Merge branch 'main' into SmolParascythe-update-test-README

.github/package.json

@@ -1 +0,0 @@
-{"type":"module"}

.github/workflows/add-review-template.yml

@@ -19,11 +19,8 @@ jobs:
     if: github.event.label.name == 'add-review-template' && github.repository == 'github/docs-internal'
 
     steps:
-      - name: Download the template file
-        uses: Bhacaz/checkout-files@c8f01756bfd894ba746d5bf48205e19000b0742b
-        with:
-          files: .github/review-template.md
-          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Checkout
+        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
 
       # Jump through some hoops to work with a multi-line file
       - name: Store review template in variable

.github/workflows/azure-preview-env-deploy.yml

@@ -177,7 +177,7 @@ jobs:
         run: .github/actions-scripts/prune-for-preview-env.sh
 
       - name: 'Build and push image'
-        uses: docker/build-push-action@7f9d37fa544684fb73bfe4835ed7214c255ce02b
+        uses: docker/build-push-action@1cb9d22b932e4832bb29793b7777ec860fc1cde0
         with:
           context: .
           push: true

.github/workflows/azure-prod-build-deploy.yml

@@ -77,7 +77,7 @@ jobs:
         run: .github/actions-scripts/merge-early-access.sh
 
       - name: 'Build and push image'
-        uses: docker/build-push-action@7f9d37fa544684fb73bfe4835ed7214c255ce02b
+        uses: docker/build-push-action@1cb9d22b932e4832bb29793b7777ec860fc1cde0
         with:
           context: .
           push: true

.github/workflows/azure-staging-build-deploy.yml

@@ -95,7 +95,7 @@ jobs:
         run: .github/actions-scripts/merge-early-access.sh
 
       - name: 'Build and push image'
-        uses: docker/build-push-action@7f9d37fa544684fb73bfe4835ed7214c255ce02b
+        uses: docker/build-push-action@1cb9d22b932e4832bb29793b7777ec860fc1cde0
         with:
           context: .
           push: true

.github/workflows/check-all-english-links.yml

@@ -62,7 +62,7 @@ jobs:
           # Don't care about CDN caching image URLs
           DISABLE_REWRITE_ASSET_URLS: true
         run: |
-          node server.mjs > /tmp/stdout.log 2> /tmp/stderr.log &
+          node server.js > /tmp/stdout.log 2> /tmp/stderr.log &
           sleep 6
           curl --retry-connrefused --retry 5 -I http://localhost:4000/
 

.github/workflows/check-broken-links-github-github.yml

@@ -64,7 +64,7 @@ jobs:
           DISABLE_RENDERING_CACHE: true
         run: |
 
-          node server.mjs &
+          node server.js &
           sleep 5
           curl --retry-connrefused --retry 3 -I http://localhost:4000/
 

.github/workflows/code-lint.yml

@@ -15,7 +15,7 @@ on:
       - '**.yaml'
       - '**.yml'
       - '**.scss'
-      - .eslintrc.js
+      - .eslintrc.cjs
       # In case something like eslint or tsc or prettier upgrades
       - 'package-lock.json'
       # Ultimately, for debugging this workflow itself

.github/workflows/dry-run-elasticsearch-indexing.yml

@@ -10,7 +10,7 @@ on:
       - gh-readonly-queue/main/**
   pull_request:
     paths:
-      - script/search/index-elasticsearch.mjs
+      - script/search/index-elasticsearch.js
       - 'package*.json'
       - .github/workflows/dry-run-elasticsearch-indexing.yml
 
@@ -63,7 +63,7 @@ jobs:
         env:
           ELASTICSEARCH_URL: 'http://localhost:9200'
         run: |
-          ./script/search/index-elasticsearch.mjs --verbose \
+          ./script/search/index-elasticsearch.js --verbose \
           -l en -l ja \
           -V dotcom -V ghes-3.5
 

.github/workflows/link-check-all.yml

@@ -53,7 +53,7 @@ jobs:
           # Don't care about CDN caching image URLs
           DISABLE_REWRITE_ASSET_URLS: true
         run: |
-          ./script/rendered-content-link-checker.mjs \
+          ./script/rendered-content-link-checker.js \
             --language en \
             --max 100 \
             --check-anchors \
@@ -66,7 +66,7 @@ jobs:
           # Don't care about CDN caching image URLs
           DISABLE_REWRITE_ASSET_URLS: true
         run: |
-          ./script/rendered-content-link-checker.mjs \
+          ./script/rendered-content-link-checker.js \
             --language en \
             --exit \
             --verbose \

.github/workflows/main-preview-docker-cache.yml

@@ -72,7 +72,7 @@ jobs:
         run: .github/actions-scripts/prune-for-preview-env.sh
 
       - name: 'Build and push image'
-        uses: docker/build-push-action@7f9d37fa544684fb73bfe4835ed7214c255ce02b
+        uses: docker/build-push-action@1cb9d22b932e4832bb29793b7777ec860fc1cde0
         with:
           context: .
           push: true

.github/workflows/orphaned-assets-check.yml

@@ -40,7 +40,7 @@ jobs:
         run: |
           set -e
 
-          ./script/find-orphaned-assets.mjs | xargs git rm
+          ./script/find-orphaned-assets.js | xargs git rm
 
           # If nothing to commit, exit now. It's fine. No orphans.
           git status | grep 'nothing to commit' && exit 0
@@ -58,6 +58,6 @@ jobs:
 
           gh pr create \
             --title "Delete orphaned assets ($date)" \
-            --body "Found with the find-orphaned-assets.mjs script" \
+            --body "Found with the find-orphaned-assets.js script" \
             --repo github/docs-internal \
             --label docs-content-fr

.github/workflows/sync-search-elasticsearch.yml

@@ -0,0 +1,119 @@
+name: Sync search Elasticsearch
+
+# **What it does**: It scrapes the whole site and dumps the records in a
+#                   temp directory. Then it indexes that into Elasticsearch.
+# **Why we have it**: We want our search indexes kept up to date.
+# **Who does it impact**: Anyone using search on docs.
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '23 */4 * * *' # Run every 4 hours at 23 minutes past the hour
+
+permissions:
+  contents: read
+
+env:
+  FREEZE: ${{ secrets.FREEZE }}
+  ELASTICSEARCH_URL: ${{ secrets.ELASTICSEARCH_URL }}
+
+jobs:
+  updateElasticsearchIndexes:
+    name: Update indexes
+    if: ${{ github.repository == 'github/docs-internal' }}
+    runs-on: ubuntu-20.04-xl
+    strategy:
+      fail-fast: false
+      matrix:
+        # This needs to match the languages we support
+        language: [en, ja, es, pt, cn]
+    steps:
+      - if: ${{ env.FREEZE == 'true' }}
+        run: |
+          echo 'The repo is currently frozen! Exiting this workflow.'
+          exit 1 # prevents further steps from running
+
+      - name: Check out repo
+        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
+
+      # TEMPORARY UNTIL WE HAVE A PRODUCTION ELASTICSEARCH
+      - uses: getong/elasticsearch-action@95b501ab0c83dee0aac7c39b7cea3723bef14954
+        with:
+          elasticsearch version: '7.17.5'
+          host port: 9200
+          container port: 9200
+          host node port: 9300
+          node port: 9300
+          discovery type: 'single-node'
+      # END TEMPORARY
+
+      - name: Setup Node
+        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048
+        with:
+          node-version: '16.15.0'
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Cache nextjs build
+        uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09
+        with:
+          path: .next/cache
+          key: ${{ runner.os }}-nextjs-${{ hashFiles('package*.json') }}
+
+      - name: Run build scripts
+        run: npm run build
+
+      - name: Start the server in the background
+        env:
+          ENABLE_DEV_LOGGING: false
+        run: |
+          npm run sync-search-server > /tmp/stdout.log 2> /tmp/stderr.log &
+
+          # first sleep to give it a chance to start
+          sleep 6
+          curl --retry-connrefused --retry 4 -I http://localhost:4002/
+
+      - if: ${{ failure() }}
+        name: Debug server outputs on errors
+        run: |
+          echo "____STDOUT____"
+          cat /tmp/stdout.log
+          echo "____STDERR____"
+          cat /tmp/stderr.log
+
+      - name: Scrape records into a temp directory
+        env:
+          # If a reusable, or anything in the `data/*` directory is deleted
+          # you might get a
+          #
+          #   RenderError: Can't find the key 'site.data.reusables...' in the scope
+          #
+          # But that'll get fixed in the next translation pipeline. For now,
+          # let's just accept an empty string instead.
+          THROW_ON_EMPTY: false
+
+        run: |
+          mkdir /tmp/records
+          npm run sync-search-indices -- \
+            -l ${{ matrix.language }} \
+            -o /tmp/records \
+            --no-compression --no-lunr-index
+
+          ls -lh /tmp/records
+
+      - name: Check that Elasticsearch is accessible
+        run: |
+          curl --fail --retry-connrefused --retry 5 -I ${{ env.ELASTICSEARCH_URL }}
+
+      - name: Index into Elasticsearch
+        run: |
+          ./script/search/index-elasticsearch.js \
+            --language ${{ matrix.language }} \
+            --source-directory /tmp/records
+
+      - name: Check created indexes and aliases
+        run: |
+          curl --fail --retry-connrefused --retry 5 ${{ env.ELASTICSEARCH_URL }}/_cat/indices?v
+          curl --fail --retry-connrefused --retry 5 ${{ env.ELASTICSEARCH_URL }}/_cat/indices?v

.github/workflows/sync-search-indices.yml

@@ -77,10 +77,6 @@ jobs:
         env:
           VERSION: ${{ github.event.inputs.version }}
           LANGUAGE: ${{ github.event.inputs.language }}
-          # We don't want or need the changelog entries in this context.
-          # Pages that display the content from these isn't included
-          # in search index bodies anyway.
-          CHANGELOG_DISABLED: true
           # If a reusable, or anything in the `data/*` directory is deleted
           # you might get a
           #
@@ -89,11 +85,6 @@ jobs:
           # But that'll get fixed in the next translation pipeline. For now,
           # let's just accept an empty string instead.
           THROW_ON_EMPTY: false
-          # Because the overload protection runs in NODE_ENV==production
-          # and it can break the sync-search.
-          DISABLE_OVERLOAD_PROTECTION: true
-          # Render caching won't help when we visit every page exactly once.
-          DISABLE_RENDERING_CACHE: true
 
         run: npm run sync-search
 

.github/workflows/sync-search-pr.yml

@@ -51,7 +51,4 @@ jobs:
           # Set filtered to only these so it doesn't run for too long.
           LANGUAGE: en
           VERSION: free-pro-team@latest
-          # Because the overload protection runs in NODE_ENV==production
-          # and it can break the sync-search.
-          DISABLE_OVERLOAD_PROTECTION: true
         run: npm run sync-search

Dockerfile

@@ -74,7 +74,7 @@ ENV NODE_ENV production
 # Whether to hide iframes, add warnings to external links
 ENV AIRGAP false
 
-# Preferred port for server.mjs
+# Preferred port for server.js
 ENV PORT 4000
 
 ENV ENABLED_LANGUAGES "en"
@@ -94,12 +94,12 @@ COPY --chown=node:node middleware ./middleware
 COPY --chown=node:node feature-flags.json ./
 COPY --chown=node:node data ./data
 COPY --chown=node:node next.config.js ./
-COPY --chown=node:node server.mjs ./server.mjs
-COPY --chown=node:node start-server.mjs ./start-server.mjs
+COPY --chown=node:node server.js ./server.js
+COPY --chown=node:node start-server.js ./start-server.js
 
 EXPOSE $PORT
 
-CMD ["node", "server.mjs"]
+CMD ["node", "server.js"]
 
 # --------------------------------------------------------------------------------
 # PRODUCTION IMAGE - includes all translations

components/article/ArticlePage.tsx

@@ -39,11 +39,8 @@ const interactiveAlternatives: Record<string, { href: string }> = {
       href: '/codespaces/setting-up-your-project-for-codespaces/setting-up-your-project-for-codespaces?langId=py',
     },
 }
-type Props = {
-  children?: React.ReactNode
-}
 
-export const ArticlePage = ({ children }: Props) => {
+export const ArticlePage = () => {
   const { asPath } = useRouter()
   const {
     title,
@@ -145,7 +142,7 @@ export const ArticlePage = ({ children }: Props) => {
           }
         >
           <div id="article-contents">
-            <MarkdownContent>{children || renderedPage}</MarkdownContent>
+            <MarkdownContent>{renderedPage}</MarkdownContent>
             {effectiveDate && (
               <div className="mt-4" id="effectiveDate">
                 Effective as of:{' '}

components/article/AutomatedPage.tsx

@@ -0,0 +1,71 @@
+import { useState, useEffect } from 'react'
+import { useRouter } from 'next/router'
+import dynamic from 'next/dynamic'
+
+import { DefaultLayout } from 'components/DefaultLayout'
+import { ArticleTitle } from 'components/article/ArticleTitle'
+import { MarkdownContent } from 'components/ui/MarkdownContent'
+import { Lead } from 'components/ui/Lead'
+import { ArticleGridLayout } from './ArticleGridLayout'
+import { MiniTocs } from 'components/ui/MiniTocs'
+import { useAutomatedPageContext } from 'components/context/AutomatedPageContext'
+
+const ClientSideHighlightJS = dynamic(() => import('./ClientSideHighlightJS'), { ssr: false })
+
+type Props = {
+  children: React.ReactNode
+}
+
+export const AutomatedPage = ({ children }: Props) => {
+  const { asPath } = useRouter()
+  const { title, intro, renderedPage, miniTocItems } = useAutomatedPageContext()
+
+  // If the page contains `[data-highlight]` blocks, these pages need
+  // syntax highlighting. But not every page needs it, so it's conditionally
+  // lazy-loaded on the client.
+  const [lazyLoadHighlightJS, setLazyLoadHighlightJS] = useState(false)
+  useEffect(() => {
+    // It doesn't need to use querySelector because all we care about is if
+    // there is greater than zero of these in the DOM.
+    // Note! This "core selector", which determines whether to bother
+    // or not, needs to match what's used inside ClientSideHighlightJS.tsx
+    if (document.querySelector('[data-highlight]')) {
+      setLazyLoadHighlightJS(true)
+    }
+
+    // Important to depend on the current path because the first page you
+    // load, before any client-side navigation, might not need it, but the
+    // consecutive one does.
+  }, [asPath])
+
+  return (
+    <DefaultLayout>
+      {/* Doesn't matter *where* this is included because it will
+      never render anything. It always just return null. */}
+      {lazyLoadHighlightJS && <ClientSideHighlightJS />}
+
+      <div className="container-xl px-3 px-md-6 my-4">
+        <ArticleGridLayout
+          topper={<ArticleTitle>{title}</ArticleTitle>}
+          intro={
+            intro && (
+              <Lead data-testid="lead" data-search="lead">
+                {intro}
+              </Lead>
+            )
+          }
+          toc={
+            miniTocItems.length > 1 && <MiniTocs pageTitle={title} miniTocItems={miniTocItems} />
+          }
+        >
+          <div id="article-contents">
+            {renderedPage && (
+              <MarkdownContent className="pt-3 pb-4">{renderedPage}</MarkdownContent>
+            )}
+            {children && <MarkdownContent className="pt-3 pb-4">{children}</MarkdownContent>}
+          </div>
+        </ArticleGridLayout>
+      </div>
+    </DefaultLayout>
+  )
+}

components/lib/events.ts

@@ -130,7 +130,7 @@ export function sendEvent({ type, version = '1.0.0', ...props }: SendEventProps)
   }
 
   const blob = new Blob([JSON.stringify(body)], { type: 'application/json' })
-  const endpoint = '/events'
+  const endpoint = '/api/events'
   try {
     // Only send the beacon if the feature is not disabled in the user's browser
     // Even if the function exists, it can still throw an error from the call being blocked

components/page-header/LanguagePicker.tsx

@@ -26,9 +26,9 @@ export const LanguagePicker = ({ variant }: Props) => {
   // in a "denormalized" way.
   const routerPath = router.asPath.split('#')[0]
 
-  function rememberPreferredLanguage(option: { locale: string }) {
+  function rememberPreferredLanguage(value: string) {
     try {
-      Cookies.set(PREFERRED_LOCALE_COOKIE_NAME, option.locale, {
+      Cookies.set(PREFERRED_LOCALE_COOKIE_NAME, value, {
         expires: 365,
         secure: document.location.protocol !== 'http:',
       })

components/rest/RestReferencePage.tsx

@@ -107,21 +107,17 @@ export const RestReferencePage = ({ restOperations }: StructuredContentT) => {
             {intro}
           </Lead>
         )}
-        <MarkdownContent>
-          {renderedPage && <MarkdownContent className="pt-3 pb-4">{renderedPage}</MarkdownContent>}
-          {restOperations &&
-            restOperations.length > 0 &&
-            restOperations.map((operation, index) => (
-              <React.Fragment
+        {renderedPage && <MarkdownContent className="pt-3 pb-4">{renderedPage}</MarkdownContent>}
+        {restOperations.length > 0 && (
+          <MarkdownContent className="pt-3 pb-4">
+            {restOperations.map((operation) => (
+              <RestOperation
                 key={`${operation.title}-${operation.category}-${operation.subcategory}`}
-              >
-                <RestOperation
-                  key={`restOperation-${operation.title}-${index}`}
-                  operation={operation}
-                />
-              </React.Fragment>
+                operation={operation}
+              />
             ))}
-        </MarkdownContent>
+          </MarkdownContent>
+        )}
       </div>
     </DefaultLayout>
   )

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/converting-a-user-into-an-organization.md

@@ -11,6 +11,7 @@ intro: You can convert your personal account into an organization. This allows m
 versions:
   fpt: '*'
   ghes: '*'
+  ghae: '*'
   ghec: '*'
 topics:
   - Accounts
@@ -18,24 +19,25 @@ shortTitle: User into an organization
 ---
 {% warning %}
 
-**Warning**: Before converting a user into an organization, keep these points in mind:
-
- - You will **no longer** be able to sign into the converted personal account.
- - You will **no longer** be able to create or modify gists owned by the converted personal account.
- - An organization **cannot** be converted back to a user.
- - The SSH keys, OAuth tokens, job profile,  reactions, and associated user information, **will not** be transferred to the organization. This is only true for the personal account that's being converted, not any of the personal account's collaborators.
- - Any commits made with the converted personal account **will no longer be linked** to that account. The commits themselves **will** remain intact.
- - Any forks of private repositories made with the converted personal account will be deleted.
+**Warning**: Before converting a user into an organization, keep these points in mind.
 
+* You will **no longer** be able to sign into the converted personal account.
+* You will **no longer** be able to create or modify gists owned by the converted personal account.
+* An organization **cannot** be converted back to a user.
+* The SSH keys, OAuth tokens, job profile, reactions, and associated user information, **will not** be transferred to the organization. This is only true for the personal account that's being converted, not any of the personal account's collaborators.
+* Any commits made with the converted personal account **will no longer be linked** to that account. The commits themselves **will** remain intact.
+* Any existing comments made by the converted personal account **will no longer be linked** to that account. The comments themselves **will** remain intact, but will be associated with the `ghost` user.
+* Any forks of private repositories made with the converted personal account will be deleted.
 {% endwarning %}
 
+{% ifversion fpt or ghec or ghes %}
 ## Keep your personal account and create a new organization manually
 
 If you want your organization to have the same name that you are currently using for your personal account, or if you want to keep your personal account's information intact, then you must create a new organization and transfer your repositories to it instead of converting your personal account into an organization.
 
 1. To retain your current personal account name for your personal use, [change the name of your personal account](/articles/changing-your-github-username) to something new and wonderful.
 2. [Create a new organization](/articles/creating-a-new-organization-from-scratch) with the original name of your personal account.
-3. [Transfer your repositories](/articles/transferring-a-repository) to your new organization account.
+3. [Transfer your repositories](/articles/transferring-a-repository) to your new organization account.{% endif %}
 
 ## Convert your personal account into an organization automatically
 

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-accessibility-settings.md

@@ -1,22 +1,50 @@
 ---
 title: Managing accessibility settings
-intro: 'You can disable character key shortcuts on {% data variables.product.prodname_dotcom %} in your accessibility settings.'
+shortTitle: Manage accessibility settings
+intro: "{% data variables.product.product_name %}'s user interface can adapt to your vision, hearing, motor, cognitive, or learning needs."
 versions:
   feature: keyboard-shortcut-accessibility-setting
 redirect_from:
   - /account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-accessibility-settings
+type: how_to
+miniTocMaxHeadingLevel: 3
 ---
 
 ## About accessibility settings
 
-{% data variables.product.product_name %} includes a variety of keyboard shortcuts so that you can perform actions across the site without using your mouse to navigate. While shortcuts are useful to save time, they can sometimes make {% data variables.product.prodname_dotcom %} harder to use and less accessible.
+To accommodate your vision, hearing, motor, cognitive, or learning needs, you can customize the user interface for {% data variables.product.product_location %}.
 
-All keyboard shortcuts are enabled by default on {% data variables.product.product_name %}, but you can choose to disable character key shortcuts in your accessibility settings. This setting does not affect keyboard shortcuts provided by your web browser or {% data variables.product.prodname_dotcom %} shortcuts that use a modifier key such as <kbd>Control</kbd> or <kbd>Command</kbd>.
+## Managing accessibility settings
 
-## Managing character key shortcuts
+You can decide whether you want to use some or all keyboard shortcuts on {% ifversion fpt or ghec %}{% data variables.product.product_location %}{% elsif ghes or ghae %}the website for {% data variables.product.product_location %}{% endif %}, and you can control the display of animated images.
+
+### Managing keyboard shortcuts
+
+You can perform actions across the {% data variables.product.product_name %} website without using your mouse by using your keyboard instead. Keyboard shortcuts can be useful to save time for some people, but may interfere with accessibility if you don't intend to use the shortcuts.
+
+By default, all keyboard shortcuts are enabled on {% data variables.product.product_name %}. For more information, see "[Keyboard shortcuts](/get-started/using-github/keyboard-shortcuts)."
 
 {% data reusables.user-settings.access_settings %}
 {% data reusables.user-settings.accessibility_settings %}
-1. Select or deselect the **Enable character key shortcuts** checkbox.
-   ![Screenshot of the 'Enable character key shortcuts' checkbox](/assets/images/help/settings/disable-character-key-shortcuts.png)
-2. Click **Save**.
+1. Under "Keyboard shortcuts", manage settings for your keyboard shortcuts.
+
+   - Optionally, to disable or enable shortcut keys that don't use modifiers keys like <kbd>Control</kbd> or <kbd>Command</kbd>, under "General", deselect **Character keys**. If you disable character keys, you may still be able to trigger shortcuts for your web browser, and you can still trigger shortcuts for {% data variables.product.product_name %} that use a modifier key.
+   {%- ifversion command-palette %}
+   - Optionally, to customize the keyboard shortcuts for triggering the command palette, under "Command palette", use the drop-down menus to choose a keyboard shortcut. For more information, see "[{% data variables.product.company_short %} Command Palette](/get-started/using-github/github-command-palette)."
+   {%- endif %}
+
+{% ifversion motion-management %}
+
+### Managing motion
+
+You can control how {% data variables.product.product_name %} displays animated images.
+
+By default, {% data variables.product.product_name %} syncs with your system-level preference for reduced motion. For more information, see the documentation or settings for your operating system.
+
+{% data reusables.user-settings.access_settings %}
+{% data reusables.user-settings.accessibility_settings %}
+1. Under "Motion", manage settings for motion.
+
+   - Optionally, to control how {% data variables.product.product_name %} displays animaged images, under "Autoplay animated images", select **Sync with system**, **Enabled**, or **Disabled**.
+
+{% endif %}

content/actions/automating-builds-and-tests/building-and-testing-java-with-gradle.md

@@ -51,6 +51,8 @@ You can also add this workflow manually by creating a new file in the `.github/w
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Java CI
 
 on: [push]

content/actions/automating-builds-and-tests/building-and-testing-python.md

@@ -380,6 +380,8 @@ For this example, you will need to create two [PyPI API tokens](https://pypi.org
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Upload Python Package
 
 on:

content/actions/automating-builds-and-tests/building-and-testing-ruby.md

@@ -38,6 +38,8 @@ To get started quickly, add the starter workflow to the `.github/workflows` dire
 ```yaml
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Ruby
 
 on:
@@ -102,6 +104,8 @@ The full updated workflow with a matrix strategy could look like this:
 ```yaml
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Ruby CI
 
 on:
@@ -206,6 +210,8 @@ The following example matrix tests all stable releases and head versions of MRI,
 ```yaml
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Matrix Testing
 
 on:
@@ -239,6 +245,8 @@ The following example installs `rubocop` and uses it to lint all files. For more
 ```yaml
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Linting
 
 on: [push]
@@ -265,6 +273,8 @@ You can store any access tokens or credentials needed to publish your package us
 ```yaml
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Ruby Gem
 
 on:

content/actions/automating-builds-and-tests/building-and-testing-swift.md

@@ -68,8 +68,12 @@ The examples below demonstrate using the `fwal/setup-swift` action.
 You can configure your job to use multiple versions of Swift in a matrix.
 
 ```yaml{:copy}
+
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
+
 name: Swift
 
 on: [push]

content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service.md

@@ -93,6 +93,8 @@ Ensure that you provide your own values for all the variables in the `env` key o
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Deploy to Amazon ECS
 
 on:

content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-docker-to-azure-app-service.md

@@ -81,6 +81,8 @@ Ensure that you set `AZURE_WEBAPP_NAME` in the workflow `env` key to the name of
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Build and deploy a container to an Azure Web App
 
 env:

content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-java-to-azure-app-service.md

@@ -67,6 +67,8 @@ Ensure that you set `AZURE_WEBAPP_NAME` in the workflow `env` key to the name of
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Build and deploy JAR app to Azure Web App
 
 env:

content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-net-to-azure-app-service.md

@@ -66,6 +66,8 @@ Ensure that you set `AZURE_WEBAPP_NAME` in the workflow `env` key to the name of
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Build and deploy ASP.Net Core app to an Azure Web App
 
 env:

content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-nodejs-to-azure-app-service.md

@@ -72,6 +72,8 @@ Ensure that you set `AZURE_WEBAPP_NAME` in the workflow `env` key to the name of
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 on:
   push:
     branches:

content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-php-to-azure-app-service.md

@@ -66,6 +66,8 @@ Ensure that you set `AZURE_WEBAPP_NAME` in the workflow `env` key to the name of
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Build and deploy PHP app to Azure Web App
 
 env:

content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-python-to-azure-app-service.md

@@ -69,6 +69,8 @@ Ensure that you set `AZURE_WEBAPP_NAME` in the workflow `env` key to the name of
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Build and deploy Python app to Azure Web App
 
 env:

content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-kubernetes-service.md

@@ -55,6 +55,8 @@ This workflow uses the `helm` render engine for the [`azure/k8s-bake` action](ht
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Build and deploy to Azure Kubernetes Service
 
 env:

content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-static-web-app.md

@@ -54,6 +54,8 @@ For more information about these values, see "[Build configuration for Azure Sta
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Deploy web app to Azure Static Web Apps
 
 env:

content/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine.md

@@ -137,6 +137,8 @@ Under the `env` key, change the value of `GKE_CLUSTER` to the name of your clust
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Build and Deploy to GKE
 
 on:

content/actions/learn-github-actions/contexts.md

@@ -183,7 +183,7 @@ The `github` context contains information about the workflow run and the event t
 | `github.action_ref` | `string` | For a step executing an action, this is the ref of the action being executed. For example, `v2`. |
 | `github.action_repository` | `string` | For a step executing an action, this is the owner and repository name of the action. For example, `actions/checkout`. |
 | `github.action_status` | `string` | For a composite action, the current result of the composite action. |
-| `github.actor` | `string` | The username of the user that initiated the workflow run. |
+| `github.actor` | `string` | {% ifversion actions-stable-actor-ids %}The username of the user that triggered the initial workflow run. If the workflow run is a re-run, this value may differ from `github.triggering_actor`. Any workflow re-runs will use the privileges of `github.actor`, even if the actor initiating the re-run (`github.triggering_actor`) has different privileges.{% else %}The username of the user that initiated the workflow run.{% endif %} |
 | `github.api_url` | `string` | The URL of the {% data variables.product.prodname_dotcom %} REST API. |
 | `github.base_ref` | `string` | The `base_ref` or target branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is either `pull_request` or `pull_request_target`. |
 | `github.env` | `string` | Path on the runner to the file that sets environment variables from workflow commands. This file is unique to the current step and is a different file for each step in a job. For more information, see "[Workflow commands for {% data variables.product.prodname_actions %}](/actions/learn-github-actions/workflow-commands-for-github-actions#setting-an-environment-variable)." |
@@ -211,7 +211,8 @@ The `github` context contains information about the workflow run and the event t
 {%- endif %}
 | `github.server_url` | `string` | The URL of the GitHub server. For example: `https://github.com`. |
 | `github.sha` | `string` | The commit SHA that triggered the workflow run. |
-| `github.token` | `string` | A token to authenticate on behalf of the GitHub App installed on your repository. This is functionally equivalent to the `GITHUB_TOKEN` secret. For more information, see "[Automatic token authentication](/actions/security-guides/automatic-token-authentication)."  <br /> Note: This context property is set by the Actions runner, and is only available within the execution `steps` of a job. Otherwise, the value of this property will be `null`. |
+| `github.token` | `string` | A token to authenticate on behalf of the GitHub App installed on your repository. This is functionally equivalent to the `GITHUB_TOKEN` secret. For more information, see "[Automatic token authentication](/actions/security-guides/automatic-token-authentication)."  <br /> Note: This context property is set by the Actions runner, and is only available within the execution `steps` of a job. Otherwise, the value of this property will be `null`. |{% ifversion actions-stable-actor-ids %}
+| `github.triggering_actor` | `string` | The username of the user that initiated the workflow run. If the workflow run is a re-run, this value may differ from `github.actor`. Any workflow re-runs will use the privileges of `github.actor`, even if the actor initiating the re-run (`github.triggering_actor`) has different privileges. |{% endif %}
 | `github.workflow` | `string` | The name of the workflow. If the workflow file doesn't specify a `name`, the value of this property is the full path of the workflow file in the repository. |
 | `github.workspace` | `string` | The default working directory on the runner for steps, and the default location of your repository when using the [`checkout`](https://github.com/actions/checkout) action. |
 

content/actions/managing-issues-and-pull-requests/adding-labels-to-issues.md

@@ -32,6 +32,8 @@ In the tutorial, you will first make a workflow file that uses the [`andymckay/l
     ```yaml{:copy}
 {% indented_data_reference reusables.actions.actions-not-certified-by-github-comment spaces=4 %}
 
+{% indented_data_reference reusables.actions.actions-use-sha-pinning-comment spaces=4 %}
+
     name: Label issues
     on:
       issues:

content/actions/managing-issues-and-pull-requests/commenting-on-an-issue-when-a-label-is-added.md

@@ -33,6 +33,8 @@ In the tutorial, you will first make a workflow file that uses the [`peter-evans
     ```yaml{:copy}
 {% indented_data_reference reusables.actions.actions-not-certified-by-github-comment spaces=4 %}
 
+{% indented_data_reference reusables.actions.actions-use-sha-pinning-comment spaces=4 %}
+
     name: Add comment
     on:
       issues:

content/actions/managing-issues-and-pull-requests/moving-assigned-issues-on-project-boards.md

@@ -34,6 +34,8 @@ In the tutorial, you will first make a workflow file that uses the [`alex-page/g
     ```yaml{:copy}
 {% indented_data_reference reusables.actions.actions-not-certified-by-github-comment spaces=4 %}
 
+{% indented_data_reference reusables.actions.actions-use-sha-pinning-comment spaces=4 %}
+
     name: Move assigned card
     on:
       issues:

content/actions/managing-issues-and-pull-requests/removing-a-label-when-a-card-is-added-to-a-project-board-column.md

@@ -30,10 +30,11 @@ In the tutorial, you will first make a workflow file that uses the [`andymckay/l
 2. Choose a project that belongs to the repository. This workflow cannot be used with projects that belong to users or organizations. You can use an existing project, or you can create a new project. For more information about creating a project, see "[Creating a project board](/github/managing-your-work-on-github/creating-a-project-board)."
 3. {% data reusables.actions.make-workflow-file %}
 4. Copy the following YAML contents into your workflow file.
-
     ```yaml{:copy}
 {% indented_data_reference reusables.actions.actions-not-certified-by-github-comment spaces=4 %}
 
+{% indented_data_reference reusables.actions.actions-use-sha-pinning-comment spaces=4 %}
+
     name: Remove labels
     on:
       project_card:

content/actions/managing-issues-and-pull-requests/scheduling-issue-creation.md

@@ -32,6 +32,8 @@ In the tutorial, you will first make a workflow file that uses the [`imjohnbo/is
     ```yaml{:copy}
 {% indented_data_reference reusables.actions.actions-not-certified-by-github-comment spaces=4 %}
 
+{% indented_data_reference reusables.actions.actions-use-sha-pinning-comment spaces=4 %}
+    
     name: Weekly Team Sync
     on:
       schedule:

content/actions/managing-workflow-runs/re-running-workflows-and-jobs.md

@@ -17,7 +17,7 @@ versions:
 
 ## About re-running workflows and jobs
 
-Re-running a workflow{% ifversion re-run-jobs %} or jobs in a workflow{% endif %} uses the same `GITHUB_SHA` (commit SHA) and `GITHUB_REF` (Git ref) of the original event that triggered the workflow run. You can re-run a workflow{% ifversion re-run-jobs %} or jobs in a workflow{% endif %} for up to 30 days after the initial run.{% ifversion re-run-jobs %} You cannot re-run jobs in a workflow once its logs have passed their retention limits. For more information, see "[Usage limits, billing, and administration](/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy)."{% endif %}{% ifversion debug-reruns %} When you re-run a workflow or jobs in a workflow, you can enable debug logging for the re-run. This will enable runner diagnostic logging and step debug logging for the re-run. For more information about debug logging, see "[Enabling debug logging](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging)."{% endif %}
+Re-running a workflow{% ifversion re-run-jobs %} or jobs in a workflow{% endif %} uses the same `GITHUB_SHA` (commit SHA) and `GITHUB_REF` (Git ref) of the original event that triggered the workflow run. {% ifversion actions-stable-actor-ids %}The workflow will use the privileges of the actor who initially triggered the workflow, not the privileges of the actor who initiated the re-run. {% endif %}You can re-run a workflow{% ifversion re-run-jobs %} or jobs in a workflow{% endif %} for up to 30 days after the initial run.{% ifversion re-run-jobs %} You cannot re-run jobs in a workflow once its logs have passed their retention limits. For more information, see "[Usage limits, billing, and administration](/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy)."{% endif %}{% ifversion debug-reruns %} When you re-run a workflow or jobs in a workflow, you can enable debug logging for the re-run. This will enable runner diagnostic logging and step debug logging for the re-run. For more information about debug logging, see "[Enabling debug logging](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging)."{% endif %}
 
 ## Re-running all the jobs in a workflow
 

content/actions/migrating-to-github-actions/migrating-from-circleci-to-github-actions.md

@@ -409,6 +409,8 @@ workflows:
 ```yaml
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Containers
 
 on: [push]

content/actions/publishing-packages/publishing-docker-images.md

@@ -69,6 +69,8 @@ The `build-push-action` options required for Docker Hub are:
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Publish Docker image
 
 on:
@@ -142,9 +144,12 @@ The `build-push-action` options required for {% data variables.product.prodname_
 The above workflow is triggered by a push to the "release" branch. It checks out the GitHub repository, and uses the `login-action` to log in to the {% data variables.product.prodname_container_registry %}. It then extracts labels and tags for the Docker image. Finally, it uses the `build-push-action` action to build the image and publish it on the {% data variables.product.prodname_container_registry %}.
 
 {% else %}
+
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Publish Docker image
 
 on:
@@ -194,6 +199,8 @@ The following example workflow uses the steps from the previous sections ("[Publ
 ```yaml{:copy}
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Publish Docker image
 
 on:

content/actions/publishing-packages/publishing-java-packages-with-gradle.md

@@ -77,8 +77,11 @@ publishing {
 With this configuration, you can create a workflow that publishes your package to the Maven Central Repository by running the `gradle publish` command. In the deploy step, you’ll need to set environment variables for the username and password or token that you use to authenticate to the Maven repository. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
 
 ```yaml{:copy}
+
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Publish package to the Maven Central Repository
 on:
   release:
@@ -146,8 +149,11 @@ publishing {
 With this configuration, you can create a workflow that publishes your package to {% data variables.product.prodname_registry %} by running the `gradle publish` command.
 
 ```yaml{:copy}
+
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Publish package to GitHub Packages
 on:
   release:
@@ -224,8 +230,11 @@ publishing {
 With this configuration, you can create a workflow that publishes your package to both the Maven Central Repository and {% data variables.product.prodname_registry %} by running the `gradle publish` command.
 
 ```yaml{:copy}
+
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+
 name: Publish package to the Maven Central Repository and GitHub Packages
 on:
   release:

content/actions/using-github-hosted-runners/about-github-hosted-runners.md

@@ -87,12 +87,12 @@ While the job runs, the logs and output can be viewed in the {% data variables.p
 ## Supported runners and hardware resources
 
 Hardware specification for Windows and Linux virtual machines:
-- 2-core CPU
+- 2-core CPU (x86_64)
 - 7 GB of RAM
 - 14 GB of SSD space
 
 Hardware specification for macOS virtual machines:
-- 3-core CPU
+- 3-core CPU (x86_64)
 - 14 GB of RAM
 - 14 GB of SSD space
 

content/actions/using-workflows/events-that-trigger-workflows.md

@@ -185,7 +185,7 @@ on:
   deployment_status
 ```
 
-{% ifversion fpt or ghec %}
+{% ifversion discussions %}
 ### `discussion`
 
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |

content/admin/configuration/configuring-github-connect/about-github-connect.md

@@ -12,7 +12,7 @@ topics:
 
 ## About {% data variables.product.prodname_github_connect %}
 
-{% data variables.product.prodname_github_connect %} enhances {% data variables.product.product_name %} by allowing {% data variables.product.product_location %} to benefit from the power of {% data variables.product.prodname_dotcom_the_website %} in limited ways. After you enable {% data variables.product.prodname_github_connect %}, you can enable additional features and workflows that rely on {% data variables.product.prodname_dotcom_the_website %}, such as {% ifversion ghes or ghae %}{% data variables.product.prodname_dependabot_alerts %} for security vulnerabilities that are tracked in the {% data variables.product.prodname_advisory_database %}{% else %}allowing users to use community-powered actions from {% data variables.product.prodname_dotcom_the_website %} in their workflow files{% endif %}.
+{% data variables.product.prodname_github_connect %} enhances {% data variables.product.product_name %} by allowing {% data variables.product.product_location %} to benefit from the power of {% data variables.product.prodname_dotcom_the_website %} in limited ways. After you enable {% data variables.product.prodname_github_connect %}, you can enable additional features and workflows that rely on {% data variables.product.prodname_dotcom_the_website %}, such as {% data variables.product.prodname_dependabot_alerts %} for security vulnerabilities that are tracked in the {% data variables.product.prodname_advisory_database %}.
 
 {% data variables.product.prodname_github_connect %} does not open {% data variables.product.product_location %} to the public internet. None of your enterprise's private data is exposed to {% data variables.product.prodname_dotcom_the_website %} users. Instead, {% data variables.product.prodname_github_connect %} transmits only the limited data needed for the individual features you choose to enable. Unless you enable license sync, no personal data is transmitted by {% data variables.product.prodname_github_connect %}. For more information about what data is transmitted by {% data variables.product.prodname_github_connect %}, see "[Data transmission for {% data variables.product.prodname_github_connect %}](#data-transmission-for-github-connect)."
 

content/admin/configuration/configuring-github-connect/enabling-server-statistics-for-your-enterprise.md

@@ -10,8 +10,6 @@ topics:
 shortTitle: Server Statistics
 ---
 
-{% data reusables.server-statistics.release-phase %}
-
 ## About {% data variables.product.prodname_server_statistics %}
 
 {% data variables.product.prodname_server_statistics %} collects aggregate usage data from {% data variables.product.product_location %}, which you can use to better anticipate the needs of your organization, understand how your team works, and show the value you get from {% data variables.product.prodname_ghe_server %}. 

content/admin/configuration/configuring-your-enterprise/command-line-utilities.md

@@ -737,6 +737,20 @@ This utility rewrites the imported repository. This gives you a chance to rename
 git-import-rewrite
 ```
 
+{% ifversion ghes > 3.3 %}
+
+## Security
+
+### ghe-find-insecure-git-operations
+
+This utility searches your instance's logs and identifies Git operations over SSH that use insecure algorithms or hash functions, including DSA, RSA-SHA-1, HMAC-SHA-1, and CBC ciphers. You can use the output to support each client's transition to a more secure SSH connection. For more information, see [{% data variables.product.prodname_blog %}](https://github.blog/2022-06-28-improving-git-protocol-security-on-github-enterprise-server){% ifversion ghes < 3.6 %}.{% elsif ghes > 3.5 %} and "[Configuring SSH connections to your instance](/admin/configuration/configuring-your-enterprise/configuring-ssh-connections-to-your-instance)."{% endif %}
+
+```shell
+ghe-find-insecure-git-operations
+```
+
+{% endif %}
+
 ## Support
 
 ### ghe-diagnostics

content/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications.md

@@ -85,6 +85,18 @@ settings to allow incoming emails](#configuring-dns-and-firewall-settings-to-all
 ![Save settings button](/assets/images/enterprise/management-console/save-settings.png)
 {% data reusables.enterprise_site_admin_settings.wait-for-configuration-run %}
 
+{% ifversion require-tls-for-smtp %}
+## Enforcing TLS for SMTP connections
+
+You can enforce TLS encryption for all incoming SMTP connections, which can help satisfy an ISO-27017 certification requirement.
+
+{% data reusables.enterprise_site_admin_settings.email-settings %}
+1. Under "Authentication," select **Enforce TLS auth (recommended)**.
+
+   ![Screenshot of the "Enforce TLS auth (recommended)" checkbox](/assets/images/enterprise/configuration/enforce-tls-for-smtp-checkbox.png)
+{% data reusables.enterprise_management_console.save-settings %}
+{% endif %}
+
 ## Configuring DNS and firewall settings to allow incoming emails
 
 If you want to allow email replies to notifications, you must configure your DNS settings.

content/admin/configuration/configuring-your-enterprise/configuring-host-keys-for-your-instance.md

@@ -0,0 +1,47 @@
+---
+title: Configuring host keys for your instance
+shortTitle: Configure host keys
+intro: 'You can increase the security of {% data variables.product.product_location %} by configuring the algorithms that your instance uses to generate and advertise host keys for incoming SSH connections.'
+permissions: "Site administrators can configure the host keys for a {% data variables.product.product_name %} instance."
+versions:
+  ghes: '>= 3.6'
+type: how_to
+topics:
+  - Authentication
+  - Enterprise
+  - Infrastructure
+  - Networking
+  - Security
+  - SSH
+---
+
+## About host keys for your instance
+
+Servers that accept SSH connections advertise one or more cryptographic host keys to securely identify the server to SSH clients. To confirm the server's identity during the initialization of a connection, clients store and verify the host key. For more information, see [SSH Host Key - What, Why, How](https://ssh.com/academy/ssh/host-key) on the SSH Academy website.
+
+{% data reusables.enterprise.about-ssh-ports %}
+
+By default, {% data variables.product.product_location %} generates and advertises host keys with OpenSSH-style host key rotation. To increase the security of SSH in your environment, you can enable additional algorithms for the generation of host keys.
+
+{% note %}
+
+**Note**: If you enable additional host key algorithms, clients that do not use OpenSSH for SSH connections may experience warnings during connection, or fail to connect entirely. Some SSH implementations can ignore unsupported algorithms and fall back to a different algorithm. If the client does not support fallback, the connection will fail. For example, the SSH library for Go does not support fallback to a different algorithm.
+
+{% endnote %}
+
+## Managing an Ed25519 host key
+
+To improve security for clients that connect to {% data variables.product.product_location %}, you can enable the generation and advertisement of an Ed25519 host key. Ed25519 is immune to some attacks that target older signature algorithms, without sacrificing speed. Older SSH clients may not support Ed25519. By default, {% data variables.product.product_name %} instances do not generate or advertise an Ed25519 host key. For more information, see [the Ed25519 website](https://ed25519.cr.yp.to).
+
+{% data reusables.enterprise_installation.ssh-into-instance %}
+1. To enable generation and advertisement of the Ed25519 host key, enter the following command.
+
+   ```shell
+   ghe-config app.babeld.host-key-ed25519 true
+   ```
+1. Optionally, enter the following command to disable generation and advertisement of the Ed25519 host key.
+
+   ```shell
+   ghe-config app.babeld.host-key-ed25519 false
+   ```
+{% data reusables.enterprise.apply-configuration %}

content/admin/configuration/configuring-your-enterprise/configuring-ssh-connections-to-your-instance.md

@@ -0,0 +1,52 @@
+---
+title: Configuring SSH connections to your instance
+shortTitle: Configure SSH connections
+intro: 'You can increase the security of {% data variables.product.product_location %} by configuring the SSH algorithms that clients can use to establish a connection.'
+permissions: "Site administrators can configure SSH connections to a {% data variables.product.product_name %} instance."
+versions:
+  ghes: '>= 3.6'
+type: how_to
+topics:
+  - Authentication
+  - Enterprise
+  - Infrastructure
+  - Networking
+  - Security
+  - SSH
+---
+
+## About SSH connections to your instance
+
+{% data reusables.enterprise.about-ssh-ports %}
+
+To accommodate the SSH clients in your environment, you can configure the types of connections that {% data variables.product.product_location %} will accept.
+
+## Configuring SSH connections with RSA keys
+
+When users perform Git operations on {% data variables.product.product_location %} via SSH over port 22, the client can authenticate with an RSA key. The client may sign the attempt using the SHA-1 hash function. In this context, the SHA-1 hash function is no longer secure. For more information, see [SHA-1](https://en.wikipedia.org/wiki/SHA-1) on Wikipedia.
+
+By default{% ifversion ghes < 3.7 %} on {% data variables.product.product_name %} 3.6 and later{% endif %}, SSH connections that satisfy **both** of the following conditions will fail.
+
+{% data reusables.ssh.rsa-sha-1-connection-failure-criteria %}
+
+You can adjust the cutoff date. If the user uploaded the RSA key before the cutoff date, the client can continue to connect successfuly using SHA-1 as long as the key remains valid. Alternatively, you can reject all SSH connections authenticated with an RSA key if the client signs the connection using the SHA-1 hash function.
+
+Regardless of the setting you choose for your instance, clients can continue to connect using any RSA key signed with a SHA-2 hash function.
+
+If you use an SSH certificate authority, connections will fail if the certificate's `valid_after` date is after the cutoff date. For more information, see "[About SSH certificate authorities](/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities)."
+
+For more information, see [{% data variables.product.prodname_blog %}](https://github.blog/2022-06-28-improving-git-protocol-security-on-github-enterprise-server).
+
+{% data reusables.enterprise_installation.ssh-into-instance %}
+1. Audit your instance's logs for connections that use unsecure algorithms or hash functions using the `ghe-find-insecure-git-operations` utility. For more information, see "[Command-line utilities](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-find-insecure-git-operations)."
+1. To configure a cutoff date after which {% data variables.product.product_location %} will deny connections from clients that use an RSA key uploaded after the date if the connection is signed by the SHA-1 hash function, enter the following command. Replace _**RFC-3399-UTC-TIMESTAMP**_ with a valid RFC 3399 UTC timestamp. For example, the default value, August 1, 2022, would be represented as `2022-08-01T00:00:00Z`. For more information, see [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339) on the IETF website.
+
+   <pre>
+   $ ghe-config app.gitauth.rsa-sha1 <em>RFC-3339-UTC-TIMESTAMP</em>
+   </pre>
+1. Alternatively, to completely disable SSH connections using RSA keys that are signed with the SHA-1 hash function, enter the following command.
+
+   ```shell
+   ghe-config app.gitauth.rsa-sha1 false
+   ```
+{% data reusables.enterprise.apply-configuration %}

content/admin/configuration/configuring-your-enterprise/index.md

@@ -25,15 +25,17 @@ children:
   - /site-admin-dashboard
   - /enabling-private-mode
   - /managing-github-mobile-for-your-enterprise
+  - /configuring-ssh-connections-to-your-instance
   - /configuring-email-for-notifications
   - /verifying-or-approving-a-domain-for-your-enterprise
   - /configuring-rate-limits
   - /configuring-applications
-  - /troubleshooting-ssl-errors
+  - /troubleshooting-tls-errors
   - /configuring-time-synchronization
   - /command-line-utilities
   - /restricting-network-traffic-to-your-enterprise
   - /configuring-github-pages-for-your-enterprise
+  - /configuring-host-keys-for-your-instance
   - /configuring-the-referrer-policy-for-your-enterprise
   - /configuring-custom-footers
   - /configuring-web-commit-signing

content/admin/configuration/configuring-your-enterprise/initializing-github-ae.md

@@ -8,6 +8,7 @@ topics:
   - Enterprise
 redirect_from:
   - /admin/configuration/initializing-github-ae
+  - /enterprise-server@latest/admin/configuration/configuring-your-enterprise/initializing-github-ae
 ---
 ## About initialization
 

content/admin/configuration/configuring-your-enterprise/troubleshooting-tls-errors.md

@@ -1,12 +1,13 @@
 ---
-title: Troubleshooting SSL errors
-intro: 'If you run into SSL issues with your appliance, you can take actions to resolve them.'
+title: Troubleshooting TLS errors
+intro: 'If you run into TLS issues with your appliance, you can take actions to resolve them.'
 redirect_from:
   - /enterprise/admin/articles/troubleshooting-ssl-errors
   - /enterprise/admin/categories/dns-ssl-and-subdomain-configuration
   - /enterprise/admin/installation/troubleshooting-ssl-errors
   - /enterprise/admin/configuration/troubleshooting-ssl-errors
   - /admin/configuration/troubleshooting-ssl-errors
+  - /admin/configuration/configuring-your-enterprise/troubleshooting-ssl-errors
 versions:
   ghes: '*'
 type: how_to
@@ -17,7 +18,7 @@ topics:
   - Networking
   - Security
   - Troubleshooting
-shortTitle: Troubleshoot SSL errors
+shortTitle: Troubleshoot TLS errors
 ---
 ## Removing the passphrase from your key file
 
@@ -36,7 +37,7 @@ You'll be prompted for the key's passphrase when you run this command.
 
 For more information about OpenSSL, see [OpenSSL's documentation](https://www.openssl.org/docs/).
 
-## Converting your SSL certificate or key into PEM format
+## Converting your TLS certificate or key into PEM format
 
 If you have OpenSSL installed, you can convert your key into PEM format by using the `openssl` command. For example, you can convert a key from DER format into PEM format.
 
@@ -48,11 +49,11 @@ Otherwise, you can use the SSL Converter tool to convert your certificate into t
 
 ## Unresponsive installation after uploading a key
 
-If {% data variables.product.product_location %} is unresponsive after uploading an SSL key, please [contact {% data variables.product.prodname_enterprise %} Support](https://enterprise.github.com/support) with specific details, including a copy of your SSL certificate.
+If {% data variables.product.product_location %} is unresponsive after uploading an TLS key, please [contact {% data variables.product.prodname_enterprise %} Support](https://enterprise.github.com/support) with specific details, including a copy of your TLS certificate. Ensure that your private key **is not** included. 
 
 ## Certificate validity errors
 
-Clients such as web browsers and command-line Git will display an error message if they cannot verify the validity of an SSL certificate. This often occurs with self-signed certificates as well as "chained root" certificates issued from an intermediate root certificate that is not recognized by the client.
+Clients such as web browsers and command-line Git will display an error message if they cannot verify the validity of an TLS certificate. This often occurs with self-signed certificates as well as "chained root" certificates issued from an intermediate root certificate that is not recognized by the client.
 
 If you are using a certificate signed by a certificate authority (CA), the certificate file that you upload to {% data variables.product.prodname_ghe_server %} must include a certificate chain with that CA's root certificate. To create such a file, concatenate your entire certificate chain (or "certificate bundle") onto the end of your certificate, ensuring that the principal certificate with your hostname comes first. On most systems you can do this with a command similar to:
 
@@ -60,7 +61,7 @@ If you are using a certificate signed by a certificate authority (CA), the certi
 $ cat yourdomain.com.crt bundle-certificates.crt > yourdomain.combined.crt
 ```
 
-You should be able to download a certificate bundle (for example, `bundle-certificates.crt`) from your certificate authority or SSL vendor.
+You should be able to download a certificate bundle (for example, `bundle-certificates.crt`) from your certificate authority or TLS vendor.
 
 ## Installing self-signed or untrusted certificate authority (CA) root certificates
 
@@ -80,6 +81,6 @@ If your {% data variables.product.prodname_ghe_server %} appliance interacts wit
   $ ghe-ssl-ca-certificate-install -c rootCA.crt
   ```
 
-## Updating an SSL certificate
+## Updating a TLS certificate
 
-You can generate a new self-signed certificate or update an existing SSL certificate for {% data variables.product.product_location %} with the `ghe-ssl-certificate-setup` command line utility. For more information, see "[Command-line utilities](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-ssl-ca-certificate-setup)."
+You can generate a new self-signed certificate or update an existing TLS certificate for {% data variables.product.product_location %} with the `ghe-ssl-certificate-setup` command line utility. For more information, see "[Command-line utilities](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-ssl-ca-certificate-setup)."

content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md

@@ -40,7 +40,7 @@ Then,{% else %}First,{% endif %} decide whether you'll allow third-party actions
 Consider combining OpenID Connect (OIDC) with reusable workflows to enforce consistent deployments across your repository, organization, or enterprise. You can do this by defining trust conditions on cloud roles based on reusable workflows. For more information, see "[Using OpenID Connect with reusable workflows](/actions/deployment/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows)."
 {% endif %}
 
-You can access information about activity related to {% data variables.product.prodname_actions %} in the audit logs for your enterprise. If your business needs require retaining audit logs for longer than six months, plan how you'll export and store this data outside of {% data variables.product.prodname_dotcom %}. For more information, see {% ifversion ghec %}"[Streaming the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise)" and "[Exporting audit log activity for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise)."{% else %}"[Log forwarding](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)."{% endif %}
+You can access information about activity related to {% data variables.product.prodname_actions %} in the audit logs for your enterprise. If your business needs require retaining this information longer than audit log data is retained, plan how you'll export and store this data outside of {% data variables.product.prodname_dotcom %}. For more information, see {% ifversion ghec %}"[Exporting audit log activity for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise)" and "[Streaming the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise)."{% else %}{% ifversion audit-log-streaming %}"[Streaming the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise)" and {% endif %}"[Log forwarding](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)."{% endif %}
 
 ![Audit log entries](/assets/images/help/repository/audit-log-entries.png)
 

content/admin/guides.md

@@ -52,6 +52,8 @@ includeGuides:
   - /admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise
   - /admin/configuration/configuring-your-enterprise/managing-github-mobile-for-your-enterprise
   - /admin/configuration/connecting-your-enterprise-account-to-github-enterprise-cloud
+  - /admin/configuration/configuring-your-enterprise/configuring-ssh-connections-to-your-instance
+  - /admin/configuration/configuring-your-enterprise/configuring-host-keys-for-your-instance
   - /admin/configuration/enabling-and-scheduling-maintenance-mode
   - /admin/configuration/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise
   - /admin/configuration/enabling-private-mode

content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics.md

@@ -10,8 +10,6 @@ topics:
   - Enterprise
 ---
 
-{% data reusables.server-statistics.release-phase %}
-
 ## About the benefits of {% data variables.product.prodname_server_statistics %}
 
 {% data variables.product.prodname_server_statistics %} can help you anticipate the needs of your organization, understand how your team works, and show the value you get from {% data variables.product.prodname_ghe_server %}.

content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/exporting-server-statistics.md

@@ -8,8 +8,6 @@ redirect_from:
   - /early-access/github/analyze-how-your-team-works-with-server-statistics/exploring-server-statistics
 ---
 
-{% data reusables.server-statistics.release-phase %}
-
 You can download up to the last 365 days of {% data variables.product.prodname_server_statistics %} data in a CSV or JSON file. This data, which includes aggregate metrics on repositories, issues, and pull requests, can help you anticipate the needs of your organization, understand how your team works, and show the value you get from {% data variables.product.prodname_ghe_server %}. 
 
 Before you can download this data, you must enable {% data variables.product.prodname_server_statistics %}. For more information, see "[Enabling {% data variables.product.prodname_server_statistics %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-server-statistics-for-your-enterprise)." 

content/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/requesting-server-statistics-using-the-rest-api.md

@@ -8,8 +8,6 @@ redirect_from:
   - /early-access/github/analyze-how-your-team-works-with-server-statistics/requesting-server-statistics-using-the-rest-api
 ---
 
-{% data reusables.server-statistics.release-phase %}
-
 You can request up to 365 days of metrics in a single {% data variables.product.prodname_server_statistics %} REST API request. This data, which includes aggregate metrics on repositories, issues, and pull requests, can help you anticipate the needs of your organization, understand how your team works, and show the value you get from {% data variables.product.prodname_ghe_server %}. For a list of the metrics collected, see "[{% data variables.product.prodname_server_statistics %} data collected](/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics#server-statistics-data-collected)."
 
 Before you can use the {% data variables.product.prodname_server_statistics %} REST API, you must enable {% data variables.product.prodname_server_statistics %}. For more information, see "[Enabling {% data variables.product.prodname_server_statistics %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-server-statistics-for-your-enterprise)." 

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md

@@ -39,9 +39,10 @@ As an enterprise owner{% ifversion ghes %} or site administrator{% endif %}, you
 {%- ifversion enterprise-audit-log-ip-addresses %}
 - You can display the IP address associated with events in the audit log. For more information, see "[Displaying IP addresses in the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise)."
 {%- endif %}
-{%- ifversion ghec %}
+{%- ifversion audit-log-streaming %}
 - You can stream audit and Git events data from {% data variables.product.prodname_dotcom %} to an external data management system. For more information, see "[Streaming the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise)."
-{%- else %}
+{%- endif %}
+{%- ifversion ghes %}
 - You can forward audit and system logs, from your enterprise to an third-party hosted monitoring system. For more information, see "[Log forwarding](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)."
 {%- endif %}
 {%- ifversion ghec or ghes > 3.2 or ghae-issue-6648 %}
@@ -50,13 +51,6 @@ As an enterprise owner{% ifversion ghes %} or site administrator{% endif %}, you
 
 For a full list of audit log actions that may appear in your enterprise audit log, see "[Audit log actions for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)."
 
-{% ifversion ghec %}
-## Git events
-
-Git events data, such as cloning, fetching, and pushing is logged. For more information, see "[Streaming the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise)."
-
-{% endif %}
-
 ## Further reading
 - "[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)"
 {%- ifversion ghes %}

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md

@@ -59,7 +59,7 @@ The scope of the events that appear in your enterprise's audit log depend on whe
 |--------|-------------
 | `artifact.destroy`    | A workflow run artifact was manually deleted.
 
-{%- ifversion ghec %}
+{%- ifversion audit-log-streaming %}
 ## `audit_log_streaming` category actions
 
 | Action | Description

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md

@@ -3,7 +3,7 @@ title: Streaming the audit log for your enterprise
 intro: 'You can stream audit and Git events data from {% data variables.product.prodname_dotcom %} to an external data management system.'
 miniTocMaxHeadingLevel: 3
 versions:
-  ghec: '*'
+  feature: audit-log-streaming
 type: tutorial
 topics:
   - Auditing
@@ -17,6 +17,14 @@ redirect_from:
 permissions: Enterprise owners can configure audit log streaming.
 ---
 
+{% ifversion ghes %}
+{% note %}
+
+**Note:** Audit log streaming is currently in beta for {% data variables.product.product_name %} and is subject to change.
+
+{% endnote %}
+{% endif %}
+
 ## About audit log streaming
 
 To help protect your intellectual property and maintain compliance for your organization, you can use streaming to keep copies of your audit log data and monitor:
@@ -24,11 +32,11 @@ To help protect your intellectual property and maintain compliance for your orga
 
 The benefits of streaming audit data include:
 
-* **Data exploration**. You can examine streamed events using your preferred tool for querying large quantities of data. The stream contains both audit events and Git events across the entire enterprise account.
-* **Data continuity**. You can pause the stream for up to seven days without losing any audit data.
+* **Data exploration**. You can examine streamed events using your preferred tool for querying large quantities of data. The stream contains both audit events and Git events across the entire enterprise account.{% ifversion pause-audit-log-stream %}
+* **Data continuity**. You can pause the stream for up to seven days without losing any audit data.{% endif %}
 * **Data retention**. You can keep your exported audit logs and Git events data as long as you need to.
 
-Enterprise owners can set up, pause, or delete a stream at any time. The stream exports the audit data for all of the organizations in your enterprise.
+Enterprise owners can set up{% ifversion pause-audit-log-stream %}, pause,{% endif %} or delete a stream at any time. The stream exports the audit and Git events data for all of the organizations in your enterprise.
 
 ## Setting up audit log streaming
 
@@ -47,6 +55,7 @@ You can set up streaming to S3 with access keys or, to avoid storing long-lived
 
 - [Setting up streaming to S3 with access keys](#setting-up-streaming-to-s3-with-access-keys)
 - [Setting up streaming to S3 with OpenID Connect](#setting-up-streaming-to-s3-with-openid-connect)
+- [Disabling streaming to S3 with OpenID Connect](#disabling-streaming-to-s3-with-openid-connect)
 
 #### Setting up streaming to S3 with access keys
 {% endif %}
@@ -123,6 +132,13 @@ For information on creating or accessing your access key ID and secret key, see
    - Under "ARN Role" type the ARN role you noted earlier. For example, `arn:aws::iam::1234567890:role/github-audit-log-streaming-role`.
 {% data reusables.audit_log.streaming-check-s3-endpoint %}
 {% data reusables.enterprise.verify-audit-log-streaming-endpoint %}
+
+#### Disabling streaming to S3 with OpenID Connect
+
+If you want to disable streaming to S3 with OIDC for any reason, such as the discovery of a security vulnerability in OIDC, delete the {% data variables.product.prodname_dotcom %} OIDC provider you created in AWS when you set up streaming. For more information, see [Creating OpenID Connect (OIDC) identity providers](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html) in the AWS documentation.
+
+Then, set up streaming with access keys until the vulnerability is resolved. For more information, see "[Setting up streaming to S3 with access keys](#setting-up-streaming-to-s3-with-access-keys)."
+
 {% endif %}
 
 ### Setting up streaming to Azure Blob Storage
@@ -265,6 +281,7 @@ To stream audit logs to Splunk's HTTP Event Collector (HEC) endpoint you must ma
    ![Check the endpoint](/assets/images/help/enterprises/audit-stream-check-splunk.png)
 {% data reusables.enterprise.verify-audit-log-streaming-endpoint %}
 
+{% ifversion pause-audit-log-stream %}
 ## Pausing audit log streaming
 
 Pausing the stream allows you to perform maintenance on the receiving application without losing audit data. Audit logs are stored for up to seven days on {% data variables.product.product_location %} and are then exported when you unpause the stream.
@@ -277,6 +294,7 @@ Pausing the stream allows you to perform maintenance on the receiving applicatio
 1. A confirmation message is displayed. Click **Pause stream** to confirm.
 
 When the application is ready to receive audit logs again, click **Resume stream** to restart streaming audit logs.
+{% endif %}
 
 ## Deleting the audit log stream
 

content/admin/overview/about-enterprise-accounts.md

@@ -82,14 +82,6 @@ For more information about the differences between {% data variables.product.pro
 
 {% endif %}
 
-{% ifversion ghec %}
-
-## About {% data variables.product.prodname_emus %}
-
-{% data reusables.enterprise-accounts.emu-short-summary %}
-
-{% endif %}
-
 ## About billing for your enterprise account
 
 The bill for your enterprise account includes the monthly cost for each member of your enterprise. The bill includes {% ifversion ghec %}any paid licenses in organizations outside of your enterprise account, subscriptions to apps in {% data variables.product.prodname_marketplace %}, {% endif %}{% ifversion ghec or ghae %}additional paid services for your enterprise{% ifversion ghec %} like data packs for {% data variables.large_files.product_name_long %},{% endif %} and{% endif %} usage for {% data variables.product.prodname_GH_advanced_security %}.

content/admin/overview/about-github-ae.md

@@ -15,6 +15,8 @@ topics:
 
 {% data variables.product.prodname_ghe_managed %} offers one developer platform from idea to production. You can increase development velocity with the tools that teams know and love, while you maintain industry and regulatory compliance with security and access controls, workflow automation, and policy enforcement. 
 
+{% data reusables.enterprise.about-github-for-enterprises %}
+
 ## A highly available and planet-scale cloud
 
 {% data variables.product.prodname_ghe_managed %} is a fully managed service, hosted in a high availability architecture. {% data variables.product.prodname_ghe_managed %} is hosted globally in a cloud that can scale to support your full development lifecycle without limits. {% data variables.product.prodname_dotcom %} fully manages backups, failover, and disaster recovery, so you never need to worry about your service or data. 

content/admin/overview/about-github-enterprise-server.md

@@ -11,7 +11,7 @@ topics:
 
 ## About {% data variables.product.product_name %}
 
-{% data reusables.enterprise.ghes-is-a-self-hosted-platform %} Your team can use {% data variables.product.product_name %} to build and ship software using Git version control, powerful APIs, productivity and collaboration tools, and integrations. Developers familiar with {% data variables.product.prodname_dotcom_the_website %} can onboard and contribute seamlessly using familiar features and workflows.
+{% data reusables.enterprise.ghes-is-a-self-hosted-platform %} Your team can use {% data variables.product.product_name %} to build and ship software using Git version control, powerful APIs, productivity and collaboration tools, and integrations. Developers familiar with {% data variables.product.prodname_dotcom_the_website %} can onboard and contribute seamlessly using familiar features and workflows. {% data reusables.enterprise.about-github-for-enterprises %}
 
 {% data reusables.enterprise.ghes-runs-on-your-infrastructure %}
 

content/admin/overview/about-github-for-enterprises.md

@@ -0,0 +1,41 @@
+---
+title: About GitHub for enterprises
+intro: "Businesses can use {% data variables.product.prodname_dotcom %}'s enterprise products to improve their entire software development lifecyle."
+versions:
+  ghec: '*'
+  ghes: '*'
+  ghae: '*'
+type: overview
+topics:
+  - Enterprise
+  - Fundamentals
+---
+
+## About {% data variables.product.prodname_dotcom %} for enterprises
+
+{% data variables.product.prodname_dotcom %} is a complete developer platform to build, scale, and deliver secure software. Businesses use our suite of products to support the entire software development lifecycle, increasing development velocity and improving code quality.
+
+Developers can store and version control your source code in repositories, using issues and projects to plan and track their work. They can code in a cloud-hosted development environment, {% data variables.product.prodname_github_codespaces %}, then review each other's code changes with pull requests, using code security features to keep secrets and vulnerabilities out of your codebase. Finally, you can automate your build, test, and deployment pipeline with {% data variables.product.prodname_actions %} and host software packages with {% data variables.product.prodname_registry %}.
+
+When businesses adopt {% data variables.product.prodname_enterprise %}, their return on investment (ROI) is high. For example, their developers save 45 minutes per day, and onboarding and training time is reduced by 40%. For more information, see [The Total Economic Impact of {% data variables.product.prodname_enterprise %}](https://resources.github.com/downloads/TEI-of-GitHub-Enterprise.pdf).
+
+To simplify administration for all the stages in the software development lifecyle, we provide a single point of visibility and management called an enterprise account. Enterprise accounts enable you to manage billing and settings, enforce policy, and audit the people with access to your enterprise's resources. For more information, see "[About enterprise accounts](/admin/overview/about-enterprise-accounts)."
+
+Optionally, you can add extra code security features with {% data variables.product.prodname_GH_advanced_security %}, and enhanced support options with {% data variables.contact.premium_support %}. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)" and "[About {% data variables.contact.premium_support %}]({% ifversion ghae %}/enterprise-cloud@latest{% endif %}/support/learning-about-github-support/about-github-premium-support){% ifversion ghae %}" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}."{% endif %}
+
+## About deployment options
+
+When you purchase {% data variables.product.prodname_enterprise %}, you get access to both {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_ghe_server %}. {% data variables.product.prodname_ghe_cloud %} is a set of advanced functionality on {% data variables.product.prodname_dotcom_the_website %}, while {% data variables.product.prodname_ghe_server %} is self-hosted platform. For more information, see "[About {% data variables.product.prodname_ghe_server %}]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/overview/about-github-enterprise-server){% ifversion not ghes %}" in the {% data variables.product.prodname_ghe_server %} documentation.{% else %}."{% endif %}
+
+For {% data variables.product.prodname_ghe_cloud %}, you can allow developers to create and manage their own personal accounts, or you can use {% data variables.product.prodname_emus %}, which enables you to create and manage the user accounts for your developers. For more information, see "[About authentication for your enterprise](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise)."
+
+{% data variables.product.prodname_ghe_managed %} is in limited availability for select customers with stringent security and compliance requirements. For more information, see "[About {% data variables.product.prodname_ghe_managed %}](/github-ae@latest/admin/overview/about-github-ae){% ifversion not ghae %}" in the {% data variables.product.prodname_ghe_managed %} documentation.{% else %}."{% endif %}
+
+You can benefit from the power of {% data variables.product.prodname_dotcom_the_website %} even while using {% data variables.product.prodname_ghe_server %} or {% data variables.product.prodname_ghe_managed %} by enabling {% data variables.product.prodname_github_connect %}, which allows you to configure additional features and workflows such as {% data variables.product.prodname_dependabot_alerts %} for insecure dependencies.{% ifversion ghec %}
+
+- "[About {% data variables.product.prodname_github_connect %}](/enterprise-server@latest/admin/configuration/configuring-github-connect/about-github-connect)" in the {% data variables.product.prodname_ghe_server %} documentation
+- "[About {% data variables.product.prodname_github_connect %}](/github-ae@latest/admin/configuration/configuring-github-connect/about-github-connect)" in the {% data variables.product.prodname_ghe_managed %} documentation{% else %} For more information, see "[About {% data variables.product.prodname_github_connect %}](/admin/configuration/configuring-github-connect/about-github-connect)."{% endif %}
+
+## Further reading
+
+- [Compare {% data variables.product.prodname_dotcom %} to other DevOps solutions](https://resources.github.com/devops/tools/compare/) in {% data variables.product.company_short %} Resources

content/admin/overview/index.md

@@ -8,6 +8,7 @@ versions:
   ghes: '*'
   ghae: '*'
 children:
+  - /about-github-for-enterprises
   - /about-github-enterprise-server
   - /about-github-ae
   - /about-upgrades-to-new-releases

content/admin/packages/index.md

@@ -14,6 +14,7 @@ children:
   - /enabling-github-packages-with-minio
   - /quickstart-for-configuring-your-minio-storage-bucket-for-github-packages
   - /configuring-package-ecosystem-support-for-your-enterprise
+  - /migrating-your-enterprise-to-the-container-registry-from-the-docker-registry
 shortTitle: Manage GitHub Packages
 ---
 {% data reusables.package_registry.packages-ghes-release-stage %}

content/admin/packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md

@@ -0,0 +1,85 @@
+---
+title: Migrating your enterprise to the Container registry from the Docker registry
+intro: 'You can migrate Docker images previously stored in the Docker registry on {% data variables.product.product_location %} to the {% data variables.product.prodname_container_registry %}.'
+product: '{% data reusables.gated-features.packages %}'
+permissions: "Enterprise owners can migrate Docker images to the {% data variables.product.prodname_container_registry %}."
+versions:
+  feature: 'docker-ghcr-enterprise-migration'
+shortTitle: Migrate to Container registry
+topics:
+  - Containers
+  - Docker
+  - Migration
+---
+
+{% data reusables.package_registry.container-registry-ghes-beta %}
+
+## About the {% data variables.product.prodname_container_registry %}
+
+{% data reusables.package_registry.container-registry-benefits %} For more information, see "[Working with the {% data variables.product.prodname_container_registry %}](/packages/working-with-a-github-packages-registry/working-with-the-container-registry)."
+
+For more information about configuring {% data variables.product.prodname_registry %} for {% data variables.product.product_location %}, see "[Getting started with {% data variables.product.prodname_registry %} for your enterprise](/admin/packages/getting-started-with-github-packages-for-your-enterprise)."
+
+## About migration from the Docker registry
+
+{% data reusables.package_registry.container-registry-replaces-docker-registry %} If the Docker registry on {% data variables.product.product_location %} contains images, you must manually migrate the images to the {% data variables.product.prodname_container_registry %}.
+
+{% ifversion ghes %}
+
+{% note %}
+
+**Note**: {% data reusables.package_registry.container-registry-ghes-migration-availability %}
+
+{% endnote %}
+
+{% endif %}
+
+{% data reusables.package_registry.container-registry-migration-namespaces %} For more information about the impact of migration to the {% data variables.product.prodname_container_registry %}, see "[Migrating to the  {% data variables.product.prodname_container_registry %} from the Docker registry](/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry#about-migration-from-the-docker-registry)."
+
+## Migrating organizations to the {% data variables.product.prodname_container_registry %}
+
+You can start a migration of all your organizations' Docker images to the {% data variables.product.prodname_container_registry %}. The duration of the migration operation depends on the total number of images to migrate, and the overall load on {% ifversion ghes %}your instance{% elsif ghae %}{% data variables.product.product_name %}{% endif %}. After a successful migration, {% data variables.product.product_name %} will display a summary, and all future uploads of Docker images will use the {% data variables.product.prodname_container_registry %}.
+
+If {% ifversion ghes %}a site administrator{% elsif ghae %}an enterprise owner{% endif %} has configured email notifications for {% data variables.product.product_location %}, you will receive an email after the migration is complete. For more information, see "[Configuring email for notifications](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications)."
+
+{% note %}
+
+**{% ifversion ghes %}Notes{% elsif ghae %}Note{% endif %}**:
+
+{%- ifversion ghes %}
+- During the migration, the CPU and memory usage for your instance will increase. To ensure the performance of the instance for your users, {% data variables.product.company_short %} recommends that you begin a migration during a period of reduced activity.
+{%- endif %}
+{% ifversion ghes %}- {% endif %}During the migration, do not modify settings for your enterprise{% ifversion ghes %} or run `ghe-config-apply` from an administrative SSH session{% endif %}. {% ifversion ghes %}These actions will trigger a configuration run, which can restart services and {% elsif ghae %}Modifying these settings {% endif %} may interrupt the migration.
+{%- ifversion ghes %}
+- After the migration, storage pressure on your instance will increase due to the duplication of image files in the Docker registry and the {% data variables.product.prodname_container_registry %}. A future release of {% data variables.product.product_name %} will remove the duplicated files when all migrations are complete.
+
+For more information about monitoring the performance and storage of {% data variables.product.product_location %}, see "[Accessing the monitor dashboard](/admin/enterprise-management/monitoring-your-appliance/accessing-the-monitor-dashboard)."
+{% endif %}
+
+{% endnote %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+1. In the left sidebar, click **Packages**.
+1. To the right of the number of packages to migrate, click **Start migration**. During the migration, {% data variables.product.product_name %} will display progress on this page.
+
+After the migration completes, the page will display the results. If a migration fails, the page will show the organizations that own the package that caused the failure.
+
+## Re-running a failed organization migration
+
+Prior to migration, if a user has created a package in the {% data variables.product.prodname_container_registry %} that has an identical name to an existing package in the Docker registry, the migration will fail.
+
+1. Delete the affected container in the {% data variables.product.prodname_container_registry %}. For more information, see "[Deleting and restoring a package](/packages/learn-github-packages/deleting-and-restoring-a-package#deleting-a-version-of-an-organization-scoped-package-on-github)."
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.packages-tab %}
+1. To the right of the number of packages to migrate, click **Re-run migration**. During the migration, {% data variables.product.product_name %} will display progress on this page.
+1. If the migration fails again, start from step 1 and re-run the migration.
+
+{% ifversion ghes %}
+
+## Monitoring traffic to the registries
+
+You can use visualize traffic to the Docker registry and {% data variables.product.prodname_container_registry %} from {% data variables.product.product_location %}'s monitor dashboard. The "GitHub Container Package Registry" graph can help you confirm that you've successfully migrated all images to the {% data variables.product.prodname_container_registry %}. In the graph, "v1" represents traffic to the Docker registry, and "v2" represents traffic to the {% data variables.product.prodname_container_registry %}. For more information, see "[Accessing the monitor dashboard](/admin/enterprise-management/monitoring-your-appliance/accessing-the-monitor-dashboard)."
+
+{% endif %}

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md

@@ -13,6 +13,7 @@ redirect_from:
   - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-github-actions-policies-for-your-enterprise
   - /github/setting-up-and-managing-your-enterprise-account/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account
   - /github/setting-up-and-managing-your-enterprise/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account
+  - /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account
 versions:
   ghec: '*'
   ghes: '*'

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md

@@ -209,6 +209,30 @@ By default, when you enforce repository upload limits, people cannot add or upda
 5. Optionally, to enforce a maximum upload limit for all repositories in your enterprise, select **Enforce on all repositories**
 ![Enforce maximum object size on all repositories option](/assets/images/enterprise/site-admin-settings/all-repo-upload-limit-option.png)
 
+{% ifversion profile-name-enterprise-setting %}
+
+## Enforcing a policy for the display of member names in your repositories
+
+Across all organizations owned by your enterprise, you can allow members to see a comment author's profile name, in addition to their username, in issues and pull requests for public and internal repositories.
+
+![Commenter's profile name displayed in comment](/assets/images/help/issues/commenter-full-name.png)
+
+{% note %}
+
+**Note:** When this policy is enforced for all repositories in the enterprise, it overrides the organization setting for private repositories. For more information, see "[Managing the display of member names in your organization](/organizations/managing-organization-settings/managing-the-display-of-member-names-in-your-organization)".
+
+{% endnote %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.options-tab %}
+4. Under "Allow members to see the comment author's profile name in public and internal repositories", select the dropdown menu and click a policy.
+![Screenshot of Options page with policy drop down emphasized](/assets/images/enterprise/site-admin-settings/comment-authors-profile-name-drop-down.png)
+5. Optionally, to enforce the display of profile names for all repositories in your enterprise, select **Enforce for all repositories on the instance**.
+![Screenshot of "Enforce for all repositories" option emphasized](/assets/images/enterprise/site-admin-settings/enforce-for-all-repositories-option.png)
+
+{% endif %}
+
 ## Configuring the merge conflict editor for pull requests between repositories
 
 Requiring users to resolve merge conflicts locally on their computer can prevent people from inadvertently writing to an upstream repository from a fork.
@@ -276,10 +300,22 @@ You can override the default inherited settings by configuring the settings for
 
 {% data reusables.enterprise_user_management.disclaimer-for-git-read-access %}
 
-{% ifversion ghes %}If you have [enabled private mode](/enterprise/admin/configuration/enabling-private-mode) on your enterprise, you {% else %}You {% endif %}can allow repository administrators to enable anonymous Git read access to public repositories.
+If you have [enabled private mode](/enterprise/admin/configuration/enabling-private-mode) for {% data variables.product.product_location %}, you can allow repository administrators to enable anonymous Git read access to public repositories.
 
 Enabling anonymous Git read access allows users to bypass authentication for custom tools on your enterprise. When you or a repository administrator enable this access setting for a repository, unauthenticated Git operations (and anyone with network access to {% data variables.product.product_name %}) will have read access to the repository without authentication.
 
+Anonymous Git read access is disabled by default.{% ifversion ghes = 3.4 or ghes = 3.5 or ghes = 3.6 or ghes = 3.7 %} When you upgrade to {% data variables.product.product_name %} 3.6 or later, anonymous Git read access is automatically disabled at the application level, and `git://` connections on port 9418 will return the following error.
+
+```
+The unauthenticated git protocol on port 9418 is no longer supported.
+```
+
+If you wish to support the unathenticated Git protocol in your environment, you must manually re-enable the feature. {% data variables.product.company_short %} recommends using SSH instead of the Git protocol. For more information, see [{% data variables.product.prodname_blog %}](https://github.blog/2022-06-28-improving-git-protocol-security-on-github-enterprise-server).
+
+{% endif %}
+
+
+
 If necessary, you can prevent repository administrators from changing anonymous Git access settings for repositories on your enterprise by locking the repository's access settings. After you lock a repository's Git read access setting, only a site administrator can change the setting.
 
 {% data reusables.enterprise_site_admin_settings.list-of-repos-with-anonymous-git-read-access-enabled %}

content/admin/policies/enforcing-policies-for-your-enterprise/index.md

@@ -24,4 +24,3 @@ children:
   - /enforcing-policies-for-advanced-security-in-your-enterprise
 shortTitle: Enforce policies
 ---
-

content/admin/policies/index.md

@@ -4,7 +4,6 @@ intro: 'You can set policies in {% data variables.product.product_name %} to red
 redirect_from:
   - /enterprise/admin/developer-workflow
   - /enterprise/admin/policies
-  - /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account
 versions:
   ghec: '*'
   ghes: '*'
@@ -16,4 +15,3 @@ children:
   - /enforcing-policy-with-pre-receive-hooks
 shortTitle: Set policies
 ---
-

content/admin/user-management/managing-organizations-in-your-enterprise/index.md

@@ -9,6 +9,9 @@ redirect_from:
   - /github/setting-up-and-managing-your-enterprise-account/managing-organizations-in-your-enterprise-account
   - /github/setting-up-and-managing-your-enterprise/managing-organizations-in-your-enterprise-account
   - /admin/user-management/managing-organizations-in-your-enterprise/managing-unowned-organizations-in-your-enterprise
+  - /github/setting-up-and-managing-your-enterprise/managing-organizations-in-your-enterprise-account/managing-unowned-organizations-in-your-enterprise-account
+  - /github/setting-up-and-managing-your-enterprise-account/managing-unowned-organizations-in-your-enterprise-account
+  - /github/setting-up-and-managing-your-enterprise/managing-unowned-organizations-in-your-enterprise-account
 intro: 'Organizations are great for creating distinct groups of users within your company, such as divisions or groups working on similar projects. {% ifversion ghae %}Internal{% else %}Public and internal{% endif %} repositories that belong to an organization are accessible to members of other organizations in the enterprise, while private repositories are inaccessible to anyone but members of the organization that are granted access.'
 versions:
   ghec: '*'
@@ -31,4 +34,3 @@ children:
   - /continuous-integration-using-jenkins
 shortTitle: Manage organizations
 ---
-

content/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md

@@ -25,6 +25,10 @@ You can see all current enterprise members and enterprise administrators{% ifver
 
 You can view all the current enterprise owners{% ifversion ghec %} and billing managers{% endif %} for your enterprise.{% ifversion enterprise-membership-view-improvements %} You can see useful information about each administrator{% ifversion ghec %} and filter the list by role{% endif %}.{% endif %} You can find a specific person by searching for their username or display name.
 
+{% ifversion ghes > 3.5 %}
+Enterprise owners whose accounts are suspended are included in the list of enterprise administrators, and are identified as suspended. You should consider demoting any suspended owners you see. For more information, see "[Promoting or demoting a site administrator](/admin/user-management/managing-users-in-your-enterprise/promoting-or-demoting-a-site-administrator#demoting-a-site-administrator-from-the-enterprise-settings)."
+{% endif %}
+
 {% ifversion not ghae %}
 You can also remove an administrator. For more information. see "[Inviting people to manage your enterprise](/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise#removing-an-enterprise-administrator-from-your-enterprise-account)."
 {% endif %}

content/authentication/connecting-to-github-with-ssh/about-ssh.md

@@ -13,7 +13,12 @@ versions:
 topics:
   - SSH
 ---
-When you set up SSH, you will need to generate a new SSH key and add it to the ssh-agent. You must add the SSH key to your account on {% data variables.product.product_name %} before you use the key to authenticate. For more information, see "[Generating a new SSH key and adding it to the ssh-agent](/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)" and "[Adding a new SSH key to your {% data variables.product.prodname_dotcom %} account](/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account)."
+
+## About SSH
+
+{% data reusables.ssh.about-ssh %} For more information about SSH, see [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell) on Wikipedia.
+
+When you set up SSH, you will need to generate a new private SSH key and add it to the SSH agent. You must also add the public SSH key to your account on {% data variables.product.product_name %} before you use the key to authenticate. For more information, see "[Generating a new SSH key and adding it to the ssh-agent](/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)" and "[Adding a new SSH key to your {% data variables.product.prodname_dotcom %} account](/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account)."
 
 You can further secure your SSH key by using a hardware security key, which requires the physical hardware security key to be attached to your computer when the key pair is used to authenticate with SSH. You can also secure your SSH key by adding your key to the ssh-agent and using a passphrase. For more information, see "[Working with SSH key passphrases](/github/authenticating-to-github/working-with-ssh-key-passphrases)."
 

content/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account.md

@@ -14,9 +14,21 @@ topics:
   - SSH
 shortTitle: Add a new SSH key
 ---
-Before adding a new SSH key to your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %}, you should have:
-* [Checked for existing SSH keys](/articles/checking-for-existing-ssh-keys)
-* [Generating a new SSH key and adding it to the ssh-agent](/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)
+
+## About addition of SSH keys to your account
+
+{% data reusables.ssh.about-ssh %} For more information, see "[About SSH](/authentication/connecting-to-github-with-ssh/about-ssh)."
+
+After you generate an SSH key pair, you must add the public key to {% ifversion fpt or ghec or ghes %}{% data variables.product.product_location %}{% elsif ghae %}{% data variables.product.product_name %}{% endif %} to enable SSH access for your account.
+
+## Prerequisites
+
+Before adding a new SSH key to your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %}, complete the following steps.
+
+1. Check for existing SSH keys. For more information, see "[Checking for existing SSH keys](/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys)."
+1. Generate a new SSH key and add it to your machine's SSH agent. For more information, see "[Generating a new SSH key and adding it to the ssh-agent](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)."
+
+## Adding a new SSH key to your account
 
 After adding a new SSH key to your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %}, you can reconfigure any local repositories to use SSH. For more information, see "[Switching remote URLs from HTTPS to SSH](/github/getting-started-with-github/managing-remote-repositories/#switching-remote-urls-from-https-to-ssh)."
 

content/authentication/connecting-to-github-with-ssh/checking-for-existing-ssh-keys.md

@@ -15,6 +15,16 @@ topics:
 shortTitle: Check for existing SSH key
 ---
 
+## About SSH keys
+
+You can use SSH to perform Git operations in repositories on {% ifversion fpt or ghec or ghes %}{% data variables.product.product_location %}{% elsif ghae %}{% data variables.product.product_name %}{% endif %}. For more information, see "[About SSH](/authentication/connecting-to-github-with-ssh/about-ssh)."
+
+If you have an existing SSH key, you can use the key to authenticate Git operations over SSH.
+
+## Checking for existing SSH keys
+
+Before you generate a new SSH key, you should check your local machine for existing keys.
+
 {% data reusables.ssh.key-type-support %}
 
 {% data reusables.command_line.open_the_multi_os_terminal %}