Merge branch 'main' into 3059-remove-send-from-author

2021-01-23 13:39:49 +00:00 · 2021-01-23 13:39:49 +00:00 · eb7ce2b47b
--- a/.github/allowed-actions.js
+++ b/.github/allowed-actions.js
@ -8,7 +8,7 @@ module.exports = [
  'actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f', //actions/checkout@v2.3.4
  'actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9', //actions/script@v3.0.0
  'actions/labeler@5f867a63be70efff62b767459b009290364495eb', //actions/labeler@v2.2.0
-  'actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d', //actions/setup-node@v1.4.4
+  'actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e', //actions/setup-node@v2.1.4
  'actions/setup-ruby@5f29a1cd8dfebf420691c4c9a0e832e2fae5a526', //actions/setup-ruby@v1.1.2
  'actions/stale@af4072615903a8b031f986d25b1ae3bf45ec44d4', //actions/stale@v3.0.13
  'crowdin/github-action@fd9429dd63d6c0f8a8cb4b93ad8076990bd6e688',
@ -33,7 +33,7 @@ module.exports = [
  'repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88',
  'repo-sync/pull-request@33777245b1aace1a58c87a29c90321aa7a74bd7d',
  'someimportantcompany/github-actions-slack-message@0b470c14b39da4260ed9e3f9a4f1298a74ccdefd',
-  'tjenkinson/gh-action-auto-merge-dependency-updates@cee2ac0',
+  'tjenkinson/gh-action-auto-merge-dependency-updates@4d7756c04d9d999c5968697a621b81c47f533d61',
  'EndBug/add-and-commit@9358097a71ad9fb9e2f9624c6098c89193d83575',
  'dorny/paths-filter@eb75a1edc117d3756a18ef89958ee59f9500ba58'
 ]
--- a/.github/workflows/automerge-dependencies.yml
+++ b/.github/workflows/automerge-dependencies.yml
@ -17,7 +17,7 @@ jobs:
    if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
    runs-on: ubuntu-latest
    steps:
-      - uses: tjenkinson/gh-action-auto-merge-dependency-updates@cee2ac0
+      - uses: tjenkinson/gh-action-auto-merge-dependency-updates@4d7756c04d9d999c5968697a621b81c47f533d61
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          allowed-actors: dependabot[bot]
--- a/.github/workflows/dry-run-sync-algolia-search-indices.yml
+++ b/.github/workflows/dry-run-sync-algolia-search-indices.yml
@ -11,7 +11,7 @@ jobs:
    steps:
      - name: checkout
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-      - uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+      - uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
        with:
          node-version: 14.x
      - name: cache node modules
--- a/.github/workflows/js-lint.yml
+++ b/.github/workflows/js-lint.yml
@ -17,7 +17,7 @@ jobs:
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

      - name: Setup node
-        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
        with:
          node-version: 14.x

--- a/.github/workflows/link-check-test.yml
+++ b/.github/workflows/link-check-test.yml
@ -0,0 +1,55 @@
+name: Link Checker
+
+on:
+  workflow_dispatch:
+  push:
+
+jobs:
+  see_if_should_skip:
+    continue-on-error: true
+    runs-on: self-hosted
+    # Map a step output to a job output
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@36feb0d8d062137530c2e00bd278d138fe191289
+        with:
+          cancel_others: 'false'
+          github_token: ${{ github.token }}
+          paths: '[".github/workflows/link-check-test.yml", "assets/**", "content/**", "data/**", "includes/**", "javascripts/**", "jest-puppeteer.config.js", "jest.config.js", "layouts/**", "lib/**", "middleware/**", "package-lock.json", "package.json", "server.js", "translations/**", "webpack.config.js"]'
+  build:
+    needs: see_if_should_skip
+    runs-on: self-hosted
+    steps:
+      # Each of these ifs needs to be repeated at each step to make sure the required check still runs
+      # Even if if doesn't do anything
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Checkout
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Setup node
+        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
+        with:
+          node-version: 14.x
+
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Install
+        run: npm ci
+
+      ## TODO
+      # - if: ${{ github.repository == 'github/docs-internal' &&  needs.see_if_should_skip.outputs.should_skip != 'true' }}
+      #   name: Clone early access
+      #   run: npm run heroku-postbuild
+      #   env:
+      #     DOCUBOT_REPO_PAT: ${{ secrets.DOCUBOT_REPO_PAT }}
+      #     GIT_BRANCH: ${{ github.ref }}
+
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Build
+        run: npm run build
+
+      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
+        name: Link check
+        run: npm run link-check
--- a/.github/workflows/sync-algolia-search-indices.yml
+++ b/.github/workflows/sync-algolia-search-indices.yml
@ -14,7 +14,7 @@ jobs:
    steps:
      - name: checkout
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-      - uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+      - uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
        with:
          node-version: 14.x
      - name: cache node modules
--- a/.github/workflows/sync-single-english-algolia-index.yml
+++ b/.github/workflows/sync-single-english-algolia-index.yml
@ -20,7 +20,7 @@ jobs:
    steps:
      - name: checkout
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-      - uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+      - uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
        with:
          node-version: 14.x
      - name: cache node modules
--- a/.github/workflows/test-translations.yml
+++ b/.github/workflows/test-translations.yml
@ -17,7 +17,7 @@ jobs:
          ref: translations # check out the 'translations' branch

      - name: Setup node
-        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
        with:
          node-version: 14.x

@ -55,7 +55,7 @@ jobs:
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

      - name: Setup node
-        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
        with:
          node-version: 14.x

--- a/.github/workflows/test-windows.yml
+++ b/.github/workflows/test-windows.yml
@ -15,13 +15,13 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        test-group: [content, meta, rendering, routing, unit, links-and-images]
+        test-group: [content, meta, rendering, routing, unit]
    steps:
      - name: Check out repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

      - name: Setup node
-        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
        with:
          node-version: 14.x

--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -36,8 +36,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        test-group:
-          [content, meta, rendering, routing, unit, links-and-images, graphql]
+        test-group: [content, meta, rendering, routing, unit, graphql]
    steps:
      # Each of these ifs needs to be repeated at each step to make sure the required check still runs
      # Even if if doesn't do anything
@ -50,7 +49,7 @@ jobs:

      - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
        name: Setup node
-        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
        with:
          node-version: 14.x

--- a/.github/workflows/yml-lint.yml
+++ b/.github/workflows/yml-lint.yml
@ -17,7 +17,7 @@ jobs:
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

      - name: Setup node
-        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+        uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
        with:
          node-version: 14.x

--- a/assets/images/help/desktop/delete-tag-multiple.png
+++ b/assets/images/help/desktop/delete-tag-multiple.png
--- a/assets/images/help/desktop/select-delete-tag.png
+++ b/assets/images/help/desktop/select-delete-tag.png
--- a/assets/images/help/organizations/github-pages-creation-checkboxes.png
+++ b/assets/images/help/organizations/github-pages-creation-checkboxes.png
--- a/assets/images/help/pages/403-file-name.png
+++ b/assets/images/help/pages/403-file-name.png
--- a/assets/images/help/pages/click-private-pages-url-to-preview.png
+++ b/assets/images/help/pages/click-private-pages-url-to-preview.png
--- a/assets/images/help/pages/public-or-private-visibility.png
+++ b/assets/images/help/pages/public-or-private-visibility.png
--- a/assets/images/lynn_hashimoto.png
+++ b/assets/images/lynn_hashimoto.png
--- a/assets/images/site/labtocat.png
+++ b/assets/images/site/labtocat.png
--- a/assets/images/site/waldocat.png
+++ b/assets/images/site/waldocat.png
--- a/content/actions/creating-actions/about-actions.md
+++ b/content/actions/creating-actions/about-actions.md
@ -122,7 +122,7 @@ steps:

 #### Using a commit's SHA for release management

-Each Git commit receives a calculated SHA value, which is unique and immutable. Your action's users might prefer to rely on a commit's SHA value, as this approach can be more reliable than specifying a tag, which could be deleted or moved. However, this means that users will not receive further updates made to the action. Using a commit's full SHA value instead of the abbreviated value can help prevent people from using a malicious commit that uses the same abbreviation.
+Each Git commit receives a calculated SHA value, which is unique and immutable. Your action's users might prefer to rely on a commit's SHA value, as this approach can be more reliable than specifying a tag, which could be deleted or moved. However, this means that users will not receive further updates made to the action. {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}You must use a commit's full SHA value, and not an abbreviated value.{% else %}Using a commit's full SHA value instead of the abbreviated value can help prevent people from using a malicious commit that uses the same abbreviation.{% endif %}

 ```yaml
 steps:
--- a/content/actions/guides/building-and-testing-net.md
+++ b/content/actions/guides/building-and-testing-net.md
@ -44,7 +44,7 @@ jobs:
    - name: Setup .NET Core SDK ${{ matrix.dotnet }}
      uses: actions/setup-dotnet@v1.6.0
      with:
-        dotnet-version: {{ matrix.dotnet-version }}
+        dotnet-version: ${{ matrix.dotnet-version }}
    - name: Install dependencies
      run: dotnet restore
    - name: Build
@ -58,7 +58,7 @@ jobs:

 To use a preinstalled version of the .NET Core SDK on a {% data variables.product.prodname_dotcom %}-hosted runner, use the `setup-dotnet` action. This action finds a specific version of .NET from the tools cache on each runner, and adds the necessary binaries to `PATH`. These changes will persist for the remainder of the job.
 
-The `setup-dotnet` action is the recommended way of using .NET with {% data variables.product.prodname_actions %}, because it ensures consistent behavior across different runners and different versions of .NET. If you are using a self-hosted runner, you must install .NET and add it to `PATH`. For more information, see the [`setup-dotnet`](https://github.com/marketplace/actions/setup-dotnet).
+The `setup-dotnet` action is the recommended way of using .NET with {% data variables.product.prodname_actions %}, because it ensures consistent behavior across different runners and different versions of .NET. If you are using a self-hosted runner, you must install .NET and add it to `PATH`. For more information, see the [`setup-dotnet`](https://github.com/marketplace/actions/setup-net-core-sdk) action.

 #### Using multiple .NET versions

--- a/content/actions/guides/building-and-testing-python.md
+++ b/content/actions/guides/building-and-testing-python.md
@ -365,26 +365,26 @@ jobs:
      matrix:
        python-version: [2.7, 3.5, 3.6, 3.7, 3.8]

-      steps:
-      - uses: actions/checkout@v2
-      - name: Setup Python # Set Python version
-        uses: actions/setup-python@v2
-        with:
-          python-version: ${{ matrix.python-version }}
-      # Install pip and pytest
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install pytest
-      - name: Test with pytest
-        run: pytest tests.py --doctest-modules --junitxml=junit/test-results-${{ matrix.python-version }}.xml
-      - name: Upload pytest test results
-        uses: actions/upload-artifact@v2
-        with:
-          name: pytest-results-${{ matrix.python-version }}
-          path: junit/test-results-${{ matrix.python-version }}.xml
-        # Use always() to always run this step to publish test results when there are test failures
-        if: ${{ always() }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Setup Python # Set Python version
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python-version }}
+    # Install pip and pytest
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install pytest
+    - name: Test with pytest
+      run: pytest tests.py --doctest-modules --junitxml=junit/test-results-${{ matrix.python-version }}.xml
+    - name: Upload pytest test results
+      uses: actions/upload-artifact@v2
+      with:
+        name: pytest-results-${{ matrix.python-version }}
+        path: junit/test-results-${{ matrix.python-version }}.xml
+      # Use always() to always run this step to publish test results when there are test failures
+      if: ${{ always() }}
 ```
 {% endraw %}

--- a/content/actions/guides/index.md
+++ b/content/actions/guides/index.md
@ -21,6 +21,7 @@ learningTracks:
  - getting_started
  - continuous_integration
  - continuous_deployment
+  - deploy_to_the_cloud
  - hosting_your_own_runners
  - create_actions
 layout: product-sublanding
--- a/content/actions/learn-github-actions/finding-and-customizing-actions.md
+++ b/content/actions/learn-github-actions/finding-and-customizing-actions.md
@ -71,7 +71,7 @@ steps:

 #### Using SHAs

-If you need more reliable versioning, you should use the SHA value associated with the version of the action. SHAs are immutable and therefore more reliable than tags or branches. However this approach means you will not automatically receive updates for an action, including important bug fixes and security updates. This example targets an action's SHA:
+If you need more reliable versioning, you should use the SHA value associated with the version of the action. SHAs are immutable and therefore more reliable than tags or branches. However this approach means you will not automatically receive updates for an action, including important bug fixes and security updates. {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}You must use a commit's full SHA value, and not an abbreviated value. {% endif %}This example targets an action's SHA:

 ```yaml
 steps:
--- a/content/actions/learn-github-actions/security-hardening-for-github-actions.md
+++ b/content/actions/learn-github-actions/security-hardening-for-github-actions.md
@ -54,11 +54,13 @@ This means that a compromise of a single action within a workflow can be very si

  Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.

+  {% if currentVersion ver_lt "enterprise-server@3.1" %}
  {% warning %}
  
  **Warning:** The short version of the commit SHA is insecure and should never be used for specifying an action's Git reference. Because of how repository networks work, any user can fork the repository and push a crafted commit to it that collides with the short SHA. This causes subsequent clones at that SHA to fail because it becomes an ambiguous commit. As a result, any workflows that use the shortened SHA will immediately fail.

  {% endwarning %}
+  {% endif %}


 * **Audit the source code of the action**
--- a/content/actions/reference/workflow-syntax-for-github-actions.md
+++ b/content/actions/reference/workflow-syntax-for-github-actions.md
@ -27,7 +27,7 @@ The name of your workflow. {% data variables.product.prodname_dotcom %} displays

 ### `on`

-**Required** The name of the {% data variables.product.prodname_dotcom %} event that triggers the workflow. You can provide a single event `string`, `array` of events, `array` of event `types`, or an event configuration `map` that schedules a workflow or restricts the execution of a workflow to specific files, tags, or branch changes. For a list of available events, see "[Events that trigger workflows](/articles/events-that-trigger-workflows)."
+**Required**. The name of the {% data variables.product.prodname_dotcom %} event that triggers the workflow. You can provide a single event `string`, `array` of events, `array` of event `types`, or an event configuration `map` that schedules a workflow or restricts the execution of a workflow to specific files, tags, or branch changes. For a list of available events, see "[Events that trigger workflows](/articles/events-that-trigger-workflows)."

 {% data reusables.github-actions.actions-on-examples %}

@ -286,7 +286,7 @@ In this example, `job3` uses the `always()` conditional expression so that it al

 ### `jobs.<job_id>.runs-on`

-**Required** The type of machine to run the job on. The machine can be either a {% data variables.product.prodname_dotcom %}-hosted runner or a self-hosted runner.
+**Required**. The type of machine to run the job on. The machine can be either a {% data variables.product.prodname_dotcom %}-hosted runner or a self-hosted runner.

 {% data reusables.actions.enterprise-github-hosted-runners %}

@ -299,6 +299,7 @@ Available {% data variables.product.prodname_dotcom %}-hosted runner types are:
 {% data reusables.github-actions.supported-github-runners %}

 {% data reusables.github-actions.ubuntu-runner-preview %}
+{% data reusables.github-actions.macos-runner-preview %}

 ##### Example

@ -518,7 +519,7 @@ Actions are either JavaScript files or Docker containers. If the action you're u
 ```yaml
 steps:    
  # Reference a specific commit
-  - uses: actions/setup-node@74bc508
+  - uses: actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e
  # Reference the major version of a release
  - uses: actions/setup-node@v1
  # Reference a minor version of a release
--- a/content/admin/enterprise-support/about-github-enterprise-support.md
+++ b/content/admin/enterprise-support/about-github-enterprise-support.md
@ -122,7 +122,6 @@ When you contact {% data variables.contact.enterprise_support %}, you can choose
 ### Further reading

 {% if enterpriseServerVersions contains currentVersion %}
- [Frequently asked questions about {% data variables.product.prodname_ghe_server %}](https://enterprise.github.com/faq)
 - Section 10 on Support in the "[{% data variables.product.prodname_ghe_server %} License Agreement](https://enterprise.github.com/license)"{% endif %}
 - "[Receiving help from {% data variables.contact.github_support %}](/admin/enterprise-support/receiving-help-from-github-support)"{% if enterpriseServerVersions contains currentVersion %}
 - "[Preparing to submit a ticket](/enterprise/admin/guides/enterprise-support/preparing-to-submit-a-ticket)"{% endif %}
--- a/content/admin/overview/about-github-ae.md
+++ b/content/admin/overview/about-github-ae.md
@ -0,0 +1,46 @@
+---
+title: About GitHub AE
+intro: '{% data variables.product.prodname_ghe_managed %} is the most secure and compliant way to use {% data variables.product.prodname_dotcom %}.'
+versions:
+  github-ae: '*'
+---
+
+### About {% data variables.product.prodname_ghe_managed %}
+
+{% data reusables.github-ae.github-ae-enables-you %}
+
+{% data variables.product.prodname_ghe_managed %} offers one developer platform from idea to production. You can increase developer velocity, automate entire workflows, secure your code, and collaborate in developers’ favorite tool. 
+
+{% data variables.product.prodname_ghe_managed %} provides your organization with all the power of [{% data variables.product.prodname_enterprise %}](https://github.com/enterprise). With {% data variables.product.prodname_ghe_managed %}, you can also meet security and compliance goals with a suite of features and certifications that put you in control. 
+
+### A highly available and planet-scale cloud
+
+{% data variables.product.prodname_ghe_managed %} is a fully managed service, hosted in a high availability architecture. {% data variables.product.prodname_ghe_managed %} is hosted globally in a cloud that can scale to support your full development lifecycle without limits. {% data variables.product.prodname_dotcom %} fully manages backups, failover, and disaster recovery, so you never need to worry about your service or data. 
+
+### Data residency
+
+All of your data is stored within the geographic region of your choosing. You can comply with GDPR and global data protection standards by keeping all of your data within your chosen region.
+
+### Encryption on your terms 
+
+All customer data is encrypted at rest, and you can provide your own encryption key to encrypt your data under your encryption policies. You control your key and access to all of your data. For more information, see "[Configuring data encryption for your enterprise](/admin/configuration/configuring-data-encryption-for-your-enterprise)."
+
+### Isolated accounts
+
+All developer accounts are fully isolated in {% data variables.product.prodname_ghe_managed %}. You can fully control the accounts through your identity provider, with SAML single sign on as mandatory. SCIM enables you to ensure that employees only have access to the resources they should, as defined in your central identity management system. For more information, see "[Managing identity and access for your enterprise](/admin/authentication/managing-identity-and-access-for-your-enterprise)."
+
+### Restricted network access
+
+Secure access to your enterprise on {% data variables.product.prodname_ghe_managed %} with restricted network access, so that your data can only be accessed from within your network. For more information, see "[Restricting network traffic to your enterprise](/admin/configuration/restricting-network-traffic-to-your-enterprise)."
+
+### Commercial and government environments
+
+{% data variables.product.prodname_ghe_managed %} is available in the Azure Government cloud, the trusted cloud for US government agencies and their partners. {% data variables.product.prodname_ghe_managed %} is also available in the commercial cloud, so you can choose the hosting environment that is right for your organization.
+
+### Premium Plus support 
+
+Premium Plus support is available for all {% data variables.product.prodname_ghe_managed %} customers, to ensure you have the fastest and most personal support experience. A dedicated Account Manager will work with you to help you get the most out of {% data variables.product.prodname_dotcom %}. Our support team will resolve issues any time of day, in the shortest possible time. 
+
+### About billing for {% data variables.product.prodname_ghe_managed %}
+
+{% data reusables.github-ae.about-billing %} For more information, see "[Managing billing for your enterprise](/admin/overview/managing-billing-for-your-enterprise)."
--- a/content/admin/overview/index.md
+++ b/content/admin/overview/index.md
@ -12,6 +12,7 @@ For more information, or to purchase {% data variables.product.prodname_enterpri

 ### Table of Contents

+{% link_in_list /about-github-ae %}
 {% link_in_list /about-enterprise-accounts %}
 {% link_in_list /managing-your-github-enterprise-license %}
 {% link_in_list /managing-billing-for-your-enterprise %}
--- a/content/desktop/contributing-and-collaborating-using-github-desktop/managing-tags.md
+++ b/content/desktop/contributing-and-collaborating-using-github-desktop/managing-tags.md
@ -34,3 +34,14 @@ versions:

 3. All tags associated with the commit are visible in that commit's metadata.
 ![Viewing a tag in the commit](/assets/images/help/desktop/viewing-tags-in-commit.png)
+
+### Deleting tags
+
+{% note %}
+
+**Note**: You can only delete tags associated with commits that have not yet been pushed.
+
+{% endnote %}
+
+{% data reusables.desktop.history-tab %}
+{% data reusables.desktop.delete-tag %}
--- a/content/github/authenticating-to-github/removing-sensitive-data-from-a-repository.md
+++ b/content/github/authenticating-to-github/removing-sensitive-data-from-a-repository.md
@ -28,7 +28,7 @@ This article tells you how to make commits with sensitive data unreachable from

 #### Using the BFG

-The [BFG Repo-Cleaner](http://rtyley.github.io/bfg-repo-cleaner/) is a tool that's built and maintained by the open source community. It provides a faster, simpler alternative to `git filter-branch` for removing unwanted data. For example, to remove your file with sensitive data and leave your latest commit untouched, run:
+The [BFG Repo-Cleaner](https://rtyley.github.io/bfg-repo-cleaner/) is a tool that's built and maintained by the open source community. It provides a faster, simpler alternative to `git filter-branch` for removing unwanted data. For example, to remove your file with sensitive data and leave your latest commit untouched, run:

 ```shell
 $ bfg --delete-files <em>YOUR-FILE-WITH-SENSITIVE-DATA</em>
@ -46,7 +46,7 @@ After the sensitive data is removed, you must force push your changes to {% data
 $ git push --force
 ```

-See the [BFG Repo-Cleaner](http://rtyley.github.io/bfg-repo-cleaner/)'s documentation for full usage and download instructions.
+See the [BFG Repo-Cleaner](https://rtyley.github.io/bfg-repo-cleaner/)'s documentation for full usage and download instructions.

 #### Using filter-branch

--- a/content/github/building-a-strong-community/blocking-a-user-from-your-organization.md
+++ b/content/github/building-a-strong-community/blocking-a-user-from-your-organization.md
@ -13,14 +13,13 @@ When you block a user, you can choose to block them indefinitely or for a specif

 {% tip %}

-**Tip:** If you're blocking a user because of a heated conversation, consider [locking the conversation](/articles/locking-conversations) so only collaborators can comment.
+**Tip:** If you're blocking a user because of a heated conversation, consider locking the conversation so only collaborators can comment. For more information, see "[Locking conversations](/github/building-a-strong-community/locking-conversations)."

 {% endtip %}

 At the time that you block a user from your organization:
 - The user stops watching your organization's repositories
 - The user's stars and issue assignments are removed from your repositories
- The user's forks of your organization's repositories are deleted
 - The user's votes on discussions or comments in your organization's repositories are deleted
 - The user is removed as a collaborator on your organization's repositories
 - The user's contributions to your organization's repositories are no longer counted as contributions for them
--- a/content/github/building-a-strong-community/blocking-a-user-from-your-personal-account.md
+++ b/content/github/building-a-strong-community/blocking-a-user-from-your-personal-account.md
@ -9,11 +9,11 @@ versions:

 ### About blocking users

-You can block a user in your account settings or from the user's profile. {% data variables.product.prodname_dotcom %} will not notify the user when you block them. If you want to avoid contributing to the same project as someone you've blocked, you can [choose to display a warning](/articles/blocking-a-user-from-your-personal-account/#blocking-a-user-in-your-account-settings) on any repositories with prior contributions from a blocked user. You may still see the activity of blocked users in shared spaces and blocked users can delete their existing content.
+You can block a user in your account settings or from the user's profile. {% data variables.product.prodname_dotcom %} will not notify the user when you block them. If you want to avoid contributing to the same project as someone you've blocked, you can choose to display a warning on any repositories with prior contributions from a blocked user. For more information, see "[Blocking a user in your account settings](#blocking-a-user-in-your-account-settings)." You may still see the activity of blocked users in shared spaces and blocked users can delete their existing content.

 {% tip %}

-**Tip:** If you're blocking a user because of a heated conversation, consider [locking the conversation](/articles/locking-conversations) so only collaborators can comment.
+**Tip:** If you're blocking a user because of a heated conversation, consider locking the conversation so only collaborators can comment. For more information, see "[Locking conversations](/github/building-a-strong-community/locking-conversations)."

 {% endtip %}

@ -22,8 +22,6 @@ When you block a user:
 - The user stops watching and unpins your repositories
 - The user is not able to join any organizations you are an owner of
 - The user's stars and issue assignments are removed from your repositories
- The user's forks of your repositories are deleted
- You delete any forks of the user's repositories
 - The user's votes on discussions or comments in your repositories are deleted
 - The user is removed as a collaborator on your repositories
 - The user's contributions to your repositories are no longer counted as contributions for them
--- a/content/github/getting-started-with-github/githubs-products.md
+++ b/content/github/getting-started-with-github/githubs-products.md
@ -85,6 +85,7 @@ In addition to the features available with {% data variables.product.prodname_te
 - {% data variables.contact.enterprise_support %}. For more information, see "<a href="/articles/github-enterprise-cloud-support" class="dotcom-only">{% data variables.product.prodname_ghe_cloud %} support</a>" and "<a href="/articles/github-enterprise-cloud-addendum" class="dotcom-only">{% data variables.product.prodname_ghe_cloud %} Addendum</a>."
 - 50,000 {% data variables.product.prodname_actions %} minutes
 - 50GB {% data variables.product.prodname_registry %} storage
+- Access control for {% data variables.product.prodname_pages %} sites. For more information, see <a href="/github/working-with-github-pages/changing-the-visibility-of-your-github-pages-site" class="dotcom-only">Changing the visibility of your {% data variables.product.prodname_pages %} site</a>"
 - A service level agreement for 99.9% monthly uptime
 - The option to centrally manage policy and billing for multiple {% data variables.product.prodname_dotcom_the_website %} organizations with an enterprise account. For more information, see "<a href="/articles/about-enterprise-accounts" class="dotcom-only">About enterprise accounts</a>."

--- a/content/github/setting-up-and-managing-organizations-and-teams/disabling-publication-of-github-pages-sites-for-your-organization.md
+++ b/content/github/setting-up-and-managing-organizations-and-teams/disabling-publication-of-github-pages-sites-for-your-organization.md
@ -1,29 +0,0 @@
---
-title: Disabling publication of GitHub Pages sites for your organization
-intro: 'You can prevent members of your organization from publishing {% data variables.product.prodname_pages %} sites from repositories in the organization.'
-permissions: 'Organization owners can disable publication of {% data variables.product.prodname_pages %} sites from repositories in the organization.'
-product: '{% data reusables.gated-features.pages %}'
-versions:
-  free-pro-team: '*'
-  enterprise-server: '>2.22'
-  github-ae: '*'
---
-
-### About restrictions on publication of {% data variables.product.prodname_pages %} sites
-
-You can control whether members of your organization can publish websites from repositories in your organization using {% data variables.product.prodname_pages %}. For more information about {% data variables.product.prodname_pages %}, see "[About {% data variables.product.prodname_pages %}](/github/working-with-github-pages/about-github-pages)."
-
-{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}If your site administrator has enabled Public Pages, {% endif %}{% data variables.product.prodname_pages %} sites are publicly available on the internet, even if the repository for the site is private{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.19" or currentVersion == "github-ae@latest" %} or internal{% endif %}. For more information, see{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} "[Configuring {% data variables.product.prodname_pages %} for your enterprise](/admin/configuration/configuring-github-pages-for-your-enterprise#enabling-public-sites-for-github-pages)" and{% endif %} "[About repository visibility](/github/creating-cloning-and-archiving-repositories/about-repository-visibility)."
-
-### Disabling publication of {% data variables.product.prodname_pages %} sites
-
-After you disable publication of {% data variables.product.prodname_pages %} sites, any published site will remain published. You can manually unpublish the site. For more information, see "[Unpublishing a {% data variables.product.prodname_pages %} site](/github/working-with-github-pages/unpublishing-a-github-pages-site)."
-
-{% data reusables.profile.access_profile %}
-{% data reusables.profile.access_org %}
-{% data reusables.organizations.org_settings %}
-{% data reusables.organizations.member-privileges %}
-1. Under "Pages creation", unselect **Allow members to publish sites**.
-  ![Unselected checkbox for "Allow members to publish sites" option](/assets/images/help/organizations/org-settings-pages-disable-publication-checkbox.png)
-1. Click **Save**.
-  !["Save" button for "Allow members to publish sites" option](/assets/images/help/organizations/org-settings-pages-disable-publication-save-button.png)
--- a/content/github/setting-up-and-managing-organizations-and-teams/index.md
+++ b/content/github/setting-up-and-managing-organizations-and-teams/index.md
@ -93,7 +93,7 @@ versions:
    {% link_in_list /changing-the-visibility-of-your-organizations-dependency-insights %}
    {% link_in_list /managing-the-display-of-member-names-in-your-organization %}
    {% link_in_list /managing-updates-from-accounts-your-organization-sponsors %}
-    {% link_in_list /disabling-publication-of-github-pages-sites-for-your-organization %}
+    {% link_in_list /managing-the-publication-of-github-pages-sites-for-your-organization %}
    {% link_in_list /deleting-an-organization-account %}
    {% link_in_list /converting-an-organization-into-a-user %}
    {% link_in_list /integrating-jira-with-your-organization-project-board %}
--- a/content/github/setting-up-and-managing-organizations-and-teams/managing-the-publication-of-github-pages-sites-for-your-organization.md
+++ b/content/github/setting-up-and-managing-organizations-and-teams/managing-the-publication-of-github-pages-sites-for-your-organization.md
@ -0,0 +1,32 @@
+---
+title: Managing the publication of GitHub Pages sites for your organization
+intro: 'You can control whether organization members can publish {% data variables.product.prodname_pages %} sites from repositories in the organization{% if currentVersion == "free-pro-team@latest" %} and restrict the visibilities that members can choose for the sites{% endif %}.'
+permissions: 'Organization owners can manage the publication of {% data variables.product.prodname_pages %} sites from repositories in the organization.'
+product: '{% data reusables.gated-features.pages %}'
+versions:
+  free-pro-team: '*'
+  enterprise-server: '>=3.0'
+redirect_from:
+  - /github/setting-up-and-managing-organizations-and-teams/disabling-publication-of-github-pages-sites-for-your-organization
+  
+---
+
+{% if currentVersion == "free-pro-team@latest" %}
+If your organization uses {% data variables.product.prodname_ghe_cloud %}, you can choose to allow organization members to create publicly published sites, privately published sites, both, or neither. Otherwise, you can choose to allow or disallow public publishing. For more information about access control for {% data variables.product.prodname_pages %} sites, see "[Changing the visibility of your {% data variables.product.prodname_pages %} site](/github/working-with-github-pages/changing-the-visibility-of-your-github-pages-site)."
+{% endif %}
+
+If you disallow publication of {% data variables.product.prodname_pages %} sites, any sites that are already published will remain published. You can manually unpublish the site. For more information, see "[Unpublishing a {% data variables.product.prodname_pages %} site](/github/working-with-github-pages/unpublishing-a-github-pages-site)."
+
+{% data reusables.profile.access_profile %}
+{% data reusables.profile.access_org %}
+{% data reusables.organizations.org_settings %}
+{% data reusables.organizations.member-privileges %}{% if currentVersion == "free-pro-team@latest" %}
+1. Under "Pages creation", select the visibilities you want to allow and deselect the visibilities you want to disallow.
+  ![Checkboxes to allow or disallow creation of {% data variables.product.prodname_pages %} sites](/assets/images/help/organizations/github-pages-creation-checkboxes.png){% else %}
+1. Under "Pages creation", select or deselect **Allow members to publish sites**.
+  ![Unselected checkbox for "Allow members to publish sites" option](/assets/images/help/organizations/org-settings-pages-disable-publication-checkbox.png){% endif %}
+1. Click **Save**.
+
+### Further reading
+
+- "[About {% data variables.product.prodname_pages %}](/github/working-with-github-pages/about-github-pages)"
--- a/content/github/setting-up-and-managing-organizations-and-teams/permission-levels-for-an-organization.md
+++ b/content/github/setting-up-and-managing-organizations-and-teams/permission-levels-for-an-organization.md
@ -53,22 +53,22 @@ Organization members can have *owner*{% if currentVersion == "free-pro-team@late
 | View and post private team discussions to **all teams** (see "[About team discussions](/articles/about-team-discussions)" for details) | **X** |  |  |
 | Edit and delete team discussions in **all teams** (see "[Managing disruptive comments](/articles/managing-disruptive-comments)" for details) | **X** |  |  |
 | Hide comments on commits, pull requests, and issues (see "[Managing disruptive comments](/articles/managing-disruptive-comments/#hiding-a-comment)" for details) | **X** | **X** | |
-| Disable team discussions for an organization (see "[Disabling team discussions for your organization](/articles/disabling-team-discussions-for-your-organization)" for details) | **X** |  |  |{% if currentVersion == "free-pro-team@latest" %}
-| Manage viewing of organization dependency insights (see "[Changing the visibility of your organization's dependency insights](/articles/changing-the-visibility-of-your-organizations-dependency-insights)" for details) | **X** |  |  |{% endif %}
+| Disable team discussions for an organization (see "[Disabling team discussions for your organization](/articles/disabling-team-discussions-for-your-organization)" for details) | **X** |  |  |
+| Manage viewing of organization dependency insights (see "[Changing the visibility of your organization's dependency insights](/articles/changing-the-visibility-of-your-organizations-dependency-insights)" for details) | **X** |  |  |
 | Set a team profile picture in **all teams** (see "[Setting your team's profile picture](/articles/setting-your-team-s-profile-picture)" for details) | **X** |  |  |
 | Sponsor accounts and manage the organization's sponsorships (see "[Sponsoring open-source contributors](/github/supporting-the-open-source-community-with-github-sponsors/sponsoring-open-source-contributors)" for details) | **X** | **X** | | 
 | Manage email updates from sponsored accounts (see "[Managing updates from accounts your organization's sponsors](/github/setting-up-and-managing-organizations-and-teams/managing-updates-from-accounts-your-organization-sponsors)" for details) | **X** | | |
 | Attribute your sponsorships to another organization (see "[Attributing sponsorships to your organization](/github/supporting-the-open-source-community-with-github-sponsors/attributing-sponsorships-to-your-organization)" for details ) | **X** | | |
-| Disable publication of {% data variables.product.prodname_pages %} sites from repositories in the organization (see "[Disabling publication of {% data variables.product.prodname_pages %} sites for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-publication-of-github-pages-sites-for-your-organization)" for details) | **X** | | |
+| Manage the publication of {% data variables.product.prodname_pages %} sites from repositories in the organization (see "[Managing the publication of {% data variables.product.prodname_pages %} sites for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-the-publication-of-github-pages-sites-for-your-organization)" for details) | **X** | | |
 | Manage security and analysis settings (see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)" for details) | **X** | | |
 | Enable and enforce [SAML single sign-on](/articles/about-identity-and-access-management-with-saml-single-sign-on) | **X** |  |  |
 | [Manage a user's SAML access to your organization](/github/setting-up-and-managing-organizations-and-teams/viewing-and-managing-a-members-saml-access-to-your-organization) | **X** |  |  |
 | Manage an organization's SSH certificate authorities (see "[Managing your organization's SSH certificate authorities](/articles/managing-your-organizations-ssh-certificate-authorities)" for details) | **X** |  |  |
 | Transfer repositories | **X** | |    |
 | Purchase, install, manage billing for, and cancel {% data variables.product.prodname_marketplace %} apps | **X** | | |
-| List apps in {% data variables.product.prodname_marketplace %} | **X** | | |{% if currentVersion != "github-ae@latest" %}
+| List apps in {% data variables.product.prodname_marketplace %} | **X** | | |
 | Receive [{% data variables.product.prodname_dependabot_alerts %} about vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies) for all of an organization's repositories | **X** |  |  |
-| Manage {% data variables.product.prodname_dependabot_security_updates %} (see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)") | **X** | | |{% endif %}
+| Manage {% data variables.product.prodname_dependabot_security_updates %} (see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)") | **X** | | |
 | [Manage the forking policy](/github/setting-up-and-managing-organizations-and-teams/managing-the-forking-policy-for-your-organization) | **X** |  |  |
 | [Limit activity in public repositories in an organization](/articles/limiting-interactions-in-your-organization) | **X** | | |
 | Pull (read), push (write), and clone (copy) *all repositories* in the organization | **X** | | |
@ -105,11 +105,11 @@ Organization members can have *owner*{% if currentVersion == "free-pro-team@late
 | Create project boards (see "[Project board permissions for an organization](/articles/project-board-permissions-for-an-organization)" for details) | **X** | **X** | |
 | View and post public team discussions to **all teams** (see "[About team discussions](/articles/about-team-discussions)" for details) | **X** | **X** |  |
 | View and post private team discussions to **all teams** (see "[About team discussions](/articles/about-team-discussions)" for details) | **X** |  |  |
-| Edit and delete team discussions in **all teams** (for more information, see "[Managing disruptive comments](/articles/managing-disruptive-comments) | **X** |  |  |
+| Edit and delete team discussions in **all teams** (for more information, see "[Managing disruptive comments](/articles/managing-disruptive-comments)) | **X** |  |  |
 | Hide comments on commits, pull requests, and issues (see "[Managing disruptive comments](/articles/managing-disruptive-comments/#hiding-a-comment)" for details) | **X** | **X** | **X** |
 | Disable team discussions for an organization (see "[Disabling team discussions for your organization](/articles/disabling-team-discussions-for-your-organization)" for details) | **X** |  |  |
-| Set a team profile picture in **all teams** (see "[Setting your team's profile picture](/articles/setting-your-team-s-profile-picture)" for details) | **X** |  |  |{% if currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
-| Disable publication of {% data variables.product.prodname_pages %} sites from repositories in the organization (see "[Disabling publication of {% data variables.product.prodname_pages %} sites for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-publication-of-github-pages-sites-for-your-organization)" for details) | **X** | | |{% endif %}
+| Set a team profile picture in **all teams** (see "[Setting your team's profile picture](/articles/setting-your-team-s-profile-picture)" for details) | **X** |  |  |{% if currentVersion ver_gt "enterprise-server@3.0" %}
+| Manage the publication of {% data variables.product.prodname_pages %} sites from repositories in the organization (see "[Managing the publication of {% data variables.product.prodname_pages %} sites for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-the-publication-of-github-pages-sites-for-your-organization)" for details) | **X** | |{% endif %}
 | [Move teams in an organization's hierarchy](/articles/moving-a-team-in-your-organization-s-hierarchy) | **X** | | |
 | Pull (read), push (write), and clone (copy) *all repositories* in the organization | **X** | |
 | Convert organization members to [outside collaborators](#outside-collaborators) | **X** | |
--- a/content/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization.md
+++ b/content/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization.md
@ -44,8 +44,8 @@ To search for specific events, use the `action` qualifier in your query. Actions
 | [`integration_installation_request`](#integration_installation_request-category-actions) | Contains all activities related to organization member requests for owners to approve integrations for use in the organization. |
 | [`issue`](#issue-category-actions) | Contains activities related to deleting an issue. {% if currentVersion == "free-pro-team@latest" %}
 | [`marketplace_agreement_signature`](#marketplace_agreement_signature-category-actions) | Contains all activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement.
-| [`marketplace_listing`](#marketplace_listing-category-actions) | Contains all activities related to listing apps in {% data variables.product.prodname_marketplace %}.{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
-| [`members_can_create_pages`](#members_can_create_pages-category-actions) | Contains all activities related to disabling the publication of {% data variables.product.prodname_pages %} sites for repositories in the organization. For more information, see "[Restricting publication of {% data variables.product.prodname_pages %} sites for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-publication-of-github-pages-sites-for-your-organization)." | {% endif %}
+| [`marketplace_listing`](#marketplace_listing-category-actions) | Contains all activities related to listing apps in {% data variables.product.prodname_marketplace %}.{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
+| [`members_can_create_pages`](#members_can_create_pages-category-actions) | Contains all activities related to managing the publication of {% data variables.product.prodname_pages %} sites for repositories in the organization. For more information, see "[Managing the publication of {% data variables.product.prodname_pages %} sites for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-the-publication-of-github-pages-sites-for-your-organization)." | {% endif %}
 | [`org`](#org-category-actions) | Contains activities related to organization membership.{% if currentVersion == "free-pro-team@latest" %}
 | [`org_credential_authorization`](#org_credential_authorization-category-actions) | Contains all activities related to authorizing credentials for use with SAML single sign-on.{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.19" or currentVersion == "github-ae@latest" %}
 | [`organization_label`](#organization_label-category-actions) | Contains all activities related to default labels for repositories in your organization.{% endif %}
@ -127,7 +127,7 @@ To ensure a secure IP and maintain compliance for your organization, you can use
 {% data reusables.audit_log.audit-log-api-info %}

 {% if currentVersion == "free-pro-team@latest" %}
-Note that you can't retrieve Git events using the GraphQL API.
+Note that you can't retrieve Git events using the GraphQL API. To retrieve Git events, use the REST API instead. For more information, see "[`git` category actions](#git-category-actions)." 
 {% endif %}

 The GraphQL response can include data for up to 90 to 120 days.
@ -307,11 +307,11 @@ For more information about the audit log REST API, see "[Organizations](/rest/re

 {% endif %}

-{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}

 #### `members_can_create_pages` category actions

-For more information, see "[Restricting publication of {% data variables.product.prodname_pages %} sites for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-publication-of-github-pages-sites-for-your-organization)."
+For more information, see "[Managing the publication of {% data variables.product.prodname_pages %} sites for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-the-publication-of-github-pages-sites-for-your-organization)."

 | Action | Description |
 | :- | :- |
--- a/content/github/setting-up-and-managing-your-github-profile/managing-your-profile-readme.md
+++ b/content/github/setting-up-and-managing-your-github-profile/managing-your-profile-readme.md
@ -54,6 +54,8 @@ GitHub will display your profile README on your profile page if all of the follo
  The generated README file is pre-populated with a template to give you some inspiration for your profile README.
  ![README file with pre-populated template](/assets/images/help/repository/personal-repository-readme-template.png)

+For a summary of all the available emojis and their codes, see "[Emoji cheat sheet](http://www.emoji-cheat-sheet.com/)."
+
 ### Removing a profile README

 The profile README is removed from your {% data variables.product.prodname_dotcom %} profile if any of the following apply:
--- a/content/github/site-policy-deprecated/github-ae-data-protection-agreement.md
+++ b/content/github/site-policy-deprecated/github-ae-data-protection-agreement.md
@ -1,7 +1,7 @@
 ---
 title: GitHub AE Data Protection Agreement
 hidden: true
-versions: 
+versions:
  free-pro-team: '*'
 redirect_from:
  - /github/site-policy/ghem-data-protection-addendum
@ -12,7 +12,7 @@ _These terms apply to Customers who licensed the Products prior to January 4, 20

 ## INTRODUCTION

-The parties agree that the GitHub AE Data Protection Agreement and Security Exhibit (together, the “**Data Protection Agreement**” or “**DPA**”) set forth obligations with respect to the processing and security of Customer Personal Data in connection with GitHub AE (the “**Online Service**”). GitHub makes the commitments in this DPA to all customers using the Online Service. 
+The parties agree that the GitHub AE Data Protection Agreement and Security Exhibit (together, the “**Data Protection Agreement**” or “**DPA**”) set forth obligations with respect to the processing and security of Customer Personal Data in connection with GitHub AE (the “**Online Service**”). GitHub makes the commitments in this DPA to all customers using the Online Service.

 In the event of any conflict or inconsistency between the DPA and any other terms in Customer’s agreements with GitHub (“Agreement”), the DPA shall prevail. For clarity, consistent with Clause 10 of the Standard Contractual Clauses in Attachment 1, the Standard Contractual Clauses prevail over any other terms in the DPA.

@ -90,54 +90,54 @@ e.   *The obligations and rights of Customer* are set out in the Agreement and t

 ### 4. Security and Audit Obligations.

-#### 4.1 Technical and Organizational Security Measures. 
+#### 4.1 Technical and Organizational Security Measures.
 Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, GitHub will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks, such as against accidental or unlawful destruction, or loss, alteration, unauthorized disclosure or access, presented by processing the Protected Data. GitHub will regularly monitor compliance with these measures and will continue to take appropriate safeguards throughout the duration of the Agreement. Please see Section 1.1 of the Security Exhibit (below) regarding GitHub’s responsibilities in relation to security safeguards.

-#### 4.2 Incident Response and Breach Notification. 
+#### 4.2 Incident Response and Breach Notification.
 GitHub will comply with the Information Security obligations in the Security Exhibit and the Applicable Data Protection Laws, including Data Breach notification obligations. Please see Section 1.2 of the Security Exhibit regarding GitHub’s responsibilities in relation to Data Breach response and notification.

-#### 4.3 GitHub Personnel. 
+#### 4.3 GitHub Personnel.
 GitHub represents and warrants that it will take reasonable steps to ensure that all GitHub personnel processing Protected Data have agreed to keep the Protected Data confidential and have received adequate training on compliance with the DPA and the Applicable Data Protection Laws.

-#### 4.4 Records. 
+#### 4.4 Records.
 GitHub will maintain complete, accurate, and up to date written records of all categories of processing activities carried out on behalf of Customer containing the information required under the Applicable Data Protection Laws. To the extent that assistance does not risk the security of GitHub or the privacy rights of individual Data Subjects, GitHub will make these records available to Customer on request as reasonably required, such as to help Customer demonstrate its compliance under the Applicable Data Protection Laws. To learn more about GitHub’s requirements to provide assistance in the event of a security incident, please see Section 1.2 of the Security Exhibit.

-#### 4.5 Compliance Reporting. 
+#### 4.5 Compliance Reporting.
 GitHub will provide security compliance reporting in accordance with Section 2.3 of the Security Exhibit. Customer agrees that any information and audit rights granted by the Applicable Data Protection Laws (including, where applicable, Article 28(3)(h) of the GDPR) will be satisfied by these compliance reports, and will only arise to the extent that GitHub’s provision of a compliance report does not provide sufficient information, or to the extent that Customer must respond to a regulatory or Supervisory Authority audit. Section 3.1 of the Security Exhibit describes the Parties’ responsibilities in relation to a regulatory or Supervisory Authority audit.

-#### 4.6 Assistance. 
+#### 4.6 Assistance.
 GitHub will provide reasonable assistance to Customer with concerns such as data privacy impact assessments, Data Subject rights requests, consultations with Supervisory Authorities, and other similar matters, in each case solely in relation to the processing of Customer’s Personal Data and taking into account the nature of processing.

 ### 5. Use and Disclosure of Protected Data.
-No Use in Marketing and CCPA. GitHub will not use the Protected Data for the purposes of advertising third-party content. If GitHub is processing Customer Personal Data within the scope of the CCPA, GitHub will not retain, use, or disclose that data for any purpose other than for the purposes set out in the DPA and as permitted under the CCPA, including under any “sale” exemption. In no event will GitHub sell any such data. 
+No Use in Marketing and CCPA. GitHub will not use the Protected Data for the purposes of advertising third-party content. If GitHub is processing Customer Personal Data within the scope of the CCPA, GitHub will not retain, use, or disclose that data for any purpose other than for the purposes set out in the DPA and as permitted under the CCPA, including under any “sale” exemption. In no event will GitHub sell any such data.

 ### 6. Subprocessing and Onward Transfer.

-#### 6.1 Protection of Data. 
+#### 6.1 Protection of Data.
 GitHub is liable for onward transfers of Protected Data to its subprocessors, such as its third-party payment processor. In the event that GitHub does transfer the Protected Data to a third-party subprocessor, or GitHub installs, uses, or enables a third party or third-party services to process the Protected Data on GitHub’s behalf, GitHub will ensure that the third-party subprocessor is bound by written agreement that requires them to provide at least the same level of confidentiality, security, and privacy protection as is required of GitHub by this DPA and the Applicable Data Protection Laws.

-#### 6.2 Acceptance of GitHub Subprocessors. 
-Customer authorizes GitHub and its subprocesors to appoint and use subprocessors in accordance with this Section 6 and the Agreement. 
+#### 6.2 Acceptance of GitHub Subprocessors.
+Customer authorizes GitHub and its subprocesors to appoint and use subprocessors in accordance with this Section 6 and the Agreement.

-#### 6.3 General Consent for Onward Subprocessing. 
+#### 6.3 General Consent for Onward Subprocessing.
 Customer provides a general consent for GitHub to engage onward subprocessors, conditional on GitHub’s compliance with the following requirements:

 a.  Any onward subprocessor must agree in writing to only process data in a country that the European Commission has declared to have an “adequate” level of protection; or to only process data on terms equivalent to the Standard Contractual Clauses, or pursuant to a Binding Corporate Rules approval granted by competent European data protection authorities, or pursuant to compliant and valid EU-US Privacy Shield and Swiss-U.S. Privacy Shield certifications; and

 b.  GitHub will restrict the onward subprocessor’s access to Customer Personal Data only to what is strictly necessary to perform its services, and GitHub will prohibit the subprocessor from processing the Customer Personal Data for any other purpose.

-#### 6.4 Disclosure of Subprocessor Agreements. 
+#### 6.4 Disclosure of Subprocessor Agreements.
 GitHub maintains a list of onward subprocessors it has engaged to process Customer Personal Data on its website, including the categories of Customer Personal Data processed, a description of the type of processing the subprocessor performs, and the location of its processing. GitHub will, upon Customer’s written request, provide Customer with this list of subprocessors and the terms under which they process the Customer Personal Data. Pursuant to subprocessor confidentiality restrictions, GitHub may remove any confidential or commercially sensitive information before providing the list and the terms to Customer. In the event that GitHub cannot disclose confidential or sensitive information to Customer, the Parties agree that GitHub will provide all information it reasonably can in connection with its subprocessing agreements.

-#### 6.5 Objection to Subprocessors. 
+#### 6.5 Objection to Subprocessors.
 GitHub will provide thirty days’ prior written notice of the addition or removal of any subprocessor, including the categories listed in Section 6.4, by announcing changes on its website. If Customer has a reasonable objection to GitHub’s engagement of a new subprocessor, Customer must notify GitHub promptly in writing. Where possible, GitHub will use commercially reasonable efforts to provide an alternative solution to the Online Services to avoid processing of data by the objectionable subprocessor. In the event that GitHub is unable to provide an alternative solution and the Parties cannot resolve the conflict within ninety days, Customer may terminate the Agreement.

 ### 7. Termination.

-#### 7.1 Suspension. 
+#### 7.1 Suspension.
 In the event that GitHub is in breach of its obligations to maintain an adequate level of security or privacy protection, Customer may temporarily suspend the transfer of all Customer Personal Data or prohibit collection and processing of Customer Personal Data on Customer’s behalf until the breach is repaired or the Agreement is terminated.

-#### 7.2 Termination with Cause. 
+#### 7.2 Termination with Cause.
 In addition to any termination rights Customer has under the Agreement, Customer may terminate the Agreement without prejudice to any other claims at law or in equity in the event that:

 a.  GitHub notifies Customer that it can no longer meet its privacy obligations;
@ -150,19 +150,19 @@ d.  GitHub is no longer carrying on business, is dissolved, enters receivership,

 e.  Customer objects to a subprocessor pursuant to Section 6.5, and GitHub has not been able to provide an alternative solution within ninety days.

-#### 7.3 Breach. 
+#### 7.3 Breach.
 Failure to comply with the material provisions of the DPA is considered a material breach under the Agreement.

-#### 7.4 Failure to perform. 
+#### 7.4 Failure to perform.
 In the event that changes in law or regulation render performance of the DPA impossible or commercially unreasonable, the Parties may renegotiate the DPA in good faith. If renegotiation would not cure the impossibility, or if the Parties cannot reach an agreement, the Parties may terminate the Agreement after thirty days.

-#### 7.5 Notification. 
+#### 7.5 Notification.
 In the event that GitHub determines that it can no longer meet its privacy obligations under the DPA, GitHub will notify Customer in writing immediately.

-#### 7.6 Modifications. 
+#### 7.6 Modifications.
 GitHub may modify the DPA from time to time as required by the Applicable Data Protection Laws, with thirty days’ notice to Customer.

-#### 7.7 Termination Requirements. 
+#### 7.7 Termination Requirements.
 Upon Termination, GitHub must:

 a.  take reasonable and appropriate steps to stop processing the Customer Personal Data;
@ -173,7 +173,7 @@ c.  provide Customer with reasonable assurance that GitHub has complied with its

 ### 8. Liability for Data Processing.

-#### 8.1 Limitations. 
+#### 8.1 Limitations.
 Except as limited by the Applicable Data Protection Laws, any claims brought under the DPA will be subject to the terms of the Agreement regarding Limitations of Liability.

 ## Attachment 1 – The Standard Contractual Clauses (Processors)
@ -351,8 +351,8 @@ Signature of GitHub, Inc. appears below.

 Signing the Standard Contractual Clauses, Appendix 1 and Appendix 2 on behalf of the data importer

-![Screen Shot 2020-10-29 at 10 21 08 AM](https://user-images.githubusercontent.com/42984983/97613325-c93eda00-19d5-11eb-82e8-563267d1d738.png)
-                                                                    	                                	
+![Lynn Hashimoto](/assets/images/lynn_hashimoto.png)
+
 Lynn Hashimoto, Head of Product & Regulatory Legal

 GitHub, Inc.
@ -361,14 +361,14 @@ GitHub, Inc.

 ### 1. Information Security Program.

-#### 1.1 Security Management. 
+#### 1.1 Security Management.
 GitHub will implement and maintain appropriate technical and organizational measures to protect Customer Content and Protected Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed (“**Security Program**”). Those measures shall be set forth in a GitHub Security Policy. GitHub will provide written descriptions of the security controls and other information reasonably requested by Customer regarding GitHub’s security practices and policies for the Online Service.

 a.	Operational Policy. GitHub maintains security documents describing its security measures and the relevant procedures and responsibilities of its personnel who have access to Customer Content and Protected Data.

 b.	Security Training. GitHub informs its personnel about relevant security procedures and their respective roles. GitHub also informs its personnel of possible consequences of breaching the security rules and procedures. GitHub will only use anonymous data in training.

-#### 1.2 Security Incident Management. 
+#### 1.2 Security Incident Management.
 GitHub will provide a Security incident management program for the Online Service as follows:

 a.	Security Availability and Escalation. GitHub will maintain appropriate security contact and escalation processes on a 24-hours-per-day, 7-days-per-week basis to ensure customers and employees can submit issues to the GitHub Security team.
@ -379,17 +379,17 @@ c.	Notification. Notification(s) of Security Incidents will be delivered to one

 d.	Reasonable Assistance. GitHub will make commercially reasonable efforts to assist Customer in fulfilling Customer's obligation under applicable law or regulation to notify the relevant supervisory authority and data subjects about such Security Incident.

-#### 1.3 Due Diligence over Subcontractors and Vendors. 
+#### 1.3 Due Diligence over Subcontractors and Vendors.
 GitHub will maintain appropriate due diligence when utilizing subcontractors and vendors. GitHub will maintain vendor assessment reports and any assessment work for a minimum of three years.

-#### 1.4 Physical and Environmental Safeguards. 
+#### 1.4 Physical and Environmental Safeguards.
 a.	Physical Access to Facilities. GitHub limits access to facilities where information systems that process Customer Content and Protected Data are located to identified authorized individuals.

 b.	Physical Access to Components. GitHub maintains records of the incoming and outgoing media containing Customer Content and Protected Data, including the kind of media, the authorized sender/recipients, date and time, the number of media and the types of Customer Content and Protected Data they contain.

 c.	Protection from Disruptions. GitHub uses industry standard systems to protect against loss of data due to power supply failure or line interference.

-#### 2. Requests for Information. 
+#### 2. Requests for Information.
 Upon Customer's written request and no more than once annually, GitHub will respond to one request for information to assess security and compliance risk-related information. The response will be provided in writing within thirty days of receipt of the request, pending needed clarifications of any request.

 #### 3. Cooperation with Regulatory Audits.
--- a/content/github/site-policy/github-subprocessors-and-cookies.md
+++ b/content/github/site-policy/github-subprocessors-and-cookies.md
@ -10,7 +10,7 @@ versions:
  free-pro-team: '*'
 ---

-Effective date: **January 6, 2021**
+Effective date: **January 21, 2021**

 GitHub provides a great deal of transparency regarding how we use your data, how we collect your data, and with whom we share your data. To that end, we provide this page, which details [our subprocessors](#github-subprocessors), and how we use [cookies](#cookies-on-github).

@ -34,10 +34,9 @@ When we share your information with third party subprocessors, such as our vendo
 | Monday.com | Team collaboration and project management platform | United States | Israel |
 | Nexmo | SMS notification provider | United States | United States |
 | Salesforce.com | Customer relations management | United States | United States |
-| Sendgrid | Transactional mail services provider | United States | United States |
 | Sentry.io | Application monitoring provider | United States | United States |
 | Stripe | Payment provider | United States | United States |
-| Twilio | SMS notification provider | United States | United States |
+| Twilio & Twilio Sendgrid | SMS notification provider & transactional mail service provider | United States | United States |
 | Zendesk | Customer support ticketing system | United States | United States |
 | Zuora | Corporate billing system | United States | United States |

@ -47,7 +46,7 @@ When we bring on a new subprocessor who handles our Users' Personal Information,

 GitHub uses cookies to provide and secure our websites, as well as to analyze the usage of our websites, in order to offer you a great user experience. Please take a look at our [Privacy Statement](/github/site-policy/github-privacy-statement#our-use-of-cookies-and-tracking) if you’d like more information about cookies, and on how and why we use them. 
 
-Since the number and names of cookies may change,the table below may be updated from time to time.
+Since the number and names of cookies may change, the table below may be updated from time to time.

 | Service Provider | Cookie Name | Description | Expiration* |
 |:---|:---|:---|:---|
--- a/content/github/supporting-the-open-source-community-with-github-sponsors/sponsoring-an-open-source-contributor.md
+++ b/content/github/supporting-the-open-source-community-with-github-sponsors/sponsoring-an-open-source-contributor.md
@ -22,7 +22,7 @@ You can sponsor an account on behalf of your user account to invest in projects
 - Developing brand awareness as an organization that values open source
 - Thanking open source developers for building libraries that complement the product your organization offers

-You can use a credit card to sponsor an account on {% data variables.product.product_name %}. If your organization wants to be invoiced, [contact us](https://support.github.com/contact/org-sponsors-waitlist).
+You can use a credit card to sponsor an account on {% data variables.product.product_name %}. If your organization wants to pay by invoice, [contact us](https://support.github.com/contact/org-sponsors-waitlist).

 {% data reusables.sponsors.no-fees %} For more information, see "[About billing for {% data variables.product.prodname_sponsors %}](/articles/about-billing-for-github-sponsors)."

--- a/content/github/working-with-github-pages/about-github-pages.md
+++ b/content/github/working-with-github-pages/about-github-pages.md
@ -24,10 +24,14 @@ versions:
 You can host your site on {% data variables.product.prodname_dotcom %}'s `github.io` domain or your own custom domain. For more information, see "[Using a custom domain with {% data variables.product.prodname_pages %}](/articles/using-a-custom-domain-with-github-pages)."
 {% endif %}

+{% if currentVersion == "free-pro-team@latest" %}
+{% data reusables.pages.about-private-publishing %} For more information, see "[Changing the visibility of your {% data variables.product.prodname_pages %} site](/github/working-with-github-pages/changing-the-visibility-of-your-github-pages-site)."
+{% endif %}
+
 To get started, see "[Creating a {% data variables.product.prodname_pages %} site](/articles/creating-a-github-pages-site)."

-{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
-Organization owners can disable the publication of {% data variables.product.prodname_pages %} sites from the organization's repositories. For more information, see "[Disabling publication of {% data variables.product.prodname_pages %} sites for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-publication-of-github-pages-sites-for-your-organization)."
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
+Organization owners can disable the publication of {% data variables.product.prodname_pages %} sites from the organization's repositories. For more information, see "[Managing the publication of {% data variables.product.prodname_pages %} sites for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-the-publication-of-github-pages-sites-for-your-organization)."
 {% endif %}

 ### Types of {% data variables.product.prodname_pages %} sites
@ -38,6 +42,10 @@ To publish a user site, you must create a repository owned by your user account

 The source files for a project site are stored in the same repository as their project. {% if currentVersion == "free-pro-team@latest" %}Unless you're using a custom domain, project sites are available at `http(s)://<username>.github.io/<repository>` or `http(s)://<organization>.github.io/<repository>`.{% elsif currentVersion == "github-ae@latest" %}Project sites are available at `http(s)://pages.<hostname>/<username>/<repository>/` or `http(s)://pages.<hostname>/<organization>/<repository>/`.{% endif %}

+{% if currentVersion == "free-pro-team@latest" %}
+If you publish your site privately, the URL for your site will be different. For more information, see "[Changing the visibility of your {% data variables.product.prodname_pages %} site](/github/working-with-github-pages/changing-the-visibility-of-your-github-pages-site)."
+{% endif %}
+
 {% if currentVersion == "free-pro-team@latest" %}
 For more information about how custom domains affect the URL for your site, see "[About custom domains and {% data variables.product.prodname_pages %}](/articles/about-custom-domains-and-github-pages)."
 {% endif %}
@ -87,9 +95,9 @@ The default publishing source for a project site is the `gh-pages` branch. If th

 Project sites can also be published from the `master` branch or a `/docs` folder on the `master` branch. To publish your site from one of these sources, you must configure a different publishing source. For more information, see "[Configuring a publishing source for your {% data variables.product.prodname_pages %} site](/articles/configuring-a-publishing-source-for-your-github-pages-site#choosing-a-publishing-source)."

- If you choose the `/docs` folder of the `master` branch as your publishing source, {% data variables.product.prodname_pages %} will read everything to publish your site{% if currentVersion == "free-pro-team@latest" %}, including the _CNAME_ file,{% endif %} from the `/docs` folder.{% if currentVersion == "free-pro-team@latest" %} For example, when you edit your custom domain through the {% data variables.product.prodname_pages %} settings, the custom domain will write to `/docs/CNAME`. For more information about _CNAME_ files, see "[Managing a custom domain for your {% data variables.product.prodname_pages %} site](/articles/managing-a-custom-domain-for-your-github-pages-site)."{% endif %}
+If you choose the `/docs` folder of the `master` branch as your publishing source, {% data variables.product.prodname_pages %} will read everything to publish your site{% if currentVersion == "free-pro-team@latest" %}, including the _CNAME_ file,{% endif %} from the `/docs` folder.{% if currentVersion == "free-pro-team@latest" %} For example, when you edit your custom domain through the {% data variables.product.prodname_pages %} settings, the custom domain will write to `/docs/CNAME`. For more information about _CNAME_ files, see "[Managing a custom domain for your {% data variables.product.prodname_pages %} site](/articles/managing-a-custom-domain-for-your-github-pages-site)."{% endif %}

- You cannot publish your project site from any other branch, even if the default branch is not `master` or `gh-pages`.
+You cannot publish your project site from any other branch, even if the default branch is not `master` or `gh-pages`.

 {% endif %}

--- a/content/github/working-with-github-pages/changing-the-visibility-of-your-github-pages-site.md
+++ b/content/github/working-with-github-pages/changing-the-visibility-of-your-github-pages-site.md
@ -0,0 +1,29 @@
+---
+title: Changing the visibility of your GitHub Pages site
+intro: 'You can manage access control for your project site by publishing the site publicly or privately.'
+product: '{% data reusables.gated-features.private-pages %}'
+versions:
+  free-pro-team: '*'
+permissions: People with admin permissions for a repository can change the visibility of a {% data variables.product.prodname_pages %} site.
+---
+
+### About access control for {% data variables.product.prodname_pages %} sites
+
+If your project site is published from a private or internal repository that's owned by an organization using {% data variables.product.prodname_ghe_cloud %}, you can manage access control for the site. With access control, you can choose to publish the site publicly to anyone on the internet or privately to people with read access to your repository. A privately published site can be used to share your internal documentation or knowledge base with members of your enterprise. You cannot manage access control for an organization site. For more information about the types of {% data variables.product.prodname_pages %} sites, see "[About GitHub Pages](/github/working-with-github-pages/about-github-pages#types-of-github-pages-sites)." 
+
+Privately published sites are available at a different subdomain than publicly published sites. You can see your site's URL in the repository settings. If you're using a static site generator configured to build the site with the repository name as a path, you may need to update the settings for the static site generator when changing the site to private. For more information, see "[Configuring Jekyll in your {% data variables.product.prodname_pages %} site](/github/working-with-github-pages/managing-a-custom-domain-for-your-github-pages-site#configuring-a-subdomain)" or the documentation for your static site generator.
+
+### Changing the visibility of your {% data variables.product.prodname_pages %} site
+
+{% data reusables.pages.navigate-site-repo %}
+{% data reusables.repositories.sidebar-settings %}
+3. Under "{% data variables.product.prodname_pages %}", select the **{% data variables.product.prodname_pages %} visibility** drop-down menu, then click a visibility.
+   ![Drop-down to choose a visibility for your site](/assets/images/help/pages/public-or-private-visibility.png)
+4. To see your published site, under "{% data variables.product.prodname_pages %}", click your site's URL.
+![URL of your privately published site](/assets/images/help/pages/click-private-pages-url-to-preview.png)
+
+  {% note %}
+
+  {% data reusables.pages.twenty-minutes-to-publish %}
+
+  {% endnote %}
--- a/content/github/working-with-github-pages/creating-a-github-pages-site-with-jekyll.md
+++ b/content/github/working-with-github-pages/creating-a-github-pages-site-with-jekyll.md
@ -11,6 +11,8 @@ versions:
  github-ae: '*'
 ---

+{% data reusables.pages.org-owners-can-restrict-pages-creation %}
+
 ### Prerequisites

 Before you can use Jekyll to create a {% data variables.product.prodname_pages %} site, you must install Jekyll and Git. For more information, see [Installation](https://jekyllrb.com/docs/installation/) in the Jekyll documentation and "[Set up Git](/articles/set-up-git)."
@ -96,7 +98,8 @@ $ git remote add origin https://<em>HOSTNAME</em>/<em>USER</em>/<em>REPOSITORY</
   ```
 {% data reusables.pages.configure-publishing-source %}
 {% data reusables.pages.navigate-site-repo %}
-{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.sidebar-settings %}{% if currentVersion == "free-pro-team@latest" %}
+{% data reusables.pages.choose-visibility %}{% endif %}
 {% data reusables.pages.visit-site %}

 {% data reusables.pages.admin-must-push %}
--- a/content/github/working-with-github-pages/creating-a-github-pages-site.md
+++ b/content/github/working-with-github-pages/creating-a-github-pages-site.md
@ -14,6 +14,8 @@ versions:
  github-ae: '*'
 ---

+{% data reusables.pages.org-owners-can-restrict-pages-creation %}
+
 ### Creating a repository for your site

 {% data reusables.pages.new-or-existing-repo %}
@ -36,14 +38,15 @@ versions:
 3. If your chosen publishing source already exists, navigate to the publishing source. If your chosen publishing source doesn't exist, create the publishing source.
 4. In the root of the publishing source, create a new file called `index.md` that contains the content you want to display on the main page of your site.
 {% data reusables.pages.configure-publishing-source %}
-{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.sidebar-settings %}{% if currentVersion == "free-pro-team@latest" %}
+{% data reusables.pages.choose-visibility %}{% endif %}
 {% data reusables.pages.visit-site %}

 {% data reusables.pages.admin-must-push %}

 ### Next steps

-You can add more pages to your site by creating more new files. Each file will be available on your site in the same directory structure as your publishing source. For example, if the publishing source for your project site is the `gh-pages` branch, and you create a new file called `/about/contact-us.md` on the `gh-pages` branch, the file will be available at {% if currentVersion == "free-pro-team@latest" %}`https://<user>.github.io/<repository>/{% else %}`http(s)://<hostname>/pages/<username>/<repository>/{% endif %}about/contact-us.md`.
+You can add more pages to your site by creating more new files. Each file will be available on your site in the same directory structure as your publishing source. For example, if the publishing source for your project site is the `gh-pages` branch, and you create a new file called `/about/contact-us.md` on the `gh-pages` branch, the file will be available at {% if currentVersion == "free-pro-team@latest" %}`https://<user>.github.io/<repository>/{% else %}`http(s)://<hostname>/pages/<username>/<repository>/{% endif %}about/contact-us.html`.

 You can also add a theme to customize your site’s look and feel. For more information, see {% if currentVersion == "free-pro-team@latest" %}"[Adding a theme to your {% data variables.product.prodname_pages %} site with the theme chooser](/articles/adding-a-theme-to-your-github-pages-site-with-the-theme-chooser){% else %}"[Adding a theme to your {% data variables.product.prodname_pages %} site using Jekyll](/articles/adding-a-theme-to-your-github-pages-site-using-jekyll){% endif %}."

--- a/content/github/working-with-github-pages/index.md
+++ b/content/github/working-with-github-pages/index.md
@ -25,6 +25,7 @@ versions:
    {% link_in_list /creating-a-github-pages-site %}
    {% link_in_list /adding-a-theme-to-your-github-pages-site-with-the-theme-chooser %}
    {% link_in_list /configuring-a-publishing-source-for-your-github-pages-site %}
+    {% link_in_list /changing-the-visibility-of-your-github-pages-site %}
    {% link_in_list /creating-a-custom-404-page-for-your-github-pages-site %}
    {% link_in_list /securing-your-github-pages-site-with-https %}
    {% link_in_list /using-submodules-with-github-pages %}
--- a/content/github/working-with-github-pages/unpublishing-a-github-pages-site.md
+++ b/content/github/working-with-github-pages/unpublishing-a-github-pages-site.md
@ -1,6 +1,6 @@
 ---
 title: Unpublishing a GitHub Pages site
-intro: 'You can unpublish your {% data variables.product.prodname_pages %} site so that the site is no longer available to {% if currentVersion == "free-pro-team@latest" %}the public{% else %}everyone using {% data variables.product.product_location %}{% endif %}.'
+intro: 'You can unpublish your {% data variables.product.prodname_pages %} site so that the site is no longer available.'
 redirect_from:
  - /articles/how-do-i-unpublish-a-project-page/
  - /articles/unpublishing-a-project-page/
--- a/content/rest/reference/permissions-required-for-github-apps.md
+++ b/content/rest/reference/permissions-required-for-github-apps.md
@ -107,7 +107,7 @@ _Search_
 - [`GET /search/topics`](/rest/reference/search#search-topics)
 - [`GET /search/users`](/rest/reference/search#search-users)

-{% if currentVersion == "free-pro-team@latest" %}
+{% if currentVersion == "free-pro-team@latest"  or currentVersion ver_gt "enterprise-server@2.21" %}
 ### Permission on "actions"

 - [`GET /repos/:owner/:repo/actions/artifacts`](/rest/reference/actions#list-artifacts-for-a-repository) (:read)
@ -202,6 +202,9 @@ _Branches_
 - [`POST /repos/:owner/:repo/branches/:branch/protection/restrictions/users`](/rest/reference/repos#add-user-access-restrictions) (:write)
 - [`PUT /repos/:owner/:repo/branches/:branch/protection/restrictions/users`](/rest/reference/repos#set-user-access-restrictions) (:write)
 - [`DELETE /repos/:owner/:repo/branches/:branch/protection/restrictions/users`](/rest/reference/repos#remove-user-access-restrictions) (:write)
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@latest" %}
+- [`POST /repos/:owner/:repo/branches/:branch/rename`](/rest/reference/repos#rename-a-branch) (:write)
+{% endif %}

 _Collaborators_
 - [`PUT /repos/:owner/:repo/collaborators/:username`](/rest/reference/repos#add-a-repository-collaborator) (:write)
@ -347,6 +350,9 @@ _Branches_
 - [`POST /repos/:owner/:repo/branches/:branch/protection/restrictions/apps`](/rest/reference/repos#add-app-access-restrictions) (:write)
 - [`PUT /repos/:owner/:repo/branches/:branch/protection/restrictions/apps`](/rest/reference/repos#set-app-access-restrictions) (:write)
 - [`DELETE /repos/:owner/:repo/branches/:branch/protection/restrictions/apps`](/rest/reference/repos#remove-user-access-restrictions) (:write)
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@latest" %}
+- [`POST /repos/:owner/:repo/branches/:branch/rename`](/rest/reference/repos#rename-a-branch) (:write)
+{% endif %}

 _Commit comments_
 - [`PATCH /repos/:owner/:repo/comments/:comment_id`](/rest/reference/repos#update-a-commit-comment) (:write)
--- a/contributing/content-markup-reference.md
+++ b/contributing/content-markup-reference.md
@ -98,10 +98,10 @@ These instructions are pertinent to Windows users.
 {% endlinux %}
 ```

-You can define a default platform in the frontmatter, see the [content README](../content/README.md#defaultplatform).
+You can define a default platform in the frontmatter. For more information, see the [content README](../content/README.md#defaultplatform).

 ## Reusable and variable strings of text

 Reusable strings (commonly called content references or conrefs) contain content that’s used in more than one place in our documentation and allow us to change the content in a single location rather than every place the string appears.

-For longer strings, we use [reusables](), and for shorter strings, we use [variables](). See each linked README for usage instructions.
+For longer strings, we use reusables, and for shorter strings, we use variables. For more information about reusables, see the [reusables README](../data/reusables/README.md). For more information about variables, see the [variables README](../data/variables/README.md).
--- a/contributing/development.md
+++ b/contributing/development.md
@ -15,7 +15,7 @@ Once you've installed Node.js (which includes the popular `npm` package manager)
 ```sh
 git clone https://github.com/github/docs
 cd docs
-npm install
+npm ci
 npm run build
 npm start
 ```
@ -24,7 +24,9 @@ You should now have a running server! Visit [localhost:4000](http://localhost:40

 When you're ready to stop your local server, type <kbd>CTRL</kbd><kbd>c</kbd> in your terminal window.

-Note that `npm run build` is a one-time step that create static assets.
+Note that `npm ci` and `npm run build` are steps that should typically only need to be run once each time you pull the latest for a branch.
+ - `npm ci` does a clean install of dependencies, without updating the `package-lock.json` file
+ - `npm run build` creates static assets, such as the `dist/index.js` and `dist/index.css` files

 ### Using GitHub Codespaces

--- a/data/learning-tracks/actions.yml
+++ b/data/learning-tracks/actions.yml
@ -30,6 +30,13 @@ continuous_deployment:
    - /actions/guides/publishing-java-packages-with-maven
    - /actions/guides/publishing-java-packages-with-gradle
    - /actions/guides/publishing-docker-images
+deploy_to_the_cloud:
+  title: 'Deploy to the cloud'
+  description: 'Learn how to use {% data variables.product.prodname_actions %} to build an application and deploy it to various cloud-based platforms.'
+  guides:
+    - /actions/guides/deploying-to-amazon-elastic-container-service
+    - /actions/guides/deploying-to-azure-app-service
+    - /actions/guides/deploying-to-google-kubernetes-engine
 hosting_your_own_runners:
  title: 'Host your own runners'
  description: 'You can create self-hosted runners to run workflows in a highly customizable environment.'
--- a/data/reusables/desktop/delete-tag.md
+++ b/data/reusables/desktop/delete-tag.md
@ -0,0 +1,6 @@
+1. Right-click the commit.
+
+    - If a commit has only one tag, click **Delete Tag TAG NAME**.
+  ![Select the delete tag menu item](/assets/images/help/desktop/select-delete-tag.png)
+    - If a commit has multiple tags, hover over **Delete Tag...** and then click the tag that you want to delete.
+  ![Hover over the delete tag menu](/assets/images/help/desktop/delete-tag-multiple.png)
--- a/data/reusables/gated-features/private-pages.md
+++ b/data/reusables/gated-features/private-pages.md
@ -0,0 +1 @@
+Access control for {% data variables.product.prodname_pages %} sites is available in private repositories with {% data variables.product.prodname_ghe_cloud %}.
--- a/data/reusables/github-actions/macos-runner-preview.md
+++ b/data/reusables/github-actions/macos-runner-preview.md
@ -1,5 +1,5 @@
 {% note %}

-**Note:** The macOS 11.0 virtual environment is currently provided as a preview only. The `macos-latest` YAML workflow label still uses the macOS 10.15 virtual environment.
+**Note:** The macOS 11.0 virtual environment is currently provided as a private preview only. Any users or organizations that are already using this runner can continue using it, but we're not accepting any further users or organizations at this time. The `macos-latest` YAML workflow label still uses the macOS 10.15 virtual environment.

 {% endnote %}
--- a/data/reusables/pages/about-private-publishing.md
+++ b/data/reusables/pages/about-private-publishing.md
@ -0,0 +1 @@
+If your project site is published from a private or internal repository owned by an organization using {% data variables.product.prodname_ghe_cloud %}, you can manage access control for the site.
--- a/data/reusables/pages/choose-visibility.md
+++ b/data/reusables/pages/choose-visibility.md
@ -0,0 +1,2 @@
+1. Optionally, if you're publishing a project site from a private or internal repository owned by an organization using {% data variables.product.prodname_ghe_cloud %}, choose the visibility for your site. Under "{% data variables.product.prodname_pages %}", select the **{% data variables.product.prodname_pages %} visibility** drop-down menu, then click a visibility. For more information, see "[Changing the visibility of your {% data variables.product.prodname_pages %} site](/github/working-with-github-pages/changing-the-visibility-of-your-github-pages-site)".
+   ![Drop-down to select visibility for your site](/assets/images/help/pages/public-or-private-visibility.png)
--- a/data/reusables/pages/org-owners-can-restrict-pages-creation.md
+++ b/data/reusables/pages/org-owners-can-restrict-pages-creation.md
@ -0,0 +1,7 @@
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
+{% note %}
+
+**Note:** Organization owners can restrict the publication of {% data variables.product.prodname_pages %} sites from repositories owned by the organization. For more information, see "[Managing the publication of {% data variables.product.prodname_pages %} sites](/github/setting-up-and-managing-organizations-and-teams/managing-the-publication-of-github-pages-sites-for-your-organization)."
+
+{% endnote %}
+{% endif %}
--- a/data/reusables/pages/private_pages_are_public_warning.md
+++ b/data/reusables/pages/private_pages_are_public_warning.md
@ -1,5 +1,5 @@
-  {% warning %}
+{% warning %}

-  **Warning**: {% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}If your site administrator has enabled Public Pages, {% endif %}{% data variables.product.prodname_pages %} sites are publicly available on the internet, even if the repository for the site is private{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.19" or currentVersion == "github-ae@latest" %} or internal{% endif %}. If you have sensitive data in your site's repository, you may want to remove it before publishing. For more information, see{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} "[Configuring {% data variables.product.prodname_pages %} for your enterprise](/admin/configuration/configuring-github-pages-for-your-enterprise#enabling-public-sites-for-github-pages)" and{% endif %} "[About repository visibility](/github/creating-cloning-and-archiving-repositories/about-repository-visibility)."
+**Warning**: {% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}If your site administrator has enabled Public Pages, {% endif %}{% data variables.product.prodname_pages %} sites are publicly available on the internet{% if currentVersion == "free-pro-team@latest" %} by default{% endif %}, even if the repository for the site is private or internal.{% if currentVersion == "free-pro-team@latest" %} {% data reusables.pages.about-private-publishing %} Otherwise, if{% else %} If{% endif %} you have sensitive data in your site's repository, you may want to remove the data before publishing. For more information, see{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %} "[Configuring {% data variables.product.prodname_pages %} for your enterprise](/admin/configuration/configuring-github-pages-for-your-enterprise#enabling-public-sites-for-github-pages)" and{% endif %} "[About repository visibility](/github/creating-cloning-and-archiving-repositories/about-repository-visibility){% if currentVersion == "free-pro-team@latest" %}" and "[Changing the visibility of your {% data variables.product.prodname_pages %} site](/github/working-with-github-pages/changing-the-visibility-of-your-github-pages-site)."{% else %}."{% endif %}

-  {% endwarning %}
+{% endwarning %}
--- a/data/reusables/pages/twenty-minutes-to-publish.md
+++ b/data/reusables/pages/twenty-minutes-to-publish.md
@ -0,0 +1 @@
+**Note:** It can take up to 20 minutes for changes to your site to publish after you push the changes to {% data variables.product.product_name %}. If your don't see your changes reflected in your browser after an hour, see "[About Jekyll build errors for {% data variables.product.prodname_pages %} sites](/articles/about-jekyll-build-errors-for-github-pages-sites)."
--- a/data/reusables/pages/visit-site.md
+++ b/data/reusables/pages/visit-site.md
@ -3,6 +3,6 @@

  {% note %}

-  **Note:** It can take up to 20 minutes for changes to your site to publish after you push the changes to {% data variables.product.product_name %}. If your don't see your changes reflected in your browser after an hour, see "[About Jekyll build errors for {% data variables.product.prodname_pages %} sites](/articles/about-jekyll-build-errors-for-github-pages-sites)."
+  {% data reusables.pages.twenty-minutes-to-publish %}

  {% endnote %}
--- a/javascripts/search.js
+++ b/javascripts/search.js
@ -42,6 +42,8 @@ export default function search () {
  searchWithYourKeyboard('#search-input-container input', '.ais-Hits-item')
  toggleSearchDisplay()

+  $searchInputContainer.querySelector('form')
+    .addEventListener('submit', evt => evt.preventDefault())
  $searchInput.addEventListener('keyup', debounce(onSearch))
 }

@ -261,6 +263,6 @@ function tmplSearchResult ({ url, breadcrumbs, heading, title, content }) {
 function markify (text) {
  const { mark } = tags
  return text
-    .split(/<\/?em>/g)
+    .split(/<\/?mark>/g)
    .map((el, i) => i % 2 ? mark(el) : el)
 }
--- a/layouts/error-404.html
+++ b/layouts/error-404.html
@ -19,7 +19,7 @@
          </div>

          <div class="col-md-8 col-lg-6 mx-auto">
-            <img src="https://octodex.github.com/images/waldocat.png" alt="waldocat">
+            <img src="/assets/images/site/waldocat.png" alt="waldocat">
          </div>

          <div class="col-lg-12 mt-6">
--- a/layouts/error-500.html
+++ b/layouts/error-500.html
@ -16,7 +16,7 @@
          <pre><code>{{ error.stack }}</code></pre>
        {% endif %}

-        <img src="https://octodex.github.com/images/labtocat.png" alt="labtocat">
+        <img src="/assets/images/site/labtocat.png" alt="labtocat">
      </article>
    </div>

--- a/layouts/release-notes.html
+++ b/layouts/release-notes.html
@ -7,12 +7,12 @@
  <body class="d-lg-flex">
    {% include sidebar %}

-    <main class="width-full">
+    <main class="flex-1 min-width-0">
      {% include header %}
      {% include deprecation-banner %}

-      <div class="d-flex flex-items-stretch">
-        <article class="flex-auto">
+      <div class="d-flex">
+        <article class="min-width-0 flex-1">
          <div class="d-flex flex-items-center flex-justify-between bg-white text-bold px-5 py-2">
            {% if prevRelease %}
              <a
@ -39,8 +39,8 @@

          <div class="markdown-body">
            {% for patch in releaseNotes %}
-              <div class="js-release-notes-patch mb-10 bg-gray-light px-3 pb-6 border-bottom border-top" data-version="{{ patch.version }}">
-                <header class="container-xl position-sticky top-0 bg-gray-light border-bottom pt-4 pb-2 js-release-notes-patch-heading" data-version="{{ patch.version }}">
+              <div class="js-release-notes-patch mb-10 bg-gray-light pb-6 border-bottom border-top" data-version="{{ patch.version }}">
+                <header class="container-xl position-sticky top-0 bg-gray-light border-bottom px-3 pt-4 pb-2 js-release-notes-patch-heading" data-version="{{ patch.version }}">
                  <div class="d-flex flex-items-center">
                    <h2 class="border-bottom-0 m-0 p-0">
                      {{ allVersions[currentVersion].versionTitle }}.{{ patch.patchVersion }}
@ -62,16 +62,16 @@
                  <p class="text-gray mt-1">{{ patch.date | date: "%B %d, %Y" }}</p>
                </header>

-                <div class="container-xl" id="{{ patch.version }}">
-                  <p class="mt-3">{{ patch.intro }}</p>
+                <div class="container-xl px-3" id="{{ patch.version }}">
+                  <div class="mt-3">{{ patch.intro }}</div>

                  {% for section in patch.sections %}
-                    <div class="release-notes-section-{{ section[0] }} py-6 d-block d-xl-flex flex-items-baseline {% unless forloop.last %}border-bottom{% endunless %}">
-                      <div class="mr-2 flex-shrink-0 mb-5 col-12 col-xl-3">
+                    <div class="release-notes-section-{{ section[0] }} py-6 d-block d-xl-flex gutter-xl flex-items-baseline {% unless forloop.last %}border-bottom{% endunless %}">
+                      <div class="col-12 col-xl-3 mb-5">
                        {% include 'release-notes-category-label' %}
                      </div>

-                      <ul class="flex-auto pl-5 pl-xl-0 release-notes-list">
+                      <ul class="col-12 col-xl-9 release-notes-list">
                        {% for note in section[1] %}
                          <li class="release-notes-list-item {% if note.heading %}list-style-none{% endif %}">
                            {% if note.heading %}
@ -102,7 +102,7 @@

        <aside
          class="markdown-body position-sticky top-0 d-none d-md-block border-left no-print bg-white flex-shrink-0"
-          style="width: 300px; height: 100vh;"
+          style="width: 260px; height: 100vh;"
        >
          <nav class="height-full overflow-auto">
            <ul class="list-style-none pl-0 text-bold">
--- a/lib/liquid-tags/link.js
+++ b/lib/liquid-tags/link.js
@ -4,8 +4,9 @@ const Liquid = require('liquid')
 const liquid = new Liquid.Engine()
 const LiquidTag = require('./liquid-tag')
 const findPage = require('../find-page')
+const { getPathWithoutLanguage, getPathWithoutVersion } = require('../path-utils')
 const getApplicableVersions = require('../get-applicable-versions')
-const { getPathWithLanguage } = require('../path-utils')
+const removeFPTFromPath = require('../remove-fpt-from-path')

 // This class supports a set of link tags. Each tag expects one parameter, a language-agnostic href:
 //
@ -72,8 +73,8 @@ module.exports = class Link extends LiquidTag {
      fullPath = path.join(dirName, href)
    }

-    // add language code
-    fullPath = getPathWithLanguage(fullPath, ctx.currentLanguage)
+    // add language code and version
+    fullPath = removeFPTFromPath(path.posix.join('/', ctx.currentLanguage, ctx.currentVersion, getPathWithoutLanguage(getPathWithoutVersion(fullPath))))

    // find the page based on the full path
    const page = findPage(fullPath, ctx.pages, ctx.redirects)
--- a/lib/path-utils.js
+++ b/lib/path-utils.js
@ -22,7 +22,12 @@ function getPathWithoutLanguage (href) {

 // Remove the version segment from the path
 function getPathWithoutVersion (href) {
-  return href.replace(`/${getVersionStringFromPath(href)}`, '')
+  const versionFromPath = getVersionStringFromPath(href)
+
+  // If the derived version is not found in the list of all versions, just return the HREF
+  return allVersions[versionFromPath]
+    ? href.replace(`/${getVersionStringFromPath(href)}`, '')
+    : href
 }

 // Return the version segment in a path
--- a/lib/rest/static/decorated/api.github.com.json
+++ b/lib/rest/static/decorated/api.github.com.json
--- a/lib/rest/static/decorated/ghes-2.18.json
+++ b/lib/rest/static/decorated/ghes-2.18.json
--- a/lib/rest/static/decorated/ghes-2.19.json
+++ b/lib/rest/static/decorated/ghes-2.19.json
--- a/lib/rest/static/decorated/ghes-2.20.json
+++ b/lib/rest/static/decorated/ghes-2.20.json
--- a/lib/rest/static/decorated/ghes-2.21.json
+++ b/lib/rest/static/decorated/ghes-2.21.json
--- a/lib/rest/static/decorated/ghes-2.22.json
+++ b/lib/rest/static/decorated/ghes-2.22.json
--- a/lib/rest/static/decorated/ghes-3.0.json
+++ b/lib/rest/static/decorated/ghes-3.0.json
--- a/lib/rest/static/decorated/github.ae.json
+++ b/lib/rest/static/decorated/github.ae.json
--- a/lib/rest/static/dereferenced/api.github.com.deref.json
+++ b/lib/rest/static/dereferenced/api.github.com.deref.json
--- a/lib/rest/static/dereferenced/ghes-2.18.deref.json
+++ b/lib/rest/static/dereferenced/ghes-2.18.deref.json
--- a/lib/rest/static/dereferenced/ghes-2.19.deref.json
+++ b/lib/rest/static/dereferenced/ghes-2.19.deref.json
--- a/lib/rest/static/dereferenced/ghes-2.20.deref.json
+++ b/lib/rest/static/dereferenced/ghes-2.20.deref.json
--- a/lib/rest/static/dereferenced/ghes-2.21.deref.json
+++ b/lib/rest/static/dereferenced/ghes-2.21.deref.json
--- a/lib/rest/static/dereferenced/ghes-2.22.deref.json
+++ b/lib/rest/static/dereferenced/ghes-2.22.deref.json
--- a/lib/rest/static/dereferenced/ghes-3.0.deref.json
+++ b/lib/rest/static/dereferenced/ghes-3.0.deref.json
--- a/lib/rest/static/dereferenced/github.ae.deref.json
+++ b/lib/rest/static/dereferenced/github.ae.deref.json
--- a/lib/search/algolia-search.js
+++ b/lib/search/algolia-search.js
@ -0,0 +1,29 @@
+const algoliasearch = require('algoliasearch')
+const { get } = require('lodash')
+const { namePrefix } = require('./config')
+
+// https://www.algolia.com/apps/ZI5KPY1HBE/dashboard
+// This API key is public. There's also a private API key for writing to the Algolia API
+const searchClient = algoliasearch('ZI5KPY1HBE', '685df617246c3a10abba589b4599288f')
+
+module.exports = async function loadAlgoliaResults ({ version, language, query, limit }) {
+  const indexName = `${namePrefix}-${version}-${language}`
+  const index = searchClient.initIndex(indexName)
+
+  // allows "phrase queries" and "prohibit operator"
+  // https://www.algolia.com/doc/api-reference/api-parameters/advancedSyntax/
+  const { hits } = await index.search(query, {
+    hitsPerPage: limit,
+    advancedSyntax: true,
+    highlightPreTag: '<mark>',
+    highlightPostTag: '</mark>'
+  })
+
+  return hits.map(hit => ({
+    url: hit.objectID,
+    breadcrumbs: get(hit, '_highlightResult.breadcrumbs.value'),
+    heading: get(hit, '_highlightResult.heading.value'),
+    title: get(hit, '_highlightResult.title.value'),
+    content: get(hit, '_highlightResult.content.value')
+  }))
+}
--- a/middleware/csp.js
+++ b/middleware/csp.js
@ -25,7 +25,6 @@ module.exports = async (req, res, next) => {
        'data:',
        'github.githubassets.com',
        'github-images.s3.amazonaws.com',
-        'octodex.github.com',
        'placehold.it',
        '*.githubusercontent.com',
        'github.com'
--- a/middleware/search.js
+++ b/middleware/search.js
@ -1,36 +1,10 @@
 const express = require('express')
-const algoliasearch = require('algoliasearch')
-const { namePrefix } = require('../lib/search/config')
 const languages = new Set(Object.keys(require('../lib/languages')))
 const versions = require('../lib/search/versions')
-const { get } = require('lodash')
+const loadAlgoliaResults = require('../lib/search/algolia-search')

 const router = express.Router()

-// https://www.algolia.com/apps/ZI5KPY1HBE/dashboard
-// This API key is public. There's also a private API key for writing to the Algolia API
-const searchClient = algoliasearch('ZI5KPY1HBE', '685df617246c3a10abba589b4599288f')
-
-async function loadAlgoliaResults ({ version, language, query, limit }) {
-  const indexName = `${namePrefix}-${version}-${language}`
-  const index = searchClient.initIndex(indexName)
-
-  // allows "phrase queries" and "prohibit operator"
-  // https://www.algolia.com/doc/api-reference/api-parameters/advancedSyntax/
-  const { hits } = await index.search(query, {
-    hitsPerPage: limit,
-    advancedSyntax: true
-  })
-
-  return hits.map(hit => ({
-    url: hit.url,
-    breadcrumbs: get(hit, '_highlightResult.breadcrumbs.value'),
-    heading: get(hit, '_highlightResult.heading.value'),
-    title: get(hit, '_highlightResult.title.value'),
-    content: get(hit, '_highlightResult.content.value')
-  }))
-}
-
 router.get('/', async (req, res) => {
  res.set({
    'surrogate-control': 'private, no-store',
--- a/package-lock.json
+++ b/package-lock.json
@ -4818,11 +4818,6 @@
        "@types/node": "*"
      }
    },
-    "@types/googlemaps": {
-      "version": "3.39.13",
-      "resolved": "https://registry.npmjs.org/@types/googlemaps/-/googlemaps-3.39.13.tgz",
-      "integrity": "sha512-R/k5WKe8zQHo9oFRINuX/1haKYRkKEfItnBGrSjspbXXITakRdsj6daQIdL1+Pt84lnzduWurxNA5k0fgPMQUg=="
-    },
    "@types/graceful-fs": {
      "version": "4.1.3",
      "resolved": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.3.tgz",
@ -5149,7 +5144,8 @@
    "abbrev": {
      "version": "1.1.1",
      "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
-      "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q=="
+      "integrity": "sha1-+PLIh60Qv2f2NPAFtph/7TF5qsg=",
+      "dev": true
    },
    "abort-controller": {
      "version": "3.0.0",
@ -5271,7 +5267,7 @@
    },
    "agentkeepalive": {
      "version": "2.2.0",
-      "resolved": "http://registry.npmjs.org/agentkeepalive/-/agentkeepalive-2.2.0.tgz",
+      "resolved": "https://registry.npmjs.org/agentkeepalive/-/agentkeepalive-2.2.0.tgz",
      "integrity": "sha1-xdG9SxKQCPEWPyNvhuX66iAm4u8="
    },
    "aggregate-error": {
@ -5333,14 +5329,6 @@
        }
      }
    },
-    "algoliasearch-helper": {
-      "version": "3.2.2",
-      "resolved": "https://registry.npmjs.org/algoliasearch-helper/-/algoliasearch-helper-3.2.2.tgz",
-      "integrity": "sha512-/3XvE33R+gQKaiPdy3nmHYqhF8hqIu8xnlOicVxb1fD6uMFmxW8rGLzzrRfsPfxgAfm+c1NslLb3TzQVIB8aVA==",
-      "requires": {
-        "events": "^1.1.1"
-      }
-    },
    "ansi-align": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/ansi-align/-/ansi-align-3.0.0.tgz",
@ -5417,7 +5405,7 @@
    "argparse": {
      "version": "1.0.10",
      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
-      "integrity": "sha1-vNZ5HqWuCXJeF+WtmIE0zUCz2RE=",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
      "requires": {
        "sprintf-js": "~1.0.2"
      }
@ -5501,7 +5489,7 @@
    "asn1": {
      "version": "0.2.4",
      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz",
-      "integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==",
+      "integrity": "sha1-jSR136tVO7M+d7VOWeiAu4ziMTY=",
      "dev": true,
      "requires": {
        "safer-buffer": "~2.1.0"
@ -6765,7 +6753,7 @@
    "brace-expansion": {
      "version": "1.1.11",
      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "integrity": "sha1-PH/L9SnYcibz0vUrlm/1Jx60Qd0=",
      "requires": {
        "balanced-match": "^1.0.0",
        "concat-map": "0.0.1"
@ -6800,7 +6788,7 @@
    },
    "brfs": {
      "version": "1.6.1",
-      "resolved": "http://registry.npmjs.org/brfs/-/brfs-1.6.1.tgz",
+      "resolved": "https://registry.npmjs.org/brfs/-/brfs-1.6.1.tgz",
      "integrity": "sha512-OfZpABRQQf+Xsmju8XE9bDjs+uU4vLREGolP7bDgcpsI17QREyZ4Bl+2KLxxx1kCgA0fAIhKQBaBYh+PEcCqYQ==",
      "requires": {
        "quote-stream": "^1.0.1",
@ -7587,11 +7575,6 @@
        }
      }
    },
-    "classnames": {
-      "version": "2.2.6",
-      "resolved": "https://registry.npmjs.org/classnames/-/classnames-2.2.6.tgz",
-      "integrity": "sha512-JR/iSQOSt+LQIWwrwEzJ9uk0xfN3mTVYMwt1Ir5mUcSN6pU+V4zQFFaJsclJbPuAUQH+yfWef6tm7l1quW3C8Q=="
-    },
    "clean-stack": {
      "version": "2.2.0",
      "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz",
@ -7921,7 +7904,7 @@
    "content-type": {
      "version": "1.0.4",
      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
-      "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
+      "integrity": "sha1-4TjMdeBAxyexlm/l5fjJruJW/js="
    },
    "convert-source-map": {
      "version": "1.7.0",
@ -9509,7 +9492,7 @@
    "error-ex": {
      "version": "1.3.2",
      "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz",
-      "integrity": "sha1-tKxAZIEH/c3PriQvQovqihTU8b8=",
+      "integrity": "sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g==",
      "requires": {
        "is-arrayish": "^0.2.1"
      }
@ -10219,7 +10202,7 @@
    "esprima": {
      "version": "4.0.1",
      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
-      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A=="
+      "integrity": "sha1-E7BM2z5sXRnfkatph6hpVhmwqnE="
    },
    "esquery": {
      "version": "1.3.1",
@ -12711,30 +12694,6 @@
        "minimalistic-crypto-utils": "^1.0.1"
      }
    },
-    "hogan.js": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/hogan.js/-/hogan.js-3.0.2.tgz",
-      "integrity": "sha1-TNnhq9QpQUbnZ55B14mHMrAse/0=",
-      "requires": {
-        "mkdirp": "0.3.0",
-        "nopt": "1.0.10"
-      },
-      "dependencies": {
-        "mkdirp": {
-          "version": "0.3.0",
-          "resolved": "http://registry.npmjs.org/mkdirp/-/mkdirp-0.3.0.tgz",
-          "integrity": "sha1-G79asbqCevI1dRQ0kEJkVfSB/h4="
-        },
-        "nopt": {
-          "version": "1.0.10",
-          "resolved": "https://registry.npmjs.org/nopt/-/nopt-1.0.10.tgz",
-          "integrity": "sha1-bd0hvSoxQXuScn3Vhfim83YI6+4=",
-          "requires": {
-            "abbrev": "1"
-          }
-        }
-      }
-    },
    "homedir-polyfill": {
      "version": "1.0.3",
      "resolved": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz",
@ -13189,21 +13148,6 @@
      "resolved": "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.1.1.tgz",
      "integrity": "sha512-7NXolsK4CAS5+xvdj5OMMbI962hU/wvwoxk+LWR9Ek9bVtyuuYScDN6eS0rUm6TxApFpw7CX1o4uJzcd4AyD3Q=="
    },
-    "instantsearch.js": {
-      "version": "4.8.2",
-      "resolved": "https://registry.npmjs.org/instantsearch.js/-/instantsearch.js-4.8.2.tgz",
-      "integrity": "sha512-DG2IUMfiZeGfJjgZrwBY1KGWUllyHUpG2khvhuPdHx8wopDC/713n6JDZ02oBdceBQJ91cn6Ph14igXSAjWJJA==",
-      "requires": {
-        "@types/googlemaps": "^3.39.6",
-        "algoliasearch-helper": "^3.2.2",
-        "classnames": "^2.2.5",
-        "events": "^1.1.0",
-        "hogan.js": "^3.0.2",
-        "preact": "^10.0.0",
-        "prop-types": "^15.5.10",
-        "qs": "^6.5.1"
-      }
-    },
    "interpret": {
      "version": "1.4.0",
      "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.4.0.tgz",
@ -17980,7 +17924,7 @@
    },
    "magic-string": {
      "version": "0.22.5",
-      "resolved": "http://registry.npmjs.org/magic-string/-/magic-string-0.22.5.tgz",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.22.5.tgz",
      "integrity": "sha512-oreip9rJZkzvA8Qzk9HFs8fZGF/u7H/gtrE8EN6RjKJ9kh2HlC+yQ2QezifqTZfGyiuAV0dRv5a+y/8gBb1m9w==",
      "requires": {
        "vlq": "^0.2.2"
@ -19968,11 +19912,6 @@
      "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.1.0.tgz",
      "integrity": "sha512-97DXOFbQJhk71ne5/Mt6cOu6yxsSfM0QGQyl0L25Gca4yGWEGJaig7l7gbCX623VqTBNGLRLaVUCnNkcedlRSQ=="
    },
-    "preact": {
-      "version": "10.4.8",
-      "resolved": "https://registry.npmjs.org/preact/-/preact-10.4.8.tgz",
-      "integrity": "sha512-uVLeEAyRsCkUEFhVHlOu17OxcrwC7+hTGZ08kBoLBiGHiZooUZuibQnphgMKftw/rqYntNMyhVCPqQhcyAGHag=="
-    },
    "prelude-ls": {
      "version": "1.1.2",
      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz",
@ -20025,23 +19964,6 @@
        "sisteransi": "^1.0.3"
      }
    },
-    "prop-types": {
-      "version": "15.7.2",
-      "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz",
-      "integrity": "sha512-8QQikdH7//R2vurIJSutZ1smHYTcLpRWEOlHnzcWHmBYrOGUysKwSsrC89BCiFj3CbrfJ/nXFdJepOVrY1GCHQ==",
-      "requires": {
-        "loose-envify": "^1.4.0",
-        "object-assign": "^4.1.1",
-        "react-is": "^16.8.1"
-      },
-      "dependencies": {
-        "object-assign": {
-          "version": "4.1.1",
-          "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
-          "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM="
-        }
-      }
-    },
    "propagate": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz",
@ -20249,7 +20171,8 @@
    "qs": {
      "version": "6.6.0",
      "resolved": "https://registry.npmjs.org/qs/-/qs-6.6.0.tgz",
-      "integrity": "sha512-KIJqT9jQJDQx5h5uAVPimw6yVg2SekOKu959OCtktD3FjzbpvaPr8i4zzg07DOMz+igA4W/aNM7OV8H37pFYfA=="
+      "integrity": "sha512-KIJqT9jQJDQx5h5uAVPimw6yVg2SekOKu959OCtktD3FjzbpvaPr8i4zzg07DOMz+igA4W/aNM7OV8H37pFYfA==",
+      "dev": true
    },
    "query-string": {
      "version": "4.3.4",
@ -20369,11 +20292,6 @@
        "scheduler": "^0.20.1"
      }
    },
-    "react-is": {
-      "version": "16.8.2",
-      "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.8.2.tgz",
-      "integrity": "sha512-D+NxhSR2HUCjYky1q1DwpNUD44cDpUXzSmmFyC3ug1bClcU/iDNy0YNn1iwme28fn+NFhpA13IndOd42CrFb+Q=="
-    },
    "read-package-json": {
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/read-package-json/-/read-package-json-2.1.0.tgz",
@ -21152,7 +21070,7 @@
    "safer-buffer": {
      "version": "2.1.2",
      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
-      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
+      "integrity": "sha1-RPoWGwGHuVSd2Eu5GAL5vYOFzWo="
    },
    "sane": {
      "version": "4.1.0",
@ -24405,7 +24323,7 @@
    "which": {
      "version": "1.3.1",
      "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz",
-      "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==",
+      "integrity": "sha1-pFBD1U9YBTFtqNYvn1CRjT2nCwo=",
      "requires": {
        "isexe": "^2.0.0"
      }
--- a/package.json
+++ b/package.json
@ -171,6 +171,9 @@
    "prevent-pushes-to-main": "node script/prevent-pushes-to-main.js",
    "pa11y-ci": "pa11y-ci",
    "pa11y-test": "start-server-and-test browser-test-server 4001 pa11y-ci",
+    "link-check": "start-server-and-test link-check-server 4002 link-check-test",
+    "link-check-server": "cross-env NODE_ENV=development ENABLED_LANGUAGES='en' PORT=4002 node server.js",
+    "link-check-test": "cross-env node script/check-internal-links.js",
    "heroku-postbuild": "node script/early-access/clone-for-build.js && npm run build"
  },
  "engines": {
--- a/script/README.md
+++ b/script/README.md
@ -71,9 +71,16 @@ This script is run automatically when you run the server locally. It checks whet
 ---


+### [`check-internal-links.js`](check-internal-links.js)
+
+This script runs in CI via GitHub Action to check all *internal* links in English content, not including deprecated Enterprise Server content. This is different from script/check-english-links.js, which checks *all* links in the site, both internal and external, and is much slower.
+
+---
+
+
 ### [`check-s3-images.js`](check-s3-images.js)

-Run this script in your branch to check whether any images referenced in content are not in an expected S3 bucket. You will need to authenticate to S3 via `awssume` to use this script.
+Run this script in your branch to check whether any images referenced in content are not in an expected S3 bucket. You will need to authenticate to S3 via `awssume` to use this script. Instructions for the one-time setup are at docs-content/doc-team-workflows/workflow-information-for-all-writers/setting-up-awssume-and-s3cmd.md

 ---

@ -89,6 +96,13 @@ Run this script in your branch to check whether any images referenced in content



+---
+
+
+### [`content-migrations/remove-html-comments-from-index-files.js`](content-migrations/remove-html-comments-from-index-files.js)
+
+
+
 ---


@ -120,6 +134,41 @@ This script finds and lists all the Heroku staging apps and deletes any leftover
 ---


+### [`early-access/clone-for-build.js`](early-access/clone-for-build.js)
+
+This script is run as a postbuild script during staging and deployments on Heroku. It clones a branch in the early-access repo that matches the current branch in the docs repo; if one can't be found, it clones the `main` branch.
+
+---
+
+
+### [`early-access/clone-locally`](early-access/clone-locally)
+
+This script is run on a writer's machine to begin developing Early Access content locally.
+
+---
+
+
+### [`early-access/create-branch`](early-access/create-branch)
+
+This script is run on a writer's machine to create an Early Access branch that matches the current docs-internal branch.
+
+---
+
+
+### [`early-access/symlink-from-local-repo.js`](early-access/symlink-from-local-repo.js)
+
+This script is run on a writer's machine while developing Early Access content locally. You must pass the script the location of your local copy of the `github/docs-early-access` git repo as the first argument.
+
+---
+
+
+### [`early-access/update-data-and-image-paths.js`](early-access/update-data-and-image-paths.js)
+
+This script is run on a writer's machine while developing Early Access content locally. It updates the data and image paths to either include `early-access` or remove it.
+
+---
+
+
 ### [`enterprise-server-deprecations/archive-version.js`](enterprise-server-deprecations/archive-version.js)

 Run this script during the Enterprise deprecation process to download static copies of all pages for the oldest supported Enterprise version. See the Enterprise deprecation issue template for instructions.
@ -193,6 +242,12 @@ Given: /github/getting-started-with-github/using-github Returns: /free-pro-team@

 Given: /enterprise/admin/installation/upgrading-github-enterprise Returns: /enterprise-server@2.22/admin/installation/upgrading-github-enterprise

+---
+
+
+### [`graphql/build-changelog.js`](graphql/build-changelog.js)
+
+

 ---

@ -316,6 +371,13 @@ Run this script to manually purge the Fastly cache for all language variants of
 ---


+### [`purge-redis-pages.js`](purge-redis-pages.js)
+
+Run this script to manually purge the Redis rendered page cache. This will typically only be run by Heroku during the deployment process, as triggered via our Procfile's "release" phase configuration.
+
+---
+
+
 ### [`reconcile-category-dirs-with-ids.js`](reconcile-category-dirs-with-ids.js)

 An automated test checks for discrepancies between category directory names and slugified category titles as IDs.
@ -362,11 +424,11 @@ Examples:

 reset a single translated file using a relative path: $ script/reset-translated-file.js translations/es-XL/content/actions/index.md

-reset a single translated file using a full path: $ script/reset-translated-file.js /Users/z/git/github/docs/translations/es-XL/content/actions/index.md
+reset a single translated file using a full path: $ script/reset-translated-file.js /Users/z/git/github/docs-internal/translations/es-XL/content/actions/index.md

 reset all language variants of a single English file (using a relative path): $ script/reset-translated-file.js content/actions/index.md $ script/reset-translated-file.js data/ui.yml

-reset all language variants of a single English file (using a full path): $ script/reset-translated-file.js /Users/z/git/github/docs/content/desktop/index.md $ script/reset-translated-file.js /Users/z/git/github/docs/data/ui.yml
+reset all language variants of a single English file (using a full path): $ script/reset-translated-file.js /Users/z/git/github/docs-internal/content/desktop/index.md $ script/reset-translated-file.js /Users/z/git/github/docs-internal/data/ui.yml

 ---

@ -422,14 +484,14 @@ Starts the local development server with all of the available languages enabled.

 ### [`standardize-frontmatter-order.js`](standardize-frontmatter-order.js)

-Run this script to standardize frontmatter fields in all content files.
+Run this script to standardize frontmatter fields in all content files, per the order: - title - intro - product callout - productVersion - map topic status - hidden status - layout - redirect

 ---


-### [`sync-algolia-search-indices.js`](sync-algolia-search-indices.js)
+### [`sync-search-indices.js`](sync-search-indices.js)

-This script is run automatically via GitHub Actions on every push to `master` to generate searchable data and upload it to our Algolia account. It can also be run manually. For more info see [contributing/search.md](contributing/search.md)
+This script is run automatically via GitHub Actions on every push to `main` to generate searchable data. It can also be run manually. For more info see [contributing/search.md](contributing/search.md)

 ---

@ -443,15 +505,7 @@ List all the TODOs in our JavaScript files and stylesheets.

 ### [`update-enterprise-dates.js`](update-enterprise-dates.js)

-Run this script during Enterprise releases and deprecations. It uses the GitHub API to get dates from `enterprise-releases` and updates `lib/enterprise-dates.json`. The help site uses this JSON to display dates at the top of some Enterprise versions.
-
-This script requires that you have a GitHub Personal Access Token in a `.env` file. If you don't have a token, get one [here](https://github.com/settings/tokens/new?scopes=repo&description=docs-dev). If you don't have an `.env` file in your docs checkout, run this command in Terminal:
-
-`cp .env.example .env`
-
-Open the `.env` file in a text editor, and find the `GITHUB_TOKEN=` placeholder. Add your token after the equals sign.
-
-Do not commit the `.env` file; just leave it in your checkout.
+This script fetches data from https://github.com/github/enterprise-releases/blob/master/releases.json and updates `lib/enterprise-dates.json`, which the site uses for various functionality.

 ---

@ -482,3 +536,5 @@ This script is used by other scripts to update temporary AWS credentials and aut
 Use this script to upload individual or batched asset files to a versioned S3 bucket. Run `upload-images-to-s3.js --help` for usage details.

 ---
+
+
--- a/script/check-internal-links.js
+++ b/script/check-internal-links.js
@ -0,0 +1,52 @@
+#!/usr/bin/env node
+
+const linkinator = require('linkinator')
+const checker = new linkinator.LinkChecker()
+const { deprecated } = require('../lib/enterprise-server-releases')
+
+// [start-readme]
+//
+// This script runs in CI via GitHub Action to check all *internal* links in English content,
+// not including deprecated Enterprise Server content. This is different from script/check-english-links.js,
+// which checks *all* links in the site, both internal and external, and is much slower.
+//
+// [end-readme]
+
+const config = {
+  path: 'http://localhost:4002/en',
+  // Use concurrency = 10 to optimize for Actions
+  // See https://github.com/JustinBeckwith/linkinator/issues/135#issuecomment-623240879
+  concurrency: 10,
+  recurse: true,
+  linksToSkip: [
+    // Skip any link that is not an internal link
+    '^((?!http://localhost:4002/en).)*$',
+    // Skip dist files
+    '/dist/index.*',
+    // Skip deprecated Enterprise content
+    `enterprise(-server@|/)(${deprecated.join('|')})/?`
+  ]
+}
+
+main()
+
+async function main () {
+  const result = (await checker.check(config)).links
+
+  const brokenLinks = result
+    .filter(link => link.state === 'BROKEN')
+    .map(link => { delete link.failureDetails; return link })
+
+  // Exit successfully if no broken links!
+  if (!brokenLinks.length) {
+    console.log('All links are good!')
+    process.exit(0)
+  }
+
+  console.log('\n==============================')
+  console.log(`Found ${brokenLinks.length} total broken links: ${JSON.stringify([...brokenLinks], null, 2)}`)
+  console.log('==============================\n')
+
+  // Exit unsuccessfully if broken links are found.
+  process.exit(1)
+}
--- a/tests/browser/browser.js
+++ b/tests/browser/browser.js
@ -1,6 +1,7 @@
 /* global page, browser */
 const sleep = require('await-sleep')
 const querystring = require('querystring')
+const { latest } = require('../../lib/enterprise-server-releases')

 describe('homepage', () => {
  jest.setTimeout(60 * 1000)
@ -235,6 +236,17 @@ describe('card filters', () => {
    expect(shownCards.length).toBeGreaterThan(0)
  })

+  it('works with select input on an Enterprise version', async () => {
+    await page.goto(`http://localhost:4001/en/enterprise-server@${latest}/actions/guides`)
+    await page.select('.js-filter-card-filter-dropdown[name="type"]', 'overview')
+    const shownCards = await page.$$('.js-filter-card:not(.d-none)')
+    const shownCardsAttrib = await page.$$eval('.js-filter-card:not(.d-none)', cards =>
+      cards.map(card => card.dataset.type)
+    )
+    shownCardsAttrib.map(attrib => expect(attrib).toBe('overview'))
+    expect(shownCards.length).toBeGreaterThan(0)
+  })
+
  it('shows more cards', async () => {
    await page.goto('http://localhost:4001/en/actions')
    const maxCards = await page.$eval('.js-filter-card-show-more', btn => parseInt(btn.dataset.jsFilterCardMax))
--- a/tests/helpers/links-checker.js
+++ b/tests/helpers/links-checker.js
@ -1,269 +0,0 @@
-const cheerio = require('cheerio')
-const { union, uniq } = require('lodash')
-const fs = require('fs')
-const path = require('path')
-
-const { getProductStringFromPath } = require('../../lib/path-utils')
-const patterns = require('../../lib/patterns')
-const { deprecated } = require('../../lib/enterprise-server-releases')
-const rest = require('../../middleware/contextualizers/rest')
-const graphql = require('../../middleware/contextualizers/graphql')
-const contextualize = require('../../middleware/context')
-const releaseNotes = require('../../middleware/contextualizers/enterprise-release-notes')
-const versionSatisfiesRange = require('../../lib/version-satisfies-range')
-
-class LinksChecker {
-  constructor (opts = { languageCode: 'en', internalHrefPrefixes: ['/', '#'] }) {
-    Object.assign(this, { ...opts })
-
-    // Some caching mechanism so we do not load pages unnecessarily,
-    // nor check links that have been checked
-    this.pageCache = new Map()
-    this.checkedLinksCache = new Set()
-
-    // stores images to check all at once in a Map:
-    // imageSrc => {
-    //   "usedBy": [version:path, ...]
-    // }
-    this.imagesToCheck = new Map()
-
-    // Stores broken images in a Map, formatted the same way as imagesToCheck
-    this.brokenImages = new Map()
-
-    // Stores broken links in a Map in the format of:
-    //     link => {
-    //       linkedFrom: [ version:filePath, ... ]
-    //     }, ...
-    this.brokenLinks = new Map()
-
-    // stores anchor links to check all at once in a Map:
-    // version:filePath => {
-    //   '#anchor-link' : {
-    //     linkedFrom: ['url1', 'url2']
-    //   },
-    //   '#anchor-link2': {...}
-    // }
-    this.anchorLinksToCheck = new Map()
-
-    // Stores broken anchors in a Map, formatted the same way as anchorLinksToCheck
-    this.brokenAnchors = new Map()
-  }
-
-  async setRenderedPageObj (pathCacheKey, context, reRender = false) {
-    if (this.pageCache.has(pathCacheKey) && !reRender) return
-    let pageHTML = await context.page.render(context)
-
-    // handle special pre-rendered snowflake
-    if (context.page.relativePath.endsWith('graphql/reference/objects.md')) {
-      pageHTML += context.graphql.prerenderedObjectsForCurrentVersion.html
-    }
-
-    const pageObj = cheerio.load(pageHTML, { xmlMode: true })
-    this.pageCache.set(pathCacheKey, pageObj)
-  }
-
-  async getRenderedPageObj (pathCacheKey, context) {
-    if (!this.pageCache.has(pathCacheKey)) {
-      if (context) {
-        await this.setRenderedPageObj(pathCacheKey, context)
-      } else {
-        console.error('cannot find pre-rendered page, and does not have enough context to render one.')
-      }
-    }
-    return this.pageCache.get(pathCacheKey)
-  }
-
-  addAnchorForLater (pagePath, anchor, linkedFrom) {
-    const anchorsInPath = this.anchorLinksToCheck.get(pagePath) || {}
-    const anchorLink = anchorsInPath[anchor] || { linkedFrom: [] }
-    anchorLink.linkedFrom = union(anchorLink.linkedFrom, [linkedFrom])
-    anchorsInPath[anchor] = anchorLink
-    this.anchorLinksToCheck.set(pagePath, anchorsInPath)
-  }
-
-  addImagesForLater (images, pagePath) {
-    uniq(images).forEach(imageSrc => {
-      const imageUsage = this.imagesToCheck.get(imageSrc) || { usedBy: [] }
-      imageUsage.usedBy = union(imageUsage.usedBy, [pagePath])
-      this.imagesToCheck.set(imageSrc, imageUsage)
-    })
-  }
-
-  async checkPage (context, checkExternalAnchors) {
-    const path = context.relativePath
-    const version = context.currentVersion
-
-    const pathCacheKey = `${version}:${path}`
-    const $ = await this.getRenderedPageObj(pathCacheKey, context)
-
-    const imageSrcs = $('img[src^="/assets"]').map((i, el) => $(el).attr('src')).toArray()
-
-    this.addImagesForLater(imageSrcs, pathCacheKey)
-
-    for (const href of this.internalHrefPrefixes) {
-      const internalLinks = $(`a[href^="${href}"]`).get()
-
-      for (const internalLink of internalLinks) {
-        const href = $(internalLink).attr('href')
-
-        let [link, anchor] = href.split('#')
-        // remove trailing slash
-        link = link.replace(patterns.trailingSlash, '$1')
-
-        // if it's an external link and has been checked before, skip
-        if (link && this.checkedLinksCache.has(link)) {
-          // if it's been determined this link is broken, add to the linkedFrom field
-          if (this.brokenLinks.has(link)) {
-            const brokenLink = this.brokenLinks.get(link)
-            brokenLink.linkedFrom = union(brokenLink.linkedFrom, [pathCacheKey])
-            this.brokenLinks.set(link, brokenLink)
-          }
-          if (!anchor) continue
-        }
-
-        // if it's an internal anchor (e.g., #foo), save for later
-        if (anchor && !link) {
-          // ignore anchors that are autogenerated from headings
-          if (anchor === $(internalLink).parent().attr('id')) continue
-          this.addAnchorForLater(pathCacheKey, anchor, 'same page')
-          continue
-        }
-
-        // ------ BEGIN ONEOFF EXCLUSIONS -------///
-        // skip GraphQL public schema paths (these are checked by separate tests)
-        if (link.startsWith('/public/') && link.endsWith('.graphql')) continue
-
-        // skip links that start with /assets/images, as these are not in the pages collection
-        // and /assets/images paths should be checked during the image check
-        if (link.startsWith('/assets/images')) continue
-
-        // skip rare hardcoded links to old GHE versions
-        // these paths will always be in the old versioned format
-        // example: /enterprise/11.10.340/admin/articles/upgrading-to-the-latest-release
-        const gheVersionInLink = link.match(patterns.getEnterpriseVersionNumber)
-        if (gheVersionInLink && deprecated.includes(gheVersionInLink[1])) continue
-        // ------ END ONEOFF EXCLUSIONS -------///
-
-        // look for linked page
-        const linkedPage = context.pages[link] || context.pages[context.redirects[link]]
-        this.checkedLinksCache.add(link)
-
-        if (!linkedPage) {
-          this.brokenLinks.set(link, { linkedFrom: [pathCacheKey] })
-          continue
-        }
-
-        // if we're not checking external anchors, we're done
-        if (!checkExternalAnchors) {
-          continue
-        }
-
-        // find the permalink for the current version
-        const linkedPagePermalink = linkedPage.permalinks.find(permalink => permalink.pageVersion === version)
-
-        if (linkedPagePermalink) {
-          const linkedPageContext = await buildPathContext(context, linkedPage, linkedPagePermalink)
-
-          if (anchor) {
-            await this.setRenderedPageObj(`${version}:${linkedPage.relativePath}`, linkedPageContext)
-            this.addAnchorForLater(`${version}:${linkedPage.relativePath}`, anchor, pathCacheKey)
-          }
-        }
-      }
-    }
-  }
-
-  async checkAnchors () {
-    for await (const [pathCacheKey, anchors] of this.anchorLinksToCheck) {
-      const $ = await this.getRenderedPageObj(pathCacheKey)
-      for (const anchorText in anchors) {
-        const matchingHeadings = $(`[id="${anchorText}"], [name="${anchorText}"]`)
-        if (matchingHeadings.length === 0) {
-          const brokenAnchorPath = this.brokenAnchors.get(pathCacheKey) || {}
-          brokenAnchorPath[anchorText] = anchors[anchorText]
-          this.brokenAnchors.set(pathCacheKey, brokenAnchorPath)
-        }
-      }
-    }
-  }
-
-  getBrokenLinks () {
-    return this.brokenLinks
-  }
-
-  async getBrokenAnchors () {
-    await this.checkAnchors()
-    return this.brokenAnchors
-  }
-
-  async getBrokenImages () {
-    for await (const [imageSrc, imageUsage] of this.imagesToCheck) {
-      try {
-        await fs.promises.access(path.join(process.cwd(), imageSrc))
-      } catch (e) {
-        this.brokenImages.set(imageSrc, imageUsage)
-      }
-    }
-    return this.brokenImages
-  }
-}
-
-// this function is async because the middleware functions are likely async
-async function applyMiddleware (middleware, req) {
-  return middleware(req, null, () => {})
-}
-
-async function buildInitialContext () {
-  const req = {
-    path: '/en',
-    language: 'en',
-    query: {}
-  }
-  await applyMiddleware(contextualize, req)
-  return req.context
-}
-
-async function buildPathContext (initialContext, page, permalink) {
-  // Create a new object with path-specific properties.
-  // Note this is cherry-picking properties currently only needed by the middleware below;
-  // See middleware/context.js for the rest of the properties we are NOT refreshing per page.
-  // If we find this causes problems for link checking, we can call `contextualize` on
-  // every page. For now, this cherry-picking approach is intended to improve performance so
-  // we don't have to build the expensive `pages`, `redirects`, etc. data on every page we check.
-  const path = permalink.href
-  const pathContext = {
-    page,
-    currentVersion: permalink.pageVersion,
-    currentProduct: getProductStringFromPath(path),
-    relativePath: permalink.relativePath,
-    currentPath: permalink.href
-  }
-
-  // Combine it with the initial context object that has pages, redirects, etc.
-  const combinedContext = Object.assign({}, initialContext, pathContext)
-
-  // Create a new req object using the combined context
-  const req = {
-    path,
-    context: combinedContext,
-    language: 'en',
-    query: {}
-  }
-
-  // Pass the req to the contextualizing middlewares
-  await applyMiddleware(rest, req)
-  await applyMiddleware(graphql, req)
-  // Release notes are available on docs site starting with GHES 3.0
-  if (versionSatisfiesRange(permalink.pageVersion, '>=3.0')) {
-    await applyMiddleware(releaseNotes, req)
-  }
-
-  // Return the resulting context object with REST, GraphQL, and release notes data now attached
-  return req.context
-}
-
-module.exports = {
-  LinksChecker,
-  buildPathContext,
-  buildInitialContext
-}
--- a/tests/links-and-images/links-and-images.js
+++ b/tests/links-and-images/links-and-images.js
@ -1,47 +0,0 @@
-const { LinksChecker, buildInitialContext, buildPathContext } = require('../helpers/links-checker')
-const { uniq } = require('lodash')
-const languageCode = 'en'
-
-// TODO set to true when we're ready to report and fix broken anchors
-const checkExternalAnchors = false
-
-describe('page rendering', () => {
-  jest.setTimeout(1000 * 1000)
-
-  const linksChecker = new LinksChecker()
-
-  beforeAll(async (done) => {
-    // fetch context.pages, context.redirects, etc.
-    // we only want to build these one time
-    const context = await buildInitialContext()
-
-    const englishPages = uniq(Object.values(context.pages))
-      .filter(page => page.languageCode === languageCode)
-
-    for (const page of englishPages) {
-      for (const permalink of page.permalinks) {
-        const pathContext = await buildPathContext(context, page, permalink)
-        await linksChecker.checkPage(pathContext, checkExternalAnchors)
-      }
-    }
-
-    done()
-  })
-
-  test('every page has image references that can be resolved', async () => {
-    const result = await linksChecker.getBrokenImages()
-    expect(result.size, `Found ${result.size} total broken images: ${JSON.stringify([...result], null, 2)}`).toBe(0)
-  })
-
-  // When ready to unskip this,
-  test.skip('every page has links with anchors that can be resolved', async () => {
-    const result = await linksChecker.getBrokenAnchors()
-    const numBrokenAnchors = [...result].reduce((accumulator, [path, anchors]) => accumulator + Object.keys(anchors).length, 0)
-    expect(numBrokenAnchors, `Found ${numBrokenAnchors} total broken anchors in ${result.size} pages: ${JSON.stringify([...result], null, 2)}`).toBe(0)
-  })
-
-  test('every page has links that can be resolved', () => {
-    const result = linksChecker.getBrokenLinks()
-    expect(result.size, `Found ${result.size} total broken links: ${JSON.stringify([...result], null, 2)}`).toBe(0)
-  })
-})
--- a/tests/rendering/server.js
+++ b/tests/rendering/server.js
@ -52,8 +52,7 @@ describe('server', () => {

    expect(csp.get('img-src').includes("'self'")).toBe(true)
    expect(csp.get('img-src').includes('github-images.s3.amazonaws.com')).toBe(true)
-    expect(csp.get('img-src').includes('octodex.github.com')).toBe(true)
-    
+
    expect(csp.get('script-src').includes("'self'")).toBe(true)

    expect(csp.get('style-src').includes("'self'")).toBe(true)
				`@ -0,0 +1 @@`
				`Access control for {% data variables.product.prodname_pages %} sites is available in private repositories with {% data variables.product.prodname_ghe_cloud %}.`
				`@ -0,0 +1 @@`
				`If your project site is published from a private or internal repository owned by an organization using {% data variables.product.prodname_ghe_cloud %}, you can manage access control for the site.`
				`@ -0,0 +1 @@`
				`Note: It can take up to 20 minutes for changes to your site to publish after you push the changes to {% data variables.product.product_name %}. If your don't see your changes reflected in your browser after an hour, see "[About Jekyll build errors for {% data variables.product.prodname_pages %} sites](/articles/about-jekyll-build-errors-for-github-pages-sites)."`