Merge branch 'main' into patch3

content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance.md

@@ -96,4 +96,4 @@ If you configure the {% data variables.product.prodname_codeql %} action sync to
 
 If you don't want to use {% data variables.product.prodname_actions %}, you should run {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_cli %}.
 
-The {% data variables.product.prodname_codeql_cli %} is a command-line tool that you use to analyze codebases on any machine, including a third-party CI/CD system. For more information, see "[AUTOTITLE](/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system)."
+The {% data variables.product.prodname_codeql_cli %} is a command-line tool that you use to analyze codebases on any machine, including a third-party CI/CD system. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system)."

content/admin/configuration/configuring-network-settings/changing-the-hostname-for-your-instance.md

@@ -0,0 +1,44 @@
+---
+title: Changing the hostname for your instance
+shortTitle: Change hostname
+intro: "If you want to change the hostname for an existing {% data variables.product.prodname_ghe_server %} instance, you must restore the settings and data to a new instance."
+versions:
+  ghes: '*'
+type: how_to
+topics:
+  - Enterprise
+  - Fundamentals
+  - Infrastructure
+---
+
+## About changes to the hostname for {% data variables.product.product_name %}
+
+If you need to use a new hostname for {% data variables.location.product_location %}, you must back up the existing instance's settings and data, configure a new instance, restore the backup to the new instance, and then adjust your DNS configuration to send traffic to the new instance.
+
+Migration to a new instance requires downtime. The amount of downtime required depends on how much data you need to back up, as well as the speed of the network connection between the backup host and the instances.
+
+In this article, the term "source instance" refers to the instance with the old hostname, and "destination instance" refers to the instance with the new hostname.
+
+{% data reusables.enterprise_installation.changing-hostname-not-supported %}
+
+## Migrating to an instance with a new hostname
+
+1. Configure a destination instance of {% data variables.product.prodname_ghe_server %} with the new hostname you'd like to use. For more information, see the following documentation.
+
+   - "[AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance)"
+   - "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-the-hostname-for-your-instance)"
+1. Inform the instance's users of the scheduled downtime. Optionally, you can create a mandatory message that will appear for all users who sign in. For more information, see "[Customizing user messages for your enterprise](/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise/customizing-user-messages-for-your-enterprise#creating-a-mandatory-message)."
+1. On the source instance, enable maintenance mode. For more information, see "[AUTOTITLE](/admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode#enabling-maintenance-mode-immediately-or-scheduling-a-maintenance-window-for-a-later-time)."
+1. Back up the source instance's data and settings using {% data variables.product.prodname_enterprise_backup_utilities %}. For more information, see "[AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance)."
+1. Restore the backup to the destination instance with the desired hostname. When you run the `ghe-restore` utility, use the `-c` option to overwrite the destination instance's configuration. For more information, see "[AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance)."
+1. Finalize configuration of the destination instance. For more information, see "[AUTOTITLE](/admin/configuration)."
+1. On the destination instance, enable maintenance mode.
+1. Optionally, while the destination instance is in maintenance mode, validate the instance's configuration and verify that user data is intact. For more information, see "[AUTOTITLE](/admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode#validating-changes-in-maintenance-mode-using-the-ip-exception-list)."
+1. To direct traffic to the destination instance, update the DNS `CNAME` record with the source instance's hostname to resolve to the IP address of the destination instance.
+
+   {% note %}
+
+   **Note**: Restored user-generated content in the instance's web application will likely contain URLs that reference the source instance's old hostname. Optionally, to ensure that these links continue to resolve to the destination instance, you can configure a redirect using DNS. In addition to the `CNAME` record that resolves to the new instance's hostname, configure a second DNS `CNAME` record that directs traffic from the original hostname to the new hostname. For more information, see the documentation for your DNS provider.
+
+   {% endnote %}
+1. On the destination instance, disable maintenance mode.

content/admin/configuration/configuring-network-settings/configuring-a-hostname.md → content/admin/configuration/configuring-network-settings/configuring-the-hostname-for-your-instance.md

@@ -1,11 +1,13 @@
 ---
-title: Configuring a hostname
-intro: We recommend setting a hostname for your appliance instead of using a hard-coded IP address.
+title: Configuring the hostname for your instance
+shortTitle: Configure hostname
+intro: "You can provide reliable access to {% data variables.location.product_location %} by assigning a hostname that's accessible over your network."
 redirect_from:
   - /enterprise/admin/guides/installation/configuring-hostnames
   - /enterprise/admin/installation/configuring-a-hostname
   - /enterprise/admin/configuration/configuring-a-hostname
   - /admin/configuration/configuring-a-hostname
+  - /admin/configuration/configuring-network-settings/configuring-a-hostname
 versions:
   ghes: '*'
 type: how_to
@@ -14,17 +16,22 @@ topics:
   - Fundamentals
   - Infrastructure
 ---
-If you configure a hostname instead of a hard-coded IP address, you will be able to change the physical hardware that {% data variables.location.product_location %} runs on without affecting users or client software.
+
+## About the hostname for {% data variables.product.product_name %}
+
+To provide reliable access to {% data variables.location.product_location %} via a known name on the network, you can configure a hostname. If you configure a hostname instead of using a hard-coded IP address, you will be able to change the physical hardware that {% data variables.location.product_location %} runs on without affecting users or client software.
 
 The hostname setting in the {% data variables.enterprise.management_console %} should be set to an appropriate fully qualified domain name (FQDN) which is resolvable on the internet or within your internal network. For example, your hostname setting could be `github.companyname.com.` Web and API requests will automatically redirect to the hostname configured in the {% data variables.enterprise.management_console %}. Note that `localhost` is not a valid hostname setting.
 
 Hostnames must be less than 63 characters in length per [Section 2.3.4 of the Domain Names Specification RFC](https://datatracker.ietf.org/doc/html/rfc1035#section-2.3.4).
 
 After you configure a hostname, you can enable subdomain isolation to further increase the security of {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/enabling-subdomain-isolation)."
 
+{% data variables.product.company_short %} strongly recommends that you do not change the hostname for an existing {% data variables.product.product_name %} instance. Changing the hostname will cause unexpected behavior, up to and including instance outages. Instead, configure a new instance with the desired hostname, and then restore settings and data from the original instance to the new instance.
+
 For more information on the supported hostname types, see [Section 2.1 of the HTTP RFC](https://tools.ietf.org/html/rfc1123#section-2).
 
-{% data reusables.enterprise_installation.changing-hostname-not-supported %}
+## Configuring the hostname
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
@@ -35,3 +42,9 @@ For more information on the supported hostname types, see [Section 2.1 of the HT
 {% data reusables.enterprise_management_console.save-settings %}
 
 To help mitigate various cross-site scripting vulnerabilities, we recommend that you enable subdomain isolation for {% data variables.location.product_location %} after you configure a hostname. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/enabling-subdomain-isolation)."
+
+## Changing the hostname
+
+If you need to change the hostname for {% data variables.location.product_location %}, you must restore a backup of your existing instance to a new instance with the desired hostname. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/changing-the-hostname-for-your-instance)."
+
+{% data reusables.enterprise_installation.changing-hostname-not-supported %}

content/admin/configuration/configuring-network-settings/index.md

@@ -15,7 +15,8 @@ topics:
 children:
   - /configuring-the-ip-address-using-the-virtual-machine-console
   - /configuring-dns-nameservers
-  - /configuring-a-hostname
+  - /configuring-the-hostname-for-your-instance
+  - /changing-the-hostname-for-your-instance
   - /validating-your-domain-settings
   - /configuring-an-outbound-web-proxy-server
   - /configuring-built-in-firewall-rules

content/admin/guides.md

@@ -40,7 +40,8 @@ includeGuides:
   - /admin/identity-and-access-management/using-saml-for-enterprise-iam
   - /admin/administering-your-instance/administering-your-instance-from-the-command-line/accessing-the-administrative-shell-ssh
   - /admin/administering-your-instance/administering-your-instance-from-the-web-ui
-  - /admin/configuration/configuring-network-settings/configuring-a-hostname
+  - /admin/configuration/configuring-network-settings/configuring-the-hostname-for-your-instance
+  - /admin/configuration/configuring-network-settings/changing-the-hostname-for-your-instance
   - /admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance
   - /admin/configuration/configuring-network-settings/configuring-built-in-firewall-rules
   - /admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance

content/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account.md

@@ -1,6 +1,6 @@
 ---
 title: Adding a GPG key to your GitHub account
-intro: 'To configure your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %} to use your new (or existing) GPG key, you''ll also need the key to your account.'
+intro: 'To configure your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %} to use your new (or existing) GPG key, you''ll also need to add the key to your account.'
 redirect_from:
   - /articles/adding-a-gpg-key-to-your-github-account
   - /github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account

content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md

@@ -37,7 +37,7 @@ make sure that you also update the MS short link: https://aka.ms/code-scanning-d
 
 ## About {% data variables.product.prodname_code_scanning %} configuration
 
-You can run {% data variables.product.prodname_code_scanning %} on {% data variables.product.product_name %}, using {% data variables.product.prodname_actions %}, or from your continuous integration (CI) system. For more information, see "[AUTOTITLE](/actions/learn-github-actions)" or "[AUTOTITLE](/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system)."
+You can run {% data variables.product.prodname_code_scanning %} on {% data variables.product.product_name %}, using {% data variables.product.prodname_actions %}, or from your continuous integration (CI) system. For more information, see "[AUTOTITLE](/actions/learn-github-actions)" or "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system)."
 
 {% ifversion code-scanning-without-workflow %}With advanced setup for {% data variables.product.prodname_code_scanning %}, you can customize a {% data variables.product.prodname_code_scanning %} workflow for granular control over your configuration. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)."{% else %}This article is about running {% data variables.product.prodname_code_scanning %} on {% data variables.product.product_name %} using actions.{% endif %}
 

content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/running-codeql-code-scanning-in-a-container.md

@@ -32,7 +32,7 @@ topics:
 
 If you're configuring {% data variables.product.prodname_code_scanning %} for a compiled language, and you're building the code in a containerized environment, the analysis may fail with the error message "No source code was seen during the build." This indicates that {% data variables.product.prodname_codeql %} was unable to monitor your code as it was compiled.
 
-You must run {% data variables.product.prodname_codeql %} inside the container in which you build your code. This applies whether you are using the {% data variables.product.prodname_codeql_cli %} or {% data variables.product.prodname_actions %}. For the {% data variables.product.prodname_codeql_cli %}, see "[AUTOTITLE](/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system)" for more information. If you're using {% data variables.product.prodname_actions %}, configure your workflow to run all the actions in the same container. For more information, see "[Example workflow](#example-workflow)."
+You must run {% data variables.product.prodname_codeql %} inside the container in which you build your code. This applies whether you are using the {% data variables.product.prodname_codeql_cli %} or {% data variables.product.prodname_actions %}. For the {% data variables.product.prodname_codeql_cli %}, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system)" for more information. If you're using {% data variables.product.prodname_actions %}, configure your workflow to run all the actions in the same container. For more information, see "[Example workflow](#example-workflow)."
 
 {% note %}
 

content/code-security/code-scanning/index.md

@@ -24,7 +24,6 @@ children:
   - /managing-code-scanning-alerts
   - /managing-your-code-scanning-configuration
   - /integrating-with-code-scanning
-  - /using-codeql-code-scanning-with-your-existing-ci-system
   - /troubleshooting-code-scanning
   - /troubleshooting-sarif-uploads
 ---

content/code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning.md

@@ -21,13 +21,12 @@ topics:
   - Integration
 ---
 
+## About integration with code scanning
 
 {% data reusables.code-scanning.beta %}
 {% data reusables.code-scanning.enterprise-enable-code-scanning %}
 
-As an alternative to running {% data variables.product.prodname_code_scanning %} within {% data variables.product.prodname_dotcom %}, you can perform analysis elsewhere and then upload the results. Alerts for {% data variables.product.prodname_code_scanning %} that you run externally are displayed in the same way as those for  {% data variables.product.prodname_code_scanning %} that you run within {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
-
-If you use a third-party static analysis tool that can produce results as Static Analysis Results Interchange Format (SARIF) 2.1.0 data, you can upload this to {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github)."
+As an alternative to running {% data variables.product.prodname_code_scanning %} within {% data variables.product.prodname_dotcom %}, you can perform analysis elsewhere, using the CodeQL CLI or another static analysis tool, and then upload the results. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system)."
 
 {% data reusables.code-scanning.about-multiple-configurations-link %}
 
@@ -38,5 +37,5 @@ You can use {% data variables.product.prodname_code_scanning %} webhooks to buil
 ## Further reading
 
 - "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning)"
-- "[AUTOTITLE](/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system)"
+- "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system)"
 - "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning)"

content/code-security/code-scanning/integrating-with-code-scanning/index.md

@@ -18,6 +18,7 @@ topics:
   - Integration
 children:
   - /about-integration-with-code-scanning
+  - /using-code-scanning-with-your-existing-ci-system
   - /uploading-a-sarif-file-to-github
   - /sarif-support-for-code-scanning
 ---