Merge branch 'discussions-edits' of github.com:github/docs into discussions-edits

Author: Sharra-writes

.github/workflows/sync-audit-logs.yml

@@ -87,8 +87,8 @@ jobs:
           echo "Creating pull request..."
           gh pr create \
             --title "Update audit log event data" \
-            --body '👋 humans. This PR updates the audit log event data with the latest changes. (Synced from github/audit-log-allowlists)
-
+            --body '👋 Docs First Responder. This PR updates the audit log event data with the latest changes, synced from github/audit-log-allowlists.
+            Make sure the PR builds successfully and there are no gross errors (for example, a file is deleted). You do not need to validate the contents (that is the responsibility of product teams).
             If CI does not pass or other problems arise, contact #docs-engineering on slack.' \
             --repo github/docs-internal \
             --label audit-log-pipeline \

.github/workflows/sync-openapi.yml

@@ -110,6 +110,8 @@ jobs:
             --title "Update OpenAPI Description" \
             --body '👋 humans. This PR updates the OpenAPI description with the latest changes. (Synced from github/rest-api-description@${{ steps.rest-api-description.outputs.OPENAPI_COMMIT_SHA }})
 
+            Docs First Responders should follow [the acting-as-the-first-responder instructions](https://github.com/github/docs-team/blob/main/contributing-to-docs/first-responder/acting-as-the-first-responder.md?plain=1#L156).
+
             If CI does not pass or other problems arise, contact #docs-engineering on slack.' \
             --repo github/docs-internal \
             --label github-openapi-bot \

assets/images/help/dependabot/dependabot-alert-fix-summary.png

@@ -85,6 +85,46 @@ ARC can use {% data variables.product.pat_v1_plural %} to register self-hosted r
 
    {% data reusables.actions.actions-runner-controller-helm-chart-options %}
 
+## Authenticating ARC with a {% data variables.product.pat_v2 %}
+
+ARC can use {% data variables.product.pat_v2_plural %} to register self-hosted runners.
+
+{% ifversion ghec or ghes %}
+
+> [!NOTE]
+> Authenticating ARC with a {% data variables.product.pat_v1 %} is the only supported authentication method to register runners at the enterprise level.
+
+{% endif %}
+
+1. Create a {% data variables.product.pat_v2 %} with the required scopes. The required scopes are different depending on whether you are registering runners at the repository or organization level. For more information on how to create a {% data variables.product.pat_v2 %}, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-fine-grained-personal-access-token).
+
+    The following is the list of required {% data variables.product.pat_generic %} scopes for ARC runners.
+
+    * Repository runners:
+      * **Administration:** Read and write
+
+    * Organization runners:
+      * **Administration:** Read
+      * **Self-hosted runners:** Read and write
+
+1. To create a Kubernetes secret with the value of your {% data variables.product.pat_v2 %}, use the following command.
+
+   {% data reusables.actions.arc-runners-namespace %}
+
+   ```bash copy
+   kubectl create secret generic pre-defined-secret \
+      --namespace=arc-runners \
+      --from-literal=github_token='YOUR-PAT'
+   ```
+
+1. In your copy of the [`values.yaml`](https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set/values.yaml) file, pass the secret name as a reference.
+
+   ```yaml
+   githubConfigSecret: pre-defined-secret
+   ```
+
+   {% data reusables.actions.actions-runner-controller-helm-chart-options %}
+
 ## Authenticating ARC with vault secrets
 
 > [!NOTE]

assets/images/help/dependabot/dependabot-alert-timeline.png

@@ -31,6 +31,5 @@ With private mode enabled, you can allow unauthenticated Git operations (and any
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
-{% data reusables.enterprise_management_console.privacy %}
 1. Select **Private mode**.
 {% data reusables.enterprise_management_console.save-settings %}

assets/images/help/dependabot/dependabot-alert-vulnerability-details.png

@@ -77,6 +77,8 @@ When specifying actions{% ifversion actions-workflow-policy %} and reusable work
    * To allow all actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %} in organizations that start with `space-org`, use `space-org*/*`.
    * To allow all actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %} in repositories that start with octocat, use `*/octocat**@*`.
 
+Policies never restrict access to local actions on the runner filesystem (where the `uses:` path start with `./`).
+
 ## Runners
 
 By default, anyone with admin access to a repository can add a self-hosted runner for the repository, and self-hosted runners come with risks:

content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md

@@ -207,6 +207,9 @@ If your workflow does not contain a matrix called `language`, then {% data varia
     languages: c-cpp, csharp, python
 ```
 
+> [!NOTE]
+> When analyzing languages sequentially, the default build-mode for every language will be used. Alternatively, if you provide an explicit `autobuild` step, then every language that supports the `autobuild` mode will use it while other languages use their default mode. If a more complex build-mode configuration than this is required, then you will need to use a `language` matrix.
+
 ## Defining the alert severities that cause a check failure for a pull request
 
 {% ifversion code-scanning-merge-protection-rulesets %}

content/admin/configuring-settings/hardening-security-for-your-enterprise/enabling-private-mode.md

@@ -79,3 +79,5 @@ To secure our project quickly and easily, let's use {% data variables.copilot.co
 ## Next steps
 
 Now that you've tried out {% data variables.product.prodname_code_scanning %} on a demo repository, **enable it on your own projects** to quickly find and fix current and future vulnerabilities.
+
+Now that you've secured the code you've written yourself, take the next step towards secure code by checking the security of your **dependencies**. See [AUTOTITLE](/get-started/learning-to-code/finding-and-fixing-your-first-dependency-vulnerability).