Merge branch 'main' into patch-1

Author: Sharra-writes

assets/images/help/dependabot/dependabot-vnet-active-jobs.png

@@ -36,39 +36,34 @@ To access your enterprise on {% data variables.enterprise.data_residency_site %}
 
 These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in the EU.
 
-#### Ranges for egress traffic
-
-* 108.143.221.96/28
-* 20.61.46.32/28
-* 20.224.62.160/28
-* 51.12.252.16/28
-* 74.241.131.48/28
-* 20.240.211.176/28
-
-#### Ranges for ingress traffic
-
-* 108.143.197.176/28
-* 20.123.213.96/28
-* 20.224.46.144/28
-* 20.240.194.240/28
-* 20.240.220.192/28
-* 20.240.211.208/28
+| Ranges for egress traffic | Ranges for ingress traffic |
+|--------------------------|---------------------------|
+| 108.143.221.96/28        | 108.143.197.176/28        |
+| 20.61.46.32/28           | 20.123.213.96/28          |
+| 20.224.62.160/28         | 20.224.46.144/28          |
+| 51.12.252.16/28          | 20.240.194.240/28         |
+| 74.241.131.48/28         | 20.240.220.192/28         |
+| 20.240.211.176/28        | 20.240.211.208/28         |
 
 ### Australia
 
 These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in Australia.
 
-#### Ranges for egress traffic
+| Ranges for egress traffic | Ranges for ingress traffic |
+|--------------------------|---------------------------|
+| 20.5.34.240/28           | 4.237.73.192/28           |
+| 20.5.146.128/28          | 20.5.226.112/28           |
+| 68.218.155.16/28         | 20.248.163.176/28         |
 
-* 20.5.34.240/28
-* 20.5.146.128/28
-* 68.218.155.16/28
+### US
 
-#### Ranges for ingress traffic
+These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in the US.
 
-* 4.237.73.192/28
-* 20.5.226.112/28
-* 20.248.163.176/28
+| Ranges for egress traffic | Ranges for ingress traffic |
+|--------------------------|---------------------------|
+| 20.221.76.128/28         | 74.249.180.192/28         |
+| 135.233.115.208/28       | 48.214.149.96/28          |
+| 20.118.27.192/28         | 172.202.123.176/28        |
 
 ## Supported regions for Azure private networking
 
@@ -90,6 +85,14 @@ If you use Azure private networking for {% data variables.product.company_short
 | arm64 | `australiaeast`, `australiacentral` |
 | GPU | N/A |
 
+### Supported regions in the US
+
+| Runner type | Supported regions |
+| ----------- | ----------------- |
+| x64 | `centralus`, `eastus2`, `westus3` |
+| arm64 | `centralus`, `eastus2`, `westus3` |
+| GPU | `centralus`, `eastus2`, `westus3` |
+
 ## IP ranges for {% data variables.product.prodname_importer_proper_name %}
 
 If you're running a migration to your enterprise with {% data variables.product.prodname_importer_proper_name %}, you may need to add certain ranges to an IP allow list. See [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#configuring-ip-allow-lists-for-migrations).
@@ -134,3 +137,10 @@ You must allow:
 * 20.5.34.240/28
 * 20.5.146.128/28
 * 68.218.155.16/28
+
+### Required in the US
+
+* 130.213.245.128/28
+* 20.171.204.144/28
+* 20.171.204.176/28
+* 4.150.167.192/28

assets/images/help/dependabot/dependabot-vnet-logs.png

@@ -20,7 +20,7 @@ To set up a trial, you must be signed in to a personal account. If you don't hav
 
 <a href="https://github.com/account/enterprises/new?ref_cta=GHEC+trial&ref_loc=setting+up+a+trial+of+github+enterprise+cloud&ref_page=docs" target="_blank" class="btn btn-primary mt-3 mr-3 no-underline"><span>Set up a trial of {% data variables.product.prodname_ghe_cloud %}</span> {% octicon "link-external" height:16 %}</a>
 
->[!IMPORTANT] Your trial enterprise will be hosted in the USA. If you require {% data variables.enterprise.data_residency_short %} outside the USA, contact {% data variables.contact.contact_sales_data_residency %}.
+>[!IMPORTANT] Your trial enterprise will be hosted in the US. If you require {% data variables.enterprise.data_residency_short %} in a specific region, contact {% data variables.contact.contact_sales_data_residency %}.
 
 {% data reusables.enterprise.enterprise-types %}
 

content/admin/data-residency/network-details-for-ghecom.md

@@ -116,7 +116,17 @@ You can work with all repositories on {% data variables.product.github %} over H
 
 If you authenticate with {% data variables.product.prodname_cli %}, you can either authenticate with a {% data variables.product.pat_generic %} or via the web browser. For more information about authenticating with {% data variables.product.prodname_cli %}, see [`gh auth login`](https://cli.github.com/manual/gh_auth_login).
 
-If you authenticate without {% data variables.product.prodname_cli %}, you must authenticate with a {% data variables.product.pat_generic %}. {% data reusables.user-settings.password-authentication-deprecation %} Every time you use Git to authenticate with {% data variables.product.github %}, you'll be prompted to enter your credentials, unless you cache them with a [credential helper](/get-started/git-basics/caching-your-github-credentials-in-git).
+If you authenticate without {% data variables.product.prodname_cli %}, {% ifversion fpt or ghec %}you must authenticate with a {% data variables.product.pat_generic %}. {% data reusables.user-settings.password-authentication-deprecation %} Every time you use Git to authenticate with {% data variables.product.github %}, you'll be prompted to enter your credentials, unless you cache them with a [credential helper](/get-started/git-basics/caching-your-github-credentials-in-git).{% elsif ghes %}you can use authentication methods whose availability depend on your IdP.
+
+The table outlines the available authentication methods based on the IdP configured for your instance. Different IdPs may impose specific restrictions or enable certain features, such as disabling password authentication. For more details, see [AUTOTITLE](/admin/authentication).
+
+| IdP | Available authentication methods | More information |
+| :- | :- | :- |
+| SAML | {% data variables.product.pat_generic_caps %} | Password authentication disabled |
+| LDAP | {% data variables.product.pat_generic_caps %} or Username / Password | Password authentication can be disabled by the site administrator |
+| Built-in authentication | {% data variables.product.pat_generic_caps %} or Username / Password | Password authentication cannot be disabled |
+
+{% endif %}
 
 ### SSH
 

content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md

@@ -22,4 +22,5 @@ children:
   - /guidance-for-the-configuration-of-private-registries-for-dependabot
   - /dependabot-options-reference
   - /setting-dependabot-to-run-on-self-hosted-runners-using-arc
+  - /setting-dependabot-to-run-on-github-hosted-runners-using-vnet
 ---

content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md

@@ -0,0 +1,112 @@
+---
+title: Setting up Dependabot to run on github-hosted action runners using the Azure Private Network
+intro: You can configure an Azure Virtual Network (VNET) to run {% data variables.product.prodname_dependabot %} on {% data variables.product.company_short %}-hosted runners.
+versions:
+    feature: dependabot-vnet-support
+permissions: '{% data reusables.permissions.dependabot-various-tasks %}'
+topics:
+  - Repositories
+  - Dependabot
+  - Version updates
+  - Security updates
+  - Dependencies
+  - Pull requests
+allowTitleToDifferFromFilename: true
+shortTitle: Configure VNET
+---
+
+## Configuring VNET for {% data variables.product.prodname_dependabot_updates %}
+
+{% data reusables.dependabot.vnet-support-private-preview-note %}
+
+This article provides step-by-step instructions for running {% data variables.product.prodname_dependabot %} on {% data variables.product.company_short %}-hosted runners configured with VNET. The article explains:
+
+* How to create runner groups for your enterprise or organization with a VNET configuration.
+* How to create {% data variables.product.company_short %}-hosted runners for {% data variables.product.prodname_dependabot %} in the runner group.
+* How to enable {% data variables.product.prodname_dependabot %} on large runners.
+* How to configure Azure VNET firewall IP rules.
+
+To use {% data variables.product.company_short %}-hosted runners with Azure VNET, you first need to configure your Azure resources, then create a private network configuration in {% data variables.product.github %}.
+
+## Configuring Azure resources
+
+To learn how to use {% data variables.product.company_short %}-hosted runners with an Azure private network, see [Configuring your Azure resources](/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise#configuring-your-azure-resources).
+
+> [!NOTE]
+>
+> * The `databaseId` which is required in the script for configuring the Azure resources can refer to any of the following depending on whether you are configuring the resources for an enterprise or an organization:
+> * The enterprise slug, which you can identify by looking at the URL for your enterprise, `https://github.com/enterprises/SLUG`, or
+> * The login for the organization account, which you can identify by looking at the URL for your organization, `https://github.com/organizations/ORGANIZATION_LOGIN`.
+> * The script will return the full payload for the created resource. The `GitHubId` hash value returned in the payload for the created resource is the network settings resource ID you will use in the next steps while setting up a network configuration in  {% data variables.product.github %}
+
+## Configuring a VNET-injected runner for {% data variables.product.prodname_dependabot_updates %} in your enterprise
+
+After configuring your Azure resources, you can use an Azure Virtual Network (VNET) for private networking by creating a network configuration{% ifversion ghec %} at the enterprise or organization level{% else %} at the organization level{% endif %}. Then, you can associate that network configuration to runner groups.
+
+1. Add a new network configuration for your enterprise. See [Add a new network configuration for your enterprise](/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise#1-add-a-new-network-configuration-for-your-enterprise)
+1. Create a runner group for the enterprise and select the organizations that you want to run {% data variables.product.prodname_dependabot_updates %} for. See [Create a runner group for your enterprise](/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise#2-create-a-runner-group-for-your-enterprise)
+1. Create and add a {% data variables.product.company_short %}-hosted runner to the enterprise runner group. See [Adding a larger runner to an enterprise](/actions/using-github-hosted-runners/using-larger-runners/managing-larger-runners#adding-a-larger-runner-to-an-enterprise). Important points are as follows:
+   * The runner name must be **dependabot**
+   * Choose a Linux x64 platform.
+   * Select the suitable Ubuntu version.
+   * When adding your {% data variables.product.company_short %}-hosted runner to a runner group, select the runner group you created in the previous step.
+
+   > [!NOTE]
+   > Naming the {% data variables.product.company_short %}-hosted runner **dependabot** assigns the **dependabot** label to the runner, which enables it to pick up jobs triggered by {% data variables.product.prodname_dependabot %} on actions.
+
+{% ifversion fpt or ghec %}
+
+<!-- This section is currently only valid for dotcom. It'll need reviewing for GHES 3.18 -->
+
+## Enabling {% data variables.product.prodname_dependabot %} for the organization
+
+You now need to enable {% data variables.product.prodname_dependabot %} on _self-hosted runners_ for your organization in order to enable {% data variables.product.prodname_dependabot %} on large runners. See [Enabling or disabling {% data variables.product.prodname_dependabot %} on larger runners](/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners#enabling-or-disabling-dependabot-on-larger-runners).
+
+{% data reusables.profile.access_org %}
+{% data reusables.organizations.org_settings %}
+1. In the "Security" section of the sidebar, select the **{% data variables.product.UI_advanced_security %}** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**.
+1. Under **{% data variables.product.prodname_dependabot %}**, select **{% data variables.product.prodname_dependabot %} on self-hosted runners**. This step is required, as it ensures that future {% data variables.product.prodname_dependabot %} jobs will run on the larger {% data variables.product.company_short %}-hosted runner that has the `dependabot` name.
+
+{% endif %}
+
+## Triggering a {% data variables.product.prodname_dependabot %} run
+
+Now that you've set up private networking with VNET, you can start a {% data variables.product.prodname_dependabot %} run.
+
+{% data reusables.dependabot.trigger-run %}
+
+## Checking logs and active jobs for {% data variables.product.prodname_dependabot_updates %}
+
+* You can view the logs of the {% data variables.product.prodname_dependabot %} workflow in the **Actions** tab of your repository. Ensure you select the {% data variables.product.prodname_dependabot %} job on the left sidebar of the Actions page.
+
+  ![Example of log for a "Dependabot in vnet" workflow. The Dependabot job is highlighted with an orange outline. ](/assets/images/help/dependabot/dependabot-vnet-logs.png)
+
+* You can view the active jobs in the page containing informatuon about the runner. To access that page, click the **Policies** tab for the enterprise, select **Actions** on the left sidebar, click the **Runner group** tab, and select your runner.
+
+  ![Screenshot showing a Dependabot runner's active jobs.](/assets/images/help/dependabot/dependabot-vnet-active-jobs.png)
+
+## Configuring Azure VNET firewall IP rules
+
+If your Azure VNET environment is configured with a firewall with an IP allowlist, you may need to update your list of allowed IP addresses to use the {% data variables.product.company_short %}-hosted runners IP addresses sourced from the meta API endpoint.
+
+* {% data variables.product.github %} provides the following public endpoint for its IP ranges:
+   > GET <https://api.github.com/meta>
+* Copy and paste the following curl command in your terminal or command prompt and replace the placeholder bearer token value with your actual value.
+
+  ```bash copy
+        curl -L \
+        -H "Accept: application/vnd.github+json" \
+        -H "Authorization: Bearer YOUR-TOKEN" \
+        -H "X-GitHub-Api-Version: 2022-11-28" \
+        https://api.github.com/meta
+  ```
+
+* From the response, look for the **actions** key.
+
+    ```bash
+        "actions": [ ... ]
+    ```
+
+  These are the IP ranges used by {% data variables.product.prodname_actions %} runners, including {% data variables.product.prodname_dependabot %} and hosted runners.
+
+* Add these IPs to your firewall allowlist.

content/code-security/dependabot/working-with-dependabot/index.md

@@ -178,17 +178,11 @@ Don't forget to add the following setting to the runner scale set configuration
 
 Now that you've set up ARC, you can start a {% data variables.product.prodname_dependabot %} run.
 
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.navigate-to-insights %}
-{% data reusables.repositories.click-dependency-graph %}
-
-1. Under "Dependency graph", click **{% data variables.product.prodname_dependabot %}**.
-1. To the right of the name of manifest file you're interested in, click **Recent update jobs**.
-1. If there are no recent update jobs for the manifest file, click **Check for updates** to re-run a {% data variables.product.prodname_dependabot %} version updates'job and check for new updates to dependencies for that ecosystem.
+{% data reusables.dependabot.trigger-run %}
 
 ## Viewing the generated ARC runners
 
-You can the ARC runners that have been created for the {% data variables.product.prodname_dependabot %} job.
+You can view the ARC runners that have been created for the {% data variables.product.prodname_dependabot %} job.
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.actions-tab %}

content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-github-hosted-runners-using-vnet.md

@@ -77,4 +77,4 @@ If you **don't need other {% data variables.product.github %} features**, you ca
 ## Further reading
 
 * [Frequently asked questions](https://github.com/features/copilot#faq) about {% data variables.product.prodname_copilot %}
-* [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center/)
+* [{% data variables.product.prodname_copilot %} Trust Center](https://copilot.github.trust.page/)

content/code-security/dependabot/working-with-dependabot/setting-dependabot-to-run-on-self-hosted-runners-using-arc.md

@@ -13,7 +13,7 @@ redirect_from:
   - /copilot/managing-copilot/managing-github-copilot-in-your-organization/enhancing-copilot-for-your-organization/creating-a-custom-model-for-github-copilot
 ---
 
-> [!NOTE] Custom models for {% data variables.product.prodname_copilot_enterprise %} is in {% data variables.release-phases.public_preview %} and is subject to change. During the {% data variables.release-phases.public_preview %}, there is no additional cost to {% data variables.product.prodname_copilot_enterprise_short %} customers enrolled on the {% data variables.release-phases.public_preview %} for creating or using a custom model.
+> [!NOTE] The current {% data variables.release-phases.public_preview %} of custom models for {% data variables.product.prodname_copilot_enterprise %} will be discontinued. For now, participants can continue using their custom models, but we are no longer processing new training requests. We encourage participants to try the newer {% data variables.copilot.copilot_gpt_4o %} {% data variables.product.prodname_copilot_short %} code completion model. See [Changing the AI model for Copilot code completion](/copilot/using-github-copilot/ai-models/changing-the-ai-model-for-copilot-code-completion?tool=vscode).
 
 ## Prerequisite
 
@@ -164,4 +164,4 @@ Telemetry data is primarily used to fine-tune the {% data variables.product.prod
 * **Opt-in for telemetry:** Participation in telemetry data collection is optional and controlled via your organization’s admin policies. Telemetry data is only collected when explicitly enabled for training custom models.
 * **Potential risks:** Although {% data variables.product.company_short %} takes extensive measures to prevent data leakage, there are scenarios where sensitive data, such as internal links or names, could be included in the telemetry and subsequently used in training. We recommend reviewing and filtering the data you submit for training to minimize these risks.
 
-  For more details about our data-handling practices, see the [{% data variables.product.prodname_copilot %} Trust Center](https://resources.github.com/copilot-trust-center) or review {% data variables.product.company_short %}’s [data protection agreement](https://github.com/customer-terms/github-data-protection-agreement).
+  For more details about our data-handling practices, see the [{% data variables.product.prodname_copilot %} Trust Center](https://copilot.github.trust.page) or review {% data variables.product.company_short %}’s [data protection agreement](https://github.com/customer-terms/github-data-protection-agreement).