diff --git a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md index c8c024f983ad..9841a0d84a40 100644 --- a/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md +++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md @@ -39,7 +39,7 @@ To configure the OIDC identity provider in GCP, you will need to perform the fol Additional guidance for configuring the identity provider: -* For security hardening, make sure you've reviewed "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-oidc-trust-with-the-cloud)." For an example, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-subject-in-your-cloud-provider)." +* For security hardening, make sure you've reviewed "[Configuring the OIDC trust with the cloud](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-oidc-trust-with-the-cloud)." For an example, see "[Configuring the subject in your cloud provider](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-subject-in-your-cloud-provider)." * For the service account to be available for configuration, it needs to be assigned to the `roles/iam.workloadIdentityUser` role. For more information, see [the GCP documentation](https://cloud.google.com/iam/docs/workload-identity-federation?_ga=2.114275588.-285296507.1634918453#conditions). * The Issuer URL to use: {% ifversion ghes %}`https://HOSTNAME/_services/token`{% else %}`https://token.actions.githubusercontent.com`{% endif %} diff --git a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md index d7282e98e86c..4dc2a594ad26 100644 --- a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md +++ b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md @@ -1,6 +1,6 @@ --- title: Removing sensitive data from a repository -intro: 'If you commit sensitive data into a Git repository, you can remove it from the history.' +intro: 'Sensitive data can be removed from the history of a repository _if_ you can carefully coordinate with everyone who has cloned it and you are willing to manage the side effects.' redirect_from: - /remove-sensitive-data - /removing-sensitive-data @@ -20,21 +20,39 @@ shortTitle: Remove sensitive data ## About removing sensitive data from a repository -When altering your repository's history using tools like `git filter-repo` or the BFG Repo-Cleaner, it's crucial to understand the implications, especially regarding open pull requests and sensitive data. +When altering your repository's history using tools like `git filter-repo`, it's crucial to understand the implications. Rewriting history requires careful coordination with collaborators to successfully execute, and has a number of side effects that must be managed. -The `git filter-repo` tool and the BFG Repo-Cleaner rewrite your repository's history, which changes the SHAs for existing commits that you alter and any dependent commits. Changed commit SHAs may affect open pull requests in your repository. We recommend merging or closing all open pull requests before removing files from your repository. +It is important to note that if the sensitive data you need to remove is a secret (e.g. password/token/credential), as is often the case, then as a first step you need to revoke and/or rotate that secret. Once the secret is revoked or rotated, it can no longer be used for access, and that may be sufficient to solve your problem. Going through the extra steps to rewrite the history and remove the secret may not be warranted. -You can remove the file from the latest commit with `git rm`. For information on removing a file that was added with the latest commit, see "[AUTOTITLE](/repositories/working-with-files/managing-large-files/about-large-files-on-github#removing-files-from-a-repositorys-history)." +## Side effects of rewriting history + +There are numerous side effects to rewriting history; these include: + + * **High risk of recontamination**: It is unfortunately easy to re-push the sensitive data to the repository and make a bigger mess. If a fellow developer has a clone from before your rewrite, and after your rewrite simply runs `git pull` followed by `git push`, the sensitive data will return. They need to either discard their clone and re-clone, or carefully walk through multiple steps to clean up their clone first. + * **Risk of losing other developers' work**: If other developers continue updating branches which contain the sensitive data while you are trying to clean up, you will be forced to either redo the cleanup, or to discard their work. + * **Changed commit hashes**: Rewriting history will change the hashes of the commits that introduced the sensitive data _and_ all commits that came after. Any tooling or automation that depends on commit hashes not changing will be broken or have problems. + * **Branch protection challenges**: If you have any branch protections that prevent force pushes, those protections will have to be turned off (at least temporarily) for the sensitive data to be removed. + * **Broken diff view for closed pull requests**: Removing the sensitive data will require removing the internal references used for displaying the diff view in pull requests, so you will no longer be able to see these diffs. This is true not only for the PR that introduced the sensitive data, but any PR that builds on a version of history after the sensitive data PR was merged (even if those later PRs didn't add or modify any file with sensitive data). + * **Poor interaction with open pull requests**: Changed commit SHAs will result in a different PR diff, and comments on the old PR diff may become invalidated and lost, which may cause confusion for authors and reviewers. We recommend merging or closing all open pull requests before removing files from your repository. + * **Lost signatures on commits and tags**: Signatures for commits or tags depend on commit hashes; since commit hashes are modified by history rewrites, signatures would no longer be valid and many history rewriting tools (including `git filter-repo`) will simply remove the signatures. In fact, `git filter-repo` will remove commit signatures and tag signatures for commits that pre-date the sensitive data removal as well. (Technically one can workaround this with the `--refs` option to `git filter-repo` if needed, but then you will need to be careful to ensure you specify all refs that have sensitive data in their history and that include the commits that introduced the sensitive data in your range). + * **Leading others directly to the sensitive data**: Git was designed with cryptographic checks built into commit identifiers so that nefarious individuals could not break into a server and modify history without being noticed. That's helpful from a security perspective, but from a sensitive data perspective it means that expunging sensitive data is a very involved process of coordination; it further means that when you do modify history, clueful users with an existing clone will notice the history divergence and can use it to quickly and easily find the sensitive data still in their clone that you removed from the central repository. ## About sensitive data exposure -This article tells you how to make commits with sensitive data unreachable from any branches or tags in your repository on {% data variables.location.product_location %}. However, those commits may still be accessible elsewhere: +Removing sensitive data from a repository involves four high-level steps: + + * Rewrite the repository locally, using git-filter-repo + * Update the repository on GitHub, using your locally rewritten history + * Coordinate with colleagues to clean up other clones that exist + * Prevent repeats and avoid future sensitive data spills + +If you only rewrite your history and force push it, the commits with sensitive data may still be accessible elsewhere: * In any clones or forks of your repository * Directly via their SHA-1 hashes in cached views on {% data variables.product.product_name %} * Through any pull requests that reference them -You cannot remove sensitive data from other users' clones of your repository, but you can permanently remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %} by contacting {% data variables.contact.contact_support %}. +You cannot remove sensitive data from other users' clones of your repository; you will have to send them the instructions from [Make sure other copies are cleaned up: clones of colleagues](https://htmlpreview.github.io/?https://github.com/newren/git-filter-repo/blob/docs/html/git-filter-repo.html#_make_sure_other_copies_are_cleaned_up_clones_of_colleagues) in the `git filter-repo` manual to have them do so themselves. However, you can permanently remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %} by contacting {% data variables.contact.contact_support %}. {% ifversion fpt or ghec %} @@ -42,49 +60,13 @@ You cannot remove sensitive data from other users' clones of your repository, bu {% endif %} -Once you have pushed a commit to {% data variables.product.product_name %}, you should consider any sensitive data in the commit compromised. If you have committed a password, you should change it. If you have committed a key, generate a new one. - If the commit that introduced the sensitive data exists in any forks, it will continue to be accessible there. You will need to coordinate with the owners of the forks, asking them to remove the sensitive data or delete the fork entirely. {% ifversion fpt or ghec %}{% data variables.product.company_short %} cannot provide contact information for these owners. {% endif %} Consider these limitations and challenges in your decision to rewrite your repository's history. -## Purging a file from your repository's history - -You can purge a file from your repository's history using either the `git filter-repo` tool or the BFG Repo-Cleaner open source tool. - -> [!NOTE] If sensitive data is located in a file that's identified as a binary file, you'll need to remove the file from the history, as you can't modify it to remove or replace the data. - -### Using the BFG - -The [BFG Repo-Cleaner](https://rtyley.github.io/bfg-repo-cleaner/) is a tool that's built and maintained by the open source community. It provides a faster, simpler alternative to `git filter-repo` for removing unwanted data. - -For example, to remove your file with sensitive data and leave your latest commit untouched, run: - -```shell -bfg --delete-files YOUR-FILE-WITH-SENSITIVE-DATA -``` - -To replace all text listed in `passwords.txt` wherever it can be found in your repository's history, run: - -```shell -bfg --replace-text passwords.txt -``` - -After the sensitive data is removed, you must force push your changes to {% data variables.product.product_name %}. Force pushing rewrites the repository history, which removes sensitive data from the commit history. If you force push, it may overwrite commits that other people have based their work on. - -```shell -git push --force -``` - -See the [BFG Repo-Cleaner](https://rtyley.github.io/bfg-repo-cleaner/)'s documentation for full usage and download instructions. - -### Using git filter-repo - -> [!WARNING] If you run `git filter-repo` after stashing changes, you won't be able to retrieve your changes with other stash commands. Before running `git filter-repo`, we recommend unstashing any changes you've made. To unstash the last set of changes you've stashed, run `git stash show -p | git apply -R`. For more information, see [Git Tools - Stashing and Cleaning](https://git-scm.com/book/en/v2/Git-Tools-Stashing-and-Cleaning). +## Purging a file from your local repository's history using git-filter-repo -To illustrate how `git filter-repo` works, we'll show you how to remove your file with sensitive data from the history of your repository and add it to `.gitignore` to ensure that it is not accidentally re-committed. - -1. Install the latest release of the [git filter-repo](https://github.com/newren/git-filter-repo) tool. You can install `git-filter-repo` manually or by using a package manager. For example, to install the tool with HomeBrew, use the `brew install` command. +1. Install the latest release of [the `git filter-repo` tool](https://github.com/newren/git-filter-repo). You need a version with the `--sensitive-data-removal` flag, meaning at least version 2.47. You can install `git filter-repo` manually or by using a package manager. For example, to install the tool with HomeBrew, use the `brew install` command. ```shell brew install git-filter-repo @@ -92,16 +74,10 @@ To illustrate how `git filter-repo` works, we'll show you how to remove your fil For more information, see [_INSTALL.md_](https://github.com/newren/git-filter-repo/blob/main/INSTALL.md) in the `newren/git-filter-repo` repository. -1. If you don't already have a local copy of your repository with sensitive data in its history, [clone the repository](/repositories/creating-and-managing-repositories/cloning-a-repository) to your local computer. +1. Clone the repository to your local computer. See [AUTOTITLE](/repositories/creating-and-managing-repositories/cloning-a-repository). ```shell - $ git clone https://{% data variables.product.product_url %}/YOUR-USERNAME/YOUR-REPOSITORY - > Initialized empty Git repository in /Users/YOUR-FILE-PATH/YOUR-REPOSITORY/.git/ - > remote: Counting objects: 1301, done. - > remote: Compressing objects: 100% (769/769), done. - > remote: Total 1301 (delta 724), reused 910 (delta 522) - > Receiving objects: 100% (1301/1301), 164.39 KiB, done. - > Resolving deltas: 100% (724/724), done. + git clone https://{% data variables.product.product_url %}/YOUR-USERNAME/YOUR-REPOSITORY ``` 1. Navigate into the repository's working directory. @@ -110,116 +86,73 @@ To illustrate how `git filter-repo` works, we'll show you how to remove your fil cd YOUR-REPOSITORY ``` -1. Run the following command, replacing `PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA` with the **path to the file you want to remove, not just its filename**. These arguments will: - * Force Git to process, but not check out, the entire history of every branch and tag - * Remove the specified file, as well as any empty commits generated as a result - * Remove some configurations, such as the remote URL, stored in the _.git/config_ file. You may want to back up this file in advance for restoration later. - * **Overwrite your existing tags** +1. Run a `git filter-repo` command to clean up the sensitive data. + + If you want to delete a specific file from all branches/tags/refs, run the following command replacing `PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA` with the **git path to the file you want to remove, not just its filename** (e.g. `src/module/phone-numbers.txt`): ```shell - $ git filter-repo --invert-paths --path PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA - Parsed 197 commits - New history written in 0.11 seconds; now repacking/cleaning... - Repacking your repo and cleaning out old unneeded objects - Enumerating objects: 210, done. - Counting objects: 100% (210/210), done. - Delta compression using up to 12 threads - Compressing objects: 100% (127/127), done. - Writing objects: 100% (210/210), done. - Building bitmaps: 100% (48/48), done. - Total 210 (delta 98), reused 144 (delta 75), pack-reused 0 - Completely finished after 0.64 seconds. - ``` - - > [!IMPORTANT] If the file with sensitive data used to exist at any other paths (because it was moved or renamed), you must run this command on those paths, as well. - -1. Add your file with sensitive data to `.gitignore` to ensure that you don't accidentally commit it again. + git filter-repo --sensitive-data-removal --invert-paths --path PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA + ``` - ```shell - $ echo "YOUR-FILE-WITH-SENSITIVE-DATA" >> .gitignore - $ git add .gitignore - $ git commit -m "Add YOUR-FILE-WITH-SENSITIVE-DATA to .gitignore" - > [main 051452f] Add YOUR-FILE-WITH-SENSITIVE-DATA to .gitignore - > 1 files changed, 1 insertions(+), 0 deletions(-) - ``` + > [!IMPORTANT] If the file with sensitive data used to exist at any other paths (because it was moved or renamed), you must either add an extra `--path` argument for that file, or run this command a second time naming the alternative path. -1. Double-check that you've removed everything you wanted to from your repository's history, and that all of your branches are checked out. -1. The `git filter-repo` tool will automatically remove your configured remotes. Use the `git remote set-url` command to restore your remotes, replacing `OWNER` and `REPO` with your repository details. For more information, see "[AUTOTITLE](/get-started/getting-started-with-git/managing-remote-repositories#adding-a-remote-repository)." + If you want to replace all text listed in `../passwords.txt` from any non-binary files found anywhere in your repository's history, run the following command: - ```shell - git remote add origin https://github.com/OWNER/REPOSITORY.git - ``` + ```shell + git filter-repo --sensitive-data-removal --replace-text ../passwords.txt + ``` + +1. Double-check that you've removed everything you wanted to from your repository's history. -1. Once you're happy with the state of your repository, and you have set the appropriate remote, force-push your local changes to overwrite your repository on {% data variables.location.product_location %}, as well as all the branches you've pushed up. A force push is required to remove sensitive data from your commit history. +1. Find out how many pull requests will be adversely affected by this history rewrite. You will need this information below. ```shell - $ git push origin --force --all - > Counting objects: 1074, done. - > Delta compression using 2 threads. - > Compressing objects: 100% (677/677), done. - > Writing objects: 100% (1058/1058), 148.85 KiB, done. - > Total 1058 (delta 590), reused 602 (delta 378) - > To https://{% data variables.product.product_url %}/YOUR-USERNAME/YOUR-REPOSITORY.git - > + 48dc599...051452f main -> main (forced update) + $ grep -c '^refs/pull/.*/head$' .git/filter-repo/changed-refs + 4 ``` -1. In order to remove the sensitive file from [your tagged releases](/repositories/releasing-projects-on-github/about-releases), you'll also need to force-push against your Git tags: + You can drop the `-c` to see which pull requests are affected: ```shell - $ git push origin --force --tags - > Counting objects: 321, done. - > Delta compression using up to 8 threads. - > Compressing objects: 100% (166/166), done. - > Writing objects: 100% (321/321), 331.74 KiB | 0 bytes/s, done. - > Total 321 (delta 124), reused 269 (delta 108) - > To https://{% data variables.product.product_url %}/YOUR-USERNAME/YOUR-REPOSITORY.git - > + 48dc599...051452f main -> main (forced update) + $ grep '^refs/pull/.*/head$' .git/filter-repo/changed-refs + refs/pull/589/head + refs/pull/602/head + refs/pull/604/head + refs/pull/605/head ``` -## Fully removing the data from {% data variables.product.prodname_dotcom %} - -After using either the BFG tool or `git filter-repo` to remove the sensitive data and pushing your changes to {% data variables.product.product_name %}, you must take a few more steps to fully remove the data from {% data variables.product.product_name %}. + This output includes the pull request number between the second and third slashes. If the [number of pull requests affected is larger than you expected](https://github.com/newren/git-filter-repo/blob/main/Documentation/FAQ.md#why-did-git-filter-repo-rewrite-more-commit-hashes-than-i-expected), you can discard this clone with no ill-effects and either redo the rewrite or abandon the sensitive data removal. Once you move on to the next step, the rewrite becomes irreversible. -{% ifversion ghec %} -1. If the repository was migrated using the {% data variables.product.prodname_importer_proper_name %}, there may be some non-standard Git references that follow the pattern `refs/github-services`, that neither the BFG tool or `git filter-repo` can remove. In this case, remove those references running the following commands in your local copy of the repository: +1. Once you're happy with the state of your repository, force-push your local changes to overwrite your repository on {% data variables.location.product_location %}. Even though `--force` is implied by `--mirror`, we include it below as a reminder that you are forcibly updating all branches, tags, and refs and you are discarding any changes others may have made to those refs while you were cleaning up the repository. ```shell - # fetch all refs - git ls-remote | grep refs/github-services | cut -f2 | sort -t'/' -k3,4n > github-services-refs.txt - - # inspect and validate refs to be deleted - cat github-services-refs.txt - - # delete refs in batches - export BATCH_SIZE=512 - cat github-services-refs.txt | xargs -n $BATCH_SIZE git push origin --delete + git push --force --mirror origin ``` -{% endif %} + This command will fail to push any refs starting with `refs/pull/`, since {% data variables.product.product_name %} marks those as read-only. Those push failures will be handled in the next section. If any other refs fail to push, you likely have branch protection turned on for that branch and will need to turn it off temporarily and redo the push. Repeat until the only failures to update are refs starting with `refs/pull/`. -1. Contact {% data variables.contact.contact_support %}, and ask to remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %}. Please provide the name of the repository and/or a link to the commit you need removed.{% ifversion ghes %} For more information about how site administrators can remove unreachable Git objects, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-repo-gc)." For more information about how site administrators can identify reachable commits, see "[Identifying reachable commits](#identifying-reachable-commits)."{% endif %}{% ifversion fpt or ghec %} +## Fully removing the data from {% data variables.product.prodname_dotcom %} - > [!IMPORTANT] {% data variables.contact.github_support %} won't remove non-sensitive data, and will only assist in the removal of sensitive data in cases where we determine that the risk can't be mitigated by rotating affected credentials. +After using `git filter-repo` to remove the sensitive data and pushing your changes to {% data variables.product.product_name %}, you must take a few more steps to fully remove the data from {% data variables.product.product_name %}. - {% endif %} +1. Contact {% data variables.contact.contact_support %}, and provide the following information: -1. Tell your collaborators to [rebase](https://git-scm.com/book/en/v2/Git-Branching-Rebasing), _not_ merge, any branches they created off of your old (tainted) repository history. One merge commit could reintroduce some or all of the tainted history that you just went to the trouble of purging. + * The owner and repository name in question (e.g. YOUR-USERNAME/YOUR-REPOSITORY). + * The number of affected pull requests, found in the previous step. This is used by Support to verify you understand how much will be affected. + * The First Changed Commit(s) reported by `git filter-repo` (Look for `NOTE: First Changed Commit(s)` in its output.) + * If `NOTE: There were LFS Objects Orphaned by this rewrite` appears in the git-filter-repo output (right after the First Changed Commit), then mention you had LFS Objects Orphaned and upload the named file to the ticket as well. -1. If you used `git filter-repo`, you can skip this step. + If you have successfully cleaned up all references other than PRs, and no forks have references to the sensitive data, Support will then: - If you used the BFG tool, after rewriting, you can clean up references in your local repository to the old history to be dereferenced and garbage collected with the following commands (using Git 1.8.5 or newer): + * Dereference or delete any affected PRs on {% data variables.product.product_name %}. + * Run a garbage collection on the server to expunge the sensitive data from storage. + * Remove cached views. + * If LFS Objects are involved, delete and/or purge the orphaned LFS objects. - ```shell - $ git reflog expire --expire=now --all - $ git gc --prune=now - > Counting objects: 2437, done. - > Delta compression using up to 4 threads. - > Compressing objects: 100% (1378/1378), done. - > Writing objects: 100% (2437/2437), done. - > Total 2437 (delta 1461), reused 1802 (delta 1048) - ``` + {% ifversion ghes %}For more information about how site administrators can remove unreachable Git objects, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-repo-gc)." For more information about how site administrators can identify reachable commits, see "[Identifying reachable commits](#identifying-reachable-commits)."{% endif %}{% ifversion fpt or ghec %} + >[!IMPORTANT] {% data variables.contact.github_support %} won't remove non-sensitive data, and will only assist in the removal of sensitive data in cases where we determine that the risk can't be mitigated by rotating affected credentials.{% endif %} - > [!NOTE] You can also achieve this by pushing your filtered history to a new or empty repository and then making a fresh clone from {% data variables.product.product_name %}. +1. Collaborators must [rebase](https://git-scm.com/book/en/v2/Git-Branching-Rebasing), _not_ merge, any branches they created off of your old (tainted) repository history. One merge commit could reintroduce some or all of the tainted history that you just went to the trouble of purging. They may need to take additional steps as well; see [Make sure other copies are cleaned up: clones of colleagues](https://htmlpreview.github.io/?https://github.com/newren/git-filter-repo/blob/docs/html/git-filter-repo.html#_make_sure_other_copies_are_cleaned_up_clones_of_colleagues) in the `git filter-repo` manual. {% ifversion ghes %} @@ -245,7 +178,7 @@ If references are found in any forks, the results will look similar, but will st ghe-nwo NWO ``` -The same procedure using the BFG tool or `git filter-repo` can be used to remove the sensitive data from the repository's forks. Alternatively, the forks can be deleted altogether, and if needed, the repository can be re-forked once the cleanup of the root repository is complete. +The sensitive data can be removed from a repository's forks by going to a clone of one, fetching from the cleaned up repository, then rebasing all branches and tags that contain the sensitive data on top of the relevant branch or tag from the cleaned up repository. Alternatively, the forks can be deleted altogether, and if needed, the repository can be re-forked once the cleanup of the root repository is complete. Once you have removed the commit's references, re-run the commands to double-check. @@ -263,8 +196,11 @@ Once garbage collection has successfully removed the commit, you'll want to brow Preventing contributors from making accidental commits can help you prevent sensitive information from being exposed. For more information see "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)." -There are a few simple tricks to avoid committing things you don't want committed: +There are a few things you can do to avoid committing or pushing things that should not be shared: +* If the sensitive data is likely to be found in a file that should not be tracked by git, add that filename to `.gitignore` (and make sure to commit and push that change to `.gitignore` so other developers are protected). +* Avoid hardcoding secrets in code. Use environment variables, or secret management services like Azure Key Vault, AWS Secrets Manager, or HashiCorp Vault to manage and inject secrets at runtime. +* Create a pre-commit hook to check for sensitive data before it is committed or pushed anywhere, or use a well-known tool in a pre-commit hook like git-secrets or gitleaks. (Make sure to ask each collaborator to set up the pre-commit hook you have chosen.) * Use a visual program like [{% data variables.product.prodname_desktop %}](https://desktop.github.com/) or [gitk](https://git-scm.com/docs/gitk) to commit changes. Visual programs generally make it easier to see exactly which files will be added, deleted, and modified with each commit. * Avoid the catch-all commands `git add .` and `git commit -a` on the command line—use `git add filename` and `git rm filename` to individually stage files, instead. * Use `git add --interactive` to individually review and stage changes within each file. @@ -273,6 +209,6 @@ There are a few simple tricks to avoid committing things you don't want committe ## Further reading -* [`git filter-repo` man page](https://htmlpreview.github.io/?https://github.com/newren/git-filter-repo/blob/docs/html/git-filter-repo.html) +* [`git filter-repo` man page](https://htmlpreview.github.io/?https://github.com/newren/git-filter-repo/blob/docs/html/git-filter-repo.html), especially the "Sensitive Data Removal" subsection of the "DISCUSSION" section. * [Pro Git: Git Tools - Rewriting History](https://git-scm.com/book/en/v2/Git-Tools-Rewriting-History) * "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)" diff --git a/content/code-security/codeql-cli/codeql-cli-manual/github-upload-results.md b/content/code-security/codeql-cli/codeql-cli-manual/github-upload-results.md index 3e7804c1b9eb..773fbc874afd 100644 --- a/content/code-security/codeql-cli/codeql-cli-manual/github-upload-results.md +++ b/content/code-security/codeql-cli/codeql-cli-manual/github-upload-results.md @@ -91,8 +91,8 @@ version 2.1.0 (this is the default version of SARIF used by CodeQL). By default, the CLI will wait for GitHub to process the SARIF file for a maximum of 2 minutes, returning a non-zero exit code if there were any errors during processing of the analysis results. You can customize how -long the CLI will wait with `--wait-for-processing-timeout`, or -disable the feature with `--no-wait-for-processing`. +long the CLI will wait with `--wait-for-processing-timeout`, or disable +the feature with `--no-wait-for-processing`. #### `--wait-for-processing-timeout=` diff --git a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md index 88e4241c1029..7863412dda36 100644 --- a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md +++ b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md @@ -105,11 +105,9 @@ To ensure that all code is properly reviewed prior to being merged into the defa ## Mitigate data leaks -If a user pushes sensitive data, ask them to remove it by using the `git filter-repo` tool or the BFG Repo-Cleaner open source tool. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)." Also, it is possible to revert almost anything in Git. For more information, see [{% data variables.product.prodname_blog %}](https://github.blog/2015-06-08-how-to-undo-almost-anything-with-git/). +If a user pushes sensitive data, ask them to remove it by using the `git filter-repo` tool. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)." Also, if the sensitive data has not been pushed yet, you can just undo those changes locally; for more information, see [{% data variables.product.prodname_blog %}](https://github.blog/2015-06-08-how-to-undo-almost-anything-with-git/) (but note that `git revert` is not a valid way to undo the addition of sensitive data as it leaves the original sensitive commit in Git history). -At the organization level, if you're unable to coordinate with the user who pushed the sensitive data to remove it, we recommend you contact {% data variables.contact.contact_support %} with the concerning commit SHA. - -If you're unable to coordinate directly with the repository owner to remove data that you're confident you own, you can fill out a DMCA takedown notice form and tell GitHub Support. For more information, see [DMCA takedown notice](https://support.github.com/contact/dmca-takedown). +If you're unable to coordinate directly with the repository owner to remove data that you're confident you own, you can fill out a DMCA takedown notice form and tell GitHub Support. Make sure to include the problematic commit hashes. For more information, see [DMCA takedown notice](https://support.github.com/contact/dmca-takedown). > [!NOTE] > If one of your repositories has been taken down due to a false claim, you should fill out a DMCA diff --git a/content/code-security/secret-scanning/introduction/about-secret-scanning.md b/content/code-security/secret-scanning/introduction/about-secret-scanning.md index 98849b7cad72..646f70a8b140 100644 --- a/content/code-security/secret-scanning/introduction/about-secret-scanning.md +++ b/content/code-security/secret-scanning/introduction/about-secret-scanning.md @@ -54,9 +54,7 @@ Below is a typical workflow that explains how {% data variables.product.prodname * **Review:** When a secret is detected, you'll need to review the alert details provided. -* **Remediation:** You then need to take appropriate actions to remediate the exposure. This might include: - * Rotating the affected credential to ensure it is no longer usable. - * Removing the secret from the repository's history (using tools like BFG Repo-Cleaner or {% data variables.product.prodname_dotcom %}'s built-in features). +* **Remediation:** You then need to take appropriate action to remediate the exposure. This should always include rotating the affected credential to ensure it is no longer usable. It may also include removing the secret from the repository's history (using tools like `git-filter-repo`; see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository) for more details") though this will likely involve a heavy cost in time and effort, and is usually unnecessary if the credentials have been revoked. * **Monitoring:** It's good practice to regularly audit and monitor your repositories to ensure no other secrets are exposed. diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md index 5fa733d85fc6..4f5b8348758d 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md @@ -138,12 +138,8 @@ After your pattern is created, {% data variables.product.prodname_secret_scannin Before defining a custom pattern, you must ensure that you enable secret scanning for your enterprise account. For more information, see "[Enabling {% data variables.product.prodname_GH_advanced_security %} for your enterprise]({% ifversion fpt or ghec %}/enterprise-server@latest/{% endif %}/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise)." > [!NOTE] -{% ifversion custom-pattern-dry-run-ga %} > * At the enterprise level, only the creator of a custom pattern can edit the pattern, and use it in a dry run. > * {% data reusables.secret-scanning.dry-runs-enterprise-permissions %} -{% else %} -> As there is no dry-run functionality, we recommend that you test your custom patterns in a repository before defining them for your entire enterprise. That way, you can avoid creating excess false-positive {% data variables.secret-scanning.alerts %}. -{% endif %} {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %}{% ifversion security-feature-enablement-policies %} diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md index 09bf167bf822..89930abeef35 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md @@ -46,6 +46,9 @@ The contributor is notified of the decision by email and must take the required 1. Select the **All statuses** dropdown menu, then click **Open** to view requests that are awaiting review, and those that have been approved but for which the commits haven't been pushed to the repository yet. 1. Click the request that you want to review. 1. Review the details of the request. +{% ifversion push-protection-bypass-reviewer-comment -%} +{% data reusables.repositories.bypass-requests-reviewer-comment %} +{%- endif %} 1. To allow the contributor to push the commit containing the secret, click **Approve bypass request**. Or, to require the contributor to remove the secret from the commit, click **Deny bypass request**. {% ifversion security-overview-delegated-bypass-requests %} diff --git a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md b/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md index 206e1584b52a..3b8dd6bd697e 100644 --- a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md +++ b/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md @@ -31,6 +31,9 @@ For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-adva 1. Select the **All statuses** dropdown menu, then click **Open** to view requests that are awaiting review, or that have been approved but for which the commits haven't been pushed to the repository yet. 1. Click the request that you want to review. 1. Review the details of the request. +{% ifversion push-protection-bypass-reviewer-comment -%} +{% data reusables.repositories.bypass-requests-reviewer-comment %} +{%- endif %} 1. To allow the contributor to push the commit containing the secret, click **Approve bypass request**. Or, to require the contributor to remove the secret from the commit, click **Deny bypass request**. ## Filtering requests diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise.md index 452b8cf88fc7..c22a7fb7dd81 100644 --- a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise.md +++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise.md @@ -88,6 +88,10 @@ By default, {% data variables.product.prodname_copilot_chat_short %} uses the `G * `o1-preview`: This model is focused on advanced reasoning and solving complex problems, in particular in math and science. It responds more slowly than the `gpt-4o` model. Each member of your enterprise can make 10 requests to this model per day. * `o1-mini`: This is the faster version of the `o1-preview` model, balancing the use of complex reasoning with the need for faster responses. It is best suited for code generation and small context operations. Each member of your enterprise can make 50 requests to this model per day. +### {% data variables.product.prodname_copilot_short %} Metrics API access + +Enable this policy to allow users to use the {% data variables.product.prodname_copilot_short %} Metrics API. See "[AUTOTITLE](/rest/copilot/copilot-metrics)." + ## Configuring policies for {% data variables.product.prodname_copilot %} {% data reusables.enterprise-accounts.access-enterprise %} diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/analyzing-usage-over-time-with-the-copilot-metrics-api.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/analyzing-usage-over-time-with-the-copilot-metrics-api.md new file mode 100644 index 000000000000..fd6661a55a30 --- /dev/null +++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/analyzing-usage-over-time-with-the-copilot-metrics-api.md @@ -0,0 +1,303 @@ +--- +title: Analyzing usage over time with the Copilot metrics API +shortTitle: Copilot metrics API +intro: 'Learn how to connect to the API, store data, and analyze usage trends.' +versions: + feature: copilot +product: '{% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}' +permissions: 'Organization owners, enterprise owners, and billing managers' +layout: inline +topics: + - Copilot +--- + +## Introduction + +You can use the [AUTOTITLE](/rest/copilot/copilot-metrics) to see trends in how users are adopting {% data variables.product.prodname_copilot %}. During a rollout of {% data variables.product.prodname_copilot %}, it's useful to view these trends to check that people are using their assigned licenses, see which features people are using, and understand the effect of your company's enablement plan on developers. + +The API includes: + +* Data for the last 28 days +* Numbers of active users and engaged users +* Breakdowns by language and IDE +* The option to view metrics for an enterprise, organization, or team + +If you currently use the [AUTOTITLE](/rest/copilot/copilot-usage), we recommend migrating to the [AUTOTITLE](/rest/copilot/copilot-metrics) as soon as possible. + +This guide demonstrates how to query the API, store data, and analyze a trend for changes to the number of users per week. The examples in this guide use the endpoint for an organization, but you can adapt the examples to meet your needs. + +## About endpoint availability + +Endpoints are available to get data for an enterprise, organization, organization team, or enterprise team. + +* If you have a {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription as part of a regular organization or enterprise, you can use the endpoints for **an enterprise, an organization, or an organization team**. You don't have access to enterprise teams unless you're enrolled in a preview. +* If you use a dedicated enterprise for {% data variables.product.prodname_copilot_for_business %}—an enterprise account without the ability to create organizations—you can use the endpoints for **an enterprise or an enterprise team**. + +## Prerequisites + +* The **{% data variables.product.prodname_copilot_short %} metrics API access** policy must be enabled for your enterprise or organization. See "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization)" or "[AUTOTITLE](/enterprise-cloud@latest/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)." +* The organization, enterprise, or team that you're querying must have enough active {% data variables.product.prodname_copilot_short %} users. The API only returns results for a given day if there are **five or more members with active {% data variables.product.prodname_copilot_short %} licenses** for that day. +* In this example, we'll create a JavaScript script for querying and analyzing the data. To run this script locally, you must install [Node.js](https://nodejs.org/en), then install the [Octokit.js SDK](https://github.com/octokit/octokit.js#usage) with `npm install -g octokit`. + +## 1. Create a {% data variables.product.pat_generic %} + +For our example, to get metrics for an organization, we'll create a {% data variables.product.pat_v1 %} with the `manage_billing:copilot` scope. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic)." + +If you're using another endpoint, you may need different scopes. See "[AUTOTITLE](/rest/copilot/copilot-metrics)." + +## 2. Connect to the API + +We will call the API from a script and save the response as a variable. We can then store the data externally and analyze trends in the data. + +The following example uses the [Octokit client](https://github.com/octokit) for JavaScript. You can use other methods to call the API, such as cURL or the {% data variables.product.prodname_cli %}. + +### Example + +In this example: + +* Replace YOUR_TOKEN with your {% data variables.product.pat_generic %}. +* Replace YOUR_ORG with your organization name, such as `octo-org`. + +```javascript annotate +// Import Octokit +import { Octokit } from "octokit"; + +// Set your token and organization +const octokit = new Octokit({ + auth: 'YOUR_TOKEN' +}); +const org = 'YOUR_ORG'; + +// Set other variables if required for the endpoint you're using +/* +const team = 'YOUR_TEAM'; +const enterprise = 'YOUR_ENTERPRISE'; +const entTeam = 'YOUR_ENTERPRISE_TEAM'; +*/ + +// Call the API +async function orgMetrics() { + const resp = await octokit.request(`GET /orgs/${org}/copilot/metrics`, { + org: 'ORG', + headers: { + 'X-GitHub-Api-Version': '2022-11-28' + } + }); + + const copilotUsage = resp.data; + + console.log(copilotUsage); + } + +// Call the function +orgMetrics(); +``` + +### Run the script locally + +To test the script locally, save the file as `copilot.mjs`, then run `node copilot.mjs`. + +>[!IMPORTANT] The **.mjs** file type is important. The `import { Octokit }` statement may not work with a regular `.js` file. + +In your terminal, you should see output with a JSON array like the following. + +```json +[ + { + date: '2024-11-07', + copilot_ide_chat: { editors: [Array], total_engaged_users: 14 }, + total_active_users: 28, + copilot_dotcom_chat: { models: [Array], total_engaged_users: 4 }, + total_engaged_users: 28, + copilot_dotcom_pull_requests: { total_engaged_users: 0 }, + copilot_ide_code_completions: { editors: [Array], total_engaged_users: 22 } + }, +... +``` + +## 3. Store the data + +To analyze trends over longer than 28 days, you will need to: + +* Call the API daily, using a cron job or scheduled {% data variables.product.prodname_actions %} workflow. +* Store data locally or with a database service such as MySQL. +* Query the data to identify trends over time. + +### Example + +In this example we'll save the data to a local `.json` file. To do this, we will import some modules for working with files, and update the `orgMetrics` function to save the response data. + +The function saves new data that is returned each day, without overwriting old data in the file. + +New steps are annotated in **bold**. + +```javascript annotate +// Import Octokit +import { Octokit } from "octokit"; + +// **Import modules for working with files** +import path from 'path'; +import fs from 'fs'; +import { fileURLToPath } from 'url'; +import { dirname } from 'path'; + +// **Declare variables for working with files** +const __filename = fileURLToPath(import.meta.url); +const __dirname = dirname(__filename); + +// Set your token and organization +const octokit = new Octokit({ + auth: 'YOUR_TOKEN' +}); + +const org = 'YOUR_ORG'; + +// Call the API +async function orgMetrics() { + const resp = await octokit.request(`GET /orgs/${org}/copilot/metrics`, { + org: 'ORG', + headers: { + 'X-GitHub-Api-Version': '2022-11-28' + } + }); + + const copilotUsage = resp.data; + + // **Define the path to the local file where data will be stored** + const dataFilePath = path.join(__dirname, 'copilotMetricsData.json'); + + // **Read existing data from the file, if it exists** + let existingData = []; + if (fs.existsSync(dataFilePath)) { + const fileContent = fs.readFileSync(dataFilePath, 'utf8'); + existingData = JSON.parse(fileContent); + } + + // **Filter out the new data that is not already in the existing data** + const newData = copilotUsage.filter(entry => !existingData.some(existingEntry => existingEntry.date === entry.date)); + + // **Append new data to the existing data** + if (newData.length > 0) { + existingData = existingData.concat(newData); + + // **Save the updated data back to the file** + fs.writeFileSync(dataFilePath, JSON.stringify(existingData, null, 2)); + console.log(`Saved ${newData.length} new entries.`); + } else { + console.log('No new data to save.'); + } +} + +// Call the function +orgMetrics(); +``` + +### Run the script locally + +After running the script with `node copilot.mjs`, you should have a new file in your directory called `copilotMetricsData.json`. The file should contain data from the API response. + +If you run the script again tomorrow, it should only save data for one new day to the file. + +## 4. Analyze trends + +You can work with the data from the API to identify trends over the last 28 days or, if you've stored data from previous API calls, over a longer period. + +### Example + +In the following example, we update the `orgMetrics` function to extract the total and average number of active and engaged users per week. We could then use that data to track changes over time. This example uses the data returned directly from the API, and doesn't require stored data. + +New steps are annotated in **bold**. + +```javascript annotate +// Call the API +async function orgMetrics() { + const resp = await octokit.request(`GET /orgs/${org}/copilot/metrics`, { + org: 'ORG', + headers: { + 'X-GitHub-Api-Version': '2022-11-28' + } + }); + + const copilotUsage = resp.data; + + // **Create an object to store data for each week** + let userTrends ={ + week1: { + days:0, + activeUsers:0, + engagedUsers:0, + }, + week2: { + days:0, + activeUsers:0, + engagedUsers:0, + }, + week3: { + days:0, + activeUsers:0, + engagedUsers:0, + }, + week4: { + days:0, + activeUsers:0, + engagedUsers:0, + }, + }; + + // **Iterate over the data** + for (let i =0; i Alternatively, if you don't want to install an additional tool, you could use an interactive rebase to remove problematic commits. To do this: +> +> * You must know which commit(s) added or modified the file in question. +> * The commit(s) must be part of only one branch. +> * The one branch that the commits belong to must have had no merges since the commit(s) were applied. +> +> For more information about interactive rebases, see "[AUTOTITLE](/get-started/using-git/using-git-rebase-on-the-command-line)." If you are unsure if you meet the necessary conditions for fixing with an interactive rebase, you should use `git filter-repo`. ## Distributing large binaries diff --git a/content/repositories/working-with-files/managing-large-files/moving-a-file-in-your-repository-to-git-large-file-storage.md b/content/repositories/working-with-files/managing-large-files/moving-a-file-in-your-repository-to-git-large-file-storage.md index 28a7e7a4c3df..ad06a6fff72d 100644 --- a/content/repositories/working-with-files/managing-large-files/moving-a-file-in-your-repository-to-git-large-file-storage.md +++ b/content/repositories/working-with-files/managing-large-files/moving-a-file-in-your-repository-to-git-large-file-storage.md @@ -16,9 +16,9 @@ After installing {% data variables.large_files.product_name_short %} and configu {% data reusables.large_files.resolving-upload-failures %} > [!TIP] -> If you get an error that "this exceeds {% data variables.large_files.product_name_short %}'s file size limit of {% data variables.large_files.max_github_size %}" when you try to push files to Git, you can use `git lfs migrate` instead of `filter-repo` or the BFG Repo Cleaner, to move the large file to {% data variables.large_files.product_name_long %}. For more information about the `git lfs migrate` command, see the [Git LFS 2.2.0](https://github.com/blog/2384-git-lfs-2-2-0-released) release announcement. +> If you get an error that "this exceeds {% data variables.large_files.product_name_short %}'s file size limit of {% data variables.large_files.max_github_size %}" when you try to push files to Git, you can use `git lfs migrate` instead of `filter-repo`, to move the large file to {% data variables.large_files.product_name_long %}. For more information about the `git lfs migrate` command, see the [Git LFS 2.2.0](https://github.com/blog/2384-git-lfs-2-2-0-released) release announcement. -1. Remove the file from the repository's Git history using either the `filter-repo` command or BFG Repo-Cleaner. For detailed information on using these, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)." +1. Remove the file from the repository's Git history using the `filter-repo` command. For detailed information on using these, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)." 1. Configure tracking for your file and push it to {% data variables.large_files.product_name_short %}. For more information on this procedure, see "[AUTOTITLE](/repositories/working-with-files/managing-large-files/configuring-git-large-file-storage)." ## Further reading diff --git a/content/repositories/working-with-files/managing-large-files/removing-files-from-git-large-file-storage.md b/content/repositories/working-with-files/managing-large-files/removing-files-from-git-large-file-storage.md index 210a79337500..f8b13176f37f 100644 --- a/content/repositories/working-with-files/managing-large-files/removing-files-from-git-large-file-storage.md +++ b/content/repositories/working-with-files/managing-large-files/removing-files-from-git-large-file-storage.md @@ -13,7 +13,7 @@ shortTitle: Remove files --- ## Removing a single file -1. Remove the file from the repository's Git history using either the `filter-repo` command or BFG Repo-Cleaner. For detailed information on using these, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)." +1. Remove the file from the repository's Git history using the `filter-repo` command. For detailed information on using these, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)." 1. Navigate to your _.gitattributes_ file. > [!NOTE] @@ -24,7 +24,7 @@ shortTitle: Remove files ## Removing all files within a {% data variables.large_files.product_name_short %} repository -1. Remove the files from the repository's Git history using either the `filter-repo` command or BFG Repo-Cleaner. For detailed information on using these, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)." +1. Remove the files from the repository's Git history using the `filter-repo` command. For detailed information on using these, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)." 1. Optionally, to uninstall {% data variables.large_files.product_name_short %} in the repository, run: ```shell diff --git a/content/rest/copilot/copilot-metrics.md b/content/rest/copilot/copilot-metrics.md index 55282cd999c9..ed8a35e96162 100644 --- a/content/rest/copilot/copilot-metrics.md +++ b/content/rest/copilot/copilot-metrics.md @@ -11,4 +11,15 @@ autogenerated: rest allowTitleToDifferFromFilename: true --- +You can use these endpoints to get a breakdown of aggregated metrics for various {% data variables.product.prodname_copilot %} features. The API includes: + +* Data for the last 28 days +* Numbers of active users and engaged users +* Breakdowns by language and IDE +* The option to view metrics for an enterprise, organization, or team + +If you currently use the [AUTOTITLE](/rest/copilot/copilot-usage), we recommend migrating to these endpoints as soon as possible. + +For help getting started, see "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/analyzing-usage-over-time-with-the-copilot-metrics-api)." + diff --git a/data/features/projects-v2-tasklists.yml b/data/features/projects-v2-tasklists.yml deleted file mode 100644 index d8c6054aaa6b..000000000000 --- a/data/features/projects-v2-tasklists.yml +++ /dev/null @@ -1,5 +0,0 @@ -# Issue 8331 -# Tasklists -versions: - fpt: '*' - ghec: '*' diff --git a/data/features/push-protection-bypass-reviewer-comment.yml b/data/features/push-protection-bypass-reviewer-comment.yml new file mode 100644 index 000000000000..28fbd2ae50a5 --- /dev/null +++ b/data/features/push-protection-bypass-reviewer-comment.yml @@ -0,0 +1,5 @@ +# Reference: #16452 +# Documentation for reviewers can add a comment on push protection bypass requests for secret scanning [GA] +versions: + ghec: '*' + ghes: '>3.16' diff --git a/data/features/push-protection-custom-link-orgs.yml b/data/features/push-protection-custom-link-orgs.yml deleted file mode 100644 index 82b9ce2f42ce..000000000000 --- a/data/features/push-protection-custom-link-orgs.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Issue 7299 -# Push protection custom links -# See "push-protection-custom-link-orgs-beta" for the beta flags -versions: - fpt: '*' - ghec: '*' - ghes: '>=3.7' diff --git a/data/features/query-pack-compatibility.yml b/data/features/query-pack-compatibility.yml deleted file mode 100644 index 14213cf01b6e..000000000000 --- a/data/features/query-pack-compatibility.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Reference: #8683 -# Documentation for stable precompiled query packs -versions: - fpt: '*' - ghec: '*' - ghes: '>=3.9' diff --git a/data/features/remove-code-scanning-configurations.yml b/data/features/remove-code-scanning-configurations.yml deleted file mode 100644 index e15a5095508d..000000000000 --- a/data/features/remove-code-scanning-configurations.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Reference: #9108 - -versions: - fpt: '*' - ghec: '*' - ghes: '>3.8' diff --git a/data/features/reopen-dependabot-alerts.yml b/data/features/reopen-dependabot-alerts.yml deleted file mode 100644 index 65b41ef09704..000000000000 --- a/data/features/reopen-dependabot-alerts.yml +++ /dev/null @@ -1,5 +0,0 @@ -# Reference 5861 -versions: - fpt: '*' - ghec: '*' - ghes: '>3.4' diff --git a/data/reusables/actions/about-actions-usage-metrics-aggregation.md b/data/reusables/actions/about-actions-usage-metrics-aggregation.md index 89780d5d760f..fed1f480d41b 100644 --- a/data/reusables/actions/about-actions-usage-metrics-aggregation.md +++ b/data/reusables/actions/about-actions-usage-metrics-aggregation.md @@ -10,5 +10,6 @@ The time period selection feature allows you to view {% data variables.product.p | Last 30 days | Data from the last 30 days to when the page is viewed. | | Last 90 days | Data from the last 90 days to when the page is viewed. | | Last year | Data aggregated for the last 12 months. | +| Custom | Data from a custom date range. The range can be up to 100 days inclusive of start and end dates and go back as far as one year. | {% endrowheaders %} diff --git a/data/reusables/repositories/bypass-requests-reviewer-comment.md b/data/reusables/repositories/bypass-requests-reviewer-comment.md new file mode 100644 index 000000000000..c6b16d9fda59 --- /dev/null +++ b/data/reusables/repositories/bypass-requests-reviewer-comment.md @@ -0,0 +1 @@ +1. Optionally, add a review comment. The comment will be added to the review request timeline and the {% data variables.product.prodname_secret_scanning %} alert timeline. For example, you may wish to explain the reason for the approval or denial of the request for auditing and reporting reasons, and suggest next steps for the contributor to take. diff --git a/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json index c4712c8991d3..ecaba5cfad02 100644 --- a/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/fpt-2022-11-28/server-to-server-permissions.json @@ -1,65 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "copilot", - "slug": "list-all-copilot-seat-assignments-for-an-enterprise", - "subcategory": "copilot-user-management", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/billing/seats", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-copilot-metrics-for-an-enterprise", - "subcategory": "copilot-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/metrics", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-a-summary-of-copilot-usage-for-enterprise-members", - "subcategory": "copilot-usage", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/usage", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-copilot-metrics-for-an-enterprise-team", - "subcategory": "copilot-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/team/{team_slug}/copilot/metrics", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-a-summary-of-copilot-usage-for-an-enterprise-team", - "subcategory": "copilot-usage", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/team/{team_slug}/copilot/usage", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - } - ] - }, "organization_api_insights": { "title": "API Insights", "displayTitle": "Organization permissions for \"API Insights\"", diff --git a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json index 463d89842556..6cf79af39ec5 100644 --- a/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghec-2022-11-28/fine-grained-pat-permissions.json @@ -50,210 +50,6 @@ } ] }, - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "enterprise-admin", - "slug": "get-github-enterprise-server-statistics", - "subcategory": "admin-stats", - "verb": "get", - "requestPath": "/enterprise-installation/{enterprise_or_org}/server-statistics", - "additional-permissions": true, - "access": "read" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-the-github-actions-oidc-custom-issuer-policy-for-an-enterprise", - "subcategory": "oidc", - "verb": "put", - "requestPath": "/enterprises/{enterprise}/actions/oidc/customization/issuer", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "list-enterprise-consumed-licenses", - "subcategory": "license", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/consumed-licenses", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-a-license-sync-status", - "subcategory": "license", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/license-sync-status", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-actions-billing-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/actions", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-github-packages-billing-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/packages", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-shared-storage-billing-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/shared-storage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_api_insights": { "title": "API Insights", "displayTitle": "Organization permissions for \"API Insights\"", diff --git a/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json index c0ec77055407..635588b4fbe5 100644 --- a/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghec-2022-11-28/server-to-server-permissions.json @@ -60,353 +60,6 @@ } ] }, - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "enterprise-admin", - "slug": "get-github-enterprise-server-statistics", - "subcategory": "admin-stats", - "verb": "get", - "requestPath": "/enterprise-installation/{enterprise_or_org}/server-statistics", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": true - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-the-github-actions-oidc-custom-issuer-policy-for-an-enterprise", - "subcategory": "oidc", - "verb": "put", - "requestPath": "/enterprises/{enterprise}/actions/oidc/customization/issuer", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-enterprise-consumed-licenses", - "subcategory": "license", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/consumed-licenses", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "list-all-copilot-seat-assignments-for-an-enterprise", - "subcategory": "copilot-user-management", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/billing/seats", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-copilot-metrics-for-an-enterprise", - "subcategory": "copilot-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/metrics", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-a-summary-of-copilot-usage-for-enterprise-members", - "subcategory": "copilot-usage", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/copilot/usage", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-a-license-sync-status", - "subcategory": "license", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/license-sync-status", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-actions-billing-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/actions", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-all-cost-centers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/cost-centers", - "access": "write", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "add-users-to-a-cost-center", - "subcategory": "billing", - "verb": "post", - "requestPath": "/enterprises/{enterprise}/settings/billing/cost-centers/{cost_center_id}/resource", - "access": "write", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "remove-users-from-a-cost-center", - "subcategory": "billing", - "verb": "delete", - "requestPath": "/enterprises/{enterprise}/settings/billing/cost-centers/{cost_center_id}/resource", - "access": "write", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-packages-billing-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/packages", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-shared-storage-billing-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/shared-storage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-billing-usage-report-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/usage", - "access": "write", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-copilot-metrics-for-an-enterprise-team", - "subcategory": "copilot-metrics", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/team/{team_slug}/copilot/metrics", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "copilot", - "slug": "get-a-summary-of-copilot-usage-for-an-enterprise-team", - "subcategory": "copilot-usage", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/team/{team_slug}/copilot/usage", - "access": "read", - "user-to-server": false, - "server-to-server": false, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_api_insights": { "title": "API Insights", "displayTitle": "Organization permissions for \"API Insights\"", diff --git a/src/github-apps/data/ghes-3.10-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.10-2022-11-28/fine-grained-pat-permissions.json index 342d207e3bbc..0d99c76feb19 100644 --- a/src/github-apps/data/ghes-3.10-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.10-2022-11-28/fine-grained-pat-permissions.json @@ -1,163 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.10-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.10-2022-11-28/server-to-server-permissions.json index 948c4f433505..8ec0331f068e 100644 --- a/src/github-apps/data/ghes-3.10-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.10-2022-11-28/server-to-server-permissions.json @@ -1,197 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.11-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.11-2022-11-28/fine-grained-pat-permissions.json index 7d239de7824c..570837d5feb7 100644 --- a/src/github-apps/data/ghes-3.11-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.11-2022-11-28/fine-grained-pat-permissions.json @@ -1,163 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.11-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.11-2022-11-28/server-to-server-permissions.json index 2570e98b676d..71846d9285a7 100644 --- a/src/github-apps/data/ghes-3.11-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.11-2022-11-28/server-to-server-permissions.json @@ -1,197 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.12-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.12-2022-11-28/fine-grained-pat-permissions.json index a72de06bf83c..01ded5525604 100644 --- a/src/github-apps/data/ghes-3.12-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.12-2022-11-28/fine-grained-pat-permissions.json @@ -1,163 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.12-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.12-2022-11-28/server-to-server-permissions.json index b086feb48d4d..f55300c7b612 100644 --- a/src/github-apps/data/ghes-3.12-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.12-2022-11-28/server-to-server-permissions.json @@ -1,197 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.13-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.13-2022-11-28/fine-grained-pat-permissions.json index 2e3516146022..e397fb1523e9 100644 --- a/src/github-apps/data/ghes-3.13-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.13-2022-11-28/fine-grained-pat-permissions.json @@ -1,163 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.13-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.13-2022-11-28/server-to-server-permissions.json index 42e83e4544f5..e85f18c5e339 100644 --- a/src/github-apps/data/ghes-3.13-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.13-2022-11-28/server-to-server-permissions.json @@ -1,197 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat-permissions.json index d935819dae3a..d9a323e892bb 100644 --- a/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.14-2022-11-28/fine-grained-pat-permissions.json @@ -1,163 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-permissions.json index 0849a3850942..eafcf726503d 100644 --- a/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.14-2022-11-28/server-to-server-permissions.json @@ -1,197 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat-permissions.json b/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat-permissions.json index b3b5c5e4aad0..086873c62a9d 100644 --- a/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat-permissions.json +++ b/src/github-apps/data/ghes-3.15-2022-11-28/fine-grained-pat-permissions.json @@ -1,163 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "additional-permissions": false, - "access": "read" - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "additional-permissions": false, - "access": "write" - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-permissions.json b/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-permissions.json index 4877e9c9df40..dddfe4be48d7 100644 --- a/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-permissions.json +++ b/src/github-apps/data/ghes-3.15-2022-11-28/server-to-server-permissions.json @@ -1,197 +1,4 @@ { - "enterprise_administration": { - "title": "Enterprise administration", - "displayTitle": "Business permissions for \"Enterprise administration\"", - "permissions": [ - { - "category": "actions", - "slug": "get-github-actions-cache-usage-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "get-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "actions", - "slug": "set-github-actions-cache-usage-policy-for-an-enterprise", - "subcategory": "cache", - "verb": "patch", - "requestPath": "/enterprises/{enterprise}/actions/cache/usage-policy", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-the-audit-log-for-an-enterprise", - "subcategory": "audit-log", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/audit-log", - "access": "read", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-github-advanced-security-active-committers-for-an-enterprise", - "subcategory": "billing", - "verb": "get", - "requestPath": "/enterprises/{enterprise}/settings/billing/advanced-security", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-provisioned-scim-groups-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-group", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-group", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-group", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-group-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Groups/{scim_group_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "list-scim-provisioned-identities-for-an-enterprise", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "provision-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "post", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "get-scim-provisioning-information-for-an-enterprise-user", - "subcategory": "scim", - "verb": "get", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "set-scim-information-for-a-provisioned-enterprise-user", - "subcategory": "scim", - "verb": "put", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "update-an-attribute-for-a-scim-enterprise-user", - "subcategory": "scim", - "verb": "patch", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - }, - { - "category": "enterprise-admin", - "slug": "delete-a-scim-user-from-an-enterprise", - "subcategory": "scim", - "verb": "delete", - "requestPath": "/scim/v2/enterprises/{enterprise}/Users/{scim_user_id}", - "access": "write", - "user-to-server": true, - "server-to-server": true, - "additional-permissions": false - } - ] - }, "organization_administration": { "title": "Administration", "displayTitle": "Organization permissions for \"Administration\"", diff --git a/src/github-apps/scripts/sync.js b/src/github-apps/scripts/sync.js index 53a91b0b2a88..9e3c63554913 100755 --- a/src/github-apps/scripts/sync.js +++ b/src/github-apps/scripts/sync.js @@ -17,6 +17,9 @@ const ENABLED_APPS_DIR = 'src/github-apps/data' const CONFIG_FILE = 'src/github-apps/lib/config.json' export async function syncGitHubAppsData(openApiSource, sourceSchemas, progAccessSource) { + console.log( + `Generating GitHub Apps data from ${openApiSource}, ${sourceSchemas} and ${progAccessSource}`, + ) const { progAccessData, progActorResources } = await getProgAccessData(progAccessSource) for (const schemaName of sourceSchemas) { @@ -66,6 +69,8 @@ export async function syncGitHubAppsData(openApiSource, sourceSchemas, progAcces for (const permissionSet of progAccessData[operation.operationId].permissions) { for (const [permissionName, readOrWrite] of Object.entries(permissionSet)) { const { title, displayTitle } = getDisplayTitle(permissionName, progActorResources) + if (progActorResources[permissionName]['visibility'] === 'private') continue + const additionalPermissions = progAccessData[operation.operationId].permissions.length > 1 || progAccessData[operation.operationId].permissions.some(