jsoref
diff --git a/‎.github/actions-scripts/projects.js
Lines changed: 1 addition & 1 deletion b/‎.github/actions-scripts/projects.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/browser-test.yml
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/browser-test.yml
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/test.yml
Lines changed: 0 additions & 5 deletions b/‎.github/workflows/test.yml
Lines changed: 0 additions & 5 deletions
diff --git a/‎Dockerfile
Lines changed: 1 addition & 0 deletions b/‎Dockerfile
Lines changed: 1 addition & 0 deletions
diff --git a/‎components/article/ToolPicker.tsx
Lines changed: 4 additions & 0 deletions b/‎components/article/ToolPicker.tsx
Lines changed: 4 additions & 0 deletions
diff --git a/‎content/README.md
Lines changed: 1 addition & 1 deletion b/‎content/README.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/actions/hosting-your-own-runners/about-self-hosted-runners.md
Lines changed: 33 additions & 14 deletions b/‎content/actions/hosting-your-own-runners/about-self-hosted-runners.md
Lines changed: 33 additions & 14 deletions
diff --git a/‎content/actions/security-guides/encrypted-secrets.md
Lines changed: 4 additions & 0 deletions b/‎content/actions/security-guides/encrypted-secrets.md
Lines changed: 4 additions & 0 deletions
@@ -190,7 +190,7 @@ export function generateUpdateProjectNextItemFieldMutation({
     // Strip all non-alphanumeric out of the item ID when creating the mutation ID to avoid a GraphQL parsing error
     // (statistically, this should still give us a unique mutation ID)
     return `
-      set_${fieldID.substr(1)}_item_${item.replaceAll(
+      set_${fieldID.slice(1)}_item_${item.replaceAll(
       /[^a-z0-9]/g,
       ''
     )}: updateProjectNextItemField(input: {
 
@@ -59,5 +59,8 @@ jobs:
           path: .next/cache
           key: ${{ runner.os }}-nextjs-${{ hashFiles('package*.json') }}
 
+      - name: Run build script
+        run: npm run build
+
       - name: Run browser-test
         run: npm run browser-test
@@ -135,11 +135,6 @@ jobs:
       - name: Run build script
         run: npm run build
 
-      - name: Warm possible disk caching
-        env:
-          NODE_ENV: test
-        run: ./script/warm-before-tests.mjs
-
       - name: Run tests
         env:
           DIFF_FILE: get_diff_files.txt
 
@@ -89,6 +89,7 @@ COPY --chown=node:node feature-flags.json ./
 COPY --chown=node:node data ./data
 COPY --chown=node:node next.config.js ./
 COPY --chown=node:node server.mjs ./server.mjs
+COPY --chown=node:node start-server.mjs ./start-server.mjs
 
 EXPOSE $PORT
 
 
@@ -20,6 +20,8 @@ const supportedTools = [
   'vscode',
   'importer_cli',
   'graphql',
+  'powershell',
+  'bash',
 ]
 const toolTitles = {
   webui: 'Web browser',
@@ -30,6 +32,8 @@ const toolTitles = {
   vscode: 'Visual Studio Code',
   importer_cli: 'GitHub Enterprise Importer CLI',
   graphql: 'GraphQL API',
+  powershell: 'PowerShell',
+  bash: 'Bash',
 } as Record<string, string>
 
 // Imperatively modify article content to show only the selected tool
 
@@ -228,7 +228,7 @@ defaultPlatform: linux
 ### `defaultTool`
 
 - Purpose: Override the initial tool selection for a page, where tool refers to the application the reader is using to work with GitHub (such as GitHub.com's web UI, the GitHub CLI, or GitHub Desktop) or the GitHub APIs (such as cURL or the GitHub CLI). For more information about the tool selector, see [Markup reference for GitHub Docs](../contributing/content-markup-reference.md#tool-tags). If this frontmatter is omitted, then the tool-specific content matching the GitHub web UI is shown by default. If a user has indicated a tool preference (by clicking on a tool tab), then the user's preference will be applied instead of the default value.
-- Type: `String`, one of: `webui`, `cli`, `desktop`, `curl`, `codespaces`, `vscode`, `importer_cli`, `graphql`.
+- Type: `String`, one of: `webui`, `cli`, `desktop`, `curl`, `codespaces`, `vscode`, `importer_cli`, `graphql`, `powershell`, `bash`.
 - Optional.
 
 ```yaml
 
@@ -133,15 +133,29 @@ Some extra configuration might be required to use actions from {% data variables
 
 ## Communication between self-hosted runners and {% data variables.product.product_name %}
 
-The self-hosted runner polls {% data variables.product.product_name %} to retrieve application updates and to check if any jobs are queued for processing. The self-hosted runner uses a HTTPS _long poll_ that opens a connection to {% data variables.product.product_name %} for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run {% data variables.product.prodname_actions %} jobs.
+The self-hosted runner connects to {% data variables.product.product_name %} to receive job assignments and to download new versions of the runner application. The self-hosted runner uses an {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} _long poll_ that opens a connection to {% data variables.product.product_name %} for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run {% data variables.product.prodname_actions %} jobs.
 
 {% data reusables.actions.self-hosted-runner-ports-protocols %}
 
-{% data reusables.actions.self-hosted-runner-communications-for-ghae %}
-
 {% ifversion fpt or ghec %}
+Since the self-hosted runner opens a connection to {% data variables.product.product_location %}, you do not need to allow {% data variables.product.prodname_dotcom %} to make inbound connections to your self-hosted runner.
+{% elsif ghes or ghae %}
+Only an outbound connection from the runner to {% data variables.product.product_location %} is required. There is no need for an inbound connection from {% data variables.product.product_location %} to the runner.
+{%- endif %}
+
+{% ifversion ghes %}
+
+{% data variables.product.product_name %} must accept inbound connections from your runners over {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} at {% data variables.product.product_location %}'s hostname and API subdomain, and your runners must allow outbound connections over {% ifversion ghes %}HTTP(S){% else %}HTTPS{% endif %} to {% data variables.product.product_location %}'s hostname and API subdomain.
 
-Since the self-hosted runner opens a connection to {% data variables.product.prodname_dotcom %}, you do not need to allow {% data variables.product.prodname_dotcom %} to make inbound connections to your self-hosted runner.
+{% elsif ghae %}
+
+You must ensure that the self-hosted runner has appropriate network access to communicate with your {% data variables.product.product_name %} URL and its subdomains. For example, if your subdomain for {% data variables.product.product_name %} is `octoghae`, then you will need to allow the self-hosted runner to access `octoghae.githubenterprise.com`, `api.octoghae.githubenterprise.com`, and `codeload.octoghae.githubenterprise.com`.
+
+If you use an IP address allow list, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)."
+
+{% endif %}
+
+{% ifversion fpt or ghec %}
 
 You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} hosts listed below. Some hosts are required for essential runner operations, while other hosts are only required for certain functionality.
 
@@ -191,34 +205,39 @@ If you use an IP address allow list for your {% data variables.product.prodname_
 
 {% else %}
 
-You must ensure that the machine has the appropriate network access to communicate with {% data variables.product.product_location %}.{% ifversion ghes %} Self-hosted runners connect directly to {% data variables.product.product_location %} and do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and {% data variables.product.product_location %}. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to {% data variables.product.product_location %}, with no need for traffic to traverse a public network.{% endif %}
+{% ifversion ghes %}Self-hosted runners do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and {% data variables.product.product_location %}. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to {% data variables.product.product_location %}, with no need for traffic to traverse a public network.{% endif %}
 
 {% endif %}
 
+{% ifversion ghae %}
+If you use an IP address allow list for your {% data variables.product.prodname_dotcom %} organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)."
+{% endif %}
+
 You can also use self-hosted runners with a proxy server. For more information, see "[Using a proxy server with self-hosted runners](/actions/automating-your-workflow-with-github-actions/using-a-proxy-server-with-self-hosted-runners)."
 
 For more information about troubleshooting common network connectivity issues, see "[Monitoring and troubleshooting self-hosted runners](/actions/hosting-your-own-runners/monitoring-and-troubleshooting-self-hosted-runners#troubleshooting-network-connectivity)."
 
-{% ifversion ghes %}
+{% ifversion ghes or ghae %}
 
 ## Communication between self-hosted runners and {% data variables.product.prodname_dotcom_the_website %}
 
-Self-hosted runners do not need to connect to {% data variables.product.prodname_dotcom_the_website %} unless you have [enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect).
+Self-hosted runners do not need to connect to {% data variables.product.prodname_dotcom_the_website %} unless you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions for {% data variables.product.product_location %}. For more information, see "[About using actions in your enterprise](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise)."
 
-If you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}, then the self-hosted runner will connect directly to {% data variables.product.prodname_dotcom_the_website %} to download actions.  You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below.
-
-{% note %}
-
-**Note:** Some of the domains listed below are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed below will remain constant.
-
-{% endnote %}
+If you have enabled automatic access to {% data variables.product.prodname_dotcom_the_website %} actions, then the self-hosted runner will connect directly to {% data variables.product.prodname_dotcom_the_website %} to download actions. You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below. 
 
 ```
 github.com
 api.github.com
 codeload.github.com
 ```
 
+{% note %}
+
+**Note:** Some of the domains listed above are configured using `CNAME` records. Some firewalls might require you to add rules recursively for all `CNAME` records. Note that the `CNAME` records might change in the future, and that only the domains listed above will remain constant.
+
+{% endnote %}
+
+
 {% endif %}
 
 ## Self-hosted runner security
 
@@ -227,6 +227,10 @@ steps:
 ```
 {% endraw %}
 
+Secrets cannot be directly referenced in `if:` conditionals. Instead, consider setting secrets as job-level environment variables, then referencing the environment variables to conditionally run steps in the job. For more information, see "[Context availability](/actions/learn-github-actions/contexts#context-availability)" and [`jobs.<job_id>.steps[*].if`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsif).
+
+If a secret has not been set, the return value of an expression referencing the secret (such as {% raw %}`${{ secrets.SuperSecret }}`{% endraw %} in the example) will be an empty string.
+
 Avoid passing secrets between processes from the command line, whenever possible. Command-line processes may be visible to other users (using the `ps` command) or captured by [security audit events](https://docs.microsoft.com/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing). To help protect secrets, consider using environment variables, `STDIN`, or other mechanisms supported by the target process.
 
 If you must pass secrets within a command line, then enclose them within the proper quoting rules. Secrets often contain special characters that may unintentionally affect your shell. To escape these special characters, use quoting with your environment variables. For example: