacing *CACHE-LOCATION* with an alphanumeric identifier, such as the region where the cache is deployed. Also set a datacenter name for this cache; new caches will attempt to seed from another cache in the same datacenter.
 
    ```shell
-   $ ghe-repl-node --cache <em>CACHE-LOCATION</em>
+   $ ghe-repl-node --cache <em>CACHE-LOCATION</em> --datacenter <em>REPLICA-DC-NAME</em>
    ```
 
 {% data reusables.enterprise_installation.replication-command %}

content/admin/enterprise-management/configuring-clustering/about-clustering.md

@@ -18,7 +18,7 @@ topics:
 
 {% data variables.product.prodname_ghe_server %} is comprised of a set of services. In a cluster, these services run across multiple nodes and requests are load balanced between them. Changes are automatically stored with redundant copies on separate nodes. Most of the services are equal peers with other instances of the same service. The exceptions to this are the `mysql-server` and `redis-server` services. These operate with a single _primary_ node with one or more _replica_ nodes.
 
-Learn more about [services required for clustering](/enterprise/{{ currentVersion }}/admin/enterprise-management/about-cluster-nodes#services-required-for-clustering).
+Learn more about [services required for clustering](/enterprise/admin/enterprise-management/about-cluster-nodes#services-required-for-clustering).
 
 ## Is clustering right for my organization?
 
@@ -26,7 +26,7 @@ Learn more about [services required for clustering](/enterprise/{{ currentVersio
 
 {% data variables.product.prodname_ghe_server %} requires low latency between nodes and is not intended for redundancy across geographic locations.
 
-Clustering provides redundancy, but it is not intended to replace a High Availability configuration. For more information, see [High Availability configuration](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-github-enterprise-server-for-high-availability). A primary/secondary failover configuration is far simpler than clustering and will serve the needs of many organizations. For more information, see [Differences between Clustering and High Availability](/enterprise/{{ currentVersion }}/admin/guides/clustering/differences-between-clustering-and-high-availability-ha/).
+Clustering provides redundancy, but it is not intended to replace a High Availability configuration. For more information, see [High Availability configuration](/enterprise/admin/guides/installation/configuring-github-enterprise-server-for-high-availability). A primary/secondary failover configuration is far simpler than clustering and will serve the needs of many organizations. For more information, see [Differences between Clustering and High Availability](/enterprise/admin/guides/clustering/differences-between-clustering-and-high-availability-ha/).
 
 {% data reusables.package_registry.packages-cluster-support %}
 

content/admin/enterprise-management/configuring-clustering/differences-between-clustering-and-high-availability-ha.md

@@ -38,8 +38,8 @@ Neither HA nor Clustering should be considered a replacement for regular backups
 
 ## Monitoring
 
-Availability features, especially ones with automatic failover such as Clustering, can mask a failure since service is usually not disrupted when something fails. Whether you are using HA or Clustering, monitoring the health of each instance is important so that you are aware when a failure occurs. For more information on monitoring, see "[Recommended alert thresholds](/enterprise/{{ currentVersion }}/admin/guides/installation/recommended-alert-thresholds/)" and "[Monitoring cluster nodes](/enterprise/{{ currentVersion}}/admin/guides/clustering/monitoring-cluster-nodes/)."
+Availability features, especially ones with automatic failover such as Clustering, can mask a failure since service is usually not disrupted when something fails. Whether you are using HA or Clustering, monitoring the health of each instance is important so that you are aware when a failure occurs. For more information on monitoring, see "[Recommended alert thresholds](/enterprise/admin/guides/installation/recommended-alert-thresholds/)" and "[Monitoring cluster nodes](/enterprise/{{ currentVersion}}/admin/guides/clustering/monitoring-cluster-nodes/)."
 
 ## Further reading
 - For more information about {% data variables.product.prodname_ghe_server %} Clustering, see "[About clustering](/enterprise/{{ currentVersion}}/admin/guides/clustering/about-clustering/)."
-- For more information about HA, see "[Configuring {% data variables.product.prodname_ghe_server %} for High Availability](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-github-enterprise-server-for-high-availability/)."
+- For more information about HA, see "[Configuring {% data variables.product.prodname_ghe_server %} for High Availability](/enterprise/admin/guides/installation/configuring-github-enterprise-server-for-high-availability/)."

content/admin/enterprise-management/configuring-clustering/initializing-the-cluster.md

@@ -16,12 +16,12 @@ topics:
 
 ## Installing {% data variables.product.prodname_ghe_server %}
 
-1. On each cluster node, provision and install {% data variables.product.prodname_ghe_server %}. For more information, see "[Setting up a {% data variables.product.prodname_ghe_server %} instance](/enterprise/{{ currentVersion }}/admin/guides/installation/setting-up-a-github-enterprise-server-instance)."
+1. On each cluster node, provision and install {% data variables.product.prodname_ghe_server %}. For more information, see "[Setting up a {% data variables.product.prodname_ghe_server %} instance](/enterprise/admin/guides/installation/setting-up-a-github-enterprise-server-instance)."
 2. Using the administrative shell or DHCP, **only** configure the IP address of each node. Don't configure any other settings.
 
 ## Configuring the first node
 
-1. Connect to the node that will be designated as MySQL primary in `cluster.conf`. For more information, see "[About the cluster configuration file](/enterprise/{{ currentVersion }}/admin/guides/clustering/initializing-the-cluster/#about-the-cluster-configuration-file)."
+1. Connect to the node that will be designated as MySQL primary in `cluster.conf`. For more information, see "[About the cluster configuration file](/enterprise/admin/guides/clustering/initializing-the-cluster/#about-the-cluster-configuration-file)."
 2. In your web browser, visit `https://<ip address>:8443/setup/`.
 {% data reusables.enterprise_installation.upload-a-license-file %}
 {% data reusables.enterprise_installation.save-settings-in-web-based-mgmt-console %}
@@ -29,7 +29,7 @@ topics:
 
 ## Initializing the cluster
 
-To initialize the cluster, you need a cluster configuration file (`cluster.conf`). For more information, see "[About the cluster configuration file](/enterprise/{{ currentVersion }}/admin/guides/clustering/initializing-the-cluster/#about-the-cluster-configuration-file)".
+To initialize the cluster, you need a cluster configuration file (`cluster.conf`). For more information, see "[About the cluster configuration file](/enterprise/admin/guides/clustering/initializing-the-cluster/#about-the-cluster-configuration-file)".
 
 1. From the first node that was configured, run `ghe-cluster-config-init`.  This will initialize the cluster if there are nodes in the cluster configuration file that are not configured.
 2. Run `ghe-cluster-config-apply`. This will validate the `cluster.conf` file, apply the configuration to each node file and bring up the configured services on each node.
@@ -39,7 +39,7 @@ To check the status of a running cluster use the `ghe-cluster-status` command.
 ## About the cluster configuration file
 
 The cluster configuration file (`cluster.conf`) defines the nodes in the cluster, and what services they run.
-For more information, see "[About cluster nodes](/enterprise/{{ currentVersion }}/admin/guides/clustering/about-cluster-nodes)."
+For more information, see "[About cluster nodes](/enterprise/admin/guides/clustering/about-cluster-nodes)."
 
 This example `cluster.conf` defines a cluster with five nodes.
 

content/admin/enterprise-management/configuring-high-availability/about-geo-replication.md

@@ -33,4 +33,4 @@ Geo-replication will not add capacity to a {% data variables.product.prodname_gh
 {% data reusables.enterprise_installation.monitoring-replicas %}
 
 ## Further reading
-- "[Creating geo-replication replicas](/enterprise/{{ currentVersion }}/admin/guides/installation/creating-a-high-availability-replica/#creating-geo-replication-replicas)"
+- "[Creating geo-replication replicas](/enterprise/admin/guides/installation/creating-a-high-availability-replica/#creating-geo-replication-replicas)"

content/admin/enterprise-management/configuring-high-availability/about-high-availability-configuration.md

@@ -29,7 +29,7 @@ Use a high availability configuration for protection against:
 
 A high availability configuration is not a good solution for:
 
-  - **Scaling-out**. While you can distribute traffic geographically using geo-replication, the performance of writes is limited to the speed and availability of the primary appliance. For more information, see "[About geo-replication](/enterprise/{{ currentVersion }}/admin/guides/installation/about-geo-replication/)."{% ifversion ghes > 3.2 %}
+  - **Scaling-out**. While you can distribute traffic geographically using geo-replication, the performance of writes is limited to the speed and availability of the primary appliance. For more information, see "[About geo-replication](/enterprise/admin/guides/installation/about-geo-replication/)."{% ifversion ghes > 3.2 %}
   - **CI/CD load**. If you have a large number of CI clients that are geographically distant from your primary instance, you may benefit from configuring a repository cache. For more information, see "[About repository caching](/admin/enterprise-management/caching-repositories/about-repository-caching)."{% endif %}
   - **Backing up your primary appliance**. A high availability replica does not replace off-site backups in your disaster recovery plan. Some forms of data corruption or loss may be replicated immediately from the primary to the replica. To ensure safe rollback to a stable past state, you must perform regular backups with historical snapshots.
   - **Zero downtime upgrades**. To prevent data loss and split-brain situations in controlled promotion scenarios, place the primary appliance in maintenance mode and wait for all writes to complete before promoting the replica.
@@ -44,13 +44,13 @@ With DNS failover, use short TTL values in the DNS records that point to the pri
 
 During failover, you must place the primary into maintenance mode and redirect its DNS records to the replica appliance's IP address. The time needed to redirect traffic from primary to replica will depend on the TTL configuration and time required to update the DNS records.
 
-If you are using geo-replication, you must configure Geo DNS to direct traffic to the nearest replica. For more information, see "[About geo-replication](/enterprise/{{ currentVersion }}/admin/guides/installation/about-geo-replication/)."
+If you are using geo-replication, you must configure Geo DNS to direct traffic to the nearest replica. For more information, see "[About geo-replication](/enterprise/admin/guides/installation/about-geo-replication/)."
 
 ### Load balancer
 
 {% data reusables.enterprise_clustering.load_balancer_intro %} {% data reusables.enterprise_clustering.load_balancer_dns %}
 
-During failover, you must place the primary appliance into maintenance mode. You can configure the load balancer to automatically detect when the replica has been promoted to primary, or it may require a manual configuration change. You must manually promote the replica to primary before it will respond to user traffic. For more information, see "[Using {% data variables.product.prodname_ghe_server %} with a load balancer](/enterprise/{{ currentVersion }}/admin/guides/installation/using-github-enterprise-server-with-a-load-balancer/)."
+During failover, you must place the primary appliance into maintenance mode. You can configure the load balancer to automatically detect when the replica has been promoted to primary, or it may require a manual configuration change. You must manually promote the replica to primary before it will respond to user traffic. For more information, see "[Using {% data variables.product.prodname_ghe_server %} with a load balancer](/enterprise/admin/guides/installation/using-github-enterprise-server-with-a-load-balancer/)."
 
 {% data reusables.enterprise_installation.monitoring-replicas %}
 
@@ -186,5 +186,5 @@ The `ghe-repl-teardown` command disables replication mode completely, removing t
 
 ## Further reading
 
-- "[Creating a high availability replica](/enterprise/{{ currentVersion }}/admin/guides/installation/creating-a-high-availability-replica)"
+- "[Creating a high availability replica](/enterprise/admin/guides/installation/creating-a-high-availability-replica)"
 - "[Network ports](/admin/configuration/configuring-network-settings/network-ports)"

content/admin/enterprise-management/configuring-high-availability/creating-a-high-availability-replica.md

@@ -18,7 +18,7 @@ shortTitle: Create HA replica
 
 ## Creating a high availability replica
 
-1. Set up a new {% data variables.product.prodname_ghe_server %} appliance on your desired platform. The replica appliance should mirror the primary appliance's CPU, RAM, and storage settings. We recommend that you install the replica appliance in an independent environment. The underlying hardware, software, and network components should be isolated from those of the primary appliance. If you are a using a cloud provider, use a separate region or zone. For more information, see ["Setting up a {% data variables.product.prodname_ghe_server %} instance"](/enterprise/{{ currentVersion }}/admin/guides/installation/setting-up-a-github-enterprise-server-instance).
+1. Set up a new {% data variables.product.prodname_ghe_server %} appliance on your desired platform. The replica appliance should mirror the primary appliance's CPU, RAM, and storage settings. We recommend that you install the replica appliance in an independent environment. The underlying hardware, software, and network components should be isolated from those of the primary appliance. If you are a using a cloud provider, use a separate region or zone. For more information, see ["Setting up a {% data variables.product.prodname_ghe_server %} instance"](/enterprise/admin/guides/installation/setting-up-a-github-enterprise-server-instance).
 1. Ensure that both the primary appliance and the new replica appliance can communicate with each other over ports 122/TCP and 1194/UDP. For more information, see "[Network ports](/admin/configuration/configuring-network-settings/network-ports#administrative-ports)."
 1. In a browser, navigate to the new replica appliance's IP address and upload your {% data variables.product.prodname_enterprise %} license.
 {% data reusables.enterprise_installation.replica-steps %}
@@ -37,7 +37,7 @@ shortTitle: Create HA replica
 
 ## Creating geo-replication replicas
 
-This example configuration uses a primary and two replicas, which are located in three different geographic regions. While the three nodes can be in different networks, all nodes are required to be reachable from all the other nodes. At the minimum, the required administrative ports should be open to all the other nodes. For more information about the port requirements, see "[Network Ports](/enterprise/{{ currentVersion }}/admin/guides/installation/network-ports/#administrative-ports)."
+This example configuration uses a primary and two replicas, which are located in three different geographic regions. While the three nodes can be in different networks, all nodes are required to be reachable from all the other nodes. At the minimum, the required administrative ports should be open to all the other nodes. For more information about the port requirements, see "[Network Ports](/enterprise/admin/guides/installation/network-ports/#administrative-ports)."
 
 1. Create the first replica the same way you would for a standard two node configuration by running `ghe-repl-setup` on the first replica.
   ```shell
@@ -97,6 +97,6 @@ For testing, you can add entries to the local workstation's `hosts` file (for ex
 
 ## Further reading
 
-- "[About high availability configuration](/enterprise/{{ currentVersion }}/admin/guides/installation/about-high-availability-configuration)"
-- "[Utilities for replication management](/enterprise/{{ currentVersion }}/admin/guides/installation/about-high-availability-configuration/#utilities-for-replication-management)"
-- "[About geo-replication](/enterprise/{{ currentVersion }}/admin/guides/installation/about-geo-replication/)"
+- "[About high availability configuration](/enterprise/admin/guides/installation/about-high-availability-configuration)"
+- "[Utilities for replication management](/enterprise/admin/guides/installation/about-high-availability-configuration/#utilities-for-replication-management)"
+- "[About geo-replication](/enterprise/admin/guides/installation/about-geo-replication/)"

content/admin/enterprise-management/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md

@@ -49,7 +49,7 @@ The time required to failover depends on how long it takes to manually promote t
   ```
 5. Update the DNS record to point to the IP address of the replica. Traffic is directed to the replica after the TTL period elapses. If you are using a load balancer, ensure it is configured to send traffic to the replica.
 6. Notify users that they can resume normal operations.
-7. If desired, set up replication from the new primary to existing appliances and the previous primary. For more information, see "[About high availability configuration](/enterprise/{{ currentVersion }}/admin/guides/installation/about-high-availability-configuration/#utilities-for-replication-management)."
+7. If desired, set up replication from the new primary to existing appliances and the previous primary. For more information, see "[About high availability configuration](/enterprise/admin/guides/installation/about-high-availability-configuration/#utilities-for-replication-management)."
 8. Appliances you do not intend to setup replication to that were part of the high availability configuration prior the failover, need to be removed from the high availability configuration by UUID.
     - On the former appliances, get their UUID via `cat /data/user/common/uuid`.
       ```shell
@@ -62,4 +62,4 @@ The time required to failover depends on how long it takes to manually promote t
 
 ## Further reading
 
-- "[Utilities for replication management](/enterprise/{{ currentVersion }}/admin/guides/installation/about-high-availability-configuration/#utilities-for-replication-management)"
+- "[Utilities for replication management](/enterprise/admin/guides/installation/about-high-availability-configuration/#utilities-for-replication-management)"

content/admin/enterprise-management/configuring-high-availability/recovering-a-high-availability-configuration.md

@@ -17,7 +17,7 @@ shortTitle: Recover a HA configuration
 
 ## About recovery for a high availability configuration
 
-You can use the former primary appliance as the new replica appliance if the failover was planned or was not related to the health of the appliance. If the failover was related to an issue with the primary appliance, you may prefer to create a new replica appliance. For more information, see "[Creating a high availability replica](/enterprise/{{ currentVersion }}/admin/guides/installation/creating-a-high-availability-replica/)."
+You can use the former primary appliance as the new replica appliance if the failover was planned or was not related to the health of the appliance. If the failover was related to an issue with the primary appliance, you may prefer to create a new replica appliance. For more information, see "[Creating a high availability replica](/enterprise/admin/guides/installation/creating-a-high-availability-replica/)."
 
 {% warning %}
 

content/admin/enterprise-management/monitoring-your-appliance/accessing-the-monitor-dashboard.md

@@ -27,7 +27,7 @@ shortTitle: Access the monitor dashboard
 
 {% note %}
 
-**Note**: Because regularly polling {% data variables.product.product_location %} with continuous integration (CI) or build servers can effectively cause a denial of service attack that results in problems, we recommend using webhooks to push updates. For more information, see "[About webhooks](/enterprise/{{ currentVersion }}/user/articles/about-webhooks/)".
+**Note**: Because regularly polling {% data variables.product.product_location %} with continuous integration (CI) or build servers can effectively cause a denial of service attack that results in problems, we recommend using webhooks to push updates. For more information, see "[About webhooks](/enterprise/user/articles/about-webhooks/)".
 
 {% endnote %}
 
@@ -35,8 +35,8 @@ Use the monitor dashboard to stay informed on your appliance's resource health a
 
 | Problem | Possible cause(s) | Recommendations |
 | -------- | ----------------- | --------------- |
-| High CPU usage | VM contention from other services or programs running on the same host | If possible, reconfigure other services or programs to use fewer CPU resources. To increase total CPU resources for the VM, see "[Increasing CPU or memory resources](/enterprise/{{ currentVersion }}/admin/guides/installation/increasing-cpu-or-memory-resources/)." |
-| High memory usage | VM contention from other services or programs running on the same host | If possible, reconfigure other services or programs to use less memory. To increase the total memory available on the VM, see "[Increasing CPU or memory resources](/enterprise/{{ currentVersion }}/admin/guides/installation/increasing-cpu-or-memory-resources/)." |
-| Low disk space availability | Large binaries or log files consuming disk space | If possible, host large binaries on a separate server, and compress or archive log files. If necessary, increase disk space on the VM by following the steps for your platform in "[Increasing storage capacity](/enterprise/{{ currentVersion }}/admin/guides/installation/increasing-storage-capacity/)." |
+| High CPU usage | VM contention from other services or programs running on the same host | If possible, reconfigure other services or programs to use fewer CPU resources. To increase total CPU resources for the VM, see "[Increasing CPU or memory resources](/enterprise/admin/guides/installation/increasing-cpu-or-memory-resources/)." |
+| High memory usage | VM contention from other services or programs running on the same host | If possible, reconfigure other services or programs to use less memory. To increase the total memory available on the VM, see "[Increasing CPU or memory resources](/enterprise/admin/guides/installation/increasing-cpu-or-memory-resources/)." |
+| Low disk space availability | Large binaries or log files consuming disk space | If possible, host large binaries on a separate server, and compress or archive log files. If necessary, increase disk space on the VM by following the steps for your platform in "[Increasing storage capacity](/enterprise/admin/guides/installation/increasing-storage-capacity/)." |
 | Higher than usual response times | Often caused by one of the above issues | Identify and fix the underlying issues. If response times remain high, contact {% data variables.contact.contact_ent_support %}. |
 | Elevated error rates | Software issues  | Contact {% data variables.contact.contact_ent_support %} and include your support bundle. For more information, see "[Providing data to {% data variables.product.prodname_enterprise %} Support](/enterprise/{{ currentVersion}}/admin/guides/enterprise-support/providing-data-to-github-support#creating-and-sharing-support-bundles)." |

content/admin/enterprise-management/monitoring-your-appliance/setting-up-external-monitoring.md

@@ -17,10 +17,10 @@ shortTitle: Set up external monitoring
 ---
 ## About SNMP
 
-Simple Network Management Protocol (SNMP) is a widely supported method of monitoring network devices and servers. SNMP is disabled by default but can be configured through the {% data variables.product.prodname_enterprise %} monitor dashboard. UDP port 161 must be open and reachable from your network management station. For more information, see "[Monitoring using SNMP](/enterprise/{{ currentVersion }}/admin/guides/installation/monitoring-using-snmp/)."
+Simple Network Management Protocol (SNMP) is a widely supported method of monitoring network devices and servers. SNMP is disabled by default but can be configured through the {% data variables.product.prodname_enterprise %} monitor dashboard. UDP port 161 must be open and reachable from your network management station. For more information, see "[Monitoring using SNMP](/enterprise/admin/guides/installation/monitoring-using-snmp/)."
 
 ## About collectd
 
-collectd is an open source statistics collection and reporting daemon with built-in support for writing to RRD files. Statistics on CPU utilization, memory and disk consumption, network interface traffic and errors, and system load can be forwarded to an external collectd server where graphs, analysis, and alerting may be configured using a wide range of available tools and plugins. To configure `collectd` forwarding, see "[Configuring collectd](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-collectd/)".
+collectd is an open source statistics collection and reporting daemon with built-in support for writing to RRD files. Statistics on CPU utilization, memory and disk consumption, network interface traffic and errors, and system load can be forwarded to an external collectd server where graphs, analysis, and alerting may be configured using a wide range of available tools and plugins. To configure `collectd` forwarding, see "[Configuring collectd](/enterprise/admin/guides/installation/configuring-collectd/)".
 
 Additionally, the monitoring tools built into underlying virtualization platforms may also be used for basic monitoring and alerting of system resources. For more information, see [Amazon CloudWatch](http://aws.amazon.com/cloudwatch/) and [VMware vSphere Monitoring](http://pubs.vmware.com/vsphere-50/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-50-monitoring-performance-guide.pdf) documentation.

content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/enabling-automatic-update-checks.md

@@ -13,9 +13,9 @@ topics:
   - Upgrades
 shortTitle: Enable automatic update checks
 ---
-When an upgrade package is automatically downloaded for {% data variables.product.product_location %}, you'll receive a message letting you know you can upgrade {% data variables.product.prodname_ghe_server %}. Packages download to the `/var/lib/ghe-updates` directory on {% data variables.product.product_location %}. For more information, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/guides/installation/upgrading-github-enterprise-server)."
+When an upgrade package is automatically downloaded for {% data variables.product.product_location %}, you'll receive a message letting you know you can upgrade {% data variables.product.prodname_ghe_server %}. Packages download to the `/var/lib/ghe-updates` directory on {% data variables.product.product_location %}. For more information, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/enterprise/admin/guides/installation/upgrading-github-enterprise-server)."
 
-If a hotpatch is available for an upgrade, the `.hpkg` will download automatically. In the management console you can choose to install the hotpatch immediately or schedule installation for a later time. For more information, see "[Upgrading with a hotpatch](/enterprise/{{ currentVersion }}/admin/guides/installation/upgrading-github-enterprise-server#upgrading-with-a-hotpatch)."
+If a hotpatch is available for an upgrade, the `.hpkg` will download automatically. In the management console you can choose to install the hotpatch immediately or schedule installation for a later time. For more information, see "[Upgrading with a hotpatch](/enterprise/admin/guides/installation/upgrading-github-enterprise-server#upgrading-with-a-hotpatch)."
 
 {% tip %}
 

content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/increasing-cpu-or-memory-resources.md

@@ -18,7 +18,7 @@ shortTitle: Increase CPU or memory
 
 {% note %}
 
-**Note:** Before increasing CPU or memory resources, put your instance in maintenance mode.{% ifversion ip-exception-list %} You can validate changes by configuring an IP exception list to allow access from specified IP addresses. {% endif %} For more information, see "[Enabling and scheduling maintenance mode](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
+**Note:** Before increasing CPU or memory resources, put your instance in maintenance mode.{% ifversion ip-exception-list %} You can validate changes by configuring an IP exception list to allow access from specified IP addresses. {% endif %} For more information, see "[Enabling and scheduling maintenance mode](/enterprise/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
 
 {% endnote %}
 

content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/increasing-storage-capacity.md

@@ -23,7 +23,7 @@ As more users join {% data variables.product.product_location %}, you may need t
 
 {% note %}
 
-**Note:** Before resizing any storage volume, put your instance in maintenance mode.{% ifversion ip-exception-list %} You can validate changes by configuring an IP exception list to allow access from specified IP addresses. {% endif %} For more information, see "[Enabling and scheduling maintenance mode](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
+**Note:** Before resizing any storage volume, put your instance in maintenance mode.{% ifversion ip-exception-list %} You can validate changes by configuring an IP exception list to allow access from specified IP addresses. {% endif %} For more information, see "[Enabling and scheduling maintenance mode](/enterprise/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
 
 {% endnote %}
 
@@ -35,7 +35,7 @@ As more users join {% data variables.product.product_location %}, you may need t
 
 1. Resize the existing user volume disk using your virtualization platform's tools.
 {% data reusables.enterprise_installation.ssh-into-instance %}
-3. Put the appliance in maintenance mode. For more information, see "[Enabling and scheduling maintenance mode](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
+3. Put the appliance in maintenance mode. For more information, see "[Enabling and scheduling maintenance mode](/enterprise/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
 4. Reboot the appliance to detect the new storage allocation:
   ```shell
   $ sudo reboot
@@ -47,7 +47,7 @@ As more users join {% data variables.product.product_location %}, you may need t
 
 ## Increasing the root partition size using a new appliance
 
-1. Set up a new {% data variables.product.prodname_ghe_server %} instance with a larger root disk using the same version as your current appliance. For more information, see "[Setting up a {% data variables.product.prodname_ghe_server %} instance](/enterprise/{{ currentVersion }}/admin/guides/installation/setting-up-a-github-enterprise-server-instance)."
+1. Set up a new {% data variables.product.prodname_ghe_server %} instance with a larger root disk using the same version as your current appliance. For more information, see "[Setting up a {% data variables.product.prodname_ghe_server %} instance](/enterprise/admin/guides/installation/setting-up-a-github-enterprise-server-instance)."
 2. Shut down the current appliance:
   ```shell
   $ sudo poweroff
@@ -59,7 +59,7 @@ As more users join {% data variables.product.product_location %}, you may need t
 
 {% warning %}
 
-**Warning:** Before increasing the root partition size, you must put your instance in maintenance mode. For more information, see "[Enabling and scheduling maintenance mode](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
+**Warning:** Before increasing the root partition size, you must put your instance in maintenance mode. For more information, see "[Enabling and scheduling maintenance mode](/enterprise/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
 
 {% endwarning %}
 

content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/index.md

@@ -2,8 +2,8 @@
 title: Updating the virtual machine and physical resources
 intro: 'Upgrading the virtual software and virtual hardware requires some downtime for your instance, so be sure to plan your upgrade in advance.'
 redirect_from:
-  - '/enterprise/{{ currentVersion }}/admin/guides/installation/upgrading-the-vm'
-  - '/enterprise/{{ currentVersion }}/admin/guides/installation/upgrading-physical-resources'
+  - '/enterprise/admin/guides/installation/upgrading-the-vm'
+  - '/enterprise/admin/guides/installation/upgrading-physical-resources'
   - /enterprise/admin/installation/updating-the-virtual-machine-and-physical-resources
   - /enterprise/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources
 versions:

content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/migrating-from-github-enterprise-1110x-to-2123.md

@@ -56,7 +56,7 @@ To upgrade to the latest version of {% data variables.product.prodname_enterpris
 7. Click **Add key** and then click **Continue**.
 8. Copy the `ghe-restore` command that you'll run on the backup host to migrate data to the new instance.
 ![Starting a migration](/assets/images/enterprise/migration/migration-restore-start.png)
-9. Enable maintenance mode on the old instance and wait for all active processes to complete. For more information, see "[Enabling and scheduling maintenance mode](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
+9. Enable maintenance mode on the old instance and wait for all active processes to complete. For more information, see "[Enabling and scheduling maintenance mode](/enterprise/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
 
   {% note %}
 
@@ -99,4 +99,4 @@ To upgrade to the latest version of {% data variables.product.prodname_enterpris
   {% endnote %}
 
 15. Switch user network traffic from the old instance to the new instance using either DNS or IP address assignment.
-16. Upgrade to the latest patch release of {{ currentVersion }}. For more information, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/enterprise/admin/guides/installation/upgrading-github-enterprise-server/)."
+16. Upgrade to the latest patch release of {% data variables.product.prodname_ghe_server %}. For more information, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/enterprise/admin/guides/installation/upgrading-github-enterprise-server/)."

content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrade-requirements.md

@@ -18,7 +18,7 @@ topics:
 **Notes:**
 {% ifversion ghes < 3.3 %}- Features such as {% data variables.product.prodname_actions %}, {% data variables.product.prodname_registry %}, {% data variables.product.prodname_mobile %} and {% data variables.product.prodname_GH_advanced_security %} are available on {% data variables.product.prodname_ghe_server %} 3.0 or higher. We highly recommend upgrading to 3.0 or later releases to take advantage of critical security updates, bug fixes and feature enhancements.{% endif %}
 - Upgrade packages are available at [enterprise.github.com](https://enterprise.github.com/releases) for supported versions. Verify the availability of the upgrade packages you will need to complete the upgrade. If a package is not available, contact {% data variables.contact.contact_ent_support %} for assistance.
-- If you're using {% data variables.product.prodname_ghe_server %} Clustering, see "[Upgrading a cluster](/enterprise/{{ currentVersion }}/admin/guides/clustering/upgrading-a-cluster/)" in the {% data variables.product.prodname_ghe_server %} Clustering Guide for specific instructions unique to clustering.
+- If you're using {% data variables.product.prodname_ghe_server %} Clustering, see "[Upgrading a cluster](/enterprise/admin/guides/clustering/upgrading-a-cluster/)" in the {% data variables.product.prodname_ghe_server %} Clustering Guide for specific instructions unique to clustering.
 - The release notes for {% data variables.product.prodname_ghe_server %} provide a comprehensive list of new features for every version of {% data variables.product.prodname_ghe_server %}. For more information, see the [releases page](https://enterprise.github.com/releases).
 
 {% endnote %}
@@ -28,7 +28,7 @@ topics:
 - Include as few upgrades as possible in your upgrade process. For example, instead of upgrading from {% data variables.product.prodname_enterprise %} {{ enterpriseServerReleases.supported[2] }} to {{ enterpriseServerReleases.supported[1] }} to {{ enterpriseServerReleases.latest }}, you could upgrade from {% data variables.product.prodname_enterprise %} {{ enterpriseServerReleases.supported[2] }} to {{ enterpriseServerReleases.latest }}. Use the [{% data variables.enterprise.upgrade_assistant %}](https://support.github.com/enterprise/server-upgrade) to find the upgrade path from your current release version.
 - If you’re several versions behind, upgrade {% data variables.product.product_location %} as far forward as possible with each step of your upgrade process. Using the latest version possible on each upgrade allows you to take advantage of performance improvements and bug fixes. For example, you could upgrade from {% data variables.product.prodname_enterprise %} 2.7 to 2.8 to 2.10, but upgrading from {% data variables.product.prodname_enterprise %} 2.7 to 2.9 to 2.10 uses a later version in the second step.
 - Use the latest patch release when upgrading. {% data reusables.enterprise_installation.enterprise-download-upgrade-pkg %}
-- Use a staging instance to test the upgrade steps. For more information, see "[Setting up a staging instance](/enterprise/{{ currentVersion }}/admin/guides/installation/setting-up-a-staging-instance/)."
+- Use a staging instance to test the upgrade steps. For more information, see "[Setting up a staging instance](/enterprise/admin/guides/installation/setting-up-a-staging-instance/)."
 - When running multiple upgrades, wait at least 24 hours between feature upgrades to allow data migrations and upgrade tasks running in the background to fully complete.
 - Take a snapshot before upgrading your virtual machine. For more information, see "[Taking a snapshot](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#taking-a-snapshot)." 
 - Ensure you have a recent, successful backup of your instance. For more information, see the [{% data variables.product.prodname_enterprise_backup_utilities %} README.md file](https://github.com/github/backup-utils#readme).
@@ -51,4 +51,4 @@ Use the number to estimate the amount of disk space the MySQL audit logs will ne
 
 ## Next steps
 
-After reviewing these recommendations and requirements, you can upgrade {% data variables.product.prodname_ghe_server %}. For more information, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/guides/installation/upgrading-github-enterprise-server/)."
+After reviewing these recommendations and requirements, you can upgrade {% data variables.product.prodname_ghe_server %}. For more information, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/enterprise/admin/guides/installation/upgrading-github-enterprise-server/)."

content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server.md

@@ -27,14 +27,14 @@ shortTitle: Upgrading GHES
 
 ## Preparing to upgrade
 
-1. Determine an upgrade strategy and choose a version to upgrade to. For more information, see "[Upgrade requirements](/enterprise/{{ currentVersion }}/admin/guides/installation/upgrade-requirements/)" and refer to the [{% data variables.enterprise.upgrade_assistant %}](https://support.github.com/enterprise/server-upgrade) to find the upgrade path from your current release version.
+1. Determine an upgrade strategy and choose a version to upgrade to. For more information, see "[Upgrade requirements](/enterprise/admin/guides/installation/upgrade-requirements/)" and refer to the [{% data variables.enterprise.upgrade_assistant %}](https://support.github.com/enterprise/server-upgrade) to find the upgrade path from your current release version.
 1. Create a fresh backup of your primary instance with the {% data variables.product.prodname_enterprise_backup_utilities %}. For more information, see the [{% data variables.product.prodname_enterprise_backup_utilities %} README.md file](https://github.com/github/backup-utils#readme).
 1. If {% data variables.product.product_location %} uses ephemeral self-hosted runners for {% data variables.product.prodname_actions %} and you've disabled automatic updates, upgrade your runners to the version of the runner application that your upgraded instance will run.
 1. If you are upgrading using an upgrade package, schedule a maintenance window for {% data variables.product.prodname_ghe_server %} end users. If you are using a hotpatch, maintenance mode is not required.
 
   {% note %}
 
-  **Note:** The maintenance window depends on the type of upgrade you perform. Upgrades using a hotpatch usually don't require a maintenance window. Sometimes a reboot is required, which you can perform at a later time. Following the versioning scheme of MAJOR.FEATURE.PATCH, patch releases using an upgrade package typically require less than five minutes of downtime. Feature releases that include data migrations take longer depending on storage performance and the amount of data that's migrated. For more information, see "[Enabling and scheduling maintenance mode](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
+  **Note:** The maintenance window depends on the type of upgrade you perform. Upgrades using a hotpatch usually don't require a maintenance window. Sometimes a reboot is required, which you can perform at a later time. Following the versioning scheme of MAJOR.FEATURE.PATCH, patch releases using an upgrade package typically require less than five minutes of downtime. Feature releases that include data migrations take longer depending on storage performance and the amount of data that's migrated. For more information, see "[Enabling and scheduling maintenance mode](/enterprise/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
 
   {% endnote %}
 
@@ -72,7 +72,7 @@ There are two types of snapshots:
 
 {% data reusables.enterprise_installation.hotpatching-explanation %} 
 
-Using the {% data variables.enterprise.management_console %}, you can install a hotpatch immediately or schedule it for later installation. You can use the administrative shell to install a hotpatch with the `ghe-upgrade` utility. For more information, see "[Upgrade requirements](/enterprise/{{ currentVersion }}/admin/guides/installation/upgrade-requirements/)."
+Using the {% data variables.enterprise.management_console %}, you can install a hotpatch immediately or schedule it for later installation. You can use the administrative shell to install a hotpatch with the `ghe-upgrade` utility. For more information, see "[Upgrade requirements](/enterprise/admin/guides/installation/upgrade-requirements/)."
 
 {% note %}
 
@@ -81,7 +81,7 @@ Using the {% data variables.enterprise.management_console %}, you can install a
 {% ifversion ghes %}
 - If {% data variables.product.product_location %} is running a release candidate build, you can't upgrade with a hotpatch.
 
-- {% endif %}Installing a hotpatch using the {% data variables.enterprise.management_console %} is not available in clustered environments. To install a hotpatch in a clustered environment, see "[Upgrading a cluster](/enterprise/{{ currentVersion }}/admin/clustering/upgrading-a-cluster#upgrading-with-a-hotpatch)."
+- {% endif %}Installing a hotpatch using the {% data variables.enterprise.management_console %} is not available in clustered environments. To install a hotpatch in a clustered environment, see "[Upgrading a cluster](/enterprise/admin/clustering/upgrading-a-cluster#upgrading-with-a-hotpatch)."
 
 {% endnote %}
 
@@ -93,7 +93,7 @@ You can use the {% data variables.enterprise.management_console %} to upgrade wi
 
 If the upgrade target you're presented with is a feature release instead of a patch release, you cannot use the {% data variables.enterprise.management_console %} to install a hotpatch. You must install the hotpatch using the administrative shell instead. For more information, see "[Installing a hotpatch using the administrative shell](#installing-a-hotpatch-using-the-administrative-shell)."
 
-1. Enable automatic updates. For more information, see "[Enabling automatic updates](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-automatic-update-checks/)."
+1. Enable automatic updates. For more information, see "[Enabling automatic updates](/enterprise/admin/guides/installation/enabling-automatic-update-checks/)."
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_management_console.updates-tab %}
@@ -146,7 +146,7 @@ Appliances configured for high-availability and geo-replication use replica inst
 
 ## Upgrading with an upgrade package
 
-While you can use a hotpatch to upgrade to the latest patch release within a feature series, you must use an upgrade package to upgrade to a newer feature release. For example to upgrade from `2.11.10` to `2.12.4` you must use an upgrade package since these are in different feature series. For more information, see "[Upgrade requirements](/enterprise/{{ currentVersion }}/admin/guides/installation/upgrade-requirements/)."
+While you can use a hotpatch to upgrade to the latest patch release within a feature series, you must use an upgrade package to upgrade to a newer feature release. For example to upgrade from `2.11.10` to `2.12.4` you must use an upgrade package since these are in different feature series. For more information, see "[Upgrade requirements](/enterprise/admin/guides/installation/upgrade-requirements/)."
 
 ### Upgrading a single appliance with an upgrade package
 
@@ -155,7 +155,7 @@ While you can use a hotpatch to upgrade to the latest patch release within a fea
 {% data reusables.enterprise_installation.ssh-into-instance %}
 2. {% data reusables.enterprise_installation.enterprise-download-upgrade-pkg %} Select the appropriate platform and copy the URL for the upgrade package (*.pkg* file).
 {% data reusables.enterprise_installation.download-package %}
-4. Enable maintenance mode and wait for all active processes to complete on the {% data variables.product.prodname_ghe_server %} instance. For more information, see "[Enabling and scheduling maintenance mode](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
+4. Enable maintenance mode and wait for all active processes to complete on the {% data variables.product.prodname_ghe_server %} instance. For more information, see "[Enabling and scheduling maintenance mode](/enterprise/admin/guides/installation/enabling-and-scheduling-maintenance-mode)."
 
   {% note %}
 
@@ -199,7 +199,7 @@ Appliances configured for high-availability and geo-replication use replica inst
 
 {% endwarning %}
 
-1. On the primary instance, enable maintenance mode and wait for all active processes to complete. For more information, see "[Enabling maintenance mode](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-and-scheduling-maintenance-mode/)."
+1. On the primary instance, enable maintenance mode and wait for all active processes to complete. For more information, see "[Enabling maintenance mode](/enterprise/admin/guides/installation/enabling-and-scheduling-maintenance-mode/)."
 {% data reusables.enterprise_installation.replica-ssh %}
 3. On the replica instance, or on all replica instances if you're running multiple replica instances as part of geo-replication, run `ghe-repl-stop` to stop replication.
 4. Upgrade the primary instance by following the instructions in "[Upgrading a single appliance with an upgrade package](#upgrading-a-single-appliance-with-an-upgrade-package)."
@@ -241,7 +241,7 @@ To roll back a patch release, use the `ghe-upgrade` command with the `--allow-pa
 
 Once the rollback is complete, restart replication by running `ghe-repl-start` on all replicas. 
 
-For more information, see "[Command-line utilities](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities/#ghe-upgrade)."
+For more information, see "[Command-line utilities](/enterprise/admin/guides/installation/command-line-utilities/#ghe-upgrade)."
 
 ### Rolling back a feature release
 

content/admin/identity-and-access-management/managing-iam-for-your-enterprise/allowing-built-in-authentication-for-users-outside-your-provider.md

@@ -28,7 +28,7 @@ If you configure built-in authentication and a person successfully authenticates
 
 {% warning %}
 
-**Warning:** If you disable built-in authentication, you must individually suspend any users that should no longer have access to the instance. For more information, see "[Suspending and unsuspending users](/enterprise/{{ currentVersion }}/admin/guides/user-management/suspending-and-unsuspending-users)."
+**Warning:** If you disable built-in authentication, you must individually suspend any users that should no longer have access to the instance. For more information, see "[Suspending and unsuspending users](/enterprise/admin/guides/user-management/suspending-and-unsuspending-users)."
 
 {% endwarning %}
 

content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users.md

@@ -28,7 +28,9 @@ If you currently use SAML SSO for authentication and would prefer to use OIDC an
 
 ## Identity provider support
 
-Support for OIDC is in public beta and available for customers using Azure Active Directory (Azure AD).
+Support for OIDC is in public beta and available for customers using Azure Active Directory (Azure AD). 
+
+Each Azure AD tenant can support only one OIDC integration with {% data variables.product.prodname_emus %}. If you want to connect Azure AD to more than one enterprise on {% data variables.product.prodname_dotcom %}, use SAML instead. For more information, see "[Configuring SAML single sign-on for {% data variables.product.prodname_emus %}](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users)."
 
 ## Configuring OIDC for Enterprise Managed Users
 
@@ -44,4 +46,4 @@ Support for OIDC is in public beta and available for customers using Azure Activ
 
 ## Enabling provisioning
 
-After you enable OIDC SSO, enable provisioning. For more information, see "[Configuring SCIM provisioning for enterprise managed users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users)."
+After you enable OIDC SSO, enable provisioning. For more information, see "[Configuring SCIM provisioning for enterprise managed users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users)."

content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md

@@ -114,7 +114,7 @@ When this option is selected, the certificate is validated to make sure:
 
 {% endnote %}
 
-LDAP Sync lets you synchronize {% data variables.product.prodname_ghe_server %} users and team membership against your established LDAP groups. This lets you establish role-based access control for users from your LDAP server instead of manually within {% data variables.product.prodname_ghe_server %}. For more information, see "[Creating teams](/enterprise/{{ currentVersion }}/admin/guides/user-management/creating-teams#creating-teams-with-ldap-sync-enabled)."
+LDAP Sync lets you synchronize {% data variables.product.prodname_ghe_server %} users and team membership against your established LDAP groups. This lets you establish role-based access control for users from your LDAP server instead of manually within {% data variables.product.prodname_ghe_server %}. For more information, see "[Creating teams](/enterprise/admin/guides/user-management/creating-teams#creating-teams-with-ldap-sync-enabled)."
 
 To enable LDAP Sync, in your LDAP settings, select **Synchronize Emails**, **Synchronize SSH Keys**, or **Synchronize GPG Keys** .
 
@@ -190,8 +190,8 @@ You can view the full list of LDAP users who have access to your instance and pr
 Unless [LDAP Sync is enabled](#enabling-ldap-sync), changes to LDAP accounts are not automatically synchronized with {% data variables.product.prodname_ghe_server %}.
 
 * To use a new LDAP admin group, users must be manually promoted and demoted on {% data variables.product.prodname_ghe_server %} to reflect changes in LDAP.
-* To add or remove LDAP accounts in LDAP admin groups, [promote or demote the accounts on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/guides/user-management/promoting-or-demoting-a-site-administrator).
-* To remove LDAP accounts, [suspend the {% data variables.product.prodname_ghe_server %} accounts](/enterprise/{{ currentVersion }}/admin/guides/user-management/suspending-and-unsuspending-users).
+* To add or remove LDAP accounts in LDAP admin groups, [promote or demote the accounts on {% data variables.product.prodname_ghe_server %}](/enterprise/admin/guides/user-management/promoting-or-demoting-a-site-administrator).
+* To remove LDAP accounts, [suspend the {% data variables.product.prodname_ghe_server %} accounts](/enterprise/admin/guides/user-management/suspending-and-unsuspending-users).
 
 ### Manually syncing LDAP accounts
 
@@ -204,10 +204,10 @@ Unless [LDAP Sync is enabled](#enabling-ldap-sync), changes to LDAP accounts are
 5. Under "LDAP," click **Sync now** to manually update the account with data from your LDAP server.
 ![LDAP sync now button](/assets/images/enterprise/site-admin-settings/ldap-sync-now-button.png)
 
-You can also [use the API to trigger a manual sync](/enterprise/{{ currentVersion }}/user/rest/reference/enterprise-admin#ldap).
+You can also [use the API to trigger a manual sync](/enterprise/user/rest/reference/enterprise-admin#ldap).
 
 ## Revoking access to {% data variables.product.product_location %}
 
 If [LDAP Sync is enabled](#enabling-ldap-sync), removing a user's LDAP credentials will suspend their account after the next synchronization run.
 
-If LDAP Sync is **not** enabled, you must manually suspend the {% data variables.product.prodname_ghe_server %} account after you remove the LDAP credentials. For more information, see "[Suspending and unsuspending users](/enterprise/{{ currentVersion }}/admin/guides/user-management/suspending-and-unsuspending-users)".
+If LDAP Sync is **not** enabled, you must manually suspend the {% data variables.product.prodname_ghe_server %} account after you remove the LDAP credentials. For more information, see "[Suspending and unsuspending users](/enterprise/admin/guides/user-management/suspending-and-unsuspending-users)".

content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md

@@ -137,7 +137,7 @@ You can enable or disable SAML authentication for {% data variables.product.prod
 
    ![Screenshot of "Enable encrypted assertions" checkbox within management console's "Authentication" section](/assets/images/help/saml/management-console-enable-encrypted-assertions.png)
 {%- endif %}
-1. In the **Single sign-on URL** field, type the HTTP or HTTPS endpoint on your IdP for single sign-on requests. This value is provided by your IdP configuration. If the host is only available from your internal network, you may need to [configure {% data variables.product.product_location %} to use internal nameservers](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-dns-nameservers/).
+1. In the **Single sign-on URL** field, type the HTTP or HTTPS endpoint on your IdP for single sign-on requests. This value is provided by your IdP configuration. If the host is only available from your internal network, you may need to [configure {% data variables.product.product_location %} to use internal nameservers](/enterprise/admin/guides/installation/configuring-dns-nameservers/).
 
    ![Screenshot of text field for single sign-on URL](/assets/images/enterprise/management-console/saml-single-sign-url.png)
 1. Optionally, in the **Issuer** field, type your SAML issuer's name. This verifies the authenticity of messages sent to {% data variables.product.product_location %}.

content/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference.md

@@ -80,7 +80,7 @@ The following SAML attributes are available for {% data variables.product.produc
 | `NameID` | Yes | A persistent user identifier. Any persistent name identifier format may be used. {% ifversion ghec %}If you use an enterprise with {% data variables.product.prodname_emus %}, {% endif %}{% data variables.product.product_name %} will normalize the `NameID` element to use as a username unless one of the alternative assertions is provided. For more information, see "[Username considerations for external authentication](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication)." |
 | `SessionNotOnOrAfter` | No | The date that {% data variables.product.product_name %} invalidates the associated session. After invalidation, the person must authenticate once again to access {% ifversion ghec or ghae %}your enterprise's resources{% elsif ghes %}{% data variables.product.product_location %}{% endif %}. For more information, see "[Session duration and timeout](#session-duration-and-timeout)." |
 {%- ifversion ghes or ghae %}
-| `administrator` | No | When the value is `true`, {% data variables.product.product_name %} will automatically promote the user to be a {% ifversion ghes %}site administrator{% elsif ghae %}enterprise owner{% endif %}. Any other value or a non-existent value will demote the account and remove administrative access. |
+| `administrator` | No | When the value is `true`, {% data variables.product.product_name %} will automatically promote the user to be a {% ifversion ghes %}site administrator{% elsif ghae %}enterprise owner{% endif %}. Setting this attribute to anything but `true` will result in demotion, as long as the value is not blank. Omitting this attribute or leaving the value blank will not change the role of the user. |
 | `username` | No | The username for {% data variables.product.product_location %}. |
 {%- endif %}
 | `full_name` | No | {% ifversion ghec %}If you configure SAML SSO for an enterprise and you use {% data variables.product.prodname_emus %}, the{% else %}The{% endif %} full name of the user to display on the user's profile page. |

content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md

@@ -124,7 +124,7 @@ aws ec2 run-instances \
 
 If this is a production instance, we strongly recommend allocating an Elastic IP (EIP) and associating it with the instance before proceeding to {% data variables.product.prodname_ghe_server %} configuration. Otherwise, the public IP address of the instance will not be retained after instance restarts. For more information, see "[Allocating an Elastic IP Address](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#using-instance-addressing-eips-allocating)" and "[Associating an Elastic IP Address with a Running Instance](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#using-instance-addressing-eips-associating)" in the Amazon documentation.  
 
-Both primary and replica instances should be assigned separate EIPs in production High Availability configurations. For more information, see "[Configuring {% data variables.product.prodname_ghe_server %} for High Availability](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-github-enterprise-server-for-high-availability/)."
+Both primary and replica instances should be assigned separate EIPs in production High Availability configurations. For more information, see "[Configuring {% data variables.product.prodname_ghe_server %} for High Availability](/enterprise/admin/guides/installation/configuring-github-enterprise-server-for-high-availability/)."
 
 ## Configuring the {% data variables.product.prodname_ghe_server %} instance
 

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md

@@ -1010,7 +1010,7 @@ Action                        | Description
 | `repo.code_scanning_analysis_deleted` | Code scanning analysis for a repository was deleted. For more information, see "[Delete a code scanning analysis from a repository](/rest/reference/code-scanning#delete-a-code-scanning-analysis-from-a-repository)."
 | `repo.change_merge_setting` | Pull request merge options were changed for a repository.
 | `repo.clear_actions_settings` | A repository administrator cleared {% data variables.product.prodname_actions %} policy settings for a repository.
-| `repo.config`         | A repository administrator blocked force pushes. For more information, see [Blocking force pushes to a repository](/enterprise/{{ currentVersion }}/admin/guides/developer-workflow/blocking-force-pushes-to-a-repository/) to a repository.
+| `repo.config`         | A repository administrator blocked force pushes. For more information, see [Blocking force pushes to a repository](/enterprise/admin/guides/developer-workflow/blocking-force-pushes-to-a-repository/) to a repository.
 {%- ifversion fpt or ghec %}
 | `repo.config.disable_collaborators_only` | The interaction limit for collaborators only was disabled. For more information, see "[Limiting interactions in your repository](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository)."
 | `repo.config.disable_contributors_only` | The interaction limit for prior contributors only was disabled in a repository. For more information, see "[Limiting interactions in your repository](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository)."

content/admin/overview/about-the-github-enterprise-api.md

@@ -19,8 +19,8 @@ shortTitle: GitHub Enterprise API
 With the APIs, you can automate many administrative tasks. Some examples include:
 
 {% ifversion ghes %}
-- Perform changes to the {% data variables.enterprise.management_console %}. For more information, see "[{% data variables.enterprise.management_console %}](/enterprise/{{ currentVersion }}/user/rest/reference/enterprise-admin#management-console)."
-- Configure LDAP sync. For more information, see "[LDAP](/enterprise/{{ currentVersion }}/user/rest/reference/enterprise-admin#ldap)."{% endif %}
+- Perform changes to the {% data variables.enterprise.management_console %}. For more information, see "[{% data variables.enterprise.management_console %}](/enterprise/user/rest/reference/enterprise-admin#management-console)."
+- Configure LDAP sync. For more information, see "[LDAP](/enterprise/user/rest/reference/enterprise-admin#ldap)."{% endif %}
 - Collect statistics about your enterprise. For more information, see "[Admin stats](/rest/reference/enterprise-admin#admin-stats)."
 - Manage your enterprise account. For more information, see "[Enterprise accounts](/graphql/guides/managing-enterprise-accounts)."
 

content/admin/policies/enforcing-policy-with-pre-receive-hooks/creating-a-pre-receive-hook-script.md

@@ -145,7 +145,7 @@ We recommend consolidating hooks to a single repository. If the consolidated hoo
    $ git push
    ```
 
-3. [Create the pre-receive hook](/enterprise/{{ currentVersion }}/admin/guides/developer-workflow/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance/#creating-pre-receive-hooks) on the {% data variables.product.prodname_ghe_server %} instance.
+3. [Create the pre-receive hook](/enterprise/admin/guides/developer-workflow/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance/#creating-pre-receive-hooks) on the {% data variables.product.prodname_ghe_server %} instance.
 
 ## Testing pre-receive scripts locally
 You can test a pre-receive hook script locally before you create or update it on {% data variables.product.product_location %}. One method is to create a local Docker environment to act as a remote repository that can execute the pre-receive hook.

content/admin/user-management/managing-organizations-in-your-enterprise/configuring-visibility-for-organization-membership.md

@@ -29,4 +29,4 @@ You can also enforce your default setting on all current organization members in
   ![Drop-down menu with option to configure default organization membership visibility as public or private](/assets/images/enterprise/site-admin-settings/default-organization-membership-visibility-drop-down-menu.png)
 4. Optionally, to prevent members from changing their membership visibility from the default, select **Enforce on organization members**.
   ![Checkbox to enforce the default setting on all members](/assets/images/enterprise/site-admin-settings/enforce-default-org-membership-visibility-setting.png){% ifversion ghes %}
-5. If you'd like to enforce your new visibility setting on all existing members, use the `ghe-org-membership-update` command-line utility. For more information, see "[Command-line utilities](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities#ghe-org-membership-update)."{% endif %}
+5. If you'd like to enforce your new visibility setting on all existing members, use the `ghe-org-membership-update` command-line utility. For more information, see "[Command-line utilities](/enterprise/admin/guides/installation/command-line-utilities#ghe-org-membership-update)."{% endif %}

content/admin/user-management/managing-organizations-in-your-enterprise/creating-teams.md

@@ -18,7 +18,7 @@ Teams are central to many of {% data variables.product.prodname_dotcom %}'s coll
 
 A team can represent a group within your company or include people with certain interests or expertise. For example, a team of accessibility experts on {% data variables.product.product_location %} could comprise of people from several different departments. Teams can represent functional concerns that complement a company's existing divisional hierarchy.
 
-Organizations can create multiple levels of nested teams to reflect a company or group's hierarchy structure. For more information, see "[About teams](/enterprise/{{ currentVersion }}/user/articles/about-teams/#nested-teams)."
+Organizations can create multiple levels of nested teams to reflect a company or group's hierarchy structure. For more information, see "[About teams](/enterprise/user/articles/about-teams/#nested-teams)."
 
 ## Creating a team
 

content/admin/user-management/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization.md

@@ -23,19 +23,19 @@ For more information, see "[About two-factor authentication](/github/authenticat
 
 ## Requirements for enforcing two-factor authentication
 
-Before you can require organization members and outside collaborators to use 2FA, you must [enable two-factor authentication](/enterprise/{{ currentVersion }}/user/articles/securing-your-account-with-two-factor-authentication-2fa/) for your own personal account.
+Before you can require organization members and outside collaborators to use 2FA, you must [enable two-factor authentication](/enterprise/user/articles/securing-your-account-with-two-factor-authentication-2fa/) for your own personal account.
 
 {% warning %}
 
 **Warnings:**
 
-- When your require two-factor authentication, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can [reinstate their access privileges and settings](/enterprise/{{ currentVersion }}/user/articles/reinstating-a-former-member-of-your-organization).
+- When your require two-factor authentication, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can [reinstate their access privileges and settings](/enterprise/user/articles/reinstating-a-former-member-of-your-organization).
 - When 2FA is required, organization members or outside collaborators who disable 2FA will automatically be removed from the organization.
 - If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.
 
 {% endwarning %}
 
-Before you require use of two-factor authentication, we recommend notifying organization members and outside collaborators and asking them to set up 2FA for their accounts. You can [see if members and outside collaborators already use 2FA](/enterprise/{{ currentVersion }}/user/articles/viewing-whether-users-in-your-organization-have-2fa-enabled) on an organization's People tab.
+Before you require use of two-factor authentication, we recommend notifying organization members and outside collaborators and asking them to set up 2FA for their accounts. You can [see if members and outside collaborators already use 2FA](/enterprise/user/articles/viewing-whether-users-in-your-organization-have-2fa-enabled) on an organization's People tab.
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
@@ -45,7 +45,7 @@ Before you require use of two-factor authentication, we recommend notifying orga
 
 ## Viewing people who were removed from your organization
 
-To view people who were automatically removed from your organization for non-compliance when you required two-factor authentication, you can [search the audit log](/enterprise/{{ currentVersion }}/admin/guides/installation/searching-the-audit-log/) using `reason:two_factor_requirement_non_compliance` in the search field.
+To view people who were automatically removed from your organization for non-compliance when you required two-factor authentication, you can [search the audit log](/enterprise/admin/guides/installation/searching-the-audit-log/) using `reason:two_factor_requirement_non_compliance` in the search field.
 
 {% data reusables.audit_log.octicon_icon %}
 {% data reusables.enterprise_site_admin_settings.access-settings %}
@@ -66,7 +66,7 @@ If any members or outside collaborators are removed from the organization when y
 
 ## Further reading
 
-- "[Viewing whether users in your organization have 2FA enabled](/enterprise/{{ currentVersion }}/user/articles/viewing-whether-users-in-your-organization-have-2fa-enabled)"
-- "[Securing your account with two-factor authentication (2FA)](/enterprise/{{ currentVersion }}/user/articles/securing-your-account-with-two-factor-authentication-2fa)"
-- "[Reinstating a former member of your organization](/enterprise/{{ currentVersion }}/user/articles/reinstating-a-former-member-of-your-organization)"
-- "[Reinstating a former outside collaborator's access to your organization](/enterprise/{{ currentVersion }}/user/articles/reinstating-a-former-outside-collaborator-s-access-to-your-organization)"
+- "[Viewing whether users in your organization have 2FA enabled](/enterprise/user/articles/viewing-whether-users-in-your-organization-have-2fa-enabled)"
+- "[Securing your account with two-factor authentication (2FA)](/enterprise/user/articles/securing-your-account-with-two-factor-authentication-2fa)"
+- "[Reinstating a former member of your organization](/enterprise/user/articles/reinstating-a-former-member-of-your-organization)"
+- "[Reinstating a former outside collaborator's access to your organization](/enterprise/user/articles/reinstating-a-former-outside-collaborator-s-access-to-your-organization)"

content/admin/user-management/managing-users-in-your-enterprise/auditing-users-across-your-enterprise.md

@@ -112,7 +112,7 @@ The `country` qualifier filters actions by the originating country.
 
 The `created` qualifier filters actions by the time they occurred.
 - Define dates using the format of `YYYY-MM-DD`--that's year, followed by month, followed by day.
-- Dates support [greater than, less than, and range qualifiers](/enterprise/{{ currentVersion }}/user/articles/search-syntax). For example:
+- Dates support [greater than, less than, and range qualifiers](/enterprise/user/articles/search-syntax). For example:
   * `created:2014-07-08` finds all events that occurred on July 8th, 2014.
   * `created:>=2014-07-01` finds all events that occurred on or after July 8th, 2014.
   * `created:<=2014-07-01` finds all events that occurred on or before July 8th, 2014.

content/admin/user-management/managing-users-in-your-enterprise/best-practices-for-user-security.md

@@ -19,7 +19,7 @@ shortTitle: User security best practices
 
 Two-factor authentication (2FA) is a way of logging in to websites and services that requires a second factor beyond a password for authentication. In {% data variables.product.prodname_ghe_server %}'s case, this second factor is a one time authentication code generated by an application on a user's smartphone. We strongly recommend requiring your users to enable two-factor authentication on their accounts. With two-factor authentication, both a user's password and their smartphone would have to be compromised to allow the account itself to be compromised.
 
-For more information on configuring two-factor authentication, see "[About two-factor authentication](/enterprise/{{ currentVersion }}/user/articles/about-two-factor-authentication)".
+For more information on configuring two-factor authentication, see "[About two-factor authentication](/enterprise/user/articles/about-two-factor-authentication)".
 {% endif %}
 
 ## Requiring a password manager

content/admin/user-management/managing-users-in-your-enterprise/promoting-or-demoting-a-site-administrator.md

@@ -22,7 +22,7 @@ shortTitle: Manage administrators
 
 {% endtip %}
 
-For information about promoting a user to an organization owner, see the `ghe-org-admin-promote` section of "[Command-line utilities](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities#ghe-org-admin-promote)."
+For information about promoting a user to an organization owner, see the `ghe-org-admin-promote` section of "[Command-line utilities](/enterprise/admin/guides/installation/command-line-utilities#ghe-org-admin-promote)."
 
 ## Promoting a user from the enterprise settings
 
@@ -47,16 +47,16 @@ For information about promoting a user to an organization owner, see the `ghe-or
 
 ## Promoting a user from the command line
 
-1. [SSH](/enterprise/{{ currentVersion }}/admin/guides/installation/accessing-the-administrative-shell-ssh/) into your appliance.
-2. Run [ghe-user-promote](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities#ghe-user-promote) with the username to promote.
+1. [SSH](/enterprise/admin/guides/installation/accessing-the-administrative-shell-ssh/) into your appliance.
+2. Run [ghe-user-promote](/enterprise/admin/guides/installation/command-line-utilities#ghe-user-promote) with the username to promote.
   ```shell
   $ ghe-user-promote <em>username</em>
   ```
 
 ## Demoting a site administrator from the command line
 
-1. [SSH](/enterprise/{{ currentVersion }}/admin/guides/installation/accessing-the-administrative-shell-ssh/) into your appliance.
-2. Run [ghe-user-demote](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities#ghe-user-demote) with the username to demote.
+1. [SSH](/enterprise/admin/guides/installation/accessing-the-administrative-shell-ssh/) into your appliance.
+2. Run [ghe-user-demote](/enterprise/admin/guides/installation/command-line-utilities#ghe-user-demote) with the username to demote.
   ```shell
   $ ghe-user-demote <em>username</em>
   ```

content/admin/user-management/managing-users-in-your-enterprise/suspending-and-unsuspending-users.md

@@ -69,7 +69,7 @@ As when suspending a user, unsuspending a user takes effect immediately. The use
 ## Suspending a user from the command line
 
 {% data reusables.enterprise_installation.ssh-into-instance %}
-2. Run [ghe-user-suspend](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities#ghe-user-suspend) with the username to suspend.
+2. Run [ghe-user-suspend](/enterprise/admin/guides/installation/command-line-utilities#ghe-user-suspend) with the username to suspend.
   ```shell
   $ ghe-user-suspend <em>username</em>
   ```
@@ -94,7 +94,7 @@ You can create a custom message that suspended users will see when attempting to
 ## Unsuspending a user from the command line
 
 {% data reusables.enterprise_installation.ssh-into-instance %}
-2. Run [ghe-user-unsuspend](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities#ghe-user-unsuspend) with the username to unsuspend.
+2. Run [ghe-user-unsuspend](/enterprise/admin/guides/installation/command-line-utilities#ghe-user-unsuspend) with the username to unsuspend.
   ```shell
   $ ghe-user-unsuspend <em>username</em>
   ```

content/admin/user-management/migrating-data-to-and-from-your-enterprise/importing-data-from-third-party-version-control-systems.md

@@ -26,7 +26,7 @@ shortTitle: Import from another VCS
   ```shell
   $ git-import-rewrite --flavor hg --authors /<em>PATH</em>/<em>AUTHORS-MAP-FILE</em>.csv /<em>PATH</em>/<em>REPO-NAME</em>.git
   ```
-5. If you haven't yet, [create a new empty repository on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/user/articles/creating-a-new-repository).
+5. If you haven't yet, [create a new empty repository on {% data variables.product.prodname_ghe_server %}](/enterprise/user/articles/creating-a-new-repository).
 {% data reusables.command_line.switching_directories_procedural %}
 7. Push the imported repository to {% data variables.product.prodname_ghe_server %}:
   ```shell
@@ -46,7 +46,7 @@ shortTitle: Import from another VCS
   ```shell
   $ git-import-rewrite --flavor svn --authors /<em>PATH</em>/<em>AUTHORS-MAP-FILE</em>.csv /<em>PATH</em>/<em>REPO-NAME</em>.git
   ```
-5. If you haven't yet, [create a new empty repository on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/user/articles/creating-a-new-repository).
+5. If you haven't yet, [create a new empty repository on {% data variables.product.prodname_ghe_server %}](/enterprise/user/articles/creating-a-new-repository).
 {% data reusables.command_line.switching_directories_procedural %}
 7. Push the imported repository to {% data variables.product.prodname_ghe_server %}:
   ```shell
@@ -66,7 +66,7 @@ shortTitle: Import from another VCS
   ```shell
   $ git-import-rewrite --flavor tfs --authors /<em>PATH</em>/<em>AUTHORS-MAP-FILE</em>.csv /<em>PATH</em>/<em>REPO-NAME</em>.git
   ```
-5. If you haven't yet, [create a new empty repository on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/user/articles/creating-a-new-repository).
+5. If you haven't yet, [create a new empty repository on {% data variables.product.prodname_ghe_server %}](/enterprise/user/articles/creating-a-new-repository).
 {% data reusables.command_line.switching_directories_procedural %}
 7. Push the imported repository to {% data variables.product.prodname_ghe_server %}:
   ```shell
@@ -75,4 +75,4 @@ shortTitle: Import from another VCS
 
 ## Further reading
 
-- "[Command-line-utilities](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities/#import-and-export)"
+- "[Command-line-utilities](/enterprise/admin/guides/installation/command-line-utilities/#import-and-export)"

content/authentication/connecting-to-github-with-ssh/testing-your-ssh-connection.md

@@ -56,4 +56,10 @@ When you test your connection, you'll need to authenticate this action using you
 
   {% endlinux %}
 
+   {% note %}
+
+   **Note:** The remote command should exit with code 1.
+
+   {% endnote %}
+
 4. Verify that the resulting message contains your username. If you receive a "permission denied" message, see ["Error: Permission denied (publickey)"](/articles/error-permission-denied-publickey).

content/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log.md

@@ -155,10 +155,10 @@ An overview of some of the most common actions that are recorded as events in th
 | `add_member` | Triggered when a {% data variables.product.product_name %} user is {% ifversion fpt or ghec %}[invited to have collaboration access](/articles/inviting-collaborators-to-a-personal-repository){% else %}[given collaboration access](/articles/inviting-collaborators-to-a-personal-repository){% endif %} to a repository.
 | `add_topic` | Triggered when a repository owner [adds a topic](/articles/classifying-your-repository-with-topics) to a repository.
 | `archived` | Triggered when a repository owner [archives a repository](/articles/about-archiving-repositories).{% ifversion ghes %}
-| `config.disable_anonymous_git_access` | Triggered when [anonymous Git read access is disabled](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository.
-| `config.enable_anonymous_git_access` | Triggered when [anonymous Git read access is enabled](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository.
-| `config.lock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is locked](/enterprise/{{ currentVersion }}/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access).
-| `config.unlock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is unlocked](/enterprise/{{ currentVersion }}/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access).{% endif %}
+| `config.disable_anonymous_git_access` | Triggered when [anonymous Git read access is disabled](/enterprise/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository.
+| `config.enable_anonymous_git_access` | Triggered when [anonymous Git read access is enabled](/enterprise/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository.
+| `config.lock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is locked](/enterprise/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access).
+| `config.unlock_anonymous_git_access` | Triggered when a repository's [anonymous Git read access setting is unlocked](/enterprise/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access).{% endif %}
 | `create` | Triggered when [a new repository is created](/articles/creating-a-new-repository).
 | `destroy` |  Triggered when [a repository is deleted](/articles/deleting-a-repository).{% ifversion fpt or ghec %}
 | `disable` | Triggered when a repository is disabled (e.g., for [insufficient funds](/articles/unlocking-a-locked-account)).{% endif %}{% ifversion fpt or ghec %}

content/billing/managing-billing-for-github-codespaces/about-billing-for-codespaces.md

@@ -42,7 +42,6 @@ If you purchased {% data variables.product.prodname_enterprise %} through a Micr
 
 ### Billing for {% data variables.product.prodname_codespaces %} prebuilds
 
-{% data reusables.codespaces.prebuilds-beta-note %}
 
 {% data reusables.codespaces.billing-for-prebuilds %}