Merge branch 'main' into fix/copilot-chat-variable

Author: brambhattabhishek

.github/actions/install-cocofix/action.yml

@@ -18,4 +18,4 @@ runs:
         npm install --no-save \
           '--@github:registry=https://npm.pkg.github.com' \
           '--//npm.pkg.github.com/:_authToken=${TOKEN}' \
-          @github/cocofix
+          @github/cocofix codeql-ts

.github/workflows/generate-code-scanning-query-lists.yml

@@ -87,7 +87,7 @@ jobs:
 
       - name: Build code scanning query list
         run: |
-          for lang in "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "swift"; do
+          for lang in "actions" "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "swift"; do
             echo "Generating code scanning query list for $lang"
             npm run generate-code-scanning-query-list -- \
               --verbose \

assets/images/help/2fa/ghes-filter-org-members-by-2fa.png

@@ -23,10 +23,10 @@ spec:
           image: docs-internal
           resources:
             requests:
-              cpu: 2000m
-              memory: 6Gi
-            limits:
               cpu: 8000m
+              memory: 10Gi
+            limits:
+              cpu: 16000m
               memory: 16Gi
           ports:
             - name: http

assets/images/help/billing/ghas-billing-table-repository-csv.png

@@ -4,6 +4,6 @@ data:
   NODE_OPTIONS: '--max-old-space-size=4096'
   PORT: '4000'
   ENABLED_LANGUAGES: 'en,es,ja,pt,zh,ru,fr,ko,de'
-  RATE_LIMIT_MAX: '150'
+  RATE_LIMIT_MAX: '21'
   # Moda uses a non-default port for sending datadog metrics
   DD_DOGSTATSD_PORT: '28125'

assets/images/help/enterprises/ghas-add-licenses.png

@@ -1033,6 +1033,7 @@ jobs:
 > * Scheduled workflows will only run on the default branch.
 > * In a public repository, scheduled workflows are automatically disabled when no repository activity has occurred in 60 days. For information on re-enabling a disabled workflow, see [AUTOTITLE](/[email protected]/actions/using-workflows/disabling-and-enabling-a-workflow#enabling-a-workflow).
 > * For an enterprise with {% data variables.product.prodname_emus %}, scheduled workflows will not run if the last `actor` associated with the scheduled workflow has been deprovisioned (and therefore become suspended) by the {% data variables.product.prodname_emu %} identity provider (IdP). However, if the last `actor` {% data variables.product.prodname_emu %} has not been deprovisioned by the IdP, and has only been removed as a member from a given organization in the enterprise, scheduled workflows will still run with that user set as the `actor`. Similarly, for an enterprise without {% data variables.product.prodname_emus %}, removing a user from an organization will not prevent scheduled workflows which had that user as their `actor` from running. Essentially, triggering a scheduled workflow requires that the status of the `actor` user account associated with the workflow is currently active (i.e. not suspended or deleted). Thus, the _user account's_ status, in both {% data variables.product.prodname_emu %} and non-{% data variables.product.prodname_emu %} scenarios, is what's important, _not_ the user's _membership status_ in the organization where the scheduled workflow is located.
+> * Certain repository events change the `actor` associated with the workflow. For example, a user who changes the default branch of the repository, which changes the branch on which scheduled workflows run, becomes `actor` for those scheduled workflows.
 > * For a deactivated scheduled workflow, if a user with `write` permissions to the repository makes a commit that changes the `cron` schedule on the workflow, the workflow will be reactivated, and that user will become the `actor` associated with any workflow runs. Note that, in this situation, the workflow is not reactivated by any change to the workflow file; you must alter the `cron` value in the workflow and commit this change.
 >
 >   **Example:**

assets/images/help/enterprises/ghas-download-report.png

@@ -47,7 +47,7 @@ To pay for user licenses and services, you can:
 
 You will be on our latest billing platform, which allows you to estimate spending, create cost centers to manage expenses, and pay flexibly for the services you use.
 
-You can also sign up for usage-based billing for {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_GHAS %}{% ifversion ghas-products-cloud %} products{% endif %}, meaning you won't need to purchase a pre-defined number of licenses in advance.
+You can also sign up for usage-based billing for {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_GHAS %} products, meaning you won't need to purchase a pre-defined number of licenses in advance.
 
 ## Developer experience
 

assets/images/help/enterprises/ghas-licenses-dropdown.png

@@ -161,7 +161,11 @@ If a policy is enabled for an enterprise, the policy can be selectively disabled
 
 In the "Workflow permissions" section, you can set the **default** permissions granted to the `GITHUB_TOKEN`.
 
-* **Read and write permissions:** By default, `GITHUB_TOKEN` has read and write access for all scopes.
+* **Read and write permissions:** The default permissions for the `GITHUB_TOKEN` depend on when the enterprise or organization was created:
+
+  * **Created on or after February 2, 2023** – Defaults to **read-only** access for all scopes.
+  * **Created before February 2, 2023** – Defaults to **read and write** access for all scopes.
+
 * **Read repository contents and packages permissions:** By default, `GITHUB_TOKEN` has only read access for the `contents` and `packages` scopes. The more permissive setting cannot be chosen as the default for individual organizations or repositories.
 
 Anyone with write access to a repository can still modify the permissions granted to the `GITHUB_TOKEN` for a specific workflow, by editing the `permissions` key in the workflow file.

assets/images/help/repository/ghas-enterprise-policy-block-ghas.png

@@ -41,8 +41,8 @@ Before you require use of two-factor authentication, we recommend notifying orga
 {% data reusables.two_fa.ghes_ntp %}
 
 > [!WARNING]
-> * When you require two-factor authentication for your enterprise, outside collaborators (including bot accounts) in all organizations owned by your enterprise who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable 2FA for their account within three months of their removal from your organization. For more information, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
-> * Any outside collaborator in any of the organizations owned by your enterprise who disables 2FA for their account after you've enabled required two-factor authentication will automatically be removed from the organization. Members and billing managers who disable 2FA will not be able to access organization resources until they re-enable it.
+> * When you require two-factor authentication for your enterprise, {% ifversion ghes < 3.17 %}members and {% endif %}outside collaborators (including bot accounts) in all organizations owned by your enterprise who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable 2FA for their account within three months of their removal from your organization. For more information, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
+> * Any {% ifversion ghes < 3.17 %}member or {% endif %}outside collaborator in any of the organizations owned by your enterprise who disables 2FA for their account after you've enabled required two-factor authentication will automatically be removed from the organization. Members {% ifversion fpt or ghes %}and billing managers{% endif %} who disable 2FA will not be able to access organization resources until they re-enable it.
 > * If you're the sole owner of an enterprise that requires two-factor authentication, you won't be able to disable 2FA for your user account without disabling required 2FA for the enterprise.
 
 {% ifversion mandatory-2fa-dotcom-contributors %}
@@ -58,7 +58,7 @@ Before you require use of two-factor authentication, we recommend notifying orga
 1. Under "Two-factor authentication", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
 1. Under "Two-factor authentication", select **Require two-factor authentication for the enterprise and all of its organizations**, then click **Save**.
 1. If prompted, read the information about how user access to organization resources will be affected by a 2FA requirement. To confirm the change, click **Confirm**.
-1. Optionally, if any outside collaborators are removed from the organizations owned by your enterprise, we recommend sending them an invitation to reinstate their former privileges and access to your organization. Each person must enable 2FA before they can accept your invitation.
+1. Optionally, if any {% ifversion ghes < 3.17 %}members or {% endif %}outside collaborators are removed from the organizations owned by your enterprise, we recommend sending them an invitation to reinstate their former privileges and access to your organization. Each person must enable 2FA before they can accept your invitation.
 
 {% ifversion fpt or ghec %}
 

assets/images/help/repository/ghas-enterprise-policy-block.png

@@ -22,8 +22,8 @@ shortTitle: Install on VMware
 ## Prerequisites
 
 * {% data reusables.enterprise_installation.software-license %}
-* You must have a VMware vSphere ESXi Hypervisor, applied to a bare metal machine that will run {% data variables.location.product_location %}s. We support versions 5.5 to 7.0. The ESXi Hypervisor is free and does not include the (optional) vCenter Server. For more information, see [the VMware ESXi documentation](https://www.vmware.com/products/esxi-and-esx.html).
-* You will need access to a vSphere Client. If you have vCenter Server you can use the vSphere Web Client. For more information, see the VMware guide [Log in to vCenter Server by Using the vSphere Web Client](https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.install.doc/GUID-CE128B59-E236-45FF-9976-D134DADC8178.html).
+* You must have a VMware vSphere ESXi Hypervisor, applied to a bare metal machine that will run {% data variables.location.product_location %}s. We support versions 5.5 to 8.0. The ESXi Hypervisor is free and does not include the (optional) vCenter Server. For more information, see [the VMware ESXi documentation](https://www.vmware.com/products/esxi-and-esx.html).
+* You will need access to a vSphere Client. If you have vCenter Server you can use the vSphere Web Client. For more information, see the VMware guide [Log in to vCenter Server by Using the vSphere Web Client](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/vcenter-server-installation-and-setup-8-0.html).
 
 ## Hardware considerations
 

assets/images/help/repository/secret-scanning-create-custom-pattern-ghas.png

@@ -24,16 +24,24 @@ For more information, see [AUTOTITLE](/authentication/securing-your-account-with
 
 ## Requirements for enforcing two-factor authentication
 
-Before you can require organization members and outside collaborators to use 2FA, you must [enable two-factor authentication](/authentication/securing-your-account-with-two-factor-authentication-2fa) for your own personal account.
+Before you can require organization members and outside collaborators to use two-factor authentication, you must [enable 2FA](/authentication/securing-your-account-with-two-factor-authentication-2fa) for your own personal account.
 
-Before you require use of two-factor authentication, we recommend notifying organization members and outside collaborators and asking them to set up 2FA for their accounts. You can [see if members and outside collaborators already use 2FA](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled) on an organization's People tab.
+Before you require use of 2FA, we recommend notifying organization members and outside collaborators and asking them to set up 2FA for their accounts. You can [see if members and outside collaborators already use 2FA](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled) on an organization's People tab.
 
 {% data reusables.two_fa.ghes_ntp %}
 
+{% ifversion ghes < 3.17 %}
 > [!WARNING]
-> * When you require two-factor authentication, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can reinstate their access privileges and settings, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
+> * When you require 2FA, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can reinstate their access privileges and settings, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
 > * When 2FA is required, organization members or outside collaborators who disable 2FA will automatically be removed from the organization.
-> * If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.
+> * If you're the sole owner of an organization that requires 2FA, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.
+{% else %}
+> [!WARNING]
+> * When you require 2FA, members who do not use 2FA will not be able to access your enterprise resources until they enable 2FA on their account. They will retain membership even without 2FA, including occupying seats in your enterprise and organizations.
+> * When your require 2FA, outside collaborators (including bot accounts) who do not use 2FA will be removed from the enterprise and its organization and lose access to repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can [reinstate their access privileges and settings](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
+> * When 2FA is required, outside collaborators who disable 2FA will automatically be removed from the enterprise and its organizations. Members who disable 2FA will not be able to access your enterprise and organization resources until they re-enable it.
+> * If you're the sole owner of an organization that requires 2FA, you won't be able to disable 2FA for your personal account without disabling required 2FA for the organization.
+{% endif %}
 
 ## Requiring two-factor authentication for an organization