New translation batch for cn (#30493)

Co-authored-by: Grace Park <gracepark@github.com>

translations/log/cn-resets.csv

@@ -20,6 +20,7 @@ translations/zh-CN/content/actions/learn-github-actions/usage-limits-billing-and
 translations/zh-CN/content/actions/managing-workflow-runs/removing-workflow-artifacts.md,broken liquid tags
 translations/zh-CN/content/actions/managing-workflow-runs/reviewing-deployments.md,Listed in localization-support#489
 translations/zh-CN/content/actions/security-guides/security-hardening-for-github-actions.md,broken liquid tags
+translations/zh-CN/content/actions/using-github-hosted-runners/using-larger-runners.md,rendering error
 translations/zh-CN/content/actions/using-workflows/reusing-workflows.md,rendering error
 translations/zh-CN/content/actions/using-workflows/storing-workflow-data-as-artifacts.md,broken liquid tags
 translations/zh-CN/content/actions/using-workflows/using-github-cli-in-workflows.md,broken liquid tags

translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/index.md

@@ -25,6 +25,7 @@ children:
   - /managing-the-default-branch-name-for-your-repositories
   - /managing-security-and-analysis-settings-for-your-personal-account
   - /managing-access-to-your-personal-accounts-project-boards
+  - /managing-your-cookie-preferences-for-githubs-enterprise-marketing-pages
   - /integrating-jira-with-your-personal-projects
   - /what-does-the-available-for-hire-checkbox-do
 shortTitle: 个人帐户设置

translations/zh-CN/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-your-cookie-preferences-for-githubs-enterprise-marketing-pages.md

@@ -0,0 +1,33 @@
+---
+title: Managing your cookie preferences for GitHub's enterprise marketing pages
+intro: 'You can control how {% data variables.product.company_short %} uses information from non-essential tracking cookies for enterprise marketing pages.'
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: '*'
+  ghec: '*'
+topics:
+  - Accounts
+shortTitle: Manage cookie preferences
+---
+
+## About cookie preferences on enterprise marketing pages
+
+{% data variables.product.company_short %} may use non-essential cookies on some enterprise marketing pages. You can customize how these cookies behave. For more information about how {% data variables.product.company_short %} uses cookies, see "[{% data variables.product.company_short %} Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-privacy-statement)."
+
+## Changing your cookie preferences
+
+You can customize how non-essential cookies behave on any {% data variables.product.company_short %} enterprise marketing page.
+
+1. Navigate to the {% data variables.product.company_short %} enterprise marketing page where you'd like to change your cookie preferences. For example, navigate to [{% data variables.product.company_short %} Resources](https://resources.github.com/).
+1. Scroll to the bottom of the page, then click **Manage Cookies**.
+
+   ![Screenshot of button to manage cookie settings.](/assets/images/help/settings/cookie-settings-manage.png)
+
+1. Under "Manage cookie preferences," to accept or reject each non-essential cookie, click **Accept** or **Reject**.
+
+   ![Screenshot of radio buttons to choose "Accept" or "Reject" for non-essential cookies.](/assets/images/help/settings/cookie-settings-accept-or-reject.png)
+
+1. 单击 **Save changes（保存更改）**。
+
+   ![Screenshot of button to save changes.](/assets/images/help/settings/cookie-settings-save.png)

translations/zh-CN/content/actions/hosting-your-own-runners/adding-self-hosted-runners.md

@@ -71,7 +71,7 @@ You can add self-hosted runners at the organization level, where they can be use
 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.org_settings %}
 {% data reusables.organizations.settings-sidebar-actions-runners %}
-1. Click **New runner**.
+{% ifversion actions-hosted-runners %}1. Click **New runner**, then click **New self-hosted runner**.{% else %}1. Click **New runner**.{% endif %}
 {% data reusables.actions.self-hosted-runner-configure %}
 {% elsif ghae or ghes < 3.4 %}
 {% data reusables.organizations.navigate-to-org %}

translations/zh-CN/content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md

@@ -9,215 +9,65 @@ versions:
   ghae: '*'
   ghec: '*'
 type: tutorial
-shortTitle: 管理对运行器的访问
+shortTitle: Using runner groups
 ---
 
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}
 
-## 关于自托管运行器组
+## About runner groups
 
-{% ifversion fpt %}
-{% note %}
-
-**注：**所有组织都有一个默认的自托管运行器组。 只有企业帐户和企业帐户拥有的组织才能创建和管理其他自托管的运行器组。
-
-{% endnote %}
-
-自托管运行器组用于控制对自托管运行器的访问。 组织管理员可以配置访问策略，用以控制组织中的哪些组织可以访问运行器组。
-如果您使用
-
-{% data variables.product.prodname_ghe_cloud %}，您可以创建额外的运行器组；企业管理员可以配置访问策略，控制企业中哪些组织可以访问运行器组；组织管理员可以为企业运行器组分配额外的细致仓库访问策略。 更多信息请参阅 [{% data variables.product.prodname_ghe_cloud %} 文档](/enterprise-cloud@latest/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups)。
-{% endif %}
+{% data reusables.actions.about-runner-groups %} {% ifversion fpt %}For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups).{% endif %}
 
 {% ifversion ghec or ghes or ghae %}
-自托管运行器组用于控制对组织和企业级自托管运行器的访问。 企业所有者可以配置访问策略来控制企业中哪些组织
-{% ifversion restrict-groups-to-workflows %}和工作流程{% endif %}可以访问运行器组。 组织所有者可以配置访问策略，以控制组织中哪些存储库{% ifversion restrict-groups-to-workflows %} 和工作流程{% endif %} 可以访问运行器组。
-
-当企业所有者授予组织对运行器组的访问权限时，组织所有者可以看到组织的自托管运行器设置中列出的运行器组。 然后，组织所有者可以为企业运行器组分配更细致的存储库{% ifversion restrict-groups-to-workflows %} 和工作流程{% endif %} 访问策略。
-
-新运行器在创建时，将自动分配给默认组。 运行器每次只能在一个组中。 您可以将运行器从默认组移到另一组。 更多信息请参阅“[将自托管运行器移动到组](#moving-a-self-hosted-runner-to-a-group)”。
 
 ## 为组织创建自托管的运行器组
 
-所有组织都有一个默认的自托管运行器组。 企业帐户中的组织可以创建其他自托管组。 组织管理员可以允许单个仓库访问运行器组。 有关如何使用 REST API 创建自托管运行器组的信息，请参阅“[自托管运行器组](/rest/reference/actions#self-hosted-runner-groups)”。
+{%- ifversion ghec or ghes %}
 
-自托管运行器在创建时会自动分配给默认组，并且每次只能成为一个组的成员。 您可以将运行器从默认组移到您创建的任何组。
+{% data reusables.actions.self-hosted-runner-security-admonition %}
 
-创建组时，必须选择一个策略，用于定义哪些存储库{% ifversion restrict-groups-to-workflows %} 和工作流程{% endif %} 有权访问运行器组。
+{%- endif %}
 
-{% ifversion ghec or ghes > 3.3 or ghae-issue-5091 %}
-{% data reusables.organizations.navigate-to-org %}
-{% data reusables.organizations.org_settings %}
-{% data reusables.organizations.settings-sidebar-actions-runner-groups %}
-1. 在“Runner groups（运行器组）”部分，单击 **New runner group（新运行器组）**。
-1. 为运行器组输入名称。
- {% data reusables.actions.runner-group-assign-policy-repo %}
-
-   {% warning %}
-
-   **警告：** {% indented_data_reference reusables.actions.self-hosted-runner-security spaces=3 %}
-
-   更多信息请参阅“[关于自托管运行器](/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)”。
-
-   {% endwarning %}
-{% data reusables.actions.runner-group-assign-policy-workflow %}{%- ifversion restrict-groups-to-workflows %} 组织拥有的运行器组无法访问企业中其他组织的工作流程；相反，您必须创建企业拥有的运行器组。{% endif %}
-{% data reusables.actions.self-hosted-runner-create-group %}
-{% elsif ghae or ghes < 3.4 %}
-{% data reusables.organizations.navigate-to-org %}
-{% data reusables.organizations.org_settings %}
-{% data reusables.organizations.settings-sidebar-actions-runner-groups %}
-1. 在 {% ifversion ghes or ghae %}“Runners（运行器）”{% endif %} 下，单击 **Add new（新增）**，然后单击 **New group（新建组）**。
-
-    ![添加运行器组](/assets/images/help/settings/actions-org-add-runner-group.png)
-1. 输入运行程序组的名称，并分配仓库访问策略。
-
-   您可以将运行器组配置为可供特定的存储库列表或组织中的所有存储库访问。{% ifversion ghec or ghes %} 默认情况下，只有私有存储库可以访问运行器组中的运行器，但您可以覆盖此操作。 如果配置企业共享的组织的运行组，则不能覆盖此设置。{% endif %}
-
-   {%- ifversion ghes %}
-   {% warning %}
-
-   **警告**：
-
-   {% indented_data_reference reusables.actions.self-hosted-runner-security spaces=3 %}
-
-   更多信息请参阅“[关于自托管运行器](/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)”。
-
-   {% endwarning %}
-   {%- endif %}
-
-   ![添加运行器组选项](/assets/images/help/settings/actions-org-add-runner-group-options.png)
-1. 单击 **Save group（保存组）**创建组并应用策略。
-{% endif %}
+{% data reusables.actions.creating-a-runner-group-for-an-organization %}
 
 ## 为企业创建自托管运行器组
 
-企业可以将其自托管的运行器添加到组以进行访问管理。 企业可以创建自托管运行器组，这些组可供企业帐户中的特定组织{% ifversion restrict-groups-to-workflows %} 或特定工作流程{% endif %} 访问。 然后，组织所有者可以为企业运行器组分配更细致的存储库{% ifversion restrict-groups-to-workflows %} 和工作流程{% endif %} 访问策略。 有关如何使用 REST API 创建自托管运行器组的信息，请参阅 [{% data variables.product.prodname_actions %} REST API](/rest/reference/actions#self-hosted-runner-groups) 中的企业端点。
+ {%- ifversion ghec or ghes %}
 
-自托管运行器在创建时会自动分配给默认组，并且每次只能成为一个组的成员。 您可以在注册过程中将运行器分配给特定组，也可以稍后将运行器从默认组移到自定义组。
+{% data reusables.actions.self-hosted-runner-security-admonition %}
 
-创建组时，必须选择用于定义哪些组织有权访问运行器组的策略。
+{%- endif %}
 
-{% data reusables.actions.self-hosted-runner-groups-add-to-enterprise-first-steps %}
-1. 要为组织访问选择策略，请选择 **Organization access（组织访问）**下拉列表，然后单击一个策略。 您可以将运行器组配置为可供特定组织列表或企业中的所有组织访问。{% ifversion ghes %} 默认情况下，只有私有存储库可以访问运行器组中的运行器，但您可以覆盖此操作。{% endif %}
-
-   {%- ifversion ghec or ghes %}
-   {% warning %}
-
-   **警告**：
-
-   {% indented_data_reference reusables.actions.self-hosted-runner-security spaces=3 %}
-
-   更多信息请参阅“[关于自托管运行器](/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)”。
-
-   {% endwarning %}
-   {%- endif %}
-   {%- ifversion ghec or ghes %}
-
-   ![添加运行器组选项](/assets/images/help/settings/actions-enterprise-account-add-runner-group-options.png)
-   {%- elsif ghae %}
-
-   ![添加运行器组选项](/assets/images/help/settings/actions-enterprise-account-add-runner-group-options-ae.png)
-   {%- endif %}
-{% data reusables.actions.runner-group-assign-policy-workflow %}
-1. 单击 **Save group（保存组）**创建组并应用策略。
+{% data reusables.actions.creating-a-runner-group-for-an-enterprise %}
 
 {% endif %}
 
 ## 更改自托管运行器组的访问策略
 
-对于企业中的运行器组，您可以更改企业中可以访问运行器组的组织{% ifversion restrict-groups-to-workflows %} 或限制运行器组可以运行的工作流程{% endif %}。 对于组织中的运行器组，您可以更改组织中可以访问运行器组的存储库{% ifversion restrict-groups-to-workflows %} 或限制运行器组可以运行的工作流程{% endif %}。
+{%- ifversion fpt or ghec or ghes %}
 
-### 更改可以访问运行器组的组织或存储库
+{% data reusables.actions.self-hosted-runner-security-admonition %}
 
-{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5091 %}
-{% data reusables.actions.self-hosted-runner-groups-navigate-to-repo-org-enterprise %}
-{% data reusables.actions.settings-sidebar-actions-runner-groups-selection %}
-1. 对于企业中的运行器组，在 **Organization access（组织访问）**下，修改可以访问运行器组的组织。 对于组织中的运行器组，在 **Repository access（存储库访问）**下，修改可以访问运行器组的存储库。
+{%- endif %}
 
-   {%- ifversion fpt or ghec or ghes %}
-   {% warning %}
-
-   **警告**：
-
-   {% indented_data_reference reusables.actions.self-hosted-runner-security spaces=3 %}
-
-   更多信息请参阅“[关于自托管运行器](/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)”。
-
-   {% endwarning %}
-   {%- endif %}
-{% elsif ghae or ghes < 3.4 %}
-{% data reusables.actions.self-hosted-runner-configure-runner-group-access %}
-{% endif %}
-
-{% ifversion restrict-groups-to-workflows %}
-### 更改可以访问运行器组的工作流程
-您可以将自托管运行器组配置为运行选定的工作流程或所有工作流程。 例如，可以使用此设置来保护存储在自托管运行器上的机密，或者通过将运行器组限制为仅运行特定的可重用工作流程来标准化部署工作流程。 如果配置企业共享的组织的运行组，则不能覆盖此设置。
-{% data reusables.actions.self-hosted-runner-groups-navigate-to-repo-org-enterprise %}
-{% data reusables.actions.settings-sidebar-actions-runner-groups-selection %}
-1. 在 **Workflow access（工作流程访问）**下，选择下拉菜单，然后单击 **Selected workflows（选定的工作流程）**。
-1. 单击 {% octicon "gear" aria-label="the gear icon" %}。
-1. 输入以逗号分隔的可访问运行器组的工作流程列表。 使用完整路径，包括存储库名称和所有者。 将工作流程固定到分支、标记或完整 SHA。 例如：`octo-org/octo-repo/.github/workflows/build.yml@v2, octo-org/octo-repo/.github/workflows/deploy.yml@d6dc6c96df4f32fa27b039f2084f576ed2c5c2a5, monalisa/octo-test/.github/workflows/test.yml@main`。
-
-   只有直接在所选工作流程中定义的作业才能访问运行器组。
-
-   组织拥有的运行器组无法访问企业中其他组织的工作流程。相反，您必须创建企业拥有的运行器组。
-
-1. 单击 **Save（保存）**。
-
-{% endif %}
+{% data reusables.actions.changing-the-access-policy-of-a-runner-group %}
 
 ## 更改运行器组的名称
 
-{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5091 %}
-{% data reusables.actions.self-hosted-runner-groups-navigate-to-repo-org-enterprise %}
-{% data reusables.actions.settings-sidebar-actions-runner-groups-selection %}
-1. 更改运行器组名称。
-
-{% elsif ghae or ghes < 3.4 %}
-{% data reusables.actions.self-hosted-runner-configure-runner-group %}
-1. 更改运行器组名称。
-{% endif %}
+{% data reusables.actions.changing-the-name-of-a-runner-group %}
 
 {% ifversion ghec or ghes or ghae %}
 ## 自动向组添加自托管运行器
 
-您可以使用配置脚本自动向组添加新的自托管运行器。 例如， 此命令将注册一个新的自托管运行器，并使用 `--runnergroup` 参数将其添加到名为 `rg-runnergroup` 的组。
-
-```sh
-./config.sh --url $org_or_enterprise_url --token $token --runnergroup rg-runnergroup
-```
-
-如果运行器组不存在，命令将失败：
-
-```
-找不到名为 "rg-runnergroup" 的任何自托管运行器组。
-```
+{% data reusables.actions.automatically-adding-a-runner-to-a-group %}
 
 ## 将自托管的运行器移动到组
 
-如果您在注册过程中没有指定运行器组，新的自托管运行器将自动分配到默认组，然后可以移到另一个组。
-
-{% data reusables.actions.self-hosted-runner-navigate-to-org-enterprise %}
-{% ifversion ghec or ghes > 3.3 or ghae-issue-5091 %}
-1. 在“Runners（运行器）”列表中，单击您要配置的运行器。
-2. 选择 **Runner group（运行器组）**下拉列表。
-3. 在“Move runner to group（将运行器移动到组）”中，选择运行器的目的地组。
-{% elsif ghae or ghes < 3.4 %}
-1. 在设置页面的 {% ifversion ghes or ghae %} Runner groups（运行器组）{% endif %} 部分，找到要移动的运行器的当前组，并展开组成员列表。 ![查看运行器组成员](/assets/images/help/settings/actions-org-runner-group-members.png)
-2. 选中自托管运行器旁边的复选框，然后单击 **Move to group（移动到组）**以查看可用的目的地。 ![运行器组成员移动](/assets/images/help/settings/actions-org-runner-group-member-move.png)
-3. 要移动运行器，请单击目标组。 ![运行器组成员移动](/assets/images/help/settings/actions-org-runner-group-member-move-destination.png)
-{% endif %}
+{% data reusables.actions.moving-a-runner-to-a-group %}
 
 ## 删除自托管运行器组
 
-自托管运行器在其组被删除时将自动返回到默认组。
-
-{% ifversion ghes or ghae or ghec %}
-{% data reusables.actions.self-hosted-runner-groups-navigate-to-repo-org-enterprise %}
-1. 在组列表中，在要删除的组右侧，单击 {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}。
-2. 要删除组，请单击 **Remove group（删除组）**。
-3. 查看确认提示，然后单击 **Remove this runner group（删除此运行器组）**。
+{% data reusables.actions.removing-a-runner-group %}
 
 {% endif %}
-{% endif %}

translations/zh-CN/content/actions/learn-github-actions/understanding-github-actions.md

@@ -2,6 +2,7 @@
 title: 了解 GitHub Actions
 shortTitle: 了解 GitHub Actions
 intro: '学习 {% data variables.product.prodname_actions %} 的基础知识，包括核心概念和基本术语。'
+miniTocMaxHeadingLevel: 3
 redirect_from:
   - /github/automating-your-workflow-with-github-actions/core-concepts-for-github-actions
   - /actions/automating-your-workflow-with-github-actions/core-concepts-for-github-actions
@@ -82,7 +83,7 @@ _操作_是 {% data variables.product.prodname_actions %} 平台的自定义应
 
 ### 运行器
 
-{% data reusables.actions.about-runners %} 每个运行器一次可以运行一个作业。 {% ifversion ghes or ghae %} 您必须为 {% data variables.product.product_name %} 托管自己的运行器。 {% elsif fpt or ghec %}{% data variables.product.company_short %} 提供 Ubuntu Linux、Microsoft Windows 和 macOS 运行器来运行您的工作流程；每个工作流程运行都在新预配的全新虚拟机中执行。 如果您需要不同的操作系统或需要特定的硬件配置，则可以托管自己的运行器。{% endif %} 有关{% ifversion fpt or ghec %} 自托管运行器{% endif %} 的更多信息，请参阅“[托管您自己的运行器](/actions/hosting-your-own-runners)”。
+{% data reusables.actions.about-runners %} 每个运行器一次可以运行一个作业。 {% ifversion ghes or ghae %} 您必须为 {% data variables.product.product_name %} 托管自己的运行器。 {% elsif fpt or ghec %}{% data variables.product.company_short %} 提供 Ubuntu Linux、Microsoft Windows 和 macOS 运行器来运行您的工作流程；每个工作流程运行都在新预配的全新虚拟机中执行。 {% ifversion actions-hosted-runners %} {% data variables.product.prodname_dotcom %} also offers {% data variables.actions.hosted_runner %}s, which are available in larger configurations. For more information, see "[Using {% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/using-larger-runners)." {% endif %}If you need a different operating system or require a specific hardware configuration, you can host your own runners.{% endif %} For more information{% ifversion fpt or ghec %} about self-hosted runners{% endif %}, see "[Hosting your own runners](/actions/hosting-your-own-runners)."
 
 {% data reusables.actions.workflow-basic-example-and-explanation %}
 

translations/zh-CN/content/actions/using-github-hosted-runners/about-github-hosted-runners.md

@@ -86,6 +86,15 @@ jobs:
 
 ## 支持的运行器和硬件资源
 
+{% ifversion actions-hosted-runners %}
+
+{% note %}
+
+**Note**: {% data variables.product.prodname_dotcom %} also offers {% data variables.actions.hosted_runner %}s, which are available in larger configurations. For more information, see "[Using {% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/using-larger-runners)."
+
+{% endnote %}
+{% endif %}
+
 Windows 和 Linux 虚拟机的硬件规格：
 - 2 核 CPU (x86_64)
 - 7 GB RAM

translations/zh-CN/content/actions/using-github-hosted-runners/controlling-access-to-larger-runners.md

@@ -0,0 +1,50 @@
+---
+title: Controlling access to larger runners
+intro: '您可以使用策略来限制对已添加到组织或企业的 {% data variables.actions.hosted_runner %} 的访问。'
+product: '{% data reusables.gated-features.hosted-runners %}'
+versions:
+  feature: actions-hosted-runners
+type: tutorial
+shortTitle: 'Controlling access to {% data variables.actions.hosted_runner %}s'
+---
+
+{% data reusables.actions.enterprise-beta %}
+{% data reusables.actions.enterprise-github-hosted-runners %}
+
+## About runner groups
+
+{% data reusables.actions.about-runner-groups %} {% ifversion fpt %}For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/actions/using-github-hosted-runners/controlling-access-to-larger-runners).{% endif %}
+
+{% ifversion ghec or ghes or ghae %}
+
+## Creating a runner group for an organization
+
+{% data reusables.actions.hosted-runner-security-admonition %}
+{% data reusables.actions.creating-a-runner-group-for-an-organization %}
+
+## Creating a runner group for an enterprise
+
+{% data reusables.actions.hosted-runner-security-admonition %}
+{% data reusables.actions.creating-a-runner-group-for-an-enterprise %}
+
+{% endif %}
+
+## Changing the access policy of a runner group
+
+{% data reusables.actions.hosted-runner-security-admonition %}
+{% data reusables.actions.changing-the-access-policy-of-a-runner-group %}
+
+## 更改运行器组的名称
+
+{% data reusables.actions.changing-the-name-of-a-runner-group %}
+
+{% ifversion ghec or ghes or ghae %}
+## Moving a runner to a group
+
+{% data reusables.actions.moving-a-runner-to-a-group %}
+
+## Removing a runner group
+
+{% data reusables.actions.removing-a-runner-group %}
+
+{% endif %}

translations/zh-CN/content/actions/using-github-hosted-runners/index.md

@@ -7,6 +7,8 @@ versions:
   ghes: '*'
 children:
   - /about-github-hosted-runners
+  - /using-larger-runners
+  - /controlling-access-to-larger-runners
   - /monitoring-your-current-jobs
   - /customizing-github-hosted-runners
   - /connecting-to-a-private-network

translations/zh-CN/content/actions/using-github-hosted-runners/using-larger-runners.md

@@ -0,0 +1,135 @@
+---
+title: Using larger runners
+intro: '{% data variables.product.prodname_dotcom %} offers larger runners with more RAM and CPU.'
+miniTocMaxHeadingLevel: 3
+product: '{% data reusables.gated-features.hosted-runners %}'
+versions:
+  feature: 'actions-hosted-runners'
+shortTitle: Using {% data variables.actions.hosted_runner %}s
+---
+
+## Overview of {% data variables.actions.hosted_runner %}s
+
+In addition to the [standard {% data variables.product.prodname_dotcom %}-hosted runners](/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources), {% data variables.product.prodname_dotcom %} also offers customers on {% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %} plans a range of {% data variables.actions.hosted_runner %}s with more RAM and CPU. These runners are hosted by {% data variables.product.prodname_dotcom %} and have the runner application and other tools preinstalled.
+
+When you add a {% data variables.actions.hosted_runner %} to an organization, you are defining a type of machine from a selection of available hardware specifications and operating system images. {% data variables.product.prodname_dotcom %} will then create multiple instances of this runner that scale up and down to match the job demands of your organization, based on the autoscaling limits you define.
+
+## Architectural overview of {% data variables.actions.hosted_runner %}s
+
+The {% data variables.actions.hosted_runner %}s are managed at the organization level, where they are arranged into groups that can contain multiple instances of the runner. They can also be created at the enterprise level and shared with organizations in the hierarchy. Once you've created a group, you can then add a runner to the group and update your workflows to target the label assigned to the {% data variables.actions.hosted_runner %}. You can also control which repositories are permitted to send jobs to the group for processing. For more information about groups, see "[Controlling access to {% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/controlling-access-to-larger-runners)."
+
+In the following diagram, a class of hosted runner named `ubuntu-20.04-16core` has been defined with customized hardware and operating system configuration.
+
+![Diagram explaining {% data variables.actions.hosted_runner %}](/assets/images/hosted-runner.png)
+
+1. Instances of this runner are automatically created and added to a group called `ubuntu-20.04-16core`. 
+2. The runners have been assigned the label `ubuntu-20.04-16core`. 
+3. Workflow jobs use the `ubuntu-20.04-16core` label in their `runs-on` key to indicate the type of runner they need to execute the job.
+4. {% data variables.product.prodname_actions %} checks the runner group to see if your repository is authorized to send jobs to the runner.
+5. The job runs on the next available instance of the `ubuntu-20.04-16core` runner.
+
+## Autoscaling {% data variables.actions.hosted_runner %}s
+
+Your {% data variables.actions.hosted_runner %}s can be configured to automatically scale to suit your needs. When jobs are submitted for processing, more machines can be automatically provisioned to run the jobs, until reaching a pre-defined maximum limit. Each machine only handles one job at a time, so these settings effectively determine the number of jobs that can be run concurrently. 
+
+During the runner deployment process, you can configure the _Max_ option, which allows you to control your costs by setting the maximum parallel number of machines that are created in this set. A higher value here can help avoid workflows being blocked due to parallelism.
+
+## Networking for {% data variables.actions.hosted_runner %}s
+
+By default, {% data variables.actions.hosted_runner %}s receive a dynamic IP address that changes for each job run. Optionally, {% data variables.product.prodname_ghe_cloud %} customers can configure their {% data variables.actions.hosted_runner %}s to receive a static IP address from {% data variables.product.prodname_dotcom %}'s IP address pool. When enabled, instances of the {% data variables.actions.hosted_runner %} will receive an address from a range that is unique to the runner, allowing you to use this range to configure a firewall allowlist. You can use up to 10 static IP address ranges in total across all your {% data variables.actions.hosted_runner %}s.
+
+{% note %}
+
+**Note**: If runners are unused for more than 30 days, their IP address ranges are automatically removed and cannot be recovered.
+
+{% endnote %}
+
+## Planning for {% data variables.actions.hosted_runner %}s
+
+### Create a runner group
+
+Runner groups are used to collect sets of virtual machines and create a security boundary around them. You can then decide which organizations or repositories are permitted to run jobs on those sets of machines. During the {% data variables.actions.hosted_runner %} deployment process, the runner can be added to an existing group, or otherwise it will join a default group. You can create a group by following the steps in "[Controlling access to {% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/controlling-access-to-larger-runners)."
+
+### Understanding billing
+
+Compared to standard {% data variables.product.prodname_dotcom %}-hosted runners, {% data variables.actions.hosted_runner %}s are billed differently. For more information, see "[Per-minute rates](/billing/managing-billing-for-github-actions/about-billing-for-github-actions#per-minute-rates)".
+
+## Adding a {% data variables.actions.hosted_runner %} to an enterprise
+
+You can add {% data variables.actions.hosted_runner %}s to an enterprise, where they can be assigned to multiple organizations. The organization admins can then control which repositories can use the runners. To add a {% data variables.actions.hosted_runner %} to an enterprise, you must be an enterprise owner.
+
+{% data reusables.actions.add-hosted-runner-overview %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.actions-tab %}
+{% data reusables.enterprise-accounts.actions-runners-tab %}
+{% data reusables.actions.add-hosted-runner %}
+1. To allow organizations to access your {% data variables.actions.hosted_runner %}s, you specify the list of organizations that can use it. For more information, see "[Managing access to your runners](#managing-access-to-your-runners)."
+
+## Adding a {% data variables.actions.hosted_runner %} to an organization
+
+You can add a {% data variables.actions.hosted_runner %} to an organization, where the organization admins can control which repositories can use it. 
+
+{% data reusables.actions.add-hosted-runner-overview %}
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.org_settings %}
+{% data reusables.organizations.settings-sidebar-actions-runners %}
+{% data reusables.actions.add-hosted-runner %}
+1. To allow repositories to access your {% data variables.actions.hosted_runner %}s, add them to the list of repositories that can use it. For more information, see "[Managing access to your runners](#managing-access-to-your-runners)."
+
+## Running jobs on your runner
+
+Once your runner type has been been defined, you can update your workflows to send jobs to the runner instances for processing. In this example, a runner group is populated with Ubuntu 16-core runners, which have been assigned the label `ubuntu-20.04-16core`. If you have a runner matching this label, the `check-bats-version` job then uses the `runs-on` key to target that runner whenever the job is run:
+
+```yaml
+name: learn-github-actions
+on: [push]
+jobs:
+  check-bats-version:
+    runs-on: ubuntu-20.04-16core
+    steps:
+      - uses: {% data reusables.actions.action-checkout %}
+      - uses:{% data reusables.actions.action-setup-node %}
+        with:
+          node-version: '14'
+      - run: npm install -g bats
+      - run: bats -v
+```
+
+## Managing access to your runners
+
+{% note %}
+
+**Note**: Before your workflows can send jobs to {% data variables.actions.hosted_runner %}s, you must first configure permissions for the runner group. See the following sections for more information.
+
+{% endnote %}
+
+Runner groups are used to control which repositories can run jobs on your {% data variables.actions.hosted_runner %}s. You must grant access to the group from each level of the management hierarchy, depending on where you've defined the {% data variables.actions.hosted_runner %}:
+
+- **Runners at the enterprise level**: Configure the runner group to grant access to all the required organizations. In addition, for each organization, you must configure the group to specify which repositories are allowed access.
+- **Runners at the organization level**: Configure the runner group by specifying which repositories are allowed access.
+
+For example, the following diagram has a runner group named `grp-ubuntu-20.04-16core` at the enterprise level. Before the repository named `octo-repo` can use the runners in the group, you must first configure the group at the enterprise level to allow access from the `octo-org` organization; you must then configure the group at the organization level to allow access from `octo-repo`:
+
+![Diagram explaining {% data variables.actions.hosted_runner %} groups](/assets/images/hosted-runner-mgmt.png)
+
+### Allowing repositories to access a runner group
+
+This procedure demonstrates how to configure group permissions at the enterprise and organization levels:
+
+{% data reusables.actions.runner-groups-navigate-to-repo-org-enterprise %}
+{% data reusables.actions.settings-sidebar-actions-runner-groups-selection %}
+  - For runner groups in an enterprise: under **Organization access**, modify which organizations can access the runner group.
+  - For runner groups in an organization: under **Repository access**, modify which repositories can access the runner group.
+
+{% warning %}
+
+**Warning**:
+
+{% data reusables.actions.hosted-runner-security %}
+
+For more information, see "[Controlling access to {% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/controlling-access-to-larger-runners)."
+
+{% endwarning %}

translations/zh-CN/content/actions/using-workflows/reusing-workflows.md

@@ -23,7 +23,7 @@ topics:
 
 Rather than copying and pasting from one workflow to another, you can make workflows reusable. You and anyone with access to the reusable workflow can then call the reusable workflow from another workflow.
 
-Reusing workflows avoids duplication. This makes workflows easier to maintain and allows you to create new workflows more quickly by building on the work of others, just as you do with actions. Workflow reuse also promotes best practice by helping you to use workflows that are well designed, have already been tested, and have been proved to be effective. Your organization can build up a library of reusable workflows that can be centrally maintained.
+Reusing workflows avoids duplication. This makes workflows easier to maintain and allows you to create new workflows more quickly by building on the work of others, just as you do with actions. Workflow reuse also promotes best practice by helping you to use workflows that are well designed, have already been tested, and have been proven to be effective. Your organization can build up a library of reusable workflows that can be centrally maintained.
 
 The diagram below shows three build jobs on the left of the diagram. After each of these jobs completes successfully a dependent job called "Deploy" runs. This job calls a reusable workflow that contains three jobs: "Staging", "Review", and "Production." The "Production" deployment job only runs after the "Staging" job has completed successfully. Using a reusable workflow to run deployment jobs allows you to run those jobs for each build without duplicating code in workflows.
 
@@ -127,7 +127,7 @@ You can define inputs and secrets, which can be passed from the caller workflow
        runs-on: ubuntu-latest
        environment: production
        steps:
-         - uses: ./.github/workflows/my-action
+         - uses: octo-org/my-action@v1
            with:
              username: ${{ inputs.username }}
              token: ${{ secrets.envPAT }}
@@ -168,12 +168,13 @@ jobs:
     name: Pass input and secrets to my-action
     runs-on: ubuntu-latest
     steps:
-      - uses: ./.github/workflows/my-action
+      - uses: octo-org/my-action@v1
         with:
           username: ${{ inputs.username }}
           token: ${{ secrets.token }}
 ```
 {% endraw %}
+
 {% ifversion actions-reusable-workflow-matrix %}
 ## Using a matrix strategy with a reusable workflow
 

translations/zh-CN/content/actions/using-workflows/workflow-commands-for-github-actions.md

@@ -329,6 +329,12 @@ Write-Output "::add-mask::Mona The Octocat"
 
 {% endpowershell %}
 
+{% warning %}
+
+**Warning:** Make sure you register the secret with 'add-mask' before outputting it in the build logs or using it in any other workflow commands.
+
+{% endwarning %}
+
 ### 示例：屏蔽环境变量
 
 当您在日志中打印变量 `MY_NAME` 或值 `"Mona The Octocat"` 时，您将看到 `"***"` 而不是 `"Mona The Octocat"`。

translations/zh-CN/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md

@@ -0,0 +1,52 @@
+---
+title: Configuring dependency review for your appliance
+shortTitle: 配置依赖项审查
+intro: 'To helps users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.product.product_location %}.'
+product: '{% data reusables.gated-features.dependency-review %}'
+miniTocMaxHeadingLevel: 3
+versions:
+  feature: dependency-review-action-ghes
+type: how_to
+topics:
+  - Advanced Security
+  - Enterprise
+  - Dependency review
+  - Security
+---
+
+{% data reusables.dependency-review.beta %}
+
+## 关于依赖项审查
+
+{% data reusables.dependency-review.feature-overview %}
+
+Some additional features, such as license checks, blocking of pull requests, and CI/CD integration, are available with the [dependency review action](https://github.com/actions/dependency-review-action).
+
+## 检查您的许可是否包含 {% data variables.product.prodname_GH_advanced_security %}
+
+{% data reusables.advanced-security.check-for-ghas-license %}
+
+## Prerequisites for dependency review
+
+- A license for {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghes %} (see "[About billing for {% data variables.product.prodname_GH_advanced_security %}](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)").{% endif %}
+
+- The dependency graph enabled for the instance. Site administrators can enable the dependency graph via the management console or the administrative shell (see "[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)").
+
+- {% data variables.product.prodname_github_connect %} enabled to download and synchronize vulnerabilities from the {% data variables.product.prodname_advisory_database %}. This is usually configured as part of setting up {% data variables.product.prodname_dependabot %} (see "[Enabling Dependabot for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)").
+
+## Enabling and disabling dependency review
+
+To enable or disable dependency review, you need to enable or disable the dependency graph for your instance.
+
+更多信息请参阅“[为企业启用依赖关系图](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)”。
+
+## Running dependency review using {% data variables.product.prodname_actions %}
+
+{% data reusables.dependency-review.dependency-review-action-beta-note %}
+
+The dependency review action is included in your installation of {% data variables.product.prodname_ghe_server %}. It is available for all repositories that have {% data variables.product.prodname_GH_advanced_security %} and dependency graph enabled.
+
+{% data reusables.dependency-review.dependency-review-action-overview %}
+
+Users run the dependency review action using a {% data variables.product.prodname_actions %} workflow. If you have not already set up runners for {% data variables.product.prodname_actions %}, you must do this to enable users to run workflows. 您可以在仓库、组织或企业帐户级别预配自托管运行器。 For information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners)" and "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
+

translations/zh-CN/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/index.md

@@ -14,6 +14,7 @@ topics:
 children:
   - /enabling-github-advanced-security-for-your-enterprise
   - /configuring-code-scanning-for-your-appliance
+  - /configuring-dependency-review-for-your-appliance
   - /configuring-secret-scanning-for-your-appliance
 ---
 

translations/zh-CN/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md

@@ -23,7 +23,7 @@ topics:
 
 ## 通过 {% data variables.enterprise.management_console %} 启用依赖关系图
 
-如果您的 {% data variables.product.product_location %} 使用群集，则无法使用 {% data variables.enterprise.management_console %} 启用依赖关系图，而必须改用管理 shell。 更多信息请参阅“[通过管理 shell 启用依赖关系图](#enabling-the-dependency-graph-via-the-administrative-shell)”。
+If {% data variables.product.product_location %} uses clustering, you cannot enable the dependency graph with the {% data variables.enterprise.management_console %} and must use the administrative shell instead. 更多信息请参阅“[通过管理 shell 启用依赖关系图](#enabling-the-dependency-graph-via-the-administrative-shell)”。
 
 {% data reusables.enterprise_site_admin_settings.sign-in %}
 {% data reusables.enterprise_site_admin_settings.access-settings %}

translations/zh-CN/content/admin/configuration/configuring-network-settings/configuring-a-hostname.md

@@ -19,6 +19,8 @@ topics:
 
 {% data variables.enterprise.management_console %} 中的主机名设置应设置为合适的完全限定域名 (FQDN)，此域名可在互联网上或您的内部网络内解析。 例如，您的主机名设置可能是 `github.companyname.com。` Web 和 API 请求将自动重定向到 {% data variables.enterprise.management_console %} 中配置的主机名。 请注意，`localhost` 不是有效的主机名设置。
 
+Hostnames must be less than 63 characters in length per [Section 2.3.4 of the Domain Names Specification RFC](https://datatracker.ietf.org/doc/html/rfc1035#section-2.3.4).
+
 配置主机名后，可以启用子域隔离以进一步提高 {% data variables.product.product_location %} 的安全性。 更多信息请参阅“[启用子域隔离](/enterprise/admin/guides/installation/enabling-subdomain-isolation/)”。
 
 有关支持的主机名类型的详细信息，请参阅 [HTTP RFC 2.1 节](https://tools.ietf.org/html/rfc1123#section-2)。

translations/zh-CN/content/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications.md

@@ -78,6 +78,14 @@ shortTitle: 配置电子邮件通知
 
 您可以对所有传入的 SMTP 连接强制实施 TLS 加密，这有助于满足 ISO-27017 认证要求。
 
+{%- ifversion ghes = 3.6 %}
+{% note %}
+
+**Note**: Enforcement of TLS for SMTP connections is unavailable in {% data variables.product.product_name %} 3.6.0. The feature will be available in an upcoming release.
+
+{% endnote %}
+{%- endif %}
+
 {% data reusables.enterprise_site_admin_settings.email-settings %}
 1. 在“Authentication（身份验证）”下，选择 **Enforce TLS auth (recommended)（强制实施 TLS 身份验证[推荐]）**。
 

translations/zh-CN/content/admin/configuration/configuring-your-enterprise/site-admin-dashboard.md

@@ -131,46 +131,49 @@ Key             | Description
 {% ifversion ghes %}
 ## Indexing
 
-GitHub's [code search][] features are powered by [ElasticSearch][]. This section of the site admin dashboard shows you the current status of your ElasticSearch cluster and provides you with several tools to control the behavior of searching and indexing. These tools are split into the following three categories.
+GitHub's search features are powered by Elasticsearch. This section of the site admin dashboard shows you the current status of your Elasticsearch cluster and provides you with several tools to control search and index behavior.
 
-  [Code Search]: https://github.com/blog/1381-a-whole-new-code-search
-  [ElasticSearch]: http://www.elasticsearch.org/
+For more information about code search, see "[Searching for information on {% data variables.product.prodname_dotcom %}](/search-github)." For more information about Elasticsearch, see the [Elasticsearch website](https://elastic.co).
+
+{% note %}
+
+**Note**: In normal use, site administrators do not need to create new indices or schedule repair jobs. For troubleshooting or other support purposes, {% data variables.contact.github_support %} may instruct you to run a repair job.
+
+{% endnote %}
+
+### Index management
+
+{% data variables.product.product_name %} reconciles the state of the search index with data on the instance automatically and regularly.
+
+- Issues, pull requests, repositories, and users in the database
+- Git repositories (source code) on disk
+
+Your instance uses repair jobs to reconcile the data, and schedules a repair job in the background when the following events occur.
+
+- A new search index is created.
+- Missing data needs to be backfilled.
+- Old search data needs to be updated.
+
+You can create a new index, or you can click on an existing index in the list to manage the index. You can perform the following operations on an index.
+
+- Make the index searchable.
+- Make the index writable.
+- Update the index.
+- Delete the index
+- Reset the index repair state.
+- Start a new index repair job.
+- Enable or disable index repair jobs.
+
+A progress bar shows the current status of a repair job across background workers. The bar is the percentage difference of the repair offset with the highest record ID in the database. You can ignore the value shown in the progress bar after a repair job has completed. The progress bar shows the difference between the repair offset and the highest record ID in the database, and will decrease as more repositories are added to {% data variables.product.product_location %} even though those repositories are actually indexed.
+
+To minimize the effects on I/O performance and reduce the chances of operations timing out, run the repair job during off-peak hours. As the job reconciles the search index with database and Git repository data, one CPU will be used. Monitor your system's load averages and CPU usage with a utility like `top`. If you don't notice any significant increase in resource consumption, it should also be safe to run an index repair job during peak hours.
+
+Repair jobs use a "repair offset" for parallelization. This is an offset into the database table for the record being reconciled. Multiple background jobs can synchronize work based on this offset.
 
 ### Code search
 
 This allows you to enable or disable both search and index operations on source code.
 
-### Code search index repair
-
-This controls how the code search index is repaired. You can
-
-- enable or disable index repair jobs
-- start a new index repair job
-- reset all index repair state
-
-{% data variables.product.prodname_enterprise %} uses repair jobs to reconcile the state of the search index with data stored in a database (issues, pull requests, repositories, and users) and data stored in Git repositories (source code). This happens when
-
-- a new search index is created;
-- missing data needs to be backfilled; or
-- old search data needs to be updated.
-
-In other words, repair jobs are started as needed and run in the background—they are not scheduled by site admins in any way.
-
-Furthermore, repair jobs use a "repair offset" for parallelization. This is an offset into the database table for the record being reconciled. Multiple background jobs can synchronize work based on this offset.
-
-A progress bar shows the current status of a repair job across all of its background workers. It is the percentage difference of the repair offset with the highest record ID in the database. Don't worry about the value shown in the progress bar after a repair job has completed: because it shows the difference between the repair offset and the highest record ID in the database, it will decrease as more repositories are added to {% data variables.product.product_location %} even though those repositories are actually indexed.
-
-You can start a new code-search index repair job at any time. It will use a single CPU as it reconciles the search index with database and Git repository data. To minimize the effects this will have on I/O performance and reduce the chances of operations timing out, try to run a repair job during off-peak hours first. Monitor your system's load averages and CPU usage with a utility like `top`; if you don't notice any significant changes, it should be safe to run an index repair job during peak hours, as well.
-
-### Issues index repair
-
-This controls how the [Issues][] index is repaired. You can
-
-  [Issues]: https://github.com/blog/831-issues-2-0-the-next-generation
-
-- enable or disable index repair jobs
-- start a new index repair job
-- reset all index repair state
 {% endif %}
 ## Reserved logins
 

translations/zh-CN/content/admin/enterprise-management/configuring-high-availability/initiating-a-failover-to-your-replica-appliance.md

@@ -15,7 +15,7 @@ topics:
 shortTitle: 启动故障转移到设备
 ---
 
-故障转移所需的时间取决于手动升级副本和重定向流量所需的时长。 平均时间范围为 2-10 分钟。
+故障转移所需的时间取决于手动升级副本和重定向流量所需的时长。 平均时间范围为 20-30 分钟。
 
 {% data reusables.enterprise_installation.promoting-a-replica %}
 

translations/zh-CN/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md

@@ -83,7 +83,7 @@ You can create a runner group to manage access to the runner that you added to y
 
 {% data variables.product.product_name %} adds all new runners to a group. Runners can be in one group at a time. By default, {% data variables.product.product_name %} adds new runners to the "Default" group.
 
-{% data reusables.actions.self-hosted-runner-groups-add-to-enterprise-first-steps %}
+{% data reusables.actions.runner-groups-add-to-enterprise-first-steps %}
 1. To choose a policy for organization access, under "Organization access", select the **Organization access** drop-down, and click **Selected organizations**.
 1. To the right of the drop-down with the organization access policy, click {% octicon "gear" aria-label="The Gear icon" %}.
 1. Select the organizations you'd like to grant access to the runner group.
@@ -100,7 +100,7 @@ You can create a runner group to manage access to the runner that you added to y
 
    {% endwarning %}
 {%- endif %}
-{% data reusables.actions.self-hosted-runner-create-group %}
+{% data reusables.actions.create-runner-group %}
 {%- ifversion ghec or ghes > 3.3 or ghae-issue-5091 %}
 1. Click the "Runners" tab.
 1. In the list of runners, click the runner that you deployed in the previous section.

translations/zh-CN/content/admin/guides.md

@@ -45,6 +45,7 @@ includeGuides:
   - /admin/configuration/configuring-built-in-firewall-rules
   - /admin/configuration/configuring-code-scanning-for-your-appliance
   - /admin/configuration/configuring-data-encryption-for-your-enterprise
+  - /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance
   - /admin/configuration/configuring-dns-nameservers
   - /admin/configuration/configuring-rate-limits
   - /admin/configuration/configuring-secret-scanning-for-your-appliance

translations/zh-CN/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise.md

@@ -121,7 +121,7 @@ GraphQL API 对每个查询最多返回 100 个节点。 要检索其他结果
 下面的查询搜索在 `avocado-corp` 企业中搜索 2022 年 1 月 1 日创建的审核日志事件，并使用 [REST API 分页](/rest/overview/resources-in-the-rest-api#pagination)返回第一页，每页最多包含 100 个项：
 
 ```shell
-curl -H "Authorization: token <em>TOKEN</em>" \
+curl -H "Authorization: Bearer <em>TOKEN</em>" \
 --request GET \
 "https://api.github.com/enterprises/avocado-corp/audit-log?phrase=created:2022-01-01&page=1&per_page=100"
 ```
@@ -133,7 +133,7 @@ curl -H "Authorization: token <em>TOKEN</em>" \
 下面的查询搜索拉取请求的审核日志事件，其中事件发生在 `avocado-corp` 企业中的 2022 年 1 月 1 日或之后，并且该操作由 `octocat` 用户执行：
 
 ```shell
-curl -H "Authorization: token <em>TOKEN</em>" \
+curl -H "Authorization: Bearer <em>TOKEN</em>" \
 --request GET \
 "https://api.github.com/enterprises/avocado-corp/audit-log?phrase=action:pull_request+created:>=2022-01-01+actor:octocat"
 ```

translations/zh-CN/content/admin/user-management/migrating-data-to-and-from-your-enterprise/exporting-migration-data-from-githubcom.md

@@ -44,7 +44,7 @@ The Migrations API is currently in a preview period, which means that the endpoi
     * Your access token for authentication.
     * A [list of the repositories](/free-pro-team@latest/rest/repos#list-organization-repositories) you want to migrate:
       ```shell
-      curl -H "Authorization: token <em>GITHUB_ACCESS_TOKEN</em>" \
+      curl -H "Authorization: Bearer <em>GITHUB_ACCESS_TOKEN</em>" \
       -X POST \
       -H "Accept: application/vnd.github+json" \
       -d'{"lock_repositories":true,"repositories":["<em>orgname</em>/<em>reponame</em>", "<em>orgname</em>/<em>reponame</em>"]}' \
@@ -59,7 +59,7 @@ The Migrations API is currently in a preview period, which means that the endpoi
     * Your access token for authentication.
     * The unique `id` of the migration:
       ```shell
-      curl -H "Authorization: token <em>GITHUB_ACCESS_TOKEN</em>" \
+      curl -H "Authorization: Bearer <em>GITHUB_ACCESS_TOKEN</em>" \
       -H "Accept: application/vnd.github+json" \
       https://api.github.com/orgs/<em>orgname</em>/migrations/<em>id</em>
       ```
@@ -74,7 +74,7 @@ The Migrations API is currently in a preview period, which means that the endpoi
     * Your access token for authentication.
     * The unique `id` of the migration:
       ```shell
-      curl -H "Authorization: token <em>GITHUB_ACCESS_TOKEN</em>" \
+      curl -H "Authorization: Bearer <em>GITHUB_ACCESS_TOKEN</em>" \
       -H "Accept: application/vnd.github+json" \
       -L -o migration_archive.tar.gz \
       https://api.github.com/orgs/<em>orgname</em>/migrations/<em>id</em>/archive
@@ -84,7 +84,7 @@ The Migrations API is currently in a preview period, which means that the endpoi
     * Your access token for authentication.
     * The unique `id` of the migration:
       ```shell
-      curl -H "Authorization: token <em>GITHUB_ACCESS_TOKEN</em>" \
+      curl -H "Authorization: Bearer <em>GITHUB_ACCESS_TOKEN</em>" \
       -X DELETE \
       -H "Accept: application/vnd.github+json" \
       https://api.github.com/orgs/<em>orgname</em>/migrations/<em>id</em>/archive

translations/zh-CN/content/admin/user-management/migrating-data-to-and-from-your-enterprise/migrating-data-to-your-enterprise.md

@@ -134,7 +134,7 @@ $ ghe-migrator audit -s failed_import,failed_map,failed_rename,failed_merge -g <
   * 迁移的唯一 `id`
   * 要解锁的仓库的名称
 ```shell
-curl -H "Authorization: token <em>GITHUB_ACCESS_TOKEN</em>" -X DELETE \
+curl -H "Authorization: Bearer <em>GITHUB_ACCESS_TOKEN</em>" -X DELETE \
   -H "Accept: application/vnd.github.wyandotte-preview+json" \
   https://api.github.com/orgs/<em>orgname</em>/migrations/<em>id</em>/repos/<em>repo_name</em>/lock
 ```
@@ -143,7 +143,7 @@ curl -H "Authorization: token <em>GITHUB_ACCESS_TOKEN</em>" -X DELETE \
 
 在解锁 {% data variables.product.prodname_dotcom_the_website %} 组织的仓库后，您应当使用[仓库删除端点](/rest/repos/#delete-a-repository)删除之前迁移的每一个仓库。 您需要身份验证的访问令牌：
 ```shell
-curl -H "Authorization: token <em>GITHUB_ACCESS_TOKEN</em>" -X DELETE \
+curl -H "Authorization: Bearer <em>GITHUB_ACCESS_TOKEN</em>" -X DELETE \
   https://api.github.com/repos/<em>orgname</em>/<em>repo_name</em>
 ```
 

translations/zh-CN/content/billing/managing-billing-for-github-actions/about-billing-for-github-actions.md

@@ -1,6 +1,7 @@
 ---
 title: 关于 GitHub Actions 的计费
 intro: '如果要对 {% data variables.product.prodname_actions %} 的使用超出帐户所含存储容量或分钟数，您需要支付额外的使用费。'
+miniTocMaxHeadingLevel: 3
 redirect_from:
   - /github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-actions
   - /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-actions/about-billing-for-github-actions
@@ -28,6 +29,13 @@ shortTitle: GitHub Actions 的计费
 
 ### 包括存储和分钟数
 
+{% ifversion actions-hosted-runners %}
+{% note %}
+
+**Note**: Entitlement minutes cannot be used for Windows and Ubuntu runners over 2-cores. These runners will always be charged for, including in public repos. For more information, see "[Per-minute rates for runners](/billing/managing-billing-for-github-actions/about-billing-for-github-actions#per-minute-rates)."
+
+{% endnote %}
+{% endif %}
 | 产品                                                    | 存储器    | 分钟数（每月） |
 | ----------------------------------------------------- | ------ | ------- |
 | {% data variables.product.prodname_free_user %}     | 500 MB | 2,000   |
@@ -58,15 +66,15 @@ shortTitle: GitHub Actions 的计费
 
 ### 每分钟费率
 
-| 操作系统    | 每分钟费率（美元） |
-| ------- | --------- |
-| Linux   | $0.008    |
-| macOS   | $0.08     |
-| Windows | $0.016    |
+{% data reusables.billing.billing-standard-runners %}
+{% ifversion actions-hosted-runners %}{% data reusables.billing.billing-hosted-runners %}{% endif %}
 
-可在用户或组织帐户的所有仓库中同时运行的作业数量取决于您的 GitHub 计划。 更多信息请参阅“[使用限制和计费](/actions/reference/usage-limits-billing-and-administration)”（对于 {% data variables.product.prodname_dotcom %} 托管的运行器）和“[关于自托管运行器](/actions/hosting-your-own-runners/about-self-hosted-runners/#usage-limits)”（对于自托管运行器使用限制）。
-
-{% data reusables.user-settings.context_switcher %}
+- 可在用户或组织帐户的所有仓库中同时运行的作业数量取决于您的 GitHub 计划。 更多信息请参阅“[使用限制和计费](/actions/reference/usage-limits-billing-and-administration)”（对于 {% data variables.product.prodname_dotcom %} 托管的运行器）和“[关于自托管运行器](/actions/hosting-your-own-runners/about-self-hosted-runners/#usage-limits)”（对于自托管运行器使用限制）。
+- {% data reusables.user-settings.context_switcher %}
+{% ifversion actions-hosted-runners %}
+- For {% data variables.actions.hosted_runner %}s, there is no additional cost for configurations that assign public static IP addresses to a {% data variables.actions.hosted_runner %}. For more information on {% data variables.actions.hosted_runner %}s, see "[Using {% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/using-larger-runners)."
+- Entitlement minutes cannot be used for {% data variables.actions.hosted_runner %}s.
+{% endif %}
 
 ## 计算分钟和存储支出
 

translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning.md

@@ -359,7 +359,7 @@ In the following example, the `+` symbol ensures that the specified additional {
 
 ## Using a custom configuration file
 
-A custom configuration file is an alternative way to specify additional {% ifversion codeql-packs %}packs and {% endif %}queries to run. You can also use the file to disable the default queries and to specify which directories to scan during analysis.
+A custom configuration file is an alternative way to specify additional {% ifversion codeql-packs %}packs and {% endif %}queries to run. You can also use the file to disable the default queries{% ifversion code-scanning-exclude-queries-from-analysis %}, exclude or include specific queries,{% endif %} and to specify which directories to scan during analysis.
 
 In the workflow file, use the `config-file` parameter of the `init` action to specify the path to the configuration file you want to use. This example loads the configuration file _./.github/codeql/codeql-config.yml_.
 
@@ -442,6 +442,41 @@ Optionally, you can give each array element a name, as shown in the example conf
 
 If you only want to run custom queries, you can disable the default security queries by using `disable-default-queries: true`.
 
+{% ifversion code-scanning-exclude-queries-from-analysis %}
+### Excluding specific queries from analysis
+
+You can add `exclude` and `include` filters to your custom configuration file, to specify the queries you want to exclude or include in the analysis.
+
+This is useful if you want to exclude, for example:
+- Specific queries from the default suites (`security`, `security-extended` and `security-and-quality`).
+- Specific queries whose results do not interest you.
+- All the queries that generate warnings and recommendations.
+
+You can use `exclude` filters similar to those in the configuration file below to exclude queries that you want to remove from the default analysis. In the example of configuration file below, both the `js/redundant-assignment` and the `js/useless-assignment-to-local` queries are excluded from analysis.
+
+```yaml
+query-filters:
+  - exclude:
+      id: js/redundant-assignment
+  - exclude:
+      id: js/useless-assignment-to-local
+```
+To find the id of a query, you can click the alert in the list of alerts in the Security tab. This opens the alert details page. The `Rule ID` field contains the query id. For more information about the alert details page, see "[About {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-alert-details)."
+
+{% tip %}
+
+**Tips:**
+- The order of the filters is important. The first filter instruction that appears after the instructions about the queries and query packs determines whether the queries are included or excluded by default.
+- Subsequent instructions are executed in order and the instructions that appear later in the file take precedence over the earlier instructions.
+
+{% endtip %}
+
+You can find another example illustrating the use of these filters in the "[Example configuration files](#example-configuration-files)" section.
+
+For more information about using `exclude` and `include` filters in your custom configuration file, see "[Creating {% data variables.product.prodname_codeql %} query suites](https://codeql.github.com/docs/codeql-cli/creating-codeql-query-suites/#filtering-the-queries-in-a-query-suite)." For information on the query metadata you can filter on, see "[Metadata for CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/)."
+
+{% endif %}
+
 ### Specifying directories to scan
 
 For the interpreted languages that {% data variables.product.prodname_codeql %} supports (Python{% ifversion fpt or ghes > 3.3 or ghae-issue-5017 %}, Ruby{% endif %} and JavaScript/TypeScript), you can restrict {% data variables.product.prodname_code_scanning %} to files in specific directories by adding a `paths` array to the configuration file. You can exclude the files in specific directories from analysis by adding a `paths-ignore` array.

translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md

@@ -33,8 +33,6 @@ topics:
 - 拉取请求的 **Conversation（对话）** 选项卡，作为拉取请求审查的一部分{% endif %}
 - 拉取请求的 **Files changed（文件已更改）**选项卡
 
-{% ifversion code-scanning-pr-conversations-tab %} {% endif %}
-
 如果您拥有仓库的写入权限，您可以在 **Security（安全）**选项卡中查看任何现有的 {% data variables.product.prodname_code_scanning %} 警报。 有关仓库警报的更多信息，请参阅“[管理仓库的 {% data variables.product.prodname_code_scanning %} 警报](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)”。
 
 {% ifversion fpt or ghes > 3.2 or ghae or ghec %}

translations/zh-CN/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system.md

@@ -78,7 +78,8 @@ You can display the command-line help for any command using the <nobr>`--help`</
 | <nobr>`--command`</nobr> | | Recommended. Use to specify the build command or script that invokes the build process for the codebase. Commands are run from the current folder or, where it is defined, from <nobr>`--source-root`</nobr>. Not needed for Python and JavaScript/TypeScript analysis. | 
 | <nobr>`--db-cluster`</nobr> | | Optional. Use in multi-language codebases to generate one database for each language specified by <nobr>`--language`</nobr>.
 | <nobr>`--no-run-unnecessary-builds`</nobr> | | Recommended. Use to suppress the build command for languages where the {% data variables.product.prodname_codeql_cli %} does not need to monitor the build (for example, Python and JavaScript/TypeScript). 
-| <nobr>`--source-root`</nobr> | | Optional. Use if you run the CLI outside the checkout root of the repository. By default, the `database create` command assumes that the current directory is the root directory for the source files, use this option to specify a different location. |
+| <nobr>`--source-root`</nobr> | | Optional. Use if you run the CLI outside the checkout root of the repository. By default, the `database create` command assumes that the current directory is the root directory for the source files, use this option to specify a different location. |{% ifversion fpt or ghec or ghes > 3.2 or ghae %}
+| <nobr>`--codescanning-config`</nobr> | | Optional (Advanced). Use if you have a configuration file that specifies how to create the {% data variables.product.prodname_codeql %} databases and what queries to run in later steps. For more information, see "[Using a custom configuration file](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-a-custom-configuration-file)" and "[database create](https://codeql.github.com/docs/codeql-cli/manual/database-create/#cmdoption-codeql-database-create-codescanning-config)." |{% endif %}
 
 For more information, see [Creating {% data variables.product.prodname_codeql %} databases](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
 

translations/zh-CN/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md

@@ -72,7 +72,7 @@ topics:
 {% endtip %}
 {% endif %}
 
-此 {% data variables.product.prodname_dependency_review_action %} 示例文件说明了如何使用这些配置选项。
+此 {% data variables.product.prodname_dependency_review_action %} 示例文件说明了如何使用这些配置选项。 Notice that the example uses short version number for the action (`v2`) instead of a semver release number (for example, `v2.0.8`). This ensures that you use the most recent minor version of the action.
 
 ```yaml{:copy}
 name: 'Dependency Review'

translations/zh-CN/content/codespaces/codespaces-reference/using-the-vs-code-command-palette-in-codespaces.md

@@ -17,7 +17,7 @@ redirect_from:
 
 ## 关于 {% data variables.product.prodname_vscode_command_palette %}
 
-命令面板是 {% data variables.product.prodname_vscode %} 的焦点功能之一，可用于 {% data variables.product.prodname_github_codespaces %}。 {% data variables.product.prodname_vscode_command_palette %} 允许您访问 {% data variables.product.prodname_codespaces %} 和 {% data variables.product.prodname_vscode_shortname %} 的许多命令。 有关使用 {% data variables.product.prodname_vscode_command_palette_shortname %} 的更多信息，请参阅 {% data variables.product.prodname_vscode_shortname %} 文档中的[用户界面](https://code.visualstudio.com/docs/getstarted/userinterface#_command-palette)。
+命令面板是 {% data variables.product.prodname_vscode %} 的焦点功能之一，可用于 {% data variables.product.prodname_github_codespaces %}。 命令调色板允许您访问 {% data variables.product.prodname_codespaces %} 和 {% data variables.product.prodname_vscode_shortname %} 的许多命令。 有关使用 {% data variables.product.prodname_vscode_command_palette_shortname %} 的更多信息，请参阅 {% data variables.product.prodname_vscode_shortname %} 文档中的[用户界面](https://code.visualstudio.com/docs/getstarted/userinterface#_command-palette)。
 
 ## 访问 {% data variables.product.prodname_vscode_command_palette_shortname %}
 

translations/zh-CN/content/codespaces/developing-in-codespaces/getting-started-with-github-codespaces-for-machine-learning.md

@@ -0,0 +1,120 @@
+---
+title: Getting started with GitHub Codespaces for machine learning
+shortTitle: Machine learning
+intro: 'Learn about working on machine learning projects with {% data variables.product.prodname_github_codespaces %} and its out-of-the-box tools.'
+product: '{% data reusables.gated-features.codespaces %}'
+versions:
+  fpt: '*'
+  ghec: '*'
+type: tutorial
+topics:
+  - Codespaces
+  - Developer
+---
+
+## 简介
+
+This guide introduces you to machine learning with {% data variables.product.prodname_github_codespaces %}. You’ll build a simple image classifier, learn about some of the tools that come preinstalled in {% data variables.product.prodname_github_codespaces %}, configure your development environment for NVIDIA CUDA, and use {% data variables.product.prodname_cli %} to open your codespace in JupyterLab.
+
+## Prerequisite
+
+You have access to {% data variables.product.prodname_github_codespaces %}. 更多信息请参阅“[创建代码空间](/codespaces/developing-in-codespaces/creating-a-codespace#access-to-github-codespaces)”。
+
+## Build a simple image classifier
+
+We'll use a Jupyter notebook to build a simple image classifier.
+
+Jupyter notebooks are sets of cells that you can execute one after another. The notebook we'll use includes a number of cells that build an image classifier using [PyTorch](https://pytorch.org/). Each cell is a different phase of that process: download a dataset, set up a neural network, train a model, and then test that model.
+
+We'll run all of the cells, in sequence, to perform all phases of building the image classifier. When we do this Jupyter saves the output back into the notebook so that you can examine the results.
+
+### Creating a repository and a codespace
+
+1. Go to the [github/codespaces-getting-started-ml](https://github.com/github/codespaces-getting-started-ml) template repository and click **Use this template**.
+{% data reusables.codespaces.open-codespace-from-template-repo %}
+
+   By default, a codespace for this repository opens in a web-based version of {% data variables.product.prodname_vscode %}.
+
+### Open the image classifier notebook
+
+The default container image that's used by {% data variables.product.prodname_github_codespaces %} includes a set of machine learning libraries that are preinstalled in your codespace. For example, Numpy, pandas, SciPy, Matplotlib, seaborn, scikit-learn, TensorFlow, Keras, PyTorch, Requests, and Plotly. For more information about the default image, see "[Introduction to dev containers](/codespaces/setting-up-your-project-for-codespaces/introduction-to-dev-containers#using-the-default-dev-container-configuration)" and [the `devcontainers/images` repository](https://github.com/devcontainers/images/tree/main/src/codespaces#github-codespaces-default-linux-universal).
+
+1. In the {% data variables.product.prodname_vscode_shortname %} editor, close any "Get Started" tabs that are displayed.
+1. Open the `image-classifier.ipynb` notebook file.
+1. Click the Python kernel link at the top right of the editor.
+
+   ![Screenshot of the Python kernal link](/assets/images/help/codespaces/jupyter-python-kernel-link.png)
+
+1. In the drop-down menu, choose the kernel in the directory `/opt/python/latest/bin/python`.
+
+   ![Screenshot of the Python kernal drop-down menu](/assets/images/help/codespaces/jupyter-python-kernel-dropdown.png)
+
+### Build the image classifier
+
+The image classifier notebook contains all the code you need to download a dataset, train a neural network, and evaluate its performance.
+
+1. Click **Run All** to execute all of the notebook’s cells.
+
+   ![Screenshot of the Run All button](/assets/images/help/codespaces/jupyter-run-all.png)
+
+1. Scroll down to view the output of each cell.
+
+   ![Screenshot of Step 3 in the editor](/assets/images/help/codespaces/jupyter-notebook-step3.png)
+
+## Configure NVIDIA CUDA for your codespace
+
+Some software, such as TensorFlow, requires you to install NVIDIA CUDA to use your codespace’s GPU. Where this is the case, you can create your own custom configuration, by using a `devcontainer.json` file, and specify that CUDA should be installed. For more information on creating a custom configuration, see "[Introduction to dev containers](/codespaces/setting-up-your-project-for-codespaces/introduction-to-dev-containers#creating-a-custom-dev-container-configuration)."
+
+{% note %}
+
+**Note**: For full details of the script that's run when you add the `nvidia-cuda` feature, see [the devcontainers/features repository](https://github.com/devcontainers/features/tree/main/src/nvidia-cuda).
+
+{% endnote %}
+
+1. Within a codespace, open the `.devcontainer/devcontainer.json` file in the editor.
+1. Add a top-level `features` object with the following contents:
+
+   ```json{:copy}
+     “features”: {
+       "ghcr.io/devcontainers/features/nvidia-cuda:1": { 
+         "installCudnn": true
+       }
+     }
+   ```
+
+   For more information about the `features` object, see the [development containers specification](https://containers.dev/implementors/features/#devcontainer-json-properties).
+
+   If you are using the `devcontainer.json` file from the image classifier repository you created for this tutorial, your `devcontainer.json` file will now look like this:
+
+   ```
+   {
+     "customizations": {
+       "vscode": {
+         "extensions": [
+           "ms-python.python",
+           "ms-toolsai.jupyter"
+         ]
+       }
+     },
+     “features”: {
+       "ghcr.io/devcontainers/features/nvidia-cuda:1": { 
+         "installCudnn": true
+       }
+     }
+   }
+   ```
+
+1. Save the change.
+{% data reusables.codespaces.rebuild-command %}
+   The codespace container will be rebuilt. This will take several minutes. When the rebuild is complete the codespace is automatically reopened.
+1. Commit the change to the repository so that CUDA will be installed in any new codespaces you create from this repository in future.
+
+## Open your codespace in JupyterLab
+
+The default container image that's used by {% data variables.product.prodname_github_codespaces %} includes JupyterLab, the web-based Jupyter IDE. You can use {% data variables.product.prodname_cli %} to open your codespace in JupyterLab without having to install anything else on your codespace.
+
+1. In the terminal, enter the {% data variables.product.prodname_cli %} command `gh cs jupyter`.
+1. Choose the codespace you want to open.
+
+   ![Screenshot of opening a codespace from the terminal](/assets/images/help/codespaces/open-codespace-in-jupyter.png)
+

translations/zh-CN/content/codespaces/developing-in-codespaces/index.md

@@ -18,6 +18,7 @@ children:
   - /forwarding-ports-in-your-codespace
   - /default-environment-variables-for-your-codespace
   - /connecting-to-a-private-network
+  - /getting-started-with-github-codespaces-for-machine-learning
   - /using-github-codespaces-in-visual-studio-code
   - /using-github-codespaces-with-github-cli
 ---

translations/zh-CN/content/codespaces/getting-started/deep-dive.md

@@ -73,7 +73,7 @@ topics:
 
 ### 关闭或停止代码空间
 
-要停止代码空间，您可以 [使用 {% data variables.product.prodname_vscode_command_palette %}](/codespaces/codespaces-reference/using-the-vs-code-command-palette-in-codespaces#suspending-or-stopping-a-codespace) (`Shift + Command + P` (Mac) / `Ctrl + Shift + P` (Windows))。 如果在未运行停止命令的情况下退出代码空间（例如，关闭浏览器选项卡），或者让代码空间在没有交互的情况下运行，则代码空间及其正在运行的进程将继续运行，直到出现不活动窗口，之后代码空间将停止。  默认情况下，不活动窗口为 30 分钟。
+To stop your codespace you can [use the {% data variables.product.prodname_vscode_command_palette %}](/codespaces/codespaces-reference/using-the-vs-code-command-palette-in-codespaces#suspending-or-stopping-a-codespace) (<kbd>Shift</kbd>+<kbd>Command</kbd>+<kbd>P</kbd> (Mac) / <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>P</kbd> (Windows/Linux)). 如果在未运行停止命令的情况下退出代码空间（例如，关闭浏览器选项卡），或者让代码空间在没有交互的情况下运行，则代码空间及其正在运行的进程将继续运行，直到出现不活动窗口，之后代码空间将停止。  默认情况下，不活动窗口为 30 分钟。
 
 关闭或停止代码空间时，将保留所有未提交的更改，直到您再次连接到代码空间。
 

translations/zh-CN/content/codespaces/getting-started/quickstart.md

@@ -25,12 +25,7 @@ From this quickstart, you'll learn how to create a codespace, connect to a forwa
 ## 创建代码空间
 
 1. 导航到 [template repository（模板存储库）](https://github.com/github/haikus-for-codespaces) 并选择 **Use this template（使用此模板）**。
-
-1. Choose an owner for the new repository, enter a repository name, select your preferred privacy setting, and click **Create repository from template**.
-
-1. 导航到新创建的存储库的主页。 在存储库名称下，使用 **{% octicon "code" aria-label="The code icon" %} 代码**下拉菜单，然后在**Codespaces（代码空间）**选项卡中，单击 **Create codespace on main（在主分支上创建代码空间）**。
-
-  ![新建代码空间按钮](/assets/images/help/codespaces/new-codespace-button.png)
+{% data reusables.codespaces.open-codespace-from-template-repo %}
 
 ## 运行应用程序
 

translations/zh-CN/content/codespaces/setting-up-your-project-for-codespaces/introduction-to-dev-containers.md

@@ -155,9 +155,9 @@ RUN apt-get update && bash /tmp/library-scripts/github-debian.sh
 您可以通过在配置预定义容器时选择一些最常用的功能来添加这些功能。 有关可用功能的详细信息，请参阅 `vscode-dev-containers` 存储库中的[脚本库](https://github.com/microsoft/vscode-dev-containers/tree/main/script-library#scripts) 。
 
 
-1. 访问命令面板 (`Shift + Command + P` / `Ctrl + Shift + P`)，然后开始键入 "configure"。 选择 **Codespaces: Configure Devcontainer Features（代码空间：配置开发容器功能）**。
+1. Access the Command Palette (<kbd>Shift</kbd>+<kbd>Command</kbd>+<kbd>P</kbd> (Mac) / <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>P</kbd> (Windows/Linux)), then start typing "configure". 选择 **Codespaces: Configure Devcontainer Features（代码空间：配置开发容器功能）**。
 
-   ![命令面板中的 Configure Devcontainer Features 命令](/assets/images/help/codespaces/codespaces-configure-features.png)
+   ![The Configure Devcontainer Features command in the Command Palette](/assets/images/help/codespaces/codespaces-configure-features.png)
 
 1. 更新您的功能选择，然后单击**确定**。
 
@@ -165,7 +165,7 @@ RUN apt-get update && bash /tmp/library-scripts/github-debian.sh
 
 1. 要应用更改，请在屏幕右下角单击 **Rebuild now（立即重建）**。 有关重建容器的更多信息，请参阅“[应用对配置的更改](#applying-configuration-changes-to-a-codespace)”。
 
-   ![命令面板中的"Codespaces：重建容器"](/assets/images/help/codespaces/rebuild-prompt.png)
+   !["Codespaces: Rebuild Container" in the Command Palette](/assets/images/help/codespaces/rebuild-prompt.png)
 
 ## 创建自定义开发容器配置
 

translations/zh-CN/content/codespaces/troubleshooting/github-codespaces-logs.md

@@ -28,7 +28,7 @@ redirect_from:
 {% webui %}
 
 1. 如果在浏览器中使用 {% data variables.product.prodname_codespaces %} ，请确保已连接到要调试的代码空间。
-1. 打开 {% data variables.product.prodname_vscode %} 命令面板 (`Shift + Command + P` (Mac) / `Ctrl + Shift + P` (Windows)) ，然后键入 **Export logs**。 从列表中选择 **odespaces: Export Logs（代码空间：导出日志）**以下载日志。
+1. Open the {% data variables.product.prodname_vscode_command_palette_shortname %} (<kbd>Shift</kbd>+<kbd>Command</kbd>+<kbd>P</kbd> (Mac) / <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>P</kbd> (Windows/Linux)) and type **Export logs**. 从列表中选择 **odespaces: Export Logs（代码空间：导出日志）**以下载日志。
 1. 定义保存日志 zip 存档的位置，然后单击 **Save（保存）**（桌面），或单击 **OK（确定）** (web)。
 1. 如果在浏览器中使用 {% data variables.product.prodname_codespaces %} ，请右键单击资源管理器视图中日志的 zip 存档，然后选择 **Download…（下载…）**将其下载到本地计算机。
 
@@ -36,7 +36,7 @@ redirect_from:
 
 {% vscode %}
 
-1. 打开 {% data variables.product.prodname_vscode %} 命令面板 (`Shift + Command + P` (Mac) / `Ctrl + Shift + P` (Windows)) ，然后键入 **Export logs**。 从列表中选择 **odespaces: Export Logs（代码空间：导出日志）**以下载日志。
+1. Open the {% data variables.product.prodname_vscode_command_palette_shortname %} (<kbd>Shift</kbd>+<kbd>Command</kbd>+<kbd>P</kbd> (Mac) / <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>P</kbd> (Windows/Linux)) and type **Export logs**. 从列表中选择 **odespaces: Export Logs（代码空间：导出日志）**以下载日志。
 1. 定义保存日志 zip 存档的位置，然后单击 **Save（保存）**（桌面），或单击 **OK（确定）** (web)。
 
 {% endvscode %}
@@ -55,7 +55,7 @@ redirect_from:
 {% webui %}
 
 1. 连接到要调试的代码空间。
-2. 打开 {% data variables.product.prodname_vscode_command_palette %} (`Shift + Command + P` (Mac) / `Ctrl + Shift + P` (Windows)) ，然后键入 **Creation logs**。 从列表中选择 **Codespaces: View Creation Log（代码空间：查看创建日志）**以打开 `creation.log` 文件。
+2. Open the {% data variables.product.prodname_vscode_command_palette_shortname %} (<kbd>Shift</kbd>+<kbd>Command</kbd>+<kbd>P</kbd> (Mac) / <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>P</kbd> (Windows/Linux)) and type **Creation logs**. 从列表中选择 **Codespaces: View Creation Log（代码空间：查看创建日志）**以打开 `creation.log` 文件。
 
 如果要与支持人员共享日志，可以将创建日志中的文本复制到文本编辑器中，并将文件保存在本地。
 
@@ -63,7 +63,7 @@ redirect_from:
 
 {% vscode %}
 
-打开命令面板 (`Shift + Command + P` (Mac) / `Ctrl + Shift + P` (Windows))，然后键入 **Creation logs**。 从列表中选择 **Codespaces: View Creation Log（代码空间：查看创建日志）**以打开 `creation.log` 文件。
+Open the {% data variables.product.prodname_vscode_command_palette_shortname %} (<kbd>Shift</kbd>+<kbd>Command</kbd>+<kbd>P</kbd> (Mac) / <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>P</kbd> (Windows/Linux)) and type **Creation logs**. 从列表中选择 **Codespaces: View Creation Log（代码空间：查看创建日志）**以打开 `creation.log` 文件。
 
 如果要与支持人员共享日志，可以将创建日志中的文本复制到文本编辑器中，并将文件保存在本地。
 

translations/zh-CN/content/codespaces/troubleshooting/troubleshooting-creation-and-deletion-of-codespaces.md

@@ -1,5 +1,5 @@
 ---
-title: 代码空间的创建和删除疑难解答
+title: Troubleshooting creation and deletion of codespaces
 intro: 本文提供了在创建或删除代码空间时可能遇到的常见问题（包括存储和配置问题）的疑难解答步骤。
 product: '{% data reusables.gated-features.codespaces %}'
 versions:
@@ -16,6 +16,8 @@ shortTitle: 创建和删除
 ### 没有创建代码空间的权限
 {% data variables.product.prodname_codespaces %} 并非对所有存储库都可用。 如果缺少“Open with Codespaces（使用 Codespaces 打开）”按钮，则 {% data variables.product.prodname_github_codespaces %} 可能不适用于该存储库。 更多信息请参阅“[创建代码空间](/codespaces/developing-in-codespaces/creating-a-codespace#access-to-codespaces)”。
 
+You can't create a codespace for a private repository that is owned by an organization, unless you have write access to the repository or the organization has enabled forking for it.
+
 如果您认为您的组织已启用 [ {% data variables.product.prodname_codespaces %}](/codespaces/managing-codespaces-for-your-organization/enabling-codespaces-for-your-organization#about-enabling-codespaces-for-your-organization)，请确保组织所有者或帐单管理员已设置 {% data variables.product.prodname_codespaces %} 的支出限制。 更多信息请参阅“[管理 {% data variables.product.prodname_codespaces %} 的支出限制](/billing/managing-billing-for-github-codespaces/managing-spending-limits-for-codespaces)”。
 
 ### 代码空间在创建时未打开

translations/zh-CN/content/codespaces/troubleshooting/troubleshooting-your-connection-to-github-codespaces.md

@@ -18,7 +18,7 @@ redirect_from:
 Codespaces are set to stop after 30 minutes without any activity. If you try to interact with a codespace after it has stopped, you may see a `503 service unavailable` error. 
 
 - If a **Start** button is shown in {% data variables.product.prodname_vscode %} or in your browser window, click **Start** to reconnect to the codespace.
-- Reset your codespace by reloading the window. From the [command palette](/codespaces/codespaces-reference/using-the-command-palette-in-codespaces#accessing-the-command-palette) in {% data variables.product.prodname_vscode %}, click **Developer: Reload Window**.
+- Reset your codespace by reloading the window. From the [Command Palette](/codespaces/codespaces-reference/using-the-command-palette-in-codespaces#accessing-the-command-palette) in {% data variables.product.prodname_vscode %}, click **Developer: Reload Window**.
 
 ## Browser cannot connect
 

translations/zh-CN/content/developers/apps/building-github-apps/authenticating-with-github-apps.md

@@ -147,18 +147,24 @@ $ curl -i -X POST \
 
 ```shell
 $ curl -i \
--H "Authorization: token YOUR_INSTALLATION_ACCESS_TOKEN" \
+-H "Authorization: Bearer YOUR_INSTALLATION_ACCESS_TOKEN" \
 -H "Accept: application/vnd.github+json" \
 {% data variables.product.api_url_pre %}/installation/repositories
 ```
 
 `YOUR_INSTALLATION_ACCESS_TOKEN` 是必须替换的值。
 
+{% note %}
+
+**注意：**{% data reusables.getting-started.bearer-vs-token %}
+
+{% endnote %}
+
 ## 作为安装访问 API 端点
 
 有关适用于使用安装访问令牌的 {% data variables.product.prodname_github_apps %} 的 REST API 端点列表，请参阅“[可用端点](/rest/overview/endpoints-available-for-github-apps)。”
 
-有关与安装相关的端点的列表，请参阅“[安装](/rest/reference/apps#installations)。”
+For a list of endpoints related to installations, see "[Installations](/rest/reference/apps#installations)."
 
 ## 由安装验证基于 HTTP 的 Git 访问权限
 

translations/zh-CN/content/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps.md

@@ -108,13 +108,13 @@ shortTitle: 识别和授权用户
 
 用户的访问令牌允许 GitHub 应用程序代表用户向 API 发出请求。
 
-    Authorization: token OAUTH-TOKEN
+    Authorization: Bearer OAUTH-TOKEN
     GET {% data variables.product.api_url_code %}/user
 
 例如，您可以像以下这样在 curl 中设置“授权”标头：
 
 ```shell
-curl -H "Authorization: token OAUTH-TOKEN" {% data variables.product.api_url_pre %}/user
+curl -H "Authorization: Bearer OAUTH-TOKEN" {% data variables.product.api_url_pre %}/user
 ```
 
 ## 设备流程
@@ -133,12 +133,12 @@ curl -H "Authorization: token OAUTH-TOKEN" {% data variables.product.api_url_pre
 
 获得用户的 OAuth 令牌后，您可以检查该用户可以访问哪些安装。
 
-    Authorization: token OAUTH-TOKEN
+    Authorization: Bearer OAUTH-TOKEN
     GET /user/installations
 
 您还可以检查用户可以访问哪些仓库进行安装。
 
-    Authorization: token OAUTH-TOKEN
+    Authorization: Bearer OAUTH-TOKEN
     GET /user/installations/:installation_id/repositories
 
 更多信息请参阅：[列出用户访问令牌可访问的应用程序安装](/rest/apps#list-app-installations-accessible-to-the-user-access-token)和[列出用户访问令牌可访问的仓库](/rest/apps#list-repositories-accessible-to-the-user-access-token)。

translations/zh-CN/content/developers/apps/building-oauth-apps/authorizing-oauth-apps.md

@@ -107,13 +107,13 @@ Accept: application/xml
 
 访问令牌可用于代表用户向 API 提出请求。
 
-    Authorization: token OAUTH-TOKEN
+    Authorization: Bearer OAUTH-TOKEN
     GET {% data variables.product.api_url_code %}/user
 
 例如，您可以像以下这样在 curl 中设置“授权”标头：
 
 ```shell
-curl -H "Authorization: token OAUTH-TOKEN" {% data variables.product.api_url_pre %}/user
+curl -H "Authorization: Bearer OAUTH-TOKEN" {% data variables.product.api_url_pre %}/user
 ```
 
 ## 设备流程

translations/zh-CN/content/developers/apps/building-oauth-apps/scopes-for-oauth-apps.md

@@ -28,7 +28,7 @@ topics:
 检查标头以查看您拥有哪些 OAuth 作用域，以及 API 操作接受什么：
 
 ```shell
-$ curl -H "Authorization: token OAUTH-TOKEN" {% data variables.product.api_url_pre %}/users/codertocat -I
+$ curl -H "Authorization: Bearer OAUTH-TOKEN" {% data variables.product.api_url_pre %}/users/codertocat -I
 HTTP/2 200
 X-OAuth-Scopes: repo, user
 X-Accepted-OAuth-Scopes: user

translations/zh-CN/content/developers/overview/github-developer-program.md

@@ -23,9 +23,9 @@ topics:
 ## 有适用于 GitHub 的集成？
 
 太棒了！ 我们希望您加入计划。 以下是您可以使用的推广方式：</p>
-* [让我们知道您的集成](https://support.github.com/contact?tags=rr-general-technical&form[subject]=New+GitHub+Integration)
-* 使用 [Octocat 或 GitHub 徽标](https://github.com/logos)来标识您的产品适用于 GitHub
-* 在您的网站上发布有关您的集成的视频或博客
+* [Let us know about your integration](https://support.github.com/contact?tags=rr-general-technical&form[subject]=New+GitHub+Integration).
+* 使用 [Octocat 或 GitHub 徽标](https://github.com/logos)来标识您的产品适用于 GitHub.
+* 在您的网站上发布有关您的集成的视频或博客.
 
 ## 准备加入 GitHub 开发者计划吗？
 

translations/zh-CN/content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/connect-a-learning-management-system-to-github-classroom.md

@@ -25,23 +25,22 @@ shortTitle: 连接 LMS
 
 ## 支持的 LMSes
 
-{% data variables.product.prodname_classroom %} 支持从实施学习工具互操作性 (LTI) 标准的 LMS 导入名册数据。
+{% note %}
 
-- LTI 版本 1.0 和/或 1.1
-- 配置 1.X 的 LTI 名称和角色
+**Note:** {% data variables.product.prodname_classroom %} previously supported import of roster data from LMSes that implement Learning Tools Interoperability (LTI) versions 1.0 and 1.1. On June 30, 2022, the Instructional Management System (IMS) Global Learning Consortium [ended support for LTI versions 1.0 and 1.1](https://www.imsglobal.org/lti-security-announcement-and-deprecation-schedule). In the interest of keeping sensitive student information safe and secure, {% data variables.product.company_short %} has temporarily disabled importing roster data from LTI-compliant LMSes.<br><br>
 
-使用 LTI 有助于确保您的信息安全。 LTI 是一个行业标准协议，GitHub Classroom 对 LTI 的使用得到了教学管理系统 (IMS) 全球学习联盟的认证。 更多信息请参阅[学习工具互操作性](https://www.imsglobal.org/activity/learning-tools-interoperability)和 IMS 全球学习联盟网站上的[关于 IMS 全球学习联盟](http://www.imsglobal.org/aboutims.html)。
+Support for the latest version of Learning Tools Interoperability, [LTI 1.3](https://www.imsglobal.org/activity/learning-tools-interoperability), is currently being worked on and will be made available in {% data variables.product.prodname_classroom %} very soon.
+
+{% endnote %}
+
+LTI 是一个行业标准协议，GitHub Classroom 对 LTI 的使用得到了教学管理系统 (IMS) 全球学习联盟的认证。 更多信息请参阅[学习工具互操作性](https://www.imsglobal.org/activity/learning-tools-interoperability)和 IMS 全球学习联盟网站上的[关于 IMS 全球学习联盟](http://www.imsglobal.org/aboutims.html)。
 
 {% data variables.product.company_short %} 测试了名册数据从以下 LMS 到 {% data variables.product.prodname_classroom %} 的导入。
 
-- Canvas
 - Google Classroom
-- Moodle
-- Sakai
 
-目前， {% data variables.product.prodname_classroom %} 不支持从 Blackboard 或 Brightspace 导入名册数据.
 
-## 为教室生成配置凭据
+## Connecting to Google Classroom
 
 {% data reusables.classroom.sign-into-github-classroom %}
 {% data reusables.classroom.click-classroom-in-list %}
@@ -49,88 +48,15 @@ shortTitle: 连接 LMS
 1. 如果您的教室已有名册，您可以更新名册或删除名册并创建新的名册。
     - 有关删除和创建名册的更多信息，请参阅“[删除教室名册](/education/manage-coursework-with-github-classroom/manage-classrooms#deleting-a-roster-for-a-classroom)”和“[创建教室名册](/education/manage-coursework-with-github-classroom/manage-classrooms#creating-a-roster-for-your-classroom)”。
     - 有关更新名册的更多信息，请参阅“[将学生添加到教室的名册](/education/manage-coursework-with-github-classroom/manage-classrooms#adding-students-to-the-roster-for-your-classroom)”。
-1. 在 LMS 列表中，单击您的 LMS。 如果您的 LMS 不受支持，请单击**其他 LMS**。 ![LMS 列表](/assets/images/help/classroom/classroom-settings-click-lms.png)
-1. 阅读有关连接 LMS 的操作，然后单击 **连接到 _LMS_**。
-1. 复制用于连接到教室的“消费者密钥”、“共享密钥”和“启动 URL”。 ![复制凭据](/assets/images/help/classroom/classroom-copy-credentials.png)
+1. In the list of LMSes, click Google Classroom. ![Google Classroom](/assets/images/help/classroom/classroom-settings-click-google-classroom.png)
+1. Sign in to Google, then select the Classroom to link to.
 
-## 配置通用 LMS
 
-您必须为 LMS 配置隐私设置，以允许外部工具接收名册信息。
+## Connecting to Canvas, Moodle, Sakai, and other LMSes
 
-1. 导航到 LMS。
-1. 配置外部工具。
-1. 提供您在 {% data variables.product.prodname_classroom %} 中生成的配置凭据。
-    - 消费者密钥
-    - 共享机密
-    - 启动 URL（有时称为“工具 URL”或类似名称）
+Connecting to other LMSes is temporarily unavailable as {% data variables.product.company_short %} updates to Learning Tools Interoperability (LTI) version 1.3. For more information, see "[Supported LMSes](#supported-lmses)."
 
-## 配置 Canvas
-
-您可以将 {% data variables.product.prodname_classroom %} 配置为 Canvas 的外部应用以将名册数据导入到您的教室。 有关 Canvas 的更多信息，请参阅 [Canvas 网站](https://www.instructure.com/canvas/)。
-
-1. 登录到 [Canvas](https://www.instructure.com/canvas/#login)。
-1. 选择要与 {% data variables.product.prodname_classroom %} 集成的 Canvas 课程。
-1. 在左边栏中，单击 **Settings（设置）**。
-1. 单击 **Apps（应用程序）**选项卡。
-1. 单击 **View app configurations（查看应用程序配置）**。
-1. 单击 **+App**。
-1. 选择 **Configuration Type（配置类型）**下拉菜单，然后单击 **By URL（通过 URL）**。
-1. 从 {% data variables.product.prodname_classroom %} 粘贴配置凭据。 更多信息请参阅“[为教室生成配置凭据](#generating-configuration-credentials-for-your-classroom)”。
-
-    | Canvas 应用程序配置中的字段         | 值或设置                                                     |
-    |:------------------------- |:-------------------------------------------------------- |
-    | **消费者密钥**                 | {% data variables.product.prodname_classroom %} 中的消费者密钥  |
-    | **共享秘密**                  | {% data variables.product.prodname_classroom %} 中的共享密钥   |
-    | **允许此工具访问 IMS 名称和角色预配服务** | 已启用                                                      |
-    | **配置 URL**                | {% data variables.product.prodname_classroom %} 中的启动 URL |
-
-    {% note %}
-
-    **注意**: 如果您在 Canvas 中看不到名为“Allow this tool to access the IMS Names and Role Provisioning Service（允许此工具访问 IMS 名称和角色预配服务）”的复选框，则您的 Canvas 管理员必须联系 Canvas 支持，以为您的 Canvas 帐户启用会员服务配置。 如果不启用此功能，您将无法从 Canvas 同步名册。 更多信息请参阅 Canvas 网站上的[如何联系 Canvas 支持？](https://community.canvaslms.com/t5/Canvas-Basics-Guide/How-do-I-contact-Canvas-Support/ta-p/389767)。
-
-    {% endnote %}
-
-1. 单击 **Submit（提交）**。
-1. 在左侧边栏中，单击 **Home（主页）**。
-1. 要提示 Canvas 发送确认电子邮件，请在左侧栏中单击 **GitHub Classroom**。 按照电子邮件中的说明完成链接 {% data variables.product.prodname_classroom %}。
-
-## 配置 Moodle
-
-您可以将 {% data variables.product.prodname_classroom %} 配置为 Moodle 的活动以将名册数据导入到您的教室。 有关 Moodle 的更多信息，请参阅 [Moodle 网站](https://moodle.org)。
-
-您必须使用 Moodle 版本 3.0 或更高版本。
-
-1. 登录 [Moodle](https://moodle.org/login/)。
-1. 选择要与 {% data variables.product.prodname_classroom %} 集成的 Moodle 课程。
-1. 单击 **Turn editing on（打开编辑）**。
-1. 当希望 {% data variables.product.prodname_classroom %} 在 Moodle 中可用时，单击 **Add an activity or resource（添加活动或资源）**。
-1. 选择 **External tool（外部工具）**并单击 **Add（添加）**。
-1. 在“Activity name（活动名称）”字段中，键入 "GitHub Classroom"。
-1. 在 **Preconfigured tool（预配置的工具）**字段的下拉菜单右侧，单击 **+**。
-1. 在“External tool configuration（外部工具配置）”下，从 {% data variables.product.prodname_classroom %} 粘贴配置凭据。 更多信息请参阅“[为教室生成配置凭据](#generating-configuration-credentials-for-your-classroom)”。
-
-    | Moodle 应用程序配置中的字段 | 值或设置                                                                                                                              |
-    |:----------------- |:--------------------------------------------------------------------------------------------------------------------------------- |
-    | **工具名称**          | {% data variables.product.prodname_classroom %} - _YOUR CLASSROOM NAME_<br/><br/>**注意**：您可以使用任何名称，但为明确起见，我们建议使用这个值。 |
-    | **工具 URL**        | {% data variables.product.prodname_classroom %} 中的启动 URL                                                                          |
-    | **LTI 版本**        | LTI 1.0/1.1                                                                                                                       |
-    | **默认启动容器**        | 新窗口                                                                                                                               |
-    | **消费者密钥**         | {% data variables.product.prodname_classroom %} 中的消费者密钥                                                                           |
-    | **共享机密**          | {% data variables.product.prodname_classroom %} 中的共享密钥                                                                            |
-
-1. 滚动到 **Services（服务）**并单击。
-1. 在“IMS LTI Names and Role Provisioning（IMS LTI 名称和角色预配）”的右侧，选择下拉菜单并单击 **Use this service to retrieve members' information as per privacy settings（根据隐私设置使用此服务检索成员的信息）**。
-1. 滚动到 **Privacy（隐私）**并单击。
-1. 在 **Share launcher's name with tool（使用工具共享启动者的名称）**和 **Share launcher's email with tool（使用工具共享启动者的电子邮件）**右侧，选择下拉菜单以单击 **Always（始终）**。
-1. 在页面底部，单击 **Save changes（保存更改）**。
-1. 在 **Preconfigure tool（预配置工具）**菜单中，单击 **GitHub Classroom - _YOUR CLASSROOM NAME_**。
-1. 在“Common module settings（通用模块设置）”下“Availability（可用性）”的右侧，选择下拉菜单并单击 **Hide from students（对学生隐藏）**。
-1. 在页面底部，单击 **Save and return to course（保存并返回课程）**。
-1. 导航到您选择显示 {% data variables.product.prodname_classroom %} 的任何位置，然后单击 {% data variables.product.prodname_classroom %} 活动。
-
-## 从 LMS 导入名册
-
-有关从将名册从 LMS 导入到 {% data variables.product.prodname_classroom %} 的更多信息，请参阅“[管理教室](/education/manage-coursework-with-github-classroom/manage-classrooms#creating-a-roster-for-your-classroom)”。
+In the meantime, you may manually input your roster for your class. For more information about manually importing the roster from your LMS into {% data variables.product.prodname_classroom %}, see "[Manage classrooms](/education/manage-coursework-with-github-classroom/manage-classrooms#creating-a-roster-for-your-classroom)."
 
 ## 断开 LMS 连接
 

translations/zh-CN/content/get-started/quickstart/fork-a-repo.md

@@ -113,7 +113,7 @@ gh repo fork <em>repository</em> --org "octo-org"
   > Cloning into `Spoon-Knife`...
   > remote: Counting objects: 10, done.
   > remote: Compressing objects: 100% (8/8), done.
-  > remove: Total 10 (delta 1), reused 10 (delta 1)
+  > remote: Total 10 (delta 1), reused 10 (delta 1)
   > Unpacking objects: 100% (10/10), done.
   ```
 

translations/zh-CN/content/graphql/guides/migrating-graphql-global-node-ids.md

@@ -32,7 +32,7 @@ shortTitle: 迁移全局节点 ID
 
 ```
 $ curl \
-  -H "Authorization: token $GITHUB_TOKEN" \
+  -H "Authorization: Bearer $GITHUB_TOKEN" \
   -H "X-Github-Next-Global-ID: 1" \
   https://api.github.com/graphql \
   -d '{ "query": "{ node(id: \"MDQ6VXNlcjM0MDczMDM=\") { id } }" }'

translations/zh-CN/content/issues/planning-and-tracking-with-projects/automating-your-project/using-the-api-to-manage-projects.md

@@ -70,7 +70,7 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
   --url https://api.github.com/graphql \
-  --header 'Authorization: token <em>TOKEN</em>' \
+  --header 'Authorization: Bearer <em>TOKEN</em>' \
   --data '{"query":"query{organization(login: \"<em>ORGANIZATION</em>\") {projectV2(number: <em>NUMBER</em>){id}}}"}'
 ```
 {% endcurl %}
@@ -94,7 +94,7 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
   --url https://api.github.com/graphql \
-  --header 'Authorization: token <em>TOKEN</em>' \
+  --header 'Authorization: Bearer <em>TOKEN</em>' \
   --data '{"query":"{organization(login: \"<em>ORGANIZATION</em>\") {projectsV2(first: 20) {nodes {id title}}}}"}'
 ```
 {% endcurl %}
@@ -125,7 +125,7 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
   --url https://api.github.com/graphql \
-  --header 'Authorization: token <em>TOKEN</em>' \
+  --header 'Authorization: Bearer <em>TOKEN</em>' \
   --data '{"query":"query{user(login: \"<em>USER</em>\") {projectV2(number: <em>NUMBER</em>){id}}}"}'
 ```
 {% endcurl %}
@@ -149,7 +149,7 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
   --url https://api.github.com/graphql \
-  --header 'Authorization: token <em>TOKEN</em>' \
+  --header 'Authorization: Bearer <em>TOKEN</em>' \
   --data '{"query":"{user(login: \"<em>USER</em>\") {projectsV2(first: 20) {nodes {id title}}}}"}'
 ```
 {% endcurl %}
@@ -180,7 +180,7 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
   --url https://api.github.com/graphql \
-  --header 'Authorization: token <em>TOKEN</em>' \
+  --header 'Authorization: Bearer <em>TOKEN</em>' \
   --data '{"query":"query{ node(id: \"<em>PROJECT_ID</em>\") { ... on ProjectV2 { fields(first: 20) { nodes { ... on ProjectV2Field { id name } ... on ProjectV2IterationField { id name configuration { iterations { startDate id }}} ... on ProjectV2SingleSelectField { id name options { id name }}}}}}}"}'
 ```
 {% endcurl %}
@@ -284,7 +284,7 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
   --url https://api.github.com/graphql \
-  --header 'Authorization: token <em>TOKEN</em>' \
+  --header 'Authorization: Bearer <em>TOKEN</em>' \
   --data '{"query":"query{ node(id: \"<em>PROJECT_ID</em>\") { ... on ProjectV2 { fields(first: 20) { nodes { ... on ProjectV2FieldCommon { id name }}}}}}"}'
 ```
 {% endcurl %}
@@ -354,7 +354,7 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
   --url https://api.github.com/graphql \
-  --header 'Authorization: token <em>TOKEN</em>' \
+  --header 'Authorization: Bearer <em>TOKEN</em>' \
   --data '{"query":"query{ node(id: \"<em>PROJECT_ID</em>\") { ... on ProjectV2 { items(first: 20) { nodes{ id fieldValues(first: 8) { nodes{ ... on ProjectV2ItemFieldTextValue { text field { ... on ProjectV2FieldCommon {  name }}} ... on ProjectV2ItemFieldDateValue { date field { ... on ProjectV2FieldCommon { name } } } ... on ProjectV2ItemFieldSingleSelectValue { name field { ... on ProjectV2FieldCommon { name }}}}} content{ ... on DraftIssue { title body } ...on Issue { title assignees(first: 10) { nodes{ login }}} ...on PullRequest { title assignees(first: 10) { nodes{ login }}}}}}}}}"}'
 ```
 {% endcurl %}
@@ -446,7 +446,7 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
   --url https://api.github.com/graphql \
-  --header 'Authorization: token <em>TOKEN</em>' \
+  --header 'Authorization: Bearer <em>TOKEN</em>' \
   --data '{"query":"mutation {addProjectV2ItemById(input: {projectId: \"<em>PROJECT_ID</em>\" contentId: \"<em>CONTENT_ID</em>\"}) {item {id}}}"}'
 ```
 {% endcurl %}
@@ -488,8 +488,8 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
   --url https://api.github.com/graphql \
-  --header 'Authorization: token <em>TOKEN</em>' \
-  --data '{"query":"mutation {addProjectV2DraftIssue(input: {projectId: "<em>PROJECT_ID</em>" title: "<em>TITLE</em>" body: "<em>BODY</em>"}) {item {id}}}"}'
+  --header 'Authorization: Bearer <em>TOKEN</em>' \
+  --data '{"query":"mutation {addProjectV2DraftIssue(input: {projectId: "<em>PROJECT_ID</em>" title: "<em>TITLE</em>" body: "<em>BODY</em>"}) {projectItem {id}}}"}'
 ```
 {% endcurl %}
 
@@ -498,7 +498,7 @@ curl --request POST \
 gh api graphql -f query='
   mutation {
     addProjectV2DraftIssue(input: {projectId: "<em>PROJECT_ID</em>" title: "<em>TITLE</em>" body: "<em>BODY</em>"}) {
-      item {
+      projectItem {
         id
       }
     }
@@ -512,7 +512,7 @@ gh api graphql -f query='
 {
   "data": {
     "addProjectV2ItemById": {
-      "item": {
+      "projectItem": {
         "id": "PVTI_lADOANN5s84ACbL0zgBbxFc"
       }
     }
@@ -528,7 +528,7 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
 --url https://api.github.com/graphql \
---header 'Authorization: token <em>TOKEN</em>' \
+--header 'Authorization: Bearer <em>TOKEN</em>' \
 --data '{"query":"mutation { updateProjectV2(input: { projectId: \"<em>PROJECT_ID</em>\", title: \"Project title\", public: false, readme: \"# Project README\n\nA long description\", shortDescription: \"A short description\"}) { projectV2 { id, title, readme, shortDescription }}}"}'
 ```
 {% endcurl %}
@@ -565,7 +565,7 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
   --url https://api.github.com/graphql \
-  --header 'Authorization: token <em>TOKEN</em>' \
+  --header 'Authorization: Bearer <em>TOKEN</em>' \
   --data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: "<em>PROJECT_ID</em>" itemId: "<em>ITEM_ID</em>" fieldId: "<em>FIELD_ID</em>" value: { text: "Updated text" }}) { projectV2Item { id }}}"}'
 ```
 {% endcurl %}
@@ -619,7 +619,7 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
   --url https://api.github.com/graphql \
-  --header 'Authorization: token <em>TOKEN</em>' \
+  --header 'Authorization: Bearer <em>TOKEN</em>' \
   --data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: "<em>PROJECT_ID</em>" itemId: "<em>ITEM_ID</em>" fieldId: "<em>FIELD_ID</em>" value: { singleSelectOptionId: "<em>OPTION_ID</em>" }}) { projectV2Item { id }}}"}'
 ```
 {% endcurl %}
@@ -659,7 +659,7 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
   --url https://api.github.com/graphql \
-  --header 'Authorization: token <em>TOKEN</em>' \
+  --header 'Authorization: Bearer <em>TOKEN</em>' \
   --data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: "<em>PROJECT_ID</em>" itemId: "<em>ITEM_ID</em>" fieldId: "<em>FIELD_ID</em>" value: { singleSelectOptionId: "<em>OPTION_ID</em>" }}) { projectV2Item { id }}}"}'
 ```
 {% endcurl %}
@@ -694,7 +694,7 @@ gh api graphql -f query='
 ```shell
 curl --request POST \
   --url https://api.github.com/graphql \
-  --header 'Authorization: token <em>TOKEN</em>' \
+  --header 'Authorization: Bearer <em>TOKEN</em>' \
   --data '{"query":"mutation {deleteProjectV2Item(input: {projectId: \"<em>PROJECT_ID</em>\" itemId: \"<em>ITEM_ID</em>\"}) {deletedItemId}}"}'
 ```
 {% endcurl %}

translations/zh-CN/content/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request.md

@@ -18,7 +18,7 @@ shortTitle: 自动合并 PR
 
 ## 关于自动合并
 
-如果启用拉取请求自动合并，则拉取请求在满足所有必需审查并且状态检查通过时将自动合并。 自动合并使您无需等待满足要求，可以继续执行其他任务。
+If you enable auto-merge for a pull request, the pull request will merge automatically when all required reviews are met and all required status checks have passed. 自动合并使您无需等待满足要求，可以继续执行其他任务。
 
 在使用拉取请求自动合并之前，必需对仓库启用自动合并。 更多信息请参阅“[管理仓库中的拉取请求自动合并](/github/administering-a-repository/managing-auto-merge-for-pull-requests-in-your-repository)”。
 

translations/zh-CN/content/rest/apps/installations.md

@@ -17,4 +17,4 @@ versions:
 
 _安装设施_是指已安装该应用程序的任何用户或组织帐户。 有关如何验证为安装设施和限制访问特定仓库的信息，请参阅“[验证为安装设施](/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-an-installation)”。
 
-要列出组织的所有 GitHub 应用程序安装设施，请参阅“[列出组织的应用程序安装设施](/rest/reference/orgs#list-app-installations-for-an-organization)”。
+要列出组织的所有 GitHub 应用程序安装设施，请参阅“[列出组织的应用程序安装设施](/rest/orgs/orgs#list-app-installations-for-an-organization)”。

translations/zh-CN/content/rest/guides/getting-started-with-the-rest-api.md

@@ -166,7 +166,7 @@ curl --request GET \
 
 {% note %}
 
-**Note:** In most cases, you can use `Authorization: Bearer` or `Authorization: token`. JSON web tokens (JWTs) will only work with `Authorization: Bearer`.
+**注意：**{% data reusables.getting-started.bearer-vs-token %}
 
 {% endnote %}
 

translations/zh-CN/content/rest/overview/other-authentication-methods.md

@@ -86,10 +86,16 @@ If you have two-factor authentication enabled, make sure you understand how to [
 
 {% endnote %}
 
+{% note %}
+
+**Note:** {% data reusables.getting-started.bearer-vs-token %}
+
+{% endnote %}
+
 If you're using the API to access an organization that enforces [SAML SSO][saml-sso] for authentication, you'll need to create a personal access token (PAT) and [authorize the token][allowlist] for that organization. Visit the URL specified in `X-GitHub-SSO` to authorize the token for the organization.
 
 ```shell
-$ curl -v -H "Authorization: token <em>TOKEN</em>" {% data variables.product.api_url_pre %}/repos/octodocs-test/test
+$ curl -v -H "Authorization: Bearer <em>TOKEN</em>" {% data variables.product.api_url_pre %}/repos/octodocs-test/test
 
 > X-GitHub-SSO: required; url=https://github.com/orgs/octodocs-test/sso?authorization_request=AZSCKtL4U8yX1H3sCQIVnVgmjmon5fWxks5YrqhJgah0b2tlbl9pZM4EuMz4
 {
@@ -101,7 +107,7 @@ $ curl -v -H "Authorization: token <em>TOKEN</em>" {% data variables.product.api
 When requesting data that could come from multiple organizations (for example, [requesting a list of issues created by the user][user-issues]), the `X-GitHub-SSO` header indicates which organizations require you to authorize your personal access token:
 
 ```shell
-$ curl -v -H "Authorization: token <em>TOKEN</em>" {% data variables.product.api_url_pre %}/user/issues
+$ curl -v -H "Authorization: Bearer <em>TOKEN</em>" {% data variables.product.api_url_pre %}/user/issues
 
 > X-GitHub-SSO: partial-results; organizations=21955855,20582480
 ```

translations/zh-CN/content/rest/overview/resources-in-the-rest-api.md

@@ -91,7 +91,7 @@ $ curl -u "username" {% data variables.product.api_url_pre %}
 ### OAuth2 token (sent in a header)
 
 ```shell
-$ curl -H "Authorization: token <em>OAUTH-TOKEN</em>" {% data variables.product.api_url_pre %}
+$ curl -H "Authorization: Bearer <em>OAUTH-TOKEN</em>" {% data variables.product.api_url_pre %}
 ```
 
 {% note %}
@@ -100,6 +100,12 @@ Note: GitHub recommends sending OAuth tokens using the Authorization header.
 
 {% endnote %}
 
+{% note %}
+
+**Note:** {% data reusables.getting-started.bearer-vs-token %}
+
+{% endnote %}
+
 Read [more about OAuth2](/apps/building-oauth-apps/).  Note that OAuth2 tokens can be acquired using the [web application flow](/developers/apps/authorizing-oauth-apps#web-application-flow) for production applications.
 
 {% ifversion fpt or ghes or ghec %}

translations/zh-CN/content/rest/overview/troubleshooting.md

@@ -44,13 +44,13 @@ curl -u my_user:my_password https://api.github.com/user/repos
 相反，在测试端点或进行本地开发时使用[个人访问令牌](/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line)：
 
 ```bash
-curl -H 'Authorization: token my_access_token' https://api.github.com/user/repos
+curl -H 'Authorization: Bearer my_access_token' https://api.github.com/user/repos
 ```
 
 对于 OAuth 应用程序，您应该使用 [web 应用程序流程](/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow)生成 OAuth 令牌以用于 API 调用的标头：
 
 ```bash
-curl -H 'Authorization: token my-oauth-token' https://api.github.com/user/repos
+curl -H 'Authorization: Bearer my-oauth-token' https://api.github.com/user/repos
 ```
 
 ## 超时

translations/zh-CN/content/rest/quickstart.md

@@ -284,7 +284,7 @@ jobs:
 
    {% note %}
 
-   **Note:** In most cases, you can use `Authorization: Bearer` or `Authorization: token`. JSON web tokens (JWTs) only work with `Authorization: Bearer`.
+   **注意：**{% data reusables.getting-started.bearer-vs-token %}
 
    {% endnote %}
 

translations/zh-CN/content/rest/users/index.md

@@ -19,5 +19,6 @@ children:
   - /followers
   - /gpg-keys
   - /keys
+  - /ssh-signing-keys
 ---
 

translations/zh-CN/content/rest/users/ssh-signing-keys.md

@@ -0,0 +1,13 @@
+---
+title: SSH signing keys
+intro: ''
+versions:
+  fpt: '*'
+  ghes: '>=3.7'
+  ghec: '*'
+topics:
+  - API
+miniTocMaxHeadingLevel: 3
+allowTitleToDifferFromFilename: true
+---
+

translations/zh-CN/content/site-policy/github-terms/github-terms-for-additional-products-and-features.md

@@ -21,9 +21,9 @@ topics:
 通过使用附加产品和特性，您也同意下面列出的适用的 GitHub 条款。 违反 GitHub 关于附加产品和特性的条款便是违反协议。 在本文未定义的任何大写术语采用“协议”中的含义。
 
 **对于企业用户**
-- **GitHub Enterprise Cloud** 用户可以访问以下附加产品和特性：Actions、Advanced Security、Advisory Database、Codespaces、Dependabot Preview、GitHub Enterprise Importer、Learning Lab、Packages 和 Pages。
+- **GitHub Enterprise Cloud** users may have access to the following Additional Products and Features: Actions, Advanced Security, Advisory Database, Codespaces, Dependabot Preview, GitHub Enterprise Importer, Packages, and Pages.
 
-- **GitHub Enterprise Server** 用户可以访问以下附加产品和特性：Actions、Advanced Security、Advisory Database、Connect、Dependabot Preview、GitHub Enterprise Importer、Learning Lab、Packages、Pages 和 SQL Server Images。
+- **GitHub Enterprise Server** users may have access to the following Additional Products and Features: Actions, Advanced Security, Advisory Database, Connect, Dependabot Preview, GitHub Enterprise Importer, Packages, Pages, and SQL Server Images.
 
 - **GitHub AE** 用户可以访问以下附加产品和特性：Actions、Advanced Security、Advisory Database、Connect、Dependabot Preview、GitHub Enterprise Importer、Packages 和 Pages。
 
@@ -106,19 +106,6 @@ GitHub Copilot (i) 可能会根据您的首选遥测设置收集您的代码片
 ## GitHub Enterprise Importer
 Importer 是一个从其他来源导出数据到 GitHub 平台的框架。 Importer“按原样”提供。
 
-## Learning Lab
-GitHub Learning Lab 提供已编入GitHub 的免费交互式课程，并提供即时自动反馈和帮助。
-
-*课程材料。*GitHub 拥有其提供的任何课程材料，并授予您全球、非独占、有限期、不可转让、免版税的许可，允许您出于与 Learning Lab 使用相关的内部业务目的而复制、维护、使用和运行这些材料。
-
-开源许可证条款可能适用于课程材料中提供的源代码部分。
-
-您创建的课程材料归您所有，但是您授予 GitHub 全球、非独占、永久、不可转让、免版税的许可，允许 GitHub 复制、维护、使用、托管以及在服务上运行这些课程材料。
-
-您对 GitHub 课程材料的使用以及对自己课程材料的创建和存储并不构成对任一方各自知识产权的共同所有权。
-
-个人数据的使用受 [GitHub 隐私声明](/github/site-policy/github-privacy-statement)管制。
-
 ## npm
 npm 是一种软件包托管服务，允许您私下或公开托管软件包，并将包用作项目中的依赖项。 npm 是 JavaScript 生态系统的记录注册表。 npm 公共注册表可以免费使用，但客户如果想要发布私有包或使用团队管理私有包，则需收取费用。 [npm 文档](https://docs.npmjs.com/) 包含帐户类型限制以及如何管理[私有包](https://docs.npmjs.com/about-private-packages)和[组织](https://docs.npmjs.com/organizations)的详细信息。 [开放源码条款](https://www.npmjs.com/policies/open-source-terms)概述了可接受的 npm 注册表的使用。 npm [solo](https://www.npmjs.com/policies/solo-plan) 和 [org](https://www.npmjs.com/policies/orgs-plan) 计划都有补充条款。 npm [使用条款](https://www.npmjs.com/policies/terms) 适用于您的 npm 使用。
 

translations/zh-CN/content/site-policy/privacy-policies/github-privacy-statement.md

@@ -15,7 +15,7 @@ topics:
   - Legal
 ---
 
-生效日期：2022 年 5 月 31 日
+Effective date: September 1, 2022
 
 感谢您将源代码、项目和个人数据委托给 GitHub Inc. 或 GitHub B.V.（“GitHub”、“我们”或“我们的”）。 本隐私声明解释了我们在收集、使用和披露您的数据方面的做法，包括我们收集和处理的与我们的网站以及 GitHub 提供的任何应用程序、软件、产品和服务（包括任何 Beta 预览版）相关的任何个人数据（统称为“服务”）。
 
@@ -25,28 +25,28 @@ topics:
 
 ## 精简版
 
-我们按照本隐私声明所述来使用您的个人信息。 无论您身在何方、居于何处、是何国籍，我们为世界各地的所有用户提供同样的高标准隐私保护，不论其原籍国或所在地。
+我们按照本隐私声明所述来使用您的个人信息。 No matter where you are, where you live, or what your citizenship is, you have the same high standard of privacy protection when using GitHub's products as all our users around the world, regardless of their country of origin or location.
 
 要查看我们给加利福尼亚州居民的隐私声明，请转到 [GitHub 关于加利福尼亚州消费者隐私法案的声明](#githubs-notice-to-california-residents)或向下滚动。
 
 
 ## 摘要
 
-| 节                                                                               | 说明                                                                                                                                |
-| ------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
-| [谁负责处理您的信息](#who-is-responsible-for-the-processing-of-your-information)         | 除有限的例外情况外，GitHub 是负责处理与网站或服务相关的个人数据的控制者和实体。                                                                                       |
-| [GitHub 收集哪些信息](#what-information-github-collects)                              | GitHub 直接从您的注册、付款、交易和用户个人资料中收集信息。 我们还自动从您的使用信息、cookie 和设备信息中收集，但在必要时会征得您的同意。 GitHub 还可能从第三方收集个人数据。 我们只收集极少量的必要个人数据，除非您自己选择提供更多信息。 |
-| [GitHub 如何使用您的信息](#how-github-uses-your-information)                            | 在本节中，我们将介绍我们使用您的信息的方式，包括为您提供服务、与您沟通、出于安全性和合规性目的，以及改进我们的网站或服务或开发我们网站或服务的新特性和功能。 我们还介绍了在法律要求的情况下处理个人信息的法律依据。                        |
-| [我们如何分享所收集的信息](#how-we-share-the-information-we-collect)                        | 在以下情况下，我们可能会与第三方分享您的信息：经您同意、与我们的服务提供商分享、出于安全目的、为履行我们的法律义务，或者公司实体或业务单位的控制权发生变更或出售。 我们不会出售您的个人信息，也不会在 GitHub 上发布广告。                 |
-| [您对我们处理您的个人数据的选择](#your-choices-regarding-our-processing-of-your-personal-data) | 我们为您提供访问、更改或删除个人信息的途径。                                                                                                            |
-| [Cookie](#cookies)                                                              | 我们仅使用绝对必要的 cookie 来提供、保护和改进我们的网站或服务，或开发我们网站或服务的新特性和功能。 我们提供了一个非常透明地说明此技术的网页。 我们不会向第三方分析服务发送任何信息。                                  |
-| [GitHub 如何保护您的信息](#how-github-secures-your-information)                         | 我们采取一切合理必要的措施来保护您在 GitHub 上个人数据的机密性、完整性和可用性，并保护我们服务器的弹性。                                                                          |
-| [沟通偏好](#communication-preferences)                                              | 我们通过电子邮件与您通信。 您可以在帐户设置中或通过联系我们来控制我们与您联系的方式。                                                                                       |
-| [解决投诉](#resolving-complaints)                                                   | 万一我们无法快速彻底地解决隐私问题，我们提供一条解决争议的途径。                                                                                                  |
-| [隐私声明的变更](#changes-to-our-privacy-statement)                                    | 如果本隐私声明发生重大变更，我们会在任何此类变更生效之前 30 天通知您。 您也可以在我们的站点政策仓库中跟踪变更。                                                                        |
-| [许可](#license)                                                                  | 本隐私声明的许可采用[知识共享零许可](https://creativecommons.org/publicdomain/zero/1.0/)原则。                                                        |
-| [联系 GitHub](#contacting-github)                                                 | 如果您对我们的隐私声明有疑问，请随时联系我们。                                                                                                           |
-| [翻译](#translations)                                                             | 我们提供本隐私声明的一些翻译版本的链接。                                                                                                              |
+| 节                                                                               | 说明                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
+| ------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [谁负责处理您的信息](#who-is-responsible-for-the-processing-of-your-information)         | Subject to limited exceptions, GitHub is the controller and entity responsible for the processing of your personal data in connection with the Website or Service if you are in North America. For individuals outside North America the data controller is GitHub B.V.                                                                                                                                                                                                                                                                                                                                                                                    |
+| [GitHub 收集哪些信息](#what-information-github-collects)                              | GitHub 直接从您的注册、付款、交易和用户个人资料中收集信息。 我们还自动从您的使用信息、cookie 和设备信息中收集，但在必要时会征得您的同意。 GitHub 还可能从第三方收集个人数据。 我们只收集极少量的必要个人数据，除非您自己选择提供更多信息。                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
+| [GitHub 如何使用您的信息](#how-github-uses-your-information)                            | 在本节中，我们将介绍我们使用您的信息的方式，包括为您提供服务、与您沟通、出于安全性和合规性目的，以及改进我们的网站或服务或开发我们网站或服务的新特性和功能。 我们还介绍了在法律要求的情况下处理个人信息的法律依据。                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
+| [我们如何分享所收集的信息](#how-we-share-the-information-we-collect)                        | 在以下情况下，我们可能会与第三方分享您的信息：经您同意、与我们的服务提供商分享、出于安全目的、为履行我们的法律义务，或者公司实体或业务单位的控制权发生变更或出售。 我们不会出售您的个人信息，也不会在 GitHub 上发布广告。                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
+| [您对我们处理您的个人数据的选择](#your-choices-regarding-our-processing-of-your-personal-data) | 我们为您提供访问、更改或删除个人信息的途径。                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
+| [Cookie](#cookies)                                                              | Except for cookies used on our Enterprise Marketing Pages, we only use strictly necessary cookies to provide, secure, and improve our Website or Service or develop new features and functionality of our Website or Service.<br><br>As described below, we may use non-essential cookies on certain pages of our website to support our enterprise marketing efforts and market our products and services to enterprise customers, for example on resources.github.com (collectively “Enterprise Marketing Pages”).<br><br>We offer a [page](https://github.com/privacy/cookies) that makes all uses of cookies very transparent. |
+| [GitHub 如何保护您的信息](#how-github-secures-your-information)                         | 我们采取一切合理必要的措施来保护您在 GitHub 上个人数据的机密性、完整性和可用性，并保护我们服务器的弹性。                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
+| [沟通偏好](#communication-preferences)                                              | 我们通过电子邮件与您通信。 您可以在帐户设置中或通过联系我们来控制我们与您联系的方式。                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
+| [解决投诉](#resolving-complaints)                                                   | 万一我们无法快速彻底地解决隐私问题，我们提供一条解决争议的途径。                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
+| [隐私声明的变更](#changes-to-our-privacy-statement)                                    | 如果本隐私声明发生重大变更，我们会在任何此类变更生效之前 30 天通知您。 您也可以在我们的站点政策仓库中跟踪变更。                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
+| [许可](#license)                                                                  | 本隐私声明的许可采用[知识共享零许可](https://creativecommons.org/publicdomain/zero/1.0/)原则。                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
+| [联系 GitHub](#contacting-github)                                                 | 如果您对我们的隐私声明有疑问，请随时联系我们。                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
+| [翻译](#translations)                                                             | 我们提供本隐私声明的一些翻译版本的链接。                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
 
 ## GitHub 隐私声明
 
@@ -122,13 +122,14 @@ topics:
 - 通过了解您和您的偏好来个性化我们的服务，以增强您对我们服务的体验和享受。
 - 提供客户支持并回答您的问题。
 - 向您提供新服务、功能、优惠、促销以及有关服务的其他信息。
+- Personalize and measure the effectiveness of enterprise business ads, promotional communications or marketing you receive related to the Enterprise Marketing Pages.
 - 向您发送信息，包括确认、发票、技术通知、更新、安全警报、支持和管理消息。
 
 出于这些目的，我们将从不同来源收集的数据结合起来，为您提供更加无缝、一致和个性化的体验。
 
 ## 我们如何分享所收集的信息
 
-我们会在您同意的情况下或在必要时共享个人数据，以完成您的交易或提供您请求或授权的服务。 此外，出于以下商业目的，我们可能会与下述类型的第三方共享上述每个类别的个人数据：
+We share personal data as described below, including with your consent or as necessary to complete your transactions or provide the services you have requested or authorized. In addition, we may share each of the categories of your personal data described above with the types of third parties described below for the following business purposes:
 
 ### 公开信息
 您可以选择通过我们的服务提供的选项，以公开显示和共享您的姓名和/或用户名以及某些其他信息，例如您的个人资料、人口统计数据、内容和文件或地理位置数据。 例如，如果您希望自己的电子邮件地址保持私密，即使您正在评论公共存储库，[也可以在用户配置文件中将电子邮件地址的设置调整为为私密](https://github.com/settings/emails)。 您还可以[更新本地 Git 配置以使用您的私密电子邮件地址](/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address)。 有关提交消息中电子邮件地址的更多信息，请参阅[此处](/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address)。
@@ -144,9 +145,9 @@ topics:
 您可以通过在 GitHub 上的操作来表明您愿意分享自己的个人数据。 如果您与组织协作或成为组织成员，则其帐户所有者可能会收到您的个人数据。 当您接受组织邀请时，您将被告知所有者可以看到的信息类型（更多信息请参阅[关于组织成员](/github/setting-up-and-managing-your-github-user-account/about-organization-membership)）。 请联系帐户所有者，详细了解他们在组织中如何处理您的个人数据，以及您访问、更新、更改或删除存储在该帐户中的个人数据的方式。
 
 ### 服务提供商
-我们与代表我们处理信息的服务提供商共享您的个人数据，以提供或改进我们的服务。 例如，我们的服务提供商履行付款处理、客户支持事件单、网络数据传输、安全及其他类似服务。 虽然 GitHub 在美国处理所有个人数据，但我们的服务提供商可能在美国或欧盟外部处理数据。 服务提供商的此类处理将遵守适用法律，包括任何相关的传输机制。
+我们与代表我们处理信息的服务提供商共享您的个人数据，以提供或改进我们的服务。 For example, our service providers may perform payment processing, customer support ticketing, network data transmission, web analytics, marketing operations, security, and other similar services. 虽然 GitHub 在美国处理所有个人数据，但我们的服务提供商可能在美国或欧盟外部处理数据。 服务提供商的此类处理将遵守适用法律，包括任何相关的传输机制。
 
- ### 关联公司 我们允许跨子公司、关联公司和相关公司访问个人数据，例如，我们共享通用数据系统或需要访问权限来运营和提供服务。
+ ### Affiliates We enable access to personal data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems, when affiliates provide services on our behalf, or where access is needed to operate and provide the Service.
 
 ### 出于安全目的
 如果我们认为是实现以下目的所必需，将公布个人数据：
@@ -171,7 +172,7 @@ GitHub 可能会向执法部门或其他政府机构披露我们收集的有关
 ## 您对我们处理您的个人数据的选择
 我们提供有关我们收集的有关您的个人数据的选择。 您所做的选择将不适用于与您帐户下的组织相关的任何个人数据。
 
-访问、更正和删除。 如果您是 GitHub 用户，则可以通过[编辑用户个人资料](https://github.com/settings/profile)或联系 [GitHub 支持](https://support.github.com/contact)或 [GitHub 高级支持](https://enterprise.githubsupport.com/hc/en-us)，访问、更新、更改或删除您的基本用户个人资料信息。 您可以在个人资料中限制信息、保持更新个人信息或者联系 [GitHub 支持](https://support.github.com/contact)或 [GitHub 高级支持](https://enterprise.githubsupport.com/hc/en-us)，以控制我们收集的信息。
+访问、更正和删除。 如果您是 GitHub 用户，则可以通过[编辑用户个人资料](https://github.com/settings/profile)或联系 [GitHub 支持](https://support.github.com/contact)或 [GitHub 高级支持](https://enterprise.githubsupport.com/hc/en-us)，访问、更新、更改或删除您的基本用户个人资料信息。 You can control the information we collect about you by limiting what information is in your profile, by keeping your information current, by changing your cookie preferences, or by contacting [GitHub Support](https://support.github.com/contact) or [GitHub Premium Support](https://enterprise.githubsupport.com/hc/en-us).
 
 我们按照本隐私声明中所述保留和使用您的信息，但除非法律要求，否则我们将在您提出请求后的 90 天内删除您的完整个人资料。 删除帐户后，某些数据，例如对其他用户仓库的贡献和对其他议题的评论，仍然保留。 但是，我们通过将其与空用户相关联，从议题、拉取请求和评论的作者字段中删除或去识别化您的个人数据，包括您的用户名和电子邮件地址。 也就是说，您通过 Git 提交设置提供的电子邮件地址将始终与 Git 系统中的提交相关联。 如果您已选择将自己的电子邮件地址设为私密，则还应更新您的 Git 提交设置。 我们无法更改或删除 Git 提交历史记录中的数据 — 虽然 Git 软件设计用于维护记录，但我们让您来控制在该记录中放入哪些信息。
 
@@ -208,13 +209,65 @@ GitHub 可能会向执法部门或其他政府机构披露我们收集的有关
 
 ### Cookie 和跟踪技术
 
-GitHub 使用 Cookie 来提供、保护和改进我们的服务，或开发我们服务的新特性和功能。 例如，我们使用它们来保持您的登录状态、记住您的偏好、出于安全目的识别您的设备、编译统计报告以及为 GitHub 的未来发展提供信息。 我们使用自己的 Cookie，在这种情况下不使用任何第三方服务提供商。 如果您禁止浏览器或设备接受这些 cookie，则将无法登录或使用我们的服务。 我们在 [GitHub 子处理器和 Cookie](/github/site-policy/github-subprocessors-and-cookies) 页面上提供有关 [GitHub 上 Cookie](/github/site-policy/github-subprocessors-and-cookies#cookies-on-github) 的更多信息，其中描述了我们设置的 Cookie、我们对这些 Cookie 的需求以及此类 Cookie 的过期时间。
+GitHub uses cookies to provide, secure and improve our Service or to develop new features and functionality of our Service. For example, we use them to (i) keep you logged in, (ii) remember your preferences, (iii) identify your device for security and fraud purposes, including as needed to maintain the integrity of our Service, (iv) compile statistical reports, and (v) provide information and insight for future development of GitHub. We provide more information about [cookies on GitHub](https://github.com/privacy/cookies) that describes the cookies we set, the needs we have for those cookies, and the expiration of such cookies.
+
+For Enterprise Marketing Pages, we may also use non-essential cookies to  (i) gather information about enterprise users’ interests and online activities to personalize their experiences, including by making the ads, content, recommendations, and marketing seen or received more relevant and (ii) serve and measure the effectiveness of targeted advertising and other marketing efforts. If you disable the non-essential cookies on the Enterprise Marketing Pages, the ads, content, and marketing you see may be less relevant.
 
 我们给用户的电子邮件可能包含一个像素标签，它是一个很小的清晰图像，可以告诉我们您是否打开了电子邮件以及您的 IP 地址是什么。 我们使用此像素标签使我们的电子邮件通信对您更有效，并确保我们不会发送您不需要的电子邮件。
 
-### DNT
+The length of time a cookie will stay on your browser or device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay until they expire or are deleted. The expiration time or retention period applicable to persistent cookies depends on the purpose of the cookie collection and tool used. You may be able to delete cookie data as described here.
+
+#### What are cookies and similar technologies?
+
+We use cookies and similar technologies, such as web beacons, local storage, and mobile analytics, to operate and provide our Services. When visiting Enterprise Marketing Pages, like resources.github.com, these and additional cookies, like advertising IDs, may be used for sales and marketing purposes.
+
+Cookies are small text files stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.
+
+Web beacons are electronic images (also called “single-pixel” or “clear GIFs”) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content.
+
+Mobile identifiers for analytics can be accessed and used by apps on mobile devices in much the same way that websites access and use cookies. When visiting Enterprise Marketing pages, like resources.github.com, on a mobile device these may allow us and our third-party analytics and advertising partners to collect data for sales and marketing purposes.
+
+We may also use so-called “flash cookies” (also known as “Local Shared Objects” or “LSOs”) to collect and store information about your use of our Services. Flash cookies are commonly used for advertisements and videos.
+
+#### How do we and our partners use cookies and similar technologies?
+
+The GitHub Services use cookies and similar technologies for a variety of purposes, including to store your preferences and settings, enable you to sign-in, analyze how our Services perform, track your interaction with the Services, develop inferences, combat fraud, and fulfill other legitimate purposes. Some of these cookies and technologies may be provided by third parties, including service providers and advertising partners. For example, our analytics and advertising partners may use these technologies in our Services to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) related to your online activities over time and across Services for various purposes, including targeted advertising. GitHub will place non-essential cookies on pages where we market products and services to enterprise customers, for example, on resources.github.com.
+
+We and/or our partners also share the information we collect or infer with third parties for these purposes.
+
+The table below provides additional information about how we use different types of cookies:
+
+| 目的               | 描述                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
+|:---------------- |:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Required Cookies | GitHub uses required cookies to perform essential website functions and to provide the services. For example, cookies are used to log you in, save your language preferences, provide a shopping cart experience, improve performance, route traffic between web servers, detect the size of your screen, determine page load times, improve user experience, and for audience measurement. These cookies are necessary for our websites to work.    |
+| 分析               | We allow third parties to use analytics cookies to understand how you use our websites so we can make them better. For example, cookies are used to gather information about the pages you visit and how many clicks you need to accomplish a task. We also use some analytics cookies to provide personalized advertising.                                                                                                                          |
+| Social Media     | GitHub and third parties use social media cookies to show you ads and content based on your social media profiles and activity on GitHub’s  websites. This ensures that the ads and content you see on our websites and on social media will better reflect your interests. This also enables third parties to develop and improve their products, which they may use on websites that are not owned or operated by GitHub.                          |
+| Advertising      | In addition, GitHub and third parties use advertising cookies to show you new ads based on ads you've already seen. Cookies also track which ads you click or purchases you make after clicking an ad. This is done both for payment purposes and to show you ads that are more relevant to you. For example, cookies are used to detect when you click an ad and to show you ads based on your social media interests and website browsing history. |
+
+#### What are your cookie choices and controls?
+
+  You have several options to disable non-essential cookies:
+
+  1. **Specifically on GitHub Enterprise Marketing Pages**
+
+     Any GitHub page that serves non-essential cookies will have a link in the page’s footer to cookie settings. You can express your preferences at any time by clicking on that linking and updating your settings.
+
+     Some users will also be able to manage non-essential cookies via a cookie consent banner, including the options to accept, manage, and reject all non-essential cookies.
+  2. **Generally for all websites**
+
+    You can control the cookies you encounter on the web using a variety of widely-available tools. 例如：
+     - If your browser sends a [Do Not Track](https://en.wikipedia.org/wiki/Do_Not_Track) (DNT) signal, GitHub will not set non-essential cookies and will not load third party resources which set non-essential cookies.
+     - Many browsers provide cookie controls which may limit the types of cookies you encounter online. Check out the documentation for your browser to learn more.
+     - If you enable a browser extension designed to block tracking, such as [Privacy Badger](https://en.wikipedia.org/wiki/Privacy_Badger), non-essential cookies set by a website or third parties may be disabled.
+     - If you enable a browser extension designed to block unwanted content, such as [uBlock Origin](https://en.wikipedia.org/wiki/UBlock_Origin), non-essential cookies will be disabled to the extent that content that sets non-essential cookies will be blocked.
+     - Advertising controls. Our advertising partners may participate in associations that provide simple ways to opt out of ad targeting, which you can access at:
+       - United States: [NAI](http://optout.networkadvertising.org) and [DAA](http://optout.aboutads.info/)
+       - Canada: [Digital Advertising Alliance of Canada](https://youradchoices.ca/)
+       - Europe: [European Digital Advertising Alliance](http://www.youronlinechoices.com/)
+
+    These choices are specific to the browser you are using. If you access our Services from other devices or browsers, take these actions from those systems to ensure your choices apply to the data collected when you use those systems.
+
 
-“[别跟踪](https://www.eff.org/issues/do-not-track)”(DNT) 是有一种隐私首选项，如果您不希望在线服务（特别是广告网络）通过第三方跟踪服务收集和分享有关您在线活动的某类信息，您可以在浏览器中设置该选项。 GitHub 响应浏览器的 DNT 信号，并遵循[关于响应 DNT 信号的 W3C 标准](https://www.w3.org/TR/tracking-dnt/)。 如果您要设置浏览器以传达不希望被跟踪的信号，请查看浏览器的文档以了解如何启用该信号。 还有一些很适合阻止在线跟踪的应用程序，例如 [Privacy Badger](https://privacybadger.org/)。
 
 ## 个人数据的保留
 只要有必要，我们就会保留个人数据，以提供服务并完成您请求的交易，遵守我们的法律义务，解决争议，执行我们的协议以及其他合法和合法的商业目的。 由于在不同服务环境中，不同数据类型的这些需求可能会有所不同，因此实际保留期可能会根据用户期望或同意、数据的敏感性、使用户能够删除数据的自动控制的可用性以及我们的法律或合同义务等标准而有很大差异。 例如，出于安全目的，我们可能会在必要时根据适用法律将您的个人数据保留更长时间。
@@ -238,15 +291,11 @@ GitHub 处理美国境内外的个人数据，并依靠标准合同条款等法
 ### 解决投诉
 如果您对 GitHub 处理您的个人数据的方式有疑问，请立即告诉我们。 我们乐于提供帮助。 您可以通过填写[隐私问题联系表](https://support.github.com/contact/privacy)联系我们。 您也可以直接通过 **(privacy [at] github [dot] com)** 给我们发送主题行为“隐私问题”的电子邮件。 我们将尽快回复 — 最迟不超过 45 天。
 
-您还可以直接联系我们的数据保护官。
+You may also contact our Data Protection Officer directly at at **github [at]dp-officer [dot] com**
 
-| 我们的美国总部                           | 我们的欧盟办事处                          |
-| --------------------------------- | --------------------------------- |
-| GitHub 数据保护官                      | GitHub BV                         |
-| 88 Colin P. Kelly Jr. St.         | Vijzelstraat 68-72                |
-| San Francisco, CA 94107           | 1017 HL Amsterdam                 |
-| 美国                                | 荷兰                                |
-| **privacy [at] github [dot] com** | **privacy [at] github [dot] com** |
+**If you are in North America:**<br> GitHub Data Protection Officer<br> 88 Colin P. Kelly Jr. St.<br> San Francisco, CA 94107<br> United States<br> **privacy [at] github [dot] com**<br>
+
+**If you are outside of North America:**<br> Github Data Protection Officer<br> c/o DP Dock DPO Services GmbH,<br> Attn: GitHub BV, Gut Projensdorf,<br> 24161 Altenholz, Germany<br> github@dp-officer.com  cc: **privacy [at] github [dot] com**<br> CC: GitHub BV, Vijzelstraat 68-72, 1017 HL Amsterdam, The Netherlands
 
 ### 争议解决流程
 
@@ -275,7 +324,7 @@ Cliquez ici pour obtenir la version française: [Déclaration de confidentialit
 有关本声明翻译成其他语言的版本，请访问 [https://docs.github.com/](/)，然后从“English（英文）”下的下拉菜单中选择语言。
 
 ## GitHub 对加州居民的声明
-2018 年[加州消费者隐私法案](https://leginfo.legislature.ca.gov/faces/billCompareClient.xhtml?bill_id=201720180AB375)（加州 民事 法典第 1798.100 及其后各段，修正案，“CCPA”）赋予加州居民对其个人信息的权利和控制。 GitHub, Inc. （"GitHub"、“我们”）根据 CCPA 的要求向加州居民（“您”）提供本声明，概述如何收集和处理其个人信息。 这是 GitHub 专门向加州居民介绍的在 CCPA 下的消费者隐私权。 至于我们如何将 CCPA 关于控制个人信息的核心权利扩展到美国所有用户，请参阅我们的[隐私声明](/github/site-policy/github-privacy-statement)。
+2018 年[加州消费者隐私法案](https://leginfo.legislature.ca.gov/faces/billCompareClient.xhtml?bill_id=201720180AB375)（加州 民事 法典第 1798.100 及其后各段，修正案，“CCPA”）赋予加州居民对其个人信息的权利和控制。 GitHub, Inc. （"GitHub"、“我们”）根据 CCPA 的要求向加州居民（“您”）提供本声明，概述如何收集和处理其个人信息。 这是 GitHub 专门向加州居民介绍的在 CCPA 下的消费者隐私权。 For information about how we’ve extended the CCPA core rights to control personal information to all of our users in the United States, please see our [Privacy Statement](/github/site-policy/github-privacy-statement).
 
 ### 我们对个人信息的处理
 虽然下表包含有关我们收集、处理和分享的个人信息类别的信息，但要了解更详细的信息还请参阅 [GitHub 隐私声明](/github/site-policy/github-privacy-statement)。

translations/zh-CN/content/site-policy/privacy-policies/github-subprocessors-and-cookies.md

@@ -14,74 +14,23 @@ topics:
   - Legal
 ---
 
-生效日期：**2021 年 4 月 2 日**
+Effective date: **September 1, 2022**
 
-{% note %}
-
-**Note:** Changes to the list of cookies on this page are currently pending.
-
-{% endnote %}
 
 GitHub 在如何使用您的数据、如何收集您的数据以及与谁分享您的数据方面提供很大的透明度。 为此，我们提供此页面，以详细介绍了我们的[子处理商](#github-subprocessors)，以及我们如何使用 [cookie](#cookies-on-github)。
 
 ## GitHub 子处理商
 
-我们与第三方子处理商（例如我们的供应商和服务提供商）分享您的信息时，我们仍对您的信息负责。 我们在引入新供应商时，会竭尽所能保持您的信任，并且要求所有供应商与我们签订数据保护协议，以约束他们对用户个人信息（定义见[隐私声明](/articles/github-privacy-statement/)）的处理。 您可以在[此处](https://www.github.com/privacy/subprocessors)注册以接收子处理器列表更新。
+我们与第三方子处理商（例如我们的供应商和服务提供商）分享您的信息时，我们仍对您的信息负责。 我们在引入新供应商时，会竭尽所能保持您的信任，并且要求所有供应商与我们签订数据保护协议，以约束他们对用户个人信息（定义见[隐私声明](/articles/github-privacy-statement/)）的处理。
 
-| 子处理商名称                   | 处理说明              | 处理地点 | 公司地点 |
-|:------------------------ |:----------------- |:---- |:---- |
-| Automattic               | 博客服务              | 美国   | 美国   |
-| AWS Amazon               | 数据托管              | 美国   | 美国   |
-| Braintree (PayPal)       | 订阅费用信用卡支付处理商      | 美国   | 美国   |
-| Clearbit                 | 营销数据充实服务          | 美国   | 美国   |
-| Discourse                | 社区论坛软件提供商         | 美国   | 美国   |
-| Eloqua                   | 营销活动自动化           | 美国   | 美国   |
-| Google Apps              | 公司内部基础设施          | 美国   | 美国   |
-| MailChimp                | 客户事件单邮件服务提供商      | 美国   | 美国   |
-| Mailgun                  | 交易邮件服务提供商         | 美国   | 美国   |
-| Microsoft                | Microsoft 服务      | 美国   | 美国   |
-| Nexmo                    | 短信通知提供商           | 美国   | 美国   |
-| Salesforce.com           | 客户关系管理            | 美国   | 美国   |
-| Sentry.io                | 应用程序监控提供商         | 美国   | 美国   |
-| Stripe                   | 支付服务提供商           | 美国   | 美国   |
-| Twilio & Twilio Sendgrid | 短信通知提供商和交易邮件服务提供商 | 美国   | 美国   |
-| Zendesk                  | 客户支持事件单系统         | 美国   | 美国   |
-| Zuora                    | 公司计费系统            | 美国   | 美国   |
+When we bring on a new subprocessor who handles our Users' Personal Information, or remove a subprocessor, or we change how we use a subprocessor, we will update the list of subprocessors. You can view the current list of subprocessors, and sign up to receive subprocessor list updates, at [https://www.github.com/privacy/subprocessors](https://www.github.com/privacy/subprocessors).
 
-在我们引入新的子处理商来处理用户个人信息、删除子处理商或更改使用子处理商的方式时，我们将更新本页面。 如果您对新的子处理商有疑问或疑虑，我们乐意提供帮助。 请通过 {% data variables.contact.contact_privacy %} 联系我们。
+如果您对新的子处理商有疑问或疑虑，我们乐意提供帮助。 请通过 {% data variables.contact.contact_privacy %} 联系我们。
 
 ## GitHub 上的 Cookie
 
 GitHub 使用 Cookie 来提供和保护我们的网站，并分析我们网站的使用情况，以便为您提供出色的用户体验。 如果您想了解有关 Cookie 的更多信息，请查看我们的[隐私声明](/github/site-policy/github-privacy-statement#our-use-of-cookies-and-tracking)，了解我们如何以及为什么使用它们。
 
-由于 Cookie 的数量和名称可能会发生变化，下表可能会不时更新。
-
-| Cookie 名称 | 原因                                   | 描述                                                      | 过期*                |
-|:--------- |:------------------------------------ |:------------------------------------------------------- |:------------------ |
-| GitHub    | `app_manifest_token`                 | 此 cookie 用于表明页面之间的临时应用程序和框架状态，例如用户在多步骤表单中处于哪一步。         | 5 分钟               |
-| GitHub    | `color_mode`                         | 此 cookie 用于指示用户选择的主题首选项。                                | 会话                 |
-| GitHub    | `_device_id`                         | 出于安全考虑，此 Cookie 用于跟踪已识别的设备。                             | 1 年                |
-| GitHub    | `dotcom_user`                        | 此 cookie 用于向我们表明用户已登录。                                  | 1 年                |
-| GitHub    | `_gh_ent`                            | 此 cookie 用于表明页面之间的临时应用程序和框架状态，例如客户在多步骤表单中处于哪一步。         | 两周                 |
-| GitHub    | `_gh_sess`                           | 此 cookie 用于表明页面之间的临时应用程序和框架状态，例如用户在多步骤表单中处于哪一步。         | 会话                 |
-| GitHub    | `gist_oauth_csrf`                    | 此 cookie 由 Gist 设置，以确保启动 oauth 流的用户与完成它的用户是同一个用户。       | 验证 oauth 状态时删除     |
-| GitHub    | `gist_user_session`                  | 此 cookie 由 Gist 在单独主机上运行时使用。                            | 两周                 |
-| GitHub    | `has_recent_activity`                | 此 Cookie 用于防止向最近访问过应用程序的用户显示安全插页。                       | 1 小时               |
-| GitHub    | `__Host-gist_user_session_same_site` | 此 cookie 设置为确保支持 SameSite cookie 的浏览器可以检查请求是否来自 GitHub。 | 两周                 |
-| GitHub    | `__Host-user_session_same_site`      | 此 cookie 设置为确保支持 SameSite cookie 的浏览器可以检查请求是否来自 GitHub。 | 两周                 |
-| GitHub    | `logged_in`                          | 此 cookie 用于向我们表明用户已登录。                                  | 1 年                |
-| GitHub    | `marketplace_repository_ids`         | 此 cookie 用于您的登录。                                        | 1 小时               |
-| GitHub    | `marketplace_suggested_target_id`    | 此 cookie 用于您的登录。                                        | 1 小时               |
-| GitHub    | `_octo`                              | 此 Cookie 用于会话管理，包括动态内容缓存、条件功能访问、支持请求元数据和第一方分析。          | 1 年                |
-| GitHub    | `org_transform_notice`               | 此 Cookie 用于在组织转换期间提供通知。                                 | 1 小时               |
-| GitHub    | `github.com/personal`                | 此 cookie 用于 Google Analytics。                           | 两周                 |
-| GitHub    | `saml_csrf_token`                    | 此 cookie 由 SAML 身份验证路径方法设置，以将令牌与客户端相关联。                 | 直到用户关闭浏览器或完成身份验证请求 |
-| GitHub    | `saml_csrf_token_legacy`             | 此 cookie 由 SAML 身份验证路径方法设置，以将令牌与客户端相关联。                 | 直到用户关闭浏览器或完成身份验证请求 |
-| GitHub    | `saml_return_to`                     | 此 cookie 由 SAML 身份验证路径方法设置，以在 SAML 身份验证循环期间维持状态。        | 直到用户关闭浏览器或完成身份验证请求 |
-| GitHub    | `saml_return_to_legacy`              | 此 cookie 由 SAML 身份验证路径方法设置，以在 SAML 身份验证循环期间维持状态。        | 直到用户关闭浏览器或完成身份验证请求 |
-| GitHub    | `tz`                                 | 此 Cookie 允许我们根据您的时区自定义时间戳。                              | 会话                 |
-| GitHub    | `user_session`                       | 此 cookie 用于您的登录。                                        | 两周                 |
-
-_*_ 下面列出的 Cookie 的**到期**日期通常以滚动方式适用。
+You can view the current list of cookies on GitHub, and sign up to receive cookie list updates, at [https://github.com/privacy/cookies](https://github.com/privacy/cookies).
 
 (!) 请注意，虽然我们将第三方 Cookie 的使用限制在呈现外部内容时提供外部功能的需要，但我们网站上的某些页面可能会设置其他第三方 Cookie。 例如，我们可能会嵌入来自其他网站的内容（例如视频），而该网站可能放置 cookie。 虽然我们尽可能减少这些第三方 cookie，但我们无法始终控制这些第三方内容放置哪些 cookie。

translations/zh-CN/data/features/actions-hosted-runners.yml

@@ -0,0 +1,5 @@
+#Reference: #6458
+#Larger GitHub-hosted runners
+versions:
+  fpt: '*'
+  ghec: '*'

translations/zh-CN/data/features/code-scanning-exclude-queries-from-analysis.yml

@@ -0,0 +1,7 @@
+#Issue 7617
+#Users can easily exclude CodeQL queries from code scanning analyses - [GA]
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.6'
+  ghae: 'issue-7617'

translations/zh-CN/data/features/dependency-review-action-ghes.yml

@@ -0,0 +1,4 @@
+#Reference: Issue #7753 Dependency review action has shipped with GHES 3.6 and needs admin docs
+versions:
+  ghes: '>3.5'
+  ghae: 'issue-7753'

translations/zh-CN/data/learning-tracks/admin.yml

@@ -120,6 +120,7 @@ configure_github_advanced_security:
     - /admin/advanced-security/about-licensing-for-github-advanced-security
     - /admin/advanced-security/enabling-github-advanced-security-for-your-enterprise
     - /admin/advanced-security/configuring-code-scanning-for-your-appliance
+    - /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance
     - /admin/advanced-security/configuring-secret-scanning-for-your-appliance
     - /admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise
 

translations/zh-CN/data/release-notes/enterprise-server/3-2/18.yml

@@ -0,0 +1,16 @@
+date: '2022-08-30'
+sections:
+  bugs:
+    - Duplicate administrative SSH keys could appear in both the Management Console and the `/home/admin/.ssh/authorized_keys` file.
+    - In some cases, background tasks could stall due to a library that was used concurrently despite not being thread-safe.
+  changes:
+    - Generation of support bundles is faster as a result of parallelized log sanitization. For more information about support bundles, see "[Providing data to GitHub Support](/support/contacting-github-support/providing-data-to-github-support)."
+  known_issues:
+    - 在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 实例上，攻击者可以创建第一个管理员用户。
+    - 自定义防火墙规则在升级过程中被删除。
+    - Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。
+    - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接，则议题无法关闭。
+    - 当“用户可以搜索 GitHub.com”与 {% data variables.product.prodname_github_connect %} 一起启用时，私有和内部存储库中的议题不会包含在 {% data variables.product.prodname_dotcom_the_website %} 搜索结果中。
+    - '{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分，我们继续拥有返回时间值所需的所有数据，并将在我们解决现有性能问题后恢复返回这个值。'
+    - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
+    - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'

translations/zh-CN/data/release-notes/enterprise-server/3-3/13.yml

@@ -0,0 +1,23 @@
+date: '2022-08-30'
+sections:
+  bugs:
+    - After unlocking a repository for temporary access, a site administrator was unable to manage settings for security products in the repository.
+    - Duplicate administrative SSH keys could appear in both the Management Console and the `/home/admin/.ssh/authorized_keys` file.
+    - In some cases, running `ghe-cluster-config-apply` could replicate an empty configuration to existing nodes in a cluster.
+    - In some cases, configuration runs started with `ghe-config-apply` did not complete, or returned a `Container count mismatch` error.
+    - After updating a self-signed TLS certificate on a GitHub Enterprise Server instance, UI elements on some pages in the web interface did not appear.
+    - In some cases, background tasks could stall due to a library that was used concurrently despite not being thread-safe.
+  changes:
+    - Generation of support bundles is faster as a result of parallelized log sanitization. For more information about support bundles, see "[Providing data to GitHub Support](/support/contacting-github-support/providing-data-to-github-support)."
+    - 'The enterprise audit log now includes more user-generated events, such as `project.create`. The REST API also returns additional user-generated events, such as `repo.create`. For more information, see "[Accessing the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)" and "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise#querying-the-audit-log-rest-api)."'
+  known_issues:
+    - 升级到 {% data variables.product.prodname_ghe_server %} 3.3 后，{% data variables.product.prodname_actions %} 可能无法自动启动。要解决此问题，请通过 SSH 连接到设备并运行“ghe-actions-start”命令。
+    - 在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 实例上，攻击者可以创建第一个管理员用户。
+    - 自定义防火墙规则在升级过程中被删除。
+    - Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。
+    - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接，则议题无法关闭。
+    - 当“用户可以搜索 GitHub.com”与 {% data variables.product.prodname_github_connect %} 一起启用时，私有和内部存储库中的议题不会包含在 {% data variables.product.prodname_dotcom_the_website %} 搜索结果中。
+    - '{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分，我们继续拥有返回时间值所需的所有数据，并将在我们解决现有性能问题后恢复返回这个值。'
+    - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
+    - '{% data variables.product.prodname_actions %} 存储设置在选择“Force Path Style（强制路径样式）”时无法验证和保存在 {% data variables.enterprise.management_console %} 中，而必须使用“ghe-actions-precheck”命令行实用程序进行配置。'
+    - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'

translations/zh-CN/data/release-notes/enterprise-server/3-4/8.yml

@@ -0,0 +1,26 @@
+date: '2022-08-30'
+sections:
+  bugs:
+    - After unlocking a repository for temporary access, a site administrator was unable to manage settings for security products in the repository.
+    - Duplicate administrative SSH keys could appear in both the Management Console and the `/home/admin/.ssh/authorized_keys` file.
+    - The site admin page for individual users at <code>http(s)://<em>HOSTNAME</em>/stafftools/users/<em>USERNAME</em>/admin</code> contained functionality not intended for GitHub Enterprise Server.
+    - In some cases, running `ghe-cluster-config-apply` could replicate an empty configuration to existing nodes in a cluster.
+    - In some cases, configuration runs started with `ghe-config-apply` did not complete, or returned a `Container count mismatch` error.
+    - After updating a self-signed TLS certificate on a GitHub Enterprise Server instance, UI elements on some pages in the web interface did not appear.
+    - In some cases, background tasks could stall due to a library that was used concurrently despite not being thread-safe.
+  changes:
+    - Generation of support bundles is faster as a result of parallelized log sanitization. For more information about support bundles, see "[Providing data to GitHub Support](/support/contacting-github-support/providing-data-to-github-support)."
+    - APIs that contain the `organization` or `org` route now accept either the organization's slug or ID. Previously, the APIs only accepted slugs, which caused `Link` headers for GitHub Advanced Security endpoints to be inaccessible. For more information, see "[Organizations](https://docs.github.com/rest/orgs/orgs)" in the REST API documentation.
+    - 'The enterprise audit log now includes more user-generated events, such as `project.create`. The REST API also returns additional user-generated events, such as `repo.create`. For more information, see "[Accessing the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)" and "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise#querying-the-audit-log-rest-api)."'
+  known_issues:
+    - 在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 实例上，攻击者可以创建第一个管理员用户。
+    - 自定义防火墙规则在升级过程中被删除。
+    - Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。
+    - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接，则议题无法关闭。
+    - 当“用户可以搜索 GitHub.com”与 {% data variables.product.prodname_github_connect %} 一起启用时，私有和内部存储库中的议题不会包含在 {% data variables.product.prodname_dotcom_the_website %} 搜索结果中。
+    - '{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分，我们继续拥有返回时间值所需的所有数据，并将在我们解决现有性能问题后恢复返回这个值。'
+    - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
+    - |
+      在多个级别（例如，企业和组织）上使用“--ephemeral”参数注册自托管运行器后，运行器可能会陷入空闲状态并需要重新注册。[更新时间：2022 年 6 月 17 日]
+    - After upgrading to {% data variables.product.prodname_ghe_server %} 3.4, releases may appear to be missing from repositories. This can occur when the required Elasticsearch index migrations have not successfully completed.
+    - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'

translations/zh-CN/data/release-notes/enterprise-server/3-5/5.yml

@@ -0,0 +1,27 @@
+date: '2022-08-30'
+sections:
+  bugs:
+    - After unlocking a repository for temporary access, a site administrator was unable to manage settings for security products in the repository.
+    - Duplicate administrative SSH keys could appear in both the Management Console and the `/home/admin/.ssh/authorized_keys` file.
+    - The site admin page for individual users at <code>http(s)://<em>HOSTNAME</em>/stafftools/users/<em>USERNAME</em>/admin</code> contained functionality not intended for GitHub Enterprise Server.
+    - In some cases, running `ghe-cluster-config-apply` could replicate an empty configuration to existing nodes in a cluster.
+    - In some cases, configuration runs started with `ghe-config-apply` did not complete, or returned a `Container count mismatch` error.
+    - After updating a self-signed TLS certificate on a GitHub Enterprise Server instance, UI elements on some pages in the web interface did not appear.
+    - The site admin bar at the top of the web interface contained a broken link to the SHA for the currently running version of the application.
+    - In some cases, background tasks could stall due to a library that was used concurrently despite not being thread-safe.
+    - Alerts from secret scanning for GitHub Advanced Security customers were missing in the web UI and REST API if a site administrator did not upgrade directly to GitHub Enterprise Server 3.4. The alerts are now visible.
+    - When a user forked a repository into an organization, a long list of organizations would not render properly.
+  changes:
+    - Generation of support bundles is faster as a result of parallelized log sanitization. For more information about support bundles, see "[Providing data to GitHub Support](/support/contacting-github-support/providing-data-to-github-support)."
+    - APIs that contain the `organization` or `org` route now accept either the organization's slug or ID. Previously, the APIs only accepted slugs, which caused `Link` headers for GitHub Advanced Security endpoints to be inaccessible. For more information, see "[Organizations](https://docs.github.com/rest/orgs/orgs)" in the REST API documentation.
+    - 'The enterprise audit log now includes more user-generated events, such as `project.create`. The REST API also returns additional user-generated events, such as `repo.create`. For more information, see "[Accessing the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)" and "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise#querying-the-audit-log-rest-api)."'
+    - In some cases, cache replicas could reject some Git operations on recently updated repositories. For more information about repository caching, see "[About repository caching](/admin/enterprise-management/caching-repositories/about-repository-caching)."
+  known_issues:
+    - 在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 实例上，攻击者可以创建第一个管理员用户。
+    - 自定义防火墙规则在升级过程中被删除。
+    - Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。
+    - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接，则议题无法关闭。
+    - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后，私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。
+    - '{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分，我们继续拥有返回时间值所需的所有数据，并将在我们解决现有性能问题后恢复返回这个值。'
+    - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
+    - Actions services need to be restarted after restoring an appliance from a backup taken on a different host.

translations/zh-CN/data/release-notes/enterprise-server/3-6/0.yml

@@ -25,7 +25,9 @@ sections:
           - "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#configuring-anonymous-git-read-access)"
           - "[Configuring host keys for your instance](/admin/configuration/configuring-your-enterprise/configuring-host-keys-for-your-instance)"
         - |
-          You can require TLS encryption for incoming SMTP connections to your instance. For more information, see "[Configuring email for notifications](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications)."
+          You can require TLS encryption for incoming SMTP connections to your instance. For more information, see "[Configuring email for notifications](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications#enforcing-tls-for-smtp-connections)."
+
+          - **Note**: This feature is unavailable in GitHub Enterprise Server 3.6.0. The feature will be available in an upcoming release. [Updated: 2022-08-26]
     - 
       heading: 审核日志
       notes:

translations/zh-CN/data/release-notes/enterprise-server/3-6/1.yml

@@ -0,0 +1,33 @@
+date: '2022-08-30'
+sections:
+  bugs:
+    - After unlocking a repository for temporary access, a site administrator was unable to manage settings for security products in the repository.
+    - Duplicate administrative SSH keys could appear in both the Management Console and the `/home/admin/.ssh/authorized_keys` file.
+    - The site admin page for individual users at <code>http(s)://<em>HOSTNAME</em>/stafftools/users/<em>USERNAME</em>/admin</code> contained functionality not intended for GitHub Enterprise Server.
+    - In some cases, running `ghe-cluster-config-apply` could replicate an empty configuration to existing nodes in a cluster.
+    - In some cases, configuration runs started with `ghe-config-apply` did not complete, or returned a `Container count mismatch` error.
+    - After updating a self-signed TLS certificate on a GitHub Enterprise Server instance, UI elements on some pages in the web interface did not appear.
+    - In some cases, background tasks could stall due to a library that was used concurrently despite not being thread-safe.
+    - The site admin bar at the top of the web interface contained a broken link to the SHA for the currently running version of the application.
+    - Organization owners were unable to set the level of access required to create discussions.
+    - Discussions users were incorrectly directed to the community guidelines for GitHub.com.
+    - In some cases, users were incorrectly instructed to verify their email before creating a discussion.
+    - Alerts from secret scanning for GitHub Advanced Security customers were missing in the web UI and REST API if a site administrator did not upgrade directly to GitHub Enterprise Server 3.4. The alerts are now visible.
+  changes:
+    - Generation of support bundles is faster as a result of parallelized log sanitization. For more information about support bundles, see "[Providing data to GitHub Support](/support/contacting-github-support/providing-data-to-github-support)."
+    - APIs that contain the `organization` or `org` route now accept either the organization's slug or ID. Previously, the APIs only accepted slugs, which caused `Link` headers for GitHub Advanced Security endpoints to be inaccessible. For more information, see "[Organizations](https://docs.github.com/rest/orgs/orgs)" in the REST API documentation.
+    - 'The enterprise audit log now includes more user-generated events, such as `project.create`. The REST API also returns additional user-generated events, such as `repo.create`. For more information, see "[Accessing the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)" and "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise#querying-the-audit-log-rest-api)."'
+    - In some cases, cache replicas could reject some Git operations on recently updated repositories. For more information about repository caching, see "[About repository caching](/admin/enterprise-management/caching-repositories/about-repository-caching)."
+    - 'You can now configure the global announcement banner to be dismissable using the REST API. For more information, see "[Customizing user messages for your enterprise](/admin/user-management/managing-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-global-announcement-banner)."'
+  known_issues:
+    - 在新建的没有任何用户的 {% data variables.product.prodname_ghe_server %} 实例上，攻击者可以创建第一个管理员用户。
+    - 自定义防火墙规则在升级过程中被删除。
+    - Git LFS 跟踪的文件[通过 Web 界面上传](https://github.com/blog/2105-upload-files-to-your-repositories) 被错误地直接添加到仓库。
+    - 如果议题包含文件路径长于 255 个字符的同一仓库中 blob 的永久链接，则议题无法关闭。
+    - 对 GitHub Connect 启用“用户可以搜索 GitHub.com”后，私有和内部仓库中的议题不包括在 GitHub.com 搜索结果中。
+    - '{% data variables.product.prodname_registry %} npm 注册表不再返回元数据响应的时间值。这样做是为了大幅改善性能。作为元数据响应的一部分，我们继续拥有返回时间值所需的所有数据，并将在我们解决现有性能问题后恢复返回这个值。'
+    - 特定于处理预接收挂钩的资源限制可能会导致某些预接收挂钩失败。
+    - Actions services need to be restarted after restoring an instance from a backup taken on a different host.
+    - In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
+    - In some cases, users cannot convert existing issues to discussions.
+    - Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.

translations/zh-CN/data/reusables/actions/about-runner-groups.md

@@ -0,0 +1,18 @@
+{% ifversion fpt %}
+{% note %}
+
+**Note:** All organizations have a single default runner group. Only enterprise accounts and organizations owned by enterprise accounts can create and manage additional runner groups.
+
+{% endnote %}
+
+Runner groups are used to control access to runners. 组织管理员可以配置访问策略，用以控制组织中的哪些组织可以访问运行器组。
+
+If you use {% data variables.product.prodname_ghe_cloud %}, you can create additional runner groups; enterprise admins can configure access policies that control which organizations in an enterprise have access to the runner group; and organization admins can assign additional granular repository access policies to the enterprise runner group.
+{% endif -%}
+{% ifversion ghec or ghes or ghae %}
+
+{% data reusables.actions.runner-group-enterprise-overview %}
+
+新运行器在创建时，将自动分配给默认组。 运行器每次只能在一个组中。 您可以将运行器从默认组移到另一组。 For more information, see "[Moving a runner to a group](#moving-a-runner-to-a-group)."
+
+{% endif %}

translations/zh-CN/data/reusables/actions/actions-billing.md

@@ -1 +1 @@
-公共仓库和自托管运行器免费使用 {% data variables.product.prodname_actions %}。 对于私有仓库，每个 {% data variables.product.prodname_dotcom %} 帐户可获得一定数量的免费记录和存储，具体取决于帐户所使用的产品。 超出包含金额的任何使用量都由支出限制控制。
+{% data variables.product.prodname_actions %} usage is free for standard {% data variables.product.prodname_dotcom %}-hosted runners in public repositories, and for self-hosted runners. For private repositories, each {% data variables.product.prodname_dotcom %} account receives a certain amount of free minutes and storage for use with {% data variables.product.prodname_dotcom %}-hosted runners, depending on the product used with the account. 超出包含金额的任何使用量都由支出限制控制。

translations/zh-CN/data/reusables/actions/add-hosted-runner-overview.md

@@ -0,0 +1,3 @@
+You can choose an operating system and a hardware configuration from the list of available options. When new instances of this runner are deployed through autoscaling, they'll use the same operating system and hardware configuration you've defined here.
+
+You can also define the labels that identify the runner, which is how your workflows will be able to send jobs to the runners for processing (using `runs-on`). New runners are automatically assigned to the default group, or you can choose which group the runners must join during the runner creation process. In addition, you can modify the runner's group membership after you've registered the runner. For more information, see "[Controlling access to {% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/controlling-access-to-larger-runners)."

translations/zh-CN/data/reusables/actions/add-hosted-runner.md

@@ -0,0 +1,11 @@
+1. Click **New runner**, then click **{% octicon "mark-github" aria-label="New hosted runner" %} New Github-hosted runner**.
+1. Complete the required details to configure your new runner:
+
+    - **Name**: Enter a name for your new runner. For easier identification, this should indicate its hardware and operating configuration, such as `ubuntu-20.04-16core`.
+    - **Runner image**: Choose an operating system from the available options. Once you've selected an operating system, you will be able to choose a specific version.
+    - **Runner size**: Choose a hardware configuration from the drop-down list of available options.
+    - **Auto-scaling**: Choose the maximum number of runners that can be active at any time.
+    - **Runner group**: Choose the group that your runner will be a member of. This group will host multiple instances of your runner, as they scale up and down to suit demand.
+    - **Networking**: Only for {% data variables.product.prodname_ghe_cloud %}: Choose whether a static IP address range will be assigned to instances of the {% data variables.actions.hosted_runner %}. You can use up to 10 static IP addresses in total.
+
+1. Click **Create runner**.

translations/zh-CN/data/reusables/actions/automatically-adding-a-runner-to-a-group.md

@@ -0,0 +1,11 @@
+You can use the configuration script to automatically add a new runner to a group. For example, this command registers a new runner and uses the `--runnergroup` parameter to add it to a group named `rg-runnergroup`.
+
+```sh
+./config.sh --url $org_or_enterprise_url --token $token --runnergroup rg-runnergroup
+```
+
+如果运行器组不存在，命令将失败：
+
+```
+找不到名为 "rg-runnergroup" 的任何自托管运行器组。
+```

translations/zh-CN/data/reusables/actions/changing-the-access-policy-of-a-runner-group.md

@@ -0,0 +1,38 @@
+{% comment %}
+
+Always include a security admonition above this procedure. This is either one of the following, depending on whether the context is self-hosted runners or larger runners.
+
+{% data reusables.actions.self-hosted-runner-security-admonition %}
+{% data reusables.actions.hosted-runner-security-admonition %}
+
+{% endcomment %}
+
+对于企业中的运行器组，您可以更改企业中可以访问运行器组的组织{% ifversion restrict-groups-to-workflows %} 或限制运行器组可以运行的工作流程{% endif %}。 对于组织中的运行器组，您可以更改组织中可以访问运行器组的存储库{% ifversion restrict-groups-to-workflows %} 或限制运行器组可以运行的工作流程{% endif %}。
+
+### 更改可以访问运行器组的组织或存储库
+
+{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5091 %}
+{% data reusables.actions.runner-groups-navigate-to-repo-org-enterprise %}
+{% data reusables.actions.settings-sidebar-actions-runner-groups-selection %}
+1. 对于企业中的运行器组，在 **Organization access（组织访问）**下，修改可以访问运行器组的组织。 对于组织中的运行器组，在 **Repository access（存储库访问）**下，修改可以访问运行器组的存储库。
+
+{% elsif ghae or ghes < 3.4 %}
+{% data reusables.actions.configure-runner-group-access %}
+{% endif %}
+
+{% ifversion restrict-groups-to-workflows %}
+### 更改可以访问运行器组的工作流程
+You can configure a runner group to run either selected workflows or all workflows. For example, you might use this setting to protect secrets that are stored on runners or to standardize deployment workflows by restricting a runner group to run only a specific reusable workflow. 如果配置企业共享的组织的运行组，则不能覆盖此设置。
+{% data reusables.actions.runner-groups-navigate-to-repo-org-enterprise %}
+{% data reusables.actions.settings-sidebar-actions-runner-groups-selection %}
+1. 在 **Workflow access（工作流程访问）**下，选择下拉菜单，然后单击 **Selected workflows（选定的工作流程）**。
+1. 单击 {% octicon "gear" aria-label="the gear icon" %}。
+1. 输入以逗号分隔的可访问运行器组的工作流程列表。 使用完整路径，包括存储库名称和所有者。 将工作流程固定到分支、标记或完整 SHA。 例如：`octo-org/octo-repo/.github/workflows/build.yml@v2, octo-org/octo-repo/.github/workflows/deploy.yml@d6dc6c96df4f32fa27b039f2084f576ed2c5c2a5, monalisa/octo-test/.github/workflows/test.yml@main`。
+
+   只有直接在所选工作流程中定义的作业才能访问运行器组。
+
+   组织拥有的运行器组无法访问企业中其他组织的工作流程。相反，您必须创建企业拥有的运行器组。
+
+1. 单击 **Save（保存）**。
+
+{% endif %}

translations/zh-CN/data/reusables/actions/changing-the-name-of-a-runner-group.md

@@ -0,0 +1,9 @@
+{% ifversion fpt or ghec or ghes > 3.3 or ghae-issue-5091 %}
+{% data reusables.actions.runner-groups-navigate-to-repo-org-enterprise %}
+{% data reusables.actions.settings-sidebar-actions-runner-groups-selection %}
+1. 更改运行器组名称。
+
+{% elsif ghae or ghes < 3.4 %}
+{% data reusables.actions.configure-runner-group %}
+1. 更改运行器组名称。
+{% endif %}

translations/zh-CN/data/reusables/actions/configure-runner-group-access.md

@@ -1,4 +1,4 @@
-{% data reusables.actions.self-hosted-runner-configure-runner-group %}
+{% data reusables.actions.configure-runner-group %}
 1. 修改策略选项。
 
    {% ifversion not ghae %}

translations/zh-CN/data/reusables/actions/creating-a-runner-group-for-an-enterprise.md

@@ -0,0 +1,28 @@
+{% comment %}
+
+Always include a security admonition above this procedure. This is either one of the following, depending on whether the context is self-hosted runners or larger runners.
+
+{% data reusables.actions.self-hosted-runner-security-admonition %}
+{% data reusables.actions.hosted-runner-security-admonition %}
+
+{% endcomment %}
+
+Enterprises can add their runners to groups for access management. Enterprises can create groups of runners that are accessible to specific organizations in the enterprise account{% ifversion restrict-groups-to-workflows %} or to specific workflows{% endif %}. 然后，组织所有者可以为企业运行器组分配更细致的存储库{% ifversion restrict-groups-to-workflows %} 和工作流程{% endif %} 访问策略。 For information about how to create a runner group with the REST API, see the enterprise endpoints in the [{% data variables.product.prodname_actions %} REST API](/rest/reference/actions#self-hosted-runner-groups).
+
+Runners are automatically assigned to the default group when created, and can only be members of one group at a time. 您可以在注册过程中将运行器分配给特定组，也可以稍后将运行器从默认组移到自定义组。
+
+创建组时，必须选择用于定义哪些组织有权访问运行器组的策略。
+
+{% data reusables.actions.runner-groups-add-to-enterprise-first-steps %}
+1. 要为组织访问选择策略，请选择 **Organization access（组织访问）**下拉列表，然后单击一个策略。 您可以将运行器组配置为可供特定组织列表或企业中的所有组织访问。{% ifversion ghes %} 默认情况下，只有私有存储库可以访问运行器组中的运行器，但您可以覆盖此操作。{% endif %}
+
+   {%- ifversion ghec or ghes %}
+
+   ![添加运行器组选项](/assets/images/help/settings/actions-enterprise-account-add-runner-group-options.png)
+   {%- elsif ghae %}
+
+   ![添加运行器组选项](/assets/images/help/settings/actions-enterprise-account-add-runner-group-options-ae.png)
+   {%- endif %}
+{% data reusables.actions.runner-group-assign-policy-workflow %}
+1. 单击 **Save group（保存组）**创建组并应用策略。
+

translations/zh-CN/data/reusables/actions/creating-a-runner-group-for-an-organization.md

@@ -0,0 +1,38 @@
+{% comment %}
+
+Always include a security admonition above this procedure. This is either one of the following, depending on whether the context is self-hosted runners or larger runners.
+
+{% data reusables.actions.self-hosted-runner-security-admonition %}
+{% data reusables.actions.hosted-runner-security-admonition %}
+
+{% endcomment %}
+
+All organizations have a single default runner group. Organizations within an enterprise account can create additional groups. 组织管理员可以允许单个仓库访问运行器组。 For information about how to create a runner group with the REST API, see "[Self-hosted runner groups](/rest/reference/actions#self-hosted-runner-groups)."
+
+Runners are automatically assigned to the default group when created, and can only be members of one group at a time. 您可以将运行器从默认组移到您创建的任何组。
+
+创建组时，必须选择一个策略，用于定义哪些存储库{% ifversion restrict-groups-to-workflows %} 和工作流程{% endif %} 有权访问运行器组。
+
+{% ifversion ghec or ghes > 3.3 or ghae-issue-5091 %}
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.org_settings %}
+{% data reusables.organizations.settings-sidebar-actions-runner-groups %}
+1. 在“Runner groups（运行器组）”部分，单击 **New runner group（新运行器组）**。
+1. 为运行器组输入名称。
+ {% data reusables.actions.runner-group-assign-policy-repo %}
+{% data reusables.actions.runner-group-assign-policy-workflow %}{%- ifversion restrict-groups-to-workflows %} 组织拥有的运行器组无法访问企业中其他组织的工作流程；相反，您必须创建企业拥有的运行器组。{% endif %}
+{% data reusables.actions.create-runner-group %}
+{% elsif ghae or ghes < 3.4 %}
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.org_settings %}
+{% data reusables.organizations.settings-sidebar-actions-runner-groups %}
+1. 在 {% ifversion ghes or ghae %}“Runners（运行器）”{% endif %} 下，单击 **Add new（新增）**，然后单击 **New group（新建组）**。
+
+    ![添加运行器组](/assets/images/help/settings/actions-org-add-runner-group.png)
+1. 输入运行程序组的名称，并分配仓库访问策略。
+
+   您可以将运行器组配置为可供特定的存储库列表或组织中的所有存储库访问。{% ifversion ghec or ghes %} 默认情况下，只有私有存储库可以访问运行器组中的运行器，但您可以覆盖此操作。 如果配置企业共享的组织的运行组，则不能覆盖此设置。{% endif %}
+
+   ![添加运行器组选项](/assets/images/help/settings/actions-org-add-runner-group-options.png)
+1. 单击 **Save group（保存组）**创建组并应用策略。
+{% endif %}

translations/zh-CN/data/reusables/actions/hosted-runner-security-admonition.md

@@ -0,0 +1,5 @@
+{% warning %}
+
+**警告**：{% data reusables.actions.hosted-runner-security %}
+
+{% endwarning %}

translations/zh-CN/data/reusables/actions/hosted-runner-security.md

@@ -0,0 +1,3 @@
+We recommend that you only use {% data variables.actions.hosted_runner %}s with private repositories:
+- Forks of your repository can potentially run dangerous code on your {% data variables.actions.hosted_runner %} by creating a pull request that executes the code in a workflow.
+- You could incur unexpected costs if you allow forked repositories to run jobs on your {% data variables.actions.hosted_runner %}s.

translations/zh-CN/data/reusables/actions/jobs/section-running-jobs-in-a-container.md

@@ -2,6 +2,12 @@
 
 若不设置 `container`，所有步骤将直接在 `runs-on` 指定的主机上运行，除非步骤引用已配置为在容器中运行的操作。
 
+{% note %}
+
+**Note:** The default shell for `run` steps inside a container is `sh` instead of `bash`. This can be overridden with [`jobs.<job_id>.defaults.run`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_iddefaultsrun) or [`jobs.<job_id>.steps[*].shell`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell).
+
+{% endnote %}
+
 ### 示例：在容器中运行作业
 
 ```yaml{:copy}

translations/zh-CN/data/reusables/actions/moving-a-runner-to-a-group.md

@@ -0,0 +1,12 @@
+If you don't specify a runner group during the registration process, your new runners are automatically assigned to the default group, and can then be moved to another group.
+
+{% data reusables.actions.self-hosted-runner-navigate-to-org-enterprise %}
+{% ifversion ghec or ghes > 3.3 or ghae-issue-5091 %}
+1. 在“Runners（运行器）”列表中，单击您要配置的运行器。
+2. 选择 **Runner group（运行器组）**下拉列表。
+3. 在“Move runner to group（将运行器移动到组）”中，选择运行器的目的地组。
+{% elsif ghae or ghes < 3.4 %}
+1. 在设置页面的 {% ifversion ghes or ghae %} Runner groups（运行器组）{% endif %} 部分，找到要移动的运行器的当前组，并展开组成员列表。 ![查看运行器组成员](/assets/images/help/settings/actions-org-runner-group-members.png)
+2. 选中自托管运行器旁边的复选框，然后单击 **Move to group（移动到组）**以查看可用的目的地。 ![运行器组成员移动](/assets/images/help/settings/actions-org-runner-group-member-move.png)
+3. 要移动运行器，请单击目标组。 ![运行器组成员移动](/assets/images/help/settings/actions-org-runner-group-member-move-destination.png)
+{% endif %}

translations/zh-CN/data/reusables/actions/removing-a-runner-group.md

@@ -0,0 +1,9 @@
+Runners are automatically returned to the default group when their group is removed.
+
+{% ifversion ghes or ghae or ghec %}
+{% data reusables.actions.runner-groups-navigate-to-repo-org-enterprise %}
+1. 在组列表中，在要删除的组右侧，单击 {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}。
+2. 要删除组，请单击 **Remove group（删除组）**。
+3. 查看确认提示，然后单击 **Remove this runner group（删除此运行器组）**。 Any runners still in this group will be automatically moved to the default group, where they will inherit the access permissions assigned to that group.
+
+{% endif %}

translations/zh-CN/data/reusables/actions/runner-group-enterprise-overview.md

@@ -0,0 +1,3 @@
+Runner groups are used to control access to runners at the organization and enterprise level. Enterprise owners can configure access policies that control which organizations {% ifversion restrict-groups-to-workflows %}and workflows {% endif %}in an enterprise have access to the runner group. 组织所有者可以配置访问策略，以控制组织中哪些存储库{% ifversion restrict-groups-to-workflows %} 和工作流程{% endif %} 可以访问运行器组。
+
+When an enterprise owner grants access to a runner group, organization owners can see the runner group listed in the organization's runner settings. 然后，组织所有者可以为企业运行器组分配更细致的存储库{% ifversion restrict-groups-to-workflows %} 和工作流程{% endif %} 访问策略。

translations/zh-CN/data/reusables/actions/runner-groups-navigate-to-repo-org-enterprise.md

@@ -1,9 +1,9 @@
 {% ifversion fpt %}
-1. 导航到自托管运行器组所在的存储库或组织的主页。
+1. Navigate to the main page of the repository or organization where your runner groups are located.
 2. 单击 {% octicon "gear" aria-label="The Settings gear" %} **Settings（设置）**。
 {% data reusables.organizations.settings-sidebar-actions-runner-groups %}
 {% elsif ghec or ghes or ghae %}
-1. 导航到自托管运行器组所在的位置：
+1. Navigate to where your runner groups are located:
    * **在组织中**，导航到主页并单击 {% octicon "gear" aria-label="The Settings gear" %} **Settings（设置）**。
    * **如果使用企业级组**：
 

translations/zh-CN/data/reusables/actions/self-hosted-runner-add-to-enterprise.md

@@ -3,7 +3,7 @@
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.actions-tab %}
 {% data reusables.enterprise-accounts.actions-runners-tab %}
-1. 单击 **New runner（新运行器）**。
+{% ifversion actions-hosted-runners %}1. Click **New runner**, then click **New self-hosted runner**.{% else %}1. Click **New runner**.{% endif %}
 {% data reusables.actions.self-hosted-runner-configure %}
 {%- elsif ghae or ghes < 3.4 %}
 要将自托管的运行器添加到企业，您必须是组织所有者。

translations/zh-CN/data/reusables/actions/self-hosted-runner-navigate-to-org-enterprise.md

@@ -3,7 +3,7 @@
 2. 单击 {% octicon "gear" aria-label="The Settings gear" %} **Settings（设置）**。
 {% data reusables.organizations.settings-sidebar-actions-runners %}
 {% elsif ghec or ghes or ghae %}
-1. 导航到自托管运行器注册的位置：
+1. Navigate to where your runner is registered:
    * **在组织中**，导航到主页并单击 {% octicon "gear" aria-label="The Settings gear" %} **Settings（设置）**。
    * **如果使用企业级运行器**：
 

translations/zh-CN/data/reusables/actions/self-hosted-runner-navigate-to-repo-org-enterprise.md

@@ -3,7 +3,7 @@
 2. 单击 {% octicon "gear" aria-label="The Settings gear" %} **Settings（设置）**。
 {% data reusables.organizations.settings-sidebar-actions-runners %}
 {% elsif ghec or ghes or ghae %}
-1. 导航到自托管运行器注册的位置：
+1. Navigate to where your runner is registered:
    * **在组织或仓库中**，导航到主页并单击 {% octicon "gear" aria-label="The Settings gear" %} **Settings（设置）**。
    * **如果使用企业级运行器**：
 

translations/zh-CN/data/reusables/actions/self-hosted-runner-security-admonition.md

@@ -0,0 +1,7 @@
+{% warning %}
+
+**警告**：{% data reusables.actions.self-hosted-runner-security %}
+
+更多信息请参阅“[关于自托管运行器](/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)”。
+
+{% endwarning %}

translations/zh-CN/data/reusables/actions/self-hosted-runner-security.md

@@ -1 +1 @@
-建议仅将自托管运行器用于私有仓库。 这是因为，通过创建在工作流程中执行代码的拉取请求，仓库的复刻可能会在您的自托管运行器上运行危险代码。
+建议仅将自托管运行器用于私有仓库。 This is because forks of your public repository can potentially run dangerous code on your self-hosted runner machine by creating a pull request that executes the code in a workflow.

translations/zh-CN/data/reusables/billing/billing-hosted-runners.md

@@ -0,0 +1 @@
+|  Linux   |   4  |   $0.016   | |  Linux   |   8  |   $0.032   | |  Linux   |  16  |   $0.064   | |  Linux   |  32   |   $0.128   | |  Linux   |   64  |   $0.256   | |  Windows   |   8  |   $0.064   | |  Windows   |  16  |   $0.128   | |  Windows   |  32 |   $0.256   | |  Windows   |  64  |   $0.512   |

translations/zh-CN/data/reusables/billing/billing-standard-runners.md

@@ -0,0 +1,5 @@
+| 操作系统    | Cores | 每分钟费率（美元） |
+| ------- | ----- | --------- |
+| Linux   | 2     | $0.008    |
+| macOS   | 3     | $0.08     |
+| Windows | 2     | $0.016    |

translations/zh-CN/data/reusables/code-scanning/example-configuration-files.md

@@ -30,3 +30,22 @@ paths-ignore:
   - src/node_modules
   - '**/*.test.js'
 ```
+
+{% ifversion code-scanning-exclude-queries-from-analysis %}
+
+The following configuration file only runs queries that generate alerts of severity error. The configuration first selects all the default queries, all queries in `./my-queries`, and the default suite in `codeql/java-queries`, then excludes all the queries that generate warnings or recommendations.
+
+``` yaml
+queries:
+  - name: Use an in-repository QL pack (run queries in the my-queries directory)
+    uses: ./my-queries
+packs:
+  - codeql/java-queries
+query-filters:
+- exclude:
+    problem.severity:
+      - warning
+      - recommendation
+```
+
+{% endif %}

translations/zh-CN/data/reusables/code-scanning/run-additional-queries.md

@@ -1,5 +1,13 @@
 When you use {% data variables.product.prodname_codeql %} to scan code, the {% data variables.product.prodname_codeql %} analysis engine generates a database from the code and runs queries on it. {% data variables.product.prodname_codeql %} analysis uses a default set of queries, but you can specify more queries to run, in addition to the default queries.
 
+{% ifversion code-scanning-exclude-queries-from-analysis %}
+{% tip %}
+
+You can also specify the queries you want to exclude from analysis, or include in the analysis. This requires the use of a custom configuration file. For more information, see "[Using a custom configuration file](#using-a-custom-configuration-file)" and "[Excluding specific queries from analysis](#excluding-specific-queries-from-analysis) " below.
+
+{% endtip %}
+{% endif %}
+
 {% ifversion codeql-packs %}
 You can run extra queries if they are part of a {% data variables.product.prodname_codeql %} pack (beta) published to the {% data variables.product.company_short %} {% data variables.product.prodname_container_registry %} or a {% data variables.product.prodname_ql %} pack stored in a repository. For more information, see "[About {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %}](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql#about-codeql-queries)."
 

translations/zh-CN/data/reusables/codespaces/codespaces-org-policies-note.md

@@ -1,5 +1,5 @@
 {% note %}
 
-**Note**: Organization policies you define for {% data variables.product.prodname_codespaces %} only apply to codespaces for which your organization will be billed. If an individual user creates a codespace for a repository in your organization, and the organization is not billed, then the codespace will not be bound by these policies. For information on how to choose who can create codespaces that are billed to your organization, see "[Enabling {% data variables.product.prodname_github_codespaces %} for your organization](https://docs-internal-29134-ad7bd8.preview.ghdocs.com/en/codespaces/managing-codespaces-for-your-organization/enabling-github-codespaces-for-your-organization#choose-who-can-create-codespaces-that-are-billed-to-your-organization)."
+**Note**: Organization policies you define for {% data variables.product.prodname_codespaces %} only apply to codespaces for which your organization will be billed. If an individual user creates a codespace for a repository in your organization, and the organization is not billed, then the codespace will not be bound by these policies. For information on how to choose who can create codespaces that are billed to your organization, see "[Enabling {% data variables.product.prodname_github_codespaces %} for your organization](/codespaces/managing-codespaces-for-your-organization/enabling-github-codespaces-for-your-organization#choose-who-can-create-codespaces-that-are-billed-to-your-organization)."
 
 {% endnote %}

translations/zh-CN/data/reusables/codespaces/open-codespace-from-template-repo.md

@@ -0,0 +1,8 @@
+1. Select an owner for the new repository, enter a repository name, select your preferred privacy setting, and click **Create repository from template**.
+1. On the main page of the newly created repository, click the **{% octicon "code" aria-label="The code icon" %} Code** button and select the **Codespaces** tab.
+
+   ![新建代码空间按钮](/assets/images/help/codespaces/new-codespace-button.png)
+
+   If you don’t see this tab, {% data variables.product.prodname_github_codespaces %} isn't available for you. For more information about access to {% data variables.product.prodname_github_codespaces %}, see "[Creating a codespace](/codespaces/developing-in-codespaces/creating-a-codespace#access-to-github-codespaces)."
+
+1. On the **Codespaces** tab, click **Create codespace on main**.