From eddcfd798ebbd338b08d23496bd6b948db144f55 Mon Sep 17 00:00:00 2001 From: mc <42146119+mchammer01@users.noreply.github.com> Date: Thu, 16 Jan 2025 12:03:04 +0000 Subject: [PATCH] Hack week 2025: remove unneeded FBV instances (10) - Enterprise (#53952) Co-authored-by: Felicity Chapman --- .../command-line-utilities.md | 4 ++-- .../about-the-management-console.md | 6 +++--- .../managing-access-to-the-management-console.md | 10 +--------- ...oubleshooting-access-to-the-management-console.md | 10 +--------- ...he-container-registry-from-the-docker-registry.md | 2 +- .../installing-github-enterprise-server-on-azure.md | 2 +- .../customizing-user-messages-for-your-enterprise.md | 9 --------- .../about-the-audit-log-for-your-enterprise.md | 2 +- .../configuring-the-audit-log-for-your-enterprise.md | 8 -------- content/packages/index.md | 4 ++-- .../about-permissions-for-github-packages.md | 2 +- ...he-container-registry-from-the-docker-registry.md | 12 +++++------- .../about-branches.md | 2 +- .../managing-a-branch-protection-rule.md | 2 +- content/rest/enterprise-admin/manage-ghes.md | 4 ---- content/rest/enterprise-admin/management-console.md | 8 ++------ .../new-instance-attack-vector-warning.md | 2 +- .../new-instance-config-summary.md | 2 +- .../type-management-console-password.md | 4 ---- .../unlocking-management-console-with-shell.md | 2 +- .../management-console-access.md | 2 +- .../organizations/additional-permissions.md | 2 -- .../required-reviews-for-prs-summary.md | 2 +- .../reusables/repositories/repo-rules-permissions.md | 2 +- 24 files changed, 28 insertions(+), 77 deletions(-) diff --git a/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md b/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md index ad977dc00dc3..f4950e63333f 100644 --- a/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md +++ b/content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md @@ -282,7 +282,7 @@ ghe-org-admin-promote -a ### ghe-reactivate-admin-login -Use this command to immediately unlock the {% data variables.enterprise.management_console %} after {% ifversion enterprise-authentication-rate-limits %}an account lockout. To configure authentication policies for {% data variables.location.product_location %}, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-rate-limits#configuring-authentication-policy-rate-limits).{% else %}10 failed login attempts in the span of 10 minutes.{% endif %} +Use this command to immediately unlock the {% data variables.enterprise.management_console %} after an account lockout. To configure authentication policies for {% data variables.location.product_location %}, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-rate-limits#configuring-authentication-policy-rate-limits). ```shell ghe-reactivate-admin-login @@ -376,7 +376,7 @@ inactive ### ghe-set-password -This utility allows you to set a new {% ifversion enterprise-management-console-multi-user-auth %}root site administrator {% endif %}password for authentication to the {% data variables.enterprise.management_console %}. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-access-to-the-management-console). +This utility allows you to set a new root site administrator password for authentication to the {% data variables.enterprise.management_console %}. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-access-to-the-management-console). ```shell ghe-set-password diff --git a/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/about-the-management-console.md b/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/about-the-management-console.md index 6e446b66e8cb..6726adc88574 100644 --- a/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/about-the-management-console.md +++ b/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/about-the-management-console.md @@ -20,7 +20,7 @@ The {% data variables.enterprise.management_console %} allows you to manage the You can always reach the {% data variables.enterprise.management_console %} using {% data variables.location.product_location %}'s IP address, even when the instance is in maintenance mode, or there is a critical application failure or hostname or SSL misconfiguration. -To access the {% data variables.enterprise.management_console %}, {% ifversion enterprise-management-console-multi-user-auth %}you can use the root site administrator password established during initial setup of {% data variables.location.product_location %} or log in as a {% data variables.enterprise.management_console %} user. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/accessing-the-management-console). {% else %}you must use the administrator password established during initial setup of {% data variables.location.product_location %}. {% endif %}You must also be able to connect to the virtual machine host on port 8443. If you're having trouble reaching the {% data variables.enterprise.management_console %}, please check intermediate firewall and security group configurations. +To access the {% data variables.enterprise.management_console %}, you can use the root site administrator password established during initial setup of {% data variables.location.product_location %} or log in as a {% data variables.enterprise.management_console %} user. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/accessing-the-management-console). You must also be able to connect to the virtual machine host on port 8443. If you're having trouble reaching the {% data variables.enterprise.management_console %}, please check intermediate firewall and security group configurations. The {% data variables.enterprise.management_console %} password hash is stored in `/data/user/common/secrets.conf`. If high availability or clustering is configured, the file is automatically synced from the primary node to any additional nodes. Any change to the primary's password will automatically be replicated to all of the instance's nodes. For more information about high availability, see [AUTOTITLE](/admin/enterprise-management/configuring-high-availability/about-high-availability-configuration). @@ -35,10 +35,10 @@ When someone performs an action in the {% data variables.enterprise.management_c In the {% data variables.enterprise.management_console %}, you can perform administrative tasks for {% data variables.location.product_location %}, including: * **Initial setup:** Walk through the initial setup process when first launching {% data variables.location.product_location %} by visiting {% data variables.location.product_location %}'s IP address in your browser. -{%- ifversion enterprise-management-console-multi-user-auth %} + * **Identity and access management:** Improve the security of {% data variables.location.product_location %} by creating dedicated user accounts for the {% data variables.enterprise.management_console %}. {% ifversion management-console-editor %}The root site administrator account can control these user accounts' access by assigning either the editor or operator role. {% endif %}For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console).{% ifversion management-console-editor %} {% data reusables.enterprise.editor-role-note %}{% endif %} -{%- endif %} + * **Configuring authentication policies for the {% data variables.enterprise.management_console %}:** Set rate limits for login attempts, and the lockout duration if someone exceeds the rate limit. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#configuring-rate-limits-for-authentication-to-the-management-console). * **Configuring basic settings for your instance:** Configure DNS, hostname, SSL, user authentication, email, monitoring services, and log forwarding on the Settings page. * **Scheduling maintenance windows:** Take {% data variables.location.product_location %} offline while performing maintenance using the {% data variables.enterprise.management_console %} or administrative shell. diff --git a/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-access-to-the-management-console.md b/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-access-to-the-management-console.md index 605b41f3d099..a459e558a786 100644 --- a/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-access-to-the-management-console.md +++ b/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-access-to-the-management-console.md @@ -1,7 +1,7 @@ --- title: Managing access to the Management Console shortTitle: Manage Management Console access -intro: '{% ifversion enterprise-management-console-multi-user-auth %}You can increase the security of {% data variables.location.product_location %} by creating or deleting {% data variables.enterprise.management_console %} users. As the root site administrator, you {% else %}You {% endif %}can access the {% data variables.enterprise.management_console %} as well as configure {% data variables.enterprise.management_console %} authentication rate limits.' +intro: 'You can increase the security of {% data variables.location.product_location %} by creating or deleting {% data variables.enterprise.management_console %} users. As the root site administrator, you can access the {% data variables.enterprise.management_console %} as well as configure {% data variables.enterprise.management_console %} authentication rate limits.' redirect_from: - /admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console versions: @@ -18,8 +18,6 @@ topics: {% ifversion ghes-manage-api-cli-extension %}You can also use the `gh es` {% data variables.product.prodname_cli %} extension to manage the root site administrator password, which controls access to the Management Console. For more information, see the [GH ES CLI usage documentation](https://github.com/github/gh-es/blob/main/USAGE.md#gh-es-access-set-password) and [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/administering-your-instance-using-the-github-cli).{% endif %} -{% ifversion enterprise-management-console-multi-user-auth %} - ## Types of {% data variables.enterprise.management_console %} accounts There are two types of user accounts for the {% data variables.enterprise.management_console %} on a {% data variables.product.product_name %} instance. The root site administrator account authenticates with a password established during the initial setup of {% data variables.location.product_location %}. @@ -72,10 +70,6 @@ If you have not configured email notifications for {% data variables.location.pr 1. To copy the invitation link, click {% octicon "link" aria-label="Copy invitation link" %} on any {% data variables.enterprise.management_console %} user account. 1. Send the invitation link to the {% data variables.enterprise.management_console %} user. The invitation link will lead the user through the final account setup steps. -{% endif %} - -{% ifversion enterprise-authentication-rate-limits %} - ## Configuring rate limits for authentication to the {% data variables.enterprise.management_console %} You can configure the lockout time and login attempt limits for the {% data variables.enterprise.management_console %}. @@ -87,5 +81,3 @@ After you configure rate limits and a {% data variables.enterprise.management_co 1. Optionally, under "Lockout time for Management Console users", type a number of minutes to lock the {% data variables.enterprise.management_console %} after too many failed login attempts. When locked out, the root site administrator must be manually unlocked. 1. Optionally, under "Login attempt limit for all users", type a maximum number of failed login attempts to allow before the {% data variables.enterprise.management_console %} is locked. {% data reusables.enterprise_management_console.save-settings %} - -{% endif %} diff --git a/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/troubleshooting-access-to-the-management-console.md b/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/troubleshooting-access-to-the-management-console.md index 037b2f72d61b..3465436aa712 100644 --- a/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/troubleshooting-access-to-the-management-console.md +++ b/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/troubleshooting-access-to-the-management-console.md @@ -20,18 +20,12 @@ If you experience problems accessing the Management Console, you can try the fol ## Unlocking the {% data variables.enterprise.management_console %} after failed login attempts -The {% data variables.enterprise.management_console %} locks after {% ifversion enterprise-authentication-rate-limits %}the number of failed login attempts configured by your authentication policies. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#configuring-rate-limits-for-authentication-to-the-management-console).{% else %}ten failed login attempts are made in the span of ten minutes. You must wait for the login screen to automatically unlock before attempting to log in again. The login screen automatically unlocks as soon as the previous ten minute period contains fewer than ten failed login attempts. The counter resets after a successful login occurs.{% endif %} - -{% ifversion enterprise-management-console-multi-user-auth %} +The {% data variables.enterprise.management_console %} locks after the number of failed login attempts configured by your authentication policies. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#configuring-rate-limits-for-authentication-to-the-management-console). ### Unlocking the root site administrator account -{% endif %} - {% data reusables.enterprise_management_console.unlocking-management-console-with-shell %} -{% ifversion enterprise-management-console-multi-user-auth %} - ### Unlocking a {% data variables.enterprise.management_console %} user account The root site administrator can unlock access to the {% data variables.enterprise.management_console %} for other user accounts. @@ -40,8 +34,6 @@ The root site administrator can unlock access to the {% data variables.enterpris {% data reusables.enterprise_site_admin_settings.click-user-management %} 1. Locked user accounts will appear as "State: blocked". To unblock the user and allow authentication, to the right of the user's details, click {% octicon "law" aria-label="Unblock user" %}. -{%- endif %} - ## Troubleshooting failed connections to the {% data variables.enterprise.management_console %} If you cannot connect to the {% data variables.enterprise.management_console %} on {% data variables.location.product_location %}, you can review the following information to troubleshoot the problem. diff --git a/content/admin/configuring-packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md b/content/admin/configuring-packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md index c881ff868719..bafc6c793841 100644 --- a/content/admin/configuring-packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md +++ b/content/admin/configuring-packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md @@ -4,7 +4,7 @@ intro: 'You can migrate Docker images previously stored in the Docker registry o product: '{% data reusables.gated-features.packages %}' permissions: 'Enterprise owners can migrate Docker images to the {% data variables.product.prodname_container_registry %}.' versions: - feature: docker-ghcr-enterprise-migration + ghes: '*' shortTitle: Migrate to Container registry topics: - Containers diff --git a/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md index 2b8a43ab6054..c7fcdfe199fd 100644 --- a/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md +++ b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md @@ -77,7 +77,7 @@ Before launching {% data variables.location.product_location %} on Azure, you'll ## Configuring the {% data variables.product.prodname_ghe_server %} virtual machine -To configure the instance, you must confirm the instance's status, upload a license file, set the {% ifversion enterprise-management-console-multi-user-auth %}root {% endif %} {% data variables.enterprise.management_console %} password, configure the instance's settings, and restart the instance. +To configure the instance, you must confirm the instance's status, upload a license file, set the root {% data variables.enterprise.management_console %} password, configure the instance's settings, and restart the instance. {% data reusables.enterprise_installation.new-instance-attack-vector-warning %} diff --git a/content/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md b/content/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md index a5a8ae021345..8b83db5667b0 100644 --- a/content/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md @@ -84,21 +84,12 @@ If you include Markdown checkboxes in the message, all checkboxes must be select Each time a user sees a mandatory message, an audit log event is created. The event includes the version of the message that the user saw. For more information see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise). -{% ifversion display-mandatory-message-again %} {% else %} - -> [!NOTE] -> If you change the mandatory message for {% data variables.location.product_location %}, users who have already acknowledged the message will not see the new message. - -{% endif %} - {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} {% data reusables.enterprise-accounts.messages-tab %} 1. To the right of "Mandatory message", click **Add mandatory message**. 1. Under "Mandatory message", in the text box, type your message. -{%- ifversion display-mandatory-message-again %} 1. Optionally, select **Show updated message to all users even if they dismissed the previous one**. - {% endif %} {% data reusables.enterprise_site_admin_settings.message-preview-save %} {% endif %} diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md index d0287b74020d..0f48748aae96 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md +++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md @@ -44,7 +44,7 @@ As an enterprise owner{% ifversion ghes %} or site administrator{% endif %}, you * You can view the audit log for your enterprise. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise). * You can search the audit log for specific events{% ifversion ghec %} and export audit log data{% endif %}. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise){% ifversion ghec %} and [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise){% endif %}.{% ifversion token-audit-log %} * You can identify all events that were performed by a specific access token. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token).{% endif %}{% ifversion ghes %} -* You can configure settings, such as the retention period for audit log events{% ifversion enable-git-events %} and whether Git events are included{% endif %}. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise).{% endif %} +* You can configure settings, such as the retention period for audit log events and whether Git events are included. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise).{% endif %} {%- ifversion enterprise-audit-log-ip-addresses %} * You can display the IP address associated with events in the audit log. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise). {%- endif %} diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise.md index efc6cec325e0..739c2241c71e 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise.md +++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise.md @@ -16,9 +16,7 @@ topics: You can configure a retention period for audit log data and see index storage details. -{% ifversion enable-git-events %} After you configure a retention period, you can enable or disable Git-related events from appearing in the audit log. -{% endif %} ## Configuring a retention period for audit log data @@ -31,15 +29,11 @@ You can configure a retention period for audit log data for {% data variables.lo 1. Under "Configure audit log retention settings", select the dropdown menu and click a retention period. 1. Click **Save**. -{% ifversion enable-git-events %} - ## Managing Git events in the audit log You can enable or disable Git-related events, such as `git.clone` and `git.push`, from appearing in your audit log. For a list of the Git events are logged, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#git). -{% ifversion ghes %} If you do enable Git events, due to the large number of Git events that are logged, we recommend monitoring your instance's file storage and reviewing your related alert configurations. For more information, see [AUTOTITLE](/admin/enterprise-management/monitoring-your-appliance/recommended-alert-thresholds#monitoring-storage). -{% endif %} Before you can enable Git events in the audit log, you must configure a retention period for audit log data other than "infinite." For more information, see [Configuring a retention period for audit log data](#configuring-a-retention-period-for-audit-log-data). @@ -56,5 +50,3 @@ Before you can enable Git events in the audit log, you must configure a retentio ![Screenshot of the audit log. The checkbox to enable Git events in the audit log is highlighted with an orange outline.](/assets/images/help/enterprises/enable-git-events-checkbox.png) 1. Click **Save**. - -{% endif %} diff --git a/content/packages/index.md b/content/packages/index.md index 83a912082e79..1d364c104fdc 100644 --- a/content/packages/index.md +++ b/content/packages/index.md @@ -12,11 +12,11 @@ featuredLinks: - /packages/learn-github-packages/installing-a-package popular: - /packages/working-with-a-github-packages-registry/working-with-the-npm-registry - - '{% ifversion docker-ghcr-enterprise-migration %}/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry{% endif %}' + - '{% ifversion ghes %}/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry{% endif %}' - /packages/learn-github-packages - /packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry guideCards: - - '{% ifversion docker-ghcr-enterprise-migration %}/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry{% endif %}' + - '{% ifversion ghes %}/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry{% endif %}' - /packages/working-with-a-github-packages-registry/working-with-the-container-registry - '{% ifversion packages-npm-v2 %}/packages/working-with-a-github-packages-registry/working-with-the-npm-registry{% endif %}' - /packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry diff --git a/content/packages/learn-github-packages/about-permissions-for-github-packages.md b/content/packages/learn-github-packages/about-permissions-for-github-packages.md index cad239bc6a27..d99086095eed 100644 --- a/content/packages/learn-github-packages/about-permissions-for-github-packages.md +++ b/content/packages/learn-github-packages/about-permissions-for-github-packages.md @@ -49,7 +49,7 @@ The following {% data variables.product.prodname_registry %} registries **only** * RubyGems registry {%- endif %} -For {% ifversion ghes %}the {% data variables.product.prodname_container_registry %}{% else %}other registries{% endif %}, you can choose to allow packages to be scoped to a user or an organization, or linked to a repository. {% ifversion docker-ghcr-enterprise-migration %}For information about migration to the {% data variables.product.prodname_container_registry %}, see [AUTOTITLE](/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry).{% endif %} +For {% ifversion ghes %}the {% data variables.product.prodname_container_registry %}{% else %}other registries{% endif %}, you can choose to allow packages to be scoped to a user or an organization, or linked to a repository. {% ifversion ghes %}For information about migration to the {% data variables.product.prodname_container_registry %}, see [AUTOTITLE](/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry).{% endif %} ## Visibility and access permissions for packages diff --git a/content/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry.md b/content/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry.md index e0634257703f..9c277f2eef4f 100644 --- a/content/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry.md +++ b/content/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry.md @@ -1,6 +1,6 @@ --- title: Migrating to the Container registry from the Docker registry -intro: '{% ifversion docker-ghcr-enterprise-migration %}An enterprise owner can{% else %}{% data variables.product.company_short %} will{% endif %} migrate Docker images previously stored in the Docker registry on {% data variables.product.github %} to the {% data variables.product.prodname_container_registry %}.' +intro: '{% ifversion ghes %}An enterprise owner can{% else %}{% data variables.product.company_short %} will{% endif %} migrate Docker images previously stored in the Docker registry on {% data variables.product.github %} to the {% data variables.product.prodname_container_registry %}.' product: '{% data reusables.gated-features.packages %}' redirect_from: - /packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images @@ -9,7 +9,7 @@ redirect_from: versions: fpt: '*' ghec: '*' - feature: docker-ghcr-enterprise-migration + ghes: '*' shortTitle: Migration to Container registry topics: - Containers @@ -25,9 +25,9 @@ topics: ## About migration from the Docker registry -{% data reusables.package_registry.container-registry-replaces-docker-registry %} If you've stored Docker images in the Docker registry, {% ifversion docker-ghcr-enterprise-migration %}an enterprise owner{% else %}{% data variables.product.company_short %}{% endif %} will gradually migrate the images to the {% data variables.product.prodname_container_registry %}. No action is required on your part. +{% data reusables.package_registry.container-registry-replaces-docker-registry %} If you've stored Docker images in the Docker registry, {% ifversion ghes %}an enterprise owner{% else %}{% data variables.product.company_short %}{% endif %} will gradually migrate the images to the {% data variables.product.prodname_container_registry %}. No action is required on your part. -{% ifversion docker-ghcr-enterprise-migration %} +{% ifversion ghes %} > [!NOTE] > {% data reusables.package_registry.container-registry-ghes-migration-availability %} For more information about finding the version of {% data variables.product.product_name %} that you use, see [AUTOTITLE](/get-started/learning-about-github/about-versions-of-github-docs#github-enterprise-server). @@ -53,9 +53,7 @@ After migration, you'll no longer be able to use the GraphQL API to query for pa For more information about billing for the {% data variables.product.prodname_container_registry %}, see [AUTOTITLE](/billing/managing-billing-for-github-packages/about-billing-for-github-packages). -{% endif %} - -{% ifversion docker-ghcr-enterprise-migration %} +{% else %} ## Further reading diff --git a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches.md b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches.md index 2461808b870a..4c1538949aeb 100644 --- a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches.md +++ b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches.md @@ -55,7 +55,7 @@ Now when you merge the `feature2` pull request, it'll be merged into the `main` ## Working with protected branches -Repository administrators {% ifversion edit-repository-rules %}or custom roles with the "edit repository rules" permission {% endif %}can enable protections on a branch. If you're working on a branch that's protected, you won't be able to delete or force push to the branch. Repository administrators can additionally enable several other protected branch settings to enforce various workflows before a branch can be merged. +Repository administrators or custom roles with the "edit repository rules" permission can enable protections on a branch. If you're working on a branch that's protected, you won't be able to delete or force push to the branch. Repository administrators can additionally enable several other protected branch settings to enforce various workflows before a branch can be merged. > [!NOTE] > If you're a repository administrator, you can merge pull requests on branches with branch protections enabled even if the pull request does not meet the requirements, unless branch protections have been set to "Include administrators." diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule.md b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule.md index 2be8383a9b46..696bb3ac0d99 100644 --- a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule.md +++ b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule.md @@ -23,7 +23,7 @@ versions: fpt: '*' ghes: '*' ghec: '*' -permissions: 'People with admin permissions {% ifversion edit-repository-rules %}or a custom role with the "edit repository rules" permission{% endif %} to a repository can manage branch protection rules.' +permissions: 'People with admin permissions or a custom role with the "edit repository rules" permission to a repository can manage branch protection rules.' topics: - Repositories shortTitle: Branch protection rule diff --git a/content/rest/enterprise-admin/manage-ghes.md b/content/rest/enterprise-admin/manage-ghes.md index 9f6fab3d0e49..b30c11b97697 100644 --- a/content/rest/enterprise-admin/manage-ghes.md +++ b/content/rest/enterprise-admin/manage-ghes.md @@ -32,8 +32,6 @@ To authenticate requests to endpoints for the Manage {% data variables.product.p curl -L -u "api_key:ROOT-SITE-ADMINISTRATOR-PASSWORD" 'http(s)://HOSTNAME:ADMINISTRATION-PORT/manage' ``` -{% ifversion enterprise-management-console-multi-user-auth %} - ### Authentication as a {% data variables.enterprise.management_console %} user {% data variables.enterprise.management_console %} user accounts can also authenticate to access these endpoints. For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#management-console-user). @@ -44,8 +42,6 @@ To authenticate with the password for a {% data variables.enterprise.management_ curl -L -u "YOUR_USER_NAME:YOUR_PASSWORD" 'http(s)://HOSTNAME:ADMINISTRATION-PORT/manage' ``` -{% endif %} - ### Query parameters By default, the response includes information from about all configured nodes for the instance. On an instance with multiple nodes, the details originate from `/data/user/common/cluster.conf`. You can use the following query parameters to filter the response for information about specific nodes. diff --git a/content/rest/enterprise-admin/management-console.md b/content/rest/enterprise-admin/management-console.md index 8ec31f43c713..ba5cb868332a 100644 --- a/content/rest/enterprise-admin/management-console.md +++ b/content/rest/enterprise-admin/management-console.md @@ -44,9 +44,9 @@ If you cannot provide a port number, you'll need to configure your tool to autom You may also need to add the [`-k` flag](http://curl.haxx.se/docs/manpage.html#-k) when using `curl`, since {% data variables.product.product_name %} uses a self-signed certificate before you [add your own TLS certificate](/admin/configuration/configuring-network-settings/configuring-tls). -### Authentication {% ifversion enterprise-management-console-multi-user-auth %}as the root site administrator{% endif %} +### Authentication as the root site administrator -You need to pass your [{% ifversion enterprise-management-console-multi-user-auth %}root site administrator{% else %}{% data variables.enterprise.management_console %}{% endif %} password](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console) as an authentication token to every endpoint in this category except [Create a {% data variables.product.github %} license](#create-a-github-license). +You need to pass your [root site administrator password](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console) as an authentication token to every endpoint in this category except [Create a {% data variables.product.github %} license](#create-a-github-license). Use the `api_key` parameter to send this token with each request. For example: @@ -60,8 +60,6 @@ You can also use standard HTTP authentication to send this token. For example: curl -L -u "api_key:YOUR_PASSWORD" 'https://HOSTNAME:ADMIN-PORT/setup/api' ``` -{% ifversion enterprise-management-console-multi-user-auth %} - ### Authentication as a {% data variables.enterprise.management_console %} user [Management Console user accounts](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#management-console-user) can also authenticate to access this endpoint. @@ -72,6 +70,4 @@ To authenticate with the password for a {% data variables.enterprise.management_ curl -L -u "YOUR_USER_NAME:YOUR_PASSWORD" 'https://HOSTNAME:ADMIN-PORT/setup/api' ``` -{% endif %} - diff --git a/data/reusables/enterprise_installation/new-instance-attack-vector-warning.md b/data/reusables/enterprise_installation/new-instance-attack-vector-warning.md index b4e7a8b32e2e..8c6aeb609899 100644 --- a/data/reusables/enterprise_installation/new-instance-attack-vector-warning.md +++ b/data/reusables/enterprise_installation/new-instance-attack-vector-warning.md @@ -1,2 +1,2 @@ > [!WARNING] -> To prevent an attacker from compromising the new instance, ensure that you personally set the {% ifversion enterprise-management-console-multi-user-auth %}root {% endif %}{% data variables.enterprise.management_console %} password and create the first user as soon as possible. +> To prevent an attacker from compromising the new instance, ensure that you personally set the root {% data variables.enterprise.management_console %} password and create the first user as soon as possible. diff --git a/data/reusables/enterprise_installation/new-instance-config-summary.md b/data/reusables/enterprise_installation/new-instance-config-summary.md index 31f0d3a45911..81c5719f4249 100644 --- a/data/reusables/enterprise_installation/new-instance-config-summary.md +++ b/data/reusables/enterprise_installation/new-instance-config-summary.md @@ -1 +1 @@ -To configure the instance, you must upload a license file, set the {% ifversion enterprise-management-console-multi-user-auth %}root {% endif %}{% data variables.enterprise.management_console %} password, configure the instance's settings, and restart the instance. +To configure the instance, you must upload a license file, set the root {% data variables.enterprise.management_console %} password, configure the instance's settings, and restart the instance. diff --git a/data/reusables/enterprise_management_console/type-management-console-password.md b/data/reusables/enterprise_management_console/type-management-console-password.md index 2fb3c67ac288..5646c4e15cc4 100644 --- a/data/reusables/enterprise_management_console/type-management-console-password.md +++ b/data/reusables/enterprise_management_console/type-management-console-password.md @@ -1,6 +1,2 @@ -{%- ifversion enterprise-management-console-multi-user-auth %} 1. If you have created multiple {% data variables.enterprise.management_console %} user accounts, select **Root site admin** or **{% data variables.enterprise.management_console %} user**. For more information about {% data variables.enterprise.management_console %} user accounts see, [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console). 1. Type your {% data variables.enterprise.management_console %} credentials. Then click **Continue**. -{%- else %} -1. If prompted, type your {% data variables.enterprise.management_console %} password. -{%- endif %} diff --git a/data/reusables/enterprise_management_console/unlocking-management-console-with-shell.md b/data/reusables/enterprise_management_console/unlocking-management-console-with-shell.md index de72c870971d..fed3a416b2c9 100644 --- a/data/reusables/enterprise_management_console/unlocking-management-console-with-shell.md +++ b/data/reusables/enterprise_management_console/unlocking-management-console-with-shell.md @@ -1 +1 @@ -If the root site administrator's {% data variables.enterprise.management_console %} login is locked, someone with administrative SSH access must unlock the login. To immediately unlock access to the {% data variables.enterprise.management_console %}{% ifversion enterprise-management-console-multi-user-auth %} by the root site administrator{% endif %}, use the `ghe-reactivate-admin-login` command via the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-reactivate-admin-login) and [AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh). +If the root site administrator's {% data variables.enterprise.management_console %} login is locked, someone with administrative SSH access must unlock the login. To immediately unlock access to the {% data variables.enterprise.management_console %} by the root site administrator, use the `ghe-reactivate-admin-login` command via the administrative shell. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-reactivate-admin-login) and [AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh). diff --git a/data/reusables/enterprise_site_admin_settings/management-console-access.md b/data/reusables/enterprise_site_admin_settings/management-console-access.md index c3209cdf2d3c..a0a1b2fd94f3 100644 --- a/data/reusables/enterprise_site_admin_settings/management-console-access.md +++ b/data/reusables/enterprise_site_admin_settings/management-console-access.md @@ -2,4 +2,4 @@ {% data reusables.enterprise_site_admin_settings.management-console-overview %} For more information, see [AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/about-the-management-console). -You can access the {% data variables.enterprise.management_console %}{% ifversion enterprise-management-console-multi-user-auth %} as the root site administrator or a {% data variables.enterprise.management_console %} user{% endif %}. An administrator created the {% ifversion enterprise-management-console-multi-user-auth %}root site administrator {% endif %}password during the initial setup process for {% data variables.location.product_location %}. +You can access the {% data variables.enterprise.management_console %} as the root site administrator or a {% data variables.enterprise.management_console %} user. An administrator created the root site administrator password during the initial setup process for {% data variables.location.product_location %}. diff --git a/data/reusables/organizations/additional-permissions.md b/data/reusables/organizations/additional-permissions.md index 1c9236d41755..a25e13f98399 100644 --- a/data/reusables/organizations/additional-permissions.md +++ b/data/reusables/organizations/additional-permissions.md @@ -47,9 +47,7 @@ For more information, see [AUTOTITLE](/discussions). * Create protected tags * Delete protected tags * Bypass branch protections -{%- ifversion edit-repository-rules %} * Edit repository rules -{%- endif %} ### Security diff --git a/data/reusables/pull_requests/required-reviews-for-prs-summary.md b/data/reusables/pull_requests/required-reviews-for-prs-summary.md index 42c2ac1f75b9..799dfa30bdd5 100644 --- a/data/reusables/pull_requests/required-reviews-for-prs-summary.md +++ b/data/reusables/pull_requests/required-reviews-for-prs-summary.md @@ -1 +1 @@ -Repository administrators{% ifversion edit-repository-rules %} or custom roles with the "edit repository rules" permission{% endif %} can require that all pull requests receive a specific number of approving reviews before someone merges the pull request into a protected branch. You can require approving reviews from people with write permissions in the repository or from a designated code owner. +Repository administrators or custom roles with the "edit repository rules" permission can require that all pull requests receive a specific number of approving reviews before someone merges the pull request into a protected branch. You can require approving reviews from people with write permissions in the repository or from a designated code owner. diff --git a/data/reusables/repositories/repo-rules-permissions.md b/data/reusables/repositories/repo-rules-permissions.md index d2dc53482c82..a0884e89b26d 100644 --- a/data/reusables/repositories/repo-rules-permissions.md +++ b/data/reusables/repositories/repo-rules-permissions.md @@ -1 +1 @@ -Anyone with read access to a repository can view the repository's rulesets. People with admin access to a repository{% ifversion edit-repository-rules %}, or a custom role with the "edit repository rules" permission,{% endif %} can create, edit, and delete rulesets for a repository{% ifversion fpt %}.{% else %} and view ruleset insights. For more information, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles).{% endif %} +Anyone with read access to a repository can view the repository's rulesets. People with admin access to a repository, or a custom role with the "edit repository rules" permission, can create, edit, and delete rulesets for a repository{% ifversion fpt %}.{% else %} and view ruleset insights. For more information, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles).{% endif %}