-
Notifications
You must be signed in to change notification settings - Fork 61.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[DO NOT MERGE] Megabranch GHEC onboarding (#53607)
Co-authored-by: Kevin Heis <[email protected]> Co-authored-by: Rachael Rose Renk <[email protected]> Co-authored-by: Isaac Brown <[email protected]> Co-authored-by: Copilot <[email protected]> Co-authored-by: Felicity Chapman <[email protected]> Co-authored-by: mchammer01 <[email protected]> Co-authored-by: isaacmbrown <[email protected]> Co-authored-by: Hirsch Singhal <[email protected]>
- Loading branch information
9 people
authored
Feb 20, 2025
1 parent
eed068d
commit a4b6f73
Showing
33 changed files
with
1,852 additions
and
0 deletions.
There are no files selected for viewing
39 changes: 39 additions & 0 deletions
39
...nterprise-onboarding/feature-enhancements/about-access-permissions-on-github.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| --- | ||
| title: About access permissions on GitHub | ||
| intro: 'Learn about roles, and how you can control who has access to your enterprise''s resources and the level of access each person has.' | ||
| versions: | ||
| ghec: '*' | ||
| type: overview | ||
| topics: | ||
| - Enterprise | ||
| shortTitle: Access permissions | ||
| --- | ||
|
|
||
| ## About access permissions on {% data variables.product.github %} | ||
|
|
||
| {% data reusables.organizations.about-roles %} | ||
|
|
||
| Roles work differently for different types of accounts. For more information about accounts, see [AUTOTITLE](/get-started/learning-about-github/types-of-github-accounts). | ||
|
|
||
| ## Personal accounts | ||
|
|
||
| A repository owned by a personal account has two permission levels: the **repository owner** and **collaborators**. See [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/permission-levels-for-a-personal-account-repository). | ||
|
|
||
| ## Organization accounts | ||
|
|
||
| Organization members can have **owner**, **billing manager**, or **member** roles. Owners have complete administrative access to your organization, while billing managers can manage billing settings. Member is the default role for everyone else. You can manage access permissions for multiple members at a time with teams. For more information, see: | ||
| * [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization) | ||
| * [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization) | ||
| * [AUTOTITLE](/organizations/organizing-members-into-teams/about-teams) | ||
|
|
||
| ## Enterprise accounts | ||
|
|
||
| _Enterprise owners_ have ultimate power over the enterprise account and can take every action in the enterprise account. _Billing managers_ can manage your enterprise account's billing settings. Members and outside collaborators of organizations owned by your enterprise account are automatically members of the enterprise account, although they have no access to the enterprise account itself or its settings. | ||
|
|
||
| Enterprise owners cannot access organization content or repositories unless they are explicitly granted a role in the organization. However, enterprise owners can manage enterprise settings and policies that impact an organization in the enterprise. For more information, see [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise). | ||
|
|
||
| If an enterprise uses {% data variables.product.prodname_emus %}, members are provisioned as new personal accounts on {% data variables.product.github %} and are fully managed by the identity provider. The {% data variables.enterprise.prodname_managed_users %} have read-only access to repositories that are not a part of their enterprise and cannot interact with users that are not also members of the enterprise. Within the organizations owned by the enterprise, the {% data variables.enterprise.prodname_managed_users %} can be granted the same granular access levels available for regular organizations. For more information, see [AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users). | ||
|
|
||
| ## Next steps | ||
|
|
||
| Next, learn about how you can use rulesets to manage how people interact with your enterprise's repositories. See [AUTOTITLE](/enterprise-onboarding/feature-enhancements/about-rulesets). |
19 changes: 19 additions & 0 deletions
19
...rise-onboarding/feature-enhancements/about-code-security-for-your-enterprise.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| --- | ||
| title: 'About security for your enterprise' | ||
| shortTitle: 'About enterprise security' | ||
| intro: 'Learn about the security features available to your enterprise.' | ||
| versions: | ||
| ghec: '*' | ||
| allowTitleToDifferFromFilename: true | ||
| type: overview | ||
| topics: | ||
| - Enterprise | ||
| - Set up | ||
| - Security | ||
| --- | ||
|
|
||
| {% data variables.product.prodname_dotcom %} has many features that help you improve and maintain the quality of your code. Some of these are included in all plans, such as dependency graph and {% data variables.product.prodname_dependabot_alerts %}. Other security features require a {% data variables.product.prodname_GH_advanced_security %} (GHAS) license to run on repositories apart from public repositories on {% data variables.product.prodname_dotcom_the_website %}. | ||
|
|
||
| To learn about the security features available to your enterprise, see [AUTOTITLE](/code-security). | ||
|
|
||
| To learn about the extra security features available with a {% data variables.product.prodname_GH_advanced_security %} license, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security). |
63 changes: 63 additions & 0 deletions
63
content/enterprise-onboarding/feature-enhancements/about-rulesets.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| --- | ||
| title: About rulesets | ||
| intro: 'Learn how you can use rulesets to control how people interact with pushes, branches, and tags in repositories.' | ||
| versions: | ||
| ghec: '*' | ||
| type: overview | ||
| topics: | ||
| - Enterprise | ||
| shortTitle: Rulesets | ||
| --- | ||
|
|
||
| ## About rulesets | ||
|
|
||
| A ruleset is a named list of rules that applies to a repository, or to multiple repositories in an organization. You can have up to 75 rulesets per repository, and 75 organization-wide rulesets. | ||
|
|
||
| When you create a ruleset, you can allow certain users to bypass the rules in the ruleset. This can be users with a certain role, such as repository administrator, or it can be specific teams or {% data variables.product.prodname_github_apps %}. For more information about granting bypass permissions, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-ruleset). | ||
|
|
||
| For organizations on the {% data variables.product.prodname_enterprise %} plan, you can set up rulesets at the enterprise or organization level to target multiple repositories in your organization. See [AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization). | ||
|
|
||
| You can use rulesets to target branches or tags in a repository or to block pushes to a repository and the repository's entire fork network. | ||
|
|
||
| {% data reusables.repositories.about-push-rule-delegated-bypass %} | ||
|
|
||
| ### Branch and tag rulesets | ||
|
|
||
| You can create rulesets to control how people can interact with selected branches and tags in a repository. You can control things like who can push commits to a certain branch and how the commits must be formatted, or who can delete or rename a tag. For example, you could set up a ruleset for your repository's `feature` branch that requires signed commits and blocks force pushes for all users except repository administrators. | ||
|
|
||
| For each ruleset you create, you specify which branches or tags in your repository, or which repositories in your organization, the ruleset applies to. You can use `fnmatch` syntax to define a pattern to target specific branches, tags, and repositories. For example, you could use the pattern `releases/**/*` to target all branches in your repository whose name starts with the string `releases/`. For more information on `fnmatch` syntax, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#using-fnmatch-syntax). | ||
|
|
||
| ### Push rulesets | ||
|
|
||
| {% data reusables.repositories.push-rulesets-overview %} | ||
|
|
||
| ## About rulesets and protected branches | ||
|
|
||
| Rulesets work alongside any branch protection rules in a repository. Many of the rules you can define in rulesets are similar to protection rules, and you can start using rulesets without overriding any of your existing protection rules. | ||
|
|
||
| Rulesets have the following advantages over branch protection rules. | ||
|
|
||
| * Unlike protection rules, multiple rulesets can apply at the same time, so you can be confident that every rule targeting a branch in your repository will be evaluated when someone interacts with that branch. See [About rule layering](#about-rule-layering). | ||
| * Rulesets have statuses, so you can easily manage which rulesets are active in a repository without needing to delete rulesets. | ||
| * Anyone with read access to a repository can view the active rulesets for the repository. This means a developer can understand why they have hit a rule, or an auditor can check the security constraints for the repository, without requiring admin access to the repository. | ||
| * You can create additional rules to control the metadata of commits entering a repository, such as the commit message and the author's email address. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#metadata-restrictions)." | ||
|
|
||
| ## Using ruleset enforcement statuses | ||
|
|
||
| {% data reusables.repositories.rulesets-about-enforcement-statuses %} | ||
|
|
||
| ## About rule layering | ||
|
|
||
| A ruleset does not have a priority. Instead, if multiple rulesets target the same branch or tag in a repository, the rules in each of these rulesets are aggregated. If the same rule is defined in different ways across the aggregated rulesets, the most restrictive version of the rule applies. As well as layering with each other, rulesets also layer with protection rules targeting the same branch or tag. | ||
|
|
||
| For example, consider the following situation for the `my-feature` branch of the `octo-org/octo-repo` repository. | ||
|
|
||
| * An administrator of the repository has set up a ruleset targeting the `my-feature` branch. This ruleset requires signed commits, and three reviews on pull requests before they can be merged. | ||
| * An existing branch protection rule for the `my-feature` branch requires a linear commit history, and two reviews on pull requests before they can be merged. | ||
| * An administrator of the `octo-org` organization has also set up a ruleset targeting the `my-feature` branch of the `octo-repo` repository. The ruleset blocks force pushes, and requires one review on pull requests before they can be merged. | ||
|
|
||
| The rules from each source are aggregated, and all rules apply. Where multiple different versions of the same rule exist, the result is that the most restrictive version of the rule applies. Therefore, the `my-feature` branch requires signed commits and a linear commit history, force pushes are blocked, and pull requests targeting the branch will require three reviews before they can be merged. | ||
|
|
||
| ## Next steps | ||
|
|
||
| Next, learn how to communicate important information with members of your enterprise using READMEs. See [AUTOTITLE](/enterprise-onboarding/feature-enhancements/create-a-readme-for-your-enterprise). |
36 changes: 36 additions & 0 deletions
36
...rise-onboarding/feature-enhancements/about-the-audit-log-for-your-enterprise.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| --- | ||
| title: About the audit log for your enterprise | ||
| intro: 'Learn how to use the audit log to monitor activity in your enterprise.' | ||
| versions: | ||
| ghec: '*' | ||
| type: overview | ||
| topics: | ||
| - Enterprise | ||
| shortTitle: Audit log | ||
| --- | ||
|
|
||
| ## About audit logs | ||
|
|
||
| {% data reusables.audit_log.audit-log-search-list-info-about-action %} | ||
|
|
||
| {% data reusables.audit_log.retention-periods %} | ||
|
|
||
| In addition to viewing your audit log, you can monitor activity in your enterprise in other ways, such as managing global webhooks. Webhooks provide a way for GitHub to notify your server when specific events occur for a repository, organization, or enterprise. Compared to the API or searching the audit log, webhooks can be more efficient if you just want to learn and possibly log when certain events occur on your enterprise, organization, or repository. See [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/managing-global-webhooks). | ||
|
|
||
| You can also use the audit log, and other tools, to monitor the actions taken in response to security alerts. For more information, see [AUTOTITLE](/code-security/getting-started/auditing-security-alerts). | ||
|
|
||
| ## Using your audit logs | ||
|
|
||
| As an enterprise owner, you can interact with the audit log data for your enterprise in several ways: | ||
| * You can view the audit log for your enterprise. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise). | ||
| * You can search the audit log for specific events and export audit log data. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise) and [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise). | ||
| * You can identify all events that were performed by a specific access token. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token). | ||
| * You can display the IP address associated with events in the audit log. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/displaying-ip-addresses-in-the-audit-log-for-your-enterprise). | ||
| * You can stream audit and Git events data from {% data variables.product.prodname_dotcom %} to an external data management system. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise). | ||
| * You can use the Audit log API to view actions performed in your enterprise. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise). | ||
|
|
||
| For a full list of audit log actions that may appear in your enterprise audit log, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise). | ||
|
|
||
| ## Next steps | ||
|
|
||
| Next, learn how to control who has access to your enterprise's resources using roles. See [AUTOTITLE](/enterprise-onboarding/feature-enhancements/about-access-permissions-on-github). |
33 changes: 33 additions & 0 deletions
33
...terprise-onboarding/feature-enhancements/create-a-readme-for-your-enterprise.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| --- | ||
| title: Create a README for your enterprise | ||
| intro: 'You can create a README to communicate important information and resources with members in your enterprise.' | ||
| versions: | ||
| ghec: '*' | ||
| type: how_to | ||
| topics: | ||
| - Enterprise | ||
| shortTitle: Create a README | ||
| --- | ||
|
|
||
| ## About READMEs for enterprises | ||
|
|
||
| {% data reusables.enterprise.about-readmes %} | ||
|
|
||
| The README is displayed on the enterprise's "Overview" page, which is the landing page you see when you navigate to the enterprise. This page is only visible to members of the enterprise. | ||
|
|
||
| You can also create READMEs for organizations in your enterprise, visible either publicly or only to members. For more information, see [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile). | ||
|
|
||
| ## Creating a README for an enterprise | ||
|
|
||
| {% data reusables.enterprise-accounts.access-enterprise %} | ||
| 1. On the "Overview" page, click **Create README**. If a README is already present on the page, click **Edit**. | ||
| 1. Write the content for your README. You can use Markdown to format the content, such as adding headings, images, and lists. For more information, see [AUTOTITLE](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax). | ||
|
|
||
| >[!NOTE] You can only link to publicly hosted images in your README. You cannot upload an image to your README, or link to an image from a private repository. | ||
| 1. Click **Save**. | ||
|
|
||
| ## Further reading | ||
|
|
||
| * [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes) | ||
| * [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/managing-your-profile-readme) |
15 changes: 15 additions & 0 deletions
15
content/enterprise-onboarding/feature-enhancements/index.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| --- | ||
| title: Feature enhancements | ||
| intro: 'Take advantage of features available in {% data variables.product.prodname_ghe_cloud %}.' | ||
| versions: | ||
| ghec: '*' | ||
| topics: | ||
| - Enterprise | ||
| shortTitle: Feature enhancements | ||
| children: | ||
| - /about-the-audit-log-for-your-enterprise | ||
| - /about-access-permissions-on-github | ||
| - /about-rulesets | ||
| - /create-a-readme-for-your-enterprise | ||
| - /about-code-security-for-your-enterprise | ||
| --- |
44 changes: 44 additions & 0 deletions
44
...ise-onboarding/getting-started-with-your-enterprise/about-enterprise-billing.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| --- | ||
| title: About enterprise billing | ||
| intro: 'Learn about billing for {% data variables.product.prodname_ghe_cloud %}.' | ||
| versions: | ||
| ghec: '*' | ||
| type: overview | ||
| topics: | ||
| - Accounts | ||
| - Enterprise | ||
| shortTitle: Enterprise billing | ||
| --- | ||
|
|
||
| ## About billing for your enterprise | ||
|
|
||
| With {% data variables.product.prodname_ghe_cloud %}, your enterprise account is the central point for all billing within your enterprise, including the organizations that your enterprise owns. Users with the **enterprise owner** or **billing manager** role can view and manage billing settings for the enterprise. | ||
|
|
||
| To pay {% data variables.product.company_short %}, you will add a payment method to your enterprise account. This can be a credit card, PayPal, or a Microsoft Azure subscription. | ||
|
|
||
| If you created your enterprise account with help from {% data variables.product.company_short %}'s Sales team, you may have agreed to pay by invoice. Each invoice includes a single charge for all of your paid {% data variables.product.prodname_ghe_cloud %} services and any {% data variables.product.prodname_ghe_server %} instances. | ||
|
|
||
| As a new enterprise, you will be on {% data variables.product.company_short %}'s new billing platform, which allows you to estimate spending, create cost centers to track expenses across business units, and pay flexibly for the licenses you need. | ||
|
|
||
| ## What is included in my bill? | ||
|
|
||
| Each month, you will be billed for: | ||
|
|
||
| * The number of {% data variables.product.prodname_enterprise %} licenses you use, determined by the number of unique users in your enterprise | ||
| * Any usage of features like {% data variables.product.prodname_actions %} or {% data variables.product.prodname_github_codespaces %}, beyond the allowances included in your {% data variables.product.prodname_enterprise %} plan | ||
| * Any extra features you purchase, such as {% data variables.product.prodname_copilot %} or {% data variables.product.prodname_GH_advanced_security %} licenses | ||
|
|
||
| For prices and monthly allowances, see {% data variables.product.pricing_link %}. | ||
|
|
||
| ## Adding a payment method | ||
|
|
||
| To pay for licenses and services, you can use a credit card, PayPal, or a Microsoft Azure subscription. For instructions, see [AUTOTITLE](/billing/using-the-new-billing-platform/managing-your-payment-and-billing-information). | ||
|
|
||
| ## Next steps | ||
|
|
||
| * To learn more about options for managing billing, see [AUTOTITLE](/billing/using-the-new-billing-platform/about-the-new-billing-platform). | ||
| * To get started with migrating data to your enterprise, see [AUTOTITLE](/enterprise-onboarding/getting-started-with-your-enterprise/about-migrating-to-github-enterprise-cloud). | ||
|
|
||
| ## Next steps | ||
|
|
||
| Next, learn about migrating your current solution to {% data variables.product.prodname_ghe_cloud %}. See [AUTOTITLE](/enterprise-onboarding/getting-started-with-your-enterprise/about-migrating-to-github-enterprise-cloud). |
Oops, something went wrong.