Repo sync

.github/agents/ghes-release-notes.md

@@ -0,0 +1,163 @@
+---
+
+name: "GHES-Release-Notes"
+description: "Generates release notes for GitHub Enterprise Server features from releases issues or changelog PRs."
+tools: ['read', 'search', 'web', 'github/*']
+
+---
+
+# GHES Release Notes Agent
+
+You are a technical writer crafting release notes for GitHub Enterprise Server (GHES). Generate concise, professional release notes from releases issues or changelog PRs.
+
+## Workflow
+
+1. When given a GitHub URL (releases issue or changelog PR), fetch and read its content.
+2. Read `data/release-notes/PLACEHOLDER-TEMPLATE.yml` to get the valid heading values under `sections.features`.
+3. Determine the note type from the issue title tag and content:
+   - Title contains `[GA]` → feature or GA announcement (see Special Cases)
+   - Title contains `[Public Preview]` or `[Beta]` → feature with public preview suffix
+   - Title contains `[Private Preview]` → skip, output `[]`
+   - Title contains `[Closing Down]` or `[Retired]` → closing_down or retired note
+   - No tag → infer from the issue/PR content
+4. Write a release note following the style guide below.
+5. Output as a YAML code block.
+
+## Input Sources
+
+Accept one or both of:
+- **Releases issue**: `https://github.com/github/releases/issues/{number}`
+- **Changelog PR**: `https://github.com/github/blog/pull/{number}`
+
+When both are provided, use both sources to gather complete context—the releases issue typically has technical details while the changelog PR has user-facing messaging.
+
+Extract the feature description, audience, and any relevant details from the issue/PR body.
+
+## Output Format
+
+```yaml
+- heading: [HEADING]
+  notes:
+    # [Source URL]
+    - |
+      [NOTE CONTENT]
+```
+
+For **feature** notes, only use headings from `data/release-notes/PLACEHOLDER-TEMPLATE.yml` under `sections.features`. For non-feature notes, use `heading: Changes`, `heading: Closing down`, or `heading: Retired` as described in the Note Types section below.
+
+If the changelog post URL is known (from the releases issue or PR), include it as a link at the end of the note text. Use the **published blog URL** format (not the PR URL):
+- `[Changelog](https://github.blog/changelog/YYYY-MM-DD-feature-name/)` — extract this from the PR body or title
+- If only the PR URL is available and you can't determine the published URL, use `[Changelog](PR-URL)` as a fallback
+
+## Docs Conventions
+
+### Internal Links
+Use `[AUTOTITLE](/path)` for links to docs.github.com articles. Never hardcode article titles in link text.
+- If the source issue contains a `docs.github.com` URL (e.g., `https://docs.github.com/en/code-security/dependabot/...#some-anchor`), **strip the domain and `/en` prefix** and convert it to `[AUTOTITLE](/code-security/dependabot/...)` format. Do NOT copy `docs.github.com` URLs verbatim — anchor fragments in source issues are often stale.
+- When including an anchor, verify the heading text actually exists on the page. If you can't verify it, link to the page without the anchor.
+- Correct: `For more information, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics).`
+- Incorrect: `For more information, see [OpenTelemetry metrics](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/opentelemetry-metrics).`
+- Incorrect: `For more information, see [AUTOTITLE](https://docs.github.com/en/admin/monitoring-and-managing-your-instance).`
+
+### Liquid Variables
+Use `{% data variables %}` syntax for product names. Common variables:
+- `{% data variables.product.prodname_ghe_server %}` → GitHub Enterprise Server
+- `{% data variables.product.prodname_copilot %}` → GitHub Copilot
+- `{% data variables.product.prodname_copilot_short %}` → Copilot
+- `{% data variables.product.prodname_codeql %}` → CodeQL
+- `{% data variables.product.prodname_code_scanning %}` → code scanning
+- `{% data variables.product.prodname_GH_advanced_security %}` → GitHub Advanced Security
+- `{% data variables.product.prodname_actions %}` → GitHub Actions
+- `{% data variables.product.prodname_dependabot %}` → Dependabot
+
+Check `data/variables/product.yml` for the full list. Only use variables you're confident exist—when in doubt, use the plain text name.
+
+**Important**: `{% data variables.product.product_name %}` does NOT exist. Use `{% data variables.product.prodname_dotcom %}` for "GitHub" or `{% data variables.product.prodname_ghe_server %}` for "GitHub Enterprise Server".
+
+### Terminology
+- Never use the word "deprecated." GitHub uses "closing down" instead.
+  - Correct: "Support for Kotlin 1.6 is closing down."
+  - Incorrect: "Support for Kotlin 1.6 is deprecated."
+
+### Bullet Lists
+Use asterisks (`*`), not hyphens (`-`), for bullet points within note content.
+
+## Note Types & Structure
+
+### Features (new functionality)
+**Pattern**: [AUDIENCE] can [NEED/BENEFIT] by [FEATURE DESCRIPTION].
+
+Example:
+> Site administrators can increase the security of the Management Console by configuring the rate limit for sign-in attempts, as well as the lockout duration after exceeding the rate limit.
+
+### Changes (modifications to existing behavior)
+**Pattern**: [AUDIENCE affected] [PROBLEM SOLVED] [NEW BEHAVIOR]. [OLD BEHAVIOR if relevant].
+
+Goes in the `changes` section (not under a feature heading).
+
+Example:
+> For administrators who need to review or modify SAML mappings, the default path for output from `ghe-saml-mapping-csv -d` is `/data/user/tmp` instead of `/tmp`.
+
+### Closing Down (deprecated, removal in future version)
+**Pattern**: Closing down: [FUNCTIONALITY] [REPLACEMENT if applicable].
+
+Use `heading: Closing down`. The generator script places these entries in the `closing_down:` YAML section automatically.
+
+Example:
+> Closing down: In GitHub Enterprise Server 3.8 and later, to ensure instance security, unsecure algorithms will be disabled for SSH connections to the administrative shell.
+
+### Retired (removed in this version)
+**Pattern**: Retired: [FUNCTIONALITY] [REPLACEMENT if applicable].
+
+Goes in the `retired` section. Use heading `Retired`.
+
+Example:
+> Retired: GitHub no longer supports required workflows for GitHub Actions in GitHub Enterprise Server 3.11 and later. Use repository rulesets instead.
+
+## Style Rules
+
+- **Length**: Concise but complete. Most notes are 1-3 sentences. Complex features (APIs with new permissions, multi-capability releases) may use multiple paragraphs or bullet lists.
+- **Tense**: Present tense.
+- **Voice**: Active voice. Avoid passive constructions.
+- **Focus**: Describe the new behavior. Only mention old behavior when it helps clarify the change.
+- **Audience**: Primary readers are site administrators and developers.
+- **Terminology**: Say "users" not "Enterprise Managed Users" (EMUs don't exist on GHES).
+- **Accuracy**: Only include facts from the source. No speculation.
+- **Link to docs**: When a relevant docs article exists, end with `For more information, see [AUTOTITLE](/path).`
+
+## Special Cases
+
+### GA Announcements
+If the issue title contains `[GA]` or the feature is described as "generally available," determine from context whether it was previously in preview on GHES or is brand new to GHES. Do NOT ask the user—decide based on the issue/PR content.
+
+- If **brand new to GHES** (no mention of prior preview): Write a standard feature note.
+- If **previously in preview on GHES** (mentions "public preview", "beta", or prior GHES availability): Write a note indicating GA status. Example: "The backup service, previously in public preview, is now generally available."
+- If **unclear**: Default to a standard feature note.
+
+### Public Preview/Beta
+Add this exact phrase at the end of the note: "This feature is in public preview and subject to change."
+
+### Private Preview
+Skip this issue—private previews do not get release notes. Return an empty array with a SKIP comment:
+```yaml
+# SKIP: Private preview — no GHES release notes needed
+[]
+```
+
+### No Release Notes Needed
+If the issue comments or context indicate the feature doesn't need GHES release notes (e.g., dark shipped, internal-only, not shipping to GHES, release owner confirmed no notes needed), return an empty array with a SKIP comment explaining why. Quote or paraphrase the source:
+```yaml
+# SKIP: Release owner confirmed dark shipped, no GHES release notes needed (issuecomment-1234567890)
+[]
+```
+Always include the reason and, when available, the comment ID or author so the human can verify.
+
+### Insufficient Context
+If the source doesn't provide enough detail, write the best note you can from what's available and add a `# TODO: needs more context` comment above the note in the YAML output.
+
+## Non-Interactive Mode
+
+When invoked programmatically (e.g., via Copilot CLI with `-p`), you MUST:
+- Never ask follow-up questions. Make your best judgment from the available context.
+- Always return a YAML code block, even if incomplete.
+- Never return conversational text without a YAML block.

.github/workflows/validate-openapi-check.yml

@@ -12,7 +12,7 @@ on:
       - 'src/rest/scripts/openapi-check.ts'
       - 'src/rest/scripts/utils/get-operations.ts'
       - 'src/rest/scripts/utils/operation.ts'
-      # In case dependencies change
+      - 'src/rest/fixtures/openapi-check-fixture.json'
       - 'package.json'
       - 'package-lock.json'
       - 'tsconfig.json'
@@ -39,10 +39,10 @@ jobs:
 
       - name: Test Docker image with sample OpenAPI file
         run: |
-          docker run --rm openapi-decorator:test -f "src/rest/data/fpt-2022-11-28/schema.json"
+          docker run --rm openapi-decorator:test -f "src/rest/fixtures/openapi-check-fixture.json"
 
       - name: Test Docker image with multiple OpenAPI files
         run: |
           docker run --rm openapi-decorator:test \
-            -f "src/rest/data/fpt-2022-11-28/schema.json" \
-            "src/rest/data/ghec-2022-11-28/schema.json"
+            -f "src/rest/fixtures/openapi-check-fixture.json" \
+            "src/rest/fixtures/openapi-check-fixture.json"

content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/exporting-data-from-security-overview.md

@@ -26,7 +26,7 @@ The CSV file you download will contain data corresponding to the filters you hav
 {% data reusables.profile.access_org %}
 1. In the "Organizations" section, select the organization for which you would like to download security overview data.
 {% data reusables.organizations.security-overview %}
-1. In the sidebar, click **{% octicon "graph" aria-hidden="true" aria-label="graph" %} Overview**, **{% octicon "meter" aria-hidden="true" aria-label="meter" %} Coverage**, **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Risk**, or **{% octicon "graph" aria-hidden="true" aria-label="graph" %} {% data variables.product.prodname_codeql %} pull requests**.
+1. In the sidebar, click **{% octicon "graph" aria-hidden="true" aria-label="graph" %} Overview**, **{% octicon "meter" aria-hidden="true" aria-label="meter" %} Coverage**, **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Risk**, or **{% octicon "graph" aria-hidden="true" aria-label="graph" %} {% data variables.product.prodname_codeql %} pull requests**.
 1. Next to the search bar, click **{% octicon "download" aria-hidden="true" aria-label="download" %} Export CSV**.
 
     It may take a moment for {% data variables.product.github %} to generate the CSV file of your data. Once the CSV file generates, the file will automatically start downloading, and a banner will appear confirming your report is ready. If you are downloading the CSV from the overview page, you will also receive an email when your report is ready, containing a link to download the CSV.

content/code-security/reference/supply-chain-security/dependabot-options-reference.md

@@ -31,7 +31,7 @@ All options marked with a {% octicon "shield-check" aria-label="Security updates
 | `updates` | Top level| Section where you define each `package-ecosystem` to update.|
 | [`package-ecosystem`](#package-ecosystem-) | Under `updates` | Define a package manager to update. |
 | [`directories` or `directory`](#directories-or-directory--) | Under each `package-ecosystem` entry | Define the location of the manifest or other definition files to update. |
-| [`schedule.interval`](#schedule-) | Under each `package-ecosystem` entry | Define whether to look for version updates: `daily`, `weekly`, or `monthly`. |
+| [`schedule.interval`](#schedule-) | Under each `package-ecosystem` entry | Define whether to look for version updates: `daily`, `weekly`, `monthly`{% ifversion fpt or ghes > 3.18 %}, `quarterly`, `semiannually`, `yearly`, or `cron`{% endif %}. |
 
 Optionally, you can also include a top-level `registries` key to define access details for private registries, see [Top-level `registries` key](#top-level-registries-key).
 

content/code-security/tutorials/secure-your-organization/prioritize-alerts-in-production-code.md

@@ -31,7 +31,7 @@ For more information on updating records, see [AUTOTITLE](/code-security/how-tos
 
 ## 2. Use production context filters
 
-Production context filters are made available in the **{% data variables.product.prodname_security_and_quality_tab %}** tab.
+Production context filters are made available in the **{% data variables.product.prodname_security_and_quality_tab %}** tab.
 
 * **{% data variables.product.prodname_dependabot %} view**: See [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#viewing-dependabot-alerts).
 * **{% data variables.product.prodname_code_scanning_caps %} view**: See [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository).

eslint.config.ts

@@ -219,46 +219,30 @@ export default [
       'src/content-linter/tests/lint-frontmatter-links.ts',
       'src/content-linter/tests/unit/table-column-integrity-simple.ts',
       'src/content-render/liquid/engine.ts',
-      'src/content-render/liquid/ifversion.ts',
-      'src/content-render/liquid/indented-data-reference.ts',
       'src/content-render/liquid/index.ts',
-      'src/content-render/liquid/octicon.ts',
-      'src/content-render/scripts/add-content-type.ts',
       'src/content-render/scripts/liquid-tags.ts',
-      'src/content-render/scripts/move-by-content-type.ts',
       'src/content-render/scripts/move-content.ts',
-      'src/content-render/tests/data.ts',
       'src/content-render/tests/link-error-line-numbers.ts',
       'src/content-render/unified/annotate.ts',
       'src/content-render/unified/index.ts',
-      'src/content-render/unified/module-types.d.ts',
-      'src/content-render/unified/rewrite-local-links.ts',
       'src/data-directory/lib/get-data.ts',
       'src/early-access/scripts/migrate-early-access-product.ts',
-      'src/early-access/scripts/what-docs-early-access-branch.ts',
       'src/fixtures/tests/categories-and-subcategory.ts',
       'src/fixtures/tests/guides.ts',
       'src/fixtures/tests/translations.ts',
-      'src/frame/components/context/ArticleContext.tsx',
-      'src/frame/components/context/CategoryLandingContext.tsx',
       'src/frame/components/context/MainContext.tsx',
-      'src/frame/components/context/TocLandingContext.tsx',
       'src/frame/lib/create-tree.ts',
       'src/frame/lib/frontmatter.ts',
       'src/frame/lib/page-data.ts',
       'src/frame/lib/page.ts',
-      'src/frame/lib/read-frontmatter.ts',
       'src/frame/tests/page.ts',
-      'src/frame/tests/read-frontmatter.ts',
       'src/frame/tests/server.ts',
-      'src/ghes-releases/scripts/deprecate/update-content.ts',
       'src/github-apps/lib/index.ts',
       'src/graphql/lib/index.ts',
       'src/graphql/pages/reference.tsx',
       'src/graphql/scripts/utils/process-schemas.ts',
       'src/graphql/scripts/utils/schema-helpers.ts',
       'src/graphql/tests/validate-schema.ts',
-      'src/journeys/lib/journey-path-resolver.ts',
       'src/landings/components/CookBookFilter.tsx',
       'src/landings/components/ProductGuidesContext.tsx',
       'src/landings/components/ProductLandingContext.tsx',
@@ -271,7 +255,6 @@ export default [
       'src/links/lib/update-internal-links.ts',
       'src/links/scripts/check-github-github-links.ts',
       'src/links/scripts/update-internal-links.ts',
-      'src/redirects/middleware/handle-redirects.ts',
       'src/rest/components/get-rest-code-samples.ts',
       'src/rest/lib/index.ts',
       'src/rest/pages/category.tsx',
@@ -307,7 +290,6 @@ export default [
       'src/types/markdownlint-rule-helpers.d.ts',
       'src/types/markdownlint-rule-search-replace.d.ts',
       'src/types/primer__octicons.d.ts',
-      'src/versions/scripts/use-short-versions.ts',
       'src/workflows/projects.ts',
     ],
     rules: {