Merge pull request #35550 from github/repo-sync

Repo sync

content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md

@@ -18,10 +18,16 @@ To help you enforce business rules and regulatory compliance, policies provide a
 
 For example, with the "Base permissions" policy, you can allow organization owners to configure the "Base permissions" policy for their organization, or you can enforce a specific base permissions level, such as "Read", for all organizations within the enterprise.
 
-By default, no enterprise policies are enforced. To identify policies that should be enforced to meet the unique requirements of your business, we recommend reviewing all the available policies in your enterprise account, starting with repository management policies. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise)."
+## Enforcing policies
+
+By default, no enterprise policies are enforced. To identify policies that should be enforced to meet the unique requirements of your business, we recommend reviewing all the available policies in your enterprise account, starting with repository management policies.
 
 While you're configuring enterprise policies, to help you understand the impact of changing each policy, you can view the current configurations for the organizations owned by your enterprise.
 
+{% data reusables.enterprise.repo-policy-rules-alternative %}
+
+For a full list of repository management policies, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise)."
+
 {% ifversion ghes %}
 Another way to enforce standards within your enterprise is to use pre-receive hooks, which are scripts that run on {% data variables.location.product_location %} to implement quality checks. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks)."
 {% endif %}

content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md

@@ -48,7 +48,11 @@ shortTitle: Repository management policies
 
 ## About policies for repository management in your enterprise
 
-You can enforce policies to control how members of your enterprise on {% data variables.product.product_name %} manage repositories. You can also allow organization owners to manage policies for repository management. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories)" and "[AUTOTITLE](/organizations)."
+You can enforce policies to control how members of your enterprise on {% data variables.product.product_name %} manage repositories. You can also allow organization owners to manage policies for repository management.
+
+{% ifversion repo-policy-rules %}
+>[!NOTE] This page describes the policies you can set on the "Member privileges" page in your enterprise settings. Certain restrictions, such as who can create, delete, or transfer repositories, are also available in a **repository policy**. Repository policies give you more flexibility over which users are affected and which organizations and repositories are targeted. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise)."
+{% endif %}
 
 {% ifversion ghes %}
 
@@ -197,7 +201,8 @@ Across all organizations owned by your enterprise, you can allow members with ad
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
-1. On the **Repository policies** tab, under "Repository issue deletion", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
+{% data reusables.enterprise-accounts.repositories-tab %}
+1. Under "Repository issue deletion", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
 1. Under "Repository issue deletion", select the dropdown menu and click a policy.
 
 {% ifversion ghes %}

content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise.md

@@ -0,0 +1,76 @@
+---
+title: Governing how people use repositories in your enterprise
+intro: "Create a repository policy to control who can do things like create and delete repositories."
+permissions: Enterprise owners
+versions:
+  feature: repo-policy-rules
+type: how_to
+topics:
+  - Enterprise
+  - Repositories
+shortTitle: Govern repository usage
+---
+
+{% data reusables.enterprise.repo-policy-rules-preview %}
+
+{% data reusables.enterprise.repo-policy-rules-intro %}
+
+>[!TIP] If you're an **organization owner**, you can create a repository policy for a specific organization. See "[AUTOTITLE](/organizations/managing-organization-settings/governing-how-people-use-repositories-in-your-organization)."
+
+## Examples
+
+{% data reusables.enterprise.repo-policy-rules-examples %}
+
+## How will I target repositories?
+
+First, you'll target organizations in your enterprise. You can select all organizations, choose from a list, or create a dynamic rule using `fnmatch` syntax. If you use {% data variables.product.prodname_emus %}, you can also choose to target all repositories owned by users in your enterprise.
+
+Then, you'll target repositories in the selected organizations. {% data reusables.enterprise.repo-policy-rules-with-custom-properties %}
+
+## Interaction with other policies
+
+{% data reusables.enterprise.repo-policy-rules-with-existing-policies %}
+* They're visible to organization owners, so there is more transparency around what is permitted.
+* They allow you to target repositories owned by {% data variables.product.prodname_emus %}.
+
+## Creating a repository policy
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+1. Under "Policies", click **Repository**.
+1. Click **New policy**.
+1. Configure your new policy, then click **Create**. For help, consult the following subsections.
+
+### Policy name
+
+Use something descriptive to communicate the purpose of the policy. Organization owners can view the policy, so good names help add clarity. For example: `Prevent public repos on production`.
+
+### Enforcement status
+
+{% data reusables.enterprise.repo-policy-rules-enforcement %}
+
+### Allow list
+
+{% data reusables.enterprise.repo-policy-rules-allow-list %}
+
+### Targets
+
+Choose which organizations and repositories the policy applies to.
+
+#### Target organizations
+
+Select all organizations, choose a selection of existing organizations, or set a dynamic list by name. If you use {% data variables.product.prodname_emus %}, you can also choose to target all repositories owned by users in your enterprise.
+
+If you set a dynamic list, you'll add one or more naming patterns using `fnmatch` syntax. For example, the string `*open-source` would match any organization with a name that ends with `open-source`. For syntax details, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#using-fnmatch-syntax)."
+
+#### Target repositories
+
+Choose which repositories (current or future) to target in the selected organizations. You can select all repositories or set a dynamic list by custom property.
+
+### Policies
+
+{% data reusables.enterprise.repo-policy-rules-policies-section %}
+
+## Further reading
+
+To set additional policies for repository management, see "[AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise)."

content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/index.md

@@ -11,8 +11,10 @@ versions:
 topics:
   - Enterprise
 children:
+  - /governing-how-people-use-repositories-in-your-enterprise
   - /viewing-user-owned-repositories-in-your-enterprise
   - /accessing-user-owned-repositories-in-your-enterprise
+  - /managing-custom-properties-for-repositories-in-your-enterprise
   - /configuring-git-large-file-storage-for-your-enterprise
   - /disabling-git-ssh-access-on-your-enterprise
   - /locking-a-repository

content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/managing-custom-properties-for-repositories-in-your-enterprise.md

@@ -0,0 +1,44 @@
+---
+title: Managing custom properties for repositories in your enterprise
+intro: 'Create custom properties to give organizations a consistent way to categorize repositories.'
+permissions: Enterprise owners
+versions:
+  ghec: '*'
+topics:
+  - Repositories
+shortTitle: Custom properties
+---
+
+> [!NOTE] Custom properties for your enterprise are in {% data variables.release-phases.public_preview %} and subject to change.
+
+Custom properties allow you to decorate your repositories with information such as compliance frameworks, data sensitivity, or project details. Custom properties are private and can only be viewed by people with read permissions to the repository. An enterprise can have up to 100 property definitions. An allowed value list can have up to 200 items.
+
+Defining custom properties at the enterprise level allows you to create consistent values that users can apply to repositories. With custom properties in place, you can apply consistent governance across repositories in your enterprise by creating a ruleset or repository policy targeting repositories with certain properties. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise)."
+
+## Allowed characters
+
+{% data reusables.repositories.custom-property-allowed-characters %}
+
+## Who can set and view values for custom properties I define?
+
+After you define a custom property, users can set a value for that property in repositories in the enterprise. See "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization#setting-values-for-repositories-in-your-organization)."
+
+* As an enterprise owner, you can set a default value for required properties.
+* Organization owners can set values in their organization, either across repositories or at the repository level.
+* If enabled, people with repository access, or the `custom properties` fine-grained permission, can set and update the property value for their repository.
+
+People with read permissions to a repository can view the custom property values for that repository.
+
+Additionally, organization owners can search for repositories in their organization by custom property values. See "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization#searching-and-filtering-repositories-by-custom-property-values)."
+
+## Adding custom properties
+
+You can add custom properties to your enterprise to make those properties available in all of your orgaizations.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+1. In the left sidebar, under "Policies", click **Custom properties**.
+1. To add a new custom property, in the upper-right corner, click **New property**.
+1. Enter a name, description, and type for the custom property. The name must be unique across all of your organizations, and cannot contain spaces.
+1. Optionally, select **Allow repository actors to set this property**. When enabled, repository users and apps with the repository-level `custom properties` fine-grained permission will be able to set and update the property value for their repository. Additionally, any actor creating a repository can set the property on the repository.
+1. Optionally, select **Require this property for all repositories** and add a default value. This means that you require that all repositories in your enterprise have a value for this property. Repositories that don’t have an explicit value for this property will inherit the default value.
+1. Click **Save property**.

content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md

@@ -46,9 +46,14 @@ To search for specific events, use the `action` qualifier in your query. Actions
 | {% ifversion fpt or ghec %} |
 | `billing` | Contains all activities related to your organization's billing.
 | `business` | Contains activities related to business settings for an enterprise. |
-| `codespaces` | Contains all activities related to your organization's codespaces. |
 | {% endif %} |
+| {% ifversion fpt or ghec or ghes > 3.16 %} |
+| `code-scanning` | Contains all activities related to your organization's code scanning alerts. |
+| {% endif %} |
+| {% ifversion fpt or ghec %} |
+| `codespaces` | Contains all activities related to your organization's codespaces. |
 | `copilot` | Contains all activities related to your {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription.
+| {% endif %} |
 | `dependabot_alerts` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
 | `dependabot_alerts_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in new repositories created in the organization.
 | `dependabot_security_updates` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)."

content/organizations/managing-organization-settings/governing-how-people-use-repositories-in-your-organization.md

@@ -0,0 +1,64 @@
+---
+title: Governing how people use repositories in your organization
+intro: "Create a repository policy to control who can do things like create and delete repositories."
+permissions: Organization owners
+versions:
+  feature: repo-policy-rules
+type: how_to
+topics:
+  - Repositories
+shortTitle: Govern repository usage
+---
+
+{% data reusables.enterprise.repo-policy-rules-preview %}
+
+{% data reusables.enterprise.repo-policy-rules-intro %}
+
+>[!TIP] If you're an **enterprise owner**, you can create a repository policy that applies to multiple organizations. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise)."
+
+## Examples
+
+{% data reusables.enterprise.repo-policy-rules-examples %}
+
+## How will I target repositories?
+
+{% data reusables.enterprise.repo-policy-rules-with-custom-properties %}
+
+As an alternative to custom properties, you can choose from a list of repositories or use `fnmatch` syntax to target repositories with certain naming patterns.
+
+## Interaction with other policies
+
+{% data reusables.enterprise.repo-policy-rules-with-existing-policies %}
+
+## Creating a repository policy
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+1. On the left side of the page, in the sidebar, click **{% octicon "law" aria-hidden="true" %} Policies**.
+1. Under "Policies", click **Repository**.
+1. Click **New policy**.
+1. Configure your new policy, then click **Create**. For help, consult the following subsections.
+
+### Policy name
+
+Use something descriptive to communicate the purpose of the policy. For example: `Prevent public repos on production`.
+
+### Enforcement status
+
+{% data reusables.enterprise.repo-policy-rules-enforcement %}
+
+### Allow list
+
+{% data reusables.enterprise.repo-policy-rules-allow-list %}
+
+### Targets
+
+Choose which repositories in the organization the policy applies to. You can select all repositories, choose a selection of existing repositories, or create a dynamic rule by name or custom property for current and future repositories.
+
+If you set a dynamic list by name, you'll add one or more naming patterns using `fnmatch` syntax.
+* For example, the string `*open-source` would match any repository with a name that ends with `open-source`. For syntax details, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#using-fnmatch-syntax)."
+* Optionally, you can prevent anyone outside the allow list from renaming the selected repositories. Alternatively, you can control the format of names in the "Policies" section.
+
+### Policies
+
+{% data reusables.enterprise.repo-policy-rules-policies-section %}

content/organizations/managing-organization-settings/index.md

@@ -16,6 +16,7 @@ children:
   - /verifying-or-approving-a-domain-for-your-organization
   - /renaming-an-organization
   - /transferring-organization-ownership
+  - /governing-how-people-use-repositories-in-your-organization
   - /restricting-repository-creation-in-your-organization
   - /setting-permissions-for-deleting-or-transferring-repositories
   - /restricting-repository-visibility-changes-in-your-organization

content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md

@@ -13,16 +13,19 @@ shortTitle: Custom properties
 
 Custom properties allow you to decorate your repositories with information such as compliance frameworks, data sensitivity, or project details. Custom properties are private and can only be viewed by people with read permissions to the repository.
 
+An organization can have up to 100 property definitions. An allowed value list can have up to 200 items.
+
 {% ifversion ghec or ghes %}
 You can use repository properties to determine which repositories to target with a ruleset. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/creating-rulesets-for-repositories-in-your-organization#targeting-repositories-by-properties-in-your-organization)."
 {% endif %}
 
-## Allowed characters
+{% ifversion ghec %}
+You can define custom properties at the enterprise level to create a consistent experience across organizations. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/managing-custom-properties-for-repositories-in-your-enterprise)".
+{% endif %}
 
-Custom property names and values may only contain certain characters:
+## Allowed characters
 
-* Names: `a-z`, `A-Z`, `0-9`, `_`, `-`, `$`, `#`.
-* Values: All printable ASCII characters except `"`.
+{% data reusables.repositories.custom-property-allowed-characters %}
 
 ## Adding custom properties
 
@@ -36,7 +39,7 @@ You can add custom properties to your organization and set values for those prop
 1. To add a new custom property, click **New property** in the upper right corner.
 1. In the "Name" field, type the name you'd like to use for your custom property. The name can't contain spaces.
 1. Optionally, in the "Description" field, fill in a description of your custom property.
-1. Under "Type", select the type of property you'd like to add. This can either be a text string, a single select field, a multi select field, or a true/false boolean.
+1. Under "Type", select the type of property you'd like to add. This can either be a text string{% ifversion ghes < 3.15 %} or a single select field{% else %}, a single select field, a multi select field, or a true/false boolean{% endif %}.
 1. Optionally, you can select **Allow repository actors to set this property**. When enabled, repository users and apps with the repository-level "custom properties" fine-grained permission will be able to set and update the property value for their repository.
 1. Optionally, you can select **Require this property for all repositories** and add a default value. This means that you require that all repositories in your organization have a value for this property. Repositories that don’t have an explicit value for this property will inherit the default value.
 1. Click **Save property**.

content/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization.md

@@ -14,6 +14,12 @@ topics:
 shortTitle: Restrict repository creation
 ---
 
+{% ifversion repo-policy-rules %}
+
+## Setting a blanket policy
+
+{% endif %}
+
 You can choose whether members and {% data variables.product.prodname_github_apps %} can create repositories in your organization. {% ifversion ghec or ghes %}If you allow members and {% data variables.product.prodname_github_apps %} to create repositories, you can choose which types of repositories they can create.{% elsif fpt %}If you allow members and {% data variables.product.prodname_github_apps %} to create repositories, you can choose whether they can create both public and private repositories or public repositories only.{% endif %} Organization owners can always create any type of repository.
 
 {% ifversion fpt %}
@@ -42,3 +48,11 @@ Organization owners can restrict the type of repositories members can create to
    {%- endif %}
 
 1. Click **Save**.
+
+{% ifversion repo-policy-rules %}
+
+## Setting a more flexible policy ({% data variables.release-phases.public_preview %})
+
+{% data reusables.enterprise.repo-policy-rules-more-flexible %}
+
+{% endif %}