Merge branch 'main' into ramyaparimi-updated-instructions

whatdon · Jul 2, 2021 · 6a4a2bb · 6a4a2bb
2 parents 1114681 + abe3013
commit 6a4a2bb
Show file tree

Hide file tree

Showing 30 changed files with 169 additions and 282 deletions.
diff --git a/assets/images/help/repository/secret-scanning-create-custom-pattern.png b/assets/images/help/repository/secret-scanning-create-custom-pattern.png
diff --git a/content/actions/managing-workflow-runs/adding-a-workflow-status-badge.md b/content/actions/managing-workflow-runs/adding-a-workflow-status-badge.md
@@ -17,8 +17,8 @@ shortTitle: Add a status badge
 
 You reference the workflow by the name of your workflow file.
 
-```
-https://github.com/<OWNER>/<REPOSITORY>/actions/workflows/<WORKFLOW_FILE>/badge.svg
+```markdown
+![example workflow](https://github.com/<OWNER>/<REPOSITORY>/actions/workflows/<WORKFLOW_FILE>/badge.svg)
 ```
 ## Using the workflow file name
 

diff --git a/content/actions/reference/workflow-syntax-for-github-actions.md b/content/actions/reference/workflow-syntax-for-github-actions.md
@@ -1320,7 +1320,7 @@ You can use special characters in path, branch, and tag filters.
 
 - `*`: Matches zero or more characters, but does not match the `/` character. For example, `Octo*` matches `Octocat`.
 - `**`: Matches zero or more of any character.
-- `?`: Matches zero or one single character. For example, `Octoc?t` matches `Octocat`.
+- `?`: Matches zero or one of the preceding character.
 - `+`: Matches one or more of the preceding character.
 - `[]` Matches one character listed in the brackets or included in ranges. Ranges can only include `a-z`, `A-Z`, and `0-9`. For example, the range`[0-9a-z]` matches any digit or lowercase letter. For example, `[CB]at` matches `Cat` or `Bat` and `[1-2]00` matches `100` and `200`.
 - `!`: At the start of a pattern makes it negate previous positive patterns. It has no special meaning if not the first character.

diff --git a/...your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow.md b/...your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow.md
@@ -152,6 +152,39 @@ On very large projects, {% data variables.product.prodname_codeql %} may run out
 {% ifversion fpt %}If you encounter this issue on a hosted {% data variables.product.prodname_actions %} runner, contact {% data variables.contact.contact_support %} so that we can investigate the problem.
 {% else %}If you encounter this issue, try increasing the memory on the runner.{% endif %}
 
+{% ifversion fpt %}
+## Error: 403 "Resource not accessible by integration" when using {% data variables.product.prodname_dependabot %}
+
+{% data variables.product.prodname_dependabot %} is considered untrusted when it triggers a workflow run, and the workflow will run with read-only scopes. Uploading {% data variables.product.prodname_code_scanning %} results for a branch usually requires the `security_events: write` scope. However, {% data variables.product.prodname_code_scanning %} always allows the uploading of results when the `pull_request` event triggers the action run. This is why, for {% data variables.product.prodname_dependabot %} branches, we recommend you use the `pull_request` event instead of the `push` event.
+
+A simple approach is to run on pushes to the default branch and any other important long-running branches, as well as pull requests opened against this set of branches:
+```yaml
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+```
+An alternative approach is to run on all pushes except for {% data variables.product.prodname_dependabot %} branches:
+```yaml
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+  pull_request:
+```
+
+### Analysis still failing on the default branch
+
+If the {% data variables.product.prodname_codeql_workflow %} still fails on a commit made on the default branch, you need to check:
+- whether {% data variables.product.prodname_dependabot %} authored the commit
+- whether the pull request that includes the commit has been merged using `@dependabot squash and merge`
+
+This type of merge commit is authored by {% data variables.product.prodname_dependabot %} and therefore, any workflows running on the commit will have read-only permissions. If you enabled {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} security updates or version updates on your repository, we recommend you avoid using the {% data variables.product.prodname_dependabot %} `@dependabot squash and merge` command. Instead, you can enable auto-merge for your repository. This means that pull requests will be automatically merged when all required reviews are met and status checks have passed. For more information about enabling auto-merge, see "[Automatically merging a pull request](/github/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request#enabling-auto-merge)."
+{% endif %}
+
 ## Warning: "git checkout HEAD^2 is no longer necessary"
 
 If you're using an old {% data variables.product.prodname_codeql %} workflow you may get the following warning in the output from the "Initialize {% data variables.product.prodname_codeql %}" action:

diff --git a/...ise-account/about-identity-and-access-management-for-your-enterprise-account.md b/...ise-account/about-identity-and-access-management-for-your-enterprise-account.md
@@ -14,9 +14,7 @@ shortTitle: IAM for your enterprise
 
 {% data reusables.saml.dotcom-saml-explanation %} {% data reusables.saml.about-saml-enterprise-accounts %} For more information, see "[Enabling SAML single sign-on for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
 
-After you enable SAML SSO, depending on the IdP you use, you may be able to enable additional identity and access management features.
-
-{% data reusables.saml.about-user-provisioning-enterprise-account %} For more information, see "[About user provisioning for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/about-user-provisioning-for-organizations-in-your-enterprise-account)."
+After you enable SAML SSO, depending on the IdP you use, you may be able to enable additional identity and access management features. {% data reusables.scim.enterprise-account-scim %}
 
 If you use Azure AD as your IDP, you can use team synchronization to manage team membership within each organization. {% data reusables.identity-and-permissions.about-team-sync %} For more information, see "[Managing team synchronization for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise-account)."
 
@@ -28,7 +26,6 @@ IdP | SAML | User provisioning | Team synchronization |
 --- | :--: | :---------------: | :-------: |
 Active Directory Federation Services (AD FS) | {% octicon "check-circle-fill" aria-label= "The check icon" %} | | |
 Azure Active Directory (Azure AD) | {% octicon "check-circle-fill" aria-label="The check icon" %} | | {% octicon "check-circle-fill" aria-label="The check icon" %} |
-Okta | {% octicon "check-circle-fill" aria-label="The check icon" %} | {% octicon "check-circle-fill" aria-label= "The check icon" %} [<sup>Beta</sup>](/github/setting-up-and-managing-your-enterprise/about-user-provisioning-for-organizations-in-your-enterprise-account) | |
 OneLogin | {% octicon "check-circle-fill" aria-label="The check icon" %} | | |
 PingOne | {% octicon "check-circle-fill" aria-label="The check icon" %} | | |
 Shibboleth | {% octicon "check-circle-fill" aria-label="The check icon" %} | | |
diff --git a/...account/about-user-provisioning-for-organizations-in-your-enterprise-account.md b/...account/about-user-provisioning-for-organizations-in-your-enterprise-account.md
diff --git a/...figuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta.md b/...figuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta.md