Merge branch 'main' into patch-2

Author: Sharra-writes

.github/workflows/site-policy-reminder.yml

@@ -20,9 +20,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9
-        env:
-          GITHUB_TOKEN: ${{ secrets.API_TOKEN_SITEPOLICY }}
         with:
+          token: ${{ secrets.DOCS_BOT_PAT_BASE }}
           issue-number: ${{ github.event.pull_request.number }}
           body: |
             Before merging, please remember to change the title of this PR to a description of its changes that is suitable for public viewing on github/site-policy.

.github/workflows/site-policy-sync.yml

@@ -33,7 +33,7 @@ jobs:
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           repository: github/site-policy
-          token: ${{ secrets.API_TOKEN_SITEPOLICY }}
+          token: ${{ secrets.DOCS_BOT_PAT_BASE }}
           fetch-depth: ''
           path: public-repo
 

.github/workflows/sync-secret-scanning.yml

@@ -72,13 +72,27 @@ jobs:
             --title "Sync secret scanning data" \
             --body '👋 humans. This PR updates the secret scanning data with the latest changes from github/token-scanning-service.
 
-            /cc @github/docs-content-security-products
+            If CI passes, this PR will be auto-merged. :green_heart:
 
             If CI does not pass or other problems arise, contact #docs-engineering on Slack.' \
             --repo github/docs-internal \
-            --label secret-scanning-pipeline,'skip FR board',ready-for-doc-review,workflow-generated \
+            --label secret-scanning-pipeline,'skip FR board',workflow-generated \
             --head=$branchname
 
+          # can't approve your own PR, approve with Actions
+          echo "Approving pull request..."
+          unset GITHUB_TOKEN
+          gh auth login --with-token <<< "${{ secrets.GITHUB_TOKEN }}"
+          gh pr review --approve
+          echo "Approved pull request"
+
+          # Actions can't merge the PR so back to docs-bot to merge
+          echo "Setting pull request to auto merge..."
+          unset GITHUB_TOKEN
+          gh auth login --with-token <<< "${{ secrets.DOCS_BOT_PAT_BASE }}"
+          gh pr merge --auto --merge
+          echo "Set pull request to auto merge"
+
       - uses: ./.github/actions/slack-alert
         if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
         with:

CHANGELOG.md

@@ -1,5 +1,29 @@
 # Docs changelog
 
+**19 May 2026**
+
+We published the first iteration of a [journey landing page](https://docs.github.com/en/enterprise-cloud@latest/copilot/get-started/enterprise-ai-governance) for enterprises adopting and governing GitHub Copilot. The journey covers sign-off and adoption, governance of core features, and agent adoption. It includes six newly published guides alongside some refreshed existing content.
+
+<hr>
+
+**16 May 2026**
+
+To help admins understand security configuration statuses, we documented the relationship between organization and enterprise configurations and repositories, including how and why that relationship changes.
+
+- [Security configuration statuses](https://docs.github.com/en/code-security/reference/security-at-scale/security-configuration-statuses) covers all 8 statuses a security configuration can have, with descriptions, causes, and recommended actions
+- [Diagnosing security configuration issues](https://docs.github.com/en/code-security/reference/security-at-scale/troubleshoot-security-configurations/diagnosing-security-configuration-issues) now covers `removed` and `removed_by_enterprise` statuses in addition to `failed`
+- [About enabling security features at scale](https://docs.github.com/en/code-security/concepts/security-at-scale/about-enabling-security-features-at-scale) explains how configurations relate to repositories over time
+
+<hr>
+
+**15 May 2026**
+
+We've published a new [GitHub Secret Protection adoption journey landing page](https://docs.github.com/en/code-security/tutorials/secret-protection-adoption-path) for AppSec administrators. Our content audit found that while individual GHSP articles existed, there was no clear end-to-end path from evaluation to organization-wide rollout. 
+
+The new page organizes existing content into a 5-phase adoption journey: assess secret risk, evaluate fit and cost, pilot with selected repositories, monitor metrics, and scale protection across your organization 🎉 
+
+<hr>
+
 **12 May 2026**
 
 We have now published the GitHub Enterprise Server (GHES) 3.21 release candidate notes. You can read the full notes here:

assets/images/help/repository/multiple-paths-available.png

@@ -28,5 +28,9 @@ If you want your new organization to use your current personal account username,
 
 ## Further reading
 
+{% ifversion fpt or ghec %}
 - [AUTOTITLE](/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)
+{% else %}
+- [AUTOTITLE](/organizations/managing-membership-in-your-organization/adding-people-to-your-organization)
+{% endif %}
 - [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization)

content/account-and-profile/how-tos/account-management/moving-your-work-to-an-organization.md

@@ -142,6 +142,14 @@ If you use self-hosted runners, you can view their activity and diagnose common
 
 For more information, see [AUTOTITLE](/actions/how-tos/manage-runners/self-hosted-runners/monitor-and-troubleshoot).
 
+{% ifversion fpt or ghec %}
+
+### Runner IP addresses flagged by security scanners
+
+{% data reusables.actions.runner-ip-reputation %}
+
+{% endif %}
+
 ## Networking troubleshooting suggestions
 
 Our support is limited for network issues that involve:

content/actions/how-tos/troubleshoot-workflows.md

@@ -88,7 +88,7 @@ Autoscaling allows you to dynamically adjust the number of self-hosted runners b
 
 For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller) and [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-support-for-actions-runner-controller).
 
-### {% data variables.product.prodname_actions %} Runner Scale Set Client 
+### {% data variables.product.prodname_actions %} Runner Scale Set Client
 
 The {% data variables.product.prodname_actions %} Runner Scale Set Client is a standalone Go-based module that empowers platform teams, integrators, and infrastructure providers to build custom autoscaling solutions for {% data variables.product.prodname_actions %} runners across VMs, containers, on-premise infrastructure, and cloud services, with support for Windows, Linux, and macOS platforms.
 

content/actions/reference/runners/self-hosted-runners.md

@@ -36,6 +36,8 @@ To change the lifetime policy property, you will need the object ID associated w
 
 Support for OIDC is available for customers using Entra ID.
 
+{% data reusables.enterprise-accounts.gov-cloud-idp-not-supported %}
+
 Each Entra ID tenant can support only one OIDC integration with {% data variables.product.prodname_emus %}. If you want to connect Entra ID to more than one enterprise on {% data variables.product.prodname_dotcom %}, use SAML instead. See [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users).
 
 OIDC does not support IdP-initiated authentication.

content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md

@@ -27,6 +27,8 @@ With {% data variables.product.prodname_emus %}, access to your enterprise's res
 
 After you configure SAML SSO, we recommend storing your recovery codes so you can recover access to your enterprise in the event that your IdP is unavailable.
 
+{% data reusables.enterprise-accounts.gov-cloud-idp-not-supported %}
+
 {% data reusables.enterprise_user_management.SAML-to-OIDC-migration-for-EMU %}
 
 ## Prerequisites