Merge pull request #37466 from github/repo-sync

Repo sync

Author: docs-bot

assets/images/help/enterprises/select-advanced-security-individual-organization-policy-ghes-316.png

@@ -35,6 +35,22 @@ You can enforce policies to manage the use of security features within organizat
 
 Additionally, you can enforce policies for the use of {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %} in your enterprise's organizations and repositories.
 
+## Enforcing a policy for the availablity of {% data variables.product.prodname_AS %} in your enterprise's organizations
+
+{% data variables.product.github %} bills for {% data variables.product.prodname_AS %} products on a per-committer basis. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#managing-committers-and-costs).
+
+You can enforce a policy that controls whether repository administrators are allowed to enable features for {% data variables.product.prodname_AS %} in an organization's repositories. You can configure a policy for all organizations owned by your enterprise account, or for individual organizations that you choose.
+
+Disallowing {% data variables.product.prodname_GH_cs_or_sp %} for an organization prevents repository administrators from enabling {% data variables.product.prodname_GH_cs_or_sp %} features for additional repositories, but does not disable the features for repositories where the features are already enabled.
+
+{% data reusables.enterprise.role-permission-hierarchy %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
+{% data reusables.enterprise-accounts.advanced-security-organization-policy-drop-down %}
+{% data reusables.enterprise-accounts.advanced-security-individual-organization-policy-drop-down %}
+
 {% ifversion ghec %}
 
 ## Enforcing a policy for visibility of dependency insights
@@ -46,7 +62,7 @@ Across all organizations owned by your enterprise, you can control whether organ
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
-1. Under "Dependency insights", review the information about changing the setting.
+1. In the "Policies" section, under "Dependency insights", review the information about changing the setting.
 1. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
 1. Under "Dependency insights", select the dropdown menu and click a policy.
 
@@ -63,32 +79,26 @@ Across all organizations owned by your enterprise, you can allow members with ad
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
-1. Under "Enable or disable {% data variables.product.prodname_dependabot_alerts %} by repository admins", use the dropdown menu to choose a policy.
+1. In the "Policies" section, under "Enable or disable {% data variables.product.prodname_dependabot_alerts %} by repository admins", use the dropdown menu to choose a policy.
 
 {% endif %}
 
-## Enforcing a policy for the use of {% data variables.product.prodname_GH_advanced_security %} in your enterprise's organizations
+## Enforcing a policy to manage the use of {% data variables.product.prodname_AS %} features in your enterprise's repositories
 
-{% data reusables.advanced-security.about-ghas-organization-policy %}
-
-{% data reusables.enterprise.role-permission-hierarchy %}
+Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage the use of {% data variables.product.prodname_AS %} features in the repositories.
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
-1. In the "{% data variables.product.prodname_GH_advanced_security %} policies" section, under "{% data variables.product.prodname_GH_advanced_security %} availability", select the dropdown menu and click a policy for the organizations owned by your enterprise.
-
-{% data reusables.enterprise-accounts.advanced-security-organization-policy-drop-down %}
-{% data reusables.enterprise-accounts.advanced-security-individual-organization-policy-drop-down %}
-
-## Enforcing a policy to manage the use of {% data variables.product.prodname_GH_advanced_security %} features in your enterprise's repositories
-
-Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage the use of {% data variables.product.prodname_GH_advanced_security %} features in the repositories. {% data reusables.advanced-security.ghas-must-be-enabled %}
+{% ifversion ghas-products %}
+1. In the "Policies" section, under "Repository administrators can enable or disable `PRODUCT`", use the dropdown menu to define whether repository administrators can change the enablement of {% data variables.product.prodname_cs_and_sp %}.
+{% else %}
+1. In the "{% data variables.product.prodname_GHAS %} policies" section, under "Enable or disable {% data variables.product.prodname_GHAS %} by repository admins", select the dropdown menu and click a policy.
+{% endif %}
 
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
-1. In the "{% data variables.product.prodname_GH_advanced_security %} policies" section, under "Enable or disable {% data variables.product.prodname_GH_advanced_security %} by repository admins", select the dropdown menu and click a policy.
+{% ifversion ghas-products %}
+<!--This option is included automatically by the "Repository Admins can Enable or Disable Secret Protection" option, which is why this section is omitted for `ghas-products` versions.-->
+{% else %}
 
 ## Enforcing a policy to manage the use of {% data variables.product.prodname_secret_scanning %} in your enterprise's repositories
 
@@ -99,18 +109,20 @@ Across all of your enterprise's organizations, you can allow or disallow people
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
-1. In the "{% data variables.product.prodname_GH_advanced_security %} policies" section, under "Enable or disable {% data variables.product.prodname_secret_scanning %} by repository admins", select the dropdown menu and click a policy.
+1. In the "Policies" section, under "Enable or disable {% data variables.product.prodname_secret_scanning %} by repository admins", select the dropdown menu and click a policy.
+
+{% endif %}
 
 {% ifversion secret-scanning-ai-generic-secret-detection %}
 
-## Enforcing a policy to manage the use of {% data variables.secret-scanning.generic-secret-detection %} for {% data variables.product.prodname_secret_scanning %} in your enterprise's repositories
+## Enforcing a policy to manage the use of AI detection for {% data variables.product.prodname_secret_scanning %} in your enterprise's repositories
 
-Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage and configure AI detection in {% data variables.product.prodname_secret_scanning %} for the repositories. {% data reusables.advanced-security.ghas-must-be-enabled %}
+Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage and configure AI detection in {% data variables.product.prodname_secret_scanning %} for the repositories. This policy only takes effect if repository administrators are also allowed to change enablement of {% data variables.product.prodname_secret_protection %} (controlled by the "Repository administrators can enable or disable Secret Protection" policy).
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
-1. In the "{% data variables.product.prodname_GH_advanced_security %} policies" section, under "AI detection in {% data variables.product.prodname_secret_scanning %}", select the dropdown menu and click a policy.
+1. In the "Policies" section, under "AI detection in {% data variables.product.prodname_secret_scanning %}", select the dropdown menu and click a policy.
 
 {% endif %}
 
@@ -123,6 +135,6 @@ Across all of your enterprise's organizations, you can allow or disallow people
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
-1. In the "{% data variables.product.prodname_GH_advanced_security %} policies" section, under "{% data variables.product.prodname_copilot_autofix_short %}", select the dropdown menu and click a policy.
+1. In the "Policies" section, under "{% data variables.product.prodname_copilot_autofix_short %}", select the dropdown menu and click a policy.
 
 {% endif %}

assets/images/help/enterprises/select-advanced-security-individual-organization-policy.png

@@ -30,6 +30,47 @@ If you have a {% data variables.product.prodname_copilot_short %} subscription,
     * Executing prompts using a particular model. This is especially useful when you want to use a model that is not currently available in multi-model {% data variables.product.prodname_copilot_chat_short %}.
     * Listing models currently available through {% data variables.product.prodname_github_models %}
 
+## Using AI models with {% data variables.product.prodname_actions %}
+
+You can use the {% data variables.product.prodname_actions %} token (`GITHUB_TOKEN`) to call AI models directly inside your workflows.
+
+### Setting permissions
+
+To use AI models in your workflows, you need to ensure that the `models` permission is enabled in your workflow configuration. This permission allows workflows to access the {% data variables.product.prodname_github_models %} inference API. You can either set this permission itself or use the general `read-all` or `write-all` permissions. See [AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions).
+
+### Writing your workflow file
+
+You can call the inference API directly from your workflow. For instance:
+
+```yaml
+name: Use GitHub Models
+
+on:
+  workflow_dispatch:
+
+permissions:
+  models: read
+
+jobs:
+  call-model:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Call AI model
+      run: |
+         curl -X POST "https://models.inference.ai.azure.com/chat/completions" \
+            -H "Content-Type: application/json" \
+            -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+            -d '{
+               "messages": [
+                  {
+                     "role": "user",
+                     "content": "Explain the concept of recursion."
+                  }
+               ],
+               "model": "gpt-4o"
+            }'
+```
+
 ## Using AI models from the command line
 
 > [!NOTE] The {% data variables.product.prodname_github_models %} extension for {% data variables.product.prodname_cli %} is in {% data variables.release-phases.public_preview %} and is subject to change.

content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md

@@ -8,7 +8,8 @@ permissions:
   contents: read|write|none
   deployments: read|write|none{% ifversion fpt or ghec %}
   id-token: write|none{% endif %}
-  issues: read|write|none
+  issues: read|write|none{% ifversion not ghes %}
+  models: read|none{% endif %}
   discussions: read|write|none
   packages: read|write|none
   pages: read|write|none

content/github-models/integrating-ai-models-into-your-development-workflow.md

@@ -16,6 +16,9 @@ Available permissions and details of what each allows an action to do:
 |  `id-token` | Fetch an OpenID Connect (OIDC) token. This requires `id-token: write`. For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#updating-your-actions-for-oidc) |
 | {% endif %} |
 |  `issues` | Work with issues. For example, `issues: write` permits an action to add a comment to an issue. For more information, see [AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-issues). |
+| {% ifversion not ghes %} |
+|  `models`  | Generate AI inference responses with {% data variables.product.prodname_github_models %}. For example, `models: read` permits an action to use the {% data variables.product.prodname_github_models %} inference API. See [AUTOTITLE](/github-models/prototyping-with-ai-models). |
+| {% endif %} |
 |  `packages` | Work with GitHub Packages. For example, `packages: write` permits an action to upload and publish packages on GitHub Packages. For more information, see [AUTOTITLE](/packages/learn-github-packages/about-permissions-for-github-packages#about-scopes-and-permissions-for-package-registries). |
 |  `pages` | Work with GitHub Pages. For example, `pages: write` permits an action to request a GitHub Pages build. For more information, see [AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-pages). |
 |  `pull-requests` | Work with pull requests. For example, `pull-requests: write` permits an action to add a label to a pull request. For more information, see [AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-pull-requests). |

data/reusables/actions/github-token-available-permissions.md

@@ -1,5 +1,5 @@
-{% data variables.product.company_short %} bills for {% data variables.product.prodname_advanced_security %} on a per-committer basis. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security).
+{% data variables.product.github %} bills for {% data variables.product.prodname_AS %} products on a per-committer basis. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#managing-committers-and-costs).
 
 You can enforce a policy that controls whether repository administrators are allowed to enable features for {% data variables.product.prodname_advanced_security %} in an organization's repositories. You can configure a policy for all organizations owned by your enterprise account, or for individual organizations that you choose.
 
-Disallowing {% data variables.product.prodname_advanced_security %} for an organization prevents repository administrators from enabling {% data variables.product.prodname_advanced_security %} features for additional repositories, but does not disable the features for repositories where the features are already enabled. For more information about configuration of {% data variables.product.prodname_advanced_security %} features, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization) or [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository).
+Disallowing {% data variables.product.prodname_GH_cs_or_sp %} for an organization prevents repository administrators from enabling {% data variables.product.prodname_GH_cs_or_sp %} features for additional repositories, but does not disable the features for repositories where the features are already enabled.

data/reusables/actions/github-token-scope-descriptions.md

@@ -1,3 +1,11 @@
-1. Optionally, if you chose **Allow for selected organizations**, to the right of an organization, select the dropdown menu to enable {% data variables.product.prodname_advanced_security %} for the organization.
+1. Optionally, if you chose **Allow for selected organizations**, to the right of an organization, select the dropdown menu to define which {% data variables.product.prodname_AS %} products are available to the organization.
 
-   ![Screenshot of the dropdown menu to choose a {% data variables.product.prodname_advanced_security %} policy for selected organizations in the enterprise. The dropdown is outlined.](/assets/images/help/enterprises/select-advanced-security-individual-organization-policy.png)
+{% ifversion ghas-products %}
+
+   ![Screenshot of the dropdown menu to choose a {% data variables.product.prodname_AS %} policy for selected organizations in the enterprise. The dropdown is outlined.](/assets/images/help/enterprises/select-advanced-security-individual-organization-policy.png)
+
+{% else %}
+
+   ![Screenshot of the dropdown menu to choose a {% data variables.product.prodname_AS %} policy for selected organizations in the enterprise. The dropdown is outlined.](/assets/images/help/enterprises/select-advanced-security-individual-organization-policy-ghes-316.png)
+
+{% endif %}

data/reusables/advanced-security/about-ghas-organization-policy.md

@@ -1 +1 @@
-1. Under "{% data variables.product.prodname_GH_advanced_security %} availability", select the dropdown menu, then click a policy for the organizations owned by your enterprise.
+1. Under "{% data variables.product.prodname_AS %} availability", select the dropdown menu, then click a policy for the organizations owned by your enterprise.

data/reusables/enterprise-accounts/advanced-security-individual-organization-policy-drop-down.md

@@ -41,7 +41,7 @@ type AISearchResultEventParams = {
   connectedEventId?: string
 }
 
-const MAX_REFERENCES_TO_SHOW = 4
+const MAX_REFERENCES_TO_SHOW = 5
 
 export function AskAIResults({
   query,

data/reusables/enterprise-accounts/advanced-security-organization-policy-drop-down.md

@@ -745,10 +745,7 @@ export function SearchOverlay({
               onClick={async () => {
                 if (await getIsStaff()) {
                   // Hubbers users use an internal discussion for feedback
-                  window.open(
-                    'https://github.com/github/docs-engineering/discussions/5295',
-                    '_blank',
-                  )
+                  window.open('https://github.com/github/docs-team/discussions/5172', '_blank')
                 } else {
                   // TODO: On ship date set this value
                   // window.open('TODO', '_blank')