[MERGES AFTER GHAE CB ships] Remove "public repository" wording for G…

…HAE (github#18008) * Empty commit * updated beta note for GHAE * more GHAE update + resolve conflict * more GHAE updates + prepare for screenshots * Apply suggestions from code review Co-authored-by: Shati Patel <[email protected]> * Apply suggestions from code review Co-authored-by: Shati Patel <[email protected]> * address remaining review comments * Revise "About GitHub AE" (github#17679) * add screenshots to the Configuring article * reworked to have a separate GHAE section * list numbering * more work on screenshots and conditions * add GHAE screenshots in article * review screenshots in article * added more screenshots and updated more articles * screenshot madness * fix liquid versioning * refactor the ghae script * [GHAE CB/Feb 22]: Add article about data residency for GitHub AE (github#17847) * add missing GHAE versioning to article * move screenshots to GHAE asset directory * forgot to change the path for these two images * replace CBB screenshot + add better screenshot * [GHAE CB/Feb 22]: Document upgrades for GitHub AE (github#17848) * Version article for GitHub AE * Replace unused variable * Incorporate reviewer feedback * Update intro Co-authored-by: Ethan P <[email protected]> * [GHAE] Enable IP allow list (github#17691) * Notes for CC * Updat permission leves chart * Add updated article to further reading * Update gated feature callout with GitHub AE * Version "Managing allowed IP addresses for your organization" for AE * Update images * Update "Restricting network traffic to your enterprise" with new procedures * remove todo note * Update audited actions * Update info about Premium Runners * Use reusable for Premium Runners * Change "Premium Runners" to "AE hosted runners" * Incorporate reviewer feedback * Use correct reusable * Version reusable correctly * [Feb 22] GHAE: Code scanning beta (github#17830) * Add "github-ae" to all the frontmatter * GHAE-ify the reusables * Add some more changes * Re-use some content * 🔪 Semmle links * Revert change re "--external-repository-token" in the CodeQL runner * Update CodeQL runner token scopes * Update two screenshots * Remove mention of GitHub.com from AE + other fixes * Apply suggestions from code review Co-authored-by: mc <[email protected]> * Use `product_name` variable instead of `product_location` * Remove confusing phrase * [Feb 22] GHAE: Code scanning API and webhook docs (github#17883) * Version API and webhook docs * Actually add versioning for GHAE * Fix anchor * [TEMPORARY] Preview for API endpoints * Revert API previews * Update procedure step Co-authored-by: mc <[email protected]> * Update docs for AzureAD Group SCIM support in GHAE (github#17892) * Version out reference to public Pages site for GHAE * [GHAE CB] SMTP bootstrapping flow (github#17888) * draft * update with AE conntent * update with tons of versioning * remove that lie * fill out the rest of these steps * update with correct versioning * more edits * add images * reversion most of ae article * fix versioning * format correctlly * words matter * last image * update with permmissions * update versioning * add link * apply feedback ❤️ * update with differrent spacing * update with feedback * more feedback * Temporary GHAE release notes for consumables beta launch (github#17859) * Create release-notes.md * Add frontmatter * Add to index file * Update github-ae-release-notes.md * Add release notes from Google Doc * Update finalized docs links that have been reviewed * OAuth device flow link update * version for AE * few fixes * Update content/admin/overview/github-ae-release-notes.md * small edits * whoops * commit * update with different links * used wrong reusable * fix more brokenness * Update repository-references.js * Update repository-references.js Co-authored-by: Meg Bird <[email protected]> Co-authored-by: Kevin Heis <[email protected]> * [GHAE] Audit public repos (github#17917) * verifying what we mean by public * Apply suggestions from code review * Update content/developers/apps/installing-github-apps.md Co-authored-by: Laura Coursen <[email protected]> * fixing placememnt of liquid conditional Co-authored-by: Laura Coursen <[email protected]> * GHAE packages beta (github#17786) Co-authored-by: jmarlena <[email protected]> Co-authored-by: Martin Lopes <[email protected]> * Batch #1 of changes * Batch #2 * getting started article update * Update GraphQL article * Only public repository reference * Just update the link * Update endpoint title to use "internal" * fix build error * placeholder update for updating `public_repo` scope in UI * Remove unncessary versioning for now * fix broken links * Add REST API files * Remove versioning since the endpoint "title" didn't get updated * Version out the no scope option * Evergreen rewrite Co-Authored-By: Aaron Harpole <[email protected]> * Add back public key * Apply suggestions from code review Co-authored-by: Alex Slepak <[email protected]> Co-authored-by: Aaron Harpole <[email protected]> * Remove versioning and add evergreen rewrite * Just the way it was before * fix confusing legacy bit * Apply suggestions from code review Co-authored-by: Alex Slepak <[email protected]> * Apply suggestions from code review Co-authored-by: Sarah Edwards <[email protected]> * Movin' on up * no versioning needed * internal gists exist! * Doesn't need versioning * Keep this as-is * Remove screenshots 💥 * Apply suggestions from code review Co-authored-by: Sarah Edwards <[email protected]> * Never updated REST API docs with different endpoint name * No versioning needed * Merge conflict fix: Updated this article from main branch * Apply suggestions from code review * Revert "Add REST API files" This reverts commit 1a8ad0adca47daaa1bf9d1b3642c4ec073564996. * checkout changes from main * Update OpenAPI Descriptions (github#18103) Co-authored-by: Matt Pollard <[email protected]> Co-authored-by: Ethan Palm <[email protected]> Co-authored-by: mchammer01 <[email protected]> Co-authored-by: Shati Patel <[email protected]> Co-authored-by: shati-patel <[email protected]> Co-authored-by: Sarah Schneider <[email protected]> Co-authored-by: skedwards88 <[email protected]> Co-authored-by: Sarah Schneider <[email protected]> Co-authored-by: Melanie Yarbrough <[email protected]> Co-authored-by: Felicity Chapman <[email protected]> Co-authored-by: Laura Coursen <[email protected]> Co-authored-by: Meg Bird <[email protected]> Co-authored-by: Kevin Heis <[email protected]> Co-authored-by: Leona B. Campbell <[email protected]> Co-authored-by: Martin Lopes <[email protected]> Co-authored-by: Aaron Harpole <[email protected]> Co-authored-by: Alex Slepak <[email protected]> Co-authored-by: Aaron Harpole <[email protected]> Co-authored-by: github-openapi-bot <[email protected]>
smilers · Mar 5, 2021 · ed5a109 · ed5a109
1 parent c05629b
commit ed5a109
Show file tree

Hide file tree

Showing 17 changed files with 216 additions and 130 deletions.
diff --git a/assets/images/enterprise/github-ae/settings/access-token-scopes-for-ghae.png b/assets/images/enterprise/github-ae/settings/access-token-scopes-for-ghae.png
diff --git a/content/developers/apps/scopes-for-oauth-apps.md b/content/developers/apps/scopes-for-oauth-apps.md
@@ -38,19 +38,19 @@ X-Accepted-OAuth-Scopes: user
 ### Available scopes
 
 Name | Description
------|-----------|
-**`(no scope)`** | Grants read-only access to public information (includes public user profile info, public repository info, and gists){% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}
+-----|-----------|{% if currentVersion != "github-ae@latest" %}
+**`(no scope)`** | Grants read-only access to public information (including user profile info, repository info, and gists){% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}
 **`site_admin`** | Grants site administrators access to [{% data variables.product.prodname_ghe_server %} Administration API endpoints](/rest/reference/enterprise-admin).{% endif %}
-**`repo`** | Grants full access to private and public repositories. That includes read/write access to code, commit statuses, repository and organization projects, invitations, collaborators, adding team memberships, deployment statuses, and repository webhooks for public and private repositories and organizations. Also grants ability to manage user projects.
-&emsp;`repo:status`| Grants read/write access to public and private repository commit statuses. This scope is only necessary to grant other users or services access to private repository commit statuses *without* granting access to the code.
-&emsp;`repo_deployment`| Grants access to [deployment statuses](/rest/reference/repos#deployments) for public and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, *without* granting access to the code.
-&emsp;`public_repo`| Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories.
+**`repo`** | Grants full access to repositories, including private repositories. That includes read/write access to code, commit statuses, repository and organization projects, invitations, collaborators, adding team memberships, deployment statuses, and repository webhooks for repositories and organizations. Also grants ability to manage user projects.
+&emsp;`repo:status`| Grants read/write access to {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} and private repository commit statuses. This scope is only necessary to grant other users or services access to private repository commit statuses *without* granting access to the code.
+&emsp;`repo_deployment`| Grants access to [deployment statuses](/rest/reference/repos#deployments) for {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, *without* granting access to the code.{% if currentVersion != "github-ae@latest" %}
+&emsp;`public_repo`| Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories.{% endif %}
 &emsp;`repo:invite` | Grants accept/decline abilities for invitations to collaborate on a repository. This scope is only necessary to grant other users or services access to invites *without* granting access to the code.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "[email protected]" %}
 &emsp;`security_events` | Grants: <br/> read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning) <br/> read and write access to security events in the [{% data variables.product.prodname_secret_scanning %} API](/rest/reference/secret-scanning) <br/> This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}{% if currentVersion ver_gt "[email protected]" and currentVersion ver_lt "[email protected]" %}
 &emsp;`security_events` | Grants read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning). This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}
-**`admin:repo_hook`** | Grants read, write, ping, and delete access to repository hooks in public and private repositories. The `repo` and `public_repo` scopes grants full access to repositories, including repository hooks. Use the `admin:repo_hook` scope to limit access to only repository hooks.
-&emsp;`write:repo_hook` | Grants read, write, and ping access to hooks in public or private repositories.
-&emsp;`read:repo_hook`| Grants read and ping access to hooks in public or private repositories.
+**`admin:repo_hook`** | Grants read, write, ping, and delete access to repository hooks in {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} and private repositories. The `repo` {% if currentVersion != "github-ae@latest" %}and `public_repo` scopes grant{% else %}scope grants{% endif %} full access to repositories, including repository hooks. Use the `admin:repo_hook` scope to limit access to only repository hooks.
+&emsp;`write:repo_hook` | Grants read, write, and ping access to hooks in {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} or private repositories.
+&emsp;`read:repo_hook`| Grants read and ping access to hooks in {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} or private repositories.
 **`admin:org`** | Fully manage the organization and its teams, projects, and memberships.
 &emsp;`write:org`| Read and write access to organization membership, organization projects, and team membership.
 &emsp;`read:org`| Read-only access to organization membership, organization projects, and team membership.
@@ -78,11 +78,11 @@ Name | Description
 {% note %}
 
 **Note:** Your OAuth App can request the scopes in the initial redirection. You
-can specify multiple scopes by separating them with a space:
+can specify multiple scopes by separating them with a space using `%20`:
 
     https://github.com/login/oauth/authorize?
       client_id=...&
-      scope=user%20public_repo
+      scope=user%20repo_deployment
 
 {% endnote %}
 

diff --git a/...ent/github/authenticating-to-github/connecting-with-third-party-applications.md b/...ent/github/authenticating-to-github/connecting-with-third-party-applications.md
@@ -55,13 +55,13 @@ There are several types of data that applications can request.
 | Type of data | Description |
 | --- | --- |
 | Commit status | You can grant access for a third-party application to report your commit status. Commit status access allows applications to determine if a build is a successful against a specific commit. Applications won't have access to your code, but they <em>can</em> read and write status information against a specific commit. |
-| Deployments | Deployment status access allows applications to determine if a deployment is successful against a specific commit for public and private repositories. Applications won't have access to your code. |
-| Gists | [Gist](https://gist.github.com) access allows applications to read or write to both your public and secret Gists. |
+| Deployments | Deployment status access allows applications to determine if a deployment is successful against a specific commit for a repository. Applications won't have access to your code. |
+| Gists | [Gist](https://gist.github.com) access allows applications to read or write to {% if currentVersion != "github-ae@latest" %}both your public and{% else %}both your internal and{% endif %} secret Gists. |
 | Hooks | [Webhooks](/webhooks) access allows applications to read or write hook configurations on repositories you manage. |
 | Notifications | Notification access allows applications to read your {% data variables.product.product_name %} notifications, such as comments on issues and pull requests. However, applications remain unable to access anything in your repositories. |
 | Organizations and teams | Organization and teams access allows apps to access and manage organization and team membership. |
 | Personal user data | User data includes information found in your user profile, like your name, e-mail address, and location. |
-| Repositories | Repository information includes the names of contributors, the branches you've created, and the actual files within your repository. Applications can request access for either public or private repositories on a user-wide level. |
+| Repositories | Repository information includes the names of contributors, the branches you've created, and the actual files within your repository. Applications can request access for either {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} or private repositories on a user-wide level. |
 | Repository delete | Applications can request to delete repositories that you administer, but they won't have access to your code. |
 
 ### Requesting updated permissions

diff --git a/content/github/authenticating-to-github/creating-a-personal-access-token.md b/content/github/authenticating-to-github/creating-a-personal-access-token.md
@@ -29,7 +29,11 @@ Personal access tokens (PATs) are an alternative to using passwords for authenti
 5. Give your token a descriptive name.
    ![Token description field](/assets/images/help/settings/token_description.png)
 6. Select the scopes, or permissions, you'd like to grant this token. To use your token to access repositories from the command line, select **repo**.
+   {% if currentVersion == "free-pro-team@latest" or enterpriseServerVersions contains currentVersion %}
    ![Selecting token scopes](/assets/images/help/settings/token_scopes.gif)
+   {% elsif currentVersion == "github-ae@latest" %}
+   ![Selecting token scopes](/assets/images/enterprise/github-ae/settings/access-token-scopes-for-ghae.png)
+   {% endif %}
 7. Click **Generate token**.
    ![Generate token button](/assets/images/help/settings/generate_token.png)
 8. Click {% octicon "clippy" aria-label="The copy to clipboard icon" %} to copy the token to your clipboard. For security reasons, after you navigate off the page, you will not be able to see the token again.{% if currentVersion == "free-pro-team@latest" %}

diff --git a/content/graphql/guides/forming-calls-with-graphql.md b/content/graphql/guides/forming-calls-with-graphql.md
@@ -26,9 +26,10 @@ The following scopes are recommended:
 
 {% endif %}
 
+
 ```
-user
-public_repo
+user{% if currentVersion != "github-ae@latest" %}
+public_repo{% endif %}
 repo
 repo_deployment
 repo:status
@@ -246,7 +247,7 @@ Looking at the composition line by line:
 
   The `labels` field has the type [`LabelConnection`](/graphql/reference/objects#labelconnection). As with the `issues` object, because `labels` is a connection, we must travel its edges to a connected node: the `label` object. At the node, we can specify the `label` object fields we want to return, in this case, `name`.
 
-You may notice that running this query on the Octocat's public `Hello-World` repository won't return many labels. Try running it on one of your own repositories that does use labels, and you'll likely see a difference.
+You may notice that running this query on the Octocat's {% if currentVersion != "github-ae@latest" %}public{% endif %} `Hello-World` repository won't return many labels. Try running it on one of your own repositories that does use labels, and you'll likely see a difference.
 
 ### Example mutation
 

diff --git a/content/graphql/guides/managing-enterprise-accounts.md b/content/graphql/guides/managing-enterprise-accounts.md
@@ -58,9 +58,7 @@ For some example queries, see "[An example query using the Enterprise Accounts A
     - `admin:enterprise`: Gives full control of enterprises (includes `manage_billing:enterprise` and `read:enterprise`)
     - `manage_billing:enterprise`: Read and write enterprise billing data.
     - `read:enterprise`: Read enterprise profile data.
-
-  ![Permissions options for personal access token](/assets/images/developer/graphql/permissions-for-access-token.png)
-
+
 4. Copy your personal access token and keep it in a secure place until you add it to your GraphQL client.
 
 #### 2. Choose a GraphQL client
@@ -95,7 +93,9 @@ Now you are ready to start making queries.
 
 ### An example query using the Enterprise Accounts API
 
-This GraphQL query requests the total number of `public` repositories in each of your appliance's organizations using the Enterprise Accounts API. To customize this query, replace `<enterprise-account-name>` with the slug of your Enterprise's instance slug.
+This GraphQL query requests the total number of {% if currentVersion != "github-ae@latest" %}`public`{% else %}`private`{% endif %} repositories in each of your appliance's organizations using the Enterprise Accounts API. To customize this query, replace `<enterprise-account-name>` with the slug of your Enterprise's instance slug.
+
+{% if currentVersion != "github-ae@latest" %}
 
 ```graphql
 query publicRepositoriesByOrganization($slug: String!) {
@@ -127,8 +127,42 @@ variables {
 }
 ```
 
-The next GraphQL query example shows how challenging it is to retrieve the number of `public` repositories in each organization without using the Enterprise Account API.  Notice that the GraphQL Enterprise Accounts API has made this task simpler for enterprises since you only need to customize a single variable. To customize this query, replace `<name-of-organization-one>` and `<name-of-organization-one>`, etc. with the organization names on your instance.
+{% else %}
+
+```graphql
+query privateRepositoriesByOrganization($slug: String!) {
+  enterprise(slug: $slug) {
+    ...enterpriseFragment
+  }
+}
+
+fragment enterpriseFragment on Enterprise {
+  ... on Enterprise{
+    name
+    organizations(first: 100){
+      nodes{
+        name
+        ... on Organization{
+          name
+          repositories(privacy: PRIVATE){
+            totalCount
+          }
+        }
+      }
+    }
+  }
+}
+
+# Passing our Enterprise Account as a variable
+variables {
+  "slug": "<enterprise-account-name>"
+}
+```
+{% endif %}
+
+The next GraphQL query example shows how challenging it is to retrieve the number of {% if currentVersion != "github-ae@latest" %}`public`{% else %}`private`{% endif %} repositories in each organization without using the Enterprise Account API.  Notice that the GraphQL Enterprise Accounts API has made this task simpler for enterprises since you only need to customize a single variable. To customize this query, replace `<name-of-organization-one>` and `<name-of-organization-two>`, etc. with the organization names on your instance.
 
+{% if currentVersion != "github-ae@latest" %}
 ```graphql
 # Each organization is queried separately
 {
@@ -150,9 +184,34 @@ fragment repositories on Organization {
   }
 }
 ```
+{% else %}
+```graphql
+# Each organization is queried separately
+{
+  organizationOneAlias: organization(login: "name-of-organization-one") {
+    # How to use a fragment
+    ...repositories
+  }
+  organizationTwoAlias: organization(login: "name-of-organization-two") {
+    ...repositories
+  }
+  # organizationThreeAlias ... and so on up-to lets say 100
+}
+
+## How to define a fragment
+fragment repositories on Organization {
+  name
+  repositories(privacy: PRIVATE){
+    totalCount
+  }
+}
+```
+{% endif %}
 
 ### Query each organization separately
 
+{% if currentVersion != "github-ae@latest" %}
+
 ```graphql
 query publicRepositoriesByOrganization {
   organizationOneAlias: organization(login: "<name-of-organization-one>") {
@@ -173,6 +232,30 @@ fragment repositories on Organization {
 }
 ```
 
+{% else %}
+
+```graphql
+query privateRepositoriesByOrganization {
+  organizationOneAlias: organization(login: "<name-of-organization-one>") {
+    # How to use a fragment
+    ...repositories
+  }
+  organizationTwoAlias: organization(login: "<name-of-organization-two>") {
+    ...repositories
+  }
+  # organizationThreeAlias ... and so on up-to lets say 100
+}
+# How to define a fragment
+fragment repositories on Organization {
+  name
+  repositories(privacy: PRIVATE){
+    totalCount
+  }
+}
+```
+
+{% endif %}
+
 This GraphQL query requests the last 5 log entries for an enterprise organization. To customize this query, replace `<org-name>` and `<user-name>`.
 
 ```graphql

diff --git a/content/rest/guides/discovering-resources-for-a-user.md b/content/rest/guides/discovering-resources-for-a-user.md
@@ -22,7 +22,7 @@ If you haven't already, you should read the ["Basics of Authentication"][basics-
 
 ### Discover the repositories that your app can access for a user
 
-In addition to having their own personal repositories, a user may be a collaborator on repositories owned by other users and organizations. Collectively, these are the repositories where the user has privileged access: either it's a private repository where the user has read or write access, or it's a public repository where the user has write access.
+In addition to having their own personal repositories, a user may be a collaborator on repositories owned by other users and organizations. Collectively, these are the repositories where the user has privileged access: either it's a private repository where the user has read or write access, or it's a {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} repository where the user has write access.
 
 [OAuth scopes][scopes] and [organization application policies][oap] determine which of those repositories your app can access for a user. Use the workflow below to discover those repositories.
 
@@ -87,11 +87,11 @@ client.organizations.each do |organization|
 end
 ```
 
-#### Don’t rely on public organizations
+#### Return all of the user's organization memberships
 
 If you've read the docs from cover to cover, you may have noticed an [API method for listing a user's public organization memberships][list-public-orgs]. Most applications should avoid this API method. This method only returns the user's public organization memberships, not their private organization memberships.
 
-As an application, you typically want all of the user's organizations (public and private) that your app is authorized to access. The workflow above will give you exactly that.
+As an application, you typically want all of the user's organizations that your app is authorized to access. The workflow above will give you exactly that.
 
 [basics-of-authentication]: /rest/guides/basics-of-authentication
 [list-public-orgs]: /rest/reference/orgs#list-organizations-for-a-user