From 765aaa2daf65b86af667e6c6050973229ac17f9d Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Mon, 10 Jun 2024 12:01:48 -0400 Subject: [PATCH 1/4] Port `api.js` to TypeScript (#51083) --- src/frame/middleware/{api.js => api.ts} | 15 ++++++++------- src/frame/middleware/index.ts | 2 +- 2 files changed, 9 insertions(+), 8 deletions(-) rename src/frame/middleware/{api.js => api.ts} (72%) diff --git a/src/frame/middleware/api.js b/src/frame/middleware/api.ts similarity index 72% rename from src/frame/middleware/api.js rename to src/frame/middleware/api.ts index e9233d21d5a2..e2e572ea8603 100644 --- a/src/frame/middleware/api.js +++ b/src/frame/middleware/api.ts @@ -1,11 +1,12 @@ import express from 'express' import { createProxyMiddleware } from 'http-proxy-middleware' -import events from '#src/events/middleware.js' -import anchorRedirect from '#src/rest/api/anchor-redirect.js' -import search from '#src/search/middleware/search.js' -import pageInfo from '#src/pageinfo/middleware' -import webhooks from '#src/webhooks/middleware/webhooks.js' +import events from '@/events/middleware.js' +import anchorRedirect from '@/rest/api/anchor-redirect.js' +import search from '@/search/middleware/search.js' +import pageInfo from '@/pageinfo/middleware' +import webhooks from '@/webhooks/middleware/webhooks.js' +import { ExtendedRequest } from '@/types' const router = express.Router() @@ -28,14 +29,14 @@ if (process.env.ELASTICSEARCH_URL) { createProxyMiddleware({ target: 'https://docs.github.com', changeOrigin: true, - pathRewrite: function (path, req) { + pathRewrite: function (path, req: ExtendedRequest) { return req.originalUrl }, }), ) } -router.get('*', (req, res, next) => { +router.get('*', (req, res) => { res.status(404).json({ error: `${req.path} not found` }) }) diff --git a/src/frame/middleware/index.ts b/src/frame/middleware/index.ts index 74801504c3b4..955f2aeeb017 100644 --- a/src/frame/middleware/index.ts +++ b/src/frame/middleware/index.ts @@ -26,7 +26,7 @@ import handleRedirects from '@/redirects/middleware/handle-redirects.js' import findPage from './find-page.js' import blockRobots from './block-robots.js' import archivedEnterpriseVersionsAssets from '@/archives/middleware/archived-enterprise-versions-assets.js' -import api from './api.js' +import api from './api' import healthz from './healthz' import manifestJson from './manifest-json.js' import remoteIP from './remote-ip.js' From 3d37afe8abbd4dd411f0edf7d381ea85839462c8 Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Mon, 10 Jun 2024 12:08:52 -0400 Subject: [PATCH 2/4] Remove ifversion feature 'code-scanning-without-workflow' (#51082) --- ...ql-code-scanning-for-compiled-languages.md | 5 +- ...-for-code-scanning-with-codeql-at-scale.md | 20 ++++---- ...guring-advanced-setup-for-code-scanning.md | 51 +++---------------- .../about-code-scanning.md | 4 -- .../publishing-and-using-codeql-packs.md | 4 -- content/code-security/index.md | 4 +- 6 files changed, 18 insertions(+), 70 deletions(-) diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md index 471a3d1607db..0253254083e2 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md +++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md @@ -3,7 +3,7 @@ title: CodeQL code scanning for compiled languages shortTitle: CodeQL for compiled languages intro: 'Understand how {% data variables.product.prodname_codeql %} analyzes compiled languages, the build options available, and learn how you can customize the database generation process if you need to.' product: '{% data reusables.gated-features.code-scanning %}' -permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_code_scanning %} for that repository by editing a workflow{% ifversion code-scanning-without-workflow %}, when advanced setup is enabled (admin permission is required to change setup){% endif %}.' +permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_code_scanning %} for that repository by editing a workflow, when advanced setup is enabled (admin permission is required to change setup).' redirect_from: - /github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning-for-compiled-languages - /github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-the-codeql-action-for-compiled-languages @@ -394,15 +394,12 @@ The `autobuild` process attempts to autodetect a suitable way to install the dep 1. Finally, if configurations files for these dependency managers are not found, rearrange the repository directory structure suitable for addition to `GOPATH`, and use `go get` to install dependencies. The directory structure reverts to normal after extraction completes. 1. Extract all Go code in the repository, similar to running `go build ./...`. -{% ifversion code-scanning-without-workflow %} - {% note %} **Note:** If you use default setup, it will look for a `go.mod` file to automatically install a compatible version of the Go language.{% ifversion code-scanning-default-setup-self-hosted-310 %} If you're using a self-hosted runner with default setup that doesn't have internet access, you can manually install a compatible version of Go.{% endif %} {% endnote %} -{% endif %} {% endif %} ## Building Java {% ifversion codeql-kotlin-beta %} and Kotlin {% endif %} diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md index 45a4cefb4677..62a83a2ebf0d 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md +++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md @@ -1,7 +1,7 @@ --- -title: Configuring {% ifversion code-scanning-without-workflow %}advanced setup for {% endif %}code scanning with CodeQL at scale -shortTitle: CodeQL {% ifversion code-scanning-without-workflow %}advanced setup{% else %}code scanning{% endif %} at scale -intro: 'You can use a script to configure {% ifversion code-scanning-without-workflow %}advanced setup for {% endif %}{% data variables.product.prodname_code_scanning %} for a specific group of repositories in your organization.' +title: Configuring advanced setup for code scanning with CodeQL at scale +shortTitle: CodeQL advanced setup at scale +intro: 'You can use a script to configure advanced setup for {% data variables.product.prodname_code_scanning %} for a specific group of repositories in your organization.' product: '{% data reusables.gated-features.code-scanning %}' redirect_from: - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale @@ -16,22 +16,20 @@ topics: allowTitleToDifferFromFilename: true --- -## About enabling {% ifversion code-scanning-without-workflow %}advanced setup for {% endif %}{% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} at scale +## About enabling advanced setup for {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} at scale -{% ifversion code-scanning-without-workflow %}If you need to configure a highly customizable {% data variables.product.prodname_code_scanning %} setup for many repositories in your organization, or if repositories in your organization are ineligible for default setup, you can enable {% data variables.product.prodname_code_scanning %} at scale with advanced setup.{% endif %} +If you need to configure a highly customizable {% data variables.product.prodname_code_scanning %} setup for many repositories in your organization, or if repositories in your organization are ineligible for default setup, you can enable {% data variables.product.prodname_code_scanning %} at scale with advanced setup. -To enable {% ifversion code-scanning-without-workflow %}advanced setup{% else %}{% data variables.product.prodname_code_scanning %}{% endif %} across multiple repositories, you can write a bulk configuration script. To successfully execute the script, {% data variables.product.prodname_actions %} must be enabled for the {% ifversion fpt %}organization{% elsif ghec %}organization or enterprise{% elsif ghes %}site{% endif %}. +To enable advanced setup across multiple repositories, you can write a bulk configuration script. To successfully execute the script, {% data variables.product.prodname_actions %} must be enabled for the {% ifversion fpt %}organization{% elsif ghec %}organization or enterprise{% elsif ghes %}site{% endif %}. -{% ifversion code-scanning-without-workflow %} Alternatively, if you do not need granular control over the {% data variables.product.prodname_code_scanning %} configuration for many repositories in your organization, you can quickly and easily configure {% data variables.product.prodname_code_scanning %} at scale with default setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale)." -{% endif %} -## Using a script to enable {% ifversion code-scanning-without-workflow %}advanced setup{% else %}{% data variables.product.prodname_code_scanning %}{% endif %} +## Using a script to enable advanced setup -{% ifversion code-scanning-without-workflow %}For repositories that are not eligible for default setup, you can use a bulk configuration script to enable advanced setup across multiple repositories.{% endif %} +For repositories that are not eligible for default setup, you can use a bulk configuration script to enable advanced setup across multiple repositories. 1. Identify a group of repositories that can be analyzed using the same {% data variables.product.prodname_code_scanning %} configuration. For example, all repositories that build Java artifacts using the production environment. -1. Create and test a {% data variables.product.prodname_actions %} workflow to call the {% data variables.product.prodname_codeql %} action with the appropriate configuration. For more information, see {% ifversion code-scanning-without-workflow %}"[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql)."{% else %}"[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning#configuring-code-scanning-using-the-codeql-action)."{% endif %} +1. Create and test a {% data variables.product.prodname_actions %} workflow to call the {% data variables.product.prodname_codeql %} action with the appropriate configuration. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql)." 1. Use one of the example scripts or create a custom script to add the workflow to each repository in the group. - PowerShell example: [`jhutchings1/Create-ActionsPRs`](https://github.com/jhutchings1/Create-ActionsPRs) repository - NodeJS example: [`nickliffen/ghas-enablement`](https://github.com/NickLiffen/ghas-enablement) repository diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md index b8ec66190083..28f9cf3c6bfa 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md +++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md @@ -1,9 +1,9 @@ --- -title: Configuring {% ifversion code-scanning-without-workflow %}advanced setup for {% endif %}code scanning -shortTitle: Configure {% ifversion code-scanning-without-workflow %}advanced setup{% else %}{% data variables.product.prodname_code_scanning %}{% endif %} -intro: 'You can configure {% ifversion code-scanning-without-workflow %}advanced setup{% else %}{% data variables.product.prodname_code_scanning %}{% endif %} for a repository to find security vulnerabilities in your code{% ifversion code-scanning-without-workflow %} using a highly customizable {% data variables.product.prodname_code_scanning %} configuration{% endif %}.' +title: Configuring advanced setup for code scanning +shortTitle: Configure advanced setup +intro: 'You can configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable {% data variables.product.prodname_code_scanning %} configuration.' product: '{% data reusables.gated-features.code-scanning %}' -permissions: '{% ifversion code-scanning-without-workflow %}People with admin permissions to a repository, or the security manager role for the repository, can enable {% data variables.product.prodname_code_scanning %} for that repository.{% else %}People with write permissions to a repository can enable {% data variables.product.prodname_code_scanning %} for that repository.{% endif %}' +permissions: 'People with admin permissions to a repository, or the security manager role for the repository, can enable {% data variables.product.prodname_code_scanning %} for that repository.' redirect_from: - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning versions: @@ -21,15 +21,10 @@ allowTitleToDifferFromFilename: true {% data reusables.code-scanning.enterprise-enable-code-scanning-actions %} -## About {% ifversion code-scanning-without-workflow %}advanced setup for {% endif %}{% data variables.product.prodname_code_scanning %} +## About advanced setup for {% data variables.product.prodname_code_scanning %} -{% ifversion code-scanning-without-workflow %} Advanced setup for {% data variables.product.prodname_code_scanning %} is helpful when you need to customize your {% data variables.product.prodname_code_scanning %}. By creating and editing a workflow file, you can define how to build compiled languages, choose which queries to run, select the languages to scan, use a matrix build, and more. You also have access to all the options for controlling workflows, for example: changing the scan schedule, defining workflow triggers, specifying specialist runners to use. For more information about {% data variables.product.prodname_actions %} workflows, see "[AUTOTITLE](/actions/using-workflows/about-workflows)." -{% else %} -{% data variables.product.prodname_code_scanning_caps %} helps you catch vulnerabilities in the code in your repository. With {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can select custom or built-in query suites for use in your analysis, set a specific scan schedule, choose which events trigger a scan, and more. -{% endif %} - {% ifversion fpt or ghec %} You can also configure {% data variables.product.prodname_code_scanning %} with third-party tools. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %} using third-party actions](#configuring-code-scanning-using-third-party-actions)." @@ -40,13 +35,11 @@ Your site administrator can also make third-party actions available to users for {% data reusables.code-scanning.about-multiple-configurations-link %} {% data reusables.code-scanning.codeql-action-version-ghes %} -{% ifversion code-scanning-without-workflow %} If you do not need a highly customizable {% data variables.product.prodname_code_scanning %} configuration, consider using default setup for {% data variables.product.prodname_code_scanning %}. For more information on eligibility for default setup, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#requirements-for-using-default-setup)." -{% endif %} ### Prerequisites -Your repository is eligible for {% ifversion code-scanning-without-workflow %}advanced setup{% else %}{% data variables.product.prodname_code_scanning %}{% endif %} if it meets these requirements. +Your repository is eligible for advanced setup if it meets these requirements. - It uses {% data variables.product.prodname_codeql %}-supported languages or you plan to generate code scanning results with a third-party tool. - {% data variables.product.prodname_actions %} are enabled.{% ifversion fpt %} - It is publicly visible.{%- elsif ghec %} @@ -57,8 +50,6 @@ Your repository is eligible for {% ifversion code-scanning-without-workflow %}ad If the server on which you are running {% data variables.product.prodname_ghe_server %} is not connected to the internet, your site administrator can enable {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} by making the {% data variables.product.prodname_codeql %} analysis bundle available on the server. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access)." {% endif %} -{% ifversion code-scanning-without-workflow %} - ## Configuring advanced setup for {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} You can customize your {% data variables.product.prodname_codeql %} analysis by creating and editing a workflow file. Selecting advanced setup generates a basic workflow file for you to customize using standard workflow syntax and specifying options for the {% data variables.product.prodname_codeql %} action. See "[AUTOTITLE](/actions/using-workflows/about-workflows)" and "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)." @@ -104,36 +95,6 @@ In the suggested {% data variables.code-scanning.codeql_workflow %}, {% data var The `on:pull_request` and `on:push` triggers for code scanning are each useful for different purposes. See "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#configuring-frequency)" and [AUTOTITLE](/actions/using-workflows/triggering-a-workflow)." -{% else %} - -## Configuring {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql %} action - -{% data reusables.repositories.navigate-to-repo %} -{% data reusables.repositories.sidebar-security %} -1. To the right of "{% data variables.product.prodname_code_scanning_caps %} alerts", click **Set up {% data variables.product.prodname_code_scanning %}**.{% ifversion ghec or ghes %} If "{% data variables.product.prodname_code_scanning %} alerts" is missing, you need to ask an organization owner or repository administrator to enable {% data variables.product.prodname_GH_advanced_security %}.{% endif %} For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)" or "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)." -1. Under "Get started with {% data variables.product.prodname_code_scanning %}", click **Set up this workflow** on the {% data variables.code-scanning.codeql_workflow %} or on a third-party workflow. - - Workflows are only displayed if they are relevant for the programming languages detected in the repository. The {% data variables.code-scanning.codeql_workflow %} is always displayed, but the "Set up this workflow" button is only enabled if {% data variables.product.prodname_codeql %} analysis supports the languages present in the repository. - -1. To customize how {% data variables.product.prodname_code_scanning %} scans your code, edit the workflow. - - Generally, you can commit the {% data variables.code-scanning.codeql_workflow %} without making any changes to it. However, many of the third-party workflows require additional configuration, so read the comments in the workflow before committing. - - For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages)." - -1. Click **Commit changes...** to display the commit changes form. - - ![Screenshot of the form to create a new file. To the right of the file name, a green button, labeled "Commit changes...", is outlined in dark orange.](/assets/images/help/repository/start-commit-commit-new-file.png) -1. In the commit message field, type a commit message. -1. Choose whether you'd like to commit directly to the default branch, or create a new branch and start a pull request. -1. Click **Commit new file** or **Propose new file**. - -In the suggested {% data variables.code-scanning.codeql_workflow %}, {% data variables.product.prodname_code_scanning %} is configured to analyze your code each time you either push a change to the default branch or any protected branches, or raise a pull request against the default branch. As a result, {% data variables.product.prodname_code_scanning %} will now commence. - -The `on:pull_request` and `on:push` triggers for code scanning are each useful for different purposes. See "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#configuring-frequency)" and [AUTOTITLE](/actions/using-workflows/triggering-a-workflow)." - -{% endif %} - For information on bulk enablement, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale)." {% ifversion fpt or ghec %} diff --git a/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md b/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md index cbdc35271192..efa4c65ba573 100644 --- a/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md +++ b/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md @@ -30,12 +30,8 @@ If {% data variables.product.prodname_code_scanning %} finds a potential vulnera To monitor results from {% data variables.product.prodname_code_scanning %} across your repositories or your organization, you can use webhooks and the {% data variables.product.prodname_code_scanning %} API. For information about the webhooks for {% data variables.product.prodname_code_scanning %}, see "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#code_scanning_alert)." For information about API endpoints, see "[AUTOTITLE](/rest/code-scanning)." -{% ifversion code-scanning-without-workflow %} To get started with {% data variables.product.prodname_code_scanning %}, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)." -{% else %} -To get started with {% data variables.product.prodname_code_scanning %}, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)." -{% endif %} {% ifversion fpt or ghec %} ## About billing for {% data variables.product.prodname_code_scanning %} diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md index 0d53082cbf13..4cb714d12491 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md +++ b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs.md @@ -45,16 +45,12 @@ codeql pack publish The published package will be displayed in the packages section of {% data variables.product.prodname_dotcom %} organization specified by the scope in the `qlpack.yml` file. -{% ifversion code-scanning-without-workflow %} - {% note %} **Note:** If you're publishing model packs to the {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_container_registry %} in order to extend coverage to all repositories in an organization as part of a default setup configuration, then you need to ensure that repositories running code scanning can access those model packs. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup)" and "[AUTOTITLE](/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility)." {% endnote %} -{% endif %} - ## Running `codeql pack download /` To run a pack that someone else has created, you must first download it by running the following command: diff --git a/content/code-security/index.md b/content/code-security/index.md index 3ad409881167..da0ce01abaef 100644 --- a/content/code-security/index.md +++ b/content/code-security/index.md @@ -12,11 +12,11 @@ featuredLinks: - /code-security/getting-started/quickstart-for-securing-your-repository - /code-security/getting-started/quickstart-for-securing-your-organization - '{% ifversion fpt or ghec %}/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory{% endif %}' - - '{% ifversion code-scanning-without-workflow %}/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning{% endif %}' + - '/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning' guideCards: - /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates - /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates - - '{% ifversion code-scanning-without-workflow %}/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning{% endif %}' + - '/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning' - /code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview popular: - '{% ifversion ghes %}/admin/release-notes{% endif %}' From fe047f2726d4c65f13949ea49afba149dd238a7d Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Mon, 10 Jun 2024 12:09:02 -0400 Subject: [PATCH 3/4] Fix formatting of Liquid in table (about-github-premium-support.md) (#51076) --- .../about-github-premium-support.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/support/learning-about-github-support/about-github-premium-support.md b/content/support/learning-about-github-support/about-github-premium-support.md index c657f68476ae..069ba13daa97 100644 --- a/content/support/learning-about-github-support/about-github-premium-support.md +++ b/content/support/learning-about-github-support/about-github-premium-support.md @@ -53,9 +53,9 @@ There are two {% data variables.contact.premium_support %} plans: Premium and Pr Escalation management | For high and urgent priority tickets | For High and Urgent priority tickets Incident management | None | For urgent priority tickets, as needed | Health checks | {% ifversion not ghes %}None{% else %}Unlimited automated health check reports (see "[Generating a health check for your enterprise](/admin/enterprise-management/monitoring-your-appliance/generating-a-health-check-for-your-enterprise)"){% endif %} |
    {% ifversion ghes %}
  • Unlimited automated health check reports. For more information, see "[AUTOTITLE](/admin/enterprise-management/monitoring-your-appliance/generating-a-health-check-for-your-enterprise)")
    • {% endif %}
  • Quarterly enhanced health checks, with findings, interpretations, and recommendations from your CRE (by request)
| -{%- ifversion ghes %} +| {% ifversion ghes %} | | Crisis prevention | None | Yearly participation in guided incident simulations to help you be prepared | -{%- endif %} +| {% endif %} | | Technical advisory hours| None | 12 hours per quarter | | Application upgrade assistance | None | By request | | Cloud planning | None | By request | From 5f28077a79ab63644fbf8dce3c418503269a52ef Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Mon, 10 Jun 2024 12:09:28 -0400 Subject: [PATCH 4/4] Remove ifversion feature 'device-flow-is-opt-in' (#51081) --- .../generating-a-user-access-token-for-a-github-app.md | 6 +++--- .../building-oauth-apps/authorizing-oauth-apps.md | 8 ++------ .../building-oauth-apps/creating-an-oauth-app.md | 3 +-- 3 files changed, 6 insertions(+), 11 deletions(-) diff --git a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md index 99a488ff5c4f..a44644728e97 100644 --- a/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md +++ b/content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md @@ -67,7 +67,7 @@ If your app runs in the browser, you should use the web application flow to gene If your app is headless or does not have access to a browser, you should use the device flow to generate a user access token. For example, CLI tools, simple Raspberry Pis, and desktop applications should use the device flow. For a tutorial that uses device flow, see "[AUTOTITLE](/apps/creating-github-apps/guides/building-a-cli-with-a-github-app)." -{% ifversion device-flow-is-opt-in %}Before you can use the device flow, you must first enable it in your app's settings. For more information on enabling device flow, see "[AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app)." {% endif %} +Before you can use the device flow, you must first enable it in your app's settings. For more information on enabling device flow, see "[AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app)." The device flow uses the OAuth 2.0 Device Authorization Grant. @@ -105,8 +105,8 @@ The device flow uses the OAuth 2.0 Device Authorization Grant. | `unsupported_grant_type` | The grant type must be `urn:ietf:params:oauth:grant-type:device_code` and included as an input parameter when you poll the OAuth token request `POST {% data variables.product.oauth_host_code %}/login/oauth/access_token`. | `incorrect_client_credentials` | For the device flow, you must pass your app's client ID, which you can find on your app settings page. The client ID is different from the app ID and client secret. | `incorrect_device_code` | The `device_code` provided is not valid. - | `access_denied` | When a user clicks cancel during the authorization process, you'll receive an `access_denied` error, and the user won't be able to use the verification code again.{% ifversion device-flow-is-opt-in %} - | `device_flow_disabled` | Device flow has not been enabled in the app's settings. For more information on enabling device flow, see "[AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app)."{% endif %} + | `access_denied` | When a user clicks cancel during the authorization process, you'll receive an `access_denied` error, and the user won't be able to use the verification code again. + | `device_flow_disabled` | Device flow has not been enabled in the app's settings. For more information on enabling device flow, see "[AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app)." 1. Once the user has entered the `user_code`, {% data variables.product.company_short %} will give a response that includes the following query parameters: diff --git a/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md b/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md index 741591621827..f70e88f74377 100644 --- a/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md +++ b/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md @@ -131,12 +131,8 @@ Every time you receive an access token, you should use the token to revalidate t The device flow allows you to authorize users for a headless application, such as a CLI tool or the [Git Credential Manager](https://github.com/git-ecosystem/git-credential-manager). -{% ifversion device-flow-is-opt-in %} - Before you can use the device flow to authorize and identify users, you must first enable it in your app's settings. For more information about enabling the device flow in your app, see "[AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app)" for {% data variables.product.prodname_github_apps %} and "[AUTOTITLE](/apps/oauth-apps/maintaining-oauth-apps/modifying-an-oauth-app)" for {% data variables.product.prodname_oauth_apps %}. -{% endif %} - ### Overview of the device flow 1. Your app requests device and user verification codes and gets the authorization URL where the user will enter the user verification code. @@ -258,8 +254,8 @@ If you make more than one access token request (`POST {% data variables.product. | `unsupported_grant_type` | The grant type must be `urn:ietf:params:oauth:grant-type:device_code` and included as an input parameter when you poll the OAuth token request `POST {% data variables.product.oauth_host_code %}/login/oauth/access_token`. | `incorrect_client_credentials` | For the device flow, you must pass your app's client ID, which you can find on your app settings page. The `client_secret` is not needed for the device flow. | `incorrect_device_code` | The device_code provided is not valid. -| `access_denied` | When a user clicks cancel during the authorization process, you'll receive a `access_denied` error and the user won't be able to use the verification code again.{% ifversion device-flow-is-opt-in %} -| `device_flow_disabled` | Device flow has not been enabled in the app's settings. For more information, see "[Device flow](#device-flow)."{% endif %} +| `access_denied` | When a user clicks cancel during the authorization process, you'll receive a `access_denied` error and the user won't be able to use the verification code again. +| `device_flow_disabled` | Device flow has not been enabled in the app's settings. For more information, see "[Device flow](#device-flow)." For more information, see the "[OAuth 2.0 Device Authorization Grant](https://tools.ietf.org/html/rfc8628#section-3.5)." diff --git a/content/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md b/content/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md index 3291c5ad4750..aefb3edc8569 100644 --- a/content/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md +++ b/content/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app.md @@ -62,8 +62,7 @@ For more information, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/diff **Note:** {% data variables.product.prodname_oauth_apps %} cannot have multiple callback URLs, unlike {% data variables.product.prodname_github_apps %}. {% endnote %} -{% ifversion device-flow-is-opt-in %} -1. If your {% data variables.product.prodname_oauth_app %} will use the device flow to identify and authorize users, click **Enable Device Flow**. For more information about the device flow, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow)."{% endif %} +1. If your {% data variables.product.prodname_oauth_app %} will use the device flow to identify and authorize users, click **Enable Device Flow**. For more information about the device flow, see "[AUTOTITLE](/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow)." 1. Click **Register application**. ## Further reading