Merge branch 'main' into deprecate-3.9

content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/customizing-a-workflow-for-triaging-your-notifications.md

@@ -27,10 +27,10 @@ For an example workflow of removing notifications that are easy to remove or tri
 Choose which type of notifications are most urgent to review and pick a time to review them that's best for you. You might consider the question "Who am I blocking?"
 
 For example, you may decide to check your notifications in this order in the morning during your daily planning time:
-* Pull requests where your review is requested. (filter by `reason:review-requested`)
-* Events where your username is @mentioned, also called direct mentions. (filter by `reason:mention`)
-* Events where a team you're a member of is @mentioned, also called team mentions. (filter by `reason:team-mention`)
-* CI workflow failures for a specific repository. (filter by `reason:ci-activity` and `repo:owner/repo-name` and ensure you've enabled CI activity notifications for workflow failures in your notification settings)
+* Pull requests where your review is requested (filter by `reason:review-requested`)
+* Events where your username is @mentioned, also called direct mentions (filter by `reason:mention`)
+* Events where a team you're a member of is @mentioned, also called team mentions (filter by `reason:team-mention`)
+* CI workflow failures for a specific repository (filter by `reason:ci-activity` and `repo:owner/repo-name` and ensure you've enabled CI activity notifications for workflow failures in your notification settings)
 
   {% tip %}
 

content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/deleting-your-personal-account.md

@@ -49,6 +49,11 @@ For more information, see the following articles.
 * "[AUTOTITLE](/organizations/managing-organization-settings/deleting-an-organization-account)"
 * "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization)"
 
+{% ifversion ghes %}
+> [!NOTE]
+> * You should contact an enterprise owner before deleting your account on {% data variables.product.product_name %}.
+{% endif %}
+
 ## Back up your account data
 
 Before you delete your personal account, make a copy of all repositories, private forks, wikis, issues, and pull requests owned by your account. For more information, see "[AUTOTITLE](/repositories/archiving-a-github-repository/backing-up-a-repository)."

content/actions/using-jobs/assigning-permissions-to-jobs.md

@@ -14,7 +14,7 @@ versions:
 
 {% data reusables.actions.jobs.section-assigning-permissions-to-jobs %}
 
-## Defining access for the `GITHUB_TOKEN` scopes
+## Defining access for the `GITHUB_TOKEN` permissions
 
 {% data reusables.actions.github-token-available-permissions %}
 

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/deleting-users-from-your-instance.md

@@ -0,0 +1,53 @@
+---
+title: Deleting users from your instance
+intro: "You can delete a user's account to permanently remove their data from {% data variables.location.product_location %}."
+versions:
+  ghes: '*'
+type: how_to
+topics:
+  - Access management
+  - Enterprise
+  - Security
+  - User account
+shortTitle: Delete a user
+permissions: Site administrators
+---
+
+## What happens when I delete a user account?
+
+Deleting a user account removes all repositories, forks of private repositories, wikis, issues, pull requests, pages, and packages and container images owned by the user account. By deleting a user account, **you may break software projects and workflows that depend on these things.**
+
+Issues and pull requests the user has created and comments they've made in repositories owned by other users or organizations will not be deleted and will instead be associated with a `ghost` user account.
+
+Once a user account has been deleted, the username will be available for use with a different account on {% data variables.location.product_location %}.
+
+## When can I delete a user account?
+
+You cannot delete a user that is currently an organization owner.
+
+* **If the user is the only owner**: Transfer ownership to another person, or delete the organization. See "[AUTOTITLE](/organizations/managing-organization-settings/transferring-organization-ownership)" and "[AUTOTITLE](/organizations/managing-organization-settings/deleting-an-organization-account)."
+* **If there are other owners**: Remove the user from the organization. See "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization)."
+
+You cannot delete your own user account. If you need to delete your own user account, ask another site administrator to delete your account for you.
+
+## Should I delete or suspend a user account?
+
+{% data variables.product.prodname_dotcom %} recommends suspending users where possible, rather than deleting their accounts. Suspending user accounts on {% data variables.product.product_name %} preserves the history of resources owned by the user account, such as repositories and pull requests, and releases the licensed seat previously consumed by the user. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/suspending-and-unsuspending-users)."
+
+As an alternative to deleting or suspending a user account, to stop a user's repositories being permanently removed from your enterprise you can place a legal hold on the user account. See "[Placing a legal hold on a user or organization](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/placing-a-legal-hold-on-a-user-or-organization)."
+
+## Deleting a user from the site admin dashboard
+
+Before deleting a user account, you should consider if a backup or copy of the repositories, private forks, wikis, issues, and pull requests owned by the user account is required. See "[AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance)" and "[AUTOTITLE](/repositories/archiving-a-github-repository/backing-up-a-repository)."
+
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.search-user %}
+{% data reusables.enterprise_site_admin_settings.click-user %}
+{% data reusables.enterprise_site_admin_settings.admin-top-tab %}
+1. Under "Delete account," in the "Danger Zone" section, click **Delete this account**.
+1. In the "Delete account" dialog box, under "Make sure you want to do this", review the changes. To confirm, enter the username of the account to be deleted.
+1. Click **Delete this account**.
+
+## Further reading
+
+* "[AUTOTITLE](/rest/enterprise-admin/users#delete-a-user)"

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/index.md

@@ -33,10 +33,10 @@ children:
   - /removing-a-member-from-your-enterprise
   - /managing-dormant-users
   - /suspending-and-unsuspending-users
+  - /deleting-users-from-your-instance
   - /placing-a-legal-hold-on-a-user-or-organization
   - /auditing-ssh-keys
   - /rebuilding-contributions-data
   - /enabling-guest-collaborators
 shortTitle: Manage users
 ---
-

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-dormant-users.md

@@ -41,6 +41,8 @@ Dormancy applies to both enterprise members and outside collaborators.
 
 {% ifversion ghes %}
 
+Dormant users are not automatically suspended. Consider suspending dormant users to release license seats. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/suspending-and-unsuspending-users)."
+
 ## Viewing dormant users
 
 {% data reusables.enterprise-accounts.viewing-dormant-users %}

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/suspending-and-unsuspending-users.md

@@ -29,18 +29,17 @@ When you suspend a user, the change takes effect immediately with no notificatio
 ```shell
 $ git clone git@[hostname]:john-doe/test-repo.git
 Cloning into 'test-repo'...
-ERROR: Your account is suspended. Please check with 
+ERROR: Your account is suspended. Please check with
 your installation administrator.
 fatal: The remote end hung up unexpectedly
 ```
 
 Before suspending site administrators, you must demote them to regular users. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/promoting-or-demoting-a-site-administrator)."
 
-{% tip %}
-
-**Note:** If [LDAP Sync is enabled](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync) for {% data variables.location.product_location %}, users are automatically suspended when they're removed from the LDAP directory server. When LDAP Sync is enabled for your instance, normal user suspension methods are disabled.
-
-{% endtip %}
+> [!TIP]
+> * If LDAP Sync is enabled for {% data variables.location.product_location %}, users are automatically suspended based on the scenarios that are described in "[AUTOTITLE](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync)."
+> * A user cannot be suspended or unsuspended from the site admin dashboard or from the command line when LDAP Sync is enabled for your instance.
+> * {% data variables.product.prodname_dotcom %} recommends suspending users where possible, rather than deleting their accounts.
 
 ## Viewing suspended users in the site admin dashboard
 

content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md

@@ -52,6 +52,7 @@ The trial lasts for **{% data reusables.enterprise.ghec-trial-length %} days** a
 * {% data variables.product.prodname_sponsors %}
 * Paid {% data variables.product.prodname_marketplace %} apps
 * {% data variables.product.prodname_github_connect %}
+* {% data variables.large_files.product_name_long %}
 * For {% data variables.product.prodname_actions %}, increased minutes, job concurrency, and {% data variables.actions.hosted_runner %}s
 
 If you invite an existing organization into your trial enterprise, **all of these features will be disabled**. If you remove the organization from the enterprise, the features will be re-enabled.

content/code-security/codeql-cli/codeql-cli-manual/database-bundle.md

@@ -47,24 +47,30 @@ that results, logs, TRAP, or similar should be included.
 
 \[Mandatory] The output file, typically with the extension ".zip".
 
-#### `--include-diagnostics`
+#### `--[no-]include-diagnostics`
 
 Include diagnostics in the bundle.
 
 Available since `v2.16.0`.
 
-#### `--include-results`
+#### `--[no-]include-results`
 
 Include any precomputed query results in the bundle.
 
-#### `--include-temp`
+#### `--[no-]include-logs`
+
+Include the logs directory in the bundle.
+
+Available since `v2.17.6`.
+
+#### `--[no-]include-temp`
 
 Includes the "temp" directory, where any generated packs, queries, and
 suites are located.
 
 Available since `v2.13.3`.
 
-#### `--include-uncompressed-source`
+#### `--[no-]include-uncompressed-source`
 
 Include an uncompressed version of the source archive directory. This is
 necessary for legacy CodeQL plugins (like CodeQL for Eclipse).

content/code-security/codeql-cli/codeql-cli-manual/database-create.md

@@ -54,8 +54,15 @@ Maven project would not be a suitable choice.
 #### `--[no-]overwrite`
 
 \[Advanced] If the database already exists, delete it and proceed with
-this command instead of failing. This option should be used with caution
-as it may recursively delete the entire database directory.
+this command instead of failing. If the directory exists, but it does
+not look like a database, an error will be thrown.
+
+#### `--[no-]force-overwrite`
+
+\[Advanced] If the database already exists, delete it even if it does
+not look like a database and proceed with this command instead of
+failing. This option should be used with caution as it may recursively
+delete the entire database directory.
 
 #### `--codescanning-config=<file>`
 

content/code-security/codeql-cli/codeql-cli-manual/database-init.md

@@ -67,8 +67,15 @@ referred to by their relative path from this directory.
 #### `--[no-]overwrite`
 
 \[Advanced] If the database already exists, delete it and proceed with
-this command instead of failing. This option should be used with caution
-as it may recursively delete the entire database directory.
+this command instead of failing. If the directory exists, but it does
+not look like a database, an error will be thrown.
+
+#### `--[no-]force-overwrite`
+
+\[Advanced] If the database already exists, delete it even if it does
+not look like a database and proceed with this command instead of
+failing. This option should be used with caution as it may recursively
+delete the entire database directory.
 
 #### `--codescanning-config=<file>`
 

content/codespaces/the-githubdev-web-based-editor.md

@@ -15,7 +15,7 @@ redirect_from:
 
 {% note %}
 
-**Note:** The {% data variables.codespaces.serverless %} editor is currently in beta preview. You can provide feedback [in our Discussions](https://github.com/community/community/discussions/categories/general).
+**Note:** The {% data variables.codespaces.serverless %} editor is currently in beta preview. You can provide feedback [in our Discussions](https://github.com/community/community/discussions/categories/codespaces).
 
 {% endnote %}
 

content/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https.md

@@ -40,8 +40,6 @@ All {% data variables.product.prodname_pages %} sites, including sites that are
 
 When you set or change your custom domain in the Pages settings, an automatic DNS check begins. This check determines if your DNS settings are configured to allow {% data variables.product.prodname_dotcom %} to obtain a certificate automatically. If the check is successful, {% data variables.product.prodname_dotcom %} queues a job to request a TLS certificate from [Let's Encrypt](https://letsencrypt.org/). On receiving a valid certificate, {% data variables.product.prodname_dotcom %} automatically uploads it to the servers that handle TLS termination for Pages. When this process completes successfully, a check mark is displayed beside your custom domain name.
 
-Please note that your {% data variables.product.prodname_pages %} site must be publicly available for a Let's Encrypt certificate to be issued. Once the certificate has been issued you may revert the site to private.
-
 The process may take some time. If the process has not completed several minutes after you clicked **Save**, try clicking **Remove** next to your custom domain name. Retype the domain name and click **Save** again. This will cancel and restart the provisioning process.
 
 ## Resolving problems with mixed content

data/reusables/actions/github-token-available-permissions.md

@@ -1,4 +1,4 @@
-You can define the access that the `GITHUB_TOKEN` will permit by specifying `read`, `write`, or `none` as the value of the available scopes within the `permissions` key.
+You can define the access that the `GITHUB_TOKEN` will permit by specifying `read`, `write`, or `none` as the value of the available permissions within the `permissions` key.
 
 ```yaml
 permissions:
@@ -17,9 +17,9 @@ permissions:
   statuses: read|write|none
 ```
 
-If you specify the access for any of these scopes, all of those that are not specified are set to `none`.
+If you specify the access for any of these permissions, all of those that are not specified are set to `none`.
 
-You can use the following syntax to define one of `read-all` or `write-all` access for all of the available scopes:
+You can use the following syntax to define one of `read-all` or `write-all` access for all of the available permissions:
 
 ```yaml
 permissions: read-all
@@ -29,7 +29,7 @@ permissions: read-all
 permissions: write-all
 ```
 
-You can use the following syntax to disable permissions for all of the available scopes:
+You can use the following syntax to disable permissions for all of the available permissions:
 
 ```yaml
 permissions: {}

data/reusables/actions/github-token-permissions.md

@@ -1 +1 @@
-The `GITHUB_TOKEN` secret is set to an access token for the repository each time a job in a workflow begins. You should set the permissions for this access token in the workflow file to grant read access for the `contents` scope and write access for the `packages` scope. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication)."
+The `GITHUB_TOKEN` secret is set to an access token for the repository each time a job in a workflow begins. You should set the permissions for this access token in the workflow file to grant read access for the `contents` permission and write access for the `packages` permission. For more information, see "[AUTOTITLE](/actions/security-guides/automatic-token-authentication)."

data/reusables/actions/github-token-scope-descriptions.md

@@ -1,8 +1,8 @@
-For each of the available scopes, shown in the table below, you can assign one of the permissions: `read`, `write`, or `none`. If you specify the access for any of these scopes, all of those that are not specified are set to `none`.
+For each of the available permissions, shown in the table below, you can assign one of the access levels: `read`, `write`, or `none`. `write` includes `read`. If you specify the access for any of these permissions, all of those that are not specified are set to `none`.
 
-Available scopes and details of what each allows an action to do:
+Available permissions and details of what each allows an action to do:
 
-| Scope | Allows an action using `GITHUB_TOKEN` to |
+| Permission | Allows an action using `GITHUB_TOKEN` to |
 | --- | --- |
 |  `actions` | Work with GitHub Actions. For example, `actions: write` permits an action to cancel a workflow run. For more information, see "[AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions)." |
 {% ifversion artifact-attestations %}|  `attestations` | Work with artifact attestations. For example, `attestations: write` permits an action to generate an artifact attestation for a build. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)" |{% endif %}

data/reusables/actions/jobs/setting-permissions-specific-jobs-example.md

@@ -1,4 +1,4 @@
-This example shows permissions being set for the `GITHUB_TOKEN` that will only apply to the job named `stale`. Write access is granted for the `issues` and `pull-requests` scopes. All other scopes will have no access.
+This example shows permissions being set for the `GITHUB_TOKEN` that will only apply to the job named `stale`. Write access is granted for the `issues` and `pull-requests` permissions. All other permissions will have no access.
 
 ```yaml
 jobs:

data/reusables/actions/workflows/github-token-access.md

@@ -1 +1 @@
-1. Under "Workflow permissions", choose whether you want the `GITHUB_TOKEN` to have read and write access for all scopes (the permissive setting), or just read access for the `contents` {% ifversion actions-default-workflow-permissions-restrictive %}and `packages` scopes{% else %}scope{% endif %} (the restricted setting).
+1. Under "Workflow permissions", choose whether you want the `GITHUB_TOKEN` to have read and write access for all permissions (the permissive setting), or just read access for the `contents` {% ifversion actions-default-workflow-permissions-restrictive %}and `packages` permissions{% else %}permission{% endif %} (the restricted setting).

src/audit-logs/data/fpt/organization.json

@@ -1924,6 +1924,21 @@
     "description": "A project board was closed.",
     "docs_reference_links": "/issues/organizing-your-work-with-project-boards/managing-project-boards/closing-a-project-board"
   },
+  {
+    "action": "project_collaborator.add",
+    "description": "A collaborator was added to a project.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "project_collaborator.remove",
+    "description": "A collaborator was removed from a project.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "project_collaborator.update",
+    "description": "A project collaborator's permission level was changed.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "project.create",
     "description": "A project board was created.",
@@ -1989,6 +2004,16 @@
     "description": "A view was deleted in a project board.",
     "docs_reference_links": "/issues/planning-and-tracking-with-projects/customizing-views-in-your-project/managing-your-views"
   },
+  {
+    "action": "project.visibility_private",
+    "description": "A project's visibility was changed from public to private.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "project.visibility_public",
+    "description": "A project's visibility was changed from private to public.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "protected_branch.authorized_users_teams",
     "description": "The users, teams, or integrations allowed to bypass a branch protection were changed.",