Merge branch 'main' into patch-2

nguyenalex836 · web-flow · commit def03d8bca7f · 2024-11-20T08:07:04.000-08:00
diff --git a/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md
@@ -297,7 +297,8 @@ To help improve security, compliance, and standardization, you can customize the
 Customizing the claims results in a new format for the entire `sub` claim, which replaces the default predefined `sub` format in the token described in "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#example-subject-claims)."
 
 > [!NOTE]
-> The `sub` claim uses the shortened form `repo` (for example, `repo:ORG-NAME/REPO-NAME`) instead of `repository` to reference the repository.
+> The `sub` claim uses the shortened form `repo` (for example, `repo:ORG-NAME/REPO-NAME`) instead of `repository` to reference the repository. {% ifversion fpt or ghec or ghes > 3.15 %}
+> Any `:` within the context value will be replaced with `%3A`. {% endif %}
 
 The following example templates demonstrate various ways to customize the subject claim. To configure these settings on {% data variables.product.prodname_dotcom %}, admins use the REST API to specify a list of claims that must be included in the subject (`sub`) claim.
 
@@ -420,6 +421,26 @@ or:
 
 In your cloud provider's OIDC configuration, configure the `sub` condition to require a `repository_owner_id` claim that matches the required value.
 
+{% ifversion fpt or ghec or ghes > 3.15 %}
+
+#### Example: Context value with `:`
+
+This example demonstrates how to handle context value with `:`. For example, when the job references an environment named `production:eastus`.
+
+{% data reusables.actions.use-request-body-api %}
+
+```json
+{
+   "include_claim_keys": [
+       "environment",
+       "repository_owner"
+   ]
+}
+```
+
+In your cloud provider's OIDC configuration, configure the `sub` condition to require that claims must include a specific value for `environment` and `repository_owner`. For example: `"sub": "environment:production%3Aeastus:repository_owner:octo-org"`.
+{% endif %}
+
 #### Resetting organization template customizations
 
 This example template resets the subject claims to the default format. This template effectively opts out of any organization-level customization policy.
diff --git a/data/release-notes/enterprise-server/3-14/2.yml b/data/release-notes/enterprise-server/3-14/2.yml
@@ -82,3 +82,9 @@ sections:
       {% data reusables.release-notes.2024-11-ghe-repl-promote-primary-down %}
 
       [Updated: 2024-11-13]
+      
+  deprecations:
+    - |
+      The option to "copy Storage settings from Actions" in the Management Console ("GitHub Packages" > "Packages Storage Settings") has been removed. [Updated: 2024-11-20]
+      
+  
diff --git a/data/release-notes/enterprise-server/3-15/0-rc1.yml b/data/release-notes/enterprise-server/3-15/0-rc1.yml
@@ -226,6 +226,8 @@ sections:
     # https://github.com/github/releases/issues/4878
     - |
       The Management Console API has been removed. The Manage GHES API reached feature parity with the Management Console API in {% data variables.product.prodname_ghe_server %} version 3.12. For information about the Manage GHES API, see "[AUTOTITLE](/rest/enterprise-admin/manage-ghes)."
+    - |
+      The option to "copy Storage settings from Actions" in the Management Console ("GitHub Packages" > "Packages Storage Settings") has been removed. [Updated: 2024-11-20]
 
   errata:
     # https://github.com/github/docs-content/issues/16489
diff --git a/data/reusables/code-scanning/run-additional-queries.md b/data/reusables/code-scanning/run-additional-queries.md
@@ -1,10 +1,7 @@
 When you use {% data variables.product.prodname_codeql %} to scan code, the {% data variables.product.prodname_codeql %} analysis engine generates a database from the code and runs queries on it. {% data variables.product.prodname_codeql %} analysis uses a default set of queries, but you can specify more queries to run, in addition to the default queries.
 
-{% tip %}
-
-You can also specify the queries you want to exclude from analysis, or include in the analysis. This requires the use of a custom configuration file. For more information, see "[Using a custom configuration file](#using-a-custom-configuration-file)" and "[Excluding specific queries from analysis](#excluding-specific-queries-from-analysis)" below.
-
-{% endtip %}
+> [!TIP]
+> You can also specify the queries you want to exclude from analysis, or include in the analysis. This requires the use of a custom configuration file. For more information, see "[Using a custom configuration file](#using-a-custom-configuration-file)" and "[Excluding specific queries from analysis](#excluding-specific-queries-from-analysis)" below.
 
 You can run extra queries if they are part of a {% data variables.product.prodname_codeql %} pack published to the {% data variables.product.company_short %} {% data variables.product.prodname_container_registry %} or a {% data variables.product.prodname_codeql %} pack stored in a repository. For more information, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql-queries)."
 
