Merge branch 'main' into enc-secrets-steps-update

Author: thispsj

assets/images/help/codespaces/CSV-usage-report.png

@@ -30,16 +30,12 @@ The nameservers you specify must resolve {% data variables.product.product_locat
 
 {% data reusables.enterprise_installation.ssh-into-instance %}
 
-2. To edit your nameservers, enter:
+2. To edit your nameservers, use the `ghe-setup-network` command in visual mode. For more information, see "[Command-line utilities](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-setup-network)."
 
   ```shell
-  sudo vim /etc/resolvconf/resolv.conf.d/head
+  ghe-setup-network -v
   ```
 
-{% data reusables.enterprise_installation.preventing-nameservers-change %}
-
-3. Append any `nameserver` entries, then save the file.
-4. After verifying your changes, save the file.
 5. To add your new nameserver entries to {% data variables.product.product_location %}, run the following:
 
   ```shell

assets/images/help/codespaces/exported-codespace-secret.png

@@ -343,6 +343,18 @@ With `ghe-set-password`, you can set a new password to authenticate into the [{%
 ghe-set-password <new_password>
 ```
 
+### ghe-setup-network
+
+This utility allows you to configure the primary network interface.
+
+To enter visual mode, which will guide you through configuration of network settings:
+
+```shell
+$ ghe-setup-network -v
+```
+
+Use the -h flag for additional options.
+
 ### ghe-ssh-check-host-keys
 
 This utility checks the existing SSH host keys against the list of known leaked SSH host keys.

assets/images/help/repository/repo-actions-settings.png

@@ -22,6 +22,9 @@ Organization owners and billing managers can view {% data variables.product.prod
 {% data reusables.organizations.billing-settings %}
 {% data reusables.dotcom_billing.codespaces-minutes %}
 {% data reusables.dotcom_billing.actions-packages-report-download-org-account %}
+1. Filter the report to show only rows that mention "Codespaces" in the `Product` field.
+
+   ![A usage report filtered for Codespaces](/assets/images/help/codespaces/CSV-usage-report.png)
 
 {% ifversion ghec %}
 ## Viewing {% data variables.product.prodname_codespaces %} usage for your enterprise account

content/admin/configuration/configuring-network-settings/configuring-dns-nameservers.md

@@ -476,7 +476,8 @@ on: pull_request_target
 
 permissions:
   contents: write
-
+  pull-requests: write
+  
 jobs:
   dependabot:
     runs-on: ubuntu-latest
@@ -507,6 +508,7 @@ on: pull_request
 
 permissions:
   contents: write
+  pull-requests: write
 
 jobs:
   dependabot:

content/admin/configuration/configuring-your-enterprise/command-line-utilities.md

@@ -82,6 +82,22 @@ You can update the value of an existing secret, and you can change which reposit
 1. Read the warning, then click **OK**.
   ![Confirmation to delete secret](/assets/images/help/settings/codespaces-secret-delete-warning.png)
 
+## Using secrets
+
+A secret is exported as an environment variable into the user's terminal session.
+
+  ![Displaying the value of an exported secret in the terminal](/assets/images/help/codespaces/exported-codespace-secret.png)
+
+You can use secrets in a codespace after the codespace is built and is running. For example, a secret can be used:
+
+* When launching an application from the integrated terminal or ssh session.
+* Within a dev container lifecycle script that is run after the codespace is running. For more information about dev container lifecycle scripts, see the documentation on containers.dev: [Specification](https://containers.dev/implementors/json_reference/#lifecycle-scripts).
+
+Codespace secrets cannot be used during:
+
+* Codespace build time (that is, within a Dockerfile or custom entry point).
+* Within a dev container feature. For more information, see the `features` attribute in the documentation on containers.dev: [Specification](https://containers.dev/implementors/json_reference/#general-properties).
+
 ## Further reading
 
 - "[Managing encrypted secrets for your repository and organization for {% data variables.product.prodname_github_codespaces %}](/codespaces/managing-codespaces-for-your-organization/managing-encrypted-secrets-for-your-repository-and-organization-for-github-codespaces)"

content/billing/managing-billing-for-github-codespaces/viewing-your-github-codespaces-usage.md

@@ -42,7 +42,7 @@ Name | Description
 -----|-----------|{% ifversion not ghae %}
 **`(no scope)`** | Grants read-only access to public information (including user profile info, repository info, and gists){% endif %}{% ifversion ghes or ghae %}
 **`site_admin`** | Grants site administrators access to [{% data variables.product.prodname_ghe_server %} Administration API endpoints](/rest/reference/enterprise-admin).{% endif %}
-**`repo`** | Grants full access to repositories, including private repositories. That includes read/write access to code, commit statuses, repository and organization projects, invitations, collaborators, adding team memberships, deployment statuses, and repository webhooks for repositories and organizations. Also grants ability to manage user projects.
+**`repo`** | Grants full access to public{% ifversion ghec or ghes or ghae %}, internal,{% endif %} and private repositories including read and write access to code, commit statuses, repository invitations, collaborators, deployment statuses, and repository webhooks. **Note**: In addition to repository related resources, the `repo` scope also grants access to manage organization-owned resources including projects, invitations, team memberships and webhooks. This scope also grants the ability to manage projects owned by users.
  `repo:status`| Grants read/write access to commit statuses in {% ifversion fpt %}public and private{% elsif ghec or ghes %}public, private, and internal{% elsif ghae %}private and internal{% endif %} repositories. This scope is only necessary to grant other users or services access to private repository commit statuses *without* granting access to the code.
  `repo_deployment`| Grants access to [deployment statuses](/rest/reference/repos#deployments) for {% ifversion not ghae %}public{% else %}internal{% endif %} and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, *without* granting access to the code.{% ifversion not ghae %}
  `public_repo`| Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories.{% endif %}

content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md

@@ -16,11 +16,7 @@ topics:
   - Pull requests
 ---
 
-{% warning %}
-
-**Warning:** If you attach a file to a pull request or issue comment, anyone can view the anonymized URL without authentication, even if the pull request is in a private repository{% ifversion ghes %}, or if private mode is enabled{% endif %}. To keep sensitive media files private, serve them from a private network or server that requires authentication. {% ifversion fpt or ghec %}For more information on anonymized URLs see "[About anonymized URLs](/github/authenticating-to-github/about-anonymized-urls)".{% endif %}
-
-{% endwarning %}
+{% data reusables.repositories.anyone-can-view-anonymized-url %}
 
 To attach a file to an issue or pull request conversation, drag and drop it into the comment box. Alternatively, you can click the bar at the bottom of the comment box to browse, select, and add a file from your computer.