diff --git a/content/admin/monitoring-and-managing-your-instance/additional-nodes/configuring-additional-nodes.md b/content/admin/monitoring-and-managing-your-instance/additional-nodes/configuring-additional-nodes.md index 9a5acd906303..853945b20e53 100644 --- a/content/admin/monitoring-and-managing-your-instance/additional-nodes/configuring-additional-nodes.md +++ b/content/admin/monitoring-and-managing-your-instance/additional-nodes/configuring-additional-nodes.md @@ -10,6 +10,11 @@ category: - Scale your instance --- +{% ifversion ghes < 3.21 %} +> [!NOTE] +> Support for additional nodes in a high availability configuration is currently in {% data variables.release-phases.public_preview %} and subject to change. +{% endif %} + For {% data variables.product.prodname_ghe_server %} customers looking to scale horizontally, migrating to and operating a cluster is an option, but is resource-intensive and time-consuming. As an alternative, we recommend adding nodes to an HA configuration. The terms "additional node" and "stateless node" are used interchangeably throughout this article. Stateless nodes can only be added to HA deployments that contain at least one replica. diff --git a/content/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps.md b/content/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps.md index 9f20b652cf54..ce727cda4d12 100644 --- a/content/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps.md +++ b/content/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps.md @@ -34,7 +34,7 @@ Like {% data variables.product.prodname_oauth_apps %}, {% data variables.product {% data variables.product.prodname_github_apps %} can be installed directly on {% ifversion enterprise-installed-apps %}enterprises, {% endif %}organizations and personal accounts and granted access to specific repositories. They come with built-in webhooks and narrow, specific permissions. {% ifversion enterprise-apps-public-beta %} -You can also create an enterprise-owned {% data variables.product.prodname_github_app %} that can only be installed on{% ifversion enterprise-installed-apps %} the enterprise itself or{% endif %} organizations within your enterprise, and can only be authorized by members of your enterprise. For more information, see [AUTOTITLE](/admin/managing-your-enterprise-account/creating-github-apps-for-your-enterprise). +You can also create an enterprise-owned {% data variables.product.prodname_github_app %} that can only be installed on{% ifversion enterprise-installed-apps %} the enterprise itself or{% endif %} organizations within your enterprise, and can only be authorized by members of your enterprise. For more information, see [AUTOTITLE](/admin/managing-github-apps-for-your-enterprise/creating-github-apps-for-your-enterprise). {% endif %} {% data reusables.apps.app_manager_role %} @@ -78,7 +78,7 @@ Some examples of automations you could create with a {% data variables.product.p ### {% data variables.product.prodname_github_apps %} that respond to webhooks -If you want your app to respond to events on {% data variables.product.prodname_dotcom %}, your app should subscribe to webhooks. For example, you may want your app to leave a comment when a pull request is opened. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/using-webhooks-with-github-apps). +If you want your app to respond to events on {% data variables.product.prodname_dotcom %}, your app should subscribe to webhooks. For example, you may want your app to leave a comment when a pull request is opened. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps). {% ifversion enterprise-installed-apps %} Apps installed on enterprises do not currently support webhooks, and must be installed on an organization to receive them. diff --git a/content/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app.md b/content/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app.md index 2f770ff973b0..f69db73d7617 100644 --- a/content/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app.md +++ b/content/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app.md @@ -14,19 +14,19 @@ category: ## Select the minimum permissions required -When you register a {% data variables.product.prodname_github_app %}, select the minimum permissions that your {% data variables.product.prodname_github_app %} needs. If any keys or tokens for your app become compromised, this will limit the amount of damage that can occur. For more information about how to choose permissions, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/choosing-permissions-for-a-github-app). +When you register a {% data variables.product.prodname_github_app %}, select the minimum permissions that your {% data variables.product.prodname_github_app %} needs. If any keys or tokens for your app become compromised, this will limit the amount of damage that can occur. For more information about how to choose permissions, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). When your {% data variables.product.prodname_github_app %} creates an installation access token or user access token, you can further limit the repositories that the app can access and the permissions that the token has. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app) and [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app). ## Stay under the rate limit -Subscribe to webhook events instead of polling the API for data. This will help your {% data variables.product.prodname_github_app %} stay within the API rate limit. For more information, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/using-webhooks-with-github-apps) and [AUTOTITLE](/apps/creating-github-apps/guides/building-a-github-app-that-responds-to-webhook-events). +Subscribe to webhook events instead of polling the API for data. This will help your {% data variables.product.prodname_github_app %} stay within the API rate limit. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps) and [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events). -Consider using conditional requests to help you stay within the rate limit. For more information about conditional requests, see [AUTOTITLE](/rest/guides/best-practices-for-using-the-rest-api). +Consider using conditional requests to help you stay within the rate limit. For more information about conditional requests, see [AUTOTITLE](/rest/using-the-rest-api/best-practices-for-using-the-rest-api). -If possible, consider using consolidated GraphQL queries instead of REST API requests to help you stay within rate limits. For more information, see [AUTOTITLE](/rest/overview/about-githubs-apis) and [AUTOTITLE](/graphql). +If possible, consider using consolidated GraphQL queries instead of REST API requests to help you stay within rate limits. For more information, see [AUTOTITLE](/rest/about-the-rest-api/comparing-githubs-rest-api-and-graphql-api) and [AUTOTITLE](/graphql). -If you do hit a rate limit and need to retry an API request, use the `x-ratelimit-reset` or `Retry-After` response headers. If these headers are not available, wait for an exponentially increasing amount of time between retries, and throw an error after a specific number of retries. For more information, see [AUTOTITLE](/rest/guides/best-practices-for-integrators#dealing-with-rate-limits). +If you do hit a rate limit and need to retry an API request, use the `x-ratelimit-reset` or `Retry-After` response headers. If these headers are not available, wait for an exponentially increasing amount of time between retries, and throw an error after a specific number of retries. For more information, see [AUTOTITLE](/rest/using-the-rest-api/best-practices-for-using-the-rest-api). ## Secure your app's credentials @@ -128,13 +128,13 @@ Only subscribe to the webhook events that your app needs. This will help reduce You should set a webhook secret for your {% data variables.product.prodname_github_app %} and verify that the signature of incoming webhook events matches the secret. This helps to ensure that the incoming webhook event is a valid {% data variables.product.company_short %} event. -For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/using-webhooks-with-github-apps#securing-your-webhooks-with-a-webhook-secret). For an example, see [AUTOTITLE](/apps/creating-github-apps/guides/building-a-github-app-that-responds-to-webhook-events). +For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps#securing-your-webhooks-with-a-webhook-secret). For an example, see [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events). ## Allow time for users to accept new permissions When you add repository or organization permissions to your {% data variables.product.prodname_github_app %}, users who have the app installed on their personal account or organization will receive an email prompting them to review the new permissions. Until the user approves the new permissions, their app installation will only receive the old permissions. -When you update permissions, you should consider making your app backwards compatible to give your users time to accept the new permissions. You can use the [installation webhook with the `new_permissions_accepted` action property](/webhooks-and-events/webhooks/webhook-events-and-payloads?actionType=new_permissions_accepted#installation) to learn when users accept new permissions for your app. +When you update permissions, you should consider making your app backwards compatible to give your users time to accept the new permissions. You can use the [installation webhook with the `new_permissions_accepted` action property](/webhooks/webhook-events-and-payloads?actionType=new_permissions_accepted#installation) to learn when users accept new permissions for your app. ## Use services in a secure manner @@ -151,8 +151,8 @@ If your {% data variables.product.prodname_github_app %} is available to other u ## Further reading {% ifversion fpt or ghec %} -* [AUTOTITLE](/apps/publishing-apps-to-github-marketplace/creating-apps-for-github-marketplace/security-best-practices-for-apps) -* [AUTOTITLE](/apps/publishing-apps-to-github-marketplace/creating-apps-for-github-marketplace/customer-experience-best-practices-for-apps) +* [AUTOTITLE](/apps/github-marketplace/creating-apps-for-github-marketplace/security-best-practices-for-apps-on-github-marketplace) +* [AUTOTITLE](/apps/github-marketplace/creating-apps-for-github-marketplace/customer-experience-best-practices-for-apps) {% endif %} * [AUTOTITLE](/webhooks/using-webhooks/best-practices-for-using-webhooks) -* [AUTOTITLE](/rest/guides/best-practices-for-integrators) +* [AUTOTITLE](/rest/using-the-rest-api/best-practices-for-using-the-rest-api) diff --git a/content/apps/creating-github-apps/about-creating-github-apps/deciding-when-to-build-a-github-app.md b/content/apps/creating-github-apps/about-creating-github-apps/deciding-when-to-build-a-github-app.md index 1b5f6df47f39..641835dc9b2e 100644 --- a/content/apps/creating-github-apps/about-creating-github-apps/deciding-when-to-build-a-github-app.md +++ b/content/apps/creating-github-apps/about-creating-github-apps/deciding-when-to-build-a-github-app.md @@ -20,7 +20,7 @@ Both {% data variables.product.prodname_oauth_apps %} and {% data variables.prod For more information, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps). -For information on how to migrate an existing {% data variables.product.prodname_oauth_app %} to a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/guides/migrating-oauth-apps-to-github-apps). +For information on how to migrate an existing {% data variables.product.prodname_oauth_app %} to a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/migrating-oauth-apps-to-github-apps). ### {% data variables.product.prodname_github_apps %} offer enhanced security @@ -42,7 +42,7 @@ Similar to {% data variables.product.prodname_oauth_apps %}, {% data variables.p ### {% data variables.product.prodname_github_apps %} have scalable rate limits -The rate limit for {% data variables.product.prodname_github_apps %} using an installation access token scales with the number of repositories and number of organization users. Conversely, {% data variables.product.prodname_oauth_apps %} have lower rate limits and do not scale. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/rate-limits-for-github-apps). +The rate limit for {% data variables.product.prodname_github_apps %} using an installation access token scales with the number of repositories and number of organization users. Conversely, {% data variables.product.prodname_oauth_apps %} have lower rate limits and do not scale. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/rate-limits-for-github-apps). ### {% data variables.product.prodname_github_apps %} have built in webhooks @@ -56,7 +56,7 @@ In general, {% data variables.product.prodname_github_apps %} and {% data variab * {% ifversion enterprise-installed-apps %}Not every enterprise-level API supports {% data variables.product.prodname_github_apps %} at this time. New permissions are being added to support more APIs. Check [AUTOTITLE](/enterprise-cloud@latest/rest/authentication/permissions-required-for-github-apps) to review the list of supported enterprise permissions and APIs.{% else %}Enterprise-level resources such as the enterprise object itself are not available to {% data variables.product.prodname_github_apps %}. This means that {% data variables.product.prodname_github_apps %} cannot call endpoints like `GET /enterprise/settings/license`. However, enterprise-owned organization and repository resources are available.{% endif %} * Some requests may return incomplete data depending on the permissions and repository access that was granted to an {% data variables.product.prodname_github_app %}. For example, if your app makes a request to get all repositories that a user can access, the response will only include the repositories that the app was also granted access to. -For more information about the REST API endpoints that are available to {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/rest/overview/endpoints-available-for-github-apps). +For more information about the REST API endpoints that are available to {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/rest/authentication/endpoints-available-for-github-app-installation-access-tokens). ## Choosing between a {% data variables.product.prodname_github_app %} or a {% data variables.product.pat_generic %} @@ -64,7 +64,7 @@ For more information about the REST API endpoints that are available to {% data You can use {% data variables.product.pat_generic_plural %} for API testing or short-lived scripts. Since a {% data variables.product.pat_generic %} is associated with a user, your automation could break if the user no longer has access to the resources you need. A {% data variables.product.prodname_github_app %} installed on an {% ifversion enterprise-installed-apps %}enterprise or {% endif %}organization is not dependent on a user. Additionally, unlike a user, a {% data variables.product.prodname_github_app %} does not consume a {% data variables.product.company_short %} {% ifversion enterprise-licensing-language %}license{% else %}seat{% endif %}. -{% data variables.product.company_short %} supports two types of {% data variables.product.pat_generic_plural %}, but recommends that you use {% data variables.product.pat_v2 %}s instead of {% data variables.product.pat_v1_plural %} whenever possible. For more information about {% data variables.product.pat_generic_plural %}, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#types-of-personal-access-tokens). +{% data variables.product.company_short %} supports two types of {% data variables.product.pat_generic_plural %}, but recommends that you use {% data variables.product.pat_v2 %}s instead of {% data variables.product.pat_v1_plural %} whenever possible. For more information about {% data variables.product.pat_generic_plural %}, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#types-of-personal-access-tokens). ## Choosing between a {% data variables.product.prodname_github_app %} or {% data variables.product.prodname_actions %} @@ -74,7 +74,7 @@ _{% data variables.product.prodname_actions %}_ provide automation that can perf _{% data variables.product.prodname_github_apps %}_ run persistently on a server or compute infrastructure that you provide or run on a user device. They can react to {% data variables.product.company_short %} webhook events as well as events from outside the {% data variables.product.prodname_dotcom %} ecosystem. They are a good option for operations that span multiple repositories or organizations, or for providing hosted services to other organizations and enterprises. A {% data variables.product.prodname_github_app %} is the best choice when building a tool with functions that occur primarily outside of {% data variables.product.prodname_dotcom %} or require more execution time or permissions than what a {% data variables.product.prodname_actions %} workflow is allotted. -For more information about comparing {% data variables.product.prodname_actions %} to {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/actions/concepts/overview/github-actions-vs-github-apps#comparing-github-actions-to-github-apps). +For more information about comparing {% data variables.product.prodname_actions %} to {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/actions/get-started/actions-vs-apps#comparing-github-actions-to-github-apps). You can use a {% data variables.product.prodname_github_app %} to authenticate in a {% data variables.product.prodname_actions %} -workflow if the built in `GITHUB_TOKEN` does not have sufficient permissions. For more information, see [AUTOTITLE](/apps/creating-github-apps/guides/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow). +workflow if the built in `GITHUB_TOKEN` does not have sufficient permissions. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow). diff --git a/content/apps/creating-github-apps/about-creating-github-apps/migrating-oauth-apps-to-github-apps.md b/content/apps/creating-github-apps/about-creating-github-apps/migrating-oauth-apps-to-github-apps.md index d0bd8ee04893..79c05eda5665 100644 --- a/content/apps/creating-github-apps/about-creating-github-apps/migrating-oauth-apps-to-github-apps.md +++ b/content/apps/creating-github-apps/about-creating-github-apps/migrating-oauth-apps-to-github-apps.md @@ -25,7 +25,7 @@ category: * Scalable rate limits * Built-in webhooks -For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps#using-a-github-app-instead-of-an-oauth-app). +For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps#using-a-github-app-instead-of-an-oauth-app). ## Converting an {% data variables.product.prodname_oauth_app %} to a {% data variables.product.prodname_github_app %} @@ -35,19 +35,19 @@ The following steps provide an overview of how to migrate from an {% data variab Re-familiarize yourself with the code for your {% data variables.product.prodname_oauth_app %}. The API requests that your {% data variables.product.prodname_oauth_app %} makes will help you decide what permissions to select for your {% data variables.product.prodname_github_app %}. -Additionally, there are a few REST API endpoints that are not available for {% data variables.product.prodname_oauth_apps %}. Verify that any REST endpoints that you use are available for {% data variables.product.prodname_github_apps %} by reviewing [AUTOTITLE](/rest/overview/endpoints-available-for-github-apps). +Additionally, there are a few REST API endpoints that are not available for {% data variables.product.prodname_oauth_apps %}. Verify that any REST endpoints that you use are available for {% data variables.product.prodname_github_apps %} by reviewing [AUTOTITLE](/rest/authentication/endpoints-available-for-github-app-installation-access-tokens). ### 2. Register a {% data variables.product.prodname_github_app %} -Register a new {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/creating-a-github-app). +Register a new {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). Compared to an {% data variables.product.prodname_oauth_app %}, you have more control over {% data variables.product.prodname_github_app %} settings. Some key additions are: * Unlike an {% data variables.product.prodname_oauth_app %}, which always acts on behalf of a user, you can make your {% data variables.product.prodname_github_app %} take actions as itself or on behalf of a user. If you do not want your new {% data variables.product.prodname_github_app %} to take actions on behalf of a user, you can skip the "Identifying and authorizing users" settings. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app). -* You can use webhooks to notify your {% data variables.product.prodname_github_app %} when specific events occur. Unlike webhooks for {% data variables.product.prodname_oauth_apps %}, which you must configure via the API for each repository or organization, webhooks are built into {% data variables.product.prodname_github_apps %}. When you register your {% data variables.product.prodname_github_app %}, you can select the webhook events that you want to receive. Additionally, if your {% data variables.product.prodname_oauth_app %} currently uses polling to determine if an event had occurred, consider subscribing to webhooks instead to help your {% data variables.product.prodname_github_app %} stay within the rate limit. For more information, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/using-webhooks-with-github-apps). +* You can use webhooks to notify your {% data variables.product.prodname_github_app %} when specific events occur. Unlike webhooks for {% data variables.product.prodname_oauth_apps %}, which you must configure via the API for each repository or organization, webhooks are built into {% data variables.product.prodname_github_apps %}. When you register your {% data variables.product.prodname_github_app %}, you can select the webhook events that you want to receive. Additionally, if your {% data variables.product.prodname_oauth_app %} currently uses polling to determine if an event had occurred, consider subscribing to webhooks instead to help your {% data variables.product.prodname_github_app %} stay within the rate limit. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps). -* With an {% data variables.product.prodname_oauth_app %}, you request scopes when a user authorizes your app. With a {% data variables.product.prodname_github_app %}, you specify permissions in the app settings. These permissions are more granular than scopes and enable you to only select the permissions that your app needs. Additionally, these permissions are mapped to REST API endpoints and webhook events, so you can easily determine what permissions your {% data variables.product.prodname_github_app %} needs in order to access a specific REST API endpoint or subscribe to a specific webhook. Permissions are not currently documented for GraphQL requests. For more information, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/choosing-permissions-for-a-github-app). +* With an {% data variables.product.prodname_oauth_app %}, you request scopes when a user authorizes your app. With a {% data variables.product.prodname_github_app %}, you specify permissions in the app settings. These permissions are more granular than scopes and enable you to only select the permissions that your app needs. Additionally, these permissions are mapped to REST API endpoints and webhook events, so you can easily determine what permissions your {% data variables.product.prodname_github_app %} needs in order to access a specific REST API endpoint or subscribe to a specific webhook. Permissions are not currently documented for GraphQL requests. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). ### 3. Modify the code for your app @@ -61,13 +61,13 @@ You will need to update your app's code to handle API authentication for your {% * As an app installation, in order to take actions on behalf of itself. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation). * On behalf of a user, in order to attribute actions to a user. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user). -If you are using {% data variables.product.company_short %}'s official Octokit.js library, you can use the built-in `App` object to authenticate. For examples, see [AUTOTITLE](/rest/guides/scripting-with-the-rest-api-and-javascript) and [AUTOTITLE](/apps/creating-github-apps/guides/building-a-github-app-that-responds-to-webhook-events). +If you are using {% data variables.product.company_short %}'s official Octokit.js library, you can use the built-in `App` object to authenticate. For examples, see [AUTOTITLE](/rest/guides/scripting-with-the-rest-api-and-javascript) and [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events). #### Review rate limits -Review the differences in rate limits between {% data variables.product.prodname_oauth_apps %} and {% data variables.product.prodname_github_apps %}. {% data variables.product.prodname_github_apps %} use sliding rules for rate limits, which can increase based on the number of repositories and number of users in the organization. For more information, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/rate-limits-for-github-apps). +Review the differences in rate limits between {% data variables.product.prodname_oauth_apps %} and {% data variables.product.prodname_github_apps %}. {% data variables.product.prodname_github_apps %} use sliding rules for rate limits, which can increase based on the number of repositories and number of users in the organization. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/rate-limits-for-github-apps). -If possible, consider using conditional requests and subscribing to webhooks instead of polling to help you stay within rate limits. For more information about conditional requests, see [AUTOTITLE](/rest/guides/best-practices-for-using-the-rest-api). For more information about using webhooks with your {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/using-webhooks-with-github-apps) and [AUTOTITLE](/apps/creating-github-apps/guides/building-a-github-app-that-responds-to-webhook-events). +If possible, consider using conditional requests and subscribing to webhooks instead of polling to help you stay within rate limits. For more information about conditional requests, see [AUTOTITLE](/rest/using-the-rest-api/best-practices-for-using-the-rest-api). For more information about using webhooks with your {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps) and [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events). #### Test your code @@ -75,7 +75,7 @@ Test your new {% data variables.product.prodname_github_app %} to make sure that ### 4. Publicize your new {% data variables.product.prodname_github_app %} -If you want other accounts to be able to use your new {% data variables.product.prodname_github_app %}, make sure that your app is public.{% ifversion fpt or ghec %} If you want to make your {% data variables.product.prodname_github_app %} more discoverable, list your app in {% data variables.product.prodname_marketplace %}. {% endif %}For more information, see {% ifversion ghec or fpt %}[AUTOTITLE](/apps/publishing-apps-to-github-marketplace/github-marketplace-overview/about-github-marketplace) and {% endif %}[AUTOTITLE](/apps/creating-github-apps/creating-github-apps/making-a-github-app-public-or-private). +If you want other accounts to be able to use your new {% data variables.product.prodname_github_app %}, make sure that your app is public.{% ifversion fpt or ghec %} If you want to make your {% data variables.product.prodname_github_app %} more discoverable, list your app in {% data variables.product.prodname_marketplace %}. {% endif %}For more information, see {% ifversion ghec or fpt %}[AUTOTITLE](/apps/github-marketplace/github-marketplace-overview/about-github-marketplace-for-apps) and {% endif %}[AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/making-a-github-app-public-or-private). ### 5. Instruct your users to migrate @@ -108,7 +108,7 @@ For more information about authorizing {% data variables.product.prodname_github #### Encourage your users to revoke {% data variables.product.prodname_oauth_app %} access -You should also encourage your users to revoke access for your old {% data variables.product.prodname_oauth_app %}. This will help you fully transition away from your {% data variables.product.prodname_oauth_app %} and will help keep your users' data secure. For more information, see [AUTOTITLE](/apps/oauth-apps/using-oauth-apps/reviewing-your-authorized-applications-oauth). +You should also encourage your users to revoke access for your old {% data variables.product.prodname_oauth_app %}. This will help you fully transition away from your {% data variables.product.prodname_oauth_app %} and will help keep your users' data secure. For more information, see [AUTOTITLE](/apps/oauth-apps/using-oauth-apps/reviewing-your-authorized-oauth-apps). #### Update any interfaces or documentation @@ -118,9 +118,9 @@ You should update any user interface or documentation related to your app to ref When a user installs your {% data variables.product.prodname_github_app %} and grants access to a repository, you should remove any webhooks for your old {% data variables.product.prodname_oauth_app %}. If your new {% data variables.product.prodname_github_app %} and your old {% data variables.product.prodname_oauth_app %} respond to webhooks for the same event, the user may observe duplicate behavior. -To remove repository webhooks, you can listen for the `installation_repositories` webhook with the `added` action. When your {% data variables.product.prodname_github_app %} receives that event, you can use the REST API to delete the webhook on those repositories for your {% data variables.product.prodname_oauth_app %}. For more information, see [AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads?actionType=added#installation_repositories) and [AUTOTITLE](/rest/webhooks#delete-a-repository-webhook). +To remove repository webhooks, you can listen for the `installation_repositories` webhook with the `added` action. When your {% data variables.product.prodname_github_app %} receives that event, you can use the REST API to delete the webhook on those repositories for your {% data variables.product.prodname_oauth_app %}. For more information, see [AUTOTITLE](/webhooks/webhook-events-and-payloads?actionType=added#installation_repositories) and [AUTOTITLE](/rest/repos/webhooks#delete-a-repository-webhook). -Similarly, to remove organization webhooks, you can listen for the `installation` webhook with the `created` action. When your {% data variables.product.prodname_github_app %} receives that event for an organization, you can use the REST API to delete the webhook on that organization and corresponding repositories for your {% data variables.product.prodname_oauth_app %}. For more information, see [AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads?actionType=created#installation), [AUTOTITLE](/rest/orgs/webhooks#delete-an-organization-webhook), and [AUTOTITLE](/rest/webhooks#delete-a-repository-webhook). +Similarly, to remove organization webhooks, you can listen for the `installation` webhook with the `created` action. When your {% data variables.product.prodname_github_app %} receives that event for an organization, you can use the REST API to delete the webhook on that organization and corresponding repositories for your {% data variables.product.prodname_oauth_app %}. For more information, see [AUTOTITLE](/webhooks/webhook-events-and-payloads?actionType=created#installation), [AUTOTITLE](/rest/orgs/webhooks#delete-an-organization-webhook), and [AUTOTITLE](/rest/repos/webhooks#delete-a-repository-webhook). ### 7. Delete your old {% data variables.product.prodname_oauth_app %} diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app.md index dcdf030b5e49..e7b4eef66fa1 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app.md @@ -27,4 +27,4 @@ To authenticate as an installation, your app will use an installation access tok ## Authentication on behalf of a user -To authenticate on behalf of a user, your app will use a user access token. Your app should authenticate on behalf of a user when you want to attribute app activity to a user. Similar to authenticating as an app installation, your app can access resources that are owned by the user or organization that installed the app. Authenticating on behalf of a user is ideal when you want to ensure that your app only takes actions that could be performed by a specific user. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps) and [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app). +To authenticate on behalf of a user, your app will use a user access token. Your app should authenticate on behalf of a user when you want to attribute app activity to a user. Similar to authenticating as an app installation, your app can access resources that are owned by the user or organization that installed the app. Authenticating on behalf of a user is ideal when you want to ensure that your app only takes actions that could be performed by a specific user. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user) and [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app). diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md index f2416cd945a0..207ca3da59fe 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation.md @@ -12,7 +12,7 @@ category: ## About authentication as a {% data variables.product.prodname_github_app %} installation -Once your {% data variables.product.prodname_github_app %} is installed on an account, you can make it authenticate as an app installation for API requests. This allows the app to access resources owned by that installation, as long as the app was granted the necessary repository access and permissions. API requests made by an app installation are attributed to the app. For more information about installing GitHub Apps, see [Installing GitHub Apps](/developers/apps/managing-github-apps/installing-github-apps). +Once your {% data variables.product.prodname_github_app %} is installed on an account, you can make it authenticate as an app installation for API requests. This allows the app to access resources owned by that installation, as long as the app was granted the necessary repository access and permissions. API requests made by an app installation are attributed to the app. For more information about installing GitHub Apps, see [AUTOTITLE](/apps/using-github-apps/installing-your-own-github-app). For example, if you want your app to change the `Status` field of an issue on a project owned by an organization called "octo-org," then you would authenticate as the octo-org installation of your app. The timeline of the issue would state that your app updated the status. @@ -26,7 +26,7 @@ You can also use an installation access token to authenticate for HTTP-based Git Requests made with an installation access token are sometimes called "server-to-server" requests. -For more information about authenticating as an app on behalf of a user instead of as an app installation, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps). +For more information about authenticating as an app on behalf of a user instead of as an app installation, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user). ## Using an installation access token to authenticate as an app installation @@ -40,7 +40,7 @@ To authenticate as an installation with an installation access token, first use To authenticate with an installation access token, include it in the `Authorization` header of an API request. The access token will work with both the GraphQL API and the REST API. -Your app must have the required permissions to use the endpoint. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/choosing-permissions-for-a-github-app). +Your app must have the required permissions to use the endpoint. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). In the following example, replace `INSTALLATION_ACCESS_TOKEN` with an installation access token: @@ -87,7 +87,7 @@ You can use {% data variables.product.company_short %}'s Octokit.js SDK to authe 1. Use an `octokit` method to make a request to the API. - Your app must have the required permissions to use the endpoint. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/choosing-permissions-for-a-github-app). + Your app must have the required permissions to use the endpoint. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). For example, to make a request to the GraphQL API: @@ -113,7 +113,7 @@ The Octokit.js SDK also passes a pre-authenticated `octokit` instance to webhook 1. Get the ID of your {% data variables.product.prodname_github_app %}. You can find your app's ID on the settings page for your {% data variables.product.prodname_github_app %}. For more information about navigating to the settings page for your {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration#navigating-to-your-github-app-settings). 1. Generate a private key. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps). -1. Get the webhook secret that you specified in your app's settings. For more information about webhook secrets, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/using-webhooks-with-github-apps#securing-your-webhooks-with-a-webhook-secret). +1. Get the webhook secret that you specified in your app's settings. For more information about webhook secrets, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps#securing-your-webhooks-with-a-webhook-secret). 1. Import `App` from `octokit`. Create a new instance of `App`. In the following example, replace `APP_ID` with a reference to your app's ID. Replace `PRIVATE_KEY` with a reference to your app's private key. Replace `WEBHOOK_SECRET` with the your app's webhook secret. ```javascript copy diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md index 4656ebb0d386..1a830b334ffa 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md @@ -23,17 +23,17 @@ A user access token is a type of OAuth token. Unlike a traditional OAuth token, Similarly, a user access token can only access resources that both the user and app can access. For example, if an app is granted access to repository `A` and `B`, and the user can access repository `B` and `C`, the user access token can access repository `B` but not `A` or `C`. You can use the REST API to check which installations and which repositories within an installation a user access token can access. For more information, see `GET /user/installations` and `GET /user/installations/{installation_id}/repositories` in [AUTOTITLE](/rest/apps/installations). -When you make API requests with a user access token, the rate limits for user access tokens apply. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/rate-limits-for-github-apps). +When you make API requests with a user access token, the rate limits for user access tokens apply. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/rate-limits-for-github-apps). By default, the user access token expires after 8 hours. You can use a refresh token to regenerate a user access token. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens). -Users can revoke their authorization of a {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation). If a user revokes their authorization of a {% data variables.product.prodname_github_app %}, the app will receive the `github_app_authorization` webhook. {% data variables.product.prodname_github_apps %} cannot unsubscribe from this event. If your app receives this webhook, you should stop calling the API on behalf of the user who revoked the token. If your app continues to use a revoked access token, it will receive the `401 Bad Credentials` error. For more information about this webhook, see [AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#github_app_authorization). +Users can revoke their authorization of a {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation). If a user revokes their authorization of a {% data variables.product.prodname_github_app %}, the app will receive the `github_app_authorization` webhook. {% data variables.product.prodname_github_apps %} cannot unsubscribe from this event. If your app receives this webhook, you should stop calling the API on behalf of the user who revoked the token. If your app continues to use a revoked access token, it will receive the `401 Bad Credentials` error. For more information about this webhook, see [AUTOTITLE](/webhooks/webhook-events-and-payloads#github_app_authorization). -You should keep user access tokens and refresh tokens secure. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +You should keep user access tokens and refresh tokens secure. For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app). ## Using the web application flow to generate a user access token -If your app runs in the browser, you should use the web application flow to generate a user access token. For a tutorial about using the web application flow, see [AUTOTITLE](/apps/creating-github-apps/guides/using-the-web-application-flow-to-generate-a-user-access-token-for-a-github-app). +If your app runs in the browser, you should use the web application flow to generate a user access token. For a tutorial about using the web application flow, see [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-login-with-github-button-with-a-github-app). 1. Direct the user to this URL, and add any necessary query parameters from the following list of parameters: `{% data variables.product.oauth_host_code %}/login/oauth/authorize`. For example, this URL specifies the `client_id` and `state` parameters: `{% data variables.product.oauth_host_code %}/login/oauth/authorize?client_id=12345&state=abcdefg`. @@ -60,9 +60,9 @@ If your app runs in the browser, you should use the web application flow to gene ## Using the device flow to generate a user access token -If your app is headless or does not have access to a browser, you should use the device flow to generate a user access token. For example, CLI tools, simple Raspberry Pis, and desktop applications should use the device flow. For a tutorial that uses device flow, see [AUTOTITLE](/apps/creating-github-apps/guides/building-a-cli-with-a-github-app). +If your app is headless or does not have access to a browser, you should use the device flow to generate a user access token. For example, CLI tools, simple Raspberry Pis, and desktop applications should use the device flow. For a tutorial that uses device flow, see [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-cli-with-a-github-app). -Before you can use the device flow, you must first enable it in your app's settings. For more information on enabling device flow, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app). +Before you can use the device flow, you must first enable it in your app's settings. For more information on enabling device flow, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration). The device flow uses the [OAuth 2.0 Device Authorization Grant](https://datatracker.ietf.org/doc/html/rfc8628). @@ -101,7 +101,7 @@ The device flow uses the [OAuth 2.0 Device Authorization Grant](https://datatrac | `incorrect_client_credentials` | For the device flow, you must pass your app's client ID, which you can find on your app settings page. The client ID is different from the app ID and client secret. | `incorrect_device_code` | The `device_code` provided is not valid. | `access_denied` | When a user clicks cancel during the authorization process, you'll receive an `access_denied` error, and the user won't be able to use the verification code again. - | `device_flow_disabled` | Device flow has not been enabled in the app's settings. For more information on enabling device flow, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app). + | `device_flow_disabled` | Device flow has not been enabled in the app's settings. For more information on enabling device flow, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration). 1. Once the user has entered the `user_code`, {% data variables.product.company_short %} will give a response that includes the following query parameters: @@ -169,4 +169,4 @@ When you request a user access token via the device flow, the `grant_type` param If the user for whom you are trying to generate a user access token has not verified their primary email address with {% data variables.product.company_short %}, you will receive an `unverified_user_email` error. -To resolve this error, prompt the user to verify the primary email address on their {% data variables.product.company_short %} account. For more information, see {% ifversion fpt or ghec %}[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address).{% else %}[AUTOTITLE](/free-pro-team@latest/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address) in the {% data variables.product.prodname_free_user %} documentation.{% endif %} +To resolve this error, prompt the user to verify the primary email address on their {% data variables.product.company_short %} account. For more information, see {% ifversion fpt or ghec %}[AUTOTITLE](/account-and-profile/how-tos/email-preferences/verifying-your-email-address).{% else %}[AUTOTITLE](/free-pro-team@latest/account-and-profile/how-tos/email-preferences/verifying-your-email-address) in the {% data variables.product.prodname_free_user %} documentation.{% endif %} diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app.md index 57f4eff342af..f329d30ff3cf 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app.md @@ -17,7 +17,7 @@ In order to authenticate as an app installation, you must generate an installati > [!NOTE] > Instead of generating an installation access token, you can use {% data variables.product.company_short %}'s Octokit SDKs to authenticate as an app. The SDK will take care of generating an installation access token for you and will regenerate the token once it expires. For more information about authenticating as an app installation, see [Authenticating as a GitHub App installation](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation). -You should keep your installation access token secure. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +You should keep your installation access token secure. For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app). {% data reusables.apps.ghs-stateless-token-format %} diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow.md index 717971f8b71e..629013d3148c 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow.md @@ -15,16 +15,16 @@ category: ## About {% data variables.product.prodname_actions %} authentication -If you need to make authenticated API requests in a {% data variables.product.prodname_actions %} workflow or need to execute a custom action that requires a token, you should use the built-in `GITHUB_TOKEN` if possible. However, the `GITHUB_TOKEN` can only access resources within the workflow's repository. If you need to access additional resources, such as resources in an organization or in another repository, you can use a {% data variables.product.prodname_github_app %}. For more information about why you might use a {% data variables.product.prodname_github_app %} over a {% data variables.product.pat_generic %}, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps#choosing-between-a-github-app-or-a-personal-access-token). +If you need to make authenticated API requests in a {% data variables.product.prodname_actions %} workflow or need to execute a custom action that requires a token, you should use the built-in `GITHUB_TOKEN` if possible. However, the `GITHUB_TOKEN` can only access resources within the workflow's repository. If you need to access additional resources, such as resources in an organization or in another repository, you can use a {% data variables.product.prodname_github_app %}. ## Authenticating with a {% data variables.product.prodname_github_app %} In order to use a {% data variables.product.prodname_github_app %} to make authenticated API requests, you must register a {% data variables.product.prodname_github_app %}, store your app's credentials, and install your app. Once this is done, you can use your app to create an installation access token, which can be used to make authenticated API requests in a {% data variables.product.prodname_actions %} workflow. You can also pass the installation access token to a custom action that requires a token. -1. Register a {% data variables.product.prodname_github_app %}. Give your {% data variables.product.prodname_github_app %} registration the necessary permissions to access the desired resources. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app) and [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/choosing-permissions-for-a-github-app). -1. Store the client ID of your {% data variables.product.prodname_github_app %} as a {% data variables.product.prodname_actions %} configuration variable. You can find the client ID on the settings page for your app. The client ID is different from the app ID. For more information about navigating to the settings page for your {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration#navigating-to-your-github-app-settings). For more information about storing configuration variables, see [AUTOTITLE](/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows). -1. Generate a private key for your app. Store the contents of the resulting file as a secret. (Store the entire contents of the file, including `-----BEGIN RSA PRIVATE KEY-----` and `-----END RSA PRIVATE KEY-----`.) For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps). For more information about storing secrets, see [AUTOTITLE](/actions/security-guides/encrypted-secrets). -1. Install the {% data variables.product.prodname_github_app %} on the right account and grant it permissions and access to any repositories that you want your workflow to access. For more information, see [AUTOTITLE](/apps/maintaining-github-apps/installing-github-apps#installing-your-private-github-app-on-your-repository). +1. Register a {% data variables.product.prodname_github_app %}. Give your {% data variables.product.prodname_github_app %} registration the necessary permissions to access the desired resources. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app) and [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). +1. Store the client ID of your {% data variables.product.prodname_github_app %} as a {% data variables.product.prodname_actions %} configuration variable. You can find the client ID on the settings page for your app. The client ID is different from the app ID. For more information about navigating to the settings page for your {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration#navigating-to-your-github-app-settings). For more information about storing configuration variables, see [AUTOTITLE](/actions/how-tos/write-workflows/choose-what-workflows-do/use-variables#defining-configuration-variables-for-multiple-workflows). +1. Generate a private key for your app. Store the contents of the resulting file as a secret. (Store the entire contents of the file, including `-----BEGIN RSA PRIVATE KEY-----` and `-----END RSA PRIVATE KEY-----`.) For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps). For more information about storing secrets, see [AUTOTITLE](/actions/how-tos/write-workflows/choose-what-workflows-do/use-secrets). +1. Install the {% data variables.product.prodname_github_app %} on the right account and grant it permissions and access to any repositories that you want your workflow to access. For more information, see [AUTOTITLE](/apps/using-github-apps/installing-your-own-github-app). 1. In your {% data variables.product.prodname_actions %} workflow, create an installation access token, which you can use to make API requests. To do this, you can use a {% data variables.product.company_short %}-owned action as demonstrated in the following example. If you prefer to not use this action, you can fork and modify the [`actions/create-github-app-token` action](https://github.com/actions/create-github-app-token), or you can write a script to make your workflow create an installation token manually. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation). diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps.md index 9c7bfe198074..099418ac915b 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps.md @@ -71,4 +71,4 @@ Alternatively, you can store the key as an environment variable. This is not as You should not hard-code your private key in your app, even if your code is stored in a private repository. -For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app). diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens.md index 74ede039fe42..c540effdb6dc 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens.md @@ -27,7 +27,7 @@ If your refresh token expires before you use it, you can regenerate a user acces ## Configuring your app to use user access tokens that expire -When you create your app, expiration of user access tokens is enabled unless you opt out. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app). You can also configure this setting after your app has been created. +When you create your app, expiration of user access tokens is enabled unless you opt out. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). You can also configure this setting after your app has been created. {% data reusables.apps.settings-step %} {% data reusables.apps.enterprise-apps-steps %} diff --git a/content/apps/creating-github-apps/registering-a-github-app/about-the-setup-url.md b/content/apps/creating-github-apps/registering-a-github-app/about-the-setup-url.md index 2263b829f8ee..54fdf157635e 100644 --- a/content/apps/creating-github-apps/registering-a-github-app/about-the-setup-url.md +++ b/content/apps/creating-github-apps/registering-a-github-app/about-the-setup-url.md @@ -20,9 +20,9 @@ If you specify a setup URL, you can also select **Redirect on update** to specif > When {% data variables.product.company_short %} redirects users to the setup URL, it includes an `installation_id` query parameter. Bad actors can hit this URL with a spoofed `installation_id`. Therefore, you should not rely on the validity of the `installation_id` parameter. Instead, you should generate a user access token for the user who installed the {% data variables.product.prodname_github_app %} and then check that the installation is associated with that user. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app). {% ifversion fpt or ghec %} -Although the setup URL is optional during {% data variables.product.prodname_github_app %} registration, it is required if you want to allow users to purchase your app in {% data variables.product.prodname_marketplace %}. For more information, see [AUTOTITLE](/apps/publishing-apps-to-github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials). +Although the setup URL is optional during {% data variables.product.prodname_github_app %} registration, it is required if you want to allow users to purchase your app in {% data variables.product.prodname_marketplace %}. For more information, see [AUTOTITLE](/apps/github-marketplace/using-the-github-marketplace-api-in-your-app/handling-new-purchases-and-free-trials). {% endif %} -The setup URL is different from the callback URL. Users are redirected to the setup URL after they install a {% data variables.product.prodname_github_app %}. Users are redirected to the callback URL when they authorize a {% data variables.product.prodname_github_app %} via the web application flow. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-the-user-authorization-callback-url). +The setup URL is different from the callback URL. Users are redirected to the setup URL after they install a {% data variables.product.prodname_github_app %}. Users are redirected to the callback URL when they authorize a {% data variables.product.prodname_github_app %} via the web application flow. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/about-the-user-authorization-callback-url). -For more information about registering a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app). For more information about modifying a {% data variables.product.prodname_github_app %} registration, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app). +For more information about registering a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). For more information about modifying a {% data variables.product.prodname_github_app %} registration, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration). diff --git a/content/apps/creating-github-apps/registering-a-github-app/about-the-user-authorization-callback-url.md b/content/apps/creating-github-apps/registering-a-github-app/about-the-user-authorization-callback-url.md index e390944f295b..0f58b5e98ec3 100644 --- a/content/apps/creating-github-apps/registering-a-github-app/about-the-user-authorization-callback-url.md +++ b/content/apps/creating-github-apps/registering-a-github-app/about-the-user-authorization-callback-url.md @@ -17,6 +17,6 @@ When you register a {% data variables.product.prodname_github_app %}, you can sp You can specify up to 10 callback URLs. If you specify multiple callback URLs, you can use the `redirect_uri` parameter when you prompt the user to authorize your {% data variables.product.prodname_github_app %}, to indicate which callback URL the user should be redirected to. If you do not specify `redirect_uri`, the first callback URL will be used. For more information about using the `redirect_uri` parameter, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app). -The callback URL is different from the setup URL. Users are redirected to the setup URL after they install a {% data variables.product.prodname_github_app %}. Users are redirected to the callback URL when they authorize a {% data variables.product.prodname_github_app %} via the web application flow. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-the-setup-url). +The callback URL is different from the setup URL. Users are redirected to the setup URL after they install a {% data variables.product.prodname_github_app %}. Users are redirected to the callback URL when they authorize a {% data variables.product.prodname_github_app %} via the web application flow. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/about-the-setup-url). -For more information about generating user access tokens, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app). For more information about registering a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app). For more information about modifying a {% data variables.product.prodname_github_app %} registration, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app). +For more information about generating user access tokens, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app). For more information about registering a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). For more information about modifying a {% data variables.product.prodname_github_app %} registration, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration). diff --git a/content/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app.md b/content/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app.md index cda4fbcbf2f5..0da58392950b 100644 --- a/content/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app.md +++ b/content/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app.md @@ -41,7 +41,7 @@ When a user installs an app on their user account or organization, they see and The success of an API request with a user access token depends on the user's permissions as well as the app's permissions. For example, if the app was granted permission to write the contents of a repository, but the user can only read the contents, then the user access token can only read the contents. The success of an API request with an installation access token only depends on the app's permissions. -For more information about specifying permissions during {% data variables.product.prodname_github_app %} registration, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app). +For more information about specifying permissions during {% data variables.product.prodname_github_app %} registration, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). Some webhooks and API access requires "Administration" permissions. If your app requires "Administration" permissions, consider explaining this requirement on your app's homepage. This will help users understand why your app needs a high level permission. @@ -53,11 +53,11 @@ You can modify the permissions for apps you own or manage at any time.{% ifversi * When an enterprise app manager modifies the permissions of an app owned by an **enterprise account**, the changes are automatically accepted by organizations in the enterprise where the app manager is also an organization owner.{% endif %} * When you modify the permissions of an app owned by a **user or organization**,{% else %} When you do so,{% endif %} the owner of each account where the app was installed will be prompted to approve the new permissions. If the account owner does not approve the new permissions, their installation will continue to use the old permissions. -For more information about modifying permissions, see [AUTOTITLE](/apps/maintaining-github-apps/editing-a-github-apps-permissions). +For more information about modifying permissions, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration). ## Choosing permissions for webhook access -The webhook documentation indicates whether each webhook is available to {% data variables.product.prodname_github_apps %}. For each webhook that you want to subscribe to, refer to the webhook documentation to see what permissions a {% data variables.product.prodname_github_app %} needs to subscribe to that webhook. For more information, see [AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads). +The webhook documentation indicates whether each webhook is available to {% data variables.product.prodname_github_apps %}. For each webhook that you want to subscribe to, refer to the webhook documentation to see what permissions a {% data variables.product.prodname_github_app %} needs to subscribe to that webhook. For more information, see [AUTOTITLE](/webhooks/webhook-events-and-payloads). For example, if you want your app to subscribe to `team` events, your app must have the "Members" organization permission. @@ -65,7 +65,7 @@ On your {% data variables.product.prodname_github_app %} registration page, the ## Choosing permissions for REST API access -The REST API reference documentation for each endpoint states whether the endpoint works with {% data variables.product.prodname_github_apps %} and states what permissions are required in order for the app to use the endpoint. Some endpoints may require multiple permissions, and some endpoints may require one of multiple permissions. For an overview of which REST API endpoints a {% data variables.product.prodname_github_app %} can access with each permission, see [AUTOTITLE](/rest/overview/permissions-required-for-github-apps). +The REST API reference documentation for each endpoint states whether the endpoint works with {% data variables.product.prodname_github_apps %} and states what permissions are required in order for the app to use the endpoint. Some endpoints may require multiple permissions, and some endpoints may require one of multiple permissions. For an overview of which REST API endpoints a {% data variables.product.prodname_github_app %} can access with each permission, see [AUTOTITLE](/rest/authentication/permissions-required-for-github-apps). For example, to use the `GET /orgs/{org}/dependabot/secrets` endpoint, your app must have at least read-level permission for the "organization dependabot secrets" permission. diff --git a/content/apps/creating-github-apps/registering-a-github-app/creating-a-custom-badge-for-your-github-app.md b/content/apps/creating-github-apps/registering-a-github-app/creating-a-custom-badge-for-your-github-app.md index 19a43338e13a..552a28a267ba 100644 --- a/content/apps/creating-github-apps/registering-a-github-app/creating-a-custom-badge-for-your-github-app.md +++ b/content/apps/creating-github-apps/registering-a-github-app/creating-a-custom-badge-for-your-github-app.md @@ -28,7 +28,7 @@ After you register a GitHub App, you can customize your app's badge by uploading {% ifversion fpt or ghec %} -For more information about badges for {% data variables.product.prodname_github_apps %} in {% data variables.product.prodname_marketplace %}, see [AUTOTITLE](/apps/publishing-apps-to-github-marketplace/listing-an-app-on-github-marketplace/writing-a-listing-description-for-your-app#guidelines-for-logos). You can change a custom badge for a GitHub App that already has an approved Marketplace listing by navigating to https://github.com/marketplace/manage. +For more information about badges for {% data variables.product.prodname_github_apps %} in {% data variables.product.prodname_marketplace %}, see [AUTOTITLE](/apps/github-marketplace/listing-an-app-on-github-marketplace/writing-a-listing-description-for-your-app#guidelines-for-logos). You can change a custom badge for a GitHub App that already has an approved Marketplace listing by navigating to https://github.com/marketplace/manage. {% endif %} @@ -53,6 +53,6 @@ For more information about badges for {% data variables.product.prodname_github_ ## Next steps -For more information about listing your {% data variables.product.prodname_github_app %} in {% data variables.product.prodname_marketplace %}, see [AUTOTITLE](/apps/publishing-apps-to-github-marketplace/listing-an-app-on-github-marketplace). +For more information about listing your {% data variables.product.prodname_github_app %} in {% data variables.product.prodname_marketplace %}, see [AUTOTITLE](/apps/github-marketplace/listing-an-app-on-github-marketplace). {% endif %} diff --git a/content/apps/creating-github-apps/registering-a-github-app/making-a-github-app-public-or-private.md b/content/apps/creating-github-apps/registering-a-github-app/making-a-github-app-public-or-private.md index c700fb2b8e33..eb503b3d0a13 100644 --- a/content/apps/creating-github-apps/registering-a-github-app/making-a-github-app-public-or-private.md +++ b/content/apps/creating-github-apps/registering-a-github-app/making-a-github-app-public-or-private.md @@ -36,11 +36,11 @@ If you want your {% data variables.product.prodname_github_app %} to be availabl If it is important for {% ifversion ghes %}other {% endif %}{% data variables.product.prodname_ghe_server %} users to be able to use your tool, consider using {% data variables.product.prodname_actions %} instead of a {% data variables.product.prodname_github_app %}. Public actions are available on {% data variables.product.prodname_ghe_server %} instances with GitHub Connect. For more information, see [AUTOTITLE]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect) and [AUTOTITLE]({% ifversion not ghes %}/enterprise-server@latest{% endif %}/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises){% ifversion ghes %}.{% else %} in the {% data variables.product.prodname_ghe_server %} documentation.{% endif %} -For information about changing the visibility of a {% data variables.product.prodname_github_app %} registration, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app). +For information about changing the visibility of a {% data variables.product.prodname_github_app %} registration, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration). ### Public installation flow -Public {% data variables.product.prodname_github_apps %} have a landing page with an **Install** button, so that other people can install the app on their accounts. {% ifversion fpt or ghec %}If your {% data variables.product.prodname_github_app %} is public to all users on {% data variables.product.github %}, you can also choose to publish it to {% data variables.product.prodname_marketplace %}. For more information, see [AUTOTITLE](/apps/publishing-apps-to-github-marketplace/github-marketplace-overview/about-github-marketplace).{% endif %} +Public {% data variables.product.prodname_github_apps %} have a landing page with an **Install** button, so that other people can install the app on their accounts. {% ifversion fpt or ghec %}If your {% data variables.product.prodname_github_app %} is public to all users on {% data variables.product.github %}, you can also choose to publish it to {% data variables.product.prodname_marketplace %}. For more information, see [AUTOTITLE](/apps/github-marketplace/github-marketplace-overview/about-github-marketplace-for-apps).{% endif %} ### Private installation flow diff --git a/content/apps/creating-github-apps/registering-a-github-app/rate-limits-for-github-apps.md b/content/apps/creating-github-apps/registering-a-github-app/rate-limits-for-github-apps.md index 66e28901cfaa..95205e0e603f 100644 --- a/content/apps/creating-github-apps/registering-a-github-app/rate-limits-for-github-apps.md +++ b/content/apps/creating-github-apps/registering-a-github-app/rate-limits-for-github-apps.md @@ -23,9 +23,9 @@ category: API rate limits are disabled by default for {% data variables.product.prodname_ghe_server %}. Contact your site administrator to confirm the rate limits for your instance. -If you are a site administrator, you can set rate limits for your instance. For more information, see [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits). +If you are a site administrator, you can set rate limits for your instance. For more information, see [AUTOTITLE](/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits). -If you are developing an app for users or organizations outside of your instance, the standard {% data variables.product.github %} rate limits apply. For more information, see [AUTOTITLE](/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api) and [AUTOTITLE](/free-pro-team@latest/graphql/overview/resource-limitations) in the {% data variables.product.prodname_free_user %} documentation. +If you are developing an app for users or organizations outside of your instance, the standard {% data variables.product.github %} rate limits apply. For more information, see [AUTOTITLE](/free-pro-team@latest/rest/using-the-rest-api/rate-limits-for-the-rest-api) and [AUTOTITLE](/free-pro-team@latest/graphql/overview/rate-limits-and-query-limits-for-the-graphql-api) in the {% data variables.product.prodname_free_user %} documentation. {% else %} @@ -33,6 +33,6 @@ If you are developing an app for users or organizations outside of your instance The rate limit for {% data variables.product.prodname_github_app %}s depends on whether the app authenticates with a user access token or an installation access token. It also depends on where the app is owned by or installed on a {% data variables.product.prodname_ghe_cloud %} organization. -For more information, see [AUTOTITLE](/rest/overview/rate-limits-for-the-rest-api) and [AUTOTITLE](/graphql/overview/resource-limitations). +For more information, see [AUTOTITLE](/rest/using-the-rest-api/rate-limits-for-the-rest-api) and [AUTOTITLE](/graphql/overview/rate-limits-and-query-limits-for-the-graphql-api). {% endif %} diff --git a/content/apps/creating-github-apps/registering-a-github-app/registering-a-github-app.md b/content/apps/creating-github-apps/registering-a-github-app/registering-a-github-app.md index 97d274f772f7..c6911c792bc7 100644 --- a/content/apps/creating-github-apps/registering-a-github-app/registering-a-github-app.md +++ b/content/apps/creating-github-apps/registering-a-github-app/registering-a-github-app.md @@ -25,7 +25,7 @@ You can register a {% data variables.product.prodname_github_app %} in a few dif * Under your **personal account**. * Under an **organization you own**. -* Under an **organization** that has granted you permission to manage all its apps. See [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/adding-github-app-managers-in-your-organization).{% ifversion enterprise-apps-public-beta %} +* Under an **organization** that has granted you permission to manage all its apps. See [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization).{% ifversion enterprise-apps-public-beta %} * Under your **enterprise**, but it can only be installed on{% ifversion enterprise-installed-apps %} that enterprise and{% endif %} organizations within the enterprise. {% endif %} @@ -48,22 +48,22 @@ You can register a {% data variables.product.prodname_github_app %} in a few dif If your app does not need to act on behalf of a user (does not need to generate a user access token), this field will be ignored. If your app uses device flow instead of web application flow to generate a user access token, this field will be ignored. - For more information about the callback URL, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-the-user-authorization-callback-url). For more information about generating a user access token to act on behalf of a user, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user) and [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app). + For more information about the callback URL, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/about-the-user-authorization-callback-url). For more information about generating a user access token to act on behalf of a user, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user) and [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app). 1. Optionally, to prevent user access tokens from expiring, deselect **Expire user authorization tokens**. {% data variables.product.company_short %} strongly recommends that you leave this option selected. For more information about refreshing expired tokens and the benefits of user access tokens that expire, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens). If your app does not need to generate a user access token, this field will be ignored. 1. Optionally, to prompt users to authorize your app when they install it, select **Request user authorization (OAuth) during installation**. If a user authorizes your app, your app can generate a user access token to make API requests on the user's behalf and attribute app activity to the user. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user) and [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app). 1. Optionally, if you want to use device flow to generate a user access token, select **Enable Device Flow**. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app). -1. Optionally, under "Setup URL", enter the URL to redirect users to after they install your app. If additional setup is required after installation, you can use this URL to tell users what steps to take after installation. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-the-setup-url). +1. Optionally, under "Setup URL", enter the URL to redirect users to after they install your app. If additional setup is required after installation, you can use this URL to tell users what steps to take after installation. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/about-the-setup-url). If you selected **Request user authorization (OAuth) during installation** in an earlier step, you will not be able to enter a URL here. Users will instead be redirected to the Callback URL as part of the authorization flow, where you can describe additional setup. 1. Optionally, if you want to redirect users to the setup URL after they update an installation, select **Redirect on update**. An update includes adding or removing a repository for an installation. If "Setup URL" is blank, this will be ignored. -1. Optionally, if you do not want your app to receive webhook events, deselect **Active**. For example, if your app will only be used for authentication or does not need to respond to webhooks, deselect this option. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/using-webhooks-with-github-apps). -1. If you selected **Active** in the previous step, under "Webhook URL", enter the URL that {% data variables.product.company_short %} should send webhook events to. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/using-webhooks-with-github-apps). -1. Optionally, if you selected **Active** in the previous step, under "Webhook secret", enter a secret token to secure your webhooks. {% data variables.product.company_short %} highly recommends that you set a webhook secret. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/using-webhooks-with-github-apps). +1. Optionally, if you do not want your app to receive webhook events, deselect **Active**. For example, if your app will only be used for authentication or does not need to respond to webhooks, deselect this option. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps). +1. If you selected **Active** in the previous step, under "Webhook URL", enter the URL that {% data variables.product.company_short %} should send webhook events to. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps). +1. Optionally, if you selected **Active** in the previous step, under "Webhook secret", enter a secret token to secure your webhooks. {% data variables.product.company_short %} highly recommends that you set a webhook secret. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps). 1. If you entered a webhook URL, under "SSL verification", select whether to enable SSL verification. {% data variables.product.company_short %} highly recommends that you enable SSL verification. -1. Under "Permissions", choose the permissions that your app needs. For each permission, select the dropdown menu and click **Read-only**, **Read & write**, or **No access**. You should select the minimum permissions necessary for your app. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/choosing-permissions-for-a-github-app). -1. If you selected **Active** in the earlier step to indicate that your app should receive webhook events, under "Subscribe to events", select the webhook events that you want your app to receive. The permissions that you selected in the previous step determine what webhook events are available. For more information about each webhook event, see [AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads). -1. Under "Where can this {% data variables.product.prodname_github_app %} be installed?", select **Only on this account** or **Any account**.{% ifversion ghec %} If you use {% data variables.product.prodname_emus %}, **Only on this account** will be disabled for user accounts. Instead of **Any account**, the option will read **This enterprise**.{% endif %} For more information on installation options, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/making-a-github-app-public-or-private).{% ifversion enterprise-apps-public-beta %} - >[!NOTE] If your {% data variables.product.prodname_github_app %} is registered under an enterprise, this step does not apply.{% endif %} +1. Under "Permissions", choose the permissions that your app needs. For each permission, select the dropdown menu and click **Read-only**, **Read & write**, or **No access**. You should select the minimum permissions necessary for your app. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). +1. If you selected **Active** in the earlier step to indicate that your app should receive webhook events, under "Subscribe to events", select the webhook events that you want your app to receive. The permissions that you selected in the previous step determine what webhook events are available. For more information about each webhook event, see [AUTOTITLE](/webhooks/webhook-events-and-payloads). +1. Under "Where can this {% data variables.product.prodname_github_app %} be installed?", select **Only on this account** or **Any account**.{% ifversion ghec %} If you use {% data variables.product.prodname_emus %}, **Only on this account** will be disabled for user accounts. Instead of **Any account**, the option will read **This enterprise**.{% endif %} For more information on installation options, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/making-a-github-app-public-or-private).{% ifversion enterprise-apps-public-beta %} + > [!NOTE] If your {% data variables.product.prodname_github_app %} is registered under an enterprise, this step does not apply.{% endif %} 1. Click **Create {% data variables.product.prodname_github_app %}**. ## Next steps @@ -71,13 +71,13 @@ You can register a {% data variables.product.prodname_github_app %} in a few dif After registering a {% data variables.product.prodname_github_app %}, you will want to write code to make your {% data variables.product.prodname_github_app %} do something. For examples of how to write code, see: * [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/quickstart) -* [AUTOTITLE](/apps/creating-github-apps/guides/building-a-github-app-that-responds-to-webhook-events) -* [AUTOTITLE](/apps/creating-github-apps/guides/building-a-login-with-github-button-with-a-github-app) -* [AUTOTITLE](/apps/creating-github-apps/guides/building-a-cli-with-a-github-app) -* [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow) +* [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events) +* [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-login-with-github-button-with-a-github-app) +* [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-cli-with-a-github-app) +* [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow) -You should aim to follow best practices. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +You should aim to follow best practices. For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app). Once your {% data variables.product.prodname_github_app %} is fully built, you can install your {% data variables.product.prodname_github_app %} and share your {% data variables.product.prodname_github_app %} with others. For more information, see [AUTOTITLE](/apps/using-github-apps/installing-your-own-github-app) and [AUTOTITLE](/apps/sharing-github-apps/sharing-your-github-app). -You can always make changes to the settings for your {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app). +You can always make changes to the settings for your {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration). diff --git a/content/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps.md b/content/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps.md index 6b9be2b5ec1f..e951525fcca5 100644 --- a/content/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps.md +++ b/content/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps.md @@ -15,15 +15,15 @@ category: ## About webhooks and {% data variables.product.prodname_github_apps %} -Webhooks enable your {% data variables.product.prodname_github_app %} to receive real-time notifications when events happen on {% data variables.product.prodname_dotcom %}, such as when someone pushes a commit or opens a pull request in a repository that your app can access. For more information about webhooks, see [AUTOTITLE](/webhooks-and-events/webhooks/about-webhooks). For a tutorial that demonstrates how to use webhooks with a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/guides/building-a-github-app-that-responds-to-webhook-events). +Webhooks enable your {% data variables.product.prodname_github_app %} to receive real-time notifications when events happen on {% data variables.product.prodname_dotcom %}, such as when someone pushes a commit or opens a pull request in a repository that your app can access. For more information about webhooks, see [AUTOTITLE](/webhooks/about-webhooks). For a tutorial that demonstrates how to use webhooks with a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events). -You can configure your {% data variables.product.prodname_github_app %} to receive webhooks for specific events on {% data variables.product.prodname_dotcom %} and automatically take action on them. For more information about the types of webhooks you can receive, see [AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads). +You can configure your {% data variables.product.prodname_github_app %} to receive webhooks for specific events on {% data variables.product.prodname_dotcom %} and automatically take action on them. For more information about the types of webhooks you can receive, see [AUTOTITLE](/webhooks/webhook-events-and-payloads). To receive webhook events in your {% data variables.product.prodname_github_app %}, you must enable webhooks for your {% data variables.product.prodname_github_app %} registration and specify a webhook URL where {% data variables.product.prodname_dotcom %} will send the webhook payloads. If your {% data variables.product.prodname_github_app %} does not need to respond to webhooks or will only be used for authentication, you can turn off the webhook function for your {% data variables.product.prodname_github_app %} registration. You do not need to specify a webhook URL. -For more information about registering a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app). For more information about changing the webhooks that a {% data variables.product.prodname_github_app %} registration subscribes to, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app).{% ifversion enterprise-installed-apps %} +For more information about registering a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). For more information about changing the webhooks that a {% data variables.product.prodname_github_app %} registration subscribes to, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration).{% ifversion enterprise-installed-apps %} Apps installed on an enterprise do not support webhooks at this time. They must be installed on organizations in order to receive webhooks.{% endif %} @@ -41,7 +41,7 @@ You can use Smee to create a unique domain where {% data variables.product.prodn 1. To use Smee to create a unique domain, go to https://smee.io and click **Start a new channel**. 1. On the Smee channel page, follow the instructions under "Use the CLI" to install and run the Smee client. -1. To connect your Smee webhook URL to your {% data variables.product.prodname_github_app %}, enter your unique Smee domain in the "Webhook URL" field on your {% data variables.product.prodname_github_app %} registration page. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app) and [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app). +1. To connect your Smee webhook URL to your {% data variables.product.prodname_github_app %}, enter your unique Smee domain in the "Webhook URL" field on your {% data variables.product.prodname_github_app %} registration page. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app) and [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration). ### Choosing a webhook URL for production @@ -53,14 +53,14 @@ To handle a higher volume of webhook traffic for a large app in production, cons Once you've configured your server to receive payloads, it will listen for any payload sent to the server. For security reasons, you should limit incoming requests to only those originating from {% data variables.product.prodname_dotcom %}. You can do that by creating a webhook secret for your app. -To create a webhook secret for your GitHub App, type a secret token under "Webhook secret" on your {% data variables.product.prodname_github_app %} registration page. You should choose a random string of text with high entropy. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app) and [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app). +To create a webhook secret for your GitHub App, type a secret token under "Webhook secret" on your {% data variables.product.prodname_github_app %} registration page. You should choose a random string of text with high entropy. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app) and [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration). -After creating a webhook secret for your app, you will need to configure your server to securely store and validate the webhook secret token. For more information, see [AUTOTITLE](/webhooks-and-events/webhooks/securing-your-webhooks). +After creating a webhook secret for your app, you will need to configure your server to securely store and validate the webhook secret token. For more information, see [AUTOTITLE](/webhooks/using-webhooks/validating-webhook-deliveries). ## Subscribing to webhook events -You can subscribe your {% data variables.product.prodname_github_app %} to receive webhook payloads for specific events. {% data reusables.apps.webhooks-and-apps %} For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/choosing-permissions-for-a-github-app). +You can subscribe your {% data variables.product.prodname_github_app %} to receive webhook payloads for specific events. {% data reusables.apps.webhooks-and-apps %} For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). For example, if you would like your app to receive a webhook event payload whenever a new issue is opened in your repository, you would first need to give your app permission to access "Issues" under "Repository permissions." Then under "Subscribe to events" you can select "Issues." -For more information about the permissions that are required for each webhook event, see [AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads). +For more information about the permissions that are required for each webhook event, see [AUTOTITLE](/webhooks/webhook-events-and-payloads). diff --git a/content/apps/creating-github-apps/writing-code-for-a-github-app/about-writing-code-for-a-github-app.md b/content/apps/creating-github-apps/writing-code-for-a-github-app/about-writing-code-for-a-github-app.md index dcda3efb1aef..a11ec13b6359 100644 --- a/content/apps/creating-github-apps/writing-code-for-a-github-app/about-writing-code-for-a-github-app.md +++ b/content/apps/creating-github-apps/writing-code-for-a-github-app/about-writing-code-for-a-github-app.md @@ -24,7 +24,7 @@ category: ## Prerequisites -Before you write code for a {% data variables.product.prodname_github_app %}, you should register a {% data variables.product.prodname_github_app %}. When you register a {% data variables.product.prodname_github_app %}, you select permissions for the app. These permissions dictate what the {% data variables.product.prodname_github_app %} can do. When you register an app, you also specify other settings, including which webhook events your {% data variables.product.prodname_github_app %} should receive. You can always change the settings for your {% data variables.product.prodname_github_app %} registration. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app) and [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app). +Before you write code for a {% data variables.product.prodname_github_app %}, you should register a {% data variables.product.prodname_github_app %}. When you register a {% data variables.product.prodname_github_app %}, you select permissions for the app. These permissions dictate what the {% data variables.product.prodname_github_app %} can do. When you register an app, you also specify other settings, including which webhook events your {% data variables.product.prodname_github_app %} should receive. You can always change the settings for your {% data variables.product.prodname_github_app %} registration. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app) and [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration). If you want your {% data variables.product.prodname_github_app %} to access repository and/or organization data, you need to install your {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/using-github-apps/installing-your-own-github-app). @@ -35,17 +35,17 @@ In order for your {% data variables.product.prodname_github_app %} to do somethi For tutorials about how to write code for a {% data variables.product.prodname_github_app %}, see: * [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/quickstart) -* [AUTOTITLE](/apps/creating-github-apps/guides/building-a-github-app-that-responds-to-webhook-events) -* [AUTOTITLE](/apps/creating-github-apps/guides/building-a-login-with-github-button-with-a-github-app) -* [AUTOTITLE](/apps/creating-github-apps/guides/building-a-cli-with-a-github-app) +* [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events) +* [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-login-with-github-button-with-a-github-app) +* [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-cli-with-a-github-app) You can use the credentials from your {% data variables.product.prodname_github_app %} registration to make authenticated requests to {% data variables.product.company_short %}'s APIs. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app). During development, you will likely use your personal computer or codespace to run your {% data variables.product.prodname_github_app %}. You may need to make some modifications to your {% data variables.product.prodname_github_app %} registration during development: -* If your app receives webhooks, you may want to use a webhook proxy URL to forward webhooks from GitHub to your computer or codespace. You will need to update the "Webhook URL" setting in your {% data variables.product.prodname_github_app %} registration to use your webhook proxy URL. For an example, see [AUTOTITLE](/apps/creating-github-apps/guides/building-a-github-app-that-responds-to-webhook-events). +* If your app receives webhooks, you may want to use a webhook proxy URL to forward webhooks from GitHub to your computer or codespace. You will need to update the "Webhook URL" setting in your {% data variables.product.prodname_github_app %} registration to use your webhook proxy URL. For an example, see [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events). -* If your app uses the web application flow to authorize a user, you may want to update the "Callback URL" setting in your {% data variables.product.prodname_github_app %} registration to use a local callback URL. For an example, see [AUTOTITLE](/apps/creating-github-apps/guides/building-a-login-with-github-button-with-a-github-app). +* If your app uses the web application flow to authorize a user, you may want to update the "Callback URL" setting in your {% data variables.product.prodname_github_app %} registration to use a local callback URL. For an example, see [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-login-with-github-button-with-a-github-app). ## Next steps diff --git a/content/apps/creating-github-apps/writing-code-for-a-github-app/building-a-cli-with-a-github-app.md b/content/apps/creating-github-apps/writing-code-for-a-github-app/building-a-cli-with-a-github-app.md index c28d68962111..b9abb38c3bf1 100644 --- a/content/apps/creating-github-apps/writing-code-for-a-github-app/building-a-cli-with-a-github-app.md +++ b/content/apps/creating-github-apps/writing-code-for-a-github-app/building-a-cli-with-a-github-app.md @@ -36,13 +36,13 @@ The CLI will use the device flow to authenticate a user and generate a user acce Your app should use a user access token if you want to attribute the app's actions to a user. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user). -There are two ways to generate a user access token for a {% data variables.product.prodname_github_app %}: web application flow and device flow. You should use the device flow to generate a user access token if your app is headless or does not have access to a web interface. For example, CLI tools, simple Raspberry Pis, and desktop applications should use the device flow. If your app has access to a web interface, you should use web application flow instead. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app) and [AUTOTITLE](/apps/creating-github-apps/guides/using-the-web-application-flow-to-generate-a-user-access-token-for-a-github-app). +There are two ways to generate a user access token for a {% data variables.product.prodname_github_app %}: web application flow and device flow. You should use the device flow to generate a user access token if your app is headless or does not have access to a web interface. For example, CLI tools, simple Raspberry Pis, and desktop applications should use the device flow. If your app has access to a web interface, you should use web application flow instead. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app) and [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-login-with-github-button-with-a-github-app). ## Prerequisites -This tutorial assumes that you have already registered a {% data variables.product.prodname_github_app %}. For more information about registering a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app). +This tutorial assumes that you have already registered a {% data variables.product.prodname_github_app %}. For more information about registering a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). -Before following this tutorial, you must enable device flow for your app. For more information about enabling device flow for your app, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app). +Before following this tutorial, you must enable device flow for your app. For more information about enabling device flow for your app, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration). This tutorial assumes that you have a basic understanding of Ruby. For more information, see [Ruby](https://www.ruby-lang.org). @@ -747,7 +747,7 @@ This tutorial assumes that your app code is stored in a file named `app_cli.rb`. ### Adjust the code to meet your app's needs -This tutorial demonstrated how to write a CLI that uses the device flow to generate a user access token. You can expand this CLI to accept additional commands. For example, you can add a `create-issue` command that opens an issue. Remember to update your app's permissions if your app needs additional permissions for the API requests that you want to make. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/choosing-permissions-for-a-github-app). +This tutorial demonstrated how to write a CLI that uses the device flow to generate a user access token. You can expand this CLI to accept additional commands. For example, you can add a `create-issue` command that opens an issue. Remember to update your app's permissions if your app needs additional permissions for the API requests that you want to make. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). ### Securely store tokens @@ -755,8 +755,8 @@ This tutorial generates a user access token and saves it in a local file. You sh Depending on your device, you may choose different ways to store the token. You should check the best practices for storing tokens on your device. -For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app). ### Follow best practices -You should aim to follow best practices with your {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +You should aim to follow best practices with your {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app). diff --git a/content/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events.md b/content/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events.md index 35e4ea1f6b93..830255f432cb 100644 --- a/content/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events.md +++ b/content/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events.md @@ -28,7 +28,7 @@ For example, you can subscribe your {% data variables.product.prodname_github_ap If your app is running on a server that is listening for these webhook events, then your app can take an action when it receives a webhook event. For example, your app can use the {% data variables.product.company_short %} API to post a comment to the pull request when it receives a pull request webhook event. -For more information, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/using-webhooks-with-github-apps). For information about the possible webhook events and actions, see [AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads). +For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps). For information about the possible webhook events and actions, see [AUTOTITLE](/webhooks/webhook-events-and-payloads). ## Prerequisites @@ -70,14 +70,14 @@ For this tutorial, you must have a {% data variables.product.prodname_github_app * Has the "Pull request" repository permission * Subscribes to the "Pull request" webhook event -The following steps will guide you through registering a {% data variables.product.prodname_github_app %} with these settings. For more information about {% data variables.product.prodname_github_app %} settings, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/creating-a-github-app). +The following steps will guide you through registering a {% data variables.product.prodname_github_app %} with these settings. For more information about {% data variables.product.prodname_github_app %} settings, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). {% data reusables.apps.settings-step %} {% data reusables.apps.enterprise-apps-steps %} 1. Click **New {% data variables.product.prodname_github_app %}**. 1. Under "{% data variables.product.prodname_github_app %} name", enter a name for your app. For example, `USERNAME-webhook-test-app` where `USERNAME` is your {% data variables.product.company_short %} username. 1. Under "Homepage URL", enter a URL for your app. For example, you can use the URL of the repository that you created to store the code for your app. -1. Skip the "Identifying and authorizing users" and "Post installation" sections for this tutorial. For more information about these settings, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/creating-a-github-app). +1. Skip the "Identifying and authorizing users" and "Post installation" sections for this tutorial. For more information about these settings, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). 1. Make sure that **Active** is selected under "Webhooks." 1. Under "Webhook URL", enter your webhook proxy URL from earlier. For more information, see [Get a webhook proxy URL](#get-a-webhook-proxy-url). 1. Under "Webhook secret", enter a random string. You will use this string later. @@ -336,7 +336,7 @@ Now that you have an app that responds to webhook events, you might want to expa This tutorial demonstrated how to post a comment on a pull request in when a pull request was opened. You can update the code to respond to different types of webhook events or to do something different in response to the webhook event. -Remember to update your app's permissions if your app needs additional permissions for the API requests that you want to make or the webhook events you want to receive. For more information, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/setting-permissions-for-github-apps). +Remember to update your app's permissions if your app needs additional permissions for the API requests that you want to make or the webhook events you want to receive. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). This tutorial stored all of the code into a single file, but you may want to move functions and components into separate files. @@ -367,12 +367,12 @@ const host = process.env.NODE_ENV === 'production' ? '0.0.0.0' : 'localhost'; You should never publicize your app's private key or webhook secret. This tutorial stored your app's credentials in a gitignored `.env` file. When you deploy your app, you should choose a secure way to store the credentials and update your code to get the value accordingly. For example, you can store the credentials with a secret management service like [Azure Key Vault](https://azure.microsoft.com/en-us/products/key-vault). When your app runs, it can retrieve the credentials and store them in environment variables on the server where your app is deployed. -For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app). ### Share your app -If you want to share your app with other users and organizations, make your app public. For more information, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/making-a-github-app-public-or-private). +If you want to share your app with other users and organizations, make your app public. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/making-a-github-app-public-or-private). ### Follow best practices -You should aim to follow best practices with your {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +You should aim to follow best practices with your {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app). diff --git a/content/apps/creating-github-apps/writing-code-for-a-github-app/building-a-login-with-github-button-with-a-github-app.md b/content/apps/creating-github-apps/writing-code-for-a-github-app/building-a-login-with-github-button-with-a-github-app.md index 945a356a053c..a1d5717f2e8c 100644 --- a/content/apps/creating-github-apps/writing-code-for-a-github-app/building-a-login-with-github-button-with-a-github-app.md +++ b/content/apps/creating-github-apps/writing-code-for-a-github-app/building-a-login-with-github-button-with-a-github-app.md @@ -29,13 +29,13 @@ This tutorial uses Ruby, but you can use the web application flow with any progr Your app should use a user access token if you want to attribute the app's actions to a user. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user). -There are two ways to generate a user access token for a {% data variables.product.prodname_github_app %}: web application flow and device flow. If your app has access to a web interface, you should use web application flow. If your app does not have access to a web interface, you should use device flow instead. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app) and [AUTOTITLE](/apps/creating-github-apps/guides/building-a-cli-with-a-github-app). +There are two ways to generate a user access token for a {% data variables.product.prodname_github_app %}: web application flow and device flow. If your app has access to a web interface, you should use web application flow. If your app does not have access to a web interface, you should use device flow instead. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app) and [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-cli-with-a-github-app). ## Prerequisites -This tutorial assumes that you have already registered a {% data variables.product.prodname_github_app %}. For more information about registering a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app). +This tutorial assumes that you have already registered a {% data variables.product.prodname_github_app %}. For more information about registering a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). -Before following this tutorial, you must set a callback URL for your app. This tutorial uses a local Sinatra server with the default URL of `http://localhost:4567`. For example, to work with the default URL for a local Sinatra application, your callback URL can be `http://localhost:4567/github/callback`. Once you are ready to deploy your app, you can change the callback URL to use your live server address. For more information about updating the callback URL for your app, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app) and [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-the-user-authorization-callback-url). +Before following this tutorial, you must set a callback URL for your app. This tutorial uses a local Sinatra server with the default URL of `http://localhost:4567`. For example, to work with the default URL for a local Sinatra application, your callback URL can be `http://localhost:4567/github/callback`. Once you are ready to deploy your app, you can change the callback URL to use your live server address. For more information about updating the callback URL for your app, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration) and [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/about-the-user-authorization-callback-url). This tutorial assumes that you have a basic understanding of Ruby and of the Ruby template system, ERB. For more information, see [Ruby](https://www.ruby-lang.org) and [ERB](https://github.com/ruby/erb). @@ -171,7 +171,7 @@ These steps lead you through writing code to generate a user access token. To sk If you have not authorized the app, clicking on the link should take you to `{% data variables.product.oauth_host_code %}/login/oauth/authorize?client_id=CLIENT_ID`, where `CLIENT_ID` is the client ID of your app. This is a {% data variables.product.github %} page that prompts users to authorize your app. If you click the button to authorize your app, you will go to the callback URL for your app. - If you previously authorized your app and the authorization has not been revoked, you will skip the authorization prompt and go directly to the callback URL instead. You can revoke your previous authorization if you want to see the authorization prompt. For more information, see [AUTOTITLE](/apps/using-github-apps/reviewing-your-authorized-integrations). + If you previously authorized your app and the authorization has not been revoked, you will skip the authorization prompt and go directly to the callback URL instead. You can revoke your previous authorization if you want to see the authorization prompt. For more information, see [AUTOTITLE](/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps). 1. The callback URL page, reached by clicking the "Login with {% data variables.product.github %}" link and then authorizing the app if prompted to do so, should display the text similar to "Successfully authorized! Got code agc622abb6135be5d1f2." 1. In your terminal where Sinatra is running, stop the server by entering Ctrl+C. 1. Replace the content of `app.rb` with the following code, where `CALLBACK_URL` is the callback URL for your app, minus the domain. @@ -383,7 +383,7 @@ This tutorial assumes that your app code is stored in a file named `app.rb` and If you have not authorized the app, clicking on the link should take you to `{% data variables.product.oauth_host_code %}/login/oauth/authorize?client_id=CLIENT_ID`, where `CLIENT_ID` is the client ID of your app. This is a {% data variables.product.github %} page that prompts users to authorize your app. If you click the button to authorize your app, you will go to the callback URL for your app. - If you previously authorized your app and the authorization has not been revoked, you will skip the authorization prompt and go directly to the callback URL instead. You can revoke your previous authorization if you want to see the authorization prompt. For more information, see [AUTOTITLE](/apps/using-github-apps/reviewing-your-authorized-integrations). + If you previously authorized your app and the authorization has not been revoked, you will skip the authorization prompt and go directly to the callback URL instead. You can revoke your previous authorization if you want to see the authorization prompt. For more information, see [AUTOTITLE](/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps). 1. The callback URL page, reached by clicking the "Login with {% data variables.product.github %}" link and then authorizing the app if prompted to do so, should display the text similar to "Successfully authorized! Welcome, Mona Lisa (octocat)." 1. In your terminal where Sinatra is running, stop the server by entering Ctrl+C. @@ -398,13 +398,13 @@ For example, you can store the secret in an environment variable on the server w ### Update the callback URL for deployment -This tutorial used a callback URL starting with `http://localhost:4567`. However, `http://localhost:4567` is only available locally to your computer when you start the Sinatra server. Before you deploy your app, you should update the callback URL to use the callback URL that you use in production. For more information about updating the callback URL for your app, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app) and [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-the-user-authorization-callback-url). +This tutorial used a callback URL starting with `http://localhost:4567`. However, `http://localhost:4567` is only available locally to your computer when you start the Sinatra server. Before you deploy your app, you should update the callback URL to use the callback URL that you use in production. For more information about updating the callback URL for your app, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration) and [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/about-the-user-authorization-callback-url). ### Handle multiple callback URLs This tutorial used a single callback URL, but your app can have up to 10 callback URLs. If you want to use multiple callback URLs: -* Add the additional callback URLs to your app. For more information about adding callback URLs, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app). +* Add the additional callback URLs to your app. For more information about adding callback URLs, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration). * When you link to `{% data variables.product.oauth_host_code %}/login/oauth/authorize`, use the `redirect_uri` query parameter to redirect users to the desired callback URL. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app#using-the-web-application-flow-to-generate-a-user-access-token). * In your app code, handle each callback URL, similar to the code block starting in `get "CALLBACK_URL" do`. @@ -416,7 +416,7 @@ Unlike a traditional OAuth token, the user access token does not use scopes so y ### Adjust the code to meet your app's needs -This tutorial demonstrated how to display information about the authenticated user, but you can adjust this code to take other actions. Remember to update your app's permissions if your app needs additional permissions for the API requests that you want to make. For more information, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/choosing-permissions-for-a-github-app). +This tutorial demonstrated how to display information about the authenticated user, but you can adjust this code to take other actions. Remember to update your app's permissions if your app needs additional permissions for the API requests that you want to make. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). This tutorial stored all of the code into a single file, but you may want to move functions and components into separate files. @@ -426,8 +426,8 @@ This tutorial generates a user access token. Unless you opted out of expiration If you plan on interacting further with {% data variables.product.company_short %}'s APIs, you should store the token for future use. If you choose to store the user access token or refresh token, you must store it securely. You should never publicize the token. -For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app). ### Follow best practices -You should aim to follow best practices with your {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +You should aim to follow best practices with your {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app). diff --git a/content/apps/creating-github-apps/writing-code-for-a-github-app/building-ci-checks-with-a-github-app.md b/content/apps/creating-github-apps/writing-code-for-a-github-app/building-ci-checks-with-a-github-app.md index 98b3ac7ed628..b875598592f7 100644 --- a/content/apps/creating-github-apps/writing-code-for-a-github-app/building-ci-checks-with-a-github-app.md +++ b/content/apps/creating-github-apps/writing-code-for-a-github-app/building-ci-checks-with-a-github-app.md @@ -59,7 +59,7 @@ This tutorial assumes you have a basic understanding of the [Ruby programming la Before you get started, you may want to familiarize yourself with the following concepts: * [{% data variables.product.prodname_github_apps %}](/apps) -* [Webhooks](/webhooks-and-events/webhooks/about-webhooks) +* [Webhooks](/webhooks/about-webhooks) * [REST API checks endpoints](/rest/checks) Checks are also available to use with the GraphQL API, but this tutorial focuses on the REST API. For more information about the GraphQL objects, see [Check Suite](/graphql/reference/checks#object-checksuite) and [Check Run](/graphql/reference/checks#object-checkrun) in the GraphQL documentation. @@ -139,7 +139,7 @@ For this tutorial, you must register a {% data variables.product.prodname_github * Has the "Checks" repository permission * Subscribes to the "Check suite" and "Check run" webhook events -The following steps will guide you through configuring a {% data variables.product.prodname_github_app %} with these settings. For more information about {% data variables.product.prodname_github_app %} settings, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/creating-a-github-app). +The following steps will guide you through configuring a {% data variables.product.prodname_github_app %} with these settings. For more information about {% data variables.product.prodname_github_app %} settings, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). {% data reusables.apps.settings-step %} {% data reusables.apps.enterprise-apps-steps %} @@ -448,7 +448,7 @@ The first helper method `get_payload_request` captures the webhook payload and c ##### Verifying the webhook signature -The second helper method `verify_webhook_signature` performs verification of the webhook signature to ensure that {% data variables.product.prodname_dotcom %} generated the event. To learn more about the code in the `verify_webhook_signature` helper method, see [AUTOTITLE](/webhooks-and-events/webhooks/securing-your-webhooks). If the webhooks are secure, this method will log all incoming payloads to your terminal. The logger code is helpful in verifying your web server is working. +The second helper method `verify_webhook_signature` performs verification of the webhook signature to ensure that {% data variables.product.prodname_dotcom %} generated the event. To learn more about the code in the `verify_webhook_signature` helper method, see [AUTOTITLE](/webhooks/using-webhooks/validating-webhook-deliveries). If the webhooks are secure, this method will log all incoming payloads to your terminal. The logger code is helpful in verifying your web server is working. ##### Authenticating as a {% data variables.product.prodname_github_app %} @@ -573,7 +573,7 @@ Your app doesn't do anything yet, but at this point, you can get it running on t ## Test that the server is listening to your app -You can test that the server is listening to your app by triggering an event for it to receive. You'll do that by installing the app on a test repository, which will send the [`installation` event](/webhooks-and-events/webhooks/webhook-events-and-payloads#installation) to your app. If the app receives it, you should see output in the terminal tab where you're running `server.rb`. +You can test that the server is listening to your app by triggering an event for it to receive. You'll do that by installing the app on a test repository, which will send the [`installation` event](/webhooks/webhook-events-and-payloads#installation) to your app. If the app receives it, you should see output in the terminal tab where you're running `server.rb`. 1. Create a new repository to use for testing your tutorial code. For more information, see [AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository). 1. Install the {% data variables.product.prodname_github_app %} on the repository you just created. For more information, see [AUTOTITLE](/apps/using-github-apps/installing-your-own-github-app#installing-your-own-github-app). During the installation process, choose **Only select repositories**, and select the repository you created in the previous step. @@ -607,7 +607,7 @@ These are the steps you'll complete in Part 1: ## Step 1.1. Add event handling -Because your app is subscribed to the **Check suite** and **Check run** events, it will receive the [`check_suite`](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_suite) and [`check_run`](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_run) webhooks. {% data variables.product.prodname_dotcom %} sends webhook payloads as `POST` requests. Because you forwarded your Smee webhook payloads to `http://localhost:3000/event_handler`, your server will receive the `POST` request payloads at the `post '/event_handler'` route. +Because your app is subscribed to the **Check suite** and **Check run** events, it will receive the [`check_suite`](/webhooks/webhook-events-and-payloads#check_suite) and [`check_run`](/webhooks/webhook-events-and-payloads#check_run) webhooks. {% data variables.product.prodname_dotcom %} sends webhook payloads as `POST` requests. Because you forwarded your Smee webhook payloads to `http://localhost:3000/event_handler`, your server will receive the `POST` request payloads at the `post '/event_handler'` route. Open the `server.rb` file that you created in [Add code for your {% data variables.product.prodname_github_app %}](#add-code-for-your-github-app), and look for the following code. An empty `post '/event_handler'` route is already included in the template code. The empty route looks like this: @@ -1162,7 +1162,7 @@ To commit files, Git must know which username and email address to associate wit Next you'll need to add code to read the environment variables and set the Git configuration. You'll add that code soon. -When someone clicks the "Fix this" button, your app receives the [check run webhook](/webhooks-and-events/webhooks/webhook-events-and-payloads#check_run) with the `requested_action` action type. +When someone clicks the "Fix this" button, your app receives the [check run webhook](/webhooks/webhook-events-and-payloads#check_run) with the `requested_action` action type. In [Step 1.3. Update a check run](#step-13-update-a-check-run) you updated the `event_handler` in your `server.rb` file to look for actions in the `check_run` event. You already have a case statement to handle the `created` and `rerequested` action types: @@ -1610,12 +1610,12 @@ set :port, ENV['PORT'] You should never publicize your app's private key or webhook secret. This tutorial stored your app's credentials in a gitignored `.env` file. When you deploy your app, you should choose a secure way to store the credentials and update your code to get the value accordingly. For example, you can store the credentials with a secret management service like [Azure Key Vault](https://azure.microsoft.com/en-us/products/key-vault). When your app runs, it can retrieve the credentials and store them in environment variables on the server where your app is deployed. -For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app). ### Share your app -If you want to share your app with other users and organizations, make your app public. For more information, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/making-a-github-app-public-or-private). +If you want to share your app with other users and organizations, make your app public. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/making-a-github-app-public-or-private). ### Follow best practices -You should aim to follow best practices with your {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +You should aim to follow best practices with your {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app). diff --git a/content/apps/creating-github-apps/writing-code-for-a-github-app/quickstart.md b/content/apps/creating-github-apps/writing-code-for-a-github-app/quickstart.md index 39118d2d66c8..d16bbcef0510 100644 --- a/content/apps/creating-github-apps/writing-code-for-a-github-app/quickstart.md +++ b/content/apps/creating-github-apps/writing-code-for-a-github-app/quickstart.md @@ -15,11 +15,11 @@ category: ## Introduction -{% data variables.product.prodname_github_apps %} let you automate processes or integrate other platforms with {% data variables.product.company_short %}. For more info, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/about-apps). +{% data variables.product.prodname_github_apps %} let you automate processes or integrate other platforms with {% data variables.product.company_short %}. For more info, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps). This quickstart describes how to quickly create a {% data variables.product.prodname_github_app %}. When a pull request is opened in a repository that the app was granted access to, the app will add a comment to the pull request. -This quickstart uses pre-written code to help you get started quickly. For a more detailed tutorial that helps you write the code, see [AUTOTITLE](/apps/creating-github-apps/guides/building-a-github-app-that-responds-to-webhook-events). +This quickstart uses pre-written code to help you get started quickly. For a more detailed tutorial that helps you write the code, see [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events). ## Prerequisites @@ -27,7 +27,7 @@ Your computer or codespace should use Node.js version 12 or greater. For more in ## Step 1: Clone the app code -To help you get started quickly, we wrote code that you can use. If you want to learn how to write the code yourself, see [AUTOTITLE](/apps/creating-github-apps/guides/building-a-github-app-that-responds-to-webhook-events). +To help you get started quickly, we wrote code that you can use. If you want to learn how to write the code yourself, see [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events). 1. Clone the [github/github-app-js-sample](https://github.com/github/github-app-js-sample) repository. For more information, see [AUTOTITLE](/repositories/creating-and-managing-repositories/cloning-a-repository). You may use a local clone or {% data variables.product.prodname_github_codespaces %}. 1. In a terminal window, navigate to the directory where your clone is stored. @@ -43,7 +43,7 @@ In order to develop your app locally, you can use a webhook proxy URL to forward ## Step 3: Register a {% data variables.product.prodname_github_app %} -The following steps will guide you through configuring the app settings that are required for this quickstart. For more information about the settings, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/creating-a-github-app). +The following steps will guide you through configuring the app settings that are required for this quickstart. For more information about the settings, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). {% data reusables.apps.settings-step-personal-orgs %} {% data reusables.user-settings.developer_settings %} @@ -51,7 +51,7 @@ The following steps will guide you through configuring the app settings that are 1. Click **New {% data variables.product.prodname_github_app %}**. 1. Under "{% data variables.product.prodname_github_app %} name", enter a name for your app. For example, `USERNAME-quickstart-app` where `USERNAME` is your {% data variables.product.company_short %} username. 1. Under "Homepage URL", enter `https://github.com/github/github-app-js-sample#readme`. -1. Skip the "Identifying and authorizing users" and "Post installation" sections for this quickstart. For more information about these settings, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/creating-a-github-app). +1. Skip the "Identifying and authorizing users" and "Post installation" sections for this quickstart. For more information about these settings, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). 1. Make sure that **Active** is selected under "Webhooks." 1. Under "Webhook URL", enter your webhook proxy URL from earlier. For more information, see [Step 2: Get a webhook proxy URL](#step-2-get-a-webhook-proxy-url). 1. Under "Webhook secret", enter a random string. You will use this string later. @@ -144,9 +144,9 @@ Now that you have an app, you might want to expand your app's code, deploy your ### Modify the app code -Fork the [github/github-app-js-sample](https://github.com/github/github-app-js-sample) repository and modify the code to respond to different webhook events or to make different API requests. For more information about the code, see [AUTOTITLE](/apps/creating-github-apps/guides/building-a-github-app-that-responds-to-webhook-events). +Fork the [github/github-app-js-sample](https://github.com/github/github-app-js-sample) repository and modify the code to respond to different webhook events or to make different API requests. For more information about the code, see [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events). -Remember to update your app's permissions if your app needs additional permissions for the API requests that you want to make or the webhook events you want to receive. For more information, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/setting-permissions-for-github-apps). +Remember to update your app's permissions if your app needs additional permissions for the API requests that you want to make or the webhook events you want to receive. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). ### Deploy your app @@ -154,14 +154,14 @@ This tutorial used your computer or codespace as a server. Once the app is ready Once you have a server, update the webhook URL in your app settings. You should not use Smee.io to forward your webhooks in production. -You will also need to update the `port` and `host` constants in the code. For more information, see [AUTOTITLE](/apps/creating-github-apps/guides/building-a-github-app-that-responds-to-webhook-events#deploy-your-app). +You will also need to update the `port` and `host` constants in the code. For more information, see [AUTOTITLE](/apps/creating-github-apps/writing-code-for-a-github-app/building-a-github-app-that-responds-to-webhook-events#deploy-your-app). You should never publicize your app's private key or webhook secret. This tutorial stored your app's credentials in a gitignored `.env` file. When you deploy your app, you should choose a secure way to store the credentials and update your code to get the value accordingly. For example, you can store the credentials in an environment variable on the server where your app is deployed. You can also use a secret management service like [Azure Key Vault](https://azure.microsoft.com/en-us/products/key-vault). ### Share your app -If you want to share your app with other users and organizations, make your app public. For more information, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/making-a-github-app-public-or-private). +If you want to share your app with other users and organizations, make your app public. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/making-a-github-app-public-or-private). ### Follow best practices -You should aim to follow best practices with your {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app). +You should aim to follow best practices with your {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app). diff --git a/content/apps/github-marketplace/github-marketplace-overview/about-github-marketplace-for-apps.md b/content/apps/github-marketplace/github-marketplace-overview/about-github-marketplace-for-apps.md index 136443b2264b..d26d7270047e 100644 --- a/content/apps/github-marketplace/github-marketplace-overview/about-github-marketplace-for-apps.md +++ b/content/apps/github-marketplace/github-marketplace-overview/about-github-marketplace-for-apps.md @@ -22,7 +22,7 @@ category: {% data reusables.actions.actions-marketplace-ghecom %} -To learn about publishing {% data variables.product.prodname_actions %} in {% data variables.product.prodname_marketplace %}, see [AUTOTITLE](/actions/creating-actions/publishing-actions-in-github-marketplace). +To learn about publishing {% data variables.product.prodname_actions %} in {% data variables.product.prodname_marketplace %}, see [AUTOTITLE](/actions/how-tos/create-and-publish-actions/publish-in-github-marketplace). ## Apps diff --git a/content/apps/maintaining-github-apps/about-github-app-managers.md b/content/apps/maintaining-github-apps/about-github-app-managers.md index 35d5274ab583..0d698c62190b 100644 --- a/content/apps/maintaining-github-apps/about-github-app-managers.md +++ b/content/apps/maintaining-github-apps/about-github-app-managers.md @@ -12,4 +12,4 @@ category: {% data reusables.apps.github-app-managers %} -For more information about how to designate someone as a {% data variables.product.prodname_github_app %} manager in an organization, see [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization). {% ifversion enterprise-app-manager %} For more information about how to designate someone as a {% data variables.product.prodname_github_app %} manager in an enterprise, see [AUTOTITLE](/admin/managing-your-enterprise-account/adding-and-removing-github-app-managers-in-your-enterprise).{% endif %} +For more information about how to designate someone as a {% data variables.product.prodname_github_app %} manager in an organization, see [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/adding-and-removing-github-app-managers-in-your-organization). {% ifversion enterprise-app-manager %} For more information about how to designate someone as a {% data variables.product.prodname_github_app %} manager in an enterprise, see [AUTOTITLE](/admin/managing-github-apps-for-your-enterprise/adding-and-removing-github-app-managers-in-your-enterprise).{% endif %} diff --git a/content/apps/maintaining-github-apps/activating-optional-features-for-github-apps.md b/content/apps/maintaining-github-apps/activating-optional-features-for-github-apps.md index 042c2727d04e..e1a722fbafbd 100644 --- a/content/apps/maintaining-github-apps/activating-optional-features-for-github-apps.md +++ b/content/apps/maintaining-github-apps/activating-optional-features-for-github-apps.md @@ -27,4 +27,4 @@ category: ## Further reading -* [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app) +* [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration) diff --git a/content/apps/maintaining-github-apps/deleting-a-github-app.md b/content/apps/maintaining-github-apps/deleting-a-github-app.md index 6b66cb22a606..78edf25425cd 100644 --- a/content/apps/maintaining-github-apps/deleting-a-github-app.md +++ b/content/apps/maintaining-github-apps/deleting-a-github-app.md @@ -27,7 +27,7 @@ When you delete a {% data variables.product.prodname_github_app %} registration, {% ifversion ghec or fpt %} > [!NOTE] -> If your {% data variables.product.prodname_github_app %} is published on {% data variables.product.prodname_marketplace %}, you must remove your app from {% data variables.product.prodname_marketplace %} before you can delete your app. For more information, see [AUTOTITLE](/apps/publishing-apps-to-github-marketplace/listing-an-app-on-github-marketplace/deleting-your-github-app-listing-from-github-marketplace). +> If your {% data variables.product.prodname_github_app %} is published on {% data variables.product.prodname_marketplace %}, you must remove your app from {% data variables.product.prodname_marketplace %} before you can delete your app. For more information, see [AUTOTITLE](/apps/github-marketplace/listing-an-app-on-github-marketplace/deleting-your-app-listing-from-github-marketplace). {% endif %} diff --git a/content/apps/maintaining-github-apps/managing-allowed-ip-addresses-for-a-github-app.md b/content/apps/maintaining-github-apps/managing-allowed-ip-addresses-for-a-github-app.md index 4288fcea18a5..61fedc39e27a 100644 --- a/content/apps/maintaining-github-apps/managing-allowed-ip-addresses-for-a-github-app.md +++ b/content/apps/maintaining-github-apps/managing-allowed-ip-addresses-for-a-github-app.md @@ -13,7 +13,7 @@ category: ## About IP address allow lists for {% data variables.product.prodname_github_apps %} -Enterprise and organization owners can restrict access to assets by configuring an IP address allow list. This list specifies the IP addresses that actors can use to access their resources. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise). +Enterprise and organization owners can restrict access to assets by configuring an IP address allow list. This list specifies the IP addresses that actors can use to access their resources. For more information, see [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise). When an organization or enterprise has an allow list, third-party applications that connect via a {% data variables.product.prodname_github_app %} will be denied access unless either of the following condition sets are true: diff --git a/content/apps/maintaining-github-apps/modifying-a-github-app-registration.md b/content/apps/maintaining-github-apps/modifying-a-github-app-registration.md index 2b2ffd5c8e6c..8a3bc01c859d 100644 --- a/content/apps/maintaining-github-apps/modifying-a-github-app-registration.md +++ b/content/apps/maintaining-github-apps/modifying-a-github-app-registration.md @@ -23,7 +23,7 @@ category: ## About {% data variables.product.prodname_github_app %} modifications -You can modify your {% data variables.product.prodname_github_app %} registration to change any of the settings that were selected when the app was initially registered. For more information about the settings you can select while registering a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/creating-a-github-app). +You can modify your {% data variables.product.prodname_github_app %} registration to change any of the settings that were selected when the app was initially registered. For more information about the settings you can select while registering a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). For example, you can change the name and description of your app, the permissions granted to your app, the webhooks your app subscribes to, or the visibility of your app. @@ -65,9 +65,9 @@ You can use the device flow to authorize users for a headless app like a CLI too ## Adding or updating a setup URL -You can redirect people to a specific URL after they install your app. See [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/creating-a-github-app). +You can redirect people to a specific URL after they install your app. See [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app). -If you select **Request user authorization (OAuth) during installation**, you will not be able to enter a setup URL. Users will instead be redirected to the Callback URL as part of the authorization flow, where you can describe additional setup. See [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/about-the-user-authorization-callback-url). +If you select **Request user authorization (OAuth) during installation**, you will not be able to enter a setup URL. Users will instead be redirected to the Callback URL as part of the authorization flow, where you can describe additional setup. See [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/about-the-user-authorization-callback-url). {% data reusables.apps.navigate-to-app-settings-this-article %} 1. Under "Post installation," in the "Setup URL" field, enter the URL where you'd like to redirect users after they install your app. @@ -77,7 +77,7 @@ If you select **Request user authorization (OAuth) during installation**, you wi You can change the access permissions that are granted to your {% data variables.product.prodname_github_app %} using the following steps. -When you add new **repository**{% ifversion enterprise-installed-apps %}, **organization**, or **enterprise**{% else %} or **organization**{% endif %} permissions for an app, each account where the app is installed will need to approve the new permissions. When you add **account** permissions for an app, each user that has authorized the app will need to approve the permission changes. In both cases, {% data variables.product.prodname_dotcom %} will send an email to each organization owner or user, notifying them of the request to update the app's permissions. Updated permissions won't take effect on an installation or user authorization until the new permissions are approved. You can use the [installation webhook](/webhooks-and-events/webhooks/webhook-events-and-payloads?actionType=new_permissions_accepted#installation) to find out when people accept new permissions for your app. +When you add new **repository**{% ifversion enterprise-installed-apps %}, **organization**, or **enterprise**{% else %} or **organization**{% endif %} permissions for an app, each account where the app is installed will need to approve the new permissions. When you add **account** permissions for an app, each user that has authorized the app will need to approve the permission changes. In both cases, {% data variables.product.prodname_dotcom %} will send an email to each organization owner or user, notifying them of the request to update the app's permissions. Updated permissions won't take effect on an installation or user authorization until the new permissions are approved. You can use the [installation webhook](/webhooks/webhook-events-and-payloads?actionType=new_permissions_accepted#installation) to find out when people accept new permissions for your app. If you remove permissions or webhooks from your {% data variables.product.prodname_github_app %}, the changes will take effect immediately. If you remove permissions that were previously granted to your app, the app will no longer be able to access those resources. @@ -85,17 +85,17 @@ If you remove permissions or webhooks from your {% data variables.product.prodna Updates cannot be automatically accepted if you add repository permissions to an app for the first time. In that case, each organization owner will need to approve the update so that they can choose which repositories the app has access to.{% endif %} -Changing the permissions of an app may also change the webhooks that your app can subscribe to and the actions that your app can take with the API. See [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/choosing-permissions-for-a-github-app). +Changing the permissions of an app may also change the webhooks that your app can subscribe to and the actions that your app can take with the API. See [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). {% data reusables.apps.navigate-to-app-settings-this-article %} 1. In the {% data variables.product.prodname_github_apps %} settings sidebar, click **Permissions & events**. -1. Under the sections "Repository permissions," "Organization permissions," and "Account permissions," modify the permissions you'd like to change. For each type of permission, select either "Read-only," "Read and write," or "No access" from the dropdown. See [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/choosing-permissions-for-a-github-app). +1. Under the sections "Repository permissions," "Organization permissions," and "Account permissions," modify the permissions you'd like to change. For each type of permission, select either "Read-only," "Read and write," or "No access" from the dropdown. See [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). 1. Optionally, under "Add a note to users," add a note telling your users why you are changing the permissions that your {% data variables.product.prodname_github_app %} requests. 1. Click **Save changes**. ## Activating or deactivating the {% data variables.product.prodname_github_app %} webhook -You can configure your {% data variables.product.prodname_github_app %} to receive webhooks for specific events on {% data variables.product.prodname_dotcom %} and automatically take action on them. See [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/using-webhooks-with-github-apps). +You can configure your {% data variables.product.prodname_github_app %} to receive webhooks for specific events on {% data variables.product.prodname_dotcom %} and automatically take action on them. See [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps). {% data reusables.apps.navigate-to-app-settings-this-article %} 1. Under "Webhook," to enable or disable the webhook, select or deselect **Active**. @@ -106,10 +106,10 @@ You can configure your {% data variables.product.prodname_github_app %} to recei You can change the webhook events that a {% data variables.product.prodname_github_app %} subscribes to using the following steps. -{% data reusables.apps.webhooks-and-apps %} See [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/using-webhooks-with-github-apps). +{% data reusables.apps.webhooks-and-apps %} See [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps). {% data reusables.apps.navigate-to-app-settings-this-article %} -1. Activate the {% data variables.product.prodname_github_app %} webhook. See [Activating or deactivating the {% data variables.product.prodname_github_app %} webhook](/apps/maintaining-github-apps/modifying-a-github-app#activating-or-deactivating-the-github-app-webhook) in this article. +1. Activate the {% data variables.product.prodname_github_app %} webhook. See [Activating or deactivating the {% data variables.product.prodname_github_app %} webhook](/apps/maintaining-github-apps/modifying-a-github-app-registration#activating-or-deactivating-the-github-app-webhook) in this article. 1. In the {% data variables.product.prodname_github_apps %} settings sidebar, click **Permissions & events**. 1. Under the sections "Repository permissions," "Organization permissions," and "Account permissions," select the permissions that are required for the events your app will subscribe to. See [Changing the permissions of a {% data variables.product.prodname_github_app %}](#changing-the-permissions-of-a-github-app). 1. Under "Subscribe to Events," select the webhook events you would like your {% data variables.product.prodname_github_app %} to receive. @@ -117,7 +117,7 @@ You can change the webhook events that a {% data variables.product.prodname_gith ## Changing the visibility of a {% data variables.product.prodname_github_app %} -You can change the visibility settings of your {% data variables.product.prodname_github_app %} to control who can install it. Public apps cannot be made private if they're installed on other accounts. See [AUTOTITLE](/apps/creating-github-apps/creating-github-apps/making-a-github-app-public-or-private). +You can change the visibility settings of your {% data variables.product.prodname_github_app %} to control who can install it. Public apps cannot be made private if they're installed on other accounts. See [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/making-a-github-app-public-or-private). {% ifversion enterprise-apps-public-beta %} You can't change the visibility of an {% data variables.product.prodname_github_app %} owned by an enterprise. {% data variables.product.prodname_github_apps %} owned by an enterprise can only be installed on organizations within the enterprise{% ifversion enterprise-installed-apps %} or the enterprise itself{% endif %}. diff --git a/content/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app.md b/content/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app.md index cd88a06f8c5c..b8bf733260e0 100644 --- a/content/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app.md +++ b/content/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app.md @@ -125,7 +125,7 @@ You'll need to `POST` this code back to {% data variables.product.github %} with in exchange for an `access_token`. To simplify our GET and POST HTTP requests, we're using the [rest-client](https://github.com/archiloque/rest-client). Note that you'll probably never access the API through REST. For a more serious -application, you should probably use [a library written in the language of your choice](/rest/overview/libraries). +application, you should probably use [a library written in the language of your choice](/rest/using-the-rest-api/libraries-for-the-rest-api). ### Checking granted scopes diff --git a/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md b/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md index caf691b24407..a429d4ef2c9c 100644 --- a/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md +++ b/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md @@ -23,7 +23,7 @@ category: > > Both {% data variables.product.prodname_oauth_apps %} and {% data variables.product.prodname_github_apps %} use OAuth 2.0. > -> {% data variables.product.prodname_github_apps %} can act on behalf of a user, similar to an {% data variables.product.prodname_oauth_app %}, or as themselves, which is beneficial for automations that do not require user input. Additionally, {% data variables.product.prodname_github_apps %} use fine-grained permissions, give the user more control over which repositories the app can access, and use short-lived tokens. For more information, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps) and [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps). +> {% data variables.product.prodname_github_apps %} can act on behalf of a user, similar to an {% data variables.product.prodname_oauth_app %}, or as themselves, which is beneficial for automations that do not require user input. Additionally, {% data variables.product.prodname_github_apps %} use fine-grained permissions, give the user more control over which repositories the app can access, and use short-lived tokens. For more information, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps) and [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps). {% data variables.product.github %}'s OAuth implementation supports the standard [authorization code grant type](https://tools.ietf.org/html/rfc6749#section-4.1) and the OAuth 2.0 [Device Authorization Grant](https://tools.ietf.org/html/rfc8628) for apps that don't have access to a web browser. @@ -43,7 +43,7 @@ To authorize your {% data variables.product.prodname_oauth_app %}, consider whic ## Web application flow > [!NOTE] -> If you are building a GitHub App, you can still use the OAuth web application flow, but the setup has some important differences. See [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps) for more information. +> If you are building a GitHub App, you can still use the OAuth web application flow, but the setup has some important differences. See [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user) for more information. The web application flow to authorize users for your app is: @@ -138,7 +138,7 @@ Every time you receive an access token, you should use the token to revalidate t The device flow allows you to authorize users for a headless application, such as a CLI tool or the [Git Credential Manager](https://github.com/git-ecosystem/git-credential-manager). -Before you can use the device flow to authorize and identify users, you must first enable it in your app's settings. For more information about enabling the device flow in your app, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app) for {% data variables.product.prodname_github_apps %} and [AUTOTITLE](/apps/oauth-apps/maintaining-oauth-apps/modifying-an-oauth-app) for {% data variables.product.prodname_oauth_apps %}. +Before you can use the device flow to authorize and identify users, you must first enable it in your app's settings. For more information about enabling the device flow in your app, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration) for {% data variables.product.prodname_github_apps %} and [AUTOTITLE](/apps/oauth-apps/maintaining-oauth-apps/modifying-an-oauth-app) for {% data variables.product.prodname_oauth_apps %}. ### Overview of the device flow @@ -268,7 +268,7 @@ For more information, see the [OAuth 2.0 Device Authorization Grant](https://too ## Non-Web application flow -Non-web authentication is available for limited situations like testing. If you need to, you can use [Basic Authentication](/rest/overview/authenticating-to-the-rest-api#using-basic-authentication) to create a {% data variables.product.pat_generic %} using your [{% data variables.product.pat_generic %}s settings page](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). This technique enables the user to revoke access at any time. +Non-web authentication is available for limited situations like testing. If you need to, you can use [Basic Authentication](/rest/authentication/authenticating-to-the-rest-api#using-basic-authentication) to create a {% data variables.product.pat_generic %} using your [{% data variables.product.pat_generic %}s settings page](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens). This technique enables the user to revoke access at any time. ## Redirect URLs diff --git a/content/apps/oauth-apps/building-oauth-apps/best-practices-for-creating-an-oauth-app.md b/content/apps/oauth-apps/building-oauth-apps/best-practices-for-creating-an-oauth-app.md index 2fdfcfa3ba47..672535c80cff 100644 --- a/content/apps/oauth-apps/building-oauth-apps/best-practices-for-creating-an-oauth-app.md +++ b/content/apps/oauth-apps/building-oauth-apps/best-practices-for-creating-an-oauth-app.md @@ -16,9 +16,9 @@ If possible, consider using a {% data variables.product.prodname_github_app %} i Similar to {% data variables.product.prodname_oauth_apps %}, {% data variables.product.prodname_github_apps %} can still use OAuth 2.0 and generate a type of OAuth token (called a user access token) and take actions on behalf of a user. However, {% data variables.product.prodname_github_apps %} can also act independently of a user. -For more information about {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps). +For more information about {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps). -For more information about migrating an existing {% data variables.product.prodname_oauth_app %} to a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/guides/migrating-oauth-apps-to-github-apps). +For more information about migrating an existing {% data variables.product.prodname_oauth_app %} to a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/migrating-oauth-apps-to-github-apps). ## Use minimal scopes @@ -106,7 +106,7 @@ If your app is available to other users, you should give users a way to delete t ## Further reading -* [AUTOTITLE](/apps/publishing-apps-to-github-marketplace/creating-apps-for-github-marketplace/security-best-practices-for-apps) -* [AUTOTITLE](/apps/publishing-apps-to-github-marketplace/creating-apps-for-github-marketplace/customer-experience-best-practices-for-apps) +* [AUTOTITLE](/apps/github-marketplace/creating-apps-for-github-marketplace/security-best-practices-for-apps-on-github-marketplace) +* [AUTOTITLE](/apps/github-marketplace/creating-apps-for-github-marketplace/customer-experience-best-practices-for-apps) {% endif %} diff --git a/content/apps/oauth-apps/building-oauth-apps/creating-a-custom-badge-for-your-oauth-app.md b/content/apps/oauth-apps/building-oauth-apps/creating-a-custom-badge-for-your-oauth-app.md index b0b1beafa754..0b9214305105 100644 --- a/content/apps/oauth-apps/building-oauth-apps/creating-a-custom-badge-for-your-oauth-app.md +++ b/content/apps/oauth-apps/building-oauth-apps/creating-a-custom-badge-for-your-oauth-app.md @@ -20,7 +20,7 @@ An identicon badge looks something like this: After you create an {% data variables.product.prodname_oauth_app %}, you can customize the app's badge by uploading a logo and selecting a background color. A badge is a square logo image inside of a circular badge. You can choose a background color for the badge, which can be used to visually distinguish your app. -Your logo should be a PNG, JPG, or GIF file under 1 MB in size. For the best quality rendering, we recommend an image size of at least 200px x 200px. {% ifversion fpt or ghec %}See [AUTOTITLE](/apps/publishing-apps-to-github-marketplace/listing-an-app-on-github-marketplace/writing-a-listing-description-for-your-app#guidelines-for-logos) for more guidance on customizing badges.{% endif %} +Your logo should be a PNG, JPG, or GIF file under 1 MB in size. For the best quality rendering, we recommend an image size of at least 200px x 200px. {% ifversion fpt or ghec %}See [AUTOTITLE](/apps/github-marketplace/listing-an-app-on-github-marketplace/writing-a-listing-description-for-your-app#guidelines-for-logos) for more guidance on customizing badges.{% endif %} {% ifversion fpt or ghec %} @@ -43,6 +43,6 @@ To create a custom badge: ## Next steps -For more information about creating a Marketplace listing for this app, see [AUTOTITLE](/apps/publishing-apps-to-github-marketplace/listing-an-app-on-github-marketplace). +For more information about creating a Marketplace listing for this app, see [AUTOTITLE](/apps/github-marketplace/listing-an-app-on-github-marketplace). {% endif %} diff --git a/content/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md b/content/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md index a12783015212..b18f49079d2f 100644 --- a/content/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md +++ b/content/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md @@ -23,7 +23,7 @@ category: > > {% data variables.product.prodname_github_apps %} use fine-grained permissions, give the user more control over which repositories the app can access, and use short-lived tokens. > -> For more information, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps) and [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps). +> For more information, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps) and [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps). {% ifversion fpt or ghec %} diff --git a/content/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps.md b/content/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps.md index 0c1b1271b4da..b6dd26b8b301 100644 --- a/content/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps.md +++ b/content/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps.md @@ -30,9 +30,9 @@ The rate limit for {% data variables.product.prodname_github_apps %} using an in There is one case where an {% data variables.product.prodname_oauth_app %} is preferred over a {% data variables.product.prodname_github_app %}. If your app needs to access enterprise-level resources such as the enterprise object itself, you should use an {% data variables.product.prodname_oauth_app %} because a {% data variables.product.prodname_github_app %} cannot yet be given permissions against an enterprise. {% data variables.product.prodname_github_apps %} can still access enterprise-owned organization and repository resources. -For more information about {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps). +For more information about {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps). -For more information about migrating an existing {% data variables.product.prodname_oauth_app %} to a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/guides/migrating-oauth-apps-to-github-apps). +For more information about migrating an existing {% data variables.product.prodname_oauth_app %} to a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/migrating-oauth-apps-to-github-apps). ## Who can install GitHub Apps and authorize {% data variables.product.prodname_oauth_apps %}? @@ -71,16 +71,16 @@ An _authorized_ {% data variables.product.prodname_oauth_app %} has access to al ## Token-based identification > [!NOTE] -> GitHub Apps can also use a user-based token. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps). +> GitHub Apps can also use a user-based token. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user). | GitHub Apps | {% data variables.product.prodname_oauth_apps %} | | ----- | ----------- | | A GitHub App can request an installation access token by using a private key with a JSON web token format out-of-band. | An {% data variables.product.prodname_oauth_app %} can exchange a request token for an access token after a redirect via a web request. | | An installation token identifies the app as the GitHub Apps bot, such as @jenkins-bot. | An access token identifies the app as the user who granted the token to the app, such as @octocat. | | Installation access tokens expire after a predefined amount of time (currently 1 hour). | OAuth tokens remain active until they're revoked by the customer. | -| {% data variables.product.prodname_github_apps %} installed on organizations or repositories are subject to rate limits that scale with the number of installations. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/rate-limits-for-github-apps). | OAuth tokens use the user's rate limit of 5,000 requests per hour. | +| {% data variables.product.prodname_github_apps %} installed on organizations or repositories are subject to rate limits that scale with the number of installations. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/rate-limits-for-github-apps). | OAuth tokens use the user's rate limit of 5,000 requests per hour. | | Rate limit increases can be granted both at the GitHub Apps level (affecting all installations) and at the individual installation level. | Rate limit increases are granted per {% data variables.product.prodname_oauth_app %}. Every token granted to that {% data variables.product.prodname_oauth_app %} gets the increased limit. | -| {% data variables.product.prodname_github_apps %} can authenticate on behalf of the user. The flow to authorize is the same as the {% data variables.product.prodname_oauth_app %} authorization flow. User access tokens can expire and be renewed with a refresh token. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens) and [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps). | The OAuth flow used by {% data variables.product.prodname_oauth_apps %} authorizes an {% data variables.product.prodname_oauth_app %} on behalf of the user. This is the same flow used to generate a {% data variables.product.prodname_github_app %} user access token. | +| {% data variables.product.prodname_github_apps %} can authenticate on behalf of the user. The flow to authorize is the same as the {% data variables.product.prodname_oauth_app %} authorization flow. User access tokens can expire and be renewed with a refresh token. For more information, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens) and [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user). | The OAuth flow used by {% data variables.product.prodname_oauth_apps %} authorizes an {% data variables.product.prodname_oauth_app %} on behalf of the user. This is the same flow used to generate a {% data variables.product.prodname_github_app %} user access token. | ## Requesting permission levels for resources diff --git a/content/apps/oauth-apps/building-oauth-apps/rate-limits-for-oauth-apps.md b/content/apps/oauth-apps/building-oauth-apps/rate-limits-for-oauth-apps.md index 128ba1dd58aa..d34502f26227 100644 --- a/content/apps/oauth-apps/building-oauth-apps/rate-limits-for-oauth-apps.md +++ b/content/apps/oauth-apps/building-oauth-apps/rate-limits-for-oauth-apps.md @@ -11,7 +11,7 @@ category: --- > [!NOTE] -> Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. The rate limit for {% data variables.product.prodname_github_apps %} using an installation access token scales with the number of repositories and number of organization users. Conversely, {% data variables.product.prodname_oauth_apps %} have lower rate limits and do not scale. For more information, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps) and [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps). +> Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. The rate limit for {% data variables.product.prodname_github_apps %} using an installation access token scales with the number of repositories and number of organization users. Conversely, {% data variables.product.prodname_oauth_apps %} have lower rate limits and do not scale. For more information, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps) and [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps). > [!WARNING] > {% data variables.product.prodname_oauth_apps %} are subject to a rate limit of **2,000 access token requests per hour**. If your application exceeds this limit, further requests to generate new access tokens will be temporarily blocked, and you may receive error responses. **This can lead to temporary outages**. Please plan your implementation accordingly to avoid potential service interruptions. @@ -32,20 +32,20 @@ The generation of these user access tokens is subject to a rate limit. Additiona API rate limits are disabled by default for {% data variables.product.prodname_ghe_server %}. Contact your site administrator to confirm the rate limits for your instance. -If you are a site administrator, you can set rate limits for your instance. For more information, see [AUTOTITLE](/admin/configuration/configuring-user-applications-for-your-enterprise/configuring-rate-limits). +If you are a site administrator, you can set rate limits for your instance. For more information, see [AUTOTITLE](/admin/configuring-settings/configuring-user-applications-for-your-enterprise/configuring-rate-limits). -If you are developing an app for users or organizations outside of your instance, the standard {% data variables.product.github %} rate limits apply. For more information, see [AUTOTITLE](/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api) and [AUTOTITLE](/free-pro-team@latest/graphql/overview/resource-limitations) in the {% data variables.product.prodname_free_user %} documentation. +If you are developing an app for users or organizations outside of your instance, the standard {% data variables.product.github %} rate limits apply. For more information, see [AUTOTITLE](/free-pro-team@latest/rest/using-the-rest-api/rate-limits-for-the-rest-api) and [AUTOTITLE](/free-pro-team@latest/graphql/overview/rate-limits-and-query-limits-for-the-graphql-api) in the {% data variables.product.prodname_free_user %} documentation. {% else %} {% data variables.product.company_short %} sets a limit on the number of requests a {% data variables.product.prodname_oauth_app %} can make to the REST API within a specific time period. It also sets a limit on the point value of queries that a {% data variables.product.prodname_oauth_app %} can make to the GraphQL API within a specific time period. In addition to these primary rate limits, {% data variables.product.company_short %} may also apply secondary rate limits. These limits help to prevent abuse and denial-of-service attacks, and ensure that the system remains available for all users. -For more information, see [AUTOTITLE](/rest/overview/rate-limits-for-the-rest-api) and [AUTOTITLE](/graphql/overview/resource-limitations). +For more information, see [AUTOTITLE](/rest/using-the-rest-api/rate-limits-for-the-rest-api) and [AUTOTITLE](/graphql/overview/rate-limits-and-query-limits-for-the-graphql-api). {% endif %} ## Further reading -* [AUTOTITLE](/rest/overview/rate-limits-for-the-rest-api) -* [AUTOTITLE](/graphql/overview/resource-limitations) +* [AUTOTITLE](/rest/using-the-rest-api/rate-limits-for-the-rest-api) +* [AUTOTITLE](/graphql/overview/rate-limits-and-query-limits-for-the-graphql-api) * [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/rate-limits-for-github-apps) diff --git a/content/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md b/content/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md index ac91fd4c4bec..ecee7a23aa5a 100644 --- a/content/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md +++ b/content/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps.md @@ -16,12 +16,12 @@ category: --- > [!NOTE] -> Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. {% data variables.product.prodname_github_apps %} use fine-grained permissions instead of scopes, which give you more control over what your app can do. For more information, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps) and [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps). +> Consider building a {% data variables.product.prodname_github_app %} instead of an {% data variables.product.prodname_oauth_app %}. {% data variables.product.prodname_github_apps %} use fine-grained permissions instead of scopes, which give you more control over what your app can do. For more information, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps) and [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps). When setting up an {% data variables.product.prodname_oauth_app %} on GitHub, requested scopes are displayed to the user on the authorization form. > [!NOTE] -> If you're building a GitHub App, you don’t need to provide scopes in your authorization request. For more on this, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/identifying-and-authorizing-users-for-github-apps). +> If you're building a GitHub App, you don’t need to provide scopes in your authorization request. For more on this, see [AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user). If your {% data variables.product.prodname_oauth_app %} doesn't have access to a browser, such as a CLI tool, then you don't need to specify a scope for users to authenticate to your app. For more information, see [AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow). @@ -74,10 +74,10 @@ Name | Description **`admin:gpg_key`** | Fully manage GPG keys.  `write:gpg_key`| Create, list, and view details for GPG keys.  `read:gpg_key`| List and view details for GPG keys.{% ifversion fpt or ghec %} -**`codespace`** | Grants the ability to create and manage codespaces. Codespaces can expose a GITHUB_TOKEN which may have a different set of scopes. For more information, see [AUTOTITLE](/codespaces/codespaces-reference/security-in-github-codespaces#authentication).{% endif %} -**`workflow`** | Grants the ability to add and update {% data variables.product.prodname_actions %} workflow files. Workflow files can be committed without this scope if the same file (with both the same path and contents) exists on another branch in the same repository. Workflow files can expose `GITHUB_TOKEN` which may have a different set of scopes. For more information, see [AUTOTITLE](/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token).{% ifversion not fpt %} +**`codespace`** | Grants the ability to create and manage codespaces. Codespaces can expose a GITHUB_TOKEN which may have a different set of scopes. For more information, see [AUTOTITLE](/codespaces/reference/security-in-github-codespaces#authentication).{% endif %} +**`workflow`** | Grants the ability to add and update {% data variables.product.prodname_actions %} workflow files. Workflow files can be committed without this scope if the same file (with both the same path and contents) exists on another branch in the same repository. Workflow files can expose `GITHUB_TOKEN` which may have a different set of scopes. For more information, see [AUTOTITLE](/actions/tutorials/authenticate-with-github_token#modifying-the-permissions-for-the-github_token).{% ifversion not fpt %} **`admin:enterprise`** | Gives full control of enterprise functionality. For more information, see [AUTOTITLE](/graphql/guides/managing-enterprise-accounts) in the GraphQL API documentation.

Includes `manage_runners:enterprise`, `manage_billing:enterprise`, and `read:enterprise`. - `manage_runners:enterprise` | Gives full control over self-hosted runners within the enterprise. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners). + `manage_runners:enterprise` | Gives full control over self-hosted runners within the enterprise. For more information, see [AUTOTITLE](/actions/concepts/runners/self-hosted-runners).  `manage_billing:enterprise` | Read and write enterprise billing data. For more information, see [AUTOTITLE](/rest/billing).  `read:enterprise` | Read all data on an enterprise profile. Does not include profile data of enterprise members or organizations.{% endif %} **`read:audit_log`** | Read audit log data. @@ -109,7 +109,7 @@ functionality or be unable to perform some actions. Also, applications can always send users back through the flow again to get additional permission, but don’t forget that users can always say no. -Check out the [Basics of Authentication guide](/rest/guides/basics-of-authentication), which +Check out the [Basics of Authentication guide](/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app), which provides tips on handling modifiable token scopes. ## Normalized scopes diff --git a/content/apps/oauth-apps/maintaining-oauth-apps/troubleshooting-oauth-app-access-token-request-errors.md b/content/apps/oauth-apps/maintaining-oauth-apps/troubleshooting-oauth-app-access-token-request-errors.md index 6803a3c68178..33bb9dddee88 100644 --- a/content/apps/oauth-apps/maintaining-oauth-apps/troubleshooting-oauth-app-access-token-request-errors.md +++ b/content/apps/oauth-apps/maintaining-oauth-apps/troubleshooting-oauth-app-access-token-request-errors.md @@ -79,4 +79,4 @@ If the user for whom you are trying to generate a user access token has not veri } ``` -To resolve this error, prompt the user to verify the primary email address on their {% data variables.product.company_short %} account. For more information, see {% ifversion fpt or ghec %}[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address).{% else %}[AUTOTITLE](/free-pro-team@latest/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address) in the {% data variables.product.prodname_free_user %} documentation.{% endif %} +To resolve this error, prompt the user to verify the primary email address on their {% data variables.product.company_short %} account. For more information, see {% ifversion fpt or ghec %}[AUTOTITLE](/account-and-profile/how-tos/email-preferences/verifying-your-email-address).{% else %}[AUTOTITLE](/free-pro-team@latest/account-and-profile/how-tos/email-preferences/verifying-your-email-address) in the {% data variables.product.prodname_free_user %} documentation.{% endif %} diff --git a/content/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md b/content/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md index 1d10d042c931..de42b7dcdd07 100644 --- a/content/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md +++ b/content/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps.md @@ -18,7 +18,7 @@ When an {% data variables.product.prodname_oauth_app %} wants to identify you by {% ifversion fpt or ghec %} > [!TIP] -> You must [verify your email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address) before you can authorize an {% data variables.product.prodname_oauth_app %}. +> You must [verify your email address](/account-and-profile/how-tos/email-preferences/verifying-your-email-address) before you can authorize an {% data variables.product.prodname_oauth_app %}. {% endif %} @@ -54,7 +54,7 @@ When you want to use an {% data variables.product.prodname_oauth_app %} that int | Commit status | You can grant access for an app to report your commit status. Commit status access allows apps to determine if a build is a successful against a specific commit. Apps won't have access to your code, but they can read and write status information against a specific commit. | | Deployments | Deployment status access allows apps to determine if a deployment is successful against a specific commit for public and private repositories. Apps won't have access to your code. | | Gists | [Gist](https://gist.github.com) access allows apps to read or write to both your public and secret Gists. | -| Hooks | [Webhooks](/webhooks-and-events/webhooks/about-webhooks) access allows apps to read or write hook configurations on repositories you manage. | +| Hooks | [Webhooks](/webhooks/about-webhooks) access allows apps to read or write hook configurations on repositories you manage. | | Notifications | Notification access allows apps to read your {% data variables.product.github %} notifications, such as comments on issues and pull requests. However, apps remain unable to access anything in your repositories. | | Organizations and teams | Organization and teams access allows apps to access and manage organization and team membership. | | Personal user data | User data includes information found in your user profile, like your name, e-mail address, and location. | diff --git a/content/apps/oauth-apps/using-oauth-apps/connecting-with-third-party-applications.md b/content/apps/oauth-apps/using-oauth-apps/connecting-with-third-party-applications.md index 65c39478a0db..80ae28bccd17 100644 --- a/content/apps/oauth-apps/using-oauth-apps/connecting-with-third-party-applications.md +++ b/content/apps/oauth-apps/using-oauth-apps/connecting-with-third-party-applications.md @@ -51,7 +51,7 @@ There are several types of data that applications can request. | Commit status | You can grant access for a third-party application to report your commit status. Commit status access allows applications to determine if a build is a successful against a specific commit. Applications won't have access to your code, but they can read and write status information against a specific commit. | | Deployments | Deployment status access allows applications to determine if a deployment is successful against a specific commit for a repository. Applications won't have access to your code. | | Gists | [Gist](https://gist.github.com) access allows applications to read or write to both your public and secret Gists. | -| Hooks | [Webhooks](/webhooks-and-events/webhooks/about-webhooks) access allows applications to read or write hook configurations on repositories you manage. | +| Hooks | [Webhooks](/webhooks/about-webhooks) access allows applications to read or write hook configurations on repositories you manage. | | Notifications | Notification access allows applications to read your {% data variables.product.github %} notifications, such as comments on issues and pull requests. However, applications remain unable to access anything in your repositories. | | Organizations and teams | Organization and teams access allows apps to access and manage organization and team membership. | | Personal user data | User data includes information found in your user profile, like your name, e-mail address, and location. | diff --git a/content/apps/oauth-apps/using-oauth-apps/installing-an-oauth-app-in-your-organization.md b/content/apps/oauth-apps/using-oauth-apps/installing-an-oauth-app-in-your-organization.md index 773b7ae247a5..a20731e1af90 100644 --- a/content/apps/oauth-apps/using-oauth-apps/installing-an-oauth-app-in-your-organization.md +++ b/content/apps/oauth-apps/using-oauth-apps/installing-an-oauth-app-in-your-organization.md @@ -19,7 +19,7 @@ If you choose a paid plan, you'll pay for your app subscription on your organiza {% data reusables.marketplace.free-trials %} -For more information about installing a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-in-your-organization). +For more information about installing a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations). ## Installing an {% data variables.product.prodname_oauth_app %} in your organization @@ -36,5 +36,5 @@ For more information about installing a {% data variables.product.prodname_githu ## Further reading -* [AUTOTITLE](/billing/managing-your-billing/managing-your-payment-and-billing-information) +* [AUTOTITLE](/billing/how-tos/set-up-payment/manage-payment-info) * [AUTOTITLE](/apps/oauth-apps/using-oauth-apps/installing-an-oauth-app-in-your-personal-account) diff --git a/content/apps/oauth-apps/using-oauth-apps/installing-an-oauth-app-in-your-personal-account.md b/content/apps/oauth-apps/using-oauth-apps/installing-an-oauth-app-in-your-personal-account.md index 433cf1da557a..53cdfed59b2c 100644 --- a/content/apps/oauth-apps/using-oauth-apps/installing-an-oauth-app-in-your-personal-account.md +++ b/content/apps/oauth-apps/using-oauth-apps/installing-an-oauth-app-in-your-personal-account.md @@ -17,7 +17,7 @@ If you choose a paid plan, you'll pay for your app subscription on your personal {% data reusables.marketplace.free-trials %} -For more information about installing a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-in-your-personal-account). +For more information about installing a {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-personal-account). ## Installing an {% data variables.product.prodname_oauth_app %} in your personal account @@ -34,5 +34,5 @@ For more information about installing a {% data variables.product.prodname_githu ## Further reading -* [AUTOTITLE](/billing/managing-your-billing/managing-your-payment-and-billing-information) +* [AUTOTITLE](/billing/how-tos/set-up-payment/manage-payment-info) * [AUTOTITLE](/apps/oauth-apps/using-oauth-apps/installing-an-oauth-app-in-your-organization) diff --git a/content/apps/oauth-apps/using-oauth-apps/privileged-oauth-apps.md b/content/apps/oauth-apps/using-oauth-apps/privileged-oauth-apps.md index 0a96176427ce..c5b05b989b26 100644 --- a/content/apps/oauth-apps/using-oauth-apps/privileged-oauth-apps.md +++ b/content/apps/oauth-apps/using-oauth-apps/privileged-oauth-apps.md @@ -16,7 +16,7 @@ Some {% data variables.product.prodname_oauth_apps %} are privileged apps. These Some of these privileged apps are automatically included with {% data variables.product.company_short %} and do not require user authorization. These apps will not appear in your list of authorized {% data variables.product.prodname_oauth_apps %}. -These privileged apps will appear in the user security log, but will not appear in organization{% ifversion ghes or ghec %} or enterprise{% endif %} audit logs. {% ifversion ghes or ghec %}For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log), [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization), and [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise).{% else %}For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log) and [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization).{% endif %} +These privileged apps will appear in the user security log, but will not appear in organization{% ifversion ghes or ghec %} or enterprise{% endif %} audit logs. {% ifversion ghes or ghec %}For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log), [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization), and [AUTOTITLE](/admin/concepts/security-and-compliance/audit-log-for-an-enterprise).{% else %}For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log) and [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization).{% endif %} These {% data variables.product.prodname_oauth_apps %} are : diff --git a/content/apps/oauth-apps/using-oauth-apps/reviewing-your-authorized-oauth-apps.md b/content/apps/oauth-apps/using-oauth-apps/reviewing-your-authorized-oauth-apps.md index e6f0c6bead0a..f5e3e43a72dc 100644 --- a/content/apps/oauth-apps/using-oauth-apps/reviewing-your-authorized-oauth-apps.md +++ b/content/apps/oauth-apps/using-oauth-apps/reviewing-your-authorized-oauth-apps.md @@ -24,6 +24,6 @@ category: ## Further reading {% ifversion fpt or ghec %} -* [AUTOTITLE](/get-started/exploring-integrations/about-integrations){% endif %} -* [AUTOTITLE](/apps/using-github-apps/reviewing-your-authorized-integrations) +* [AUTOTITLE](/integrations/concepts/about-integrations){% endif %} +* [AUTOTITLE](/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps) * [AUTOTITLE](/apps/oauth-apps/using-oauth-apps/privileged-oauth-apps) diff --git a/content/apps/overview.md b/content/apps/overview.md index a1d8ee8c6d26..b10c19c46a3d 100644 --- a/content/apps/overview.md +++ b/content/apps/overview.md @@ -18,7 +18,7 @@ category: For more information about using {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/apps/using-github-apps/about-using-github-apps). -For more information about building {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps). +For more information about building {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps). ## {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %} diff --git a/content/apps/sharing-github-apps/making-your-github-app-available-for-github-enterprise-server.md b/content/apps/sharing-github-apps/making-your-github-app-available-for-github-enterprise-server.md index da8576e4b651..8ce99506b445 100644 --- a/content/apps/sharing-github-apps/making-your-github-app-available-for-github-enterprise-server.md +++ b/content/apps/sharing-github-apps/making-your-github-app-available-for-github-enterprise-server.md @@ -17,16 +17,16 @@ category: If you want your {% data variables.product.prodname_github_app %} to be available to organizations in a {% data variables.product.prodname_ghe_server %} instance that you are not part of, you must take the following steps. {% ifversion ghes %} -These steps are not required if your {% data variables.product.prodname_github_app %} will only be used by organizations in a {% data variables.product.prodname_ghe_server %} instance that you are part of. For more information, see [AUTOTITLE](/apps/maintaining-github-apps/installing-your-own-github-app). +These steps are not required if your {% data variables.product.prodname_github_app %} will only be used by organizations in a {% data variables.product.prodname_ghe_server %} instance that you are part of. For more information, see [AUTOTITLE](/apps/using-github-apps/installing-your-own-github-app). {% endif %} -If {% data variables.product.prodname_ghe_server %} access is important, consider whether a custom action for {% data variables.product.prodname_actions %} will suit your needs instead. Public actions are available on {% data variables.product.prodname_ghe_server %} instances with {% data variables.product.prodname_github_connect %}. For more information, see {% ifversion ghes %}[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect).{% else %}[AUTOTITLE](/enterprise-server@latest/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect) in the {% data variables.product.prodname_ghe_server %} documentation.{% endif %} +If {% data variables.product.prodname_ghe_server %} access is important, consider whether a custom action for {% data variables.product.prodname_actions %} will suit your needs instead. Public actions are available on {% data variables.product.prodname_ghe_server %} instances with {% data variables.product.prodname_github_connect %}. For more information, see {% ifversion ghes %}[AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect).{% else %}[AUTOTITLE](/enterprise-server@latest/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect) in the {% data variables.product.prodname_ghe_server %} documentation.{% endif %} ## Each {% data variables.product.prodname_ghe_server %} instance must register their own {% data variables.product.prodname_github_app %} Organizations owned by a {% data variables.product.prodname_ghe_server %} instance cannot install {% data variables.product.prodname_github_apps %} registered on {% data variables.product.prodname_dotcom_the_website %} or on another {% data variables.product.prodname_ghe_server %} instance. Instead, they must register and install their own {% data variables.product.prodname_github_app %} for use on that instance. -1. The app developer creates a manifest or URL parameters. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app-from-a-manifest) and [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app-using-url-parameters). +1. The app developer creates a manifest or URL parameters. For more information, see [AUTOTITLE](/apps/sharing-github-apps/registering-a-github-app-from-a-manifest) and [AUTOTITLE](/apps/sharing-github-apps/registering-a-github-app-using-url-parameters). 1. The app developer shares the manifest or URL parameters with the {% data variables.product.prodname_ghe_server %} administrator that wants to use the app. The same manifest or URL parameters can be shared with multiple {% data variables.product.prodname_ghe_server %} instances. 1. An organization owner in the instance uses the manifest or URL parameters to register a {% data variables.product.prodname_github_app %}. 1. The organization installs the {% data variables.product.prodname_github_app %} that they registered. diff --git a/content/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md b/content/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md index c80270ec811f..feff652ff4e8 100644 --- a/content/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md +++ b/content/apps/sharing-github-apps/registering-a-github-app-from-a-manifest.md @@ -36,7 +36,7 @@ Here are some scenarios where you might use {% data variables.product.prodname_g ## Implementing the {% data variables.product.prodname_github_app %} Manifest flow -The {% data variables.product.prodname_github_app %} Manifest flow uses a handshaking process similar to the [OAuth flow](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps). The flow uses a manifest to [register a {% data variables.product.prodname_github_app %}](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app) and receives a temporary `code` used to retrieve the app's private key, webhook secret, and ID. +The {% data variables.product.prodname_github_app %} Manifest flow uses a handshaking process similar to the [OAuth flow](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps). The flow uses a manifest to [register a {% data variables.product.prodname_github_app %}](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app) and receives a temporary `code` used to retrieve the app's private key, webhook secret, and ID. >[!NOTE] You must complete all three steps in the {% data variables.product.prodname_github_app %} Manifest flow within one hour. @@ -66,8 +66,8 @@ The person registering the app will be redirected to a {% data variables.product `setup_url` | `string` | A full URL to redirect users to after they install your {% data variables.product.prodname_github_app %} if additional setup is required. `description` | `string` | A description of the {% data variables.product.prodname_github_app %}. `public` | `boolean` | Set to `true` when your {% data variables.product.prodname_github_app %} is available to the public or `false` when it is only accessible to the owner of the app. -`default_events` | `array` | The list of [events](/webhooks-and-events/webhooks/webhook-events-and-payloads) the {% data variables.product.prodname_github_app %} subscribes to. -`default_permissions` | `object` | The set of permissions needed by the {% data variables.product.prodname_github_app %}. The format of the object uses the permission name for the key (for example, `issues`) and the access type for the value (for example, `write`). For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). To see the list of permissions available for use and their parameterized names, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#account-permissions). +`default_events` | `array` | The list of [events](/webhooks/webhook-events-and-payloads) the {% data variables.product.prodname_github_app %} subscribes to. +`default_permissions` | `object` | The set of permissions needed by the {% data variables.product.prodname_github_app %}. The format of the object uses the permission name for the key (for example, `issues`) and the access type for the value (for example, `write`). For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). To see the list of permissions available for use and their parameterized names, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#account-permissions). `request_oauth_on_install` | `boolean` | Set to `true` to request the user to authorize the {% data variables.product.prodname_github_app %}, after the {% data variables.product.prodname_github_app %} is installed. `setup_on_update` | `boolean` | Set to `true` to redirect users to the `setup_url` after they update your {% data variables.product.prodname_github_app %} installation. diff --git a/content/apps/sharing-github-apps/registering-a-github-app-using-url-parameters.md b/content/apps/sharing-github-apps/registering-a-github-app-using-url-parameters.md index 2f99fe77fc61..80ce6bcde2de 100644 --- a/content/apps/sharing-github-apps/registering-a-github-app-using-url-parameters.md +++ b/content/apps/sharing-github-apps/registering-a-github-app-using-url-parameters.md @@ -22,7 +22,7 @@ You can use URL parameters to preselect the configuration settings of a new {% d This approach is useful for integrators who want customers to set up an app on their personal account or organization with certain specifications, or for customers using {% data variables.product.prodname_ghe_server %} who aren't able to install apps from the {% data variables.product.prodname_marketplace %}. -Alternatively, you can create a {% data variables.product.prodname_github_app %} manifest. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app-from-a-manifest). +Alternatively, you can create a {% data variables.product.prodname_github_app %} manifest. For more information, see [AUTOTITLE](/apps/sharing-github-apps/registering-a-github-app-from-a-manifest). {% ifversion ghec %} @@ -55,9 +55,9 @@ Parameter name | Type | Description `name` | `string` | The name of the {% data variables.product.prodname_github_app %}. Give your app a clear and succinct name. Your app cannot have the same name as an existing {% data variables.product.prodname_dotcom %} user, unless it is your own user or organization name. A slugged version of your app's name will be shown in the user interface when your integration takes an action. `description` | `string` | A description of the {% data variables.product.prodname_github_app %}. `url` | `string` | The full URL of your {% data variables.product.prodname_github_app %}'s website homepage. -`callback_urls` | `array of strings` | A full URL to redirect to after someone authorizes an installation. You can provide up to 10 callback URLs. These URLs are used if your app needs to generate a user access token. For example, `callback_urls[]=https://example.com&callback_urls[]=https://example-2.com`. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-the-user-authorization-callback-url). +`callback_urls` | `array of strings` | A full URL to redirect to after someone authorizes an installation. You can provide up to 10 callback URLs. These URLs are used if your app needs to generate a user access token. For example, `callback_urls[]=https://example.com&callback_urls[]=https://example-2.com`. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/about-the-user-authorization-callback-url). `request_oauth_on_install` | `boolean` | If your app authorizes users using the OAuth flow, you can set this option to `true` to allow people to authorize the app when they install it, saving a step. If you select this option, the `setup_url` becomes unavailable and users will be redirected to your `callback_url` after installing the app. -`setup_url` | `string` | The full URL to redirect to after someone installs the {% data variables.product.prodname_github_app %} if the app requires additional setup after installation. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-the-setup-url). +`setup_url` | `string` | The full URL to redirect to after someone installs the {% data variables.product.prodname_github_app %} if the app requires additional setup after installation. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/about-the-setup-url). `setup_on_update` | `boolean` | Set to `true` to redirect people to the setup URL when installations have been updated, for example, after repositories are added or removed. `public` | `boolean` | Set to `true` when your {% data variables.product.prodname_github_app %} is available to the public or `false` when it is only accessible to the owner of the app. This parameter does not apply to apps owned by enterprises. `webhook_active` | `boolean` | Set to `true` to enable webhook. Webhook is disabled by default. @@ -74,16 +74,16 @@ For example, to select "Read & write" permissions in the user interface for `con If the owning account is not an enterprise or an enterprise-owned organization, it cannot request enterprise permissions.{% endif %} -For more information about permissions and {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/choosing-permissions-for-a-github-app). To see the list of permissions available for use and their parameterized names, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#account-permissions). +For more information about permissions and {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). To see the list of permissions available for use and their parameterized names, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#account-permissions). ## {% data variables.product.prodname_github_app %} webhook events You can use query parameters to enable the {% data variables.product.prodname_github_app %} webhook, designate a webhook URL, and subscribe the app to receive webhook payloads for specific events. -To enable the {% data variables.product.prodname_github_app %} webhook, use `webhook_active=true` in your query string. To designate a full URL that you would like to send webhook event payloads to, use `webhook_url` in your query string. To subscribe the app to specific webhook payload events, use `events[]` as the query parameter name, and set the query value to the name of the webhook event. For more information about the possible webhook events and the {% data variables.product.prodname_github_app %} permissions required to subscribe to each event, see [AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads). +To enable the {% data variables.product.prodname_github_app %} webhook, use `webhook_active=true` in your query string. To designate a full URL that you would like to send webhook event payloads to, use `webhook_url` in your query string. To subscribe the app to specific webhook payload events, use `events[]` as the query parameter name, and set the query value to the name of the webhook event. For more information about the possible webhook events and the {% data variables.product.prodname_github_app %} permissions required to subscribe to each event, see [AUTOTITLE](/webhooks/webhook-events-and-payloads). For example, to subscribe a {% data variables.product.prodname_github_app %} to receive webhook payloads for activity relating to commit comments, the query string would include `&webhook_active=true&webhook_url=https://example.com&events[]=commit_comment`. Note that the `commit_comment` webhook event requires the {% data variables.product.prodname_github_app %} to have at least read-level access for the "Contents" repository permission. So your query string should also include a parameter to set the `contents` permission to `read` or `write`. For more information, see [{% data variables.product.prodname_dotcom %} app permissions](#github-app-permissions). You cannot use query parameters to set the value of a webhook secret. If an app requires a secret to secure its webhook, the value of the secret must be set in the {% data variables.product.company_short %} UI by the person registering the app. -For more information about webhooks and {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/using-webhooks-with-github-apps). +For more information about webhooks and {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/using-webhooks-with-github-apps). diff --git a/content/apps/sharing-github-apps/sharing-your-github-app.md b/content/apps/sharing-github-apps/sharing-your-github-app.md index 184379595faf..4fe341e28a01 100644 --- a/content/apps/sharing-github-apps/sharing-your-github-app.md +++ b/content/apps/sharing-github-apps/sharing-your-github-app.md @@ -16,7 +16,7 @@ category: ## Sharing your {% data variables.product.prodname_github_app %} on {% data variables.product.prodname_marketplace %} -If your {% data variables.product.prodname_github_app %} is public, you can choose to publish it to {% data variables.product.prodname_marketplace %}. For more information, see [AUTOTITLE](/apps/publishing-apps-to-github-marketplace/github-marketplace-overview/about-github-marketplace). +If your {% data variables.product.prodname_github_app %} is public, you can choose to publish it to {% data variables.product.prodname_marketplace %}. For more information, see [AUTOTITLE](/apps/github-marketplace/github-marketplace-overview/about-github-marketplace-for-apps). {% ifversion ghec %}If you are an {% data variables.product.prodname_emu %}, then you cannot share your app on {% data variables.product.prodname_marketplace %}.{% endif %} @@ -27,7 +27,7 @@ For more information about how users can install your app from {% data variables ## Sharing your {% data variables.product.prodname_github_app %} via an install link {% ifversion fpt or ghec %} -If your {% data variables.product.prodname_github_app %} is public, other users and organizations can install your app. For more information about making your app public, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/making-a-github-app-public-or-private). +If your {% data variables.product.prodname_github_app %} is public, other users and organizations can install your app. For more information about making your app public, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/making-a-github-app-public-or-private). {% ifversion ghec %}If you are an {% data variables.product.prodname_emu %}{% ifversion enterprise-apps-public-beta %} or your app is owned by your enterprise account{% endif %}, you can only share your app with accounts within your enterprise.{% endif %} @@ -47,4 +47,4 @@ If your {% data variables.product.prodname_github_app %} is public, other users ## Sharing your {% data variables.product.prodname_github_app %} with {% data variables.product.prodname_ghe_server %} instances -If you want to share your {% data variables.product.prodname_github_app %} with {% data variables.product.prodname_ghe_server %} instances that you are not part of, you need to take additional steps. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/making-your-github-app-available-for-github-enterprise-server). +If you want to share your {% data variables.product.prodname_github_app %} with {% data variables.product.prodname_ghe_server %} instances that you are not part of, you need to take additional steps. For more information, see [AUTOTITLE](/apps/sharing-github-apps/making-your-github-app-available-for-github-enterprise-server). diff --git a/content/apps/using-github-apps/about-using-github-apps.md b/content/apps/using-github-apps/about-using-github-apps.md index 69c8a5fa2450..8afc5552981e 100644 --- a/content/apps/using-github-apps/about-using-github-apps.md +++ b/content/apps/using-github-apps/about-using-github-apps.md @@ -17,11 +17,11 @@ category: ## Finding {% data variables.product.prodname_github_apps %} {% ifversion fpt or ghec %} -You can discover {% data variables.product.prodname_github_apps %} on [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace). {% else %}You cannot install third-party applications on your enterprise. If you want to use the functionality of a third-party app, you can contact the app developer about creating an app from a manifest or from URL parameters. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app-from-a-manifest) and [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app-using-url-parameters).{% endif %}{% ifversion enterprise-installed-apps %} You cannot install third-party applications on your enterprise account—they must be owned by your enterprise or an organization in your enterprise.{% endif %} +You can discover {% data variables.product.prodname_github_apps %} on [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace). {% else %}You cannot install third-party applications on your enterprise. If you want to use the functionality of a third-party app, you can contact the app developer about creating an app from a manifest or from URL parameters. For more information, see [AUTOTITLE](/apps/sharing-github-apps/registering-a-github-app-from-a-manifest) and [AUTOTITLE](/apps/sharing-github-apps/registering-a-github-app-using-url-parameters).{% endif %}{% ifversion enterprise-installed-apps %} You cannot install third-party applications on your enterprise account—they must be owned by your enterprise or an organization in your enterprise.{% endif %} {% data reusables.data-residency.github-marketplace-apps-unsupported %} -You can also build your own {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/about-creating-github-apps). +You can also build your own {% data variables.product.prodname_github_app %}. For more information, see [AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps). ## Using {% data variables.product.prodname_github_apps %} @@ -33,7 +33,7 @@ You may also need to authorize a {% data variables.product.prodname_github_app % Occasionally, the {% data variables.product.prodname_github_app %} will request updated permissions. {% data variables.product.company_short %} will notify you when this occurs. In order for the app to continue to function, you will need to review and approve the updated permissions. For more information, see [AUTOTITLE](/apps/using-github-apps/approving-updated-permissions-for-a-github-app). -Before you install or authorize a {% data variables.product.prodname_github_app %}, you should make sure that you trust the app developer. If you no longer use the app, you should suspend or uninstall the app and/or revoke your authorization of the app. For more information, see [AUTOTITLE](/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access) and [AUTOTITLE](/apps/using-github-apps/reviewing-your-authorized-integrations). +Before you install or authorize a {% data variables.product.prodname_github_app %}, you should make sure that you trust the app developer. If you no longer use the app, you should suspend or uninstall the app and/or revoke your authorization of the app. For more information, see [AUTOTITLE](/apps/using-github-apps/reviewing-and-modifying-installed-github-apps#blocking-access) and [AUTOTITLE](/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps). {% ifversion fpt or ghec %} diff --git a/content/apps/using-github-apps/approving-updated-permissions-for-a-github-app.md b/content/apps/using-github-apps/approving-updated-permissions-for-a-github-app.md index 08c5f6acdf47..148789b5fc5d 100644 --- a/content/apps/using-github-apps/approving-updated-permissions-for-a-github-app.md +++ b/content/apps/using-github-apps/approving-updated-permissions-for-a-github-app.md @@ -10,7 +10,7 @@ category: - Install and authorize apps --- -Occasionally, a {% data variables.product.prodname_github_app %} that you have installed will request additional permissions. This may happen if the {% data variables.product.prodname_github_app %} owner wants the app to make additional API requests or respond to additional webhook events. For more information about what different permissions enable a {% data variables.product.prodname_github_app %} to do, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/choosing-permissions-for-a-github-app). +Occasionally, a {% data variables.product.prodname_github_app %} that you have installed will request additional permissions. This may happen if the {% data variables.product.prodname_github_app %} owner wants the app to make additional API requests or respond to additional webhook events. For more information about what different permissions enable a {% data variables.product.prodname_github_app %} to do, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). When a {% data variables.product.prodname_github_app %} requests additional permissions, {% data variables.product.company_short %} will notify you if the app is installed on your personal account or on an account that you own. diff --git a/content/apps/using-github-apps/authorizing-github-apps.md b/content/apps/using-github-apps/authorizing-github-apps.md index 9dcf011a4aab..3473cb642ccc 100644 --- a/content/apps/using-github-apps/authorizing-github-apps.md +++ b/content/apps/using-github-apps/authorizing-github-apps.md @@ -23,7 +23,7 @@ When authorizing the {% data variables.product.prodname_github_app %}, you shoul * Know which resources you can access: When authorized, the {% data variables.product.prodname_github_app %} will be able to determine which resources you can access that the app can also access. The app may use this, for example, so that it can show you an appropriate list of repositories. * Act on your behalf: When authorized, the application may perform tasks on {% data variables.product.company_short %} on your behalf. This might include creating an issue or commenting on a pull request. For more information, see [About {% data variables.product.prodname_github_apps %} acting on your behalf](#about-github-apps-acting-on-your-behalf). -You can review and revoke your authorization at any time. For more information, see [AUTOTITLE](/apps/using-github-apps/reviewing-your-authorized-integrations). +You can review and revoke your authorization at any time. For more information, see [AUTOTITLE](/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps). {% ifversion ghec %} @@ -48,4 +48,4 @@ Similarly, if the activity triggers a corresponding entry in the audit logs and {% data reusables.apps.install-vs-authorize %} -For more information about installation, see [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-a-third-party), {% ifversion ghec or fpt %}[AUTOTITLE](/apps/using-github-apps/installing-an-app-in-your-personal-account) and [AUTOTITLE](/apps/using-github-apps/installing-an-app-in-your-organization).{% else %}[AUTOTITLE](/apps/maintaining-github-apps/installing-github-apps).{% endif %} +For more information about installation, see [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-a-third-party), {% ifversion ghec or fpt %}[AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-personal-account) and [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations).{% else %}[AUTOTITLE](/apps/using-github-apps/installing-your-own-github-app).{% endif %} diff --git a/content/apps/using-github-apps/installing-a-github-app-from-a-third-party.md b/content/apps/using-github-apps/installing-a-github-app-from-a-third-party.md index dc1cb3135d12..8a0ec2e68a57 100644 --- a/content/apps/using-github-apps/installing-a-github-app-from-a-third-party.md +++ b/content/apps/using-github-apps/installing-a-github-app-from-a-third-party.md @@ -14,7 +14,7 @@ category: {% ifversion fpt or ghec %} -This article describes how to install a {% data variables.product.prodname_github_app %} directly from the app owner instead of from {% data variables.product.prodname_marketplace %}. For more information on installing {% data variables.product.prodname_github_apps %} from {% data variables.product.prodname_marketplace %}, see [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-in-your-personal-account) and [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-in-your-organization). For more information about installing {% data variables.product.prodname_github_apps %} that you own, see [AUTOTITLE](/apps/maintaining-github-apps/installing-your-own-github-app).{% endif %} +This article describes how to install a {% data variables.product.prodname_github_app %} directly from the app owner instead of from {% data variables.product.prodname_marketplace %}. For more information on installing {% data variables.product.prodname_github_apps %} from {% data variables.product.prodname_marketplace %}, see [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-personal-account) and [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations). For more information about installing {% data variables.product.prodname_github_apps %} that you own, see [AUTOTITLE](/apps/using-github-apps/installing-your-own-github-app).{% endif %} {% ifversion enterprise-apps-public-beta %} >[!NOTE] This installation flow applies to any {% data variables.product.prodname_github_app %}, whether it’s a third-party app or an app owned by your enterprise. You can install the app manually using the link provided by the app owner. @@ -41,7 +41,7 @@ Enterprise owners can install {% data variables.product.prodname_github_apps %} {% data reusables.apps.repo-admin-install-restriction %} -Organization members and outside collaborators that cannot install an app on the organization can still select the organization during the install process. Instead of installing the app, {% data variables.product.company_short %} will send a notification to the organization owner to request the organization owner to install the app. The ability to make these requests can be controlled using app access request policies. See [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests). +Organization members and outside collaborators that cannot install an app on the organization can still select the organization during the install process. Instead of installing the app, {% data variables.product.company_short %} will send a notification to the organization owner to request the organization owner to install the app. The ability to make these requests can be controlled using app access request policies. See [AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/limiting-oauth-app-and-github-app-access-requests-and-installations). The "app manager" role does not give a person the ability to install a {% data variables.product.prodname_github_app %} on the organization{% ifversion enterprise-app-manager %} or enterprise{% endif %}. See [AUTOTITLE](/apps/maintaining-github-apps/about-github-app-managers). @@ -64,6 +64,6 @@ During the installation process, the app owner will direct you to a {% data vari 1. If you selected **Only select repositories** in the previous step, under the **Select repositories** dropdown, select the repositories that you want the app to access. If the app creates any repositories, the app will automatically be granted access to those repositories as well. -1. Review the permissions that the app is requesting. For more information about the REST API requests the {% data variables.product.prodname_github_app %} can make with those permissions, see [AUTOTITLE](/rest/overview/permissions-required-for-github-apps). +1. Review the permissions that the app is requesting. For more information about the REST API requests the {% data variables.product.prodname_github_app %} can make with those permissions, see [AUTOTITLE](/rest/authentication/permissions-required-for-github-apps). 1. Click **Install**, **Install and request**, or **Request**. The button that is presented depends on whether your organization owner must approve none, some, or all of the requested access for the app.{% ifversion enterprise-installed-apps %} Enterprise installations cannot be requested—the enterprise owner must install the app directly.{% endif %} For more information, see [Requirements to install a {% data variables.product.prodname_github_app %}](#requirements-to-install-a-github-app). diff --git a/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations.md b/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations.md index a9ce7cabc5e2..99f1372f1767 100644 --- a/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations.md +++ b/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations.md @@ -75,5 +75,5 @@ For enterprise managed user accounts, only enterprise owners can purchase and in ## Further reading -* [AUTOTITLE](/billing/managing-your-billing/managing-your-payment-and-billing-information) -* [AUTOTITLE](/apps/using-github-apps/installing-an-app-in-your-personal-account) +* [AUTOTITLE](/billing/how-tos/set-up-payment/manage-payment-info) +* [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-personal-account) diff --git a/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-personal-account.md b/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-personal-account.md index 8ee8960bd0b0..fc35ded73eae 100644 --- a/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-personal-account.md +++ b/content/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-personal-account.md @@ -57,5 +57,5 @@ For more information about authorizing {% data variables.product.prodname_github ## Further reading -* [AUTOTITLE](/billing/managing-your-billing/managing-your-payment-and-billing-information) -* [AUTOTITLE](/apps/using-github-apps/installing-an-app-in-your-organization) +* [AUTOTITLE](/billing/how-tos/set-up-payment/manage-payment-info) +* [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-github-marketplace-for-your-organizations) diff --git a/content/apps/using-github-apps/installing-a-github-app-on-your-enterprise.md b/content/apps/using-github-apps/installing-a-github-app-on-your-enterprise.md index 8bfab7ba150e..598243ed08b6 100644 --- a/content/apps/using-github-apps/installing-a-github-app-on-your-enterprise.md +++ b/content/apps/using-github-apps/installing-a-github-app-on-your-enterprise.md @@ -42,7 +42,7 @@ For more information about available permissions and API endpoints, see [AUTOTIT ## Rate limits for enterprise-installed {% data variables.product.prodname_github_apps %} -The installation token for an enterprise-installed {% data variables.product.prodname_github_apps %} has the same rate limit as a {% data variables.product.prodname_ghe_cloud %} organization. Rate limits are per installation. For example, if an app is installed on an enterprise and two organizations, it will require 3 installation tokens to access them and have a full, independent rate limit budget for each installation. For more information, see [AUTOTITLE](/rest/overview/rate-limits-for-the-rest-api) and [AUTOTITLE](/graphql/overview/resource-limitations). +The installation token for an enterprise-installed {% data variables.product.prodname_github_apps %} has the same rate limit as a {% data variables.product.prodname_ghe_cloud %} organization. Rate limits are per installation. For example, if an app is installed on an enterprise and two organizations, it will require 3 installation tokens to access them and have a full, independent rate limit budget for each installation. For more information, see [AUTOTITLE](/rest/using-the-rest-api/rate-limits-for-the-rest-api) and [AUTOTITLE](/graphql/overview/rate-limits-and-query-limits-for-the-graphql-api). {% endif %} ## Current limitations diff --git a/content/apps/using-github-apps/privileged-github-apps.md b/content/apps/using-github-apps/privileged-github-apps.md index d3e4a0882f5b..8c35c77f22cf 100644 --- a/content/apps/using-github-apps/privileged-github-apps.md +++ b/content/apps/using-github-apps/privileged-github-apps.md @@ -16,7 +16,7 @@ Some {% data variables.product.prodname_github_apps %} are privileged apps. Thes Some of these privileged apps are automatically included with {% data variables.product.company_short %} and do not require user authorization. These apps will not appear in your list of authorized {% data variables.product.prodname_github_apps %} or in your list of installed {% data variables.product.prodname_github_apps %}.{% ifversion ghec %}{% data variables.product.prodname_emus %} are allowed to install these privileged apps on their user account, while standard, unprivileged apps cannot be installed on {% data variables.product.prodname_emus %} user accounts.{% endif %} -These privileged apps will appear in the user security log, but will not appear in organization{% ifversion ghes or ghec %} or enterprise{% endif %} audit logs. {% ifversion ghes or ghec %}For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log), [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization), and [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise).{% else %}For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log) and [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization).{% endif %} +These privileged apps will appear in the user security log, but will not appear in organization{% ifversion ghes or ghec %} or enterprise{% endif %} audit logs. {% ifversion ghes or ghec %}For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log), [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization), and [AUTOTITLE](/admin/concepts/security-and-compliance/audit-log-for-an-enterprise).{% else %}For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log) and [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization).{% endif %} These {% data variables.product.prodname_github_apps %} are: diff --git a/content/apps/using-github-apps/reviewing-and-modifying-installed-github-apps.md b/content/apps/using-github-apps/reviewing-and-modifying-installed-github-apps.md index f1e48d47153a..8ceccbd29039 100644 --- a/content/apps/using-github-apps/reviewing-and-modifying-installed-github-apps.md +++ b/content/apps/using-github-apps/reviewing-and-modifying-installed-github-apps.md @@ -54,7 +54,7 @@ In addition to reviewing {% data variables.product.prodname_github_apps %} that ## Reviewing permissions 1. Navigate to the {% data variables.product.prodname_github_app %} you want to modify. For more information, see [Navigating to the GitHub App you want to review or modify](#navigating-to-the-github-app-you-want-to-review-or-modify). -1. Under "Permissions," review the permissions that the {% data variables.product.prodname_github_app %} has. For more information about what different permissions enable a {% data variables.product.prodname_github_app %} to do, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/choosing-permissions-for-a-github-app). +1. Under "Permissions," review the permissions that the {% data variables.product.prodname_github_app %} has. For more information about what different permissions enable a {% data variables.product.prodname_github_app %} to do, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app). ## Modifying repository access diff --git a/content/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps.md b/content/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps.md index fdb2c0cc2adb..74c651b9e7ae 100644 --- a/content/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps.md +++ b/content/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps.md @@ -36,5 +36,5 @@ The authorization can only be revoked by the person who authorized the {% data v ## Further reading * [AUTOTITLE](/apps/using-github-apps/reviewing-and-modifying-installed-github-apps) -* [AUTOTITLE](/apps/oauth-apps/using-oauth-apps/reviewing-your-authorized-applications-oauth) +* [AUTOTITLE](/apps/oauth-apps/using-oauth-apps/reviewing-your-authorized-oauth-apps) * [AUTOTITLE](/apps/using-github-apps/privileged-github-apps) diff --git a/content/code-security/concepts/secret-security/validity-checks.md b/content/code-security/concepts/secret-security/validity-checks.md index 5d7b579ed85a..e154fd67fe2f 100644 --- a/content/code-security/concepts/secret-security/validity-checks.md +++ b/content/code-security/concepts/secret-security/validity-checks.md @@ -25,7 +25,13 @@ You can enable automatic validity checks for detected secrets. Once enabled, {% {% data variables.product.company_short %} prioritizes privacy when checking the validity of the credential. We typically make GET requests, pick the least intrusive endpoints, and select endpoints that don't return any personal information. -{% data variables.product.github %} displays the validation status of the secret in the alert view, so you can see if the secret is `active`, `inactive`, or if the validation status is `unknown`. You can optionally perform an "on-demand" validity check for the secret in the alert view. +{% ifversion fpt or ghec %} + +Some secrets require more than the token itself to confirm whether they are active. For these secrets, {% data variables.product.company_short %} will combine the token with additional contextual information, such as a host or URL, to check the secret's validity. + +{% endif %} + +{% data variables.product.github %} displays the validation status of the secret in the alert view, so you can see if the secret is `active`, `inactive`, or if the validation status is `unknown`. For most secrets, you can optionally perform an "on-demand" validity check for the secret in the alert view. ## About extended metadata checks diff --git a/content/copilot/concepts/models/bring-your-own-key.md b/content/copilot/concepts/models/bring-your-own-key.md new file mode 100644 index 000000000000..55ddb144d6c4 --- /dev/null +++ b/content/copilot/concepts/models/bring-your-own-key.md @@ -0,0 +1,42 @@ +--- +title: Bring your own key for GitHub Copilot +shortTitle: Bring your own key +intro: 'Use your existing LLM provider with {% data variables.product.prodname_copilot %} to save costs or consolidate billing.' +versions: + feature: copilot +contentType: concepts +--- + +{% data reusables.copilot.byok-two-mechanisms %} + +## Local BYOK + +Various {% data variables.product.prodname_copilot_short %} clients allow users to configure custom LLM keys locally. + +These keys are only handled client-side: they are stored locally and the associated models aren't available to other users. This mechanism removes dependency on {% data variables.product.github %}'s {% data variables.product.prodname_copilot_short %} API, making it suitable for air-gapped environments or users without {% data variables.product.prodname_copilot_short %} subscriptions. + +Local BYOK is available in the following clients. + +| Client | More information | +| --- | --- | +| {% data variables.product.prodname_vscode_shortname %} | [Add a model from a built in provider](https://code.visualstudio.com/docs/agent-customization/language-models#_add-a-model-from-a-built-in-provider) in the {% data variables.product.prodname_vscode_shortname %} documentation | +| JetBrains | [Bring your own key (BYOK) support for JetBrains IDEs and Xcode](https://github.blog/changelog/2025-09-11-bring-your-own-key-byok-support-for-jetbrains-ides-and-xcode-in-public-preview/#try-it-out) on {% data variables.product.prodname_blog %} | +| Xcode | [Bring your own key (BYOK) support for JetBrains IDEs and Xcode](https://github.blog/changelog/2025-09-11-bring-your-own-key-byok-support-for-jetbrains-ides-and-xcode-in-public-preview/#try-it-out) on {% data variables.product.prodname_blog %} | +| {% data variables.copilot.copilot_cli_short %} | [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-copilot/use-byok-models) | +| {% data variables.copilot.github_copilot_app %} | [AUTOTITLE](/copilot/how-tos/github-copilot-app/use-byok-models) | +| {% data variables.copilot.copilot_sdk_short %} | [AUTOTITLE](/copilot/how-tos/copilot-sdk/auth/byok) | + +For users on a {% data variables.copilot.copilot_business_short %} or {% data variables.copilot.copilot_enterprise_short %} plan, the ability to use local BYOK in IDEs can be disabled by an enterprise or organization policy. + +## Enterprise BYOK + +>[!NOTE] +>{% data reusables.copilot.byok-preview-note %} + +Enterprise owners can add keys for custom models in their enterprise settings. They can also allow organization owners to do the same in their organization settings, by enabling the **Enable custom models** policy. + +Custom models are available in {% data variables.copilot.copilot_byok_supported_features %}, and apply to users on the enterprise's {% data variables.copilot.copilot_business_short %} or {% data variables.copilot.copilot_enterprise_short %} plan. Users can select them in the same way they would select a {% data variables.product.github %}-hosted model. + +Enterprise BYOK is handled server-side and affects the models served to users by the {% data variables.product.prodname_copilot_short %} API. Users must have a {% data variables.product.prodname_copilot_short %} license and internet access to use the custom models. + +For more information, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/enable-custom-models). diff --git a/content/copilot/concepts/models/index.md b/content/copilot/concepts/models/index.md index 0b1e12402048..353c586d05f6 100644 --- a/content/copilot/concepts/models/index.md +++ b/content/copilot/concepts/models/index.md @@ -6,6 +6,7 @@ versions: feature: copilot contentType: concepts children: + - /bring-your-own-key - /utility-models - /auto-model-selection - /fedramp-models diff --git a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/use-your-own-api-keys.md b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/enable-custom-models.md similarity index 68% rename from content/copilot/how-tos/administer-copilot/manage-for-enterprise/use-your-own-api-keys.md rename to content/copilot/how-tos/administer-copilot/manage-for-enterprise/enable-custom-models.md index d6ef331d97a0..e931765abfdd 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/use-your-own-api-keys.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/enable-custom-models.md @@ -1,7 +1,7 @@ --- -title: Using your LLM provider API keys with Copilot -shortTitle: Use your own API keys -intro: 'Learn how to integrate your preferred custom models with {% data variables.product.prodname_copilot %} by using your own LLM API keys, and make them available for organizations in your enterprise account.' +title: Enabling custom models for GitHub Copilot in your enterprise +shortTitle: Enable custom models +intro: Integrate your preferred custom models with {% data variables.product.prodname_copilot %} by using your own LLM API keys, and make them available for organizations in your enterprise account. versions: feature: copilot-byok contentType: how-tos @@ -9,13 +9,12 @@ allowTitleToDifferFromFilename: true category: - Configure Copilot - Manage Copilot for a team +redirect_from: + - /copilot/how-tos/administer-copilot/manage-for-enterprise/use-your-own-api-keys --- {% data reusables.copilot.byok-intro %} -> [!NOTE] -> This article covers custom models configured by enterprise owners. {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %} users can also use their own LLM keys locally. See [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-copilot/use-byok-models) and [Add a model from a built in provider](https://code.visualstudio.com/docs/agent-customization/language-models#_add-a-model-from-a-built-in-provider) in the {% data variables.product.prodname_vscode_shortname %} documentation. - ## Why bring your own API keys? As an enterprise owner, you may have specific requirements for governance, data security, and compliance. Setting up your own API keys allows you to address: @@ -28,8 +27,6 @@ As an enterprise owner, you may have specific requirements for governance, data After you've added your key and selected one or more models, you and members of your organizations will be able to use them with {% data variables.copilot.copilot_byok_supported_features %}. Your models will appear at the bottom of the model picker, under the enterprise name. -> [!NOTE] For members of your organizations to use third-party models in {% data variables.product.prodname_vscode %}, the **Bring Your Own Language Model Key in {% data variables.product.prodname_vscode_shortname %}** policy must be enabled. For more information, see the [{% data variables.product.prodname_copilot_short %} settings page](https://github.com/settings/copilot/features) in {% data variables.product.prodname_dotcom_the_website %}. - {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.ai-controls-tab %} 1. In the sidebar, click **{% octicon "copilot" aria-hidden="true" aria-label="copilot" %} {% data variables.product.prodname_copilot_short %}**. @@ -58,4 +55,4 @@ You can choose whether the models you have added are available to organizations * [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/use-your-own-api-keys) in our documentation for organizations. * [AUTOTITLE](/copilot/concepts/chat) -* [AUTOTITLE](/copilot/reference/supported-surfaces-for-policies) \ No newline at end of file +* [AUTOTITLE](/copilot/reference/supported-surfaces-for-policies) diff --git a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/index.md b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/index.md index 6d3edf68f376..f81947877d9d 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/index.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/index.md @@ -11,7 +11,7 @@ children: - /manage-agents - /manage-spark - /manage-availability-of-default-models - - /use-your-own-api-keys + - /enable-custom-models - /review-audit-logs redirect_from: - /copilot/managing-copilot/managing-copilot-for-your-enterprise diff --git a/content/copilot/how-tos/administer-copilot/manage-for-organization/use-your-own-api-keys.md b/content/copilot/how-tos/administer-copilot/manage-for-organization/enable-custom-models.md similarity index 63% rename from content/copilot/how-tos/administer-copilot/manage-for-organization/use-your-own-api-keys.md rename to content/copilot/how-tos/administer-copilot/manage-for-organization/enable-custom-models.md index e6d830de340e..b31b4e389318 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-organization/use-your-own-api-keys.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-organization/enable-custom-models.md @@ -1,7 +1,7 @@ --- -title: Using your LLM provider API keys with Copilot -shortTitle: Use your own API keys -intro: 'Learn how to integrate your preferred custom models with {% data variables.product.prodname_copilot %} by using your own LLM API keys, and make them available to your organization members.' +title: Enabling custom models for GitHub Copilot in your organization +shortTitle: Enable custom models +intro: Integrate your preferred custom models with {% data variables.product.prodname_copilot %} by using your own LLM API keys, and make them available to your organization members. versions: feature: copilot-byok contentType: how-tos @@ -9,19 +9,22 @@ allowTitleToDifferFromFilename: true category: - Configure Copilot - Manage Copilot for a team +redirect_from: + - /copilot/how-tos/administer-copilot/manage-for-organization/use-your-own-api-keys --- {% data reusables.copilot.byok-intro %} -> [!NOTE] -> This article covers custom models configured by organization owners. {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %} users can also configure their own LLM provider locally, without any administrator setup. See [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-copilot/use-byok-models) and [Add a model from a built in provider](https://code.visualstudio.com/docs/agent-customization/language-models#_add-a-model-from-a-built-in-provider) in the {% data variables.product.prodname_vscode_shortname %} documentation. - ## Why bring your own API keys? As an organization owner, you may have specific requirements for governance, data security, and compliance. Setting up your own API keys allows you to address: {% data reusables.copilot.byok-why %} +## Prerequisites + +An enterprise owner must have enabled the **Enable custom models** policy. + ## Adding your key to an organization account > [!IMPORTANT] We highly recommend adhering to the principle of least privilege by assigning only the minimum necessary scopes to your API keys. @@ -38,4 +41,4 @@ After you've added your key and selected one or more models, you and your organi * [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/use-your-own-api-keys) in our documentation for enterprise accounts. * [AUTOTITLE](/copilot/concepts/chat) -* [AUTOTITLE](/copilot/reference/supported-surfaces-for-policies) \ No newline at end of file +* [AUTOTITLE](/copilot/reference/supported-surfaces-for-policies) diff --git a/content/copilot/how-tos/administer-copilot/manage-for-organization/index.md b/content/copilot/how-tos/administer-copilot/manage-for-organization/index.md index 72df198a60f4..7721d2a98d1d 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-organization/index.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-organization/index.md @@ -1,7 +1,7 @@ --- title: Managing GitHub Copilot in your organization shortTitle: Manage for organization -intro: 'Organization owners can subscribe to {% data variables.product.prodname_copilot_short %}, manage {% data variables.product.prodname_copilot_short %} for their organization, and control {% data variables.product.prodname_copilot_short %} policies.' +intro: Organization owners can subscribe to {% data variables.product.prodname_copilot_short %}, manage {% data variables.product.prodname_copilot_short %} for their organization, and control {% data variables.product.prodname_copilot_short %} policies. versions: feature: copilot redirect_from: @@ -19,6 +19,7 @@ children: - /prepare-for-custom-agents - /manage-default-models - /review-activity - - /use-your-own-api-keys + - /enable-custom-models contentType: how-tos --- + diff --git a/content/copilot/how-tos/copilot-on-github/set-up-copilot/configure-access-to-ai-models.md b/content/copilot/how-tos/copilot-on-github/set-up-copilot/configure-access-to-ai-models.md index 481927865037..2ef09456fc2e 100644 --- a/content/copilot/how-tos/copilot-on-github/set-up-copilot/configure-access-to-ai-models.md +++ b/content/copilot/how-tos/copilot-on-github/set-up-copilot/configure-access-to-ai-models.md @@ -23,23 +23,19 @@ Your access to {% data variables.product.prodname_copilot %} models depends on: For a list of available AI models, see [AUTOTITLE](/copilot/reference/ai-models/supported-models). For information on how {% data variables.copilot.copilot_chat_short %} serves different AI models, see [AUTOTITLE](/copilot/reference/ai-models/model-hosting). -## Setup for individual use +## Setup for individual plans For individual {% data variables.product.prodname_copilot_short %} plans, you can use AI models directly within {% data variables.product.prodname_copilot_short %} without configuring access or managing policies. {% data variables.copilot.copilot_free_short %} and {% data variables.copilot.copilot_student_short %} only have access to {% data variables.copilot.copilot_auto_model_selection_short %}. > [!NOTE] > Models available depend on your plan. See [AUTOTITLE](/copilot/reference/ai-models/supported-models#supported-ai-models-per-copilot-plan). -## Setup for organization and enterprise use +## Setup for organization and enterprise plans As an enterprise or organization owner, you can enable or disable access to AI models for members with a {% data variables.copilot.copilot_enterprise_short %} or {% data variables.copilot.copilot_business_short %} seat. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/manage-policies) and [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-enterprise-policies). -> [!NOTE] -> * Models available in {% data variables.copilot.copilot_auto_model_selection %} will follow the policies set for an organization or enterprise. See [AUTOTITLE](/copilot/concepts/models/auto-model-selection). -> * {% data reusables.copilot.byok-no-subscription-required %} - -{% ifversion copilot-byok %} +## Custom models -You can also integrate your preferred custom models from supported LLM providers by bringing your own API keys. Organization owners can make custom models available for members of their organization and enterprise owners can add custom models and choose which organizations can make use of them. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/use-your-own-api-keys) for organizations and [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/use-your-own-api-keys) for enterprise accounts. +{% data reusables.copilot.byok-two-mechanisms %} -{% endif %} +For more information, see [AUTOTITLE](/copilot/concepts/models/bring-your-own-key). diff --git a/content/copilot/tutorials/roll-out-at-scale/govern-at-scale/resources-for-approval.md b/content/copilot/tutorials/roll-out-at-scale/govern-at-scale/resources-for-approval.md index 61d703eb08f3..e22aff31d0c4 100644 --- a/content/copilot/tutorials/roll-out-at-scale/govern-at-scale/resources-for-approval.md +++ b/content/copilot/tutorials/roll-out-at-scale/govern-at-scale/resources-for-approval.md @@ -53,7 +53,7 @@ These teams need to know how {% data variables.product.prodname_copilot_short %} * The allowlist required for a firewall or proxy to ensure {% data variables.product.prodname_copilot_short %} works as expected. See [AUTOTITLE](/copilot/reference/copilot-allowlist-reference). * The network protocol that {% data variables.product.prodname_copilot_short %} operates on by default, and your company's options for routing traffic through a proxy server and intercepting traffic. See [AUTOTITLE](/copilot/concepts/network-settings). -* The option to use {% data variables.product.prodname_copilot_short %} in air-gapped environments by bringing your own API keys in {% data variables.product.prodname_vscode_shortname %} or {% data variables.copilot.copilot_cli_short %}. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/use-your-own-api-keys). +* The option to use {% data variables.product.prodname_copilot_short %} in air-gapped environments by configuring API keys locally. See [AUTOTITLE](/copilot/concepts/models/bring-your-own-key#local-byok). * The clients where users will be using {% data variables.product.prodname_copilot_short %}. * Your enterprise can enable or disable {% data variables.product.prodname_copilot_short %} in IDEs, on {% data variables.product.prodname_mobile %}, in the CLI, and on the {% data variables.product.github %} website. * If your company distributes approved software for users, IT teams may need to approve the supported versions of IDEs. See [AUTOTITLE](/copilot/reference/copilot-feature-matrix). diff --git a/content/search-github/searching-on-github/searching-issues-and-pull-requests.md b/content/search-github/searching-on-github/searching-issues-and-pull-requests.md index ec6a1e96febc..0d91466037fe 100644 --- a/content/search-github/searching-on-github/searching-issues-and-pull-requests.md +++ b/content/search-github/searching-on-github/searching-issues-and-pull-requests.md @@ -283,6 +283,9 @@ You can filter pull requests based on their [review status](/pull-requests/colla | `review:changes_requested` | [**type:pr review:changes_requested**](https://github.com/search?utf8=%E2%9C%93&q=type%3Apr+review%3Achanges_requested&type=Issues) matches pull requests in which a reviewer has asked for changes. | reviewed-by:USERNAME | [**type:pr reviewed-by:gjtorikian**](https://github.com/search?utf8=%E2%9C%93&q=type%3Apr+reviewed-by%3Agjtorikian&type=Issues) matches pull requests reviewed by a particular person. | review-requested:USERNAME | [**type:pr review-requested:benbalter**](https://github.com/search?utf8=%E2%9C%93&q=type%3Apr+review-requested%3Abenbalter&type=Issues) matches pull requests where a specific person is requested for review. Requested reviewers are no longer listed in the search results after they review a pull request. If the requested person is on a team that is requested for review, then review requests for that team will also appear in the search results. +| {% ifversion review-involves-search %} | +| review-involves:USERNAME | [**type:pr review-involves:gjtorikian**](https://github.com/search?utf8=%E2%9C%93&q=type%3Apr+review-involves%3Agjtorikian&type=pullrequests) matches pull requests that a particular person is involved in reviewing, whether they were asked to review directly, are on a team that was asked, or have already reviewed. Unlike with `review-requested`, these pull requests remain in the results after the person or a teammate has reviewed them. +| {% endif %} | | user-review-requested:@me | [**type:pr user-review-requested:@me**](https://github.com/search?q=is%3Apr+user-review-requested%3A%40me+) matches pull requests that you have directly been asked to review. | team-review-requested:TEAMNAME | [**type:pr team-review-requested:github/docs**](https://github.com/search?q=type%3Apr+team-review-requested%3Agithub%2Fdocs&type=pullrequests) matches pull requests that have review requests from the team `github/docs`. Requested reviewers are no longer listed in the search results after they review a pull request. | team-review-requested-user:USERNAME | [**type:pr team-review-requested-user:benbalter**](https://github.com/search?q=type%3Apr+team-review-requested-user%3Abenbalter&type=pullrequests) matches pull requests that have review requests from any team that a specific person is a member of. Review requests directed at the user specifically are not included. Requested reviewers are no longer listed in the search results after they review a pull request. diff --git a/data/features/review-involves-search.yml b/data/features/review-involves-search.yml new file mode 100644 index 000000000000..fd77fd711083 --- /dev/null +++ b/data/features/review-involves-search.yml @@ -0,0 +1,6 @@ +# https://github.com/github/core-ux/issues/1444 +# review-involves pull request search qualifier, shipping to GHES 3.23 +versions: + fpt: '*' + ghec: '*' + ghes: '>=3.23' diff --git a/data/reusables/actions/workflows/triggering-a-workflow-paths5.md b/data/reusables/actions/workflows/triggering-a-workflow-paths5.md index 2505d10fc5fa..0e9e81697645 100644 --- a/data/reusables/actions/workflows/triggering-a-workflow-paths5.md +++ b/data/reusables/actions/workflows/triggering-a-workflow-paths5.md @@ -1,6 +1,3 @@ -> [!NOTE] -> If you push more than 1,000 commits, or if {% data variables.product.prodname_dotcom %} does not generate the diff due to a timeout, the workflow will always run. - The filter determines if a workflow should run by evaluating the changed files and running them against the `paths-ignore` or `paths` list. If there are no files changed, the workflow will not run. {% data variables.product.prodname_dotcom %} generates the list of changed files using two-dot diffs for pushes and three-dot diffs for pull requests: @@ -8,7 +5,12 @@ The filter determines if a workflow should run by evaluating the changed files a * **Pushes to existing branches:** A two-dot diff compares the head and base SHAs directly with each other. * **Pushes to new branches:** A two-dot diff against the parent of the ancestor of the deepest commit pushed. -> [!NOTE] -> Diffs are limited to 300 files. If there are files changed that aren't matched in the first 300 files returned by the filter, the workflow will not run. You may need to create more specific filters so that the workflow will run automatically. +In some situations, {% data variables.product.prodname_actions %} applies limits that change how filtered workflows run: + +* If a push contains more than 1,000 commits, the workflow will **always** run. +* If generating the diff times out, the workflow will **always** run. +* If the generated diff contains more than 3,000 files and the files the workflow filter matches are not in the first 3,000 returned by the filter, the workflow will **not** run. + +If you observe these behaviors, you might need to make your filters more specific, or change how you work with pushes and pull requests to generate simpler diffs. For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-comparing-branches-in-pull-requests). diff --git a/data/reusables/copilot/byok-intro.md b/data/reusables/copilot/byok-intro.md index b20755c1cc1c..cb2234fe694b 100644 --- a/data/reusables/copilot/byok-intro.md +++ b/data/reusables/copilot/byok-intro.md @@ -1,7 +1,7 @@ >[!NOTE] >{% data reusables.copilot.byok-preview-note %} -You can bring your own API keys to {% data variables.product.prodname_copilot %}, and enable teams to use your preferred large language model (LLM) providers with {% data variables.copilot.copilot_byok_supported_features %}. +You can add custom models to your enterprise or organization by providing your own API keys. This enables teams to use your preferred large language model (LLM) providers with {% data variables.copilot.copilot_byok_supported_features %}. API keys from the following providers are supported: @@ -13,4 +13,6 @@ API keys from the following providers are supported: * OpenAI-compatible providers * xAI -Fine-tuned models are also supported, but functionality and quality of results can vary depending on the fine-tuning setup. You should test your model and review its outputs carefully before using it in production. \ No newline at end of file +Fine-tuned models are also supported, but functionality and quality of results can vary depending on the fine-tuning setup. You should test your model and review its outputs carefully before using it in production. + +>[!NOTE] A separate feature allows users to configure their own LLM keys locally in various clients. See [AUTOTITLE](/copilot/concepts/models/bring-your-own-key). diff --git a/data/reusables/copilot/byok-preview-note.md b/data/reusables/copilot/byok-preview-note.md index 89581d936885..c645f06eafde 100644 --- a/data/reusables/copilot/byok-preview-note.md +++ b/data/reusables/copilot/byok-preview-note.md @@ -1 +1 @@ -The ability to bring your own API keys to {% data variables.product.prodname_copilot %} is in {% data variables.release-phases.public_preview %} and subject to change. \ No newline at end of file +This feature is in {% data variables.release-phases.public_preview %} and subject to change. \ No newline at end of file diff --git a/data/reusables/copilot/byok-two-mechanisms.md b/data/reusables/copilot/byok-two-mechanisms.md new file mode 100644 index 000000000000..72d60cf874d9 --- /dev/null +++ b/data/reusables/copilot/byok-two-mechanisms.md @@ -0,0 +1,3 @@ +Bring your own key (BYOK) allows you to use {% data variables.product.prodname_copilot_short %} with models of your choice, such as models that are running on your local machine or hosted by an external provider. + +There are two separate mechanisms for providing your own LLM keys to {% data variables.product.prodname_copilot_short %}. One allows users to configure their own models locally, and the other allows enterprise and organization owners to provide custom models for all users. diff --git a/data/reusables/security-advisory/link-browsing-advisory-db.md b/data/reusables/security-advisory/link-browsing-advisory-db.md index e084d3a38d21..53ce3d1db1f1 100644 --- a/data/reusables/security-advisory/link-browsing-advisory-db.md +++ b/data/reusables/security-advisory/link-browsing-advisory-db.md @@ -1 +1 @@ -For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database). +For more information, see [AUTOTITLE](/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/browse-advisory-database). diff --git a/data/reusables/security-advisory/private-vulnerability-reporting-enable.md b/data/reusables/security-advisory/private-vulnerability-reporting-enable.md index edfd8ed7687e..441e89abaacf 100644 --- a/data/reusables/security-advisory/private-vulnerability-reporting-enable.md +++ b/data/reusables/security-advisory/private-vulnerability-reporting-enable.md @@ -1 +1 @@ -Owners and administrators of public repositories can enable private vulnerability reporting on their repositories. See [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository). +Owners and administrators of public repositories can enable private vulnerability reporting on their repositories. See [AUTOTITLE](/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/configure-for-a-repository). diff --git a/data/reusables/security-advisory/reporting-a-vulnerability-non-admin.md b/data/reusables/security-advisory/reporting-a-vulnerability-non-admin.md index 0c9fd6c15a47..2a9338b2df67 100644 --- a/data/reusables/security-advisory/reporting-a-vulnerability-non-admin.md +++ b/data/reusables/security-advisory/reporting-a-vulnerability-non-admin.md @@ -6,7 +6,7 @@ > [!TIP] > In this form, only the title and description are mandatory. (In the general draft security advisory form, which the repository maintainer initiates, specifying the ecosystem is also required.) However, we recommend security researchers provide as much information as possible on the form so that the maintainers can make an informed decision about the submitted report. You can adopt the template used by our security researchers from the {% data variables.product.prodname_security %}, which is available on the [`github/securitylab` repository](https://github.com/github/securitylab/blob/main/docs/report-template.md). - For more information about the fields available and guidance on filling in the form, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory) and [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories). + For more information about the fields available and guidance on filling in the form, see [AUTOTITLE](/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/create-repository-advisory) and [AUTOTITLE](/code-security/tutorials/fix-reported-vulnerabilities/write-security-advisories). 1. At the bottom of the form, click **Submit report**. {% data variables.product.prodname_dotcom %} will display a message letting you know that maintainers have been notified and that you have a pending credit for this security advisory. diff --git a/data/reusables/security-advisory/repository-level-advisory-note.md b/data/reusables/security-advisory/repository-level-advisory-note.md index b1080399a812..aca7a5f777e7 100644 --- a/data/reusables/security-advisory/repository-level-advisory-note.md +++ b/data/reusables/security-advisory/repository-level-advisory-note.md @@ -1,3 +1,3 @@ > [!NOTE] > This article applies to repository-level security advisories in a public repository. -> To edit a global advisory in the {% data variables.product.prodname_advisory_database %}, see [AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/editing-security-advisories-in-the-github-advisory-database). +> To edit a global advisory in the {% data variables.product.prodname_advisory_database %}, see [AUTOTITLE](/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/edit-advisory-database). diff --git a/data/reusables/security-advisory/security-researcher-cannot-create-advisory.md b/data/reusables/security-advisory/security-researcher-cannot-create-advisory.md index c55350db8572..4329d3818c05 100644 --- a/data/reusables/security-advisory/security-researcher-cannot-create-advisory.md +++ b/data/reusables/security-advisory/security-researcher-cannot-create-advisory.md @@ -1,2 +1,2 @@ > [!NOTE] -> If you are a security researcher, you should directly contact maintainers to ask them to create security advisories or issue CVEs on your behalf in repositories that you don't administer. However, if private vulnerability reporting is enabled for the repository, you can _privately_ report a vulnerability yourself. For more information, see [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability). +> If you are a security researcher, you should directly contact maintainers to ask them to create security advisories or issue CVEs on your behalf in repositories that you don't administer. However, if private vulnerability reporting is enabled for the repository, you can _privately_ report a vulnerability yourself. For more information, see [AUTOTITLE](/code-security/how-tos/report-and-fix-vulnerabilities/report-privately). diff --git a/data/reusables/security-configurations/custom-security-configurations-enterprise.md b/data/reusables/security-configurations/custom-security-configurations-enterprise.md index 24a5f1f5ba9d..57aaad5597be 100644 --- a/data/reusables/security-configurations/custom-security-configurations-enterprise.md +++ b/data/reusables/security-configurations/custom-security-configurations-enterprise.md @@ -1 +1 @@ -1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise). +1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/create-custom-configuration). diff --git a/data/reusables/security-configurations/custom-security-configurations-org.md b/data/reusables/security-configurations/custom-security-configurations-org.md index 6892a9c5c0d7..473a05ede24e 100644 --- a/data/reusables/security-configurations/custom-security-configurations-org.md +++ b/data/reusables/security-configurations/custom-security-configurations-org.md @@ -1,2 +1,2 @@ -1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration). +1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/create-custom-configuration. diff --git a/data/reusables/security-configurations/edit-configuration-next-step.md b/data/reusables/security-configurations/edit-configuration-next-step.md index 84aa7d24c33f..8ca501b9cbeb 100644 --- a/data/reusables/security-configurations/edit-configuration-next-step.md +++ b/data/reusables/security-configurations/edit-configuration-next-step.md @@ -1 +1 @@ -To learn how to edit your {% data variables.product.prodname_custom_security_configuration %}, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration). +To learn how to edit your {% data variables.product.prodname_custom_security_configuration %}, see [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/edit-custom-configuration). diff --git a/data/reusables/security-configurations/enable-security-features-with-gh-config.md b/data/reusables/security-configurations/enable-security-features-with-gh-config.md index adc06406ddcf..d366d2f83293 100644 --- a/data/reusables/security-configurations/enable-security-features-with-gh-config.md +++ b/data/reusables/security-configurations/enable-security-features-with-gh-config.md @@ -1 +1 @@ -You can quickly enable security features at scale with a {% data variables.product.prodname_security_configuration %}, a collection of security enablement settings you can apply to repositories in an organization. You can customize {% data variables.product.prodname_AS %} features at the organization level with {% data variables.product.prodname_global_settings %}. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale). +You can quickly enable security features at scale with a {% data variables.product.prodname_security_configuration %}, a collection of security enablement settings you can apply to repositories in an organization. You can customize {% data variables.product.prodname_AS %} features at the organization level with {% data variables.product.prodname_global_settings %}. See [AUTOTITLE](/code-security/concepts/security-at-scale/organization-security). diff --git a/data/reusables/security-configurations/security-features-use-actions.md b/data/reusables/security-configurations/security-features-use-actions.md index 754fd2c00437..c304deb66e41 100644 --- a/data/reusables/security-configurations/security-features-use-actions.md +++ b/data/reusables/security-configurations/security-features-use-actions.md @@ -1,4 +1,4 @@ {% ifversion fpt or ghec %} ->[!NOTE] Some features enabled in {% data variables.product.prodname_security_configurations %} may require Actions minutes to work. {% data variables.product.prodname_dotcom %} will let you know if that's the case when you apply the configuration to a repository. For more information about billing for {% data variables.product.prodname_actions %}, see [AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions). +>[!NOTE] Some features enabled in {% data variables.product.prodname_security_configurations %} may require Actions minutes to work. {% data variables.product.prodname_dotcom %} will let you know if that's the case when you apply the configuration to a repository. For more information about billing for {% data variables.product.prodname_actions %}, see [AUTOTITLE](/billing/concepts/product-billing/github-actions). {% endif %} diff --git a/data/reusables/security-overview/dependabot-filters-link.md b/data/reusables/security-overview/dependabot-filters-link.md index cd17eb12eefb..54da8f73f6b5 100644 --- a/data/reusables/security-overview/dependabot-filters-link.md +++ b/data/reusables/security-overview/dependabot-filters-link.md @@ -1 +1 @@ -See [{% data variables.product.prodname_dependabot %} dashboard view filters](/code-security/security-overview/filtering-alerts-in-security-overview#dependabot-dashboard-view-filters). +See [{% data variables.product.prodname_dependabot %} dashboard view filters](/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/filtering-alerts-in-security-overview#dependabot-dashboard-view-filters). diff --git a/data/reusables/security-overview/enterprise-filters-tip.md b/data/reusables/security-overview/enterprise-filters-tip.md index 9e8d068ff421..161d86d2478a 100644 --- a/data/reusables/security-overview/enterprise-filters-tip.md +++ b/data/reusables/security-overview/enterprise-filters-tip.md @@ -1,2 +1,2 @@ > [!TIP] -> You can use the `owner` filter in the search field to filter the data by organization. {% ifversion ghec %}If you're an owner of an {% data variables.enterprise.prodname_emu_enterprise %}, you can use the `owner-type` filter to filter the data by the type of repository owner, so that you can view data from either organization-owned repositories or user-owned repositories. {% endif %}For more information, see [AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview#repository-owner-name-and-type-filters). +> You can use the `owner` filter in the search field to filter the data by organization. {% ifversion ghec %}If you're an owner of an {% data variables.enterprise.prodname_emu_enterprise %}, you can use the `owner-type` filter to filter the data by the type of repository owner, so that you can view data from either organization-owned repositories or user-owned repositories. {% endif %}For more information, see [AUTOTITLE](/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/filtering-alerts-in-security-overview). diff --git a/data/reusables/security-overview/filter-secret-scanning-metrics.md b/data/reusables/security-overview/filter-secret-scanning-metrics.md index 252f6585829f..82bec81b0101 100644 --- a/data/reusables/security-overview/filter-secret-scanning-metrics.md +++ b/data/reusables/security-overview/filter-secret-scanning-metrics.md @@ -1,3 +1,3 @@ 1. You can use the options at the top of the page to filter the group of repositories that you want to see {% data variables.product.prodname_secret_scanning %} metrics for. * Use the date picker to set the time range that you want to view metrics for. Note that the date used by the date picker corresponds to the date a secret was bypassed on. - * Click in the search box to add further filters on the {% data variables.product.prodname_secret_scanning %} metrics displayed. For more information, see [AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview). + * Click in the search box to add further filters on the {% data variables.product.prodname_secret_scanning %} metrics displayed. For more information, see [AUTOTITLE](/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/filtering-alerts-in-security-overview). diff --git a/data/reusables/security-overview/information-varies-GHAS.md b/data/reusables/security-overview/information-varies-GHAS.md index 06017ca3831e..e21b98550487 100644 --- a/data/reusables/security-overview/information-varies-GHAS.md +++ b/data/reusables/security-overview/information-varies-GHAS.md @@ -1 +1 @@ -The information shown by security overview varies according to your access to repositories and organizations, and according to whether {% data variables.product.prodname_AS %} features are used by those repositories and organizations. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview). +The information shown by security overview varies according to your access to repositories and organizations, and according to whether {% data variables.product.prodname_AS %} features are used by those repositories and organizations. For more information, see [AUTOTITLE](/code-security/concepts/security-at-scale/security-overview). diff --git a/data/reusables/security-overview/security-information-about-actions.md b/data/reusables/security-overview/security-information-about-actions.md index 6ea22b02855a..0caf8c032edd 100644 --- a/data/reusables/security-overview/security-information-about-actions.md +++ b/data/reusables/security-overview/security-information-about-actions.md @@ -1 +1 @@ -If you use {% data variables.product.prodname_actions %}, you can use {% data variables.product.prodname_dotcom %}'s security features to increase the security of your workflows. For more information, see [AUTOTITLE](/actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions). +If you use {% data variables.product.prodname_actions %}, you can use {% data variables.product.prodname_dotcom %}'s security features to increase the security of your workflows. For more information, see [AUTOTITLE](/actions/reference/security/secure-use). diff --git a/data/reusables/security/alert-assignee-mention.md b/data/reusables/security/alert-assignee-mention.md index 487d7690b16d..75ca6dfcbf55 100644 --- a/data/reusables/security/alert-assignee-mention.md +++ b/data/reusables/security/alert-assignee-mention.md @@ -1,5 +1,5 @@ {% ifversion code-secret-alert-assignees %} -In addition, you will receive a notification if someone assigns a {% data variables.product.prodname_code_scanning %} or a {% data variables.product.prodname_secret_scanning %} alert to you, see [Assigning alerts](/code-security/securing-your-organization/fixing-security-alerts-at-scale/about-security-campaigns#assigning-alerts). +In addition, you will receive a notification if someone assigns a {% data variables.product.prodname_code_scanning %} or a {% data variables.product.prodname_secret_scanning %} alert to you, see [Assigning alerts](/code-security/concepts/security-at-scale/about-security-campaigns#assigning-alerts). {% endif %} diff --git a/data/reusables/security/alert-assignee-step.md b/data/reusables/security/alert-assignee-step.md index c1170fb2d0fe..3211ae0096c2 100644 --- a/data/reusables/security/alert-assignee-step.md +++ b/data/reusables/security/alert-assignee-step.md @@ -1,5 +1,5 @@ {% ifversion code-secret-alert-assignees %} -1. Optionally, assign the alert to someone to fix using the **Assignees** control shown on the right, see [Assigning alerts](/code-security/securing-your-organization/fixing-security-alerts-at-scale/about-security-campaigns#assigning-alerts). +1. Optionally, assign the alert to someone to fix using the **Assignees** control shown on the right, see [Assigning alerts](/code-security/concepts/security-at-scale/about-security-campaigns#assigning-alerts). {% endif %} diff --git a/data/reusables/sponsors/accept-legal-terms.md b/data/reusables/sponsors/accept-legal-terms.md index 72c4bfbb19d6..49c96191a68a 100644 --- a/data/reusables/sponsors/accept-legal-terms.md +++ b/data/reusables/sponsors/accept-legal-terms.md @@ -1 +1 @@ -1. Review the [{% data variables.product.prodname_sponsors %} Additional Terms](/free-pro-team@latest/site-policy/github-terms/github-sponsors-additional-terms) and [{% data variables.product.prodname_dotcom %} Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-privacy-statement), then click **Submit**. +1. Review the [{% data variables.product.prodname_sponsors %} Additional Terms](/free-pro-team@latest/site-policy/github-terms/github-sponsors-additional-terms) and [{% data variables.product.prodname_dotcom %} Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-general-privacy-statement), then click **Submit**. diff --git a/data/reusables/support/data-protection-and-privacy.md b/data/reusables/support/data-protection-and-privacy.md index 604a51859ed2..cd5699892c02 100644 --- a/data/reusables/support/data-protection-and-privacy.md +++ b/data/reusables/support/data-protection-and-privacy.md @@ -1 +1 @@ -When you use {% data variables.product.prodname_dotcom %}'s support offerings, the terms of your Agreement, the [GitHub Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-privacy-statement), and the [GitHub Data Protection Agreement](/free-pro-team@latest/site-policy/privacy-policies) apply. By Agreement, we mean your main agreement with us — i.e. the [GitHub Corporate Terms of Service](/free-pro-team@latest/site-policy/github-terms/github-corporate-terms-of-service), the [GitHub Customer Agreement](https://github.com/customer-terms), or your [Microsoft volume licensing agreement](/free-pro-team@latest/site-policy/site-policy-deprecated/github-supplemental-terms-for-microsoft-volume-licensing). +When you use {% data variables.product.prodname_dotcom %}'s support offerings, the terms of your Agreement, the [GitHub Privacy Statement](/free-pro-team@latest/site-policy/privacy-policies/github-general-privacy-statement), and the [GitHub Data Protection Agreement](/free-pro-team@latest/site-policy/privacy-policies) apply. By Agreement, we mean your main agreement with us — i.e. the [GitHub Corporate Terms of Service](/free-pro-team@latest/site-policy/github-terms/github-corporate-terms-of-service), the [GitHub Customer Agreement](https://github.com/customer-terms), or your [Microsoft volume licensing agreement](/free-pro-team@latest/site-policy/site-policy-deprecated/github-supplemental-terms-for-microsoft-volume-licensing). diff --git a/data/reusables/support/enterprise-comment-on-support-tickets.md b/data/reusables/support/enterprise-comment-on-support-tickets.md index 86bbab54ca52..e19c1a2b6496 100644 --- a/data/reusables/support/enterprise-comment-on-support-tickets.md +++ b/data/reusables/support/enterprise-comment-on-support-tickets.md @@ -3,4 +3,4 @@ To comment on a ticket associated with your enterprise account that was opened b * An email address associated with your {% data variables.product.prodname_dotcom %} account is copied on the ticket * Your enterprise on {% data variables.product.prodname_ghe_cloud %} has a verified domain and the person who opened the ticket selected their verified-domain email -For more information about verifying a domain, see [AUTOTITLE](/enterprise-cloud@latest/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise) and [AUTOTITLE](/enterprise-cloud@latest/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization). +For more information about verifying a domain, see [AUTOTITLE](/enterprise-cloud@latest/admin/configuring-settings/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise) and [AUTOTITLE](/enterprise-cloud@latest/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization). diff --git a/data/reusables/support/entitlements-note.md b/data/reusables/support/entitlements-note.md index 5e6fdcea118a..63aed65f7739 100644 --- a/data/reusables/support/entitlements-note.md +++ b/data/reusables/support/entitlements-note.md @@ -1,2 +1,2 @@ > [!NOTE] -> You must have an enterprise support entitlement to view tickets associated with an organization or enterprise account. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/user-management/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise). +> You must have an enterprise support entitlement to view tickets associated with an organization or enterprise account. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise). diff --git a/data/reusables/two_fa/ghes_ntp.md b/data/reusables/two_fa/ghes_ntp.md index 4ae17c1109a1..5ab22f828f31 100644 --- a/data/reusables/two_fa/ghes_ntp.md +++ b/data/reusables/two_fa/ghes_ntp.md @@ -1 +1 @@ -{% ifversion ghes %}The verification of two-factor authentication codes requires an accurate time on both the client's device and server. Site administrators should ensure time synchronization is configured and accurate. For more information, see [AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-time-synchronization).{% endif %} +{% ifversion ghes %}The verification of two-factor authentication codes requires an accurate time on both the client's device and server. Site administrators should ensure time synchronization is configured and accurate. For more information, see [AUTOTITLE](/admin/configuring-settings/configuring-network-settings/configuring-time-synchronization).{% endif %} diff --git a/data/reusables/two_fa/unlink-email-address.md b/data/reusables/two_fa/unlink-email-address.md index 13c528b6b657..fa7c0437fcc7 100644 --- a/data/reusables/two_fa/unlink-email-address.md +++ b/data/reusables/two_fa/unlink-email-address.md @@ -1 +1 @@ -If you cannot use any recovery methods, you have permanently lost access to your account. However, you can unlink an email address tied to the locked account. The unlinked email address can then be linked to a new or existing account. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account). +If you cannot use any recovery methods, you have permanently lost access to your account. However, you can unlink an email address tied to the locked account. The unlinked email address can then be linked to a new or existing account. For more information, see [AUTOTITLE](/account-and-profile/how-tos/account-management/unlinking-your-email-address-from-a-locked-account). diff --git a/data/reusables/user-settings/add_and_verify_email.md b/data/reusables/user-settings/add_and_verify_email.md index c8cc27c5886a..a3c843de708c 100644 --- a/data/reusables/user-settings/add_and_verify_email.md +++ b/data/reusables/user-settings/add_and_verify_email.md @@ -1,2 +1,2 @@ 1. In "Add email address", type your email address and click **Add**.{% ifversion fpt or ghec %} -1. [Verify your email address](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address).{% endif %} +1. [Verify your email address](/account-and-profile/how-tos/email-preferences/verifying-your-email-address).{% endif %} diff --git a/data/reusables/user-settings/edit_marketplace_listing.md b/data/reusables/user-settings/edit_marketplace_listing.md index 47f7af623533..ce1570fcdcf5 100644 --- a/data/reusables/user-settings/edit_marketplace_listing.md +++ b/data/reusables/user-settings/edit_marketplace_listing.md @@ -1 +1 @@ -1. On the app settings landing page, scroll down to the Marketplace section and click **List in Marketplace**. If you already have a Marketplace draft listing, click **Edit Marketplace listing**. The Marketplace section is only visible if you allowed your app to be installed by any user or organization when registering the app. For more information, see the list of [Marketplace requirements](/apps/publishing-apps-to-github-marketplace/creating-apps-for-github-marketplace/requirements-for-listing-an-app). +1. On the app settings landing page, scroll down to the Marketplace section and click **List in Marketplace**. If you already have a Marketplace draft listing, click **Edit Marketplace listing**. The Marketplace section is only visible if you allowed your app to be installed by any user or organization when registering the app. For more information, see the list of [Marketplace requirements](/apps/github-marketplace/creating-apps-for-github-marketplace/requirements-for-listing-an-app). diff --git a/data/reusables/user-settings/imports-api-classic-pat-only.md b/data/reusables/user-settings/imports-api-classic-pat-only.md index 1f2febf223f3..bff8a8e2733b 100644 --- a/data/reusables/user-settings/imports-api-classic-pat-only.md +++ b/data/reusables/user-settings/imports-api-classic-pat-only.md @@ -1,2 +1,2 @@ > [!NOTE] -> These endpoints only support authentication using a {% data variables.product.pat_v1 %}. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). +> These endpoints only support authentication using a {% data variables.product.pat_v1 %}. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens). diff --git a/data/reusables/user-settings/link_email_with_your_account.md b/data/reusables/user-settings/link_email_with_your_account.md index 1be8d1fa6a62..aa8a86c46cb9 100644 --- a/data/reusables/user-settings/link_email_with_your_account.md +++ b/data/reusables/user-settings/link_email_with_your_account.md @@ -1 +1 @@ -Add the email address to your account on {% data variables.product.github %}, so that your commits are attributed to you and appear in your contributions graph. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account). +Add the email address to your account on {% data variables.product.github %}, so that your commits are attributed to you and appear in your contributions graph. For more information, see [AUTOTITLE](/account-and-profile/how-tos/email-preferences/adding-an-email-address-to-your-github-account). diff --git a/data/reusables/user-settings/no-verification-disposable-emails.md b/data/reusables/user-settings/no-verification-disposable-emails.md index 584cf640713a..9d537bd6d067 100644 --- a/data/reusables/user-settings/no-verification-disposable-emails.md +++ b/data/reusables/user-settings/no-verification-disposable-emails.md @@ -1 +1 @@ -You cannot verify email addresses from disposable email address services (services that allow you to receive email at a temporary address that expires after a certain time). If you'd like to keep your email address private, you can use a {% data variables.product.prodname_dotcom %}-provided `noreply` email address. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address#setting-your-commit-email-address-on-github). +You cannot verify email addresses from disposable email address services (services that allow you to receive email at a temporary address that expires after a certain time). If you'd like to keep your email address private, you can use a {% data variables.product.prodname_dotcom %}-provided `noreply` email address. For more information, see [AUTOTITLE](/account-and-profile/how-tos/email-preferences/setting-your-commit-email-address#setting-your-commit-email-address-on-github). diff --git a/data/reusables/user-settings/notifications-api-classic-pat-only.md b/data/reusables/user-settings/notifications-api-classic-pat-only.md index 1f2febf223f3..bff8a8e2733b 100644 --- a/data/reusables/user-settings/notifications-api-classic-pat-only.md +++ b/data/reusables/user-settings/notifications-api-classic-pat-only.md @@ -1,2 +1,2 @@ > [!NOTE] -> These endpoints only support authentication using a {% data variables.product.pat_v1 %}. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). +> These endpoints only support authentication using a {% data variables.product.pat_v1 %}. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens). diff --git a/data/reusables/user-settings/password-authentication-deprecation.md b/data/reusables/user-settings/password-authentication-deprecation.md index 055b57f67113..9af938894033 100644 --- a/data/reusables/user-settings/password-authentication-deprecation.md +++ b/data/reusables/user-settings/password-authentication-deprecation.md @@ -1 +1 @@ -When Git prompts you for your password, enter your {% data variables.product.pat_generic %}. Alternatively, you can use a credential helper like [Git Credential Manager](https://github.com/GitCredentialManager/git-credential-manager/blob/main/README.md). Password-based authentication for Git has been removed in favor of more secure authentication methods. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). +When Git prompts you for your password, enter your {% data variables.product.pat_generic %}. Alternatively, you can use a credential helper like [Git Credential Manager](https://github.com/GitCredentialManager/git-credential-manager/blob/main/README.md). Password-based authentication for Git has been removed in favor of more secure authentication methods. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens). diff --git a/data/reusables/user-settings/patv2-limitations.md b/data/reusables/user-settings/patv2-limitations.md index bb2532b82fb2..7534e6d97817 100644 --- a/data/reusables/user-settings/patv2-limitations.md +++ b/data/reusables/user-settings/patv2-limitations.md @@ -4,4 +4,4 @@ * Only {% data variables.product.pat_v1_plural %} automatically have write access for internal repositories that are owned by your enterprise. {% data variables.product.pat_v2_caps %}s must be granted access to internal repositories.{% endif %} * Outside collaborators can only use {% data variables.product.pat_v1_plural %} to access organization repositories that they are a collaborator on.{% ifversion ghec or ghes %} * Only {% data variables.product.pat_v1_plural %} can access enterprises. ({% data variables.product.pat_v2_caps %} can access organizations owned by enterprises.){% endif %} -* A few REST API endpoints are only available with a {% data variables.product.pat_v1_plural %}. To check whether an endpoint also supports {% data variables.product.pat_v2 %}s, see the documentation for that endpoint, or see [AUTOTITLE](/rest/overview/endpoints-available-for-fine-grained-personal-access-tokens). +* A few REST API endpoints are only available with a {% data variables.product.pat_v1_plural %}. To check whether an endpoint also supports {% data variables.product.pat_v2 %}s, see the documentation for that endpoint, or see [AUTOTITLE](/rest/authentication/endpoints-available-for-fine-grained-personal-access-tokens). diff --git a/data/reusables/user-settings/review_oauth_tokens_tip.md b/data/reusables/user-settings/review_oauth_tokens_tip.md index 60c11ce92074..eb0430a44907 100644 --- a/data/reusables/user-settings/review_oauth_tokens_tip.md +++ b/data/reusables/user-settings/review_oauth_tokens_tip.md @@ -1 +1 @@ -We recommend that you regularly review your authorized integrations. Remove any applications and tokens that haven't been used in a while. For more information, see [AUTOTITLE](/apps/oauth-apps/using-oauth-apps/reviewing-your-authorized-applications-oauth). +We recommend that you regularly review your authorized integrations. Remove any applications and tokens that haven't been used in a while. For more information, see [AUTOTITLE](/apps/oauth-apps/using-oauth-apps/reviewing-your-authorized-oauth-apps). diff --git a/data/reusables/user-settings/user-api.md b/data/reusables/user-settings/user-api.md index 359ab2db663c..cc9ffe3decbe 100644 --- a/data/reusables/user-settings/user-api.md +++ b/data/reusables/user-settings/user-api.md @@ -1,2 +1,2 @@ -If a request URL does not include a `{username}` parameter then the response will be for the signed-in user (and you must pass [authentication information](/rest/overview/authenticating-to-the-rest-api) with your request). Additional private information, such as whether a user has two-factor authentication enabled, is included when authenticated through{% ifversion ghes %} Basic Authentication or{% endif %} OAuth with the `user` scope. +If a request URL does not include a `{username}` parameter then the response will be for the signed-in user (and you must pass [authentication information](/rest/authentication/authenticating-to-the-rest-api) with your request). Additional private information, such as whether a user has two-factor authentication enabled, is included when authenticated through{% ifversion ghes %} Basic Authentication or{% endif %} OAuth with the `user` scope. diff --git a/data/reusables/webhooks/content_type_and_secret.md b/data/reusables/webhooks/content_type_and_secret.md index 8874fa023778..163a9865c7e5 100644 --- a/data/reusables/webhooks/content_type_and_secret.md +++ b/data/reusables/webhooks/content_type_and_secret.md @@ -1,4 +1,4 @@ 1. Optionally, select the **Content type** drop-down menu, and click a data format to receive the webhook payload in. * **application/json** will deliver the JSON payload directly as the body of the `POST` request. * **application/x-www-form-urlencoded** will send the JSON payload as a form parameter called `payload`. -1. Optionally, under "Secret", type a string to use as a `secret` key. You should choose a random string of text with high entropy. You can use the webhook secret to limit incoming requests to only those originating from {% data variables.product.prodname_dotcom %}. For more information, see [AUTOTITLE](/webhooks/using-webhooks/securing-your-webhooks). +1. Optionally, under "Secret", type a string to use as a `secret` key. You should choose a random string of text with high entropy. You can use the webhook secret to limit incoming requests to only those originating from {% data variables.product.prodname_dotcom %}. For more information, see [AUTOTITLE](/webhooks/using-webhooks/validating-webhook-deliveries). diff --git a/data/reusables/webhooks/secret.md b/data/reusables/webhooks/secret.md index 4854e5ff04c0..50ed794bed68 100644 --- a/data/reusables/webhooks/secret.md +++ b/data/reusables/webhooks/secret.md @@ -1 +1 @@ -Setting a webhook secret allows you to ensure that `POST` requests sent to the payload URL are from {% data variables.product.github %}. When you set a secret, you'll receive the `X-Hub-Signature` and `X-Hub-Signature-256` headers in the webhook `POST` request. For more information on how to use a secret with a signature header to secure your webhook payloads, see [AUTOTITLE](/webhooks-and-events/webhooks/securing-your-webhooks). +Setting a webhook secret allows you to ensure that `POST` requests sent to the payload URL are from {% data variables.product.github %}. When you set a secret, you'll receive the `X-Hub-Signature` and `X-Hub-Signature-256` headers in the webhook `POST` request. For more information on how to use a secret with a signature header to secure your webhook payloads, see [AUTOTITLE](/webhooks/using-webhooks/validating-webhook-deliveries). diff --git a/data/variables/copilot.yml b/data/variables/copilot.yml index 8fafc44eff7c..0927d81df734 100644 --- a/data/variables/copilot.yml +++ b/data/variables/copilot.yml @@ -259,8 +259,8 @@ copilot_workspace_pr_short: 'Copilot Workspace for PRs' copilot_workspace: 'Copilot Workspace' copilot_workspace_short: 'Workspace' -# BYOK -copilot_byok_supported_features: '{% data variables.copilot.copilot_chat_short %}, {% data variables.copilot.copilot_cli_short %}, and {% data variables.product.prodname_vscode_shortname %}' +# Enterprise and organization BYOK (not local BYOK) +copilot_byok_supported_features: '{% data variables.copilot.copilot_chat_short %}, {% data variables.copilot.copilot_cli_short %}, and IDEs' ## File for enterprise client management managed_setting_file: 'managed-settings.json' diff --git a/src/frame/components/article/ViewMarkdownButton.module.scss b/src/frame/components/article/ViewMarkdownButton.module.scss index f0749ee45e86..cc7e032eb6e1 100644 --- a/src/frame/components/article/ViewMarkdownButton.module.scss +++ b/src/frame/components/article/ViewMarkdownButton.module.scss @@ -4,3 +4,24 @@ background-color: transparent; cursor: pointer; } + +.copyButton { + // Brand Button defaults to a 12px gap, a 16px leading-visual icon, and lets + // the label wrap. The narrow TOC column can't fit that, so tighten the + // icon/text spacing, shrink the icon back to the pre-migration 12px, and keep + // the label on a single line. Scoped to the copy button so the sibling + // dropdown's 16px triangle icon is left untouched. + gap: 4px; + white-space: nowrap; + + svg { + height: 12px; + width: 12px; + } + + // The brand Button renders its label through an internal Text component fixed + // at 14px; drop it to 12px to match the compact pre-migration button. + [class*="Button--label"] { + font-size: 12px; + } +} diff --git a/src/frame/components/article/ViewMarkdownButton.tsx b/src/frame/components/article/ViewMarkdownButton.tsx index f42f25bf13f1..8339a9c6b342 100644 --- a/src/frame/components/article/ViewMarkdownButton.tsx +++ b/src/frame/components/article/ViewMarkdownButton.tsx @@ -7,7 +7,8 @@ import { LinkExternalIcon, TriangleDownIcon, } from '@primer/octicons-react' -import { ActionList, ActionMenu, Button, ButtonGroup, VisuallyHidden } from '@primer/react' +import { ActionList, ActionMenu, ButtonGroup, VisuallyHidden } from '@primer/react' +import { Button } from '@primer/react-brand' import { announce } from '@primer/live-region-element' import { MARKDOWN_SOURCE_MENU_EVENT_GROUP } from '@/events/components/event-groups' import { sendEvent } from '@/events/components/events' @@ -87,18 +88,14 @@ export const CopyMarkdownMenu = ({ currentPath }: CopyMarkdownMenuProps) => {
diff --git a/src/landings/components/CookBookFilter.tsx b/src/landings/components/CookBookFilter.tsx index 35d63211a738..63a1acc652b0 100644 --- a/src/landings/components/CookBookFilter.tsx +++ b/src/landings/components/CookBookFilter.tsx @@ -1,4 +1,5 @@ -import { TextInput, ActionMenu, ActionList, Button } from '@primer/react' +import { TextInput, ActionMenu, ActionList } from '@primer/react' +import { Button } from '@primer/react-brand' import { SearchIcon } from '@primer/octicons-react' import { useRef, useEffect, useState, type ChangeEvent } from 'react' import { ArticleCardItems } from '@/landings/types' @@ -148,7 +149,13 @@ export const CookBookFilter = ({ )} -
diff --git a/src/secret-scanning/components/SecretScanningTable.tsx b/src/secret-scanning/components/SecretScanningTable.tsx index 6395fcb3c6e6..5a3745aa6c56 100644 --- a/src/secret-scanning/components/SecretScanningTable.tsx +++ b/src/secret-scanning/components/SecretScanningTable.tsx @@ -1,7 +1,7 @@ import React, { useState, useMemo, useEffect, useRef, useCallback } from 'react' import { DataTable, Table } from '@primer/react/experimental' -import { TextInput, ActionMenu, ActionList, Button } from '@primer/react' -import { Pagination } from '@primer/react-brand' +import { TextInput, ActionMenu, ActionList } from '@primer/react' +import { Pagination, Button } from '@primer/react-brand' import debounce from 'lodash/debounce' import { useTranslation } from '@/languages/components/useTranslation' import { sendEvent } from '@/events/components/events' @@ -199,7 +199,7 @@ export function SecretScanningTable({ data }: { data: SecretScanningData[] }) { /> {hasActiveFilters && (