github
diff --git a/‎assets/images/help/dependabot/dependabot-vnet-active-jobs.png‎
452 KB b/‎assets/images/help/dependabot/dependabot-vnet-active-jobs.png‎
452 KB
diff --git a/‎assets/images/help/dependabot/dependabot-vnet-logs.png‎
391 KB b/‎assets/images/help/dependabot/dependabot-vnet-logs.png‎
391 KB
diff --git a/‎content/actions/hosting-your-own-runners/managing-self-hosted-runners/communicating-with-self-hosted-runners.md‎
Lines changed: 17 additions & 1 deletion b/‎content/actions/hosting-your-own-runners/managing-self-hosted-runners/communicating-with-self-hosted-runners.md‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md‎
Lines changed: 0 additions & 1 deletion b/‎content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎content/admin/data-residency/network-details-for-ghecom.md‎
Lines changed: 35 additions & 25 deletions b/‎content/admin/data-residency/network-details-for-ghecom.md‎
Lines changed: 35 additions & 25 deletions
diff --git a/‎content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md‎
Lines changed: 28 additions & 0 deletions b/‎content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-aws.md‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md‎
Lines changed: 2 additions & 0 deletions b/‎content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎content/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md‎
Lines changed: 3 additions & 3 deletions b/‎content/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎content/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md‎
Lines changed: 1 addition & 1 deletion b/‎content/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md‎
Lines changed: 1 addition & 1 deletion b/‎content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md‎
Lines changed: 1 addition & 1 deletion
@@ -40,7 +40,14 @@ For caching to work, the runner must be able to communicate with the blob storag
 
 You must ensure that the machine has the appropriate network access with at least 70 kilobits per second upload and download speed to communicate with the {% data variables.product.prodname_dotcom %} hosts listed below. Some hosts are required for essential runner operations, while other hosts are only required for certain functionality.
 
-You can use the REST API to get meta information about {% data variables.product.company_short %}, including the IP addresses of {% data variables.product.company_short %} services. See [AUTOTITLE](/rest/meta/meta).
+You can use the REST API to get meta information about {% data variables.product.company_short %}, including the IP addresses and domain details for {% data variables.product.company_short %} services. The `actions_inbound` section of the API supports both fully qualified and wildcard domains. Fully qualified domains specify a complete domain name (e.g., `example.github.com`), while wildcard domains use a `*` to represent multiple possible subdomains (e.g., `*.github.com`). An example of the self-hosted runner requirements using wildcard domains has been listed below. For more information, see [AUTOTITLE](/rest/meta/meta).
+
+```shell copy
+github.com
+*.github.com
+*.githubusercontent.com
+ghcr.io
+```
 
 {% data reusables.actions.domain-name-cname-recursive-firewall-rules %}
 
@@ -71,6 +78,15 @@ codeload.github.com
 pkg.actions.githubusercontent.com
 ```
 
+You can use the REST API to get meta information about {% data variables.product.company_short %}, including the IP addresses and domain details for {% data variables.product.company_short %} services. The `actions_inbound` section of the API supports both fully qualified and wildcard domains. Fully qualified domains specify a complete domain name (e.g., `example.github.com`), while wildcard domains use a `*` to represent multiple possible subdomains (e.g., `*.github.com`). An example of the self-hosted runner requirements using wildcard domains has been listed below. For more information, see [AUTOTITLE](/rest/meta/meta).
+
+```shell copy
+github.com
+*.github.com
+*.githubusercontent.com
+ghcr.io
+```
+
 {% data reusables.actions.domain-name-cname-recursive-firewall-rules %}
 
 {% endif %}
 
@@ -28,7 +28,6 @@ The following features are currently unavailable on {% data variables.enterprise
 | {% data variables.product.prodname_copilot %} Workspaces | Currently unavailable | N/A |
 | {% data variables.product.prodname_copilot_extensions %} | Currently unavailable | [AUTOTITLE](/copilot/using-github-copilot/using-extensions-to-integrate-external-tools-with-copilot-chat) |
 | {% data variables.product.prodname_copilot_short %} Metrics API | Currently unavailable | [AUTOTITLE](/rest/copilot/copilot-metrics) |
-| Interactive maps | Currently can't use GeoJSON/TopoJSON syntax to create interactive maps. | [AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-geojson-and-topojson-maps) |
 | Restricting {% data variables.product.prodname_actions %} policies to verified creators | Currently unavailable | [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#allow-enterprise-and-select-non-enterprise-actions-and-reusable-workflows) |
 | Some features currently in {% data variables.release-phases.public_preview %} or {% data variables.release-phases.private_preview %} | Certain features that are in a preview phase on {% data variables.product.prodname_dotcom_the_website %} may not be available on {% data variables.enterprise.data_residency_site %} | |
 
 
@@ -36,39 +36,34 @@ To access your enterprise on {% data variables.enterprise.data_residency_site %}
 
 These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in the EU.
 
-#### Ranges for egress traffic
-
-* 108.143.221.96/28
-* 20.61.46.32/28
-* 20.224.62.160/28
-* 51.12.252.16/28
-* 74.241.131.48/28
-* 20.240.211.176/28
-
-#### Ranges for ingress traffic
-
-* 108.143.197.176/28
-* 20.123.213.96/28
-* 20.224.46.144/28
-* 20.240.194.240/28
-* 20.240.220.192/28
-* 20.240.211.208/28
+| Ranges for egress traffic | Ranges for ingress traffic |
+|--------------------------|---------------------------|
+| 108.143.221.96/28        | 108.143.197.176/28        |
+| 20.61.46.32/28           | 20.123.213.96/28          |
+| 20.224.62.160/28         | 20.224.46.144/28          |
+| 51.12.252.16/28          | 20.240.194.240/28         |
+| 74.241.131.48/28         | 20.240.220.192/28         |
+| 20.240.211.176/28        | 20.240.211.208/28         |
 
 ### Australia
 
 These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in Australia.
 
-#### Ranges for egress traffic
+| Ranges for egress traffic | Ranges for ingress traffic |
+|--------------------------|---------------------------|
+| 20.5.34.240/28           | 4.237.73.192/28           |
+| 20.5.146.128/28          | 20.5.226.112/28           |
+| 68.218.155.16/28         | 20.248.163.176/28         |
 
-* 20.5.34.240/28
-* 20.5.146.128/28
-* 68.218.155.16/28
+### US
 
-#### Ranges for ingress traffic
+These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in the US.
 
-* 4.237.73.192/28
-* 20.5.226.112/28
-* 20.248.163.176/28
+| Ranges for egress traffic | Ranges for ingress traffic |
+|--------------------------|---------------------------|
+| 20.221.76.128/28         | 74.249.180.192/28         |
+| 135.233.115.208/28       | 48.214.149.96/28          |
+| 20.118.27.192/28         | 172.202.123.176/28        |
 
 ## Supported regions for Azure private networking
 
@@ -90,6 +85,14 @@ If you use Azure private networking for {% data variables.product.company_short
 | arm64 | `australiaeast`, `australiacentral` |
 | GPU | N/A |
 
+### Supported regions in the US
+
+| Runner type | Supported regions |
+| ----------- | ----------------- |
+| x64 | `centralus`, `eastus2`, `westus3` |
+| arm64 | `centralus`, `eastus2`, `westus3` |
+| GPU | `centralus`, `eastus2`, `westus3` |
+
 ## IP ranges for {% data variables.product.prodname_importer_proper_name %}
 
 If you're running a migration to your enterprise with {% data variables.product.prodname_importer_proper_name %}, you may need to add certain ranges to an IP allow list. See [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#configuring-ip-allow-lists-for-migrations).
@@ -134,3 +137,10 @@ You must allow:
 * 20.5.34.240/28
 * 20.5.146.128/28
 * 68.218.155.16/28
+
+### Required in the US
+
+* 130.213.245.128/28
+* 20.171.204.144/28
+* 20.171.204.176/28
+* 4.150.167.192/28
@@ -39,6 +39,34 @@ This guide recommends the principle of least privilege when setting up {% data v
 
 {% data reusables.enterprise_installation.hardware-considerations-all-platforms %}
 
+### Storage volume performance recommendations for AWS
+
+{% data variables.product.prodname_ghe_server %} is I/O intensive and requires high-performance storage for both the root volume and data volume to ensure optimal performance. Both volumes need high IOPS and low latency, as insufficient disk I/O is a common cause of performance degradation and service disruptions.
+
+When selecting Amazon EBS volume types, consider the following guidance:
+
+* For most deployments, `gp3` volumes provide a good starting point with configurable IOPS and throughput
+* For larger or high-activity deployments, `io1` or `io2` volumes may be more appropriate due to their consistent performance characteristics
+* Very large or mission-critical deployments may benefit from `io2 Block Express` for the highest performance levels
+
+> [!IMPORTANT]
+> The optimal storage configuration for your instance will vary significantly based on your specific usage patterns. Factors that increase I/O requirements include:
+>
+> * Number of active users and repositories
+> * CI/CD workload volume and frequency
+> * API usage patterns and automation
+> * Git operation frequency and repository sizes
+>
+> We strongly recommend continuously monitoring your instance's disk performance in the Management Console metrics dashboard. Pay particular attention to:
+>
+> * **Disk queue length**: Should remain near zero.
+> * **I/O utilization**: Sustained periods above 80% indicate need for more IOPS.
+> * **Disk latency**: Should remain below 1-2ms.
+>
+> Be prepared to adjust your storage configuration as your usage patterns evolve. Scale up IOPS allocation proactively if you observe performance bottlenecks to prevent service degradation.
+
+For more information about Amazon EBS volume types, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html#vol-type-ssd) in the AWS documentation.
+
 ## Determining the instance type
 
 Before launching {% data variables.location.product_location %} on AWS, you'll need to determine the machine type that best fits the needs of your organization. To review the minimum recommended requirements for {% data variables.product.prodname_ghe_server %}, see [Minimum recommended requirements](#minimum-recommended-requirements).
 
@@ -176,6 +176,8 @@ To use a partner IdP's application for both authentication and provisioning, rev
 
 If you don't use a partner IdP, or if you only use a partner IdP for authentication, you can manage the lifecycle of user accounts using {% data variables.product.company_short %}'s REST API endpoints for SCIM provisioning. See [AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api).
 
+{% data reusables.emus.mixed-systems-note %}
+
 {% ifversion emu-public-scim-schema %}
 
 {% data reusables.emus.sign-in-as-setup-user %}
 
@@ -57,15 +57,15 @@ When you configure authentication and provisioning for your enterprise, you can
 
 ### Using a partner identity provider
 
-Each partner IdP provides a "paved-path" application, which implements both SSO and user lifecycle management. To simplify configuration, {% data variables.product.company_short %} recommends that you use a partner IdP's application for both authentication and provisioning. For more information and a list of partner IdPs, see {% ifversion ghec %}[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#identity-management-systems).{% else %}[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes#supported-identity-providers).{% endif %}
+Each partner IdP provides a "paved-path" application, which implements both SSO and user lifecycle management. To simplify configuration, {% data variables.product.company_short %} recommends that you use a single partner IdP application for both authentication and provisioning. For more information and a list of partner IdPs, see {% ifversion ghec %}[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#identity-management-systems).{% else %}[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes#supported-identity-providers).{% endif %}
 
 For more information about configuring SCIM provisioning using a partner IdP, see [AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users).
 
 ### Using other identity management systems
 
-If you cannot use a partner IdP for both authentication and provisioning due to migration overhead, licensing costs, or organizational inertia, you can use another identity management system or combination of systems. The systems must provide authentication using SAML and user lifecycle management using SCIM, and must adhere to {% data variables.product.company_short %}'s integration guidelines.
+If you cannot use a single partner IdP for both authentication and provisioning due to migration overhead, licensing costs, or organizational inertia, you can use another identity management system or combination of systems. The systems must provide authentication using SAML and user lifecycle management using SCIM, and must adhere to {% data variables.product.company_short %}'s integration guidelines.
 
-{% data variables.product.company_short %} has not tested integration with every identity management system. While integration with {% ifversion ghec %}{% data variables.product.prodname_emus %}{% else %}{% data variables.product.prodname_ghe_server %}{% endif %} may be possible, {% data variables.product.company_short %}'s support team may not be able to assist you with issues related to these systems. If you need help with an identity management system that's not a partner IdP, or if you use a partner IdP only for SAML authentication, you must consult the system's documentation, support team, or other resources.
+{% data reusables.emus.mixed-systems-note %}
 
 ## Prerequisites
 
 
@@ -65,7 +65,7 @@ If you cannot use a single partner IdP for both authentication and provisioning,
 * Provide **authentication using SAML**, adhering to SAML 2.0 specification
 * Provide **user lifecycle management using SCIM**, adhering to the SCIM 2.0 specification and communicating with {% data variables.product.company_short %}'s REST API (see [AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api))
 
-{% data variables.product.company_short %} does not expressly support mixing and matching partner IdPs for authentication and provisioning and does not test all identity management systems. **{% data variables.product.company_short %}'s support team may not be able to assist you with issues related to mixed or untested systems.** If you need help, you must consult the system's documentation, support team, or other resources.
+{% data reusables.emus.mixed-systems-note %}
 
 ## Usernames and profile information
 
 
@@ -20,7 +20,7 @@ To set up a trial, you must be signed in to a personal account. If you don't hav
 
 <a href="https://github.com/account/enterprises/new?ref_cta=GHEC+trial&ref_loc=setting+up+a+trial+of+github+enterprise+cloud&ref_page=docs" target="_blank" class="btn btn-primary mt-3 mr-3 no-underline"><span>Set up a trial of {% data variables.product.prodname_ghe_cloud %}</span> {% octicon "link-external" height:16 %}</a>
 
->[!IMPORTANT] Your trial enterprise will be hosted in the USA. If you require {% data variables.enterprise.data_residency_short %} outside the USA, contact {% data variables.contact.contact_sales_data_residency %}.
+>[!IMPORTANT] Your trial enterprise will be hosted in the US. If you require {% data variables.enterprise.data_residency_short %} in a specific region, contact {% data variables.contact.contact_sales_data_residency %}.
 
 {% data reusables.enterprise.enterprise-types %}