Merge branch 'main' into jm/mix_dep_sub

Author: Sharra-writes

assets/images/help/copilot/chat-share-button.png

@@ -151,7 +151,6 @@ With this approach, the value of the {% raw %}`${{ github.event.pull_request.tit
 
 ### Using workflow templates for {% data variables.product.prodname_code_scanning %}
 
-{% data reusables.advanced-security.starter-workflows-beta %}
 {% data variables.product.prodname_code_scanning_caps %} allows you to find security vulnerabilities before they reach production. {% data variables.product.github %} provides workflow templates for {% data variables.product.prodname_code_scanning %}. You can use these suggested workflows to construct your {% data variables.product.prodname_code_scanning %} workflows, instead of starting from scratch. {% data variables.product.company_short %}'s workflow, the {% data variables.code-scanning.codeql_workflow %}, is powered by {% data variables.product.prodname_codeql %}. There are also third-party workflow templates available.
 
 For more information, see [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning) and [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-code-scanning-using-third-party-actions).
@@ -228,8 +227,6 @@ For more information on how to configure this setting, see {% ifversion ghes or
 
 ## Using {% data variables.product.prodname_code_scanning %} to secure workflows
 
-{% data reusables.code-scanning.beta-actions-analysis %}
-
 {% data variables.product.prodname_code_scanning_caps %} can automatically detect and suggest improvements for common vulnerable patterns used in {% data variables.product.prodname_actions %} workflows.
 For more information on how to enable {% data variables.product.prodname_code_scanning %}, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
 
@@ -347,6 +344,7 @@ For third-party images, such as the images for ARM-powered runners, you can find
 When a self-hosted runner is defined at the organization or enterprise level, {% data variables.product.github %} can schedule workflows from multiple repositories onto the same runner. Consequently, a security compromise of these environments can result in a wide impact. To help reduce the scope of a compromise, you can create boundaries by organizing your self-hosted runners into separate groups. You can restrict what {% ifversion ghec or ghes %}workflows, {% endif %}organizations and repositories can access runner groups. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups).
 
 You should also consider the environment of the self-hosted runner machines:
+
 * What sensitive information resides on the machine configured as a self-hosted runner? For example, private SSH keys, API access tokens, among others.
 * Does the machine have network access to sensitive services? For example, Azure or AWS metadata services. The amount of sensitive information in this environment should be kept to a minimum, and you should always be mindful that any user capable of invoking workflows has access to this environment.
 
@@ -370,10 +368,12 @@ Once you have the config file from the REST API response, you can pass it to the
 A self-hosted runner can be added to various levels in your {% data variables.product.prodname_dotcom %} hierarchy: the enterprise, organization, or repository level. This placement determines who will be able to manage the runner:
 
 **Centralized management:**
+
 * If you plan to have a centralized team own the self-hosted runners, then the recommendation is to add your runners at the highest mutual organization or enterprise level. This gives your team a single location to view and manage your runners.
 * If you only have a single organization, then adding your runners at the organization level is effectively the same approach, but you might encounter difficulties if you add another organization in the future.
 
 **Decentralized management:**
+
 * If each team will manage their own self-hosted runners, then the recommendation is to add the runners at the highest level of team ownership. For example, if each team owns their own organization, then it will be simplest if the runners are added at the organization level too.
 * You could also add runners at the repository level, but this will add management overhead and also increases the numbers of runners you need, since you cannot share runners between repositories.
 

assets/images/help/security-configurations/current-sp-cs-license-usage.png

@@ -50,7 +50,7 @@ To generate credentials for Azure Maps, you must create an application for your
    1. Select **Delegated permissions**.
    1. Under "Select permissions", select "`user_impersonation`".
    1. To save the permissions, click **Add permissions**.
-1. Sign into an Azure Maps account. If you don't have an account, you can create one. For more information, see the [Azure Maps Account](https://www.microsoft.com/maps) website.
+1. Sign into an Azure Maps account. If you don't have an account, you can create one. For more information, see the [Azure Maps Account](https://azure.microsoft.com/en-us/products/azure-maps/) website.
 1. Configure RBAC for Azure Maps. For more information, see [Authentication with Azure Maps](https://learn.microsoft.com/azure/azure-maps/azure-maps-authentication#authorization-with-role-based-access-control) and [Assign Azure roles using the Azure portal](https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal) on Microsoft Learn.
 
    * On your Entra ID tenant, from **Access control (IAM)**, you must assign the role of "Azure Maps Data Reader" to "User, group, or service principal", select the application you created earlier in these instructions, and complete the form.

content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md

@@ -56,7 +56,7 @@ Depending on your environment, the SP metadata for an enterprise on {% data vari
 | :- | :- | :- | :- |
 | SP Entity ID | SP URL, audience restriction | The top-level URL for your enterprise on {% data variables.location.product_location %} | `https://github.com/enterprises/ENTERPRISE` |
 | SP Assertion Consumer Service (ACS) URL | Reply, recipient, or destination URL | URL where IdP sends SAML responses | `https://github.com/enterprises/ENTERPRISE/saml/consume` |
-| SP Single Sign-On (SSO) URL | | URL where IdP begins SSO |  `https://github.com/enterprises/ENTERPRISE/saml/sso` |
+| SP Single Sign-On (SSO) URL | | URL where IdP begins SSO |  `https://github.com/enterprises/ENTERPRISE/sso` |
 
 {% elsif ghes %}
 

content/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-interactive-maps.md

@@ -116,10 +116,6 @@ Number of tasks queued for background processing on the {% data variables.produc
 Monitoring Git maintenance failures can help customers with large and active repositories proactively manage repository health. Occasional "spurious failures" and "retries" are expected, but if a repository consistently shows Git maintenance marked as "failed", we recommend contacting [GitHub Support](https://support.github.com/).
 {% endif %}
 
-### Git Maintenance
-
-Monitoring Git maintenance failures can help customers with large and active repositories proactively manage repository health. Occasional "spurious failures" and "retries" are expected, but if a repository consistently shows Git maintenance marked as "failed", we recommend contacting [GitHub Support](https://support.github.com/).
-
 ### Network
 
 The network interface graphs can be useful in profiling user activity, and throughput of traffic in and out of the {% data variables.product.prodname_ghe_server %} appliance.

content/admin/managing-iam/iam-configuration-reference/saml-configuration-reference.md

@@ -0,0 +1,50 @@
+---
+title: Changing your platform
+shortTitle: Changing platform
+intro: 'How to change the platform that runs {% data variables.location.product_location %}'
+type: how_to
+topics:
+  - Infrastructure
+  - Migration
+  - Enterprise
+versions:
+  ghes: '*'
+---
+
+In some cases, you may need to change the platform on which {% data variables.location.product_location %} runs, such as moving from VMware to Azure.
+
+## Recommendations
+
+You should carefully plan any out migration procedures and consider first testing on a staging environment. For more information, see [AUTOTITLE](/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance).
+
+Moving platforms using a replica will require the least amount of time for the migration process but will require you to make changes to your live environment in order to setup the replication.
+
+Moving via backup and restore will not require any changes to your live environment, however the migration will take a significant amount of time. The specific amount of time to complete the migration will vary based the performance of your backup host, and the network speeds between your backup host and the new instance. Maintenance mode should also be enabled throughout the process otherwise users may be able to make changes which will not be reflected on your new instance.
+
+> [!WARNING]
+> You should not use utilities which convert {% data variables.location.product_location %} from one platform to another. Doing so could cause unintended side effects such as system instability.
+
+## Move platforms using a HA replica
+
+1. Set up a new {% data variables.product.prodname_ghe_server %} instance on your chosen platform. See [AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance).
+1. Configure your new {% data variables.product.prodname_ghe_server %} instance as a replica. See [AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-high-availability/creating-a-high-availability-replica).
+1. Failover to your replica. See [AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-high-availability/initiating-a-failover-to-your-replica-appliance).
+
+## Moving platforms using backup and restore
+
+1. Setup backups for your existing {% data variables.product.prodname_ghe_server %} instance. See [AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance).
+1. Set up a new {% data variables.product.prodname_ghe_server %} instance on your chosen platform. See [AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance).
+1. Communicate the upcoming downtime to your users and enable maintenance mode. For more information, see the following articles.
+
+   * [AUTOTITLE](/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-mandatory-message)
+   * [AUTOTITLE](/admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode)
+1. Create a new backup of your existing {% data variables.product.prodname_ghe_server %} instance.
+1. Restore the backup to your new {% data variables.product.prodname_ghe_server %} instance. If you are using {% data variables.product.prodname_actions %}, see [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled)
+1. Update the DNS to point to the address of your new {% data variables.product.prodname_ghe_server %} instance.
+1. Disable maintenance mode and let users know they can continue normal operations.
+
+## Further reading
+
+* [AUTOTITLE](/admin/overview/about-github-enterprise-server)
+* [AUTOTITLE](/admin/monitoring-and-managing-your-instance/configuring-high-availability/about-high-availability-configuration)
+* [AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance#about-github-enterprise-server-backup-utilities)

content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-the-monitor-dashboards.md

@@ -16,5 +16,6 @@ children:
   - /increasing-storage-capacity
   - /increasing-cpu-or-memory-resources
   - /using-generation-2-virtual-machines
+  - /changing-your-platform
 shortTitle: Update VM & resources
 ---

content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/changing-your-platform.md

@@ -32,7 +32,7 @@ You can view the current license limits and usage for your enterprise.
 {% ifversion ghec %}
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
-   * The "{% data variables.product.prodname_GHAS %}" section shows details of the licenses you currently **consume**.
+   * The "{% data variables.product.prodname_AS %}" section shows details of the licenses you currently **consume**.
    * If you have a volume/subscription license, the number of licenses **available** to use is also displayed.
    * If you run out of licenses, for volume/subscription only, the section is red and reports "Limit exceeded." You should either reduce your use or purchase more licenses.
 
@@ -48,7 +48,7 @@ You can view the current license limits and usage for your enterprise.
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.license-tab %}
 
-   The "{% data variables.product.prodname_GHAS %}" section shows details of the current usage. You can see the total number of licenses used, as well as a table with the number of committers and unique committers for each organization.
+   The "{% data variables.product.prodname_AS %}" section shows details of the current usage. You can see the total number of licenses used, as well as a table with the number of committers and unique committers for each organization.
 
 1. Optionally, to see a detailed breakdown of usage by repositories within an organization, click an organization name to display the "Global code security settings" for the organization.
 

content/admin/monitoring-and-managing-your-instance/updating-the-virtual-machine-and-physical-resources/index.md

@@ -45,8 +45,7 @@ For repositories that are not eligible for default setup, you can configure adva
 A repository must meet all the following criteria to be eligible for default setup, otherwise you need to use advanced setup.
 
 * Advanced setup for {% data variables.product.prodname_code_scanning %} is not already enabled.
-* {% data variables.product.prodname_actions %} are enabled.{% ifversion default-setup-pre-enablement %}
-* Uses Go, JavaScript/TypeScript, Python, or Ruby.{% endif %}
+{% ifversion default-setup-pre-enablement %}* Uses Go, JavaScript/TypeScript, Python, or Ruby.{% endif %}
 {% data reusables.code-scanning.require-actions-ghcs %}
 
 {% ifversion default-setup-pre-enablement %}