diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 56f191de0e62..48399032063d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,10 +1,12 @@ version: 2 + registries: ghcr: # Define access for a private registry type: docker-registry url: ghcr.io username: PAT password: ${{secrets.CONTAINER_BUILDER_TOKEN}} + updates: - package-ecosystem: npm directory: '/' @@ -24,7 +26,7 @@ updates: directory: '/' schedule: interval: weekly - day: wednesday + day: tuesday ignore: - dependency-name: '*' update-types: @@ -36,11 +38,8 @@ updates: - ghcr directory: '/' schedule: - interval: weekly - day: thursday + interval: daily groups: baseImages: patterns: - '*' - ignore: - - dependency-name: 'node' diff --git a/assets/images/help/copilot/code-review/automatic-code-review.png b/assets/images/help/copilot/code-review/automatic-code-review.png new file mode 100644 index 000000000000..cbad5a3d9cb3 Binary files /dev/null and b/assets/images/help/copilot/code-review/automatic-code-review.png differ diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md b/content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md index 2810e689900b..a30d9cba108b 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md +++ b/content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md @@ -136,3 +136,6 @@ You may have multiple code scanning configurations on a single repository. When * [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests) * [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning) * [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning) +{%- ifversion copilot-hadron %} +* [AUTOTITLE](/copilot/using-github-copilot/using-github-copilot-for-pull-requests/using-copilot-to-help-you-work-on-a-pull-request) +{%- endif %} diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md b/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md index 9be43757978d..40ecb11d82e7 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md +++ b/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md @@ -169,3 +169,9 @@ An alternative way of closing an alert is to dismiss it. You can dismiss an aler {% data reusables.code-scanning.false-positive-fix-codeql %} For more information about dismissing alerts, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts#dismissing--alerts). + +## Further reading + +{%- ifversion copilot-hadron %} +* [AUTOTITLE](/copilot/using-github-copilot/using-github-copilot-for-pull-requests/using-copilot-to-help-you-work-on-a-pull-request) +{%- endif %} diff --git a/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md b/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md index 74ef78e6d8ac..8a94e01c9887 100644 --- a/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md +++ b/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md @@ -83,9 +83,12 @@ This allows you to update the configuration in a single location, but use the wo ### {% data variables.product.prodname_copilot_short %} review -{% data reusables.copilot.code-review.preview-note %} +> [!NOTE] +> +> {% data reusables.copilot.code-review.preview-note %} +> * If you get a {% data variables.product.prodname_copilot_short %} subscription from an organization, you will only be able to participate in the {% data variables.release-phases.public_preview %} on the {% data variables.product.github %} website if an owner of your organization {% ifversion ghec %}or enterprise{% endif %} has enabled **Copilot in GitHub.com > Opt in to preview features** in the **{% data variables.product.prodname_copilot %} policies** page of the organization {% ifversion ghec %}or enterprise{% endif %} settings. See [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization#enabling-copilot-features-in-your-organization){% ifversion ghec %} and [AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise#copilot-in-githubcom){% endif %}. -By default, users request a review from {% data variables.product.prodname_copilot_short %} in the same way as they do from human reviewers. However, you can update or create an organization-level branch ruleset to automatically add {% data variables.product.prodname_copilot_short %} as a reviewer to all pull requests made to selected branches in all or selected repositories. For more information, see [AUTOTITLE](/copilot/using-github-copilot/code-review/using-copilot-code-review#enabling-automatic-reviews-from-copilot). +By default, users request a review from {% data variables.product.prodname_copilot_short %} in the same way as they do from human reviewers. However, you can update or create an organization-level branch ruleset to automatically add {% data variables.product.prodname_copilot_short %} as a reviewer to all pull requests made to selected branches in all or selected repositories. See [AUTOTITLE](/copilot/using-github-copilot/code-review/configuring-automatic-code-review-by-copilot). {% data variables.product.prodname_copilot_short %} leaves a review comment on each pull request it reviews, without approving the pull request or requesting changes. This ensures that its review is advisory and will not block development work. Similarly, you should not enforce the resolution of suggestions made by {% data variables.product.prodname_copilot_short %} because AI suggestions have known limitations, see [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-code-review#limitations-of-github-copilot-code-review). diff --git a/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-code-review.md b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-code-review.md index 18147a77c0f7..debee21e6ef9 100644 --- a/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-code-review.md +++ b/content/copilot/responsible-use-of-github-copilot-features/responsible-use-of-github-copilot-code-review.md @@ -14,7 +14,7 @@ redirect_from: --- > [!NOTE] -> * {% data variables.copilot.copilot_code-review %} is in {% data variables.release-phases.public_preview %} and subject to change. To join the waitlist, see [Join the {% data variables.copilot.copilot_code-review_short %} waitlist](https://gh.io/copilot-code-review-waitlist). +> * {% data variables.copilot.copilot_code-review %} is in {% data variables.release-phases.public_preview %} and subject to change. To access the {% data variables.release-phases.public_preview %}, see [Join the preview for {% data variables.copilot.copilot_code-review_short %}-powered code reviews](https://gh.io/copilot-code-review-waitlist). > * The [AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-pre-release-license-terms) apply to your use of this product. ## About {% data variables.copilot.copilot_code-review %} diff --git a/content/copilot/using-github-copilot/code-review/configuring-automatic-code-review-by-copilot.md b/content/copilot/using-github-copilot/code-review/configuring-automatic-code-review-by-copilot.md new file mode 100644 index 000000000000..3fa1bc28e2f5 --- /dev/null +++ b/content/copilot/using-github-copilot/code-review/configuring-automatic-code-review-by-copilot.md @@ -0,0 +1,68 @@ +--- +title: Configuring automatic code review by Copilot +shortTitle: Automatic code review +intro: "Learn how to configure {% data variables.product.prodname_copilot_short %} to automatically review pull requests in a repository." +versions: + feature: copilot +topics: + - Copilot +--- + +## About automatic code review + +By default, {% data variables.product.prodname_copilot_short %} will only review a pull request when it is assigned to the pull request in the same way you would assign a human reviewer. However, repository owners can configure {% data variables.product.prodname_copilot_short %} to automatically review all pull requests in the repository. Organization owners can configure {% data variables.product.prodname_copilot_short %} to automatically review all pull requests in some or all of the repositories in the organization. + +### Triggering an automatic pull request review + +After you configure automatic code review, {% data variables.product.prodname_copilot_short %} will review pull requests in the following situations: + +* When a pull request is created as an "Open" pull request. + + A review is not triggered if the pull request is created as a "Draft" pull request. + +* The first time a "Draft" pull request is switched to "Open". + +> [!NOTE] +> {% data variables.product.prodname_copilot_short %} only automatically reviews a pull request once. If you make changes to the pull request after it has been automatically reviewed and you want {% data variables.product.prodname_copilot_short %} to re-review the pull request, you must request this manually. To do this, click the {% octicon "sync" aria-label="Re-request review" %} button next to {% data variables.product.prodname_copilot_short %}'s name in the **Reviewers** menu. + +## Configuring automatic code review for a single repository + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +{% data reusables.repositories.repo-rulesets-settings %} +{% data reusables.repositories.repo-new-ruleset %} +1. Under "Target branches," click **Add target** and choose one of the options—for example, **Include default branch** or **Include all branches**. +1. Under "Branch rules," select the **Require a pull request before merging** checkbox. + + This expands a set of subsidiary options. + +1. Select the **Request pull request review from {% data variables.product.prodname_copilot_short %}** checkbox. + + ![Screenshot of the "Request pull request review from {% data variables.product.prodname_copilot_short %}" branch ruleset option.](/assets/images/help/copilot/code-review/automatic-code-review.png) + +1. At the bottom of the page, click **Create**. + +## Configuring automatic code review for repositories in an organization + +{% data reusables.profile.access_org %} +{% data reusables.profile.org_settings %} +{% data reusables.organizations.access-ruleset-settings %} +{% data reusables.repositories.repo-new-ruleset %} +1. Under "Target repositories," click **Add target** and choose either **Include by pattern** or **Exclude by pattern**. +1. In the dialog box that's displayed, type a pattern that will match the names of repositories in your organization—for example, `*feature` to match all repositories with names that end in `feature`. + + For information about pattern-matching syntax, see [AUTOTITLE](/organizations/managing-organization-settings/creating-rulesets-for-repositories-in-your-organization#using-fnmatch-syntax). + +1. In the dialog box, click **Add inclusion pattern** or **Add exclusion pattern**. +1. Repeat the process for any additional patterns you want to add. + + > [!NOTE] + > You can add multiple targeting criteria to the same ruleset. Exclusion patterns are applied after inclusion patterns. For example, you could include any repositories matching the pattern `*cat*`, and specifically exclude a repository matching the pattern `not-a-cat`. + +1. Under "Target branches," click **Add target** and choose one of the target options. +1. Under "Branch rules," select the **Require a pull request before merging** checkbox. + + This expands a set of subsidiary options. + +1. Select the **Request pull request review from {% data variables.product.prodname_copilot_short %}** checkbox. +1. At the bottom of the page, click **Create**. diff --git a/content/copilot/using-github-copilot/code-review/index.md b/content/copilot/using-github-copilot/code-review/index.md index 791f22fa08df..87c589148ae0 100644 --- a/content/copilot/using-github-copilot/code-review/index.md +++ b/content/copilot/using-github-copilot/code-review/index.md @@ -9,4 +9,5 @@ topics: children: - /using-copilot-code-review - /configuring-coding-guidelines + - /configuring-automatic-code-review-by-copilot --- diff --git a/content/copilot/using-github-copilot/code-review/using-copilot-code-review.md b/content/copilot/using-github-copilot/code-review/using-copilot-code-review.md index 5b5e559250c3..0dfe2e18942e 100644 --- a/content/copilot/using-github-copilot/code-review/using-copilot-code-review.md +++ b/content/copilot/using-github-copilot/code-review/using-copilot-code-review.md @@ -3,7 +3,7 @@ title: Using GitHub Copilot code review shortTitle: Using code review intro: "Learn how to request a code review from {% data variables.product.prodname_copilot %}." allowTitleToDifferFromFilename: true -product: '{% data reusables.gated-features.copilot-free-availability %}' +product: 'See the table below.' versions: feature: copilot topics: @@ -14,7 +14,23 @@ redirect_from: - /early-access/copilot/code-reviews/using-copilot-code-reviews --- -{% data reusables.copilot.code-review.preview-note %} +{% webui %} + +> [!NOTE] +> +> {% data reusables.copilot.code-review.preview-note %} +> * If you get a {% data variables.product.prodname_copilot_short %} subscription from an organization, you will only be able to participate in the {% data variables.release-phases.public_preview %} on the {% data variables.product.github %} website if an owner of your organization {% ifversion ghec %}or enterprise{% endif %} has enabled **{% data variables.product.prodname_copilot_short %} in {% data variables.product.prodname_dotcom_the_website %} > Opt in to preview features** in the **{% data variables.product.prodname_copilot %} policies** page of the organization {% ifversion ghec %}or enterprise{% endif %} settings. See [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization#enabling-copilot-features-in-your-organization){% ifversion ghec %} and [AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise#copilot-in-githubcom){% endif %}. + +{% endwebui %} + +{% vscode %} + +> [!NOTE] +> +> {% data reusables.copilot.code-review.preview-note %} +> * If you get a {% data variables.product.prodname_copilot_short %} subscription from an organization, you will only be able to participate in the {% data variables.release-phases.public_preview %} in {% data variables.product.prodname_vscode_shortname %} if an owner of your organization {% ifversion ghec %}or enterprise{% endif %} has enabled **Editor preview features** in the **{% data variables.product.prodname_copilot %} policies** page of the organization {% ifversion ghec %}or enterprise{% endif %} settings. See [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization#enabling-copilot-features-in-your-organization){% ifversion ghec %} and [AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise#copilot-in-githubcom){% endif %}. + +{% endvscode %} ## About {% data variables.copilot.copilot_code-review_short %} @@ -35,7 +51,7 @@ The current functionality and availability of the two types of review is summari | Description | Initial review of a highlighted section of code with feedback and suggestions | Deeper review of all changes | | Language support | All | C#, Go, Java, JavaScript, Markdown, Python, Ruby, TypeScript | | Custom coding guidelines support | No | Yes, see [Customizing {% data variables.product.prodname_copilot_short %}'s reviews with coding guidelines](#customizing-copilots-reviews-with-coding-guidelines) | -| Availability | {% data variables.release-phases.public_preview_caps %}, available to all {% data variables.product.prodname_copilot_short %} subscribers | {% data variables.release-phases.public_preview_caps %} with waitlist, see [Join the {% data variables.copilot.copilot_code-review_short %} waitlist](https://gh.io/copilot-code-review-waitlist) | +| Availability | {% data variables.release-phases.public_preview_caps %}, available to all {% data variables.product.prodname_copilot_short %} subscribers | {% data variables.release-phases.public_preview_caps %}, available with {% data variables.product.prodname_copilot_pro_short %}, {% data variables.product.prodname_copilot_business_short %}, and {% data variables.product.prodname_copilot_enterprise_short %} subscriptions. | {% endrowheaders %} @@ -51,7 +67,8 @@ These instructions explain how to use {% data variables.copilot.copilot_code-rev ### Requesting a pull request review from {% data variables.product.prodname_copilot_short %} -> [!NOTE] Requesting a pull request review from {% data variables.product.prodname_copilot_short %} is currently only available to a limited number of {% data variables.product.prodname_copilot_short %} subscribers. To join the waitlist, see [Join the {% data variables.copilot.copilot_code-review_short %} waitlist](https://gh.io/copilot-code-review-waitlist). +> [!NOTE] +> To access the {% data variables.release-phases.public_preview %} of this feature, see [Join the preview for {% data variables.copilot.copilot_code-review_short %}-powered code reviews](https://gh.io/copilot-code-review-waitlist). 1. On {% data variables.product.prodname_dotcom_the_website %}, create a pull request or navigate to an existing pull request. 1. Open the **Reviewers** menu, then select **{% data variables.product.prodname_copilot_short %}**. @@ -98,15 +115,9 @@ To request a re-review from {% data variables.product.prodname_copilot_short %}, > [!NOTE] When re-reviewing a pull request, {% data variables.product.prodname_copilot_short %} may repeat the same comments again, even if they have been dismissed with the "Resolve conversation" button or downvoted with the thumbs down (:-1:) button. -## Enabling automatic reviews from {% data variables.product.prodname_copilot_short %} - -By default, you will have to manually request a review from {% data variables.product.prodname_copilot_short %} on each pull request. - -You can enable automatic reviews from {% data variables.product.prodname_copilot_short %} on all pull requests using rulesets configured at the repository level or organization level. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets). - -To turn this on, enable the **Request pull request review from {% data variables.product.prodname_copilot_short %}** branch rule, nested under **Require a pull request before merging**. +## Enabling automatic reviews -![Screenshot of the "Request pull request review from {% data variables.product.prodname_copilot_short %}" branch rule.](/assets/images/help/copilot/code-review/request-review-branch-rule@2x.png) +By default, you manually request a review from {% data variables.product.prodname_copilot_short %} on each pull request, in the same way you would request a review from a human. However, you can set up {% data variables.product.prodname_copilot_short %} to automatically review all pull requests in a repository, or for all repositories in an organization. See [AUTOTITLE](/copilot/using-github-copilot/code-review/configuring-automatic-code-review-by-copilot). ## Customizing {% data variables.product.prodname_copilot_short %}'s reviews with coding guidelines @@ -144,16 +155,17 @@ You can request an initial review of a highlighted selection of code in {% data ### Reviewing changes -> [!NOTE] Reviewing changes is currently only available to a limited number of {% data variables.product.prodname_copilot_short %} subscribers. To join the waitlist, see [Join the {% data variables.copilot.copilot_code-review_short %} waitlist](https://gh.io/copilot-code-review-waitlist). +> [!NOTE] +> To access the {% data variables.release-phases.public_preview %} of this feature, see [Join the preview for {% data variables.copilot.copilot_code-review_short %}-powered code reviews](https://gh.io/copilot-code-review-waitlist). You can request a review for your staged or unstaged changes in {% data variables.product.prodname_vscode %}. 1. In {% data variables.product.prodname_vscode_shortname %}, switch to the **Source Control** tab. -1. To request a review on your unstaged changes, hover over **Changes** in the sidebar, and then click the **{% data variables.copilot.copilot_code-review_short %} - Changes** button. +1. To request a review on your unstaged changes, hover over **Changes** in the sidebar, and then click the {% data reusables.copilot.code-review.staging-icon-vscode %} **{% data variables.copilot.copilot_code-review_short %} - Changes** button. ![Screenshot of the "{% data variables.copilot.copilot_code-review_short %} - Changes" button in {% data variables.product.prodname_vscode %}. The code review button is outlined in dark orange.](/assets/images/help/copilot/code-review/vscode-review-button@2x.png) -1. To request a review on your staged changes, hover over **Staged Changes** in the sidebar, and then click the **{% data variables.copilot.copilot_code-review_short %} - Staged Changes** button. +1. To request a review on your staged changes, hover over **Staged Changes** in the sidebar, and then click the {% data reusables.copilot.code-review.staging-icon-vscode %} **{% data variables.copilot.copilot_code-review_short %} - Staged Changes** button. 1. Wait for {% data variables.product.prodname_copilot_short %} to review your changes. This usually takes less than 30 seconds. diff --git a/content/copilot/using-github-copilot/using-github-copilot-for-pull-requests/using-copilot-to-help-you-work-on-a-pull-request.md b/content/copilot/using-github-copilot/using-github-copilot-for-pull-requests/using-copilot-to-help-you-work-on-a-pull-request.md index e3494c5ac00b..18ec12a0dcf8 100644 --- a/content/copilot/using-github-copilot/using-github-copilot-for-pull-requests/using-copilot-to-help-you-work-on-a-pull-request.md +++ b/content/copilot/using-github-copilot/using-github-copilot-for-pull-requests/using-copilot-to-help-you-work-on-a-pull-request.md @@ -38,11 +38,10 @@ After you create a pull request, you can continue working on the PR on the {% da ## Prerequisites -Using {% data variables.product.prodname_copilot_workspace %} requires: +Using {% data variables.product.prodname_copilot_workspace %} requires an existing pull request on the {% data variables.product.github %} website and either of the following: -* Access to {% data variables.product.prodname_copilot_short %}. For more information, see [AUTOTITLE](/copilot/about-github-copilot/subscription-plans-for-github-copilot). -* Admission to the {% data variables.release-phases.public_preview %} from the waitlist. To apply to join the waitlist, see [Join the {% data variables.product.prodname_copilot_short %} code review waitlist](https://gh.io/copilot-code-review-waitlist). -* An existing pull request on the {% data variables.product.github %} website. If you need help on creating a pull request, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request). +* Access to {% data variables.product.prodname_copilot_short %}—see [AUTOTITLE](/copilot/about-github-copilot/subscription-plans-for-github-copilot)—and admission to the {% data variables.release-phases.public_preview %}—see [Join the preview for {% data variables.copilot.copilot_code-review_short %}-powered code reviews](https://gh.io/copilot-code-review-waitlist). +* Access to {% data variables.product.prodname_GH_advanced_security %} (GHAS) on a private, business-owned repository. See [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security). Without access to {% data variables.product.prodname_copilot_workspace %} you can still edit the files in pull requests by going to the **Files changed** tab, clicking the ellipsis (**...**) next to the file you want to edit, and then clicking **Edit file**. diff --git a/content/get-started/learning-to-code/learning-to-debug-with-github-copilot.md b/content/get-started/learning-to-code/learning-to-debug-with-github-copilot.md index 247895e67706..5e8a3cf9a8b3 100644 --- a/content/get-started/learning-to-code/learning-to-debug-with-github-copilot.md +++ b/content/get-started/learning-to-code/learning-to-debug-with-github-copilot.md @@ -54,32 +54,28 @@ def dice_battle(): print(dice_battle()) ``` -First, we need to clone the repository locally: -1. In {% data variables.product.prodname_vscode_shortname %}, open the Command Palette by pressing Cmd+Shift+P (Mac) or Ctrl+Shift+P (Windows/Linux). -1. Type `Git: Clone` and press Enter. -1. Paste the URL of the `new2code/debug-with-copilot` repository: +First, we need to create a local copy of the example repository: - ```text copy - https://github.com/new2code/debug-with-copilot - ``` - -1. Press Enter, then choose a location to save the repository on your computer. -1. When prompted, open the repository in {% data variables.product.prodname_vscode_shortname %}. +1. [Start cloning the new2code/debug-with-copilot repository](vscode://vscode.git/clone?url=https://github.com/new2code/debug-with-copilot) in {% data variables.product.prodname_vscode_shortname %}. +1. Choose a location to save the repository on your computer, then click **Select as Repository Destination**. +1. When prompted, open the repository. Now that we've cloned the repository, let's run `bugged_dice_battle.py` to see the output: 1. Open the Command Palette by pressing Cmd+Shift+P (Mac) or Ctrl+Shift+P (Windows/Linux). 1. Type `Terminal: Create New Terminal` and press Enter. -1. If you are using Mac or Linux, in the terminal tab, paste the following code: +1. In the terminal tab, paste the following command. + + Windows: ```shell copy - python bugged_dice_battle.py + py bugged_dice_battle.py ``` - Otherwise, if you are using Windows, paste the following code: + Mac or Linux: ```shell copy - py bugged_dice_battle.py + python bugged_dice_battle.py ``` 1. Press Enter to run the program. @@ -116,18 +112,17 @@ print(f"The factorial of {number} is {factorial}") Since we've already cloned the repository locally, let's run `bugged_factorial_finder.py` to see the output: -1. In {% data variables.product.prodname_vscode_shortname %}, open the Command Palette by pressing Cmd+Shift+P (Mac) or Ctrl+Shift+P (Windows/Linux). -1. Type `Terminal: Create New Terminal` and press Enter. -1. If you are using Mac or Linux, in the terminal tab, paste the following code: +1. In the terminal you created earlier, paste the following command. + Windows: ```shell copy - python bugged_factorial_finder.py + py bugged_factorial_finder.py ``` - Otherwise, if you are using Windows, paste the following code: + Mac or Linux: ```shell copy - py bugged_factorial_finder.py + python bugged_factorial_finder.py ``` 1. Press Enter to run the program. diff --git a/content/rest/secret-scanning/delegated-bypass.md b/content/rest/secret-scanning/delegated-bypass.md new file mode 100644 index 000000000000..444c0e65a98d --- /dev/null +++ b/content/rest/secret-scanning/delegated-bypass.md @@ -0,0 +1,13 @@ +--- +title: REST API endpoints for push protection bypass requests +shortTitle: Push protection bypass +intro: Use the REST API to manage push protection bypass requests for secret scanning. +versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 + ghec: '*' +topics: + - API +autogenerated: rest +allowTitleToDifferFromFilename: true +--- + + diff --git a/content/rest/secret-scanning/index.md b/content/rest/secret-scanning/index.md index 007d4276aa3c..d7beeb4edb63 100644 --- a/content/rest/secret-scanning/index.md +++ b/content/rest/secret-scanning/index.md @@ -10,6 +10,7 @@ versions: topics: - API children: + - /delegated-bypass - /secret-scanning autogenerated: rest --- diff --git a/data/release-notes/enterprise-server/3-16/0-rc1.yml b/data/release-notes/enterprise-server/3-16/0-rc1.yml index 5cf4a5867577..5a90413074a5 100644 --- a/data/release-notes/enterprise-server/3-16/0-rc1.yml +++ b/data/release-notes/enterprise-server/3-16/0-rc1.yml @@ -241,6 +241,21 @@ sections: # https://github.com/github/releases/issues/4683 - | As of November 6, 2024, Dependabot no longer supports Composer version 1, which has reached its end-of-life. If you continue to use Composer version 1, Dependabot will be unable to create pull requests to update your dependencies. If this affects you, we recommend updating to a supported release of Composer. As of October 2024, the newest supported version of Composer is 2.8, and the long-term supported version is 2.2. View [Composer's official documentation](https://getcomposer.org/download/) for more information about supported releases. + # https://github.com/github/releases/issues/3525 + - | + In GitHub Enterprise Server 3.17, GitHub will migrate tag protection rules to a ruleset and the tag protection rule feature will no longer be available. Prior to upgrading to 3.17, you can use the [migration feature](https://github.blog/changelog/2023-10-18-migrate-tag-protections-to-repository-rules/) to move your tag protection rules. + # https://github.com/github/releases/issues/5381 + - | + In GitHub Enterprise Server 3.17, GitHub will deprecate the Docker registry for GitHub Packages in favor of the GitHub Container Registry, which supports Docker packages. All packages in the Docker registry will be deleted and cannot be fetched past the deprecation date. + # https://github.com/github/releases/issues/5292 + - | + In GitHub Enterprise Server 3.17, Dependabot will no longer support Python 3.8, which has reached its end-of-life. If you continue to use Python 3.8, Dependabot will not be able to create pull requests to update dependencies. If this affects you, we recommend updating to a supported release of Python. As of February 2025, Python 3.13 is the newest supported release. + # https://github.com/github/releases/issues/5204 + - | + In GitHub Enterprise Server 3.17, Dependabot will no longer support NPM version 6, which has reached its end-of-life. If you continue to use NPM version 6, Dependabot will be unable to create pull requests to update dependencies. If this affects you, we recommend updating to a supported release of NPM. As of December 2024, NPM 9 is the newest supported release. + # https://github.com/github/releases/issues/4710 + - | + In GitHub Enterprise Server 3.17 and later, the field `cvss` for GitHub security advisories in the REST & GraphQL APIs will be deprecated in favour of the new `cvss_severities` field. retired: - | diff --git a/data/reusables/copilot/code-review/preview-note.md b/data/reusables/copilot/code-review/preview-note.md index a65f6f1b291c..bf0decc65dda 100644 --- a/data/reusables/copilot/code-review/preview-note.md +++ b/data/reusables/copilot/code-review/preview-note.md @@ -1,6 +1,2 @@ -> [!NOTE] -> -> * {% data variables.copilot.copilot_code-review %} is in {% data variables.release-phases.public_preview %} and subject to change. -> * To participate in the {% data variables.release-phases.public_preview %}, an administrator of your {% ifversion ghec %}enterprise or{% endif %} organization must opt in to the use of previews of {% data variables.product.prodname_copilot_short %} features. See {% ifversion ghec %}[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise#copilot-in-githubcom) and{% endif %} [AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization#enabling-copilot-features-in-your-organization). -> * Some functionality is available to all enabled {% data variables.product.prodname_copilot_short %} subscribers, but other functionality is only available to a limited number of users. To join the waitlist for additional functionality, see [Join the {% data variables.copilot.copilot_code-review_short %} waitlist](https://gh.io/copilot-code-review-waitlist). -> * The [AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-pre-release-license-terms) apply to your use of this product. +* {% data variables.copilot.copilot_code-review %} is in {% data variables.release-phases.public_preview %} and subject to change. +* The [AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-pre-release-license-terms) apply to your use of this product. diff --git a/data/reusables/copilot/code-review/staging-icon-vscode.md b/data/reusables/copilot/code-review/staging-icon-vscode.md new file mode 100644 index 000000000000..a058fede02d1 --- /dev/null +++ b/data/reusables/copilot/code-review/staging-icon-vscode.md @@ -0,0 +1,2 @@ + + diff --git a/data/reusables/repositories/repo-new-ruleset.md b/data/reusables/repositories/repo-new-ruleset.md new file mode 100644 index 000000000000..5667af4b2a3c --- /dev/null +++ b/data/reusables/repositories/repo-new-ruleset.md @@ -0,0 +1,3 @@ +1. Click **New ruleset**. +1. Click **New branch ruleset**. +1. Under "Ruleset name," type a name for the ruleset. diff --git a/package.json b/package.json index 92d746efc464..81cfcf29b1dc 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,8 @@ "find-past-built-pr": "tsx src/workflows/find-past-built-pr.ts", "find-unused-variables": "tsx src/content-linter/scripts/find-unsed-variables.ts", "fixture-dev": "cross-env ROOT=src/fixtures/fixtures npm start", - "fixture-test": "cross-env ROOT=src/fixtures/fixtures npm test -- src/fixtures/tests", + "fixture-dev-debug": "cross-env NODE_ENV=development ROOT=src/fixtures/fixtures nodemon --inspect src/frame/server.ts", + "fixture-test": "cross-env ROOT=src/fixtures/fixtures sh -c 'npm test -- ${1:-src/fixtures/tests}' --", "fr-add-docs-reviewers-requests": "tsx src/workflows/fr-add-docs-reviewers-requests.ts", "general-search-scrape": "tsx src/search/scripts/scrape/scrape-cli.ts", "general-search-scrape-server": "cross-env NODE_ENV=production PORT=4002 MINIMAL_RENDER=true CHANGELOG_DISABLED=true tsx src/frame/server.ts", diff --git a/src/content-render/unified/processor.js b/src/content-render/unified/processor.js index e8fae862cd21..7b54abef213f 100644 --- a/src/content-render/unified/processor.js +++ b/src/content-render/unified/processor.js @@ -39,6 +39,7 @@ export function createProcessor(context) { .use(gfm) // Markdown AST below vvv .use(parseInfoString) + .use(rewriteLocalLinks, context) .use(emoji) // Markdown AST above ^^^ .use(remark2rehype, { allowDangerousHtml: true }) @@ -72,7 +73,6 @@ export function createProcessor(context) { .use(rewriteForRowheaders) .use(rewriteImgSources) .use(rewriteAssetImgTags) - .use(rewriteLocalLinks, context) .use(alerts) // HTML AST above ^^^ .use(html) @@ -81,16 +81,16 @@ export function createProcessor(context) { } export function createMarkdownOnlyProcessor(context) { - return unified().use(remarkParse).use(gfm).use(remarkStringify) + return unified().use(remarkParse).use(gfm).use(rewriteLocalLinks, context).use(remarkStringify) } export function createMinimalProcessor(context) { return unified() .use(remarkParse) .use(gfm) + .use(rewriteLocalLinks, context) .use(remark2rehype, { allowDangerousHtml: true }) .use(slug) .use(raw) - .use(rewriteLocalLinks, context) .use(html) } diff --git a/src/content-render/unified/rewrite-local-links.js b/src/content-render/unified/rewrite-local-links.js index 8caf42f21839..e5f8ad774dda 100644 --- a/src/content-render/unified/rewrite-local-links.js +++ b/src/content-render/unified/rewrite-local-links.js @@ -83,20 +83,11 @@ const AUTOTITLE = /^\s*AUTOTITLE\s*$/ // which we use to know that we need to fall back to English. export class TitleFromAutotitleError extends Error {} -// Matches any tags with an href that starts with `/` -const matcherInternalLinks = (node) => - node.type === 'element' && - node.tagName === 'a' && - node.properties && - node.properties.href && - node.properties.href.startsWith('/') - -const matcherAnchorLinks = (node) => - node.type === 'element' && - node.tagName === 'a' && - node.properties && - node.properties.href && - node.properties.href.startsWith('#') +// Matches any link nodes with an href that starts with `/` +const matcherInternalLinks = (node) => node.type === 'link' && node.url && node.url.startsWith('/') + +// Matches any link nodes with an href that starts with `#` +const matcherAnchorLinks = (node) => node.type === 'link' && node.url && node.url.startsWith('#') // Content authors write links like `/some/article/path`, but they need to be // rewritten on the fly to match the current language and page version @@ -107,67 +98,101 @@ export default function rewriteLocalLinks(context) { return async function (tree) { const nodes = [] - visit(tree, matcherInternalLinks, (node) => { - // The context *might* have a `autotitleLanguage` which can be - // different from the regular `currentLanguage`. - // This means that AUTOTITLE links should be different from how, - // for example, reusables or other `{% data ... %}` Liquid tags work. - // Our release notes, for example, prefer to force the rendered text - // in English, but all AUTOTITLE links in the current language. - const newHref = getNewHref(node, autotitleLanguage || currentLanguage, currentVersion) - if (newHref) { - node.properties._originalHref = node.properties.href - node.properties.href = newHref + + // For links using linkReference and definition, we must + // first get the list of definitions and later resolve + // the linkReferences. + // + // So, for example, a reference that looks like: + // [Some link](some-reference) + // [some-reference]: /abc/123 + // Becomes: + // [Some link](/abc/123) + // And then we can treat it like a regular 'link'; + // see https://github.github.com/gfm/#link-reference-definitions for spec + const definitions = new Map() + visit(tree, 'definition', (node) => { + definitions.set(node.identifier, node) + }) + + visit(tree, 'linkReference', (node) => { + const definition = definitions.get(node.identifier) + if (definition) { + // Replace the LinkReference node with a Link node + node.type = 'link' + node.url = definition.url + node.title = definition.title + } else { + console.warn(`Definition not found for identifier: ${node.identifier}`) } - for (const child of node.children) { - if (child.value) { - if (AUTOTITLE.test(child.value)) { - nodes.push({ - href: node.properties.href, - child, - originalHref: node.properties._originalHref, - }) - } else if ( - // This means CI and local dev - process.env.NODE_ENV !== 'production' && - // But only raise this (in CI or local dev) if it's English - currentLanguage === 'en' - ) { - // Throw if the link text *almost* is AUTOTITLE - if ( - child.value.toUpperCase() === 'AUTOTITLE' || - distance(child.value.toUpperCase(), 'AUTOTITLE') <= 2 - ) { - throw new Error( - `Found link text '${child.value}', expected 'AUTOTITLE'. ` + - `Find the mention of the link text '${child.value}' and change it to 'AUTOTITLE'. Case matters.`, - ) - } - } + }) + + // this function handles processing the tree recursively, sometimes we have additional trees to convert + await processTree(tree, autotitleLanguage || currentLanguage, currentVersion, nodes, context) + } +} + +async function processTree(tree, language, version, nodes, context) { + // internal links begin with `/something` + visit(tree, matcherInternalLinks, (node) => { + processLinkNode(node, language, version, nodes) + }) + + if (!isProd) { + // handles anchor links + visit(tree, matcherAnchorLinks, (node) => { + for (const child of node.children || []) { + if (child.value && AUTOTITLE.test(child.value)) { + throw new Error( + `Found anchor link with text AUTOTITLE ('${node.url}'). ` + + 'Update the anchor link with text that is not AUTOTITLE.', + ) } } }) + } + + // nodes[] contains all the link nodes that need new titles + // and now we call to get those titles + await Promise.all( + nodes.map(({ url, child, originalHref }) => + getNewTitleSetter(child, url, context, originalHref), + ), + ) +} - if (!isProd) { - // This runs when doing local review, link checker tests, or - // running a script like `update-internal-links.js`. - visit(tree, matcherAnchorLinks, (node) => { - for (const child of node.children || []) { - if (child.value && AUTOTITLE.test(child.value)) { - throw new Error( - `Found anchor link with text AUTOTITLE ('${node.properties.href}'). ` + - 'Update the anchor link with text that is not AUTOTITLE.', - ) - } +function processLinkNode(node, language, version, nodes) { + const newHref = getNewHref(node, language, version) + if (newHref) { + node.originalHref = node.url + node.url = newHref + } + for (const child of node.children) { + if (child.value) { + if (AUTOTITLE.test(child.value)) { + nodes.push({ + url: node.url, + child, + originalHref: node._originalHref, + }) + } else if ( + // This means CI and local dev + process.env.NODE_ENV !== 'production' && + // But only raise this (in CI or local dev) if it's English + language === 'en' + ) { + // Throw if the link text *almost* is AUTOTITLE + if ( + child.value.toUpperCase() === 'AUTOTITLE' || + distance(child.value.toUpperCase(), 'AUTOTITLE') <= 2 + ) { + throw new Error( + `Found link text '${child.value}', expected 'AUTOTITLE'. ` + + `Find the mention of the link text '${child.value}' and change it to 'AUTOTITLE'. Case matters.`, + ) } - }) + } } - - await Promise.all( - nodes.map(({ href, child, originalHref }) => - getNewTitleSetter(child, href, context, originalHref), - ), - ) } } @@ -190,21 +215,21 @@ async function getNewTitle(href, context, child, originalHref) { } function getNewHref(node, languageCode, version) { - const { href } = node.properties + const { url } = node // Exceptions to link rewriting - if (href.startsWith('/assets')) return - if (href.startsWith('/public')) return - if (href in externalRedirects) return + if (url.startsWith('/assets')) return + if (url.startsWith('/public')) return + if (url in externalRedirects) return - let newHref = href + let newHref = url // If the link has a hardcoded plan or version in it, do not update other than adding a language code // Examples: // /enterprise-server@2.20/rest/reference/oauth-authorizations // /enterprise-server/rest/reference/oauth-authorizations (this redirects to the latest version) // /enterprise-server@latest/rest/reference/oauth-authorizations (this redirects to the latest version) - const firstLinkSegment = href.split('/')[1] + const firstLinkSegment = url.split('/')[1] if (supportedPlans.has(firstLinkSegment.split('@')[0])) { - newHref = path.posix.join('/', languageCode, href) + newHref = path.posix.join('/', languageCode, url) } else if (firstLinkSegment.includes('@')) { // This could mean a bad typo! // This can happen if you have something @@ -215,16 +240,16 @@ function getNewHref(node, languageCode, version) { Warning! The first segment of the internal link has a '@' character in it but the plan is not recognized. This is likely a typo. Please inspect the link and fix it if it's a typo. -Look for an internal link that starts with '${href}'. +Look for an internal link that starts with '${url}'. `, ) } // If the link includes a deprecated version, do not update other than adding a language code // Example: /enterprise/11.10.340/admin/articles/upgrading-to-the-latest-release - const oldEnterpriseVersionNumber = href.match(patterns.getEnterpriseVersionNumber) + const oldEnterpriseVersionNumber = url.match(patterns.getEnterpriseVersionNumber) if (oldEnterpriseVersionNumber && deprecated.includes(oldEnterpriseVersionNumber[1])) { - newHref = path.posix.join('/', languageCode, href) + newHref = path.posix.join('/', languageCode, url) } // Treat the unicorn where we have version numbers. @@ -238,9 +263,9 @@ Look for an internal link that starts with '${href}'. // current number anyway. newHref = newHref.replace('/enterprise-server@latest/', `/enterprise-server@${latest}/`) - if (newHref === href) { + if (newHref === url) { // start clean with no language (TOC pages already include the lang codes via lib/liquid-tags/link.js) - const hrefWithoutLang = getPathWithoutLanguage(href) + const hrefWithoutLang = getPathWithoutLanguage(url) // normalize any legacy links so they conform to new link structure newHref = path.posix.join('/', languageCode, getNewVersionedPath(hrefWithoutLang)) @@ -249,13 +274,6 @@ Look for an internal link that starts with '${href}'. const versionFromHref = getVersionStringFromPath(newHref) // ------ BEGIN ONE-OFF OVERRIDES ------// - // dotcom-only links always point to dotcom - if (node.properties.className && node.properties.className.includes('dotcom-only')) { - // See internal issue #2672 - console.warn('This is deprecated and will soon be removed') - version = nonEnterpriseDefaultVersion - } - // desktop links always point to dotcom if (patterns.desktop.test(hrefWithoutLang)) { version = nonEnterpriseDefaultVersion diff --git a/src/fixtures/fixtures/content/get-started/foo/autotitling.md b/src/fixtures/fixtures/content/get-started/foo/autotitling.md index a004110dd4e5..f2cb18bd7d4c 100644 --- a/src/fixtures/fixtures/content/get-started/foo/autotitling.md +++ b/src/fixtures/fixtures/content/get-started/foo/autotitling.md @@ -1,6 +1,7 @@ --- title: Autotitling intro: Internal links that use AUTOTITLE should just work +layout: inline versions: fpt: '*' ghes: '*' @@ -23,3 +24,41 @@ Equally, if the link has a hash on it: Or, a combination of query string and hash: [AUTOTITLE](/get-started/start-your-journey/hello-world?tool=linux#this-hash) + +```typescript +// This is a code sample +console.log("Hello, World!"); + +// for more info on this, visit [AUTOTITLE](/get-started/markdown). +function greet(name: string): void { + console.log(`Hello, ${name}!`); +} + +// another example is [AUTOTITLE](/get-started/markdown/alerts) +const userName: string = "TypeScript User"; +greet(userName); +``` + +Some more JS: + +```javascript +// This is a comment +const { Octokit } = require("octokit"); + +// +async function checkAndRedeliverWebhooks() { + // See [AUTOTITLE](/get-started/markdown/permissions) + const TOKEN = process.env.TOKEN; + const ORGANIZATION_NAME = process.env.ORGANIZATION_NAME; + const HOOK_ID = process.env.HOOK_ID; + const LAST_REDELIVERY_VARIABLE_NAME = process.env.LAST_REDELIVERY_VARIABLE_NAME; + {% ifversion ghes %}const HOSTNAME = process.env.HOSTNAME;{% endif %} + const WORKFLOW_REPO_NAME = process.env.WORKFLOW_REPO_NAME; + const WORKFLOW_REPO_OWNER = process.env.WORKFLOW_REPO_OWNER; + + // Create an instance of `Octokit` using the token workflow. + const octokit = new Octokit({ {% ifversion ghes %} + baseUrl: "{% data variables.product.rest_url %}",{% endif %} + auth: TOKEN, + }); + ``` diff --git a/src/fixtures/tests/internal-links.js b/src/fixtures/tests/internal-links.js index c4261257e99d..549678ceceb1 100644 --- a/src/fixtures/tests/internal-links.js +++ b/src/fixtures/tests/internal-links.js @@ -17,6 +17,20 @@ describe('autotitle', () => { expect.assertions(4) }) + // skipped because autotitles aren't supported in annotated code blocks yet + // see docs-engineering#3691 + test.skip('internal links in codeblocks with AUTOTITLE resolves', async () => { + const $ = await getDOM('/get-started/foo/autotitling') + const links = $('#article-contents a[href]') + links.each((i, element) => { + if ($(element).attr('href').includes('/get-started/markdown')) { + expect($(element).text()).toContain('Markdown') + } + }) + // There are 2 links on the `autotitling.md` content. + expect.assertions(2) + }) + test('typos lead to error when NODE_ENV !== production', async () => { // The fixture typo-autotitling.md contains two different typos // of the word "AUTOTITLE", separated by `{% if version ghes %}` diff --git a/src/frame/middleware/api.ts b/src/frame/middleware/api.ts index 24c99eef7e85..a5c4c04468fd 100644 --- a/src/frame/middleware/api.ts +++ b/src/frame/middleware/api.ts @@ -10,14 +10,26 @@ import pageList from '@/article-api/middleware/pagelist' import webhooks from '@/webhooks/middleware/webhooks.js' import { ExtendedRequest } from '@/types' import { noCacheControl } from './cache-control' +import { createRateLimiter } from '@/shielding/middleware/rate-limit' const router = express.Router() -router.use('/events', events) -router.use('/webhooks', webhooks) -router.use('/anchor-redirect', anchorRedirect) -router.use('/pageinfo', pageInfo) -router.use('/pagelist', pageList) +// Please make sure to rate limit all routes in this file. +const createAPIRateLimiter = (hitsPerMin: number) => createRateLimiter(hitsPerMin, true) + +let eventsRouteRateLimit = 100 +let internalRoutesRateLimit = 25 // Used internally, higher rate limits +let searchRoutesRateLimit = 15 +let publicRoutesRateLimit = 10 // Used publicly, lower rate limits +if (process.env.NODE_ENV === 'test') { + searchRoutesRateLimit = 2 // set to 2 so that api-ai-search.ts test will exceed rate limit after 3 requests +} + +router.use('/events', createAPIRateLimiter(eventsRouteRateLimit), events) +router.use('/webhooks', createAPIRateLimiter(internalRoutesRateLimit), webhooks) +router.use('/anchor-redirect', createAPIRateLimiter(internalRoutesRateLimit), anchorRedirect) +router.use('/pageinfo', createAPIRateLimiter(3), pageInfo) +router.use('/pagelist', createAPIRateLimiter(publicRoutesRateLimit), pageList) // The purpose of this is for convenience to everyone who runs this code // base locally but don't have an Elasticsearch server locally. @@ -26,13 +38,14 @@ router.use('/pagelist', pageList) // server or the known credentials to a remote Elasticsearch. Whenever // that's the case, they can just HTTP proxy to the production server. if (process.env.CSE_COPILOT_ENDPOINT || process.env.NODE_ENV === 'test') { - router.use('/ai-search', aiSearch) + router.use('/ai-search', createAPIRateLimiter(searchRoutesRateLimit), aiSearch) } else { console.log( 'Proxying AI Search requests to docs.github.com. To use the cse-copilot endpoint, set the CSE_COPILOT_ENDPOINT environment variable.', ) router.use( '/ai-search', + createAPIRateLimiter(searchRoutesRateLimit), createProxyMiddleware({ target: 'https://docs.github.com', changeOrigin: true, @@ -43,10 +56,11 @@ if (process.env.CSE_COPILOT_ENDPOINT || process.env.NODE_ENV === 'test') { ) } if (process.env.ELASTICSEARCH_URL) { - router.use('/search', search) + router.use('/search', createAPIRateLimiter(searchRoutesRateLimit), search) } else { router.use( '/search', + createAPIRateLimiter(searchRoutesRateLimit), createProxyMiddleware({ target: 'https://docs.github.com', changeOrigin: true, @@ -59,7 +73,8 @@ if (process.env.ELASTICSEARCH_URL) { // We need access to specific httpOnly cookies set on github.com from the client // The only way to access these on the client is to fetch them from the server -router.get('/cookies', (req, res) => { +// Limit this endpoint to 1req/min because a client should only call this route once +router.get('/cookies', createAPIRateLimiter(1), (req, res) => { noCacheControl(res) const cookies = { isStaff: Boolean(req.cookies?.staffonly?.startsWith('yes')) || false, diff --git a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json index 7d13c346fb00..c337d4f07ea7 100644 --- a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json @@ -21,6 +21,15 @@ "additional-permissions": false, "access": "write" }, + { + "category": "enterprise-admin", + "slug": "promote-a-custom-property-to-an-enterprise", + "subcategory": "custom-properties", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/properties/schema/organizations/{org}/{custom_property_name}/promote", + "additional-permissions": false, + "access": "write" + }, { "category": "enterprise-admin", "slug": "get-a-custom-property-for-an-enterprise", @@ -7791,6 +7800,15 @@ "title": "Secret scanning alerts", "displayTitle": "Repository permissions for \"Secret scanning alerts\"", "permissions": [ + { + "category": "secret-scanning", + "slug": "list-bypass-requests-for-secret-scanning-for-an-org", + "subcategory": "delegated-bypass", + "verb": "get", + "requestPath": "/orgs/{org}/bypass-requests/secret-scanning", + "additional-permissions": false, + "access": "read" + }, { "category": "secret-scanning", "slug": "list-secret-scanning-alerts-for-an-organization", @@ -7800,6 +7818,42 @@ "additional-permissions": false, "access": "read" }, + { + "category": "secret-scanning", + "slug": "list-bypass-requests-for-secret-scanning-for-a-repository", + "subcategory": "delegated-bypass", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning", + "additional-permissions": false, + "access": "read" + }, + { + "category": "secret-scanning", + "slug": "get-a-bypass-request-for-secret-scanning", + "subcategory": "delegated-bypass", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}", + "additional-permissions": false, + "access": "read" + }, + { + "category": "secret-scanning", + "slug": "review-a-bypass-request-for-secret-scanning", + "subcategory": "delegated-bypass", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}", + "additional-permissions": false, + "access": "read" + }, + { + "category": "secret-scanning", + "slug": "dismiss-a-response-on-a-bypass-request-for-secret-scanning", + "subcategory": "delegated-bypass", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/bypass-responses/secret-scanning/{bypass_response_id}", + "additional-permissions": false, + "access": "read" + }, { "category": "secret-scanning", "slug": "list-secret-scanning-alerts-for-a-repository", diff --git a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json index e94ec086a26f..f7d95df012dc 100644 --- a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json +++ b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat.json @@ -2524,6 +2524,12 @@ "verb": "patch", "requestPath": "/enterprises/{enterprise}/properties/schema" }, + { + "slug": "promote-a-custom-property-to-an-enterprise", + "subcategory": "custom-properties", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/properties/schema/organizations/{org}/{custom_property_name}/promote" + }, { "slug": "get-a-custom-property-for-an-enterprise", "subcategory": "custom-properties", @@ -5306,12 +5312,42 @@ } ], "secret-scanning": [ + { + "slug": "list-bypass-requests-for-secret-scanning-for-an-org", + "subcategory": "delegated-bypass", + "verb": "get", + "requestPath": "/orgs/{org}/bypass-requests/secret-scanning" + }, { "slug": "list-secret-scanning-alerts-for-an-organization", "subcategory": "secret-scanning", "verb": "get", "requestPath": "/orgs/{org}/secret-scanning/alerts" }, + { + "slug": "list-bypass-requests-for-secret-scanning-for-a-repository", + "subcategory": "delegated-bypass", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning" + }, + { + "slug": "get-a-bypass-request-for-secret-scanning", + "subcategory": "delegated-bypass", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}" + }, + { + "slug": "review-a-bypass-request-for-secret-scanning", + "subcategory": "delegated-bypass", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}" + }, + { + "slug": "dismiss-a-response-on-a-bypass-request-for-secret-scanning", + "subcategory": "delegated-bypass", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/bypass-responses/secret-scanning/{bypass_response_id}" + }, { "slug": "list-secret-scanning-alerts-for-a-repository", "subcategory": "secret-scanning", diff --git a/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json index e5eb50841d78..75272334f0a1 100644 --- a/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json @@ -25,6 +25,17 @@ "server-to-server": true, "additional-permissions": false }, + { + "category": "enterprise-admin", + "slug": "promote-a-custom-property-to-an-enterprise", + "subcategory": "custom-properties", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/properties/schema/organizations/{org}/{custom_property_name}/promote", + "access": "write", + "user-to-server": true, + "server-to-server": true, + "additional-permissions": false + }, { "category": "enterprise-admin", "slug": "get-a-custom-property-for-an-enterprise", @@ -9470,6 +9481,17 @@ "title": "Secret scanning alerts", "displayTitle": "Repository permissions for \"Secret scanning alerts\"", "permissions": [ + { + "category": "secret-scanning", + "slug": "list-bypass-requests-for-secret-scanning-for-an-org", + "subcategory": "delegated-bypass", + "verb": "get", + "requestPath": "/orgs/{org}/bypass-requests/secret-scanning", + "access": "read", + "user-to-server": true, + "server-to-server": false, + "additional-permissions": false + }, { "category": "secret-scanning", "slug": "list-secret-scanning-alerts-for-an-organization", @@ -9481,6 +9503,50 @@ "server-to-server": true, "additional-permissions": false }, + { + "category": "secret-scanning", + "slug": "list-bypass-requests-for-secret-scanning-for-a-repository", + "subcategory": "delegated-bypass", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning", + "access": "read", + "user-to-server": true, + "server-to-server": false, + "additional-permissions": false + }, + { + "category": "secret-scanning", + "slug": "get-a-bypass-request-for-secret-scanning", + "subcategory": "delegated-bypass", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}", + "access": "read", + "user-to-server": true, + "server-to-server": false, + "additional-permissions": false + }, + { + "category": "secret-scanning", + "slug": "review-a-bypass-request-for-secret-scanning", + "subcategory": "delegated-bypass", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}", + "access": "read", + "user-to-server": true, + "server-to-server": false, + "additional-permissions": false + }, + { + "category": "secret-scanning", + "slug": "dismiss-a-response-on-a-bypass-request-for-secret-scanning", + "subcategory": "delegated-bypass", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/bypass-responses/secret-scanning/{bypass_response_id}", + "access": "read", + "user-to-server": true, + "server-to-server": false, + "additional-permissions": false + }, { "category": "secret-scanning", "slug": "list-secret-scanning-alerts-for-a-repository", diff --git a/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json b/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json index e1d0d5cbd6ed..91c1937c0c26 100644 --- a/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json +++ b/src/github-apps/data/ghec-2022-11-28/server-to-server-rest.json @@ -2252,6 +2252,12 @@ "verb": "patch", "requestPath": "/enterprises/{enterprise}/properties/schema" }, + { + "slug": "promote-a-custom-property-to-an-enterprise", + "subcategory": "custom-properties", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/properties/schema/organizations/{org}/{custom_property_name}/promote" + }, { "slug": "get-a-custom-property-for-an-enterprise", "subcategory": "custom-properties", diff --git a/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json b/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json index e94ec086a26f..f7d95df012dc 100644 --- a/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json +++ b/src/github-apps/data/ghec-2022-11-28/user-to-server-rest.json @@ -2524,6 +2524,12 @@ "verb": "patch", "requestPath": "/enterprises/{enterprise}/properties/schema" }, + { + "slug": "promote-a-custom-property-to-an-enterprise", + "subcategory": "custom-properties", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/properties/schema/organizations/{org}/{custom_property_name}/promote" + }, { "slug": "get-a-custom-property-for-an-enterprise", "subcategory": "custom-properties", @@ -5306,12 +5312,42 @@ } ], "secret-scanning": [ + { + "slug": "list-bypass-requests-for-secret-scanning-for-an-org", + "subcategory": "delegated-bypass", + "verb": "get", + "requestPath": "/orgs/{org}/bypass-requests/secret-scanning" + }, { "slug": "list-secret-scanning-alerts-for-an-organization", "subcategory": "secret-scanning", "verb": "get", "requestPath": "/orgs/{org}/secret-scanning/alerts" }, + { + "slug": "list-bypass-requests-for-secret-scanning-for-a-repository", + "subcategory": "delegated-bypass", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning" + }, + { + "slug": "get-a-bypass-request-for-secret-scanning", + "subcategory": "delegated-bypass", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}" + }, + { + "slug": "review-a-bypass-request-for-secret-scanning", + "subcategory": "delegated-bypass", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}" + }, + { + "slug": "dismiss-a-response-on-a-bypass-request-for-secret-scanning", + "subcategory": "delegated-bypass", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/bypass-responses/secret-scanning/{bypass_response_id}" + }, { "slug": "list-secret-scanning-alerts-for-a-repository", "subcategory": "secret-scanning", diff --git a/src/github-apps/lib/config.json b/src/github-apps/lib/config.json index acbdb27f003f..7fbeba13d6a7 100644 --- a/src/github-apps/lib/config.json +++ b/src/github-apps/lib/config.json @@ -60,5 +60,5 @@ "2022-11-28" ] }, - "sha": "2d90b0feb3246497649850821757a0eeec84e915" + "sha": "04c2dd07097565bce579c288d92a4be14dc99bf6" } \ No newline at end of file diff --git a/src/graphql/data/fpt/changelog.json b/src/graphql/data/fpt/changelog.json index 10bc68b5898e..ee9dba016f9d 100644 --- a/src/graphql/data/fpt/changelog.json +++ b/src/graphql/data/fpt/changelog.json @@ -1,4 +1,17 @@ [ + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

Field repository was removed from object type UserNamespaceRepository

" + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2025-02-26" + }, { "schemaChanges": [ { diff --git a/src/graphql/data/fpt/schema.docs.graphql b/src/graphql/data/fpt/schema.docs.graphql index 9404e73ef236..93e5a4bd900a 100644 --- a/src/graphql/data/fpt/schema.docs.graphql +++ b/src/graphql/data/fpt/schema.docs.graphql @@ -64258,11 +64258,6 @@ type UserNamespaceRepository implements Node { The user owner of the repository. """ owner: RepositoryOwner! - - """ - The repository owned by an enterprise managed user. - """ - repository: RepositoryInfo } """ diff --git a/src/graphql/data/fpt/schema.json b/src/graphql/data/fpt/schema.json index 2b8416588991..778f626aa721 100644 --- a/src/graphql/data/fpt/schema.json +++ b/src/graphql/data/fpt/schema.json @@ -79485,14 +79485,6 @@ "id": "repositoryowner", "kind": "interfaces", "href": "/graphql/reference/interfaces#repositoryowner" - }, - { - "name": "repository", - "description": "

The repository owned by an enterprise managed user.

", - "type": "RepositoryInfo", - "id": "repositoryinfo", - "kind": "interfaces", - "href": "/graphql/reference/interfaces#repositoryinfo" } ] }, diff --git a/src/graphql/data/ghec/schema.docs.graphql b/src/graphql/data/ghec/schema.docs.graphql index 9404e73ef236..93e5a4bd900a 100644 --- a/src/graphql/data/ghec/schema.docs.graphql +++ b/src/graphql/data/ghec/schema.docs.graphql @@ -64258,11 +64258,6 @@ type UserNamespaceRepository implements Node { The user owner of the repository. """ owner: RepositoryOwner! - - """ - The repository owned by an enterprise managed user. - """ - repository: RepositoryInfo } """ diff --git a/src/graphql/data/ghec/schema.json b/src/graphql/data/ghec/schema.json index 2b8416588991..778f626aa721 100644 --- a/src/graphql/data/ghec/schema.json +++ b/src/graphql/data/ghec/schema.json @@ -79485,14 +79485,6 @@ "id": "repositoryowner", "kind": "interfaces", "href": "/graphql/reference/interfaces#repositoryowner" - }, - { - "name": "repository", - "description": "

The repository owned by an enterprise managed user.

", - "type": "RepositoryInfo", - "id": "repositoryinfo", - "kind": "interfaces", - "href": "/graphql/reference/interfaces#repositoryinfo" } ] }, diff --git a/src/graphql/data/ghes-3.16/graphql_upcoming_changes.public-enterprise.yml b/src/graphql/data/ghes-3.16/graphql_upcoming_changes.public-enterprise.yml index 58a7dabb311a..53edf3e4c7bd 100644 --- a/src/graphql/data/ghes-3.16/graphql_upcoming_changes.public-enterprise.yml +++ b/src/graphql/data/ghes-3.16/graphql_upcoming_changes.public-enterprise.yml @@ -544,3 +544,75 @@ upcoming_changes: date: '2025-01-01T00:00:00+00:00' criticality: breaking owner: chriskirkland + - location: Enterprise.members.hasTwoFactorEnabled + description: + '`hasTwoFactorEnabled` will be removed. Use `two_factor_method_security` + instead.' + reason: '`has_two_factor_enabled` will be removed.' + date: '2025-04-01T00:00:00+00:00' + criticality: breaking + owner: authentication + - location: EnterpriseOwnerInfo.admins.hasTwoFactorEnabled + description: + '`hasTwoFactorEnabled` will be removed. Use `two_factor_method_security` + instead.' + reason: '`has_two_factor_enabled` will be removed.' + date: '2025-04-01T00:00:00+00:00' + criticality: breaking + owner: authentication + - location: EnterpriseOwnerInfo.outsideCollaborators.hasTwoFactorEnabled + description: + '`hasTwoFactorEnabled` will be removed. Use `two_factor_method_security` + instead.' + reason: '`has_two_factor_enabled` will be removed.' + date: '2025-04-01T00:00:00+00:00' + criticality: breaking + owner: authentication + - location: ProjectV2.databaseId + description: '`databaseId` will be removed. Use `fullDatabaseId` instead.' + reason: + '`databaseId` will be removed because it does not support 64-bit signed + integer identifiers.' + date: '2025-04-01T00:00:00+00:00' + criticality: breaking + owner: dewski + - location: ProjectV2Item.databaseId + description: '`databaseId` will be removed. Use `fullDatabaseId` instead.' + reason: + '`databaseId` will be removed because it does not support 64-bit signed + integer identifiers.' + date: '2025-04-01T00:00:00+00:00' + criticality: breaking + owner: dewski + - location: ProjectV2StatusUpdate.databaseId + description: '`databaseId` will be removed. Use `fullDatabaseId` instead.' + reason: + '`databaseId` will be removed because it does not support 64-bit signed + integer identifiers.' + date: '2025-04-01T00:00:00+00:00' + criticality: breaking + owner: dewski + - location: ProjectV2View.databaseId + description: '`databaseId` will be removed. Use `fullDatabaseId` instead.' + reason: + '`databaseId` will be removed because it does not support 64-bit signed + integer identifiers.' + date: '2025-04-01T00:00:00+00:00' + criticality: breaking + owner: dewski + - location: ProjectV2Workflow.databaseId + description: '`databaseId` will be removed. Use `fullDatabaseId` instead.' + reason: + '`databaseId` will be removed because it does not support 64-bit signed + integer identifiers.' + date: '2025-04-01T00:00:00+00:00' + criticality: breaking + owner: dewski + - location: SecurityAdvisory.cvss + description: + '`cvss` will be removed. New `cvss_severities` field will now contain + both `cvss_v3` and `cvss_v4` properties.' + reason: '`cvss` will be removed.' + date: '2025-10-01T00:00:00+00:00' + criticality: breaking + owner: github/advisory-database diff --git a/src/graphql/data/ghes-3.16/previews.json b/src/graphql/data/ghes-3.16/previews.json index fe51488c7066..0637a088a01e 100644 --- a/src/graphql/data/ghes-3.16/previews.json +++ b/src/graphql/data/ghes-3.16/previews.json @@ -1 +1 @@ -[] +[] \ No newline at end of file diff --git a/src/graphql/data/ghes-3.16/schema.docs-enterprise.graphql b/src/graphql/data/ghes-3.16/schema.docs-enterprise.graphql index d927725b0d0d..71218c0d6bcb 100644 --- a/src/graphql/data/ghes-3.16/schema.docs-enterprise.graphql +++ b/src/graphql/data/ghes-3.16/schema.docs-enterprise.graphql @@ -970,6 +970,56 @@ type AddStarPayload { starrable: Starrable } +""" +Autogenerated input type of AddSubIssue +""" +input AddSubIssueInput { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The id of the issue. + """ + issueId: ID! @possibleTypes(concreteTypes: ["Issue"]) + + """ + Option to replace parent issue if one already exists + """ + replaceParent: Boolean + + """ + The id of the sub-issue. + """ + subIssueId: ID @possibleTypes(concreteTypes: ["Issue"]) + + """ + The url of the sub-issue. + """ + subIssueUrl: String +} + +""" +Autogenerated return type of AddSubIssue. +""" +type AddSubIssuePayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The parent issue that the sub-issue was added to. + """ + issue: Issue + + """ + The sub-issue of the parent. + """ + subIssue: Issue +} + """ Autogenerated input type of AddUpvote """ @@ -1113,7 +1163,7 @@ type AddedToProjectEvent implements Node { """ Represents an announcement banner. """ -interface AnnouncementBanner { +interface AnnouncementBannerI { """ The text of the announcement """ @@ -7383,6 +7433,11 @@ input CreateIssueInput { """ milestoneId: ID @possibleTypes(concreteTypes: ["Milestone"]) + """ + The Node ID of the parent issue to add this new issue to + """ + parentIssueId: ID @possibleTypes(concreteTypes: ["Issue"]) + """ An array of Node IDs for projects associated with this issue. """ @@ -7971,7 +8026,7 @@ input CreateRepositoryRulesetInput { """ The global relay id of the source in which a new ruleset should be created in. """ - sourceId: ID! @possibleTypes(concreteTypes: ["Organization", "Repository"], abstractType: "RuleSource") + sourceId: ID! @possibleTypes(concreteTypes: ["Enterprise", "Organization", "Repository"], abstractType: "RuleSource") """ The target of the ruleset. @@ -8633,6 +8688,21 @@ type CrossReferencedEvent implements Node & UniformResourceLocatable { willCloseTarget: Boolean! } +""" +The Common Vulnerability Scoring System +""" +type CvssSeverities { + """ + The CVSS v3 severity associated with this advisory + """ + cvssV3: CVSS + + """ + The CVSS v4 severity associated with this advisory + """ + cvssV4: CVSS +} + """ An ISO-8601 encoded date string. """ @@ -9739,6 +9809,11 @@ type DeployKey implements Node { """ createdAt: DateTime! + """ + Whether or not the deploy key is enabled by policy at the Enterprise or Organization level. + """ + enabled: Boolean! + """ The Node ID of the DeployKey object """ @@ -12027,6 +12102,21 @@ input DraftPullRequestReviewThread { startSide: DiffSide = RIGHT } +""" +The Exploit Prediction Scoring System +""" +type EPSS { + """ + The EPSS percentage represents the likelihood of a CVE being exploited. + """ + percentage: Float + + """ + The EPSS percentile represents the relative rank of the CVE's likelihood of being exploited compared to other CVEs. + """ + percentile: Float +} + """ Autogenerated input type of EnablePullRequestAutoMerge """ @@ -12135,7 +12225,7 @@ type EnqueuePullRequestPayload { """ An account to manage multiple organizations with consolidated policy and billing. """ -type Enterprise implements AnnouncementBanner & Node { +type Enterprise implements AnnouncementBannerI & Node { """ The text of the announcement """ @@ -12233,6 +12323,10 @@ type Enterprise implements AnnouncementBanner & Node { """ Only return members with this two-factor authentication status. Does not include members who only have an account on a GitHub Enterprise Server instance. + + **Upcoming Change on 2025-04-01 UTC** + **Description:** `hasTwoFactorEnabled` will be removed. Use `two_factor_method_security` instead. + **Reason:** `has_two_factor_enabled` will be removed. """ hasTwoFactorEnabled: Boolean = null @@ -12260,6 +12354,12 @@ type Enterprise implements AnnouncementBanner & Node { The role of the user in the enterprise organization or server. """ role: EnterpriseUserAccountMembershipRole + + """ + Only return members with this type of two-factor authentication method. Does + not include members who only have an account on a GitHub Enterprise Server instance. + """ + twoFactorMethodSecurity: TwoFactorCredentialSecurityType = null ): EnterpriseMemberConnection! """ @@ -12679,6 +12779,21 @@ enum EnterpriseDefaultRepositoryPermissionSettingValue { WRITE } +""" +The possible values for an enabled/no policy enterprise setting. +""" +enum EnterpriseDisallowedMethodsSettingValue { + """ + The setting prevents insecure 2FA methods from being used by members of the enterprise. + """ + INSECURE + + """ + There is no policy set for preventing insecure 2FA methods from being used by members of the enterprise. + """ + NO_POLICY +} + """ An edge in a connection. """ @@ -13207,6 +13322,10 @@ type EnterpriseOwnerInfo { """ Only return administrators with this two-factor authentication status. + + **Upcoming Change on 2025-04-01 UTC** + **Description:** `hasTwoFactorEnabled` will be removed. Use `two_factor_method_security` instead. + **Reason:** `has_two_factor_enabled` will be removed. """ hasTwoFactorEnabled: Boolean = null @@ -13234,6 +13353,11 @@ type EnterpriseOwnerInfo { The role to filter by. """ role: EnterpriseAdministratorRole + + """ + Only return outside collaborators with this type of two-factor authentication method. + """ + twoFactorMethodSecurity: TwoFactorCredentialSecurityType = null ): EnterpriseAdministratorConnection! """ @@ -13841,6 +13965,10 @@ type EnterpriseOwnerInfo { """ Only return outside collaborators with this two-factor authentication status. + + **Upcoming Change on 2025-04-01 UTC** + **Description:** `hasTwoFactorEnabled` will be removed. Use `two_factor_method_security` instead. + **Reason:** `has_two_factor_enabled` will be removed. """ hasTwoFactorEnabled: Boolean = null @@ -13869,6 +13997,11 @@ type EnterpriseOwnerInfo { """ query: String + """ + Only return outside collaborators with this type of two-factor authentication method. + """ + twoFactorMethodSecurity: TwoFactorCredentialSecurityType = null + """ Only return outside collaborators on repositories with this visibility. """ @@ -13990,6 +14123,46 @@ type EnterpriseOwnerInfo { query: String ): EnterprisePendingMemberInvitationConnection! + """ + The setting value for whether deploy keys are enabled for repositories in organizations in this enterprise. + """ + repositoryDeployKeySetting: EnterpriseEnabledDisabledSettingValue! + + """ + A list of enterprise organizations configured with the provided deploy keys setting value. + """ + repositoryDeployKeySettingOrganizations( + """ + Returns the elements in the list that come after the specified cursor. + """ + after: String + + """ + Returns the elements in the list that come before the specified cursor. + """ + before: String + + """ + Returns the first _n_ elements from the list. + """ + first: Int + + """ + Returns the last _n_ elements from the list. + """ + last: Int + + """ + Ordering options for organizations with this setting. + """ + orderBy: OrganizationOrder = {field: LOGIN, direction: ASC} + + """ + The setting value to find organizations for. + """ + value: Boolean! + ): OrganizationConnection! + """ The setting value for whether repository projects are enabled in this enterprise. """ @@ -14110,6 +14283,11 @@ type EnterpriseOwnerInfo { value: Boolean! ): OrganizationConnection! + """ + The setting value for what methods of two-factor authentication the enterprise prevents its users from having. + """ + twoFactorDisallowedMethodsSetting: EnterpriseDisallowedMethodsSettingValue! + """ The setting value for whether the enterprise requires two-factor authentication for its organizations and users. """ @@ -15451,8 +15629,7 @@ input FileDeletion { } """ -Prevent commits that include files with specified file extensions from being -pushed to the commit graph. NOTE: This rule is in beta and subject to change +Prevent commits that include files with specified file extensions from being pushed to the commit graph. """ type FileExtensionRestrictionParameters { """ @@ -15462,8 +15639,7 @@ type FileExtensionRestrictionParameters { } """ -Prevent commits that include files with specified file extensions from being -pushed to the commit graph. NOTE: This rule is in beta and subject to change +Prevent commits that include files with specified file extensions from being pushed to the commit graph. """ input FileExtensionRestrictionParametersInput { """ @@ -15473,8 +15649,7 @@ input FileExtensionRestrictionParametersInput { } """ -Prevent commits that include changes in specified file paths from being pushed -to the commit graph. NOTE: This rule is in beta and subject to change +Prevent commits that include changes in specified file paths from being pushed to the commit graph. """ type FilePathRestrictionParameters { """ @@ -15484,8 +15659,7 @@ type FilePathRestrictionParameters { } """ -Prevent commits that include changes in specified file paths from being pushed -to the commit graph. NOTE: This rule is in beta and subject to change +Prevent commits that include changes in specified file paths from being pushed to the commit graph. """ input FilePathRestrictionParametersInput { """ @@ -17182,6 +17356,11 @@ type Issue implements Assignable & Closable & Comment & Deletable & Labelable & """ number: Int! + """ + The parent entity of the issue. + """ + parent: Issue + """ A list of Users that are participating in the Issue conversation. """ @@ -17382,6 +17561,36 @@ type Issue implements Assignable & Closable & Comment & Deletable & Labelable & """ stateReason: IssueStateReason + """ + A list of sub-issues associated with the Issue. + """ + subIssues( + """ + Returns the elements in the list that come after the specified cursor. + """ + after: String + + """ + Returns the elements in the list that come before the specified cursor. + """ + before: String + + """ + Returns the first _n_ elements from the list. + """ + first: Int + + """ + Returns the last _n_ elements from the list. + """ + last: Int + ): IssueConnection! + + """ + Summary of the state of an issue's sub-issues + """ + subIssuesSummary: SubIssuesSummary! + """ A list of events, comments, commits, etc. associated with the issue. """ @@ -17568,6 +17777,11 @@ enum IssueClosedStateReason { """ COMPLETED + """ + An issue that has been closed as a duplicate + """ + DUPLICATE + """ An issue that has been closed as not planned """ @@ -18051,6 +18265,11 @@ enum IssueStateReason { """ COMPLETED + """ + An issue that has been closed as a duplicate + """ + DUPLICATE + """ An issue that has been closed as not planned """ @@ -19575,8 +19794,7 @@ type MarkedAsDuplicateEvent implements Node { } """ -Prevent commits that include file paths that exceed a specified character limit -from being pushed to the commit graph. NOTE: This rule is in beta and subject to change +Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph. """ type MaxFilePathLengthParameters { """ @@ -19586,8 +19804,7 @@ type MaxFilePathLengthParameters { } """ -Prevent commits that include file paths that exceed a specified character limit -from being pushed to the commit graph. NOTE: This rule is in beta and subject to change +Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph. """ input MaxFilePathLengthParametersInput { """ @@ -19597,8 +19814,7 @@ input MaxFilePathLengthParametersInput { } """ -Prevent commits that exceed a specified file size limit from being pushed to the -commit. NOTE: This rule is in beta and subject to change +Prevent commits that exceed a specified file size limit from being pushed to the commit. """ type MaxFileSizeParameters { """ @@ -19608,8 +19824,7 @@ type MaxFileSizeParameters { } """ -Prevent commits that exceed a specified file size limit from being pushed to the -commit. NOTE: This rule is in beta and subject to change +Prevent commits that exceed a specified file size limit from being pushed to the commit. """ input MaxFileSizeParametersInput { """ @@ -21517,6 +21732,16 @@ type Mutation { input: AddStarInput! ): AddStarPayload + """ + Adds a sub-issue to a given issue + """ + addSubIssue( + """ + Parameters for AddSubIssue + """ + input: AddSubIssueInput! + ): AddSubIssuePayload + """ Add an upvote to a discussion or discussion comment. """ @@ -22625,6 +22850,16 @@ type Mutation { input: RemoveStarInput! ): RemoveStarPayload + """ + Removes a sub-issue from a given issue + """ + removeSubIssue( + """ + Parameters for RemoveSubIssue + """ + input: RemoveSubIssueInput! + ): RemoveSubIssuePayload + """ Remove an upvote to a discussion or discussion comment. """ @@ -22675,6 +22910,16 @@ type Mutation { input: ReorderEnvironmentInput! ): ReorderEnvironmentPayload + """ + Reprioritizes a sub-issue to a different position in the parent list. + """ + reprioritizeSubIssue( + """ + Parameters for ReprioritizeSubIssue + """ + input: ReprioritizeSubIssueInput! + ): ReprioritizeSubIssuePayload + """ Set review requests on a pull request. """ @@ -23005,6 +23250,16 @@ type Mutation { input: UpdateEnterpriseDefaultRepositoryPermissionSettingInput! ): UpdateEnterpriseDefaultRepositoryPermissionSettingPayload + """ + Sets whether deploy keys are allowed to be created and used for an enterprise. + """ + updateEnterpriseDeployKeySetting( + """ + Parameters for UpdateEnterpriseDeployKeySetting + """ + input: UpdateEnterpriseDeployKeySettingInput! + ): UpdateEnterpriseDeployKeySettingPayload + """ Sets whether organization members with admin permissions on a repository can change repository visibility. """ @@ -23135,6 +23390,16 @@ type Mutation { input: UpdateEnterpriseTeamDiscussionsSettingInput! ): UpdateEnterpriseTeamDiscussionsSettingPayload + """ + Sets the two-factor authentication methods that users of an enterprise may not use. + """ + updateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting( + """ + Parameters for UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting + """ + input: UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput! + ): UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingPayload + """ Sets whether two factor authentication is required for all users in an enterprise. """ @@ -27104,7 +27369,7 @@ type OrgUpdateMemberRepositoryInvitationPermissionAuditEntry implements AuditEnt """ An account on GitHub, with one or more owners, that has repositories, members and teams. """ -type Organization implements Actor & AnnouncementBanner & MemberStatusable & Node & PackageOwner & ProfileOwner & ProjectOwner & ProjectV2Owner & ProjectV2Recent & RepositoryDiscussionAuthor & RepositoryDiscussionCommentAuthor & RepositoryOwner & UniformResourceLocatable { +type Organization implements Actor & AnnouncementBannerI & MemberStatusable & Node & PackageOwner & ProfileOwner & ProjectOwner & ProjectV2Owner & ProjectV2Recent & RepositoryDiscussionAuthor & RepositoryDiscussionCommentAuthor & RepositoryOwner & UniformResourceLocatable { """ The text of the announcement """ @@ -27978,6 +28243,11 @@ type Organization implements Actor & AnnouncementBanner & MemberStatusable & Nod The ID of the ruleset to be returned. """ databaseId: Int! + + """ + Include rulesets configured at higher levels that apply to this organization. + """ + includeParents: Boolean = true ): RepositoryRuleset """ @@ -28008,6 +28278,11 @@ type Organization implements Actor & AnnouncementBanner & MemberStatusable & Nod Returns the last _n_ elements from the list. """ last: Int + + """ + Return rulesets that apply to the specified target + """ + targets: [RepositoryRulesetTarget!] = null ): RepositoryRulesetConnection """ @@ -31285,6 +31560,9 @@ type ProjectV2 implements Closable & Node & Updatable { Identifies the primary key from the database. """ databaseId: Int + @deprecated( + reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC." + ) """ A field of the project @@ -31326,6 +31604,11 @@ type ProjectV2 implements Closable & Node & Updatable { orderBy: ProjectV2FieldOrder = {field: POSITION, direction: ASC} ): ProjectV2FieldConfigurationConnection! + """ + Identifies the primary key from the database as a BigInt. + """ + fullDatabaseId: BigInt + """ The Node ID of the ProjectV2 object """ @@ -32065,6 +32348,9 @@ type ProjectV2Item implements Node { Identifies the primary key from the database. """ databaseId: Int + @deprecated( + reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC." + ) """ The field value of the first project field which matches the 'name' argument that is set on the item. @@ -33391,6 +33677,14 @@ type ProjectV2StatusUpdate implements Node { Identifies the primary key from the database. """ databaseId: Int + @deprecated( + reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC." + ) + + """ + Identifies the primary key from the database as a BigInt. + """ + fullDatabaseId: BigInt """ The Node ID of the ProjectV2StatusUpdate object @@ -33516,6 +33810,9 @@ type ProjectV2View implements Node { Identifies the primary key from the database. """ databaseId: Int + @deprecated( + reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC." + ) """ The view's visible fields. @@ -33552,6 +33849,11 @@ type ProjectV2View implements Node { """ filter: String + """ + Identifies the primary key from the database as a BigInt. + """ + fullDatabaseId: BigInt + """ The view's group-by field. """ @@ -33903,12 +34205,20 @@ type ProjectV2Workflow implements Node { Identifies the primary key from the database. """ databaseId: Int + @deprecated( + reason: "`databaseId` will be removed because it does not support 64-bit signed integer identifiers. Use `fullDatabaseId` instead. Removal on 2025-04-01 UTC." + ) """ Whether the workflow is enabled. """ enabled: Boolean! + """ + Identifies the primary key from the database as a BigInt. + """ + fullDatabaseId: BigInt + """ The Node ID of the ProjectV2Workflow object """ @@ -37329,7 +37639,7 @@ type PushAllowanceEdge { """ The query root of GitHub's GraphQL interface. """ -type Query { +type Query implements Node { """ Look up a code of conduct by its key """ @@ -37360,6 +37670,11 @@ type Query { slug: String! ): Enterprise + """ + ID of the object. + """ + id: ID! + """ Look up an open source license by its key """ @@ -37554,6 +37869,16 @@ type Query { """ classifications: [SecurityAdvisoryClassification!] + """ + The EPSS percentage to filter advisories by. + """ + epssPercentage: Float + + """ + The EPSS percentile to filter advisories by. + """ + epssPercentile: Float + """ Returns the first _n_ elements from the list. """ @@ -39195,6 +39520,46 @@ type RemoveStarPayload { starrable: Starrable } +""" +Autogenerated input type of RemoveSubIssue +""" +input RemoveSubIssueInput { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The id of the issue. + """ + issueId: ID! @possibleTypes(concreteTypes: ["Issue"]) + + """ + The id of the sub-issue. + """ + subIssueId: ID! @possibleTypes(concreteTypes: ["Issue"]) +} + +""" +Autogenerated return type of RemoveSubIssue. +""" +type RemoveSubIssuePayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The parent of the sub-issue. + """ + issue: Issue + + """ + The sub-issue of the parent. + """ + subIssue: Issue +} + """ Autogenerated input type of RemoveUpvote """ @@ -43366,6 +43731,11 @@ type Repository implements Node & PackageOwner & ProjectOwner & ProjectV2Recent Returns the last _n_ elements from the list. """ last: Int + + """ + Return rulesets that apply to the specified target + """ + targets: [RepositoryRulesetTarget!] = null ): RepositoryRulesetConnection """ @@ -44975,14 +45345,12 @@ enum RepositoryRuleType { DELETION """ - Prevent commits that include files with specified file extensions from being - pushed to the commit graph. NOTE: This rule is in beta and subject to change + Prevent commits that include files with specified file extensions from being pushed to the commit graph. """ FILE_EXTENSION_RESTRICTION """ - Prevent commits that include changes in specified file paths from being pushed - to the commit graph. NOTE: This rule is in beta and subject to change + Prevent commits that include changes in specified file paths from being pushed to the commit graph. """ FILE_PATH_RESTRICTION @@ -44992,15 +45360,12 @@ enum RepositoryRuleType { LOCK_BRANCH """ - Prevent commits that include file paths that exceed a specified character - limit from being pushed to the commit graph. NOTE: This rule is in beta and - subject to change + Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph. """ MAX_FILE_PATH_LENGTH """ - Prevent commits that exceed a specified file size limit from being pushed to - the commit. NOTE: This rule is in beta and subject to change + Prevent commits that exceed a specified file size limit from being pushed to the commit. """ MAX_FILE_SIZE @@ -45217,6 +45582,11 @@ type RepositoryRulesetBypassActor implements Node { """ deployKey: Boolean! + """ + This actor represents the ability for an enterprise owner to bypass + """ + enterpriseOwner: Boolean! + """ The Node ID of the RepositoryRulesetBypassActor object """ @@ -45319,6 +45689,11 @@ input RepositoryRulesetBypassActorInput { """ deployKey: Boolean + """ + For enterprise owner bypasses, true + """ + enterpriseOwner: Boolean + """ For organization owner bypasses, true """ @@ -45371,7 +45746,7 @@ type RepositoryRulesetEdge { } """ -The targets supported for rulesets. NOTE: The push target is in beta and subject to change. +The targets supported for rulesets. """ enum RepositoryRulesetTarget { """ @@ -45870,6 +46245,51 @@ enum RepositoryVulnerabilityAlertState { OPEN } +""" +Autogenerated input type of ReprioritizeSubIssue +""" +input ReprioritizeSubIssueInput { + """ + The id of the sub-issue to be prioritized after (either positional argument after OR before should be specified). + """ + afterId: ID @possibleTypes(concreteTypes: ["Issue"]) + + """ + The id of the sub-issue to be prioritized before (either positional argument after OR before should be specified). + """ + beforeId: ID @possibleTypes(concreteTypes: ["Issue"]) + + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The id of the parent issue. + """ + issueId: ID! @possibleTypes(concreteTypes: ["Issue"]) + + """ + The id of the sub-issue to reprioritize. + """ + subIssueId: ID! @possibleTypes(concreteTypes: ["Issue"]) +} + +""" +Autogenerated return type of ReprioritizeSubIssue. +""" +type ReprioritizeSubIssuePayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The parent issue that the sub-issue was reprioritized in. + """ + issue: Issue +} + """ Autogenerated input type of RequestReviews """ @@ -46791,7 +47211,7 @@ input RuleParametersInput { """ Types which can have `RepositoryRule` objects. """ -union RuleSource = Organization | Repository +union RuleSource = Enterprise | Organization | Repository """ The possible digest algorithms used to sign SAML requests for an identity provider. @@ -47068,6 +47488,14 @@ type SecurityAdvisory implements Node { The CVSS associated with this advisory """ cvss: CVSS! + @deprecated( + reason: "`cvss` will be removed. New `cvss_severities` field will now contain both `cvss_v3` and `cvss_v4` properties. Removal on 2025-10-01 UTC." + ) + + """ + The CVSS associated with this advisory + """ + cvssSeverities: CvssSeverities! """ CWEs associated with this Advisory @@ -47104,6 +47532,11 @@ type SecurityAdvisory implements Node { """ description: String! + """ + The Exploit Prediction Scoring System + """ + epss: EPSS + """ The GitHub Security Advisory ID """ @@ -47591,6 +48024,11 @@ type SocialAccountEdge { Software or company that hosts social media accounts. """ enum SocialAccountProvider { + """ + Decentralized microblogging social platform. + """ + BLUESKY + """ Social media and networking website. """ @@ -48335,6 +48773,26 @@ enum StatusState { SUCCESS } +""" +Summary of the state of an issue's sub-issues +""" +type SubIssuesSummary { + """ + Count of completed sub-issues + """ + completed: Int! + + """ + Percent of sub-issues which are completed + """ + percentCompleted: Int! + + """ + Count of total number of sub-issues + """ + total: Int! +} + """ Autogenerated input type of SubmitPullRequestReview """ @@ -51277,6 +51735,26 @@ type TreeEntry { type: String! } +""" +Filters by whether or not 2FA is enabled and if the method configured is considered secure or insecure. +""" +enum TwoFactorCredentialSecurityType { + """ + No method of two-factor authentication. + """ + DISABLED + + """ + Has an insecure method of two-factor authentication. GitHub currently defines this as SMS two-factor authentication. + """ + INSECURE + + """ + Has only secure methods of two-factor authentication. + """ + SECURE +} + """ An RFC 3986, RFC 3987, and RFC 6570 (level 4) compliant URI string. """ @@ -52522,6 +53000,46 @@ type UpdateEnterpriseDefaultRepositoryPermissionSettingPayload { message: String } +""" +Autogenerated input type of UpdateEnterpriseDeployKeySetting +""" +input UpdateEnterpriseDeployKeySettingInput { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The ID of the enterprise on which to set the deploy key setting. + """ + enterpriseId: ID! @possibleTypes(concreteTypes: ["Enterprise"]) + + """ + The value for the deploy key setting on the enterprise. + """ + settingValue: EnterpriseEnabledDisabledSettingValue! +} + +""" +Autogenerated return type of UpdateEnterpriseDeployKeySetting. +""" +type UpdateEnterpriseDeployKeySettingPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The enterprise with the updated deploy key setting. + """ + enterprise: Enterprise + + """ + A message confirming the result of updating the deploy key setting. + """ + message: String +} + """ Autogenerated input type of UpdateEnterpriseMembersCanChangeRepositoryVisibilitySetting """ @@ -53073,6 +53591,46 @@ type UpdateEnterpriseTeamDiscussionsSettingPayload { message: String } +""" +Autogenerated input type of UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting +""" +input UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The ID of the enterprise on which to set the two-factor authentication disallowed methods setting. + """ + enterpriseId: ID! @possibleTypes(concreteTypes: ["Enterprise"]) + + """ + The value for the two-factor authentication disallowed methods setting on the enterprise. + """ + settingValue: EnterpriseDisallowedMethodsSettingValue! +} + +""" +Autogenerated return type of UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting. +""" +type UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingPayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + The enterprise with the updated two-factor authentication disallowed methods setting. + """ + enterprise: Enterprise + + """ + A message confirming the result of updating the two-factor authentication disallowed methods setting. + """ + message: String +} + """ Autogenerated input type of UpdateEnterpriseTwoFactorAuthenticationRequiredSetting """ @@ -56030,6 +56588,11 @@ type User implements Actor & Node & PackageOwner & ProfileOwner & ProjectOwner & """ url: URI! + """ + Whether the request returns publicly visible information or privately visible information about the user + """ + userViewType: UserViewType! + """ Can the viewer pin repositories and gists to the profile? """ @@ -56623,6 +57186,21 @@ enum UserStatusOrderField { UPDATED_AT } +""" +Whether a user being viewed contains public or private information. +""" +enum UserViewType { + """ + A user containing information only visible to the authenticated user. + """ + PRIVATE + + """ + A user that is publicly visible. + """ + PUBLIC +} + """ A domain that can be verified or approved for an organization or an enterprise. """ diff --git a/src/graphql/data/ghes-3.16/schema.json b/src/graphql/data/ghes-3.16/schema.json index d67cd9a88808..eeac0ce08de5 100644 --- a/src/graphql/data/ghes-3.16/schema.json +++ b/src/graphql/data/ghes-3.16/schema.json @@ -53,6 +53,15 @@ } ] }, + { + "name": "id", + "type": "ID!", + "kind": "scalars", + "id": "id", + "href": "/graphql/reference/scalars#id", + "description": "

ID of the object.

", + "args": [] + }, { "name": "license", "type": "License", @@ -382,6 +391,22 @@ "href": "/graphql/reference/enums#securityadvisoryclassification", "description": "

A list of classifications to filter advisories by.

" }, + { + "name": "epssPercentage", + "type": "Float", + "id": "float", + "kind": "scalars", + "href": "/graphql/reference/scalars#float", + "description": "

The EPSS percentage to filter advisories by.

" + }, + { + "name": "epssPercentile", + "type": "Float", + "id": "float", + "kind": "scalars", + "href": "/graphql/reference/scalars#float", + "description": "

The EPSS percentile to filter advisories by.

" + }, { "name": "first", "type": "Int", @@ -1331,6 +1356,48 @@ } ] }, + { + "name": "addSubIssue", + "kind": "mutations", + "id": "addsubissue", + "href": "/graphql/reference/mutations#addsubissue", + "description": "

Adds a sub-issue to a given issue.

", + "inputFields": [ + { + "name": "input", + "type": "AddSubIssueInput!", + "id": "addsubissueinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#addsubissueinput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

A unique identifier for the client performing the mutation.

" + }, + { + "name": "issue", + "type": "Issue", + "id": "issue", + "kind": "objects", + "href": "/graphql/reference/objects#issue", + "description": "

The parent issue that the sub-issue was added to.

" + }, + { + "name": "subIssue", + "type": "Issue", + "id": "issue", + "kind": "objects", + "href": "/graphql/reference/objects#issue", + "description": "

The sub-issue of the parent.

" + } + ] + }, { "name": "addUpvote", "kind": "mutations", @@ -5067,6 +5134,48 @@ } ] }, + { + "name": "removeSubIssue", + "kind": "mutations", + "id": "removesubissue", + "href": "/graphql/reference/mutations#removesubissue", + "description": "

Removes a sub-issue from a given issue.

", + "inputFields": [ + { + "name": "input", + "type": "RemoveSubIssueInput!", + "id": "removesubissueinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#removesubissueinput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

A unique identifier for the client performing the mutation.

" + }, + { + "name": "issue", + "type": "Issue", + "id": "issue", + "kind": "objects", + "href": "/graphql/reference/objects#issue", + "description": "

The parent of the sub-issue.

" + }, + { + "name": "subIssue", + "type": "Issue", + "id": "issue", + "kind": "objects", + "href": "/graphql/reference/objects#issue", + "description": "

The sub-issue of the parent.

" + } + ] + }, { "name": "removeUpvote", "kind": "mutations", @@ -5237,6 +5346,40 @@ } ] }, + { + "name": "reprioritizeSubIssue", + "kind": "mutations", + "id": "reprioritizesubissue", + "href": "/graphql/reference/mutations#reprioritizesubissue", + "description": "

Reprioritizes a sub-issue to a different position in the parent list.

", + "inputFields": [ + { + "name": "input", + "type": "ReprioritizeSubIssueInput!", + "id": "reprioritizesubissueinput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#reprioritizesubissueinput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

A unique identifier for the client performing the mutation.

" + }, + { + "name": "issue", + "type": "Issue", + "id": "issue", + "kind": "objects", + "href": "/graphql/reference/objects#issue", + "description": "

The parent issue that the sub-issue was reprioritized in.

" + } + ] + }, { "name": "requestReviews", "kind": "mutations", @@ -6423,6 +6566,48 @@ } ] }, + { + "name": "updateEnterpriseDeployKeySetting", + "kind": "mutations", + "id": "updateenterprisedeploykeysetting", + "href": "/graphql/reference/mutations#updateenterprisedeploykeysetting", + "description": "

Sets whether deploy keys are allowed to be created and used for an enterprise.

", + "inputFields": [ + { + "name": "input", + "type": "UpdateEnterpriseDeployKeySettingInput!", + "id": "updateenterprisedeploykeysettinginput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#updateenterprisedeploykeysettinginput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

A unique identifier for the client performing the mutation.

" + }, + { + "name": "enterprise", + "type": "Enterprise", + "id": "enterprise", + "kind": "objects", + "href": "/graphql/reference/objects#enterprise", + "description": "

The enterprise with the updated deploy key setting.

" + }, + { + "name": "message", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

A message confirming the result of updating the deploy key setting.

" + } + ] + }, { "name": "updateEnterpriseMembersCanChangeRepositoryVisibilitySetting", "kind": "mutations", @@ -6953,6 +7138,48 @@ } ] }, + { + "name": "updateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting", + "kind": "mutations", + "id": "updateenterprisetwofactorauthenticationdisallowedmethodssetting", + "href": "/graphql/reference/mutations#updateenterprisetwofactorauthenticationdisallowedmethodssetting", + "description": "

Sets the two-factor authentication methods that users of an enterprise may not use.

", + "inputFields": [ + { + "name": "input", + "type": "UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput!", + "id": "updateenterprisetwofactorauthenticationdisallowedmethodssettinginput", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#updateenterprisetwofactorauthenticationdisallowedmethodssettinginput" + } + ], + "returnFields": [ + { + "name": "clientMutationId", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

A unique identifier for the client performing the mutation.

" + }, + { + "name": "enterprise", + "type": "Enterprise", + "id": "enterprise", + "kind": "objects", + "href": "/graphql/reference/objects#enterprise", + "description": "

The enterprise with the updated two-factor authentication disallowed methods setting.

" + }, + { + "name": "message", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string", + "description": "

A message confirming the result of updating the two-factor authentication disallowed methods setting.

" + } + ] + }, { "name": "updateEnterpriseTwoFactorAuthenticationRequiredSetting", "kind": "mutations", @@ -16041,6 +16268,31 @@ } ] }, + { + "name": "CvssSeverities", + "kind": "objects", + "id": "cvssseverities", + "href": "/graphql/reference/objects#cvssseverities", + "description": "

The Common Vulnerability Scoring System.

", + "fields": [ + { + "name": "cvssV3", + "description": "

The CVSS v3 severity associated with this advisory.

", + "type": "CVSS", + "id": "cvss", + "kind": "objects", + "href": "/graphql/reference/objects#cvss" + }, + { + "name": "cvssV4", + "description": "

The CVSS v4 severity associated with this advisory.

", + "type": "CVSS", + "id": "cvss", + "kind": "objects", + "href": "/graphql/reference/objects#cvss" + } + ] + }, { "name": "DemilestonedEvent", "kind": "objects", @@ -16505,6 +16757,14 @@ "kind": "scalars", "href": "/graphql/reference/scalars#datetime" }, + { + "name": "enabled", + "description": "

Whether or not the deploy key is enabled by policy at the Enterprise or Organization level.

", + "type": "Boolean!", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + }, { "name": "id", "description": "

The Node ID of the DeployKey object.

", @@ -19695,6 +19955,31 @@ } ] }, + { + "name": "EPSS", + "kind": "objects", + "id": "epss", + "href": "/graphql/reference/objects#epss", + "description": "

The Exploit Prediction Scoring System.

", + "fields": [ + { + "name": "percentage", + "description": "

The EPSS percentage represents the likelihood of a CVE being exploited.

", + "type": "Float", + "id": "float", + "kind": "scalars", + "href": "/graphql/reference/scalars#float" + }, + { + "name": "percentile", + "description": "

The EPSS percentile represents the relative rank of the CVE's likelihood of being exploited compared to other CVEs.

", + "type": "Float", + "id": "float", + "kind": "scalars", + "href": "/graphql/reference/scalars#float" + } + ] + }, { "name": "Enterprise", "kind": "objects", @@ -19703,9 +19988,9 @@ "description": "

An account to manage multiple organizations with consolidated policy and billing.

", "implements": [ { - "name": "AnnouncementBanner", - "id": "announcementbanner", - "href": "/graphql/reference/interfaces#announcementbanner" + "name": "AnnouncementBannerI", + "id": "announcementbanneri", + "href": "/graphql/reference/interfaces#announcementbanneri" }, { "name": "Node", @@ -19880,7 +20165,7 @@ }, { "name": "hasTwoFactorEnabled", - "description": "

Only return members with this two-factor authentication status. Does not\ninclude members who only have an account on a GitHub Enterprise Server instance.

", + "description": "

Only return members with this two-factor authentication status. Does not\ninclude members who only have an account on a GitHub Enterprise Server instance.

\n

Upcoming Change on 2025-04-01 UTC\nDescription: hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.\nReason: has_two_factor_enabled will be removed.

", "type": { "name": "Boolean", "id": "boolean", @@ -19937,6 +20222,16 @@ "kind": "enums", "href": "/graphql/reference/enums#enterpriseuseraccountmembershiprole" } + }, + { + "name": "twoFactorMethodSecurity", + "description": "

Only return members with this type of two-factor authentication method. Does\nnot include members who only have an account on a GitHub Enterprise Server instance.

", + "type": { + "name": "TwoFactorCredentialSecurityType", + "id": "twofactorcredentialsecuritytype", + "kind": "enums", + "href": "/graphql/reference/enums#twofactorcredentialsecuritytype" + } } ] }, @@ -21072,7 +21367,7 @@ }, { "name": "hasTwoFactorEnabled", - "description": "

Only return administrators with this two-factor authentication status.

", + "description": "

Only return administrators with this two-factor authentication status.

\n

Upcoming Change on 2025-04-01 UTC\nDescription: hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.\nReason: has_two_factor_enabled will be removed.

", "type": { "name": "Boolean", "id": "boolean", @@ -21129,6 +21424,16 @@ "kind": "enums", "href": "/graphql/reference/enums#enterpriseadministratorrole" } + }, + { + "name": "twoFactorMethodSecurity", + "description": "

Only return outside collaborators with this type of two-factor authentication method.

", + "type": { + "name": "TwoFactorCredentialSecurityType", + "id": "twofactorcredentialsecuritytype", + "kind": "enums", + "href": "/graphql/reference/enums#twofactorcredentialsecuritytype" + } } ] }, @@ -22290,7 +22595,7 @@ }, { "name": "hasTwoFactorEnabled", - "description": "

Only return outside collaborators with this two-factor authentication status.

", + "description": "

Only return outside collaborators with this two-factor authentication status.

\n

Upcoming Change on 2025-04-01 UTC\nDescription: hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.\nReason: has_two_factor_enabled will be removed.

", "type": { "name": "Boolean", "id": "boolean", @@ -22348,6 +22653,16 @@ "href": "/graphql/reference/scalars#string" } }, + { + "name": "twoFactorMethodSecurity", + "description": "

Only return outside collaborators with this type of two-factor authentication method.

", + "type": { + "name": "TwoFactorCredentialSecurityType", + "id": "twofactorcredentialsecuritytype", + "kind": "enums", + "href": "/graphql/reference/enums#twofactorcredentialsecuritytype" + } + }, { "name": "visibility", "description": "

Only return outside collaborators on repositories with this visibility.

", @@ -22590,6 +22905,84 @@ } ] }, + { + "name": "repositoryDeployKeySetting", + "description": "

The setting value for whether deploy keys are enabled for repositories in organizations in this enterprise.

", + "type": "EnterpriseEnabledDisabledSettingValue!", + "id": "enterpriseenableddisabledsettingvalue", + "kind": "enums", + "href": "/graphql/reference/enums#enterpriseenableddisabledsettingvalue" + }, + { + "name": "repositoryDeployKeySettingOrganizations", + "description": "

A list of enterprise organizations configured with the provided deploy keys setting value.

", + "type": "OrganizationConnection!", + "id": "organizationconnection", + "kind": "objects", + "href": "/graphql/reference/objects#organizationconnection", + "arguments": [ + { + "name": "after", + "description": "

Returns the elements in the list that come after the specified cursor.

", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "before", + "description": "

Returns the elements in the list that come before the specified cursor.

", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "first", + "description": "

Returns the first n elements from the list.

", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + }, + { + "name": "last", + "description": "

Returns the last n elements from the list.

", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + }, + { + "name": "orderBy", + "description": "

Ordering options for organizations with this setting.

", + "type": { + "name": "OrganizationOrder", + "id": "organizationorder", + "kind": "input-objects", + "href": "/graphql/reference/input-objects#organizationorder" + } + }, + { + "name": "value", + "description": "

The setting value to find organizations for.

", + "type": { + "name": "Boolean!", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + } + } + ] + }, { "name": "repositoryProjectsSetting", "description": "

The setting value for whether repository projects are enabled in this enterprise.

", @@ -22824,6 +23217,14 @@ } ] }, + { + "name": "twoFactorDisallowedMethodsSetting", + "description": "

The setting value for what methods of two-factor authentication the enterprise prevents its users from having.

", + "type": "EnterpriseDisallowedMethodsSettingValue!", + "id": "enterprisedisallowedmethodssettingvalue", + "kind": "enums", + "href": "/graphql/reference/enums#enterprisedisallowedmethodssettingvalue" + }, { "name": "twoFactorRequiredSetting", "description": "

The setting value for whether the enterprise requires two-factor authentication for its organizations and users.

", @@ -24567,7 +24968,7 @@ "kind": "objects", "id": "fileextensionrestrictionparameters", "href": "/graphql/reference/objects#fileextensionrestrictionparameters", - "description": "

Prevent commits that include files with specified file extensions from being\npushed to the commit graph. NOTE: This rule is in beta and subject to change.

", + "description": "

Prevent commits that include files with specified file extensions from being pushed to the commit graph.

", "fields": [ { "name": "restrictedFileExtensions", @@ -24584,7 +24985,7 @@ "kind": "objects", "id": "filepathrestrictionparameters", "href": "/graphql/reference/objects#filepathrestrictionparameters", - "description": "

Prevent commits that include changes in specified file paths from being pushed\nto the commit graph. NOTE: This rule is in beta and subject to change.

", + "description": "

Prevent commits that include changes in specified file paths from being pushed to the commit graph.

", "fields": [ { "name": "restrictedFilePaths", @@ -26696,6 +27097,14 @@ "kind": "scalars", "href": "/graphql/reference/scalars#int" }, + { + "name": "parent", + "description": "

The parent entity of the issue.

", + "type": "Issue", + "id": "issue", + "kind": "objects", + "href": "/graphql/reference/objects#issue" + }, { "name": "participants", "description": "

A list of Users that are participating in the Issue conversation.

", @@ -27086,6 +27495,64 @@ "kind": "enums", "href": "/graphql/reference/enums#issuestatereason" }, + { + "name": "subIssues", + "description": "

A list of sub-issues associated with the Issue.

", + "type": "IssueConnection!", + "id": "issueconnection", + "kind": "objects", + "href": "/graphql/reference/objects#issueconnection", + "arguments": [ + { + "name": "after", + "description": "

Returns the elements in the list that come after the specified cursor.

", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "before", + "description": "

Returns the elements in the list that come before the specified cursor.

", + "type": { + "name": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + }, + { + "name": "first", + "description": "

Returns the first n elements from the list.

", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + }, + { + "name": "last", + "description": "

Returns the last n elements from the list.

", + "type": { + "name": "Int", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + } + ] + }, + { + "name": "subIssuesSummary", + "description": "

Summary of the state of an issue's sub-issues.

", + "type": "SubIssuesSummary!", + "id": "subissuessummary", + "kind": "objects", + "href": "/graphql/reference/objects#subissuessummary" + }, { "name": "timeline", "description": "

A list of events, comments, commits, etc. associated with the issue.

", @@ -29497,7 +29964,7 @@ "kind": "objects", "id": "maxfilepathlengthparameters", "href": "/graphql/reference/objects#maxfilepathlengthparameters", - "description": "

Prevent commits that include file paths that exceed a specified character limit\nfrom being pushed to the commit graph. NOTE: This rule is in beta and subject to change.

", + "description": "

Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.

", "fields": [ { "name": "maxFilePathLength", @@ -29514,7 +29981,7 @@ "kind": "objects", "id": "maxfilesizeparameters", "href": "/graphql/reference/objects#maxfilesizeparameters", - "description": "

Prevent commits that exceed a specified file size limit from being pushed to the\ncommit. NOTE: This rule is in beta and subject to change.

", + "description": "

Prevent commits that exceed a specified file size limit from being pushed to the commit.

", "fields": [ { "name": "maxFileSize", @@ -36978,9 +37445,9 @@ "href": "/graphql/reference/interfaces#actor" }, { - "name": "AnnouncementBanner", - "id": "announcementbanner", - "href": "/graphql/reference/interfaces#announcementbanner" + "name": "AnnouncementBannerI", + "id": "announcementbanneri", + "href": "/graphql/reference/interfaces#announcementbanneri" }, { "name": "MemberStatusable", @@ -38713,6 +39180,17 @@ "kind": "scalars", "href": "/graphql/reference/scalars#int" } + }, + { + "name": "includeParents", + "defaultValue": true, + "description": "

Include rulesets configured at higher levels that apply to this organization.

", + "type": { + "name": "Boolean", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + } } ] }, @@ -38774,6 +39252,16 @@ "kind": "scalars", "href": "/graphql/reference/scalars#int" } + }, + { + "name": "targets", + "description": "

Return rulesets that apply to the specified target.

", + "type": { + "name": "[RepositoryRulesetTarget!]", + "id": "repositoryrulesettarget", + "kind": "enums", + "href": "/graphql/reference/enums#repositoryrulesettarget" + } } ] }, @@ -42651,7 +43139,9 @@ "type": "Int", "id": "int", "kind": "scalars", - "href": "/graphql/reference/scalars#int" + "href": "/graphql/reference/scalars#int", + "isDeprecated": true, + "deprecationReason": "

databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.

" }, { "name": "field", @@ -42733,6 +43223,14 @@ } ] }, + { + "name": "fullDatabaseId", + "description": "

Identifies the primary key from the database as a BigInt.

", + "type": "BigInt", + "id": "bigint", + "kind": "scalars", + "href": "/graphql/reference/scalars#bigint" + }, { "name": "id", "description": "

The Node ID of the ProjectV2 object.

", @@ -43632,7 +44130,9 @@ "type": "Int", "id": "int", "kind": "scalars", - "href": "/graphql/reference/scalars#int" + "href": "/graphql/reference/scalars#int", + "isDeprecated": true, + "deprecationReason": "

databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.

" }, { "name": "fieldValueByName", @@ -45284,7 +45784,17 @@ "type": "Int", "id": "int", "kind": "scalars", - "href": "/graphql/reference/scalars#int" + "href": "/graphql/reference/scalars#int", + "isDeprecated": true, + "deprecationReason": "

databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.

" + }, + { + "name": "fullDatabaseId", + "description": "

Identifies the primary key from the database as a BigInt.

", + "type": "BigInt", + "id": "bigint", + "kind": "scalars", + "href": "/graphql/reference/scalars#bigint" }, { "name": "id", @@ -45430,7 +45940,9 @@ "type": "Int", "id": "int", "kind": "scalars", - "href": "/graphql/reference/scalars#int" + "href": "/graphql/reference/scalars#int", + "isDeprecated": true, + "deprecationReason": "

databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.

" }, { "name": "fields", @@ -45500,6 +46012,14 @@ "kind": "scalars", "href": "/graphql/reference/scalars#string" }, + { + "name": "fullDatabaseId", + "description": "

Identifies the primary key from the database as a BigInt.

", + "type": "BigInt", + "id": "bigint", + "kind": "scalars", + "href": "/graphql/reference/scalars#bigint" + }, { "name": "groupBy", "description": "

The view's group-by field.

", @@ -46052,7 +46572,9 @@ "type": "Int", "id": "int", "kind": "scalars", - "href": "/graphql/reference/scalars#int" + "href": "/graphql/reference/scalars#int", + "isDeprecated": true, + "deprecationReason": "

databaseId will be removed because it does not support 64-bit signed integer identifiers. Use fullDatabaseId instead. Removal on 2025-04-01 UTC.

" }, { "name": "enabled", @@ -46062,6 +46584,14 @@ "kind": "scalars", "href": "/graphql/reference/scalars#boolean" }, + { + "name": "fullDatabaseId", + "description": "

Identifies the primary key from the database as a BigInt.

", + "type": "BigInt", + "id": "bigint", + "kind": "scalars", + "href": "/graphql/reference/scalars#bigint" + }, { "name": "id", "description": "

The Node ID of the ProjectV2Workflow object.

", @@ -59844,6 +60374,16 @@ "kind": "scalars", "href": "/graphql/reference/scalars#int" } + }, + { + "name": "targets", + "description": "

Return rulesets that apply to the specified target.

", + "type": { + "name": "[RepositoryRulesetTarget!]", + "id": "repositoryrulesettarget", + "kind": "enums", + "href": "/graphql/reference/enums#repositoryrulesettarget" + } } ] }, @@ -61413,6 +61953,14 @@ "kind": "scalars", "href": "/graphql/reference/scalars#boolean" }, + { + "name": "enterpriseOwner", + "description": "

This actor represents the ability for an enterprise owner to bypass.

", + "type": "Boolean!", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + }, { "name": "id", "description": "

The Node ID of the RepositoryRulesetBypassActor object.

", @@ -63301,7 +63849,17 @@ "type": "CVSS!", "id": "cvss", "kind": "objects", - "href": "/graphql/reference/objects#cvss" + "href": "/graphql/reference/objects#cvss", + "isDeprecated": true, + "deprecationReason": "

cvss will be removed. New cvss_severities field will now contain both cvss_v3 and cvss_v4 properties. Removal on 2025-10-01 UTC.

" + }, + { + "name": "cvssSeverities", + "description": "

The CVSS associated with this advisory.

", + "type": "CvssSeverities!", + "id": "cvssseverities", + "kind": "objects", + "href": "/graphql/reference/objects#cvssseverities" }, { "name": "cwes", @@ -63369,6 +63927,14 @@ "kind": "scalars", "href": "/graphql/reference/scalars#string" }, + { + "name": "epss", + "description": "

The Exploit Prediction Scoring System.

", + "type": "EPSS", + "id": "epss", + "kind": "objects", + "href": "/graphql/reference/objects#epss" + }, { "name": "ghsaId", "description": "

The GitHub Security Advisory ID.

", @@ -64729,6 +65295,39 @@ } ] }, + { + "name": "SubIssuesSummary", + "kind": "objects", + "id": "subissuessummary", + "href": "/graphql/reference/objects#subissuessummary", + "description": "

Summary of the state of an issue's sub-issues.

", + "fields": [ + { + "name": "completed", + "description": "

Count of completed sub-issues.

", + "type": "Int!", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + }, + { + "name": "percentCompleted", + "description": "

Percent of sub-issues which are completed.

", + "type": "Int!", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + }, + { + "name": "total", + "description": "

Count of total number of sub-issues.

", + "type": "Int!", + "id": "int", + "kind": "scalars", + "href": "/graphql/reference/scalars#int" + } + ] + }, { "name": "Submodule", "kind": "objects", @@ -71895,6 +72494,14 @@ "kind": "scalars", "href": "/graphql/reference/scalars#uri" }, + { + "name": "userViewType", + "description": "

Whether the request returns publicly visible information or privately visible information about the user.

", + "type": "UserViewType!", + "id": "userviewtype", + "kind": "enums", + "href": "/graphql/reference/enums#userviewtype" + }, { "name": "viewerCanChangePinnedItems", "description": "

Can the viewer pin repositories and gists to the profile?.

", @@ -73692,10 +74299,10 @@ ] }, { - "name": "AnnouncementBanner", + "name": "AnnouncementBannerI", "kind": "interfaces", - "id": "announcementbanner", - "href": "/graphql/reference/interfaces#announcementbanner", + "id": "announcementbanneri", + "href": "/graphql/reference/interfaces#announcementbanneri", "description": "

Represents an announcement banner.

", "fields": [ { @@ -77532,6 +78139,23 @@ } ] }, + { + "name": "EnterpriseDisallowedMethodsSettingValue", + "kind": "enums", + "id": "enterprisedisallowedmethodssettingvalue", + "href": "/graphql/reference/enums#enterprisedisallowedmethodssettingvalue", + "description": "

The possible values for an enabled/no policy enterprise setting.

", + "values": [ + { + "name": "INSECURE", + "description": "

The setting prevents insecure 2FA methods from being used by members of the enterprise.

" + }, + { + "name": "NO_POLICY", + "description": "

There is no policy set for preventing insecure 2FA methods from being used by members of the enterprise.

" + } + ] + }, { "name": "EnterpriseEnabledDisabledSettingValue", "kind": "enums", @@ -78047,6 +78671,10 @@ "name": "COMPLETED", "description": "

An issue that has been closed as completed.

" }, + { + "name": "DUPLICATE", + "description": "

An issue that has been closed as a duplicate.

" + }, { "name": "NOT_PLANNED", "description": "

An issue that has been closed as not planned.

" @@ -78115,6 +78743,10 @@ "name": "COMPLETED", "description": "

An issue that has been closed as completed.

" }, + { + "name": "DUPLICATE", + "description": "

An issue that has been closed as a duplicate.

" + }, { "name": "NOT_PLANNED", "description": "

An issue that has been closed as not planned.

" @@ -80853,11 +81485,11 @@ }, { "name": "FILE_EXTENSION_RESTRICTION", - "description": "

Prevent commits that include files with specified file extensions from being\npushed to the commit graph. NOTE: This rule is in beta and subject to change.

" + "description": "

Prevent commits that include files with specified file extensions from being pushed to the commit graph.

" }, { "name": "FILE_PATH_RESTRICTION", - "description": "

Prevent commits that include changes in specified file paths from being pushed\nto the commit graph. NOTE: This rule is in beta and subject to change.

" + "description": "

Prevent commits that include changes in specified file paths from being pushed to the commit graph.

" }, { "name": "LOCK_BRANCH", @@ -80865,11 +81497,11 @@ }, { "name": "MAX_FILE_PATH_LENGTH", - "description": "

Prevent commits that include file paths that exceed a specified character\nlimit from being pushed to the commit graph. NOTE: This rule is in beta and\nsubject to change.

" + "description": "

Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.

" }, { "name": "MAX_FILE_SIZE", - "description": "

Prevent commits that exceed a specified file size limit from being pushed to\nthe commit. NOTE: This rule is in beta and subject to change.

" + "description": "

Prevent commits that exceed a specified file size limit from being pushed to the commit.

" }, { "name": "MAX_REF_UPDATES", @@ -80963,7 +81595,7 @@ "kind": "enums", "id": "repositoryrulesettarget", "href": "/graphql/reference/enums#repositoryrulesettarget", - "description": "

The targets supported for rulesets. NOTE: The push target is in beta and subject to change.

", + "description": "

The targets supported for rulesets.

", "values": [ { "name": "BRANCH", @@ -81307,6 +81939,10 @@ "href": "/graphql/reference/enums#socialaccountprovider", "description": "

Software or company that hosts social media accounts.

", "values": [ + { + "name": "BLUESKY", + "description": "

Decentralized microblogging social platform.

" + }, { "name": "FACEBOOK", "description": "

Social media and networking website.

" @@ -81715,6 +82351,27 @@ } ] }, + { + "name": "TwoFactorCredentialSecurityType", + "kind": "enums", + "id": "twofactorcredentialsecuritytype", + "href": "/graphql/reference/enums#twofactorcredentialsecuritytype", + "description": "

Filters by whether or not 2FA is enabled and if the method configured is considered secure or insecure.

", + "values": [ + { + "name": "DISABLED", + "description": "

No method of two-factor authentication.

" + }, + { + "name": "INSECURE", + "description": "

Has an insecure method of two-factor authentication. GitHub currently defines this as SMS two-factor authentication.

" + }, + { + "name": "SECURE", + "description": "

Has only secure methods of two-factor authentication.

" + } + ] + }, { "name": "UserBlockDuration", "kind": "enums", @@ -81757,6 +82414,23 @@ } ] }, + { + "name": "UserViewType", + "kind": "enums", + "id": "userviewtype", + "href": "/graphql/reference/enums#userviewtype", + "description": "

Whether a user being viewed contains public or private information.

", + "values": [ + { + "name": "PRIVATE", + "description": "

A user containing information only visible to the authenticated user.

" + }, + { + "name": "PUBLIC", + "description": "

A user that is publicly visible.

" + } + ] + }, { "name": "VerifiableDomainOrderField", "kind": "enums", @@ -83640,6 +84314,11 @@ "href": "/graphql/reference/unions#rulesource", "description": "

Types which can have RepositoryRule objects.

", "possibleTypes": [ + { + "name": "Enterprise", + "id": "enterprise", + "href": "/graphql/reference/objects#enterprise" + }, { "name": "Organization", "id": "organization", @@ -84559,6 +85238,57 @@ } ] }, + { + "name": "AddSubIssueInput", + "kind": "inputObjects", + "id": "addsubissueinput", + "href": "/graphql/reference/input-objects#addsubissueinput", + "description": "

Autogenerated input type of AddSubIssue.

", + "inputFields": [ + { + "name": "clientMutationId", + "description": "

A unique identifier for the client performing the mutation.

", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "issueId", + "description": "

The id of the issue.

", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "replaceParent", + "description": "

Option to replace parent issue if one already exists.

", + "type": "Boolean", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + }, + { + "name": "subIssueId", + "description": "

The id of the sub-issue.

", + "type": "ID", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "subIssueUrl", + "description": "

The url of the sub-issue.

", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + } + ] + }, { "name": "AddUpvoteInput", "kind": "inputObjects", @@ -86834,6 +87564,15 @@ "href": "/graphql/reference/scalars#id", "isDeprecated": false }, + { + "name": "parentIssueId", + "description": "

The Node ID of the parent issue to add this new issue to.

", + "type": "ID", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, { "name": "projectIds", "description": "

An array of Node IDs for projects associated with this issue.

", @@ -89039,7 +89778,7 @@ "kind": "inputObjects", "id": "fileextensionrestrictionparametersinput", "href": "/graphql/reference/input-objects#fileextensionrestrictionparametersinput", - "description": "

Prevent commits that include files with specified file extensions from being\npushed to the commit graph. NOTE: This rule is in beta and subject to change.

", + "description": "

Prevent commits that include files with specified file extensions from being pushed to the commit graph.

", "inputFields": [ { "name": "restrictedFileExtensions", @@ -89056,7 +89795,7 @@ "kind": "inputObjects", "id": "filepathrestrictionparametersinput", "href": "/graphql/reference/input-objects#filepathrestrictionparametersinput", - "description": "

Prevent commits that include changes in specified file paths from being pushed\nto the commit graph. NOTE: This rule is in beta and subject to change.

", + "description": "

Prevent commits that include changes in specified file paths from being pushed to the commit graph.

", "inputFields": [ { "name": "restrictedFilePaths", @@ -89791,7 +90530,7 @@ "kind": "inputObjects", "id": "maxfilepathlengthparametersinput", "href": "/graphql/reference/input-objects#maxfilepathlengthparametersinput", - "description": "

Prevent commits that include file paths that exceed a specified character limit\nfrom being pushed to the commit graph. NOTE: This rule is in beta and subject to change.

", + "description": "

Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.

", "inputFields": [ { "name": "maxFilePathLength", @@ -89808,7 +90547,7 @@ "kind": "inputObjects", "id": "maxfilesizeparametersinput", "href": "/graphql/reference/input-objects#maxfilesizeparametersinput", - "description": "

Prevent commits that exceed a specified file size limit from being pushed to the\ncommit. NOTE: This rule is in beta and subject to change.

", + "description": "

Prevent commits that exceed a specified file size limit from being pushed to the commit.

", "inputFields": [ { "name": "maxFileSize", @@ -91256,6 +91995,41 @@ } ] }, + { + "name": "RemoveSubIssueInput", + "kind": "inputObjects", + "id": "removesubissueinput", + "href": "/graphql/reference/input-objects#removesubissueinput", + "description": "

Autogenerated input type of RemoveSubIssue.

", + "inputFields": [ + { + "name": "clientMutationId", + "description": "

A unique identifier for the client performing the mutation.

", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "issueId", + "description": "

The id of the issue.

", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "subIssueId", + "description": "

The id of the sub-issue.

", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + } + ] + }, { "name": "RemoveUpvoteInput", "kind": "inputObjects", @@ -91675,6 +92449,14 @@ "kind": "scalars", "href": "/graphql/reference/scalars#boolean" }, + { + "name": "enterpriseOwner", + "description": "

For enterprise owner bypasses, true.

", + "type": "Boolean", + "id": "boolean", + "kind": "scalars", + "href": "/graphql/reference/scalars#boolean" + }, { "name": "organizationAdmin", "description": "

For organization owner bypasses, true.

", @@ -91693,6 +92475,59 @@ } ] }, + { + "name": "ReprioritizeSubIssueInput", + "kind": "inputObjects", + "id": "reprioritizesubissueinput", + "href": "/graphql/reference/input-objects#reprioritizesubissueinput", + "description": "

Autogenerated input type of ReprioritizeSubIssue.

", + "inputFields": [ + { + "name": "afterId", + "description": "

The id of the sub-issue to be prioritized after (either positional argument after OR before should be specified).

", + "type": "ID", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "beforeId", + "description": "

The id of the sub-issue to be prioritized before (either positional argument after OR before should be specified).

", + "type": "ID", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "clientMutationId", + "description": "

A unique identifier for the client performing the mutation.

", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "issueId", + "description": "

The id of the parent issue.

", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "subIssueId", + "description": "

The id of the sub-issue to reprioritize.

", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + } + ] + }, { "name": "RequestReviewsInput", "kind": "inputObjects", @@ -93658,6 +94493,40 @@ } ] }, + { + "name": "UpdateEnterpriseDeployKeySettingInput", + "kind": "inputObjects", + "id": "updateenterprisedeploykeysettinginput", + "href": "/graphql/reference/input-objects#updateenterprisedeploykeysettinginput", + "description": "

Autogenerated input type of UpdateEnterpriseDeployKeySetting.

", + "inputFields": [ + { + "name": "clientMutationId", + "description": "

A unique identifier for the client performing the mutation.

", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "enterpriseId", + "description": "

The ID of the enterprise on which to set the deploy key setting.

", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "settingValue", + "description": "

The value for the deploy key setting on the enterprise.

", + "type": "EnterpriseEnabledDisabledSettingValue!", + "id": "enterpriseenableddisabledsettingvalue", + "kind": "enums", + "href": "/graphql/reference/enums#enterpriseenableddisabledsettingvalue" + } + ] + }, { "name": "UpdateEnterpriseMembersCanChangeRepositoryVisibilitySettingInput", "kind": "inputObjects", @@ -94165,6 +95034,40 @@ } ] }, + { + "name": "UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSettingInput", + "kind": "inputObjects", + "id": "updateenterprisetwofactorauthenticationdisallowedmethodssettinginput", + "href": "/graphql/reference/input-objects#updateenterprisetwofactorauthenticationdisallowedmethodssettinginput", + "description": "

Autogenerated input type of UpdateEnterpriseTwoFactorAuthenticationDisallowedMethodsSetting.

", + "inputFields": [ + { + "name": "clientMutationId", + "description": "

A unique identifier for the client performing the mutation.

", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, + { + "name": "enterpriseId", + "description": "

The ID of the enterprise on which to set the two-factor authentication disallowed methods setting.

", + "type": "ID!", + "id": "id", + "kind": "scalars", + "href": "/graphql/reference/scalars#id", + "isDeprecated": false + }, + { + "name": "settingValue", + "description": "

The value for the two-factor authentication disallowed methods setting on the enterprise.

", + "type": "EnterpriseDisallowedMethodsSettingValue!", + "id": "enterprisedisallowedmethodssettingvalue", + "kind": "enums", + "href": "/graphql/reference/enums#enterprisedisallowedmethodssettingvalue" + } + ] + }, { "name": "UpdateEnterpriseTwoFactorAuthenticationRequiredSettingInput", "kind": "inputObjects", diff --git a/src/graphql/data/ghes-3.16/upcoming-changes.json b/src/graphql/data/ghes-3.16/upcoming-changes.json index cf462ccc12cf..cfd1d04af8ca 100644 --- a/src/graphql/data/ghes-3.16/upcoming-changes.json +++ b/src/graphql/data/ghes-3.16/upcoming-changes.json @@ -1,4 +1,80 @@ { + "2025-10-01": [ + { + "location": "SecurityAdvisory.cvss", + "description": "

cvss will be removed. New cvss_severities field will now contain both cvss_v3 and cvss_v4 properties.

", + "reason": "

cvss will be removed.

", + "date": "2025-10-01", + "criticality": "breaking", + "owner": "github/advisory-database" + } + ], + "2025-04-01": [ + { + "location": "ProjectV2Workflow.databaseId", + "description": "

databaseId will be removed. Use fullDatabaseId instead.

", + "reason": "

databaseId will be removed because it does not support 64-bit signed integer identifiers.

", + "date": "2025-04-01", + "criticality": "breaking", + "owner": "dewski" + }, + { + "location": "ProjectV2View.databaseId", + "description": "

databaseId will be removed. Use fullDatabaseId instead.

", + "reason": "

databaseId will be removed because it does not support 64-bit signed integer identifiers.

", + "date": "2025-04-01", + "criticality": "breaking", + "owner": "dewski" + }, + { + "location": "ProjectV2StatusUpdate.databaseId", + "description": "

databaseId will be removed. Use fullDatabaseId instead.

", + "reason": "

databaseId will be removed because it does not support 64-bit signed integer identifiers.

", + "date": "2025-04-01", + "criticality": "breaking", + "owner": "dewski" + }, + { + "location": "ProjectV2Item.databaseId", + "description": "

databaseId will be removed. Use fullDatabaseId instead.

", + "reason": "

databaseId will be removed because it does not support 64-bit signed integer identifiers.

", + "date": "2025-04-01", + "criticality": "breaking", + "owner": "dewski" + }, + { + "location": "ProjectV2.databaseId", + "description": "

databaseId will be removed. Use fullDatabaseId instead.

", + "reason": "

databaseId will be removed because it does not support 64-bit signed integer identifiers.

", + "date": "2025-04-01", + "criticality": "breaking", + "owner": "dewski" + }, + { + "location": "EnterpriseOwnerInfo.outsideCollaborators.hasTwoFactorEnabled", + "description": "

hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.

", + "reason": "

has_two_factor_enabled will be removed.

", + "date": "2025-04-01", + "criticality": "breaking", + "owner": "authentication" + }, + { + "location": "EnterpriseOwnerInfo.admins.hasTwoFactorEnabled", + "description": "

hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.

", + "reason": "

has_two_factor_enabled will be removed.

", + "date": "2025-04-01", + "criticality": "breaking", + "owner": "authentication" + }, + { + "location": "Enterprise.members.hasTwoFactorEnabled", + "description": "

hasTwoFactorEnabled will be removed. Use two_factor_method_security instead.

", + "reason": "

has_two_factor_enabled will be removed.

", + "date": "2025-04-01", + "criticality": "breaking", + "owner": "authentication" + } + ], "2025-01-01": [ { "location": "AddMobileDevicePublicKeyPayload.expiresAt", diff --git a/src/rest/data/fpt-2022-11-28/schema.json b/src/rest/data/fpt-2022-11-28/schema.json index 842d20d21da1..ebd17d418f1b 100644 --- a/src/rest/data/fpt-2022-11-28/schema.json +++ b/src/rest/data/fpt-2022-11-28/schema.json @@ -159146,7 +159146,7 @@ } ], "previews": [], - "descriptionHTML": "

Commits an autofix for a code scanning alert.

\n

If an autofix is commited as a result of this request, then this endpoint will return a 201 Created response.

\n

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with private or public repositories, or the public_repo scope to use this endpoint with only public repositories.

", + "descriptionHTML": "

Commits an autofix for a code scanning alert.

\n

If an autofix is committed as a result of this request, then this endpoint will return a 201 Created response.

\n

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with private or public repositories, or the public_repo scope to use this endpoint with only public repositories.

", "statusCodes": [ { "httpStatusCode": "201", @@ -168257,6 +168257,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -168776,6 +168785,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -169159,6 +169177,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -169479,6 +169506,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -169993,6 +170029,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -170534,6 +170579,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -171464,6 +171518,7 @@ }, "secret_scanning_validity_checks": "enabled", "secret_scanning_non_provider_patterns": "enabled", + "secret_scanning_delegated_alert_dismissal": "not_set", "private_vulnerability_reporting": "enabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/17", @@ -171490,6 +171545,7 @@ "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", + "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "enabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1326", @@ -171693,6 +171749,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -171983,6 +172048,17 @@ ], "default": "disabled" }, + { + "type": "string", + "name": "secret_scanning_delegated_alert_dismissal", + "in": "body", + "description": "

The enablement status of secret scanning delegated alert dismissal

", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, { "type": "string", "name": "private_vulnerability_reporting", @@ -172263,6 +172339,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -172638,6 +172723,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -173062,6 +173156,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -173350,6 +173453,17 @@ "not_set" ] }, + { + "type": "string", + "name": "secret_scanning_delegated_alert_dismissal", + "in": "body", + "description": "

The enablement status of secret scanning delegated alert dismissal

", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, { "type": "string", "name": "private_vulnerability_reporting", @@ -173626,6 +173740,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -174168,6 +174291,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -175062,6 +175194,7 @@ "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", + "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "disabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325", @@ -175281,6 +175414,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -384929,7 +385071,7 @@ } ], "previews": [], - "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, and outside collaborators to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub plan, GitHub Apps need the Organization plan permission.

", + "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, outside collaborators, guest collaborators, repository collaborators, or everyone with access to any repository within the organization to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub plan, GitHub Apps need the Organization plan permission.

", "statusCodes": [ { "httpStatusCode": "200", diff --git a/src/rest/data/ghec-2022-11-28/schema.json b/src/rest/data/ghec-2022-11-28/schema.json index bc0f0640e78e..102e3d326078 100644 --- a/src/rest/data/ghec-2022-11-28/schema.json +++ b/src/rest/data/ghec-2022-11-28/schema.json @@ -170265,7 +170265,7 @@ } ], "previews": [], - "descriptionHTML": "

Commits an autofix for a code scanning alert.

\n

If an autofix is commited as a result of this request, then this endpoint will return a 201 Created response.

\n

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with private or public repositories, or the public_repo scope to use this endpoint with only public repositories.

", + "descriptionHTML": "

Commits an autofix for a code scanning alert.

\n

If an autofix is committed as a result of this request, then this endpoint will return a 201 Created response.

\n

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with private or public repositories, or the public_repo scope to use this endpoint with only public repositories.

", "statusCodes": [ { "httpStatusCode": "201", @@ -179376,6 +179376,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -179895,6 +179904,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -180278,6 +180296,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -180598,6 +180625,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -181112,6 +181148,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -181653,6 +181698,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -182583,6 +182637,7 @@ }, "secret_scanning_validity_checks": "enabled", "secret_scanning_non_provider_patterns": "enabled", + "secret_scanning_delegated_alert_dismissal": "not_set", "private_vulnerability_reporting": "enabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/17", @@ -182609,6 +182664,7 @@ "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", + "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "enabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1326", @@ -182812,6 +182868,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -183102,6 +183167,17 @@ ], "default": "disabled" }, + { + "type": "string", + "name": "secret_scanning_delegated_alert_dismissal", + "in": "body", + "description": "

The enablement status of secret scanning delegated alert dismissal

", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, { "type": "string", "name": "private_vulnerability_reporting", @@ -183382,6 +183458,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -183757,6 +183842,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -184181,6 +184275,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -184469,6 +184572,17 @@ "not_set" ] }, + { + "type": "string", + "name": "secret_scanning_delegated_alert_dismissal", + "in": "body", + "description": "

The enablement status of secret scanning delegated alert dismissal

", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, { "type": "string", "name": "private_vulnerability_reporting", @@ -184745,6 +184859,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -185287,6 +185410,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -186181,6 +186313,7 @@ "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", + "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "disabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325", @@ -186400,6 +186533,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", @@ -280211,9 +280353,9 @@ }, { "serverUrl": "https://api.github.com", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/properties/schema/{custom_property_name}", - "title": "Get a custom property for an enterprise", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/properties/schema/organizations/{org}/{custom_property_name}/promote", + "title": "Promote a custom property to an enterprise", "category": "enterprise-admin", "subcategory": "custom-properties", "parameters": [ @@ -280227,186 +280369,8 @@ } }, { - "name": "custom_property_name", - "description": "

The custom property name

", - "in": "path", - "required": true, - "schema": { - "type": "string" - } - } - ], - "bodyParameters": [], - "progAccess": { - "userToServerRest": true, - "serverToServer": true, - "fineGrainedPat": true, - "permissions": [ - { - "\"Custom properties\" business permissions": "read" - } - ] - }, - "codeExamples": [ - { - "key": "default", - "request": { - "description": "Example", - "acceptHeader": "application/vnd.github.v3+json", - "parameters": { - "enterprise": "ENTERPRISE", - "custom_property_name": "CUSTOM_PROPERTY_NAME" - } - }, - "response": { - "statusCode": "200", - "contentType": "application/json", - "description": "

Response

", - "example": { - "property_name": "environment", - "url": "https://api.github.com/orgs/github/properties/schema/environment", - "source_type": "organization", - "value_type": "single_select", - "required": true, - "default_value": "production", - "description": "Prod or dev environment", - "allowed_values": [ - "production", - "development" - ] - }, - "schema": { - "title": "Organization Custom Property", - "description": "Custom property defined on an organization", - "type": "object", - "properties": { - "property_name": { - "type": "string", - "description": "The name of the property" - }, - "url": { - "type": "string", - "format": "uri", - "description": "The URL that can be used to fetch, update, or delete info about this property via the API." - }, - "source_type": { - "type": "string", - "description": "The source type of the property", - "enum": [ - "organization", - "enterprise" - ], - "examples": [ - "organization" - ] - }, - "value_type": { - "type": "string", - "enum": [ - "string", - "single_select", - "multi_select", - "true_false" - ], - "description": "The type of the value for the property", - "examples": [ - "single_select" - ] - }, - "required": { - "type": "boolean", - "description": "Whether the property is required." - }, - "default_value": { - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ], - "description": "Default value of the property", - "type": [ - "null", - "string", - "array" - ] - }, - "description": { - "type": [ - "string", - "null" - ], - "description": "Short description of the property" - }, - "allowed_values": { - "type": [ - "array", - "null" - ], - "items": { - "type": "string", - "maxLength": 75 - }, - "maxItems": 200, - "description": "An ordered list of the allowed values of the property.\nThe property can have up to 200 allowed values." - }, - "values_editable_by": { - "type": [ - "string", - "null" - ], - "enum": [ - "org_actors", - "org_and_repo_actors", - null - ], - "description": "Who can edit the values of the property", - "examples": [ - "org_actors" - ] - } - }, - "required": [ - "property_name", - "value_type" - ] - } - } - } - ], - "previews": [], - "descriptionHTML": "

Note

\n

\nThis endpoint is in public preview and is subject to change.

\n
\n

Gets a custom property that is defined for an enterprise.\nEnterprise members can read these properties.

", - "statusCodes": [ - { - "httpStatusCode": "200", - "description": "

OK

" - }, - { - "httpStatusCode": "403", - "description": "

Forbidden

" - }, - { - "httpStatusCode": "404", - "description": "

Resource not found

" - } - ] - }, - { - "serverUrl": "https://api.github.com", - "verb": "put", - "requestPath": "/enterprises/{enterprise}/properties/schema/{custom_property_name}", - "title": "Create or update a custom property for an enterprise", - "category": "enterprise-admin", - "subcategory": "custom-properties", - "parameters": [ - { - "name": "enterprise", - "description": "

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

", + "name": "org", + "description": "

The organization name. The name is not case sensitive.

", "in": "path", "required": true, "schema": { @@ -280423,45 +280387,7 @@ } } ], - "bodyParameters": [ - { - "type": "string", - "name": "value_type", - "in": "body", - "description": "

The type of the value for the property

", - "isRequired": true, - "enum": [ - "string", - "single_select", - "multi_select", - "true_false" - ] - }, - { - "type": "boolean", - "name": "required", - "in": "body", - "description": "

Whether the property is required.

" - }, - { - "type": "null or string or array", - "name": "default_value", - "in": "body", - "description": "

Default value of the property

" - }, - { - "type": "string or null", - "name": "description", - "in": "body", - "description": "

Short description of the property

" - }, - { - "type": "array of strings or null", - "name": "allowed_values", - "in": "body", - "description": "

An ordered list of the allowed values of the property.\nThe property can have up to 200 allowed values.

" - } - ], + "bodyParameters": [], "progAccess": { "userToServerRest": true, "serverToServer": true, @@ -280476,19 +280402,432 @@ { "key": "default", "request": { - "contentType": "application/json", "description": "Example", "acceptHeader": "application/vnd.github.v3+json", - "bodyParameters": { - "value_type": "single_select", - "required": true, - "default_value": "production", - "description": "Prod or dev environment", - "allowed_values": [ - "production", - "development" - ] - }, + "parameters": { + "enterprise": "ENTERPRISE", + "org": "ORG", + "custom_property_name": "CUSTOM_PROPERTY_NAME" + } + }, + "response": { + "statusCode": "200", + "contentType": "application/json", + "description": "

Response

", + "example": { + "property_name": "environment", + "url": "https://api.github.com/orgs/github/properties/schema/environment", + "source_type": "organization", + "value_type": "single_select", + "required": true, + "default_value": "production", + "description": "Prod or dev environment", + "allowed_values": [ + "production", + "development" + ] + }, + "schema": { + "title": "Organization Custom Property", + "description": "Custom property defined on an organization", + "type": "object", + "properties": { + "property_name": { + "type": "string", + "description": "The name of the property" + }, + "url": { + "type": "string", + "format": "uri", + "description": "The URL that can be used to fetch, update, or delete info about this property via the API." + }, + "source_type": { + "type": "string", + "description": "The source type of the property", + "enum": [ + "organization", + "enterprise" + ], + "examples": [ + "organization" + ] + }, + "value_type": { + "type": "string", + "enum": [ + "string", + "single_select", + "multi_select", + "true_false" + ], + "description": "The type of the value for the property", + "examples": [ + "single_select" + ] + }, + "required": { + "type": "boolean", + "description": "Whether the property is required." + }, + "default_value": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ], + "description": "Default value of the property", + "type": [ + "null", + "string", + "array" + ] + }, + "description": { + "type": [ + "string", + "null" + ], + "description": "Short description of the property" + }, + "allowed_values": { + "type": [ + "array", + "null" + ], + "items": { + "type": "string", + "maxLength": 75 + }, + "maxItems": 200, + "description": "An ordered list of the allowed values of the property.\nThe property can have up to 200 allowed values." + }, + "values_editable_by": { + "type": [ + "string", + "null" + ], + "enum": [ + "org_actors", + "org_and_repo_actors", + null + ], + "description": "Who can edit the values of the property", + "examples": [ + "org_actors" + ] + } + }, + "required": [ + "property_name", + "value_type" + ] + } + } + } + ], + "previews": [], + "descriptionHTML": "

Note

\n

\nThis endpoint is in public preview and is subject to change.

\n
\n

Promotes an existing organization custom property to an enterprise.

\n

To use this endpoint, the authenticated user must be an administrator for the enterprise.

", + "statusCodes": [ + { + "httpStatusCode": "200", + "description": "

OK

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + } + ] + }, + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/enterprises/{enterprise}/properties/schema/{custom_property_name}", + "title": "Get a custom property for an enterprise", + "category": "enterprise-admin", + "subcategory": "custom-properties", + "parameters": [ + { + "name": "enterprise", + "description": "

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "custom_property_name", + "description": "

The custom property name

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "bodyParameters": [], + "progAccess": { + "userToServerRest": true, + "serverToServer": true, + "fineGrainedPat": true, + "permissions": [ + { + "\"Custom properties\" business permissions": "read" + } + ] + }, + "codeExamples": [ + { + "key": "default", + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "enterprise": "ENTERPRISE", + "custom_property_name": "CUSTOM_PROPERTY_NAME" + } + }, + "response": { + "statusCode": "200", + "contentType": "application/json", + "description": "

Response

", + "example": { + "property_name": "environment", + "url": "https://api.github.com/orgs/github/properties/schema/environment", + "source_type": "organization", + "value_type": "single_select", + "required": true, + "default_value": "production", + "description": "Prod or dev environment", + "allowed_values": [ + "production", + "development" + ] + }, + "schema": { + "title": "Organization Custom Property", + "description": "Custom property defined on an organization", + "type": "object", + "properties": { + "property_name": { + "type": "string", + "description": "The name of the property" + }, + "url": { + "type": "string", + "format": "uri", + "description": "The URL that can be used to fetch, update, or delete info about this property via the API." + }, + "source_type": { + "type": "string", + "description": "The source type of the property", + "enum": [ + "organization", + "enterprise" + ], + "examples": [ + "organization" + ] + }, + "value_type": { + "type": "string", + "enum": [ + "string", + "single_select", + "multi_select", + "true_false" + ], + "description": "The type of the value for the property", + "examples": [ + "single_select" + ] + }, + "required": { + "type": "boolean", + "description": "Whether the property is required." + }, + "default_value": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ], + "description": "Default value of the property", + "type": [ + "null", + "string", + "array" + ] + }, + "description": { + "type": [ + "string", + "null" + ], + "description": "Short description of the property" + }, + "allowed_values": { + "type": [ + "array", + "null" + ], + "items": { + "type": "string", + "maxLength": 75 + }, + "maxItems": 200, + "description": "An ordered list of the allowed values of the property.\nThe property can have up to 200 allowed values." + }, + "values_editable_by": { + "type": [ + "string", + "null" + ], + "enum": [ + "org_actors", + "org_and_repo_actors", + null + ], + "description": "Who can edit the values of the property", + "examples": [ + "org_actors" + ] + } + }, + "required": [ + "property_name", + "value_type" + ] + } + } + } + ], + "previews": [], + "descriptionHTML": "

Note

\n

\nThis endpoint is in public preview and is subject to change.

\n
\n

Gets a custom property that is defined for an enterprise.\nEnterprise members can read these properties.

", + "statusCodes": [ + { + "httpStatusCode": "200", + "description": "

OK

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + } + ] + }, + { + "serverUrl": "https://api.github.com", + "verb": "put", + "requestPath": "/enterprises/{enterprise}/properties/schema/{custom_property_name}", + "title": "Create or update a custom property for an enterprise", + "category": "enterprise-admin", + "subcategory": "custom-properties", + "parameters": [ + { + "name": "enterprise", + "description": "

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "custom_property_name", + "description": "

The custom property name

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "bodyParameters": [ + { + "type": "string", + "name": "value_type", + "in": "body", + "description": "

The type of the value for the property

", + "isRequired": true, + "enum": [ + "string", + "single_select", + "multi_select", + "true_false" + ] + }, + { + "type": "boolean", + "name": "required", + "in": "body", + "description": "

Whether the property is required.

" + }, + { + "type": "null or string or array", + "name": "default_value", + "in": "body", + "description": "

Default value of the property

" + }, + { + "type": "string or null", + "name": "description", + "in": "body", + "description": "

Short description of the property

" + }, + { + "type": "array of strings or null", + "name": "allowed_values", + "in": "body", + "description": "

An ordered list of the allowed values of the property.\nThe property can have up to 200 allowed values.

" + } + ], + "progAccess": { + "userToServerRest": true, + "serverToServer": true, + "fineGrainedPat": true, + "permissions": [ + { + "\"Custom properties\" business permissions": "write" + } + ] + }, + "codeExamples": [ + { + "key": "default", + "request": { + "contentType": "application/json", + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "bodyParameters": { + "value_type": "single_select", + "required": true, + "default_value": "production", + "description": "Prod or dev environment", + "allowed_values": [ + "production", + "development" + ] + }, "parameters": { "enterprise": "ENTERPRISE", "custom_property_name": "CUSTOM_PROPERTY_NAME" @@ -417500,7 +417839,7 @@ } ], "previews": [], - "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, and outside collaborators to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub Enterprise Cloud plan, GitHub Apps need the Organization plan permission.

", + "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, outside collaborators, guest collaborators, repository collaborators, or everyone with access to any repository within the organization to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub Enterprise Cloud plan, GitHub Apps need the Organization plan permission.

", "statusCodes": [ { "httpStatusCode": "200", @@ -603125,6 +603464,1418 @@ } ] } + ], + "delegated-bypass": [ + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/orgs/{org}/bypass-requests/secret-scanning", + "title": "List bypass requests for secret scanning for an org", + "category": "secret-scanning", + "subcategory": "delegated-bypass", + "parameters": [ + { + "name": "org", + "description": "

The organization name. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repository_name", + "description": "

The name of the repository to filter on.

", + "in": "query", + "schema": { + "type": "string" + } + }, + { + "name": "reviewer", + "description": "

Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.

", + "in": "query", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "requester", + "description": "

Filter bypass requests by the handle of the GitHub user who requested the bypass.

", + "in": "query", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "time_period", + "description": "

The time period to filter by.

\n

For example, day will filter for rule suites that occurred in the past 24 hours, and week will filter for insights that occurred in the past 7 days (168 hours).

", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "hour", + "day", + "week", + "month" + ], + "default": "day" + } + }, + { + "name": "request_status", + "description": "

The status of the bypass request to filter on. When specified, only requests with this status will be returned.

", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "completed", + "cancelled", + "expired", + "denied", + "open", + "all" + ], + "default": "all" + } + }, + { + "name": "per_page", + "description": "

The number of results per page (max 100). For more information, see \"Using pagination in the REST API.\"

", + "in": "query", + "schema": { + "type": "integer", + "default": 30 + } + }, + { + "name": "page", + "description": "

The page number of the results to fetch. For more information, see \"Using pagination in the REST API.\"

", + "in": "query", + "schema": { + "type": "integer", + "default": 1 + } + } + ], + "bodyParameters": [], + "progAccess": { + "userToServerRest": true, + "serverToServer": false, + "fineGrainedPat": true, + "permissions": [ + { + "\"Secret scanning alerts\" repository permissions": "read" + } + ] + }, + "codeExamples": [ + { + "key": "default", + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "org": "ORG" + } + }, + "response": { + "statusCode": "200", + "contentType": "application/json", + "description": "

Response

", + "example": [ + { + "id": 21, + "number": 42, + "repository": { + "id": 1, + "name": "smile", + "full_name": "octo-org/smile" + }, + "organization": { + "id": 1, + "name": "octo-org" + }, + "requester": { + "actor_id": 12, + "actor_name": "monalisa" + }, + "request_type": "secret_scanning", + "data": [ + { + "secret_type": "adafruit_io_key", + "bypass_reason": "used_in_tests", + "path": "/tests/README.md:16:0", + "branch": "refs/heads/main" + } + ], + "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132", + "status": "denied", + "requester_comment": "Test token used in the readme as an example", + "expires_at": "2024-07-08T08:43:03Z", + "created_at": "2024-07-01T08:43:03Z", + "responses": [ + { + "id": 42, + "reviewer": { + "actor_id": 4, + "actor_name": "octocat" + }, + "status": "denied", + "created_at": "2024-07-02T08:43:04Z" + } + ], + "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/1", + "html_url": "https://github.com/octo-org/smile/exemptions/1" + }, + { + "id": 12, + "number": 24, + "repository": { + "id": 1, + "name": "smile", + "full_name": "octo-org/smile" + }, + "organization": { + "id": 1, + "name": "octo-org" + }, + "requester": { + "actor_id": 12, + "actor_name": "monalisa" + }, + "request_type": "secret_scanning", + "data": [ + { + "secret_type": "adafruit_io_key", + "bypass_reason": "fix_later", + "path": "README.md:17:0", + "branch": "refs/heads/my-branch" + } + ], + "resource_identifier": "827efc6d56897b048c772eb4087f854f46255555", + "status": "denied", + "requester_comment": "Token is already revoked, I'll remove it later", + "expires_at": "2024-07-08T07:43:03Z", + "created_at": "2024-07-01T07:43:03Z", + "responses": [ + { + "id": 42, + "reviewer": { + "actor_id": 4, + "actor_name": "octocat" + }, + "status": "denied", + "created_at": "2024-07-02T08:43:04Z" + } + ], + "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/2", + "html_url": "https://github.com/octo-org/smile/exemptions/2" + } + ], + "schema": { + "type": "array", + "items": { + "title": "Secret scanning bypass request", + "description": "A bypass request made by a user asking to be exempted from push protection in this repository.", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "The unique identifier of the bypass request." + }, + "number": { + "type": "integer", + "description": "The number uniquely identifying the bypass request within its repository." + }, + "repository": { + "type": "object", + "description": "The repository the bypass request is for.", + "properties": { + "id": { + "type": "integer", + "description": "The ID of the repository the bypass request is for." + }, + "name": { + "type": "string", + "description": "The name of the repository the bypass request is for." + }, + "full_name": { + "type": "string", + "description": "The full name of the repository the bypass request is for." + } + } + }, + "organization": { + "type": "object", + "description": "The organization associated with the repository the bypass request is for.", + "properties": { + "id": { + "type": "integer", + "description": "The ID of the organization." + }, + "name": { + "type": "string", + "description": "The name of the organization." + } + } + }, + "requester": { + "type": "object", + "description": "The user who requested the bypass.", + "properties": { + "actor_id": { + "type": "integer", + "description": "The ID of the GitHub user who requested the bypass." + }, + "actor_name": { + "type": "string", + "description": "The name of the GitHub user who requested the bypass." + } + } + }, + "request_type": { + "type": "string", + "description": "The type of request." + }, + "data": { + "type": [ + "array", + "null" + ], + "description": "Data describing the push rules that are being requested to be bypassed.", + "items": { + "type": "object", + "properties": { + "secret_type": { + "type": "string", + "description": "The type of secret that secret scanning detected." + }, + "bypass_reason": { + "type": "string", + "enum": [ + "used_in_tests", + "false_positive", + "fix_later" + ], + "description": "The reason the bypass was requested." + }, + "path": { + "type": "string", + "description": "The path in the repo where the secret was located during the request." + }, + "branch": { + "type": "string", + "description": "The branch in the repo where the secret was located during the request." + } + } + } + }, + "resource_identifier": { + "type": "string", + "description": "The unique identifier for the request type of the bypass request. For example, a commit SHA.", + "examples": [ + "827efc6d56897b048c772eb4087f854f46256132" + ] + }, + "status": { + "type": "string", + "description": "The status of the bypass request.", + "enum": [ + "pending", + "denied", + "approved", + "cancelled", + "completed", + "expired", + "open" + ] + }, + "requester_comment": { + "type": [ + "string", + "null" + ], + "description": "The comment the requester provided when creating the bypass request." + }, + "expires_at": { + "type": "string", + "format": "date-time", + "description": "The date and time the bypass request will expire." + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time the bypass request was created." + }, + "responses": { + "type": [ + "array", + "null" + ], + "description": "The responses to the bypass request.", + "items": { + "title": "Bypass response", + "description": "A response made by a delegated bypasser to a bypass request.", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "The ID of the response to the bypass request." + }, + "reviewer": { + "type": "object", + "description": "The user who reviewed the bypass request.", + "properties": { + "actor_id": { + "type": "integer", + "description": "The ID of the GitHub user who reviewed the bypass request." + }, + "actor_name": { + "type": "string", + "description": "The name of the GitHub user who reviewed the bypass request." + } + } + }, + "status": { + "type": "string", + "description": "The response status to the bypass request until dismissed.", + "enum": [ + "approved", + "denied", + "dismissed" + ] + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time the response to the bypass request was created." + } + } + } + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/1" + ] + }, + "html_url": { + "type": "string", + "description": "The URL to view the bypass request in a browser.", + "format": "uri", + "examples": [ + "https://github.com/octo-org/smile/exemptions/1" + ] + } + } + } + } + } + } + ], + "previews": [], + "descriptionHTML": "

List requests to bypass secret scanning push protection in an org.

\n

Delegated bypass must be enabled on repositories in the org and the user must be a bypass reviewer to access this endpoint.\nPersonal access tokens (classic) need the security_events scope to use this endpoint.

", + "statusCodes": [ + { + "httpStatusCode": "200", + "description": "

OK

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + }, + { + "httpStatusCode": "500", + "description": "

Internal Error

" + } + ] + }, + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning", + "title": "List bypass requests for secret scanning for a repository", + "category": "secret-scanning", + "subcategory": "delegated-bypass", + "parameters": [ + { + "name": "owner", + "description": "

The account owner of the repository. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "

The name of the repository without the .git extension. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "reviewer", + "description": "

Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.

", + "in": "query", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "requester", + "description": "

Filter bypass requests by the handle of the GitHub user who requested the bypass.

", + "in": "query", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "time_period", + "description": "

The time period to filter by.

\n

For example, day will filter for rule suites that occurred in the past 24 hours, and week will filter for insights that occurred in the past 7 days (168 hours).

", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "hour", + "day", + "week", + "month" + ], + "default": "day" + } + }, + { + "name": "request_status", + "description": "

The status of the bypass request to filter on. When specified, only requests with this status will be returned.

", + "in": "query", + "required": false, + "schema": { + "type": "string", + "enum": [ + "completed", + "cancelled", + "expired", + "denied", + "open", + "all" + ], + "default": "all" + } + }, + { + "name": "per_page", + "description": "

The number of results per page (max 100). For more information, see \"Using pagination in the REST API.\"

", + "in": "query", + "schema": { + "type": "integer", + "default": 30 + } + }, + { + "name": "page", + "description": "

The page number of the results to fetch. For more information, see \"Using pagination in the REST API.\"

", + "in": "query", + "schema": { + "type": "integer", + "default": 1 + } + } + ], + "bodyParameters": [], + "progAccess": { + "userToServerRest": true, + "serverToServer": false, + "fineGrainedPat": true, + "permissions": [ + { + "\"Secret scanning alerts\" repository permissions": "read" + } + ] + }, + "codeExamples": [ + { + "key": "default", + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "owner": "OWNER", + "repo": "REPO" + } + }, + "response": { + "statusCode": "200", + "contentType": "application/json", + "description": "

A list of the bypass requests.

", + "example": [ + { + "id": 21, + "number": 42, + "repository": { + "id": 1, + "name": "smile", + "full_name": "octo-org/smile" + }, + "organization": { + "id": 1, + "name": "octo-org" + }, + "requester": { + "actor_id": 12, + "actor_name": "monalisa" + }, + "request_type": "secret_scanning", + "data": [ + { + "secret_type": "adafruit_io_key", + "bypass_reason": "used_in_tests", + "path": "/tests/README.md:16:0", + "branch": "refs/heads/main" + } + ], + "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132", + "status": "denied", + "requester_comment": "Test token used in the readme as an example", + "expires_at": "2024-07-08T08:43:03Z", + "created_at": "2024-07-01T08:43:03Z", + "responses": [ + { + "id": 42, + "reviewer": { + "actor_id": 4, + "actor_name": "octocat" + }, + "status": "denied", + "created_at": "2024-07-02T08:43:04Z" + } + ], + "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/1", + "html_url": "https://github.com/octo-org/smile/exemptions/1" + }, + { + "id": 12, + "number": 24, + "repository": { + "id": 1, + "name": "smile", + "full_name": "octo-org/smile" + }, + "organization": { + "id": 1, + "name": "octo-org" + }, + "requester": { + "actor_id": 12, + "actor_name": "monalisa" + }, + "request_type": "secret_scanning", + "data": [ + { + "secret_type": "adafruit_io_key", + "bypass_reason": "fix_later", + "path": "README.md:17:0", + "branch": "refs/heads/my-branch" + } + ], + "resource_identifier": "827efc6d56897b048c772eb4087f854f46255555", + "status": "denied", + "requester_comment": "Token is already revoked, I'll remove it later", + "expires_at": "2024-07-08T07:43:03Z", + "created_at": "2024-07-01T07:43:03Z", + "responses": [ + { + "id": 42, + "reviewer": { + "actor_id": 4, + "actor_name": "octocat" + }, + "status": "denied", + "created_at": "2024-07-02T08:43:04Z" + } + ], + "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/2", + "html_url": "https://github.com/octo-org/smile/exemptions/2" + } + ], + "schema": { + "type": "array", + "items": { + "title": "Secret scanning bypass request", + "description": "A bypass request made by a user asking to be exempted from push protection in this repository.", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "The unique identifier of the bypass request." + }, + "number": { + "type": "integer", + "description": "The number uniquely identifying the bypass request within its repository." + }, + "repository": { + "type": "object", + "description": "The repository the bypass request is for.", + "properties": { + "id": { + "type": "integer", + "description": "The ID of the repository the bypass request is for." + }, + "name": { + "type": "string", + "description": "The name of the repository the bypass request is for." + }, + "full_name": { + "type": "string", + "description": "The full name of the repository the bypass request is for." + } + } + }, + "organization": { + "type": "object", + "description": "The organization associated with the repository the bypass request is for.", + "properties": { + "id": { + "type": "integer", + "description": "The ID of the organization." + }, + "name": { + "type": "string", + "description": "The name of the organization." + } + } + }, + "requester": { + "type": "object", + "description": "The user who requested the bypass.", + "properties": { + "actor_id": { + "type": "integer", + "description": "The ID of the GitHub user who requested the bypass." + }, + "actor_name": { + "type": "string", + "description": "The name of the GitHub user who requested the bypass." + } + } + }, + "request_type": { + "type": "string", + "description": "The type of request." + }, + "data": { + "type": [ + "array", + "null" + ], + "description": "Data describing the push rules that are being requested to be bypassed.", + "items": { + "type": "object", + "properties": { + "secret_type": { + "type": "string", + "description": "The type of secret that secret scanning detected." + }, + "bypass_reason": { + "type": "string", + "enum": [ + "used_in_tests", + "false_positive", + "fix_later" + ], + "description": "The reason the bypass was requested." + }, + "path": { + "type": "string", + "description": "The path in the repo where the secret was located during the request." + }, + "branch": { + "type": "string", + "description": "The branch in the repo where the secret was located during the request." + } + } + } + }, + "resource_identifier": { + "type": "string", + "description": "The unique identifier for the request type of the bypass request. For example, a commit SHA.", + "examples": [ + "827efc6d56897b048c772eb4087f854f46256132" + ] + }, + "status": { + "type": "string", + "description": "The status of the bypass request.", + "enum": [ + "pending", + "denied", + "approved", + "cancelled", + "completed", + "expired", + "open" + ] + }, + "requester_comment": { + "type": [ + "string", + "null" + ], + "description": "The comment the requester provided when creating the bypass request." + }, + "expires_at": { + "type": "string", + "format": "date-time", + "description": "The date and time the bypass request will expire." + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time the bypass request was created." + }, + "responses": { + "type": [ + "array", + "null" + ], + "description": "The responses to the bypass request.", + "items": { + "title": "Bypass response", + "description": "A response made by a delegated bypasser to a bypass request.", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "The ID of the response to the bypass request." + }, + "reviewer": { + "type": "object", + "description": "The user who reviewed the bypass request.", + "properties": { + "actor_id": { + "type": "integer", + "description": "The ID of the GitHub user who reviewed the bypass request." + }, + "actor_name": { + "type": "string", + "description": "The name of the GitHub user who reviewed the bypass request." + } + } + }, + "status": { + "type": "string", + "description": "The response status to the bypass request until dismissed.", + "enum": [ + "approved", + "denied", + "dismissed" + ] + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time the response to the bypass request was created." + } + } + } + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/1" + ] + }, + "html_url": { + "type": "string", + "description": "The URL to view the bypass request in a browser.", + "format": "uri", + "examples": [ + "https://github.com/octo-org/smile/exemptions/1" + ] + } + } + } + } + } + } + ], + "previews": [], + "descriptionHTML": "

Lists requests to bypass secret scanning push protection in a repository.

\n

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint.\nPersonal access tokens (classic) need the security_events scope to use this endpoint.

", + "statusCodes": [ + { + "httpStatusCode": "200", + "description": "

A list of the bypass requests.

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + }, + { + "httpStatusCode": "500", + "description": "

Internal Error

" + } + ] + }, + { + "serverUrl": "https://api.github.com", + "verb": "get", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}", + "title": "Get a bypass request for secret scanning", + "category": "secret-scanning", + "subcategory": "delegated-bypass", + "parameters": [ + { + "name": "owner", + "description": "

The account owner of the repository. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "

The name of the repository without the .git extension. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "bypass_request_number", + "in": "path", + "required": true, + "description": "

The number that identifies the bypass request in a repository.

", + "schema": { + "type": "integer" + } + } + ], + "bodyParameters": [], + "progAccess": { + "userToServerRest": true, + "serverToServer": false, + "fineGrainedPat": true, + "permissions": [ + { + "\"Secret scanning alerts\" repository permissions": "read" + } + ] + }, + "codeExamples": [ + { + "key": "default", + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "owner": "OWNER", + "repo": "REPO", + "bypass_request_number": "BYPASS_REQUEST_NUMBER" + } + }, + "response": { + "statusCode": "200", + "contentType": "application/json", + "description": "

A single bypass request.

", + "example": { + "id": 21, + "number": 42, + "repository": { + "id": 1, + "name": "smile", + "full_name": "octo-org/smile" + }, + "organization": { + "id": 1, + "name": "octo-org" + }, + "requester": { + "actor_id": 12, + "actor_name": "monalisa" + }, + "request_type": "secret_scanning", + "data": [ + { + "secret_type": "adafruit_io_key", + "bypass_reason": "used_in_tests", + "path": "/tests/README.md:16:0", + "branch": "refs/heads/main" + } + ], + "resource_identifier": "827efc6d56897b048c772eb4087f854f46256132", + "status": "denied", + "requester_comment": "Test token used in the readme as an example", + "expires_at": "2024-07-08T08:43:03Z", + "created_at": "2024-07-01T08:43:03Z", + "responses": [ + { + "id": 42, + "reviewer": { + "actor_id": 4, + "actor_name": "octocat" + }, + "status": "denied", + "created_at": "2024-07-02T08:43:04Z" + } + ], + "url": "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/1", + "html_url": "https://github.com/octo-org/smile/exemptions/1" + }, + "schema": { + "title": "Secret scanning bypass request", + "description": "A bypass request made by a user asking to be exempted from push protection in this repository.", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "The unique identifier of the bypass request." + }, + "number": { + "type": "integer", + "description": "The number uniquely identifying the bypass request within its repository." + }, + "repository": { + "type": "object", + "description": "The repository the bypass request is for.", + "properties": { + "id": { + "type": "integer", + "description": "The ID of the repository the bypass request is for." + }, + "name": { + "type": "string", + "description": "The name of the repository the bypass request is for." + }, + "full_name": { + "type": "string", + "description": "The full name of the repository the bypass request is for." + } + } + }, + "organization": { + "type": "object", + "description": "The organization associated with the repository the bypass request is for.", + "properties": { + "id": { + "type": "integer", + "description": "The ID of the organization." + }, + "name": { + "type": "string", + "description": "The name of the organization." + } + } + }, + "requester": { + "type": "object", + "description": "The user who requested the bypass.", + "properties": { + "actor_id": { + "type": "integer", + "description": "The ID of the GitHub user who requested the bypass." + }, + "actor_name": { + "type": "string", + "description": "The name of the GitHub user who requested the bypass." + } + } + }, + "request_type": { + "type": "string", + "description": "The type of request." + }, + "data": { + "type": [ + "array", + "null" + ], + "description": "Data describing the push rules that are being requested to be bypassed.", + "items": { + "type": "object", + "properties": { + "secret_type": { + "type": "string", + "description": "The type of secret that secret scanning detected." + }, + "bypass_reason": { + "type": "string", + "enum": [ + "used_in_tests", + "false_positive", + "fix_later" + ], + "description": "The reason the bypass was requested." + }, + "path": { + "type": "string", + "description": "The path in the repo where the secret was located during the request." + }, + "branch": { + "type": "string", + "description": "The branch in the repo where the secret was located during the request." + } + } + } + }, + "resource_identifier": { + "type": "string", + "description": "The unique identifier for the request type of the bypass request. For example, a commit SHA.", + "examples": [ + "827efc6d56897b048c772eb4087f854f46256132" + ] + }, + "status": { + "type": "string", + "description": "The status of the bypass request.", + "enum": [ + "pending", + "denied", + "approved", + "cancelled", + "completed", + "expired", + "open" + ] + }, + "requester_comment": { + "type": [ + "string", + "null" + ], + "description": "The comment the requester provided when creating the bypass request." + }, + "expires_at": { + "type": "string", + "format": "date-time", + "description": "The date and time the bypass request will expire." + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time the bypass request was created." + }, + "responses": { + "type": [ + "array", + "null" + ], + "description": "The responses to the bypass request.", + "items": { + "title": "Bypass response", + "description": "A response made by a delegated bypasser to a bypass request.", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "The ID of the response to the bypass request." + }, + "reviewer": { + "type": "object", + "description": "The user who reviewed the bypass request.", + "properties": { + "actor_id": { + "type": "integer", + "description": "The ID of the GitHub user who reviewed the bypass request." + }, + "actor_name": { + "type": "string", + "description": "The name of the GitHub user who reviewed the bypass request." + } + } + }, + "status": { + "type": "string", + "description": "The response status to the bypass request until dismissed.", + "enum": [ + "approved", + "denied", + "dismissed" + ] + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time the response to the bypass request was created." + } + } + } + }, + "url": { + "type": "string", + "format": "uri", + "examples": [ + "https://api.github.com/repos/octo-org/smile/bypass-requests/secret-scanning/1" + ] + }, + "html_url": { + "type": "string", + "description": "The URL to view the bypass request in a browser.", + "format": "uri", + "examples": [ + "https://github.com/octo-org/smile/exemptions/1" + ] + } + } + } + } + } + ], + "previews": [], + "descriptionHTML": "

Gets a specific request to bypass secret scanning push protection in a repository.

\n

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint.\nPersonal access tokens (classic) need the security_events scope to use this endpoint.

", + "statusCodes": [ + { + "httpStatusCode": "200", + "description": "

A single bypass request.

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + }, + { + "httpStatusCode": "500", + "description": "

Internal Error

" + } + ] + }, + { + "serverUrl": "https://api.github.com", + "verb": "patch", + "requestPath": "/repos/{owner}/{repo}/bypass-requests/secret-scanning/{bypass_request_number}", + "title": "Review a bypass request for secret scanning", + "category": "secret-scanning", + "subcategory": "delegated-bypass", + "parameters": [ + { + "name": "owner", + "description": "

The account owner of the repository. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "

The name of the repository without the .git extension. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "bypass_request_number", + "in": "path", + "required": true, + "description": "

The number that identifies the bypass request in a repository.

", + "schema": { + "type": "integer" + } + } + ], + "bodyParameters": [ + { + "type": "string", + "name": "status", + "in": "body", + "description": "

The review action to perform on the bypass request.

", + "isRequired": true, + "enum": [ + "approve", + "reject" + ] + }, + { + "type": "string", + "name": "message", + "in": "body", + "description": "

A message to include with the review. Has a maximum character length of 2048.

", + "isRequired": true + } + ], + "progAccess": { + "userToServerRest": true, + "serverToServer": false, + "fineGrainedPat": true, + "permissions": [ + { + "\"Secret scanning alerts\" repository permissions": "read" + } + ] + }, + "codeExamples": [ + { + "key": "default", + "request": { + "contentType": "application/json", + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "bodyParameters": { + "status": "reject", + "message": "This secret has not been revoked." + }, + "parameters": { + "owner": "OWNER", + "repo": "REPO", + "bypass_request_number": "BYPASS_REQUEST_NUMBER" + } + }, + "response": { + "statusCode": "200", + "contentType": "application/json", + "description": "

The review of the bypass request.

", + "example": { + "bypass_review_id": 1 + }, + "schema": { + "type": "object", + "properties": { + "bypass_review_id": { + "type": "integer", + "description": "ID of the bypass review." + } + } + } + } + } + ], + "previews": [], + "descriptionHTML": "

Approve or deny a request to bypass secret scanning push protection in a repository.

\n

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint.\nPersonal access tokens (classic) need the security_events scope to use this endpoint.

", + "statusCodes": [ + { + "httpStatusCode": "200", + "description": "

The review of the bypass request.

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + }, + { + "httpStatusCode": "422", + "description": "

Validation failed, or the endpoint has been spammed.

" + }, + { + "httpStatusCode": "500", + "description": "

Internal Error

" + } + ] + }, + { + "serverUrl": "https://api.github.com", + "verb": "delete", + "requestPath": "/repos/{owner}/{repo}/bypass-responses/secret-scanning/{bypass_response_id}", + "title": "Dismiss a response on a bypass request for secret scanning", + "category": "secret-scanning", + "subcategory": "delegated-bypass", + "parameters": [ + { + "name": "owner", + "description": "

The account owner of the repository. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "repo", + "description": "

The name of the repository without the .git extension. The name is not case sensitive.

", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "bypass_response_id", + "in": "path", + "required": true, + "description": "

ID of the bypass response.

", + "schema": { + "type": "integer" + } + } + ], + "bodyParameters": [], + "progAccess": { + "userToServerRest": true, + "serverToServer": false, + "fineGrainedPat": true, + "permissions": [ + { + "\"Secret scanning alerts\" repository permissions": "read" + } + ] + }, + "codeExamples": [ + { + "key": "default", + "request": { + "description": "Example", + "acceptHeader": "application/vnd.github.v3+json", + "parameters": { + "owner": "OWNER", + "repo": "REPO", + "bypass_response_id": "BYPASS_RESPONSE_ID" + } + }, + "response": { + "statusCode": "204", + "description": "

Review was successfully dismissed.

" + } + } + ], + "previews": [], + "descriptionHTML": "

Dissmiss a response given to a bypass request for secret scanning push protection in a repository.

\n

Delegated bypass must be enabled on the repository and the user must be a bypass reviewer to access this endpoint.\nPersonal access tokens (classic) need the security_events scope to use this endpoint.

", + "statusCodes": [ + { + "httpStatusCode": "204", + "description": "

Review was successfully dismissed.

" + }, + { + "httpStatusCode": "403", + "description": "

Forbidden

" + }, + { + "httpStatusCode": "404", + "description": "

Resource not found

" + }, + { + "httpStatusCode": "422", + "description": "

Validation failed, or the endpoint has been spammed.

" + }, + { + "httpStatusCode": "500", + "description": "

Internal Error

" + } + ] + } ] }, "security-advisories": { diff --git a/src/rest/data/ghes-3.12-2022-11-28/schema.json b/src/rest/data/ghes-3.12-2022-11-28/schema.json index cf7aa51a71e6..3c85c2a8503f 100644 --- a/src/rest/data/ghes-3.12-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.12-2022-11-28/schema.json @@ -333976,7 +333976,7 @@ } ], "previews": [], - "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, and outside collaborators to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub Enterprise Server plan, GitHub Apps need the Organization plan permission.

", + "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, outside collaborators, guest collaborators, repository collaborators, or everyone with access to any repository within the organization to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub Enterprise Server plan, GitHub Apps need the Organization plan permission.

", "statusCodes": [ { "httpStatusCode": "200", diff --git a/src/rest/data/ghes-3.13-2022-11-28/schema.json b/src/rest/data/ghes-3.13-2022-11-28/schema.json index 576bbec25d91..6e5ddf4b6e3f 100644 --- a/src/rest/data/ghes-3.13-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.13-2022-11-28/schema.json @@ -334250,7 +334250,7 @@ } ], "previews": [], - "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, and outside collaborators to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub Enterprise Server plan, GitHub Apps need the Organization plan permission.

", + "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, outside collaborators, guest collaborators, repository collaborators, or everyone with access to any repository within the organization to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub Enterprise Server plan, GitHub Apps need the Organization plan permission.

", "statusCodes": [ { "httpStatusCode": "200", diff --git a/src/rest/data/ghes-3.14-2022-11-28/schema.json b/src/rest/data/ghes-3.14-2022-11-28/schema.json index 970368be2446..6339ab21aad5 100644 --- a/src/rest/data/ghes-3.14-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.14-2022-11-28/schema.json @@ -334256,7 +334256,7 @@ } ], "previews": [], - "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, and outside collaborators to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub Enterprise Server plan, GitHub Apps need the Organization plan permission.

", + "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, outside collaborators, guest collaborators, repository collaborators, or everyone with access to any repository within the organization to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub Enterprise Server plan, GitHub Apps need the Organization plan permission.

", "statusCodes": [ { "httpStatusCode": "200", diff --git a/src/rest/data/ghes-3.15-2022-11-28/schema.json b/src/rest/data/ghes-3.15-2022-11-28/schema.json index b17f562e8a16..5811d8f24416 100644 --- a/src/rest/data/ghes-3.15-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.15-2022-11-28/schema.json @@ -160463,6 +160463,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -160695,6 +160704,17 @@ ], "default": "disabled" }, + { + "type": "string", + "name": "secret_scanning_delegated_alert_dismissal", + "in": "body", + "description": "

The enablement status of secret scanning delegated alert dismissal

", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, { "type": "string", "name": "private_vulnerability_reporting", @@ -160918,6 +160938,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -161217,6 +161246,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -161575,6 +161613,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -161807,6 +161854,17 @@ "not_set" ] }, + { + "type": "string", + "name": "secret_scanning_delegated_alert_dismissal", + "in": "body", + "description": "

The enablement status of secret scanning delegated alert dismissal

", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, { "type": "string", "name": "private_vulnerability_reporting", @@ -162026,6 +162084,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -162502,6 +162569,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -163383,6 +163459,7 @@ "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", + "secret_scanning_delegated_alert_dismissal": "disabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325", @@ -163553,6 +163630,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -337577,7 +337663,7 @@ } ], "previews": [], - "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, and outside collaborators to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub Enterprise Server plan, GitHub Apps need the Organization plan permission.

", + "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, outside collaborators, guest collaborators, repository collaborators, or everyone with access to any repository within the organization to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub Enterprise Server plan, GitHub Apps need the Organization plan permission.

", "statusCodes": [ { "httpStatusCode": "200", diff --git a/src/rest/data/ghes-3.16-2022-11-28/schema.json b/src/rest/data/ghes-3.16-2022-11-28/schema.json index e9c0f5487c07..4ec157fb207a 100644 --- a/src/rest/data/ghes-3.16-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.16-2022-11-28/schema.json @@ -160710,6 +160710,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -161170,6 +161179,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -161506,6 +161524,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -161793,6 +161820,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -162250,6 +162286,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -162758,6 +162803,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -163877,6 +163931,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -164132,6 +164195,17 @@ ], "default": "disabled" }, + { + "type": "string", + "name": "secret_scanning_delegated_alert_dismissal", + "in": "body", + "description": "

The enablement status of secret scanning delegated alert dismissal

", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, { "type": "string", "name": "private_vulnerability_reporting", @@ -164388,6 +164462,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -164716,6 +164799,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -165107,6 +165199,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -165362,6 +165463,17 @@ "not_set" ] }, + { + "type": "string", + "name": "secret_scanning_delegated_alert_dismissal", + "in": "body", + "description": "

The enablement status of secret scanning delegated alert dismissal

", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, { "type": "string", "name": "private_vulnerability_reporting", @@ -165614,6 +165726,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -166123,6 +166244,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -167004,6 +167134,7 @@ "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", + "secret_scanning_delegated_alert_dismissal": "disabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325", @@ -167203,6 +167334,15 @@ "not_set" ] }, + "secret_scanning_delegated_alert_dismissal": { + "type": "string", + "description": "The enablement status of secret scanning delegated alert dismissal", + "enum": [ + "enabled", + "disabled", + "not_set" + ] + }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", @@ -215195,10 +215335,8 @@ "signup_enabled": false, "github_hostname": "ghe.local", "identicons_host": "dotcom", - "http_proxy": null, "auth_mode": "default", "expire_sessions": false, - "admin_password": null, "configuration_id": 1401777404, "configuration_run_count": 4, "avatar": { @@ -215293,7 +215431,6 @@ "primary_server": "0.pool.ntp.org", "secondary_server": "1.pool.ntp.org" }, - "timezone": null, "snmp": { "enabled": false, "community": "" @@ -215303,7 +215440,6 @@ "server": null, "protocol_name": "udp" }, - "assets": null, "pages": { "enabled": true }, @@ -215321,7 +215457,10 @@ "basemap": "company.map-qsz2zrvs", "token": null }, - "load_balancer": null + "prometheus": { + "enabled": false, + "trusted_ips": "10.0.0.1, 192.168.1.0/8" + } }, "schema": { "type": "object", @@ -215800,6 +215939,20 @@ "string", "null" ] + }, + "prometheus": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "trusted_ips": { + "type": [ + "string", + "null" + ] + } + } } } } @@ -342867,7 +343020,7 @@ } ], "previews": [], - "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, and outside collaborators to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub Enterprise Server plan, GitHub Apps need the Organization plan permission.

", + "descriptionHTML": "

Gets information about an organization.

\n

When the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, outside collaborators, guest collaborators, repository collaborators, or everyone with access to any repository within the organization to enable two-factor authentication.

\n

To see the full details about an organization, the authenticated user must be an organization owner.

\n

OAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.

\n

To see information about an organization's GitHub Enterprise Server plan, GitHub Apps need the Organization plan permission.

", "statusCodes": [ { "httpStatusCode": "200", diff --git a/src/rest/lib/config.json b/src/rest/lib/config.json index 253be7121c2c..5a7defe95c60 100644 --- a/src/rest/lib/config.json +++ b/src/rest/lib/config.json @@ -47,5 +47,5 @@ ] } }, - "sha": "2d90b0feb3246497649850821757a0eeec84e915" + "sha": "04c2dd07097565bce579c288d92a4be14dc99bf6" } \ No newline at end of file diff --git a/src/search/components/input/AskAIResults.tsx b/src/search/components/input/AskAIResults.tsx index 4cb299ae9ec1..16e153cd52e8 100644 --- a/src/search/components/input/AskAIResults.tsx +++ b/src/search/components/input/AskAIResults.tsx @@ -70,6 +70,17 @@ export function AskAIResults({ sendAISearchResultEvent([], cannedResponse, askAIEventGroupId.current, true) setMessage(cannedResponse) setReferences([]) + setItem( + query, + { + query, + message: cannedResponse, + sources: [], + aiCouldNotAnswer: true, + }, + version, + router.locale || 'en', + ) } // On query change, fetch the new results diff --git a/src/search/middleware/ai-search.ts b/src/search/middleware/ai-search.ts index 1c6ea55a96f0..1b2416f140fc 100644 --- a/src/search/middleware/ai-search.ts +++ b/src/search/middleware/ai-search.ts @@ -2,17 +2,9 @@ import express, { Request, Response } from 'express' import catchMiddlewareError from '#src/observability/middleware/catch-middleware-error.js' import { aiSearchProxy } from '../lib/ai-search-proxy' -import { createRateLimiter } from '#src/shielding/middleware/rate-limit.js' import { noCacheControl } from '#src/frame/middleware/cache-control.js' const router = express.Router() -if (process.env.NODE_ENV === 'test') { - router.use(createRateLimiter(7)) // set to 7 so last test in api-ai-search.ts will exceed rate limit -} else if (process.env.NODE_ENV === 'development') { - router.use(createRateLimiter(10)) // just 1 worker in dev so 10 requests per minute allowed -} else if (process.env.NODE_ENV === 'production') { - router.use(createRateLimiter(1)) // 1 * 25 requests per minute for prod -} router.post( '/v1', diff --git a/src/search/middleware/search-routes.ts b/src/search/middleware/search-routes.ts index 5bf8f99a0288..2590b48ade89 100644 --- a/src/search/middleware/search-routes.ts +++ b/src/search/middleware/search-routes.ts @@ -18,12 +18,8 @@ import { getAISearchAutocompleteResults } from '@/search/lib/get-elasticsearch-r import { getSearchFromRequestParams } from '@/search/lib/search-request-params/get-search-from-request-params' import { getGeneralSearchResults } from '@/search/lib/get-elasticsearch-results/general-search' import { combinedSearchRoute } from '@/search/lib/routes/combined-search-route' -import { createRateLimiter } from '@/shielding/middleware/rate-limit.js' const router = express.Router() -if (process.env.NODE_ENV !== 'test') { - router.use(createRateLimiter(30)) // 30 requests per minute allowed -} router.get('/legacy', (req: Request, res: Response) => { res.status(410).send('Use /api/search/v1 instead.') diff --git a/src/search/tests/api-ai-search.ts b/src/search/tests/api-ai-search.ts index 0acce0581e7f..a17d3c5b17ec 100644 --- a/src/search/tests/api-ai-search.ts +++ b/src/search/tests/api-ai-search.ts @@ -82,41 +82,6 @@ describe('AI Search Routes', () => { expect(receivedMessage).toBe(expectedMessage) }) - // We can't actually trigger a full rate limit because - // then all other tests will all fail. And we can't rely on this - // test always being run last. - test('should respect rate limiting', async () => { - let apiBody = { query: 'How do I create a Repository?', language: 'en', version: 'dotcom' } - - const response = await fetch('http://localhost:4000/api/ai-search/v1', { - method: 'POST', - headers: { 'Content-Type': 'application/json' }, - body: JSON.stringify(apiBody), - }) - - expect(response.ok).toBe(true) - expect(response.status).toBe(200) - const limit = parseInt(response.headers.get('ratelimit-limit') || '0') - const remaining = parseInt(response.headers.get('ratelimit-remaining') || '0') - expect(limit).toBeGreaterThan(0) - expect(remaining).toBeLessThan(limit) - - const response2 = await fetch('http://localhost:4000/api/ai-search/v1', { - method: 'POST', - headers: { 'Content-Type': 'application/json' }, - body: JSON.stringify(apiBody), - }) - - expect(response2.ok).toBe(true) - expect(response2.status).toBe(200) - const newLimit = parseInt(response2.headers.get('ratelimit-limit') || '0') - const newRemaining = parseInt(response2.headers.get('ratelimit-remaining') || '0') - expect(newLimit).toBe(limit) - // Can't rely on `newRemaining == remaining - 1` because of - // concurrency of test-running. - expect(newRemaining).toBeLessThan(remaining) - }) - test('should handle validation errors: query missing', async () => { let body = { language: 'en', version: 'dotcom' } const response = await post('/api/ai-search/v1', { @@ -187,13 +152,46 @@ describe('AI Search Routes', () => { test('should rate limit when total number of requests exceeds max amount', async () => { let apiBody = { query: 'How do I create a Repository?', language: 'en', version: 'dotcom' } + // First request isn't rate limited const response = await fetch('http://localhost:4000/api/ai-search/v1', { method: 'POST', - headers: { 'Content-Type': 'application/json' }, + headers: { 'Content-Type': 'application/json', 'fastly-client-ip': 'abc' }, body: JSON.stringify(apiBody), }) - expect(response.ok).toBe(false) - expect(response.status).toBe(429) + expect(response.ok).toBe(true) + expect(response.status).toBe(200) + const limit = parseInt(response.headers.get('ratelimit-limit') || '0') + const remaining = parseInt(response.headers.get('ratelimit-remaining') || '0') + expect(limit).toEqual(2) + expect(remaining).toBeLessThan(limit) + + // Second request uses our last unused rate limit + const response2 = await fetch('http://localhost:4000/api/ai-search/v1', { + method: 'POST', + headers: { 'Content-Type': 'application/json', 'fastly-client-ip': 'abc' }, + body: JSON.stringify(apiBody), + }) + + expect(response2.ok).toBe(true) + expect(response2.status).toBe(200) + let newLimit = parseInt(response2.headers.get('ratelimit-limit') || '0') + let newRemaining = parseInt(response2.headers.get('ratelimit-remaining') || '0') + expect(newLimit).toBe(limit) + expect(newRemaining).toBeLessThan(remaining) + + // Our third request should be rate limited + const response3 = await fetch('http://localhost:4000/api/ai-search/v1', { + method: 'POST', + headers: { 'Content-Type': 'application/json', 'fastly-client-ip': 'abc' }, + body: JSON.stringify(apiBody), + }) + + expect(response3.ok).toBe(false) + expect(response3.status).toBe(429) + newLimit = parseInt(response3.headers.get('ratelimit-limit') || '0') + newRemaining = parseInt(response3.headers.get('ratelimit-remaining') || '0') + expect(newLimit).toBe(limit) + expect(newRemaining).toBe(0) }) }) diff --git a/src/secret-scanning/data/public-docs.yml b/src/secret-scanning/data/public-docs.yml index 4d96bd0ae10a..908c13d8b62e 100644 --- a/src/secret-scanning/data/public-docs.yml +++ b/src/secret-scanning/data/public-docs.yml @@ -2371,6 +2371,28 @@ hasPushProtection: false hasValidityCheck: false isduplicate: false +- provider: Neon + supportedSecret: Neon API Key + secretType: neon_api_key + versions: + fpt: '*' + ghec: '*' + isPublic: true + isPrivateWithGhas: false + hasPushProtection: false + hasValidityCheck: false + isduplicate: false +- provider: Neon + supportedSecret: Neon Connection URI + secretType: neon_connection_uri + versions: + fpt: '*' + ghec: '*' + isPublic: true + isPrivateWithGhas: false + hasPushProtection: false + hasValidityCheck: false + isduplicate: false - provider: Netflix supportedSecret: Netflix NetKey secretType: netflix_netkey diff --git a/src/secret-scanning/lib/config.json b/src/secret-scanning/lib/config.json index 03ef394f775a..31a6963067e0 100644 --- a/src/secret-scanning/lib/config.json +++ b/src/secret-scanning/lib/config.json @@ -1,5 +1,5 @@ { - "sha": "c1d54b30a2779d3250e4c257fd0f02a8e6258787", - "blob-sha": "279704983e923e7b2ec8ccc784d68492d16e0d9a", + "sha": "41a37ba22cf8e550866803244f78ea64692bcacb", + "blob-sha": "87b4eeb8bed2c3b86a8aaa9f388f7a583931d35f", "targetFilename": "code-security/secret-scanning/introduction/supported-secret-scanning-patterns" } \ No newline at end of file diff --git a/src/shielding/README.md b/src/shielding/README.md index 2907827a053c..b7b5cfbed529 100644 --- a/src/shielding/README.md +++ b/src/shielding/README.md @@ -2,7 +2,7 @@ ## Overview -Essentially code in our server that controls the prevention of "junk requests" is scripted HTTP requests to endpoints that are *not* made by regular browser users. +Essentially code in our server that controls the prevention of "junk requests" is scripted HTTP requests to endpoints that are _not_ made by regular browser users. For example, there's middleware code that sees if a `GET` request comes in with a bunch of random looking query strings keys. This would cause a PASS on the CDN but would not actually matter to the rendering. In this @@ -11,7 +11,7 @@ without the unrecognized query string keys so that if the request follows redirects, the eventual 200 would be normalized by a common URL so the CDN can serve a HIT. -Here's an in-time discussion post that summaries the *need* and much of the +Here's an in-time discussion post that summaries the _need_ and much of the recent things we've done to fortify our backend servers to avoid unnecessary work loads: @@ -19,18 +19,23 @@ work loads: ## How it works -At its root, the `src/shielding/frame/middleware/index.js` is injected into our +At its root, the `src/shielding/frame/middleware/index.ts` is injected into our Express server. From there, it loads all its individual middleware handlers. Each middleware is one file that focuses on a single use-case. The use-cases are borne from studying log files to spot patterns of request abuse. -## Notes +> [!NOTE] +> Some shielding "tricks" appear in other places throughout the code +> base such as controlling the 404 response for `/assets/*` URLs. -- The best place to do shielding is as close to the client(s) as possible, -i.e. in the CDN. Having the code in our own backend -has the advantage that it's easier to write custom business logic -along with end-to-end tests. -- Some shielding "tricks" appear in other places throughout the code -base such as controlling the 404 response for `/assets/*` URLs. +## Rate limiting + +We rate limit at multiple levels: + +1. CDN (Fastly) +2. All routes via [src/shielding/frame/index.ts](./middleware/index.ts) and the `createRateLimiter()` middleware. + - These routes are _only_ rate limited if they are deemed suspicious based on parameters we check. +3. API routes via their declaration in [src/frame/middleware/api.ts](../frame/middleware/api.ts) using the `createRateLimiter()` middleware. + - These routes are limited to a certain # of requests per minute, regardless of what the request looks like. diff --git a/src/shielding/middleware/rate-limit.ts b/src/shielding/middleware/rate-limit.ts index 1a304f182e43..ae98144aa282 100644 --- a/src/shielding/middleware/rate-limit.ts +++ b/src/shielding/middleware/rate-limit.ts @@ -7,14 +7,15 @@ import { noCacheControl } from '@/frame/middleware/cache-control.js' const EXPIRES_IN_AS_SECONDS = 60 -const MAX = process.env.RATE_LIMIT_MAX ? parseInt(process.env.RATE_LIMIT_MAX, 10) : 100 +const MAX = process.env.RATE_LIMIT_MAX ? parseInt(process.env.RATE_LIMIT_MAX, 10) : 50 if (isNaN(MAX)) { throw new Error(`process.env.RATE_LIMIT_MAX (${process.env.RATE_LIMIT_MAX}) not a number`) } -const ipv4WithPort = /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):\d{1,5}$/ - -export function createRateLimiter(max = MAX) { +// We apply this rate limiter to _all_ routes in src/shielding/index.ts except for `/api/*` routes +// `/api/*` routes are rate limited on a more specific basis in frame/api/index.ts +// When creating a limiter for `/api/*` routes, we need to pass `true` as the second argument +export function createRateLimiter(max = MAX, isAPILimiter = false) { return rateLimit({ // 1 minute windowMs: EXPIRES_IN_AS_SECONDS * 1000, @@ -31,34 +32,32 @@ export function createRateLimiter(max = MAX) { legacyHeaders: false, keyGenerator: (req) => { - let { ip } = req - // In our review environments, with the way the proxying works, - // the `x-forwarded-for` is always the origin IP with a port number - // attached. E.g. `75.40.90.27:56675, 169.254.129.1` - // This port number portion changes with every request, so we strip it. - ip = (ip || '').replace(ipv4WithPort, '$1') - - return ip + return getClientIPFromReq(req) }, skip: (req) => { - // Always ignore these - if (req.path === '/api/events') return true - // Always rate limit these routes - const dontSkip = - req.originalUrl.includes('/api/search') || req.originalUrl.includes('/api/ai-search') - // If the query string looks totally regular, then skip - if (!isSuspiciousRequest(req) && !dontSkip) return true - - // This is so we can get a sense of how many requests are being - // treated as suspicious. They don't necessarily get rate limited. - const tags = [ - `url:${req.url}`, - `ip:${req.ip}`, - `path:${req.path}`, - `qs:${req.url.split('?')[1]}`, - ] - + const ip = getClientIPFromReq(req) + // IP is empty when we are in a non-production (not behind Fastly) environment + // In these environments, we don't want to rate limit (including tests) + // However, if you want to test rate limiting locally, you can manually set + // the `fastly-client-ip` header to your IP address to bypass this check set the + if (ip === '') { + return true + } + + // We handle /api/* routes with a separate rate limiter + // When it is a separate rate limiter, isAPILimiter will be passed as true + if (req.path.startsWith('/api/') || isAPILimiter) { + return false + } + + // If the request is not suspicious, don't rate limit it + if (!isSuspiciousRequest(req)) { + return true + } + + // At this point, a request is suspicious. We want to track how many are in datadog + const tags = [`url:${req.url}`, `ip:${ip}`, `path:${req.path}`, `qs:${req.url.split('?')[1]}`] statsd.increment('middleware.rate_limit_dont_skip', 1, tags) return false @@ -73,6 +72,18 @@ export function createRateLimiter(max = MAX) { }) } +function getClientIPFromReq(req: Request) { + // Moda forwards the client's IP using the `fastly-client-ip` header. + // However, in non-fastly environments, this header is not present. + // Staging is behind Okta, so we don't need to rate limit there. + let ip = req?.headers?.['fastly-client-ip'] || '' + // This is to satisfy TypeScript since a header could be a string array, but fastly-client-ip is not + if (typeof ip !== 'string') { + ip = '' + } + return ip +} + const RECOGNIZED_KEYS_BY_PREFIX = { '/_next/data/': ['versionId', 'productId', 'restPage', 'apiVersion', 'category', 'subcategory'], '/api/search': ['query', 'language', 'version', 'page', 'product', 'autocomplete', 'limit'], diff --git a/src/shielding/tests/shielding.ts b/src/shielding/tests/shielding.ts index 93d0bb882618..7d72943bf415 100644 --- a/src/shielding/tests/shielding.ts +++ b/src/shielding/tests/shielding.ts @@ -100,7 +100,13 @@ describe('rate limiting', () => { // test always being run last. test('only happens if you have junk query strings', async () => { - const res = await get('/robots.txt?foo=bar') + const res = await get('/robots.txt?foo=bar', { + headers: { + // Rate limiting only happens in production, so we need to + // make the environment look like production. + 'fastly-client-ip': 'abc', + }, + }) expect(res.statusCode).toBe(200) const limit = parseInt(res.headers['ratelimit-limit']) const remaining = parseInt(res.headers['ratelimit-remaining']) @@ -109,7 +115,11 @@ describe('rate limiting', () => { // A second request { - const res = await get('/robots.txt?foo=buzz') + const res = await get('/robots.txt?foo=buzz', { + headers: { + 'fastly-client-ip': 'abc', + }, + }) expect(res.statusCode).toBe(200) const newLimit = parseInt(res.headers['ratelimit-limit']) const newRemaining = parseInt(res.headers['ratelimit-remaining']) diff --git a/src/webhooks/lib/config.json b/src/webhooks/lib/config.json index 557716946839..0789b71b7a36 100644 --- a/src/webhooks/lib/config.json +++ b/src/webhooks/lib/config.json @@ -1,3 +1,3 @@ { - "sha": "2d90b0feb3246497649850821757a0eeec84e915" + "sha": "04c2dd07097565bce579c288d92a4be14dc99bf6" } \ No newline at end of file