Merge branch 'main' into disable-fenced-code-language-rule

content/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md

@@ -162,9 +162,9 @@ Before adding a new SSH key to the ssh-agent to manage your keys, you should hav
 
    The `--apple-use-keychain` option is in Apple's standard version of `ssh-add`. In MacOS versions prior to Monterey (12.0), the `--apple-use-keychain` and `--apple-load-keychain` flags used the syntax `-K` and `-A`, respectively.
 
-  If you don't have Apple's standard version of `ssh-add` installed, you may receive an error. For more information, see "[Error: ssh-add: illegal option -- K](/articles/error-ssh-add-illegal-option-k)."
+   If you don't have Apple's standard version of `ssh-add` installed, you may receive an error. For more information, see "[Error: ssh-add: illegal option -- K](/articles/error-ssh-add-illegal-option-k)."
 
-  If you continue to be prompted for your passphrase, you may need to add the command to your `~/.zshrc` file (or your `~/.bashrc` file for bash).
+   If you continue to be prompted for your passphrase, you may need to add the command to your `~/.zshrc` file (or your `~/.bashrc` file for bash).
 
    {% endnote %}
 

content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md

@@ -210,12 +210,6 @@ A location within a programming artifact, such as a file in the repository or a
 
 The `runAutomationDetails` object contains information that specifies the identity of a run.
 
-{% note %}
-
-**Note:** `runAutomationDetails` is a SARIF v2.1.0 object. If you're using the {% data variables.product.prodname_codeql_cli %}, you can specify the version of SARIF to use. The equivalent object to `runAutomationDetails` is `<run>.automationId` for SARIF v1 and `<run>.automationLogicalId` for SARIF v2.
-
-{% endnote %}
-
 | Name | Required | Description |
 |----|----|----|
 | `id`| {% octicon "x" aria-label="Optional" %} | A string that identifies the category of the analysis and the run ID. Use if you want to upload multiple SARIF files for the same tool and commit, but performed on different languages or different parts of the code. |

content/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists.md

@@ -83,6 +83,6 @@ Instead of tracking a {% data variables.product.prodname_code_scanning %} alert
 ### Creating a tracking issue from the API
 
 1. Begin creating an issue through the API. For more information, see "[Create an issue](/rest/issues/issues#create-an-issue)."
-1. Provide the code scanning link within the body of the issue. You must use the following task list syntax to create the tracked relationship: `- [ ] <full-URL-to-the-code-scanning-alert>`.
+1. Provide the code scanning link within the body of the issue. You must use the following task list syntax to create the tracked relationship: `- [ ] FULL-URL-TO-THE-CODE-SCANNING-ALERT`.
 
    For example, if you add `- [ ] https://github.com/octocat-org/octocat-repo/security/code-scanning/17` to an issue, the issue will track the code scanning alert that has an ID number of 17 in the **Security** tab of the `octocat-repo` repository in the `octocat-org` organization.

content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system.md

@@ -20,6 +20,14 @@ topics:
 redirect_from:
   - /code-security/secure-coding/about-codeql-code-scanning-in-your-ci-system
   - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system
+  # Add redirects from CodeQL runner article
+  - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system
+  - /github/finding-security-vulnerabilities-and-errors-in-your-code/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-code-scanning-in-your-ci-system
+  - /github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system
+  - /github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-codeql-code-scanning-in-your-ci-system
+  - /github/finding-security-vulnerabilities-and-errors-in-your-code/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-code-scanning-in-your-ci-system
+  - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/migrating-from-the-codeql-runner-to-codeql-cli
+  # End redirects from CodeQL runner article
 ---
 <!--UI-LINK: When GitHub Enterprise Server 3.1+ doesn't have GitHub Actions set up, the Security > Code scanning alerts view links to this article.-->
 

content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/index.md

@@ -22,5 +22,4 @@ children:
   - /about-codeql-code-scanning-in-your-ci-system
   - /installing-codeql-cli-in-your-ci-system
   - /configuring-codeql-cli-in-your-ci-system
-  - /migrating-from-the-codeql-runner-to-codeql-cli
 ---

data/graphql/ghae/schema.docs-ghae.graphql

@@ -37257,7 +37257,7 @@ enum RepositoryRuleType {
   DELETION
 
   """
-  Prevent users with push access from force pushing to branches.
+  Prevent users with push access from force pushing to refs.
   """
   NON_FAST_FORWARD
 
@@ -37267,26 +37267,25 @@ enum RepositoryRuleType {
   PULL_REQUEST
 
   """
-  Choose which environments must be successfully deployed to before branches can
-  be merged into a branch that matches this rule.
+  Choose which environments must be successfully deployed to before refs can be merged into a branch that matches this rule.
   """
   REQUIRED_DEPLOYMENTS
 
   """
-  Prevent merge commits from being pushed to matching branches.
+  Prevent merge commits from being pushed to matching refs.
   """
   REQUIRED_LINEAR_HISTORY
 
   """
-  Commits pushed to matching branches must have verified signatures.
+  Commits pushed to matching refs must have verified signatures.
   """
   REQUIRED_SIGNATURES
 
   """
   Choose which status checks must pass before branches can be merged into a
   branch that matches this rule. When enabled, commits must first be pushed to
-  another branch, then merged or pushed directly to a branch that matches this
-  rule after status checks have passed.
+  another branch, then merged or pushed directly to a ref that matches this rule
+  after status checks have passed.
   """
   REQUIRED_STATUS_CHECKS
 
@@ -38150,8 +38149,7 @@ interface RequirableByPullRequest {
 }
 
 """
-Choose which environments must be successfully deployed to before branches can
-be merged into a branch that matches this rule.
+Choose which environments must be successfully deployed to before refs can be merged into a branch that matches this rule.
 """
 type RequiredDeploymentsParameters {
   """
@@ -38161,8 +38159,7 @@ type RequiredDeploymentsParameters {
 }
 
 """
-Choose which environments must be successfully deployed to before branches can
-be merged into a branch that matches this rule.
+Choose which environments must be successfully deployed to before refs can be merged into a branch that matches this rule.
 """
 input RequiredDeploymentsParametersInput {
   """
@@ -38206,7 +38203,7 @@ input RequiredStatusCheckInput {
 """
 Choose which status checks must pass before branches can be merged into a branch
 that matches this rule. When enabled, commits must first be pushed to another
-branch, then merged or pushed directly to a branch that matches this rule after
+branch, then merged or pushed directly to a ref that matches this rule after
 status checks have passed.
 """
 type RequiredStatusChecksParameters {
@@ -38226,7 +38223,7 @@ type RequiredStatusChecksParameters {
 """
 Choose which status checks must pass before branches can be merged into a branch
 that matches this rule. When enabled, commits must first be pushed to another
-branch, then merged or pushed directly to a branch that matches this rule after
+branch, then merged or pushed directly to a ref that matches this rule after
 status checks have passed.
 """
 input RequiredStatusChecksParametersInput {

data/graphql/ghec/schema.docs.graphql

@@ -44908,7 +44908,7 @@ enum RepositoryRuleType {
   DELETION
 
   """
-  Prevent users with push access from force pushing to branches.
+  Prevent users with push access from force pushing to refs.
   """
   NON_FAST_FORWARD
 
@@ -44918,26 +44918,25 @@ enum RepositoryRuleType {
   PULL_REQUEST
 
   """
-  Choose which environments must be successfully deployed to before branches can
-  be merged into a branch that matches this rule.
+  Choose which environments must be successfully deployed to before refs can be merged into a branch that matches this rule.
   """
   REQUIRED_DEPLOYMENTS
 
   """
-  Prevent merge commits from being pushed to matching branches.
+  Prevent merge commits from being pushed to matching refs.
   """
   REQUIRED_LINEAR_HISTORY
 
   """
-  Commits pushed to matching branches must have verified signatures.
+  Commits pushed to matching refs must have verified signatures.
   """
   REQUIRED_SIGNATURES
 
   """
   Choose which status checks must pass before branches can be merged into a
   branch that matches this rule. When enabled, commits must first be pushed to
-  another branch, then merged or pushed directly to a branch that matches this
-  rule after status checks have passed.
+  another branch, then merged or pushed directly to a ref that matches this rule
+  after status checks have passed.
   """
   REQUIRED_STATUS_CHECKS
 
@@ -45841,8 +45840,7 @@ interface RequirableByPullRequest {
 }
 
 """
-Choose which environments must be successfully deployed to before branches can
-be merged into a branch that matches this rule.
+Choose which environments must be successfully deployed to before refs can be merged into a branch that matches this rule.
 """
 type RequiredDeploymentsParameters {
   """
@@ -45852,8 +45850,7 @@ type RequiredDeploymentsParameters {
 }
 
 """
-Choose which environments must be successfully deployed to before branches can
-be merged into a branch that matches this rule.
+Choose which environments must be successfully deployed to before refs can be merged into a branch that matches this rule.
 """
 input RequiredDeploymentsParametersInput {
   """
@@ -45897,7 +45894,7 @@ input RequiredStatusCheckInput {
 """
 Choose which status checks must pass before branches can be merged into a branch
 that matches this rule. When enabled, commits must first be pushed to another
-branch, then merged or pushed directly to a branch that matches this rule after
+branch, then merged or pushed directly to a ref that matches this rule after
 status checks have passed.
 """
 type RequiredStatusChecksParameters {
@@ -45917,7 +45914,7 @@ type RequiredStatusChecksParameters {
 """
 Choose which status checks must pass before branches can be merged into a branch
 that matches this rule. When enabled, commits must first be pushed to another
-branch, then merged or pushed directly to a branch that matches this rule after
+branch, then merged or pushed directly to a ref that matches this rule after
 status checks have passed.
 """
 input RequiredStatusChecksParametersInput {

data/graphql/schema.docs.graphql

@@ -44908,7 +44908,7 @@ enum RepositoryRuleType {
   DELETION
 
   """
-  Prevent users with push access from force pushing to branches.
+  Prevent users with push access from force pushing to refs.
   """
   NON_FAST_FORWARD
 
@@ -44918,26 +44918,25 @@ enum RepositoryRuleType {
   PULL_REQUEST
 
   """
-  Choose which environments must be successfully deployed to before branches can
-  be merged into a branch that matches this rule.
+  Choose which environments must be successfully deployed to before refs can be merged into a branch that matches this rule.
   """
   REQUIRED_DEPLOYMENTS
 
   """
-  Prevent merge commits from being pushed to matching branches.
+  Prevent merge commits from being pushed to matching refs.
   """
   REQUIRED_LINEAR_HISTORY
 
   """
-  Commits pushed to matching branches must have verified signatures.
+  Commits pushed to matching refs must have verified signatures.
   """
   REQUIRED_SIGNATURES
 
   """
   Choose which status checks must pass before branches can be merged into a
   branch that matches this rule. When enabled, commits must first be pushed to
-  another branch, then merged or pushed directly to a branch that matches this
-  rule after status checks have passed.
+  another branch, then merged or pushed directly to a ref that matches this rule
+  after status checks have passed.
   """
   REQUIRED_STATUS_CHECKS
 
@@ -45841,8 +45840,7 @@ interface RequirableByPullRequest {
 }
 
 """
-Choose which environments must be successfully deployed to before branches can
-be merged into a branch that matches this rule.
+Choose which environments must be successfully deployed to before refs can be merged into a branch that matches this rule.
 """
 type RequiredDeploymentsParameters {
   """
@@ -45852,8 +45850,7 @@ type RequiredDeploymentsParameters {
 }
 
 """
-Choose which environments must be successfully deployed to before branches can
-be merged into a branch that matches this rule.
+Choose which environments must be successfully deployed to before refs can be merged into a branch that matches this rule.
 """
 input RequiredDeploymentsParametersInput {
   """
@@ -45897,7 +45894,7 @@ input RequiredStatusCheckInput {
 """
 Choose which status checks must pass before branches can be merged into a branch
 that matches this rule. When enabled, commits must first be pushed to another
-branch, then merged or pushed directly to a branch that matches this rule after
+branch, then merged or pushed directly to a ref that matches this rule after
 status checks have passed.
 """
 type RequiredStatusChecksParameters {
@@ -45917,7 +45914,7 @@ type RequiredStatusChecksParameters {
 """
 Choose which status checks must pass before branches can be merged into a branch
 that matches this rule. When enabled, commits must first be pushed to another
-branch, then merged or pushed directly to a branch that matches this rule after
+branch, then merged or pushed directly to a ref that matches this rule after
 status checks have passed.
 """
 input RequiredStatusChecksParametersInput {

data/learning-tracks/code-security.yml

@@ -219,8 +219,6 @@ code_security_ci:
       /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system
     - >-
       /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system
-    - >-
-      /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/migrating-from-the-codeql-runner-to-codeql-cli
 end_to_end_supply_chain:
   title: End-to-end supply chain
   description: >-

data/release-notes/enterprise-server/3-10/2.yml

@@ -0,0 +1,31 @@
+date: '2023-09-22'
+sections:
+  bugs:
+    - On an instance in a high-availability, geo-replication, or repository cache configuration, prolonged replication issues could occur on replica nodes due to failure of `SpokesRepairRepoReplicaJob` and `SpokesSyncCacheReplicaJob` jobs.
+  known_issues:
+    - |
+      Custom firewall rules are removed during the upgrade process.
+    - |
+      The GitHub Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - |
+      During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
+    - |
+      If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see "[Troubleshooting access to the Management Console](https://docs.github.com/en/[email protected]/admin/configuration/administering-your-instance-from-the-management-console/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account)." [Updated: 2023-02-23]
+    - |
+      On an instance in a high-availability configuration, passive replica nodes accept Git client requests and forward the requests to the primary node.
+    - |
+      If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using `ghe-ssl-ca-certificate-install` are not respected, and connections to the server fail.
+    - |
+      When running `ghe-config-apply`, the process may stall with the message `Deployment is running pending automatic promotion`.
+    - |
+      The `mbind: Operation not permitted` error in the `/var/log/mysql/mysql.err` file can be ignored. MySQL 8 does not gracefully handle when the `CAP_SYS_NICE` capability isn't required, and outputs an error instead of a warning.
+    - |
+      {% data reusables.release-notes.upgrade-mysql8-cannot-start-up %}
+    - |
+      {% data reusables.release-notes.upgrade-to-3-9-or-to-3-10-io-utilization-increase %}
+    - |
+      {% data reusables.release-notes.2023-08-mssql-replication-known-issue %}
+    - |
+      {% data reusables.release-notes.2023-09-config-apply-timeout-hookshot-go-replicas %}
+    - |
+      After an administrator enables maintenance mode from the instance's Management Console UI using Firefox, the administrator is redirected to the Settings page, but maintenance mode is not enabled. To work around this issue, use a different browser.

data/variables/code-scanning.yml

@@ -1,8 +1,5 @@
 # Variables used in code scanning that are not product names
 
-# Deprecated product for running CodeQL analysis outside GitHub
-codeql_runner: 'CodeQL runner'
-
 # Descriptive name for the workflow used to run code scanning using the CodeQL action
 codeql_workflow: 'CodeQL analysis workflow'