github · docs-bot · Apr 15, 2025 · Apr 15, 2025 · Apr 15, 2025 · Apr 15, 2025
diff --git a/...d-notifications-on-github/setting-up-notifications/configuring-notifications.md b/...d-notifications-on-github/setting-up-notifications/configuring-notifications.md
@@ -160,6 +160,17 @@ The `reply-to` address on each email notification identifies the thread and the
 
 ## Automatic watching
 
+<!-- expires 2025-05-18 -->
+
+<!-- When this expires, remove the Automatic watching section for FPT/GHEC but keep it for GHES <=3.17 -->
+
+{% ifversion fpt or ghec %}
+
+>[!WARNING] Starting May 18, 2025, {% data variables.product.company_short %} will deprecate automatic watching of repositories and teams. Existing subscriptions will remain unaffected, ensuring you can stay subscribed to repositories or teams that you were previously watching.
+
+{% endif %}
+<!-- end expires 2025-05-18 -->
+
 By default, anytime you gain access to a new repository, you will automatically begin watching that repository. Anytime you join a new team, you will automatically be subscribed to updates and receive notifications when that team is @mentioned. If you don't want to automatically be subscribed, you can unselect the automatic watching options in your notification settings.
 
 {% ifversion update-notification-settings-22 %}

diff --git a/...s/security-for-github-actions/security-guides/automatic-token-authentication.md b/...s/security-for-github-actions/security-guides/automatic-token-authentication.md
@@ -92,6 +92,7 @@ The following table shows the permissions granted to the `GITHUB_TOKEN` by defau
 | {% endif %} |
 | issues        | read/write  | none | read |
 | metadata      | read        | read | read |
+| models        | read        | none | none |
 | packages      | read/write  | read | read |
 | pages         | read/write  | none | read |
 | pull-requests | read/write  | none | read |

diff --git a/...tions/enforcing-artifact-attestations-with-a-kubernetes-admission-controller.md b/...tions/enforcing-artifact-attestations-with-a-kubernetes-admission-controller.md
@@ -55,7 +55,7 @@ First, install the Helm chart that deploys the Sigstore Policy Controller:
 helm upgrade policy-controller --install --atomic \
   --create-namespace --namespace artifact-attestations \
   oci://ghcr.io/github/artifact-attestations-helm-charts/policy-controller \
-  --version v0.12.0-github10
+  --version v0.12.0-github12
 ```
 
 This installs the Policy Controller into the `artifact-attestations` namespace. At this point, no policies have been configured, and it will not enforce any attestations.
@@ -139,7 +139,7 @@ To see the full set of options you may configure with the Helm chart, you can ru
 For policy controller options:
 
 ```bash copy
-helm show values oci://ghcr.io/github/artifact-attestations-helm-charts/policy-controller --version v0.12.0-github10
+helm show values oci://ghcr.io/github/artifact-attestations-helm-charts/policy-controller --version v0.12.0-github12
 ```
 
 For trust policy options:

diff --git a/src/audit-logs/data/fpt/organization.json b/src/audit-logs/data/fpt/organization.json
@@ -2814,6 +2814,16 @@
     "description": "Branch protections were enabled for this repository.",
     "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule"
   },
+  {
+    "action": "repository_code_security.disable",
+    "description": "Code security was disabled for a repository.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "repository_code_security.enable",
+    "description": "Code security was enabled for a repository.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "repository_content_analysis.disable",
     "description": "Data use settings were disabled for a private repository.",

diff --git a/src/audit-logs/data/ghec/enterprise.json b/src/audit-logs/data/ghec/enterprise.json
@@ -222,12 +222,12 @@
   {
     "action": "business.code_scanning_autofix_third_party_tools_policy_update",
     "description": "The policy for Code scanning autofix third party tools was updated for an enterprise.",
-    "docs_reference_links": "N/A"
+    "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security"
   },
   {
     "action": "business.code_security_enablement_policy_update",
     "description": "The policy for Code Security enablement was updated for an enterprise.",
-    "docs_reference_links": "N/A"
+    "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security"
   },
   {
     "action": "business.connect_usage_metrics_export",
@@ -3569,6 +3569,16 @@
     "description": "Branch protections were enabled for this repository.",
     "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule"
   },
+  {
+    "action": "repository_code_security.disable",
+    "description": "Code security was disabled for a repository.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "repository_code_security.enable",
+    "description": "Code security was enabled for a repository.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "repository_content_analysis.disable",
     "description": "Data use settings were disabled for a private repository.",

diff --git a/src/audit-logs/data/ghec/organization.json b/src/audit-logs/data/ghec/organization.json
@@ -2814,6 +2814,16 @@
     "description": "Branch protections were enabled for this repository.",
     "docs_reference_links": "/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule"
   },
+  {
+    "action": "repository_code_security.disable",
+    "description": "Code security was disabled for a repository.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "repository_code_security.enable",
+    "description": "Code security was enabled for a repository.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "repository_content_analysis.disable",
     "description": "Data use settings were disabled for a private repository.",

diff --git a/src/audit-logs/data/ghes-3.16/enterprise.json b/src/audit-logs/data/ghes-3.16/enterprise.json
@@ -167,7 +167,7 @@
   {
     "action": "business.code_scanning_autofix_third_party_tools_policy_update",
     "description": "The policy for Code scanning autofix third party tools was updated for an enterprise.",
-    "docs_reference_links": "N/A"
+    "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security"
   },
   {
     "action": "business.create",

diff --git a/src/audit-logs/data/ghes-3.17/enterprise.json b/src/audit-logs/data/ghes-3.17/enterprise.json
@@ -167,12 +167,12 @@
   {
     "action": "business.code_scanning_autofix_third_party_tools_policy_update",
     "description": "The policy for Code scanning autofix third party tools was updated for an enterprise.",
-    "docs_reference_links": "N/A"
+    "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security"
   },
   {
     "action": "business.code_security_enablement_policy_update",
     "description": "The policy for Code Security enablement was updated for an enterprise.",
-    "docs_reference_links": "N/A"
+    "docs_reference_links": "/code-security/getting-started/github-security-features#available-with-github-code-security"
   },
   {
     "action": "business.create",

diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json
@@ -3,6 +3,5 @@
     "apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
     "apiRequestEvent": "This event is only available via audit log streaming."
   },
-  "sha": "d6aa2c08e5ced4ad92d2d6563fabaa683a9a7663"
-}
-
+  "sha": "ae4d8faa66c3986541a6db3a45bcf66e839fd773"
+}
diff --git a/src/graphql/data/fpt/changelog.json b/src/graphql/data/fpt/changelog.json
@@ -1,4 +1,18 @@
 [
+  {
+    "schemaChanges": [
+      {
+        "title": "The GraphQL schema includes these changes:",
+        "changes": [
+          "<p>Type <code>RepositorySuggestedActorFilter</code> was added</p>",
+          "<p>Argument 'capabilities: [RepositorySuggestedActorFilter!]!<code>added to field</code>Repository.suggestedActors'</p>"
+        ]
+      }
+    ],
+    "previewChanges": [],
+    "upcomingChanges": [],
+    "date": "2025-04-15"
+  },
   {
     "schemaChanges": [
       {

diff --git a/src/graphql/data/fpt/schema.docs.graphql b/src/graphql/data/fpt/schema.docs.graphql
@@ -50840,6 +50840,11 @@ type Repository implements Node & PackageOwner & ProjectOwner & ProjectV2Recent
     """
     before: String
 
+    """
+    A list of capabilities to filter actors by.
+    """
+    capabilities: [RepositorySuggestedActorFilter!]!
+
     """
     Returns the first _n_ elements from the list.
     """
@@ -52888,6 +52893,21 @@ enum RepositoryRulesetTarget {
   TAG
 }
 
+"""
+The possible filters for suggested actors in a repository
+"""
+enum RepositorySuggestedActorFilter {
+  """
+  Actors that can be assigned to issues and pull requests
+  """
+  CAN_BE_ASSIGNED
+
+  """
+  Actors that can be the author of issues and pull requests
+  """
+  CAN_BE_AUTHOR
+}
+
 """
 A repository-topic connects a repository to a topic.
 """

diff --git a/src/graphql/data/fpt/schema.json b/src/graphql/data/fpt/schema.json
@@ -67349,6 +67349,16 @@
                 "href": "/graphql/reference/scalars#string"
               }
             },
+            {
+              "name": "capabilities",
+              "description": "<p>A list of capabilities to filter actors by.</p>",
+              "type": {
+                "name": "[RepositorySuggestedActorFilter!]!",
+                "id": "repositorysuggestedactorfilter",
+                "kind": "enums",
+                "href": "/graphql/reference/enums#repositorysuggestedactorfilter"
+              }
+            },
             {
               "name": "first",
               "description": "<p>Returns the first <em>n</em> elements from the list.</p>",
@@ -92393,6 +92403,23 @@
         }
       ]
     },
+    {
+      "name": "RepositorySuggestedActorFilter",
+      "kind": "enums",
+      "id": "repositorysuggestedactorfilter",
+      "href": "/graphql/reference/enums#repositorysuggestedactorfilter",
+      "description": "<p>The possible filters for suggested actors in a repository.</p>",
+      "values": [
+        {
+          "name": "CAN_BE_ASSIGNED",
+          "description": "<p>Actors that can be assigned to issues and pull requests.</p>"
+        },
+        {
+          "name": "CAN_BE_AUTHOR",
+          "description": "<p>Actors that can be the author of issues and pull requests.</p>"
+        }
+      ]
+    },
     {
       "name": "RepositoryVisibility",
       "kind": "enums",

diff --git a/src/graphql/data/ghec/schema.docs.graphql b/src/graphql/data/ghec/schema.docs.graphql
@@ -50840,6 +50840,11 @@ type Repository implements Node & PackageOwner & ProjectOwner & ProjectV2Recent
     """
     before: String
 
+    """
+    A list of capabilities to filter actors by.
+    """
+    capabilities: [RepositorySuggestedActorFilter!]!
+
     """
     Returns the first _n_ elements from the list.
     """
@@ -52888,6 +52893,21 @@ enum RepositoryRulesetTarget {
   TAG
 }
 
+"""
+The possible filters for suggested actors in a repository
+"""
+enum RepositorySuggestedActorFilter {
+  """
+  Actors that can be assigned to issues and pull requests
+  """
+  CAN_BE_ASSIGNED
+
+  """
+  Actors that can be the author of issues and pull requests
+  """
+  CAN_BE_AUTHOR
+}
+
 """
 A repository-topic connects a repository to a topic.
 """

diff --git a/src/graphql/data/ghec/schema.json b/src/graphql/data/ghec/schema.json
@@ -67349,6 +67349,16 @@
                 "href": "/graphql/reference/scalars#string"
               }
             },
+            {
+              "name": "capabilities",
+              "description": "<p>A list of capabilities to filter actors by.</p>",
+              "type": {
+                "name": "[RepositorySuggestedActorFilter!]!",
+                "id": "repositorysuggestedactorfilter",
+                "kind": "enums",
+                "href": "/graphql/reference/enums#repositorysuggestedactorfilter"
+              }
+            },
             {
               "name": "first",
               "description": "<p>Returns the first <em>n</em> elements from the list.</p>",
@@ -92393,6 +92403,23 @@
         }
       ]
     },
+    {
+      "name": "RepositorySuggestedActorFilter",
+      "kind": "enums",
+      "id": "repositorysuggestedactorfilter",
+      "href": "/graphql/reference/enums#repositorysuggestedactorfilter",
+      "description": "<p>The possible filters for suggested actors in a repository.</p>",
+      "values": [
+        {
+          "name": "CAN_BE_ASSIGNED",
+          "description": "<p>Actors that can be assigned to issues and pull requests.</p>"
+        },
+        {
+          "name": "CAN_BE_AUTHOR",
+          "description": "<p>Actors that can be the author of issues and pull requests.</p>"
+        }
+      ]
+    },
     {
       "name": "RepositoryVisibility",
       "kind": "enums",

diff --git a/src/search/components/input/SearchOverlay.tsx b/src/search/components/input/SearchOverlay.tsx
@@ -338,6 +338,9 @@ export function SearchOverlay({
     if (searchParams.has('search-overlay-ask-ai')) {
       searchParams.delete('search-overlay-ask-ai')
     }
+    if (searchParams.has('query')) {
+      searchParams.delete('query')
+    }
     router.push(`${selectedOption.url}?${searchParams.toString()}` || '')
     onClose()
   }
@@ -389,6 +392,9 @@ export function SearchOverlay({
     if (searchParams.has('search-overlay-ask-ai')) {
       searchParams.delete('search-overlay-ask-ai')
     }
+    if (searchParams.has('query')) {
+      searchParams.delete('query')
+    }
     window.open(`${url}?${searchParams.toString()}` || '', '_blank')
   }
 
@@ -465,8 +471,11 @@ export function SearchOverlay({
         selectedIndex < combinedOptions.length
       ) {
         const selectedItem = combinedOptions[selectedIndex]
+        if (!selectedItem) {
+          return
+        }
         let action = () => {} // Execute the action after we send the event
-        if (selectedItem.group === 'general') {
+        if (selectedItem?.group === 'general') {
           if (
             (selectedItem.option as GeneralSearchHitWithOptions).isViewAllResults ||
             (selectedItem.option as GeneralSearchHitWithOptions).isSearchDocsOption
@@ -477,10 +486,10 @@ export function SearchOverlay({
             pressedOnContext = 'general-option'
             action = () => generalSearchResultOnSelect(selectedItem.option as GeneralSearchHit)
           }
-        } else if (selectedItem.group === 'ai') {
+        } else if (selectedItem?.group === 'ai') {
           pressedOnContext = 'ai-option'
           action = () => aiSearchOptionOnSelect(selectedItem.option as AutocompleteSearchHit)
-        } else if (selectedItem.group === 'reference') {
+        } else if (selectedItem?.group === 'reference') {
           // On a reference select, we are in the Ask AI State / Screen
           pressedGroupKey = ASK_AI_EVENT_GROUP
           pressedGroupId = askAIEventGroupId
@@ -503,6 +512,8 @@ export function SearchOverlay({
       'search-overlay-ask-ai': '',
       'search-overlay-input': urlSearchInputQuery,
     })
+    // Focus the search input
+    inputRef.current?.focus()
   }
 
   // We render the AI Result in the searchGroups call, so we pass the props down via an object
@@ -675,7 +686,7 @@ export function SearchOverlay({
             aria-expanded={combinedOptions.length > 0}
             aria-activedescendant={
               selectedIndex >= 0
-                ? `search-option-${combinedOptions[selectedIndex].group}-${selectedIndex}`
+                ? `search-option-${combinedOptions[selectedIndex]?.group}-${selectedIndex}`
                 : undefined
             }
             onKeyDown={handleKeyDown}