diff --git a/.github/agents/driver-writer.md b/.github/agents/driver-writer.md
index a07e5f7564a1..7e65c7a44082 100644
--- a/.github/agents/driver-writer.md
+++ b/.github/agents/driver-writer.md
@@ -1,12 +1,11 @@
---
-name: "Driver-Writer"
+name: "Driver-writer"
description: "Use when writing, editing, or reviewing content for the Driver persona: enterprise administrators, platform engineers, billing managers, security leads, and others who enable developers at scale."
-tools: ['read', 'edit/editFiles', 'search']
---
-# Driver-Writer Agent
+# Driver-writer Agent
You are a writing assistant for the GitHub Docs team. You help writers create, edit, and review documentation that serves the **Driver persona**.
diff --git a/.github/workflows/keep-caches-warm.yml b/.github/workflows/keep-caches-warm.yml
index c8c94b1213b4..be8f82dfc02b 100644
--- a/.github/workflows/keep-caches-warm.yml
+++ b/.github/workflows/keep-caches-warm.yml
@@ -30,15 +30,6 @@ jobs:
steps:
- name: Check out repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- - name: Generate GitHub App token
- id: app-token
- uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
- with:
- app-id: ${{ secrets.DOCS_BOT_APP_ID }}
- private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
- owner: github
- repositories: docs-engineering
-
- uses: ./.github/actions/node-npm-setup
- uses: ./.github/actions/cache-nextjs
@@ -57,6 +48,16 @@ jobs:
with:
slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
+ - name: Generate GitHub App token
+ if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
+ id: app-token
+ uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
+ with:
+ app-id: ${{ secrets.DOCS_BOT_APP_ID }}
+ private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
+ owner: github
+ repositories: docs-engineering
+
- uses: ./.github/actions/create-workflow-failure-issue
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
with:
diff --git a/.github/workflows/moda-allowed-ips.yml b/.github/workflows/moda-allowed-ips.yml
index 9df5b21c86f4..796f5cfbbc26 100644
--- a/.github/workflows/moda-allowed-ips.yml
+++ b/.github/workflows/moda-allowed-ips.yml
@@ -20,15 +20,6 @@ jobs:
steps:
- name: Check out the repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- - name: Generate GitHub App token
- id: app-token
- uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
- with:
- app-id: ${{ secrets.DOCS_BOT_APP_ID }}
- private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
- owner: github
- repositories: docs-engineering
-
- name: Update list of allowed IPs
run: |
echo "Getting a list of Fastly IP addresses...."
@@ -68,6 +59,16 @@ jobs:
with:
slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
+ - name: Generate GitHub App token
+ if: ${{ failure() }}
+ id: app-token
+ uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
+ with:
+ app-id: ${{ secrets.DOCS_BOT_APP_ID }}
+ private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
+ owner: github
+ repositories: docs-engineering
+
- uses: ./.github/actions/create-workflow-failure-issue
if: ${{ failure() }}
with:
diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml
index df2eecdb08d3..f1c4d100cb0d 100644
--- a/.github/workflows/repo-sync.yml
+++ b/.github/workflows/repo-sync.yml
@@ -26,15 +26,6 @@ jobs:
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- - name: Generate GitHub App token
- id: app-token
- uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
- with:
- app-id: ${{ secrets.DOCS_BOT_APP_ID }}
- private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
- owner: github
- repositories: docs-engineering
-
- name: Sync repo to branch
env:
SOURCE_REPO: https://${{ secrets.DOCS_BOT_PAT_REPO_SYNC }}@github.com/github/${{ github.repository == 'github/docs-internal' && 'docs' || 'docs-internal' }}.git
@@ -201,6 +192,16 @@ jobs:
with:
slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
+ - name: Generate GitHub App token
+ if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
+ id: app-token
+ uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
+ with:
+ app-id: ${{ secrets.DOCS_BOT_APP_ID }}
+ private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
+ owner: github
+ repositories: docs-engineering
+
- uses: ./.github/actions/create-workflow-failure-issue
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
with:
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index c9303258cb5a..03636e6f4163 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -21,15 +21,6 @@ jobs:
if: github.repository == 'github/docs-internal'
runs-on: ubuntu-latest
steps:
- - name: Generate GitHub App token
- id: app-token
- uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
- with:
- app-id: ${{ secrets.DOCS_BOT_APP_ID }}
- private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
- owner: github
- repositories: docs-engineering
-
- uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -53,6 +44,16 @@ jobs:
with:
slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}
+ - name: Generate GitHub App token
+ if: ${{ failure() }}
+ id: app-token
+ uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
+ with:
+ app-id: ${{ secrets.DOCS_BOT_APP_ID }}
+ private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
+ owner: github
+ repositories: docs-engineering
+
- uses: ./.github/actions/create-workflow-failure-issue
if: ${{ failure() }}
with:
diff --git a/content/admin/configuring-packages/enabling-github-packages-with-aws.md b/content/admin/configuring-packages/enabling-github-packages-with-aws.md
index 13a03c34b2f2..e51f64ff6828 100644
--- a/content/admin/configuring-packages/enabling-github-packages-with-aws.md
+++ b/content/admin/configuring-packages/enabling-github-packages-with-aws.md
@@ -14,7 +14,7 @@ category:
> [!WARNING]
> * It is critical that you configure any restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible to the public internet. For more information, see [Setting bucket and object access permissions](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-permissions.html) in the AWS Documentation. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}.
> * We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage.
-> * Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}.
+> * Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. If you must move {% data variables.product.prodname_registry %} storage to a new bucket on AWS, ensure you plan for a single maintenance window and update both configurations together if you're also migrating {% data variables.product.prodname_actions %} storage. See "{% data variables.product.prodname_registry %} considerations" in [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/migrating-github-actions-external-storage). For cross-provider moves, contact {% data variables.contact.contact_ent_support %}.
## Prerequisites
diff --git a/content/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md b/content/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md
index 4aeedce5f8f0..19650c244ef7 100644
--- a/content/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md
+++ b/content/admin/configuring-packages/enabling-github-packages-with-azure-blob-storage.md
@@ -14,7 +14,7 @@ category:
> [!WARNING]
> * It is critical that you set the restrictive access policies you need for your storage bucket, because {% data variables.product.company_short %} does not apply specific object permissions or additional access control lists (ACLs) to your storage bucket configuration. For example, if you make your bucket public, data in the bucket will be accessible on the public internet. If restrictions by IP address have been set up, please include IP addresses for {% data variables.location.product_location_enterprise %} and the end users who will be using the {% data variables.location.product_location_enterprise %}.
> * We recommend using a dedicated bucket for {% data variables.product.prodname_registry %}, separate from the bucket you use for {% data variables.product.prodname_actions %} storage.
-> * Make sure to configure the bucket you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}.
+> * Make sure to configure the storage account you'll want to use in the future. We do not recommend changing your storage after you start using {% data variables.product.prodname_registry %}. If you must move {% data variables.product.prodname_registry %} storage to a new storage account on Azure Blob Storage, credentials-based authentication must remain unchanged and you need to plan for a single maintenance window if you're also migrating {% data variables.product.prodname_actions %} storage. See "{% data variables.product.prodname_registry %} considerations" in [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/migrating-github-actions-external-storage). For cross-provider moves, contact {% data variables.contact.contact_ent_support %}.
## Prerequisites
diff --git a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/index.md b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/index.md
index 39781c75ea75..413b47bc1530 100644
--- a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/index.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/index.md
@@ -9,6 +9,7 @@ children:
- /using-a-staging-environment
- /troubleshooting-github-actions-for-your-enterprise
- /updating-the-credentials-for-github-actions-storage
+ - /migrating-github-actions-external-storage
shortTitle: HA & troubleshooting
redirect_from:
- /admin/github-actions/advanced-configuration-and-troubleshooting
diff --git a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/migrating-github-actions-external-storage.md b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/migrating-github-actions-external-storage.md
new file mode 100644
index 000000000000..2894c1d52b9c
--- /dev/null
+++ b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/migrating-github-actions-external-storage.md
@@ -0,0 +1,158 @@
+---
+title: Migrating GitHub Actions external storage
+shortTitle: Migrate Actions external storage
+intro: 'Migrate {% data variables.product.prodname_actions %} external storage within the same provider to consolidate accounts, meet residency requirements, or reorganize storage tenancy while keeping existing workflow logs and artifacts accessible.'
+permissions: Site administrators can configure {% data variables.product.prodname_actions %} external storage
+versions:
+ ghes: '*'
+contentType: how-tos
+category:
+ - Enable GitHub features for your enterprise
+---
+
+## About migrating {% data variables.product.prodname_actions %} external storage
+
+You can migrate {% data variables.product.prodname_actions %} external storage to a new bucket, account, or region on the same provider when consolidating cloud accounts, meeting residency requirements, or reorganizing storage tenancy.
+
+The migration works because {% data variables.product.prodname_actions %} identifies stored objects by their key (path) within a bucket or container, not by the bucket or account name. As long as you preserve the internal key layout and update your configuration to point at the new location, existing workflow logs and artifacts remain accessible without interruption.
+
+## Considerations
+
+Before you begin, review the following constraints. Each one shapes the migration approach and several can cause data loss if ignored.
+
+* **Same provider only.** This procedure supports migrations within the same storage provider type, for example, Amazon S3 to Amazon S3, Azure Blob to Azure Blob, Google Cloud Storage to Google Cloud Storage, or MinIO to MinIO. Cross-provider migrations are not covered here. For a cross-provider migration, contact {% data variables.contact.contact_ent_support %}.
+* **Do not change the authentication method during migration.** If you currently use credentials-based authentication, your destination configuration must also use credentials-based authentication. The same applies to OpenID Connect. Switching authentication method during a storage configuration change may result in data loss. For more information, see [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/updating-the-credentials-for-github-actions-storage). To change authentication method, complete the storage migration first, then plan a separate change.
+* **Key layout inside the bucket or container must be preserved.** Object keys (paths) inside your source bucket or container must remain identical on the destination. The destination bucket name, storage account, region, and other connection parameters can change. You update these in the {% data variables.enterprise.management_console %} at cutover. Most native provider copy tools preserve key layout automatically when copying an entire bucket or container, but verify before cutover that the destination matches the source.
+* **{% data variables.product.prodname_registry %} has additional constraints.** If you also use {% data variables.product.prodname_registry %}, see the [{% data variables.product.prodname_registry %} considerations](#github-packages-considerations) section below before starting.
+
+## Prerequisites
+
+* You have site administrator access to {% data variables.location.product_location %}.
+* You have provisioned the destination storage on the same provider as the source, in the desired account, region, or tenancy.
+* The destination is empty.
+* The destination grants {% data variables.location.product_location %} the same permissions as the source. For the required permissions, see the relevant configuration article:
+ * [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage)
+ * [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage)
+ * [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage)
+ * [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage)
+* You have administrative credentials for both the source and the destination storage, sufficient to read all source objects and write to the destination.
+* You have a recent backup of {% data variables.location.product_location %}. For more information, see [AUTOTITLE](/admin/backing-up-and-restoring-your-instance/configuring-backups-on-your-instance).
+* You have rehearsed the migration in a staging environment. See the next section.
+
+## Rehearsing the migration in a staging environment
+
+Before performing the migration against production, rehearse the full procedure on a staging instance. Provision a staging {% data variables.product.prodname_ghe_server %} instance from a recent production backup, point it at a throwaway destination that mirrors the intended production destination, and run every step of this article end to end. For more information, see [AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance) and [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment).
+
+A staging rehearsal validates that:
+
+* Provider-side permissions, network access, and policies on the destination are correct.
+* The copy tool you have chosen completes successfully against representative data volumes.
+* The expected object count and total size match between source and destination.
+* Existing workflow run logs and artifacts are retrievable through the UI after cutover.
+
+> [!WARNING]
+> Your staging instance must use different storage from your production instance. If you do not change the storage configuration, the staging instance may write into your production storage and cause data loss. For more information, see [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment#configuring-storage).
+
+## Performing the migration
+
+Work through the following steps in order. {% data variables.product.prodname_actions %} can continue serving traffic until you enable maintenance mode.
+
+1. **Perform the initial data copy.** Copy all objects from the source to the destination using a provider-native tool. New objects written to the source during the copy will be captured by the final delta sync after cutover.
+
+ Use the example commands as a starting point. Refer to the upstream documentation for the full set of options, including credentials, encryption, and throughput tuning.
+
+ For **Amazon S3**, use [`aws s3 sync`](https://docs.aws.amazon.com/cli/latest/reference/s3/sync.html) from the AWS Command Line Interface. Run a dry run first to validate the operation, then perform the copy.
+
+ ```shell
+ aws s3 sync s3://SOURCE-BUCKET s3://DESTINATION-BUCKET --dryrun
+ aws s3 sync s3://SOURCE-BUCKET s3://DESTINATION-BUCKET
+ ```
+
+ For **Azure Blob Storage**, use [`azcopy copy`](https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-blobs-copy) with a shared access signature on the source.
+
+ ```shell
+ azcopy copy 'https://SOURCE-STORAGE-ACCOUNT-NAME.blob.core.windows.net/CONTAINER?SAS-TOKEN' 'https://DESTINATION-STORAGE-ACCOUNT-NAME.blob.core.windows.net/CONTAINER' --recursive
+ ```
+
+ For **Google Cloud Storage**, use [`gcloud storage rsync`](https://cloud.google.com/sdk/gcloud/reference/storage/rsync) from the Google Cloud Command Line Interface.
+
+ ```shell
+ gcloud storage rsync --recursive gs://SOURCE-BUCKET gs://DESTINATION-BUCKET
+ ```
+
+ For **MinIO**, use [`mc mirror`](https://min.io/docs/minio/linux/reference/minio-mc/mc-mirror.html) from the MinIO Client.
+
+ ```shell
+ mc mirror SOURCE-ALIAS/SOURCE-BUCKET DESTINATION-ALIAS/DESTINATION-BUCKET
+ ```
+
+ After the copy completes, verify the object count and total size on the destination using your provider's standard listing tools. Investigate any discrepancy before continuing.
+
+1. **Enable maintenance mode.** To prevent new objects from being written to the source during cutover, enable maintenance mode on {% data variables.location.product_location %}. This briefly takes the instance offline for end users. For more information, see [AUTOTITLE](/admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode).
+
+1. **Perform the final delta sync.** With maintenance mode enabled, run the same copy command from the initial copy step again. This captures any objects that were written to the source after the initial copy started.
+
+ For example, for Amazon S3:
+
+ ```shell
+ aws s3 sync s3://SOURCE-BUCKET s3://DESTINATION-BUCKET
+ ```
+
+1. **Update the storage configuration.** Update {% data variables.location.product_location %} to point at the new storage location. Keep the same authentication method as before.
+
+ 1. Sign in to the {% data variables.enterprise.management_console %}. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-web-ui/accessing-the-management-console).
+ 1. In the "Settings" sidebar, click **Actions**.
+ 1. Under "Artifact & Log Storage", update the fields that identify the storage location, for example, the bucket name, account name, region, role ARN, or connection string. Do not change the authentication method.
+ 1. Click **Test storage settings** to validate the new configuration.
+
+ > [!WARNING]
+ > If the test fails, do not save the settings. Investigate the failure and re-test before continuing. Saving an invalid storage configuration can cause an outage.
+
+ 1. Click **Save settings** and wait for services to fully restart.
+
+ Alternatively, you can update the configuration from the command line using `ghe-actions-precheck` for credentials-based authentication. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-actions-precheck).
+
+1. **Validate the migration.** After the configuration change, confirm that {% data variables.product.prodname_actions %} can read from the new storage location.
+
+ 1. Disable maintenance mode. For more information, see [AUTOTITLE](/admin/administering-your-instance/configuring-maintenance-mode/enabling-and-scheduling-maintenance-mode).
+ 1. In the web UI for {% data variables.location.product_location %}, open a recent workflow run that completed before the migration. Confirm that:
+
+ * Workflow run logs load.
+ * Build artifacts download successfully.
+
+ 1. Trigger a new workflow run and confirm that:
+
+ * The run completes successfully.
+ * Logs and any artifacts produced by the run are visible.
+
+ If any of these validation checks fail, retain the source storage and refer to the [Rolling back](#rolling-back) section below.
+
+1. **Decommission the source storage.** Only proceed once validation has completed successfully and you have allowed enough time to be confident that the new storage location is healthy. As a guideline, retain the source storage in a read-only state for at least one full backup cycle before deleting it.
+
+ When you are ready to remove the source storage, follow your provider's standard procedure for deleting a bucket or container.
+
+## Rolling back
+
+If validation fails or you encounter issues after cutover, roll back by pointing {% data variables.location.product_location %} back at the source storage location. The source storage is your known-good copy. Do not copy data from the destination back into the source as part of rollback, because data written to the destination during a failed cutover may be partial or inconsistent, and writing it back into the source risks corrupting your only good copy.
+
+> [!WARNING]
+> Rolling back will discard any data written or deleted after the cutover. If validation fails, roll back immediately rather than attempting extended troubleshooting. The longer you wait, the more data is at risk.
+
+If validation fails or you encounter issues:
+
+1. Enable maintenance mode immediately.
+1. In the {% data variables.enterprise.management_console %}, restore the original storage configuration values and click **Test storage settings**, then **Save settings**.
+1. Disable maintenance mode and re-run the validation steps with the original storage.
+
+After a successful rollback, investigate the failure and plan a new migration attempt.
+
+## {% data variables.product.prodname_registry %} considerations
+
+You can apply the same migration approach to {% data variables.product.prodname_registry %} external storage, with the following important differences. Read this section in full before migrating storage on an instance that has {% data variables.product.prodname_registry %} enabled.
+
+* **OpenID Connect is not available for {% data variables.product.prodname_registry %}.** {% data variables.product.prodname_registry %} only supports credentials-based authentication for external storage. The authentication-method constraint in this article still applies: keep the authentication method unchanged during migration.
+* **{% data variables.product.prodname_registry %} is more sensitive to timing mismatches.** When packages are published during the migration window, the system creates both new storage objects and database records. To prevent inconsistency, keep maintenance mode enabled continuously from the start of the final delta sync through successful validation of the new configuration.
+* **Update both configurations together if the same provider serves both products.** If you have configured {% data variables.product.prodname_actions %} and {% data variables.product.prodname_registry %} to use the same provider type and you are migrating both, plan the cutover as a single maintenance window and update both configurations before disabling maintenance mode.
+* **For cross-provider migrations of {% data variables.product.prodname_registry %} storage, contact {% data variables.contact.contact_ent_support %}.** Cross-provider moves are not covered here.
+
+For more information about configuring {% data variables.product.prodname_registry %} storage, see [AUTOTITLE](/admin/configuring-packages/getting-started-with-github-packages-for-your-enterprise).
diff --git a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/updating-the-credentials-for-github-actions-storage.md b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/updating-the-credentials-for-github-actions-storage.md
index b5f612058928..1e7312bac882 100644
--- a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/updating-the-credentials-for-github-actions-storage.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/updating-the-credentials-for-github-actions-storage.md
@@ -15,7 +15,10 @@ To update the credential secret for your {% data variables.product.prodname_acti
> [!WARNING]
> This process is only for updating the secret key used to authenticate to your existing external storage provider. It assumes that your networking configuration, storage provider, and storage account remain unchanged.
>
-> Do not use this process to switch between credential-based and OIDC-based authentication in the management console. Changing the authentication method for {% data variables.product.prodname_actions %} storage may result in data loss.
+> Do not use this process to switch between credential-based and OIDC-based authentication in the {% data variables.enterprise.management_console %}. Changing the authentication method for {% data variables.product.prodname_actions %} storage may result in data loss.
+
+> [!NOTE]
+> To move {% data variables.product.prodname_actions %} external storage to a new bucket, account, or region on the same provider, see [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/migrating-github-actions-external-storage).
1. Enable maintenance mode on the server.
1. Update the secret or obtain the updated secret from the storage provider.
diff --git a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md
index 7a1d49c21ac1..d8f85cdb6807 100644
--- a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment.md
@@ -16,6 +16,9 @@ category:
It can be useful to have a staging or testing environment for {% data variables.location.product_location %}, so that you can test updates or new features before implementing them in your production environment. For more information, see [AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance).
+> [!TIP]
+> If you are migrating {% data variables.product.prodname_actions %} external storage to a new bucket, account, or region on the same provider, rehearse the migration in a staging environment first. See [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/migrating-github-actions-external-storage).
+
## Using a staging environment with {% data variables.product.prodname_actions %}
A common way to create the staging environment is to restore a backup of your production {% data variables.product.prodname_ghe_server %} instance to a new virtual machine in the staging environment. If you use a staging instance and plan to test {% data variables.product.prodname_actions %} functionality, you should review your storage configuration in the staging environment.
diff --git a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md
index c44e17b04dc5..1e8eb23ba5bf 100644
--- a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md
@@ -17,6 +17,9 @@ category:
{% data reusables.actions.enterprise-storage-about-oidc %}
+> [!TIP]
+> If {% data variables.product.prodname_actions %} is already configured and you need to move its data to a new bucket, account, or region on Amazon S3, see [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/migrating-github-actions-external-storage).
+
## Prerequisites
> [!NOTE]
diff --git a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md
index 96b7e14fd501..37ff2163bd81 100644
--- a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md
@@ -17,6 +17,9 @@ category:
{% data reusables.actions.enterprise-storage-about-oidc %}
+> [!TIP]
+> If {% data variables.product.prodname_actions %} is already configured and you need to move its data to a new storage account or region on Azure Blob Storage, see [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/migrating-github-actions-external-storage).
+
## Prerequisites
Before enabling {% data variables.product.prodname_actions %}, make sure you have completed the following steps:
diff --git a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md
index aed382aeee0c..ace4df56e6c8 100644
--- a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md
@@ -19,6 +19,9 @@ category:
{% data reusables.actions.enterprise-storage-about-oidc %}
+> [!TIP]
+> If {% data variables.product.prodname_actions %} is already configured and you need to move its data to a new bucket, project, or region on Google Cloud Storage, see [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/migrating-github-actions-external-storage).
+
## Prerequisites
Before enabling {% data variables.product.prodname_actions %}, make sure you have completed the following steps:
diff --git a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md
index c7eb892db5d1..5533ebc6c951 100644
--- a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md
+++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md
@@ -16,6 +16,9 @@ category:
{% data reusables.actions.enterprise-storage-about %}
+> [!TIP]
+> If {% data variables.product.prodname_actions %} is already configured and you need to move its data to a new MinIO bucket or deployment, see [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/migrating-github-actions-external-storage).
+
## Prerequisites
Before enabling {% data variables.product.prodname_actions %}, make sure you have completed the following steps:
diff --git a/content/copilot/concepts/agents/copilot-cli/about-copilot-cli.md b/content/copilot/concepts/agents/copilot-cli/about-copilot-cli.md
index 2339af822eaa..53e80d69dd26 100644
--- a/content/copilot/concepts/agents/copilot-cli/about-copilot-cli.md
+++ b/content/copilot/concepts/agents/copilot-cli/about-copilot-cli.md
@@ -184,7 +184,7 @@ You can interact with {% data variables.product.prodname_copilot_short %} while
{% data variables.copilot.copilot_cli %} automatically manages your conversation context:
* **Auto-compaction**: When your conversation approaches 95% of the token limit, {% data variables.product.prodname_copilot_short %} automatically compresses your history in the background without interrupting your workflow. This enables virtually infinite sessions.
-* **Manual control**: Use `/compact` to manually compress context anytime. Press Escape to cancel if you change your mind.
+* **Manual control**: Use `/compact` to manually compress context anytime. Press Esc to cancel if you change your mind.
* **Visualize usage**: The `/context` command shows a detailed token usage breakdown so you can understand how your context window is being used.
## Customizing {% data variables.copilot.copilot_cli %}
diff --git a/content/copilot/concepts/agents/copilot-cli/cancel-and-roll-back.md b/content/copilot/concepts/agents/copilot-cli/cancel-and-roll-back.md
index 58ea72954445..3177021d02f8 100644
--- a/content/copilot/concepts/agents/copilot-cli/cancel-and-roll-back.md
+++ b/content/copilot/concepts/agents/copilot-cli/cancel-and-roll-back.md
@@ -16,8 +16,8 @@ category:
When you work in an interactive {% data variables.copilot.copilot_cli_short %} session, you can press Esc or Ctrl+C to control what {% data variables.product.prodname_copilot_short %} is doing. Both keypresses can cancel operations, but they work slightly differently:
-* Ctrl+C immediately stops the current operation.
-* A single Esc keypress gives you more gradual control—letting you dismiss dialogs, clear queued prompts, or cancel an operation in stages.
+* Ctrl+C acts immediately, without a confirming second press—removing any queued prompts first (one per press), then canceling the current operation.
+* A single Esc keypress gives you more gradual, staged control. While {% data variables.product.prodname_copilot_short %} is actively working, a single Esc doesn't cancel right away—it shows a reminder, and a second press carries out the next step: removing the most recently queued prompt, or canceling the operation once nothing is queued.
If {% data variables.product.prodname_copilot_short %} has already made changes and you want to undo them, you can roll back your workspace to a previous point in the session. {% data variables.copilot.copilot_cli_short %} takes a snapshot of your workspace state each time you enter a prompt, and this allows you to rewind to an earlier state by pressing Esc twice when {% data variables.product.prodname_copilot_short %} is idle and the input area is empty.
@@ -27,8 +27,9 @@ Pressing Esc once performs different actions depending on the current
| Current state | What pressing Esc does |
| ------------- | ------------------------ |
-| {% data variables.product.prodname_copilot_short %} is active with no queued prompts. | Cancels the running operation. |
-| {% data variables.product.prodname_copilot_short %} is active and there are queued prompts. | Clears the queued prompts without stopping the current operation. |
+| {% data variables.product.prodname_copilot_short %} is active with no queued prompts. | Shows an "Esc again to cancel" reminder. The running operation is canceled only if you press Esc again within half a second. |
+| {% data variables.product.prodname_copilot_short %} is active and there are queued prompts. | Shows the "Esc again to cancel" reminder. Pressing Esc again removes the most recently queued prompt. |
+| A permission dialog is open. | A single Esc denies the pending request (no second press needed). |
| A dialog, overlay, or picker is open. | Closes the dialog, overlay, or picker. |
| {% data variables.product.prodname_copilot_short %} is idle. | Shows a brief reminder that pressing Esc again quickly will open the rewind picker. See [Rolling back changes](#rolling-back-changes). |
@@ -36,9 +37,9 @@ Pressing Esc once performs different actions depending on the current
The main difference between these two ways of canceling an operation is that Esc is designed for gradual, targeted intervention, while Ctrl+C is a hard stop.
-Use Esc when you want to interact with {% data variables.product.prodname_copilot_short %} without necessarily ending the current operation. For example, if a permission dialog appears and you want to deny that specific request, pressing Esc dismisses the dialog and {% data variables.product.prodname_copilot_short %} continues working—it just won't use the tool you denied. Similarly, if you've queued follow-up prompts and want to cancel them without interrupting the work already in progress, Esc clears the queue while the current operation keeps running. Pressing Esc only cancels the operation outright if there are no dialogs open and no queued prompts to clear first.
+Use Esc when you want to interact with {% data variables.product.prodname_copilot_short %} without necessarily ending the current operation. For example, if a permission dialog appears and you want to deny that specific request, pressing Esc dismisses the dialog and {% data variables.product.prodname_copilot_short %} continues working—it just won't use the tool you denied. Similarly, if you've queued follow-up prompts and want to cancel them without interrupting the work already in progress, pressing Esc removes the most recently queued prompt (repeat to remove earlier ones), while the current operation keeps running.
-Use Ctrl+C when you want to stop everything at once. It immediately cancels the active operation and clears any queued prompts in a single keypress. Any file write that is already in progress will complete—files are not left corrupted mid-write—but any remaining planned changes are abandoned. Pressing Ctrl+C a second time within two seconds, when the input area is empty, exits the session entirely.
+Use Ctrl+C when you want to cancel without the confirming second press that Esc requires. If no prompts are queued, a single Ctrl+C immediately cancels the active operation. If you have queued prompts, each Ctrl+C removes the most recently queued prompt—one per press—and cancels the active operation only once the queue is empty. Any file write that is already in progress will complete—files are not left corrupted mid-write—but any remaining planned changes are abandoned. Pressing Ctrl+C a second time within two seconds, when the input area is empty, exits the session entirely.
As a rule of thumb, use Esc when you want to intervene selectively, and Ctrl+C when you want to stop and start over.
diff --git a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/disable-automatic-commands.md b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/disable-automatic-commands.md
index a165d7fa9542..4091c06d78ca 100644
--- a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/disable-automatic-commands.md
+++ b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/disable-automatic-commands.md
@@ -2,7 +2,7 @@
title: Disabling automatic command approval in Copilot clients
shortTitle: Disable automatic commands
allowTitleToDifferFromFilename: true
-intro: 'Disable yolo mode to stop agents from running commands without approval.'
+intro: 'Disable YOLO mode to stop agents from running commands without approval.'
permissions: Enterprise owners
versions:
feature: copilot
@@ -14,15 +14,18 @@ category:
> [!NOTE] This feature is in {% data variables.release-phases.public_preview %} and subject to change.
-You can prevent users from using modes that enable automatic approval of agent commands in {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %}. The `disableBypassPermissionsMode` setting is defined in your enterprise's `{% data variables.copilot.managed_setting_file %}` file and applies to users on your enterprise's {% data variables.product.prodname_copilot_short %} plan.
+You can prevent users from enabling bypass mode (also known as "YOLO mode") in {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %}. Bypass mode lets an agent run commands, access files, and fetch URLs without asking for approval. By disabling it for your enterprise, you ensure that a person reviews each of these actions.
-This setting blocks users from using:
+## What disabling bypass mode prevents
-* The `--yolo` or `--allow-all` flag
-* The `/yolo` or `/allow-all` command
-* All runtime paths that enable combined bypass mode
+The `disableBypassPermissionsMode` setting is defined in your enterprise's `{% data variables.copilot.managed_setting_file %}` file and applies to users on your enterprise's {% data variables.product.prodname_copilot_short %} plan.
-This setting does **not** block individual flags such as `--allow-all-tools` or `--allow-all-paths`.
+When you set `disableBypassPermissionsMode` to `"disable"`, users cannot turn on YOLO mode in either client:
+
+* In {% data variables.copilot.copilot_cli_short %}, the `--yolo`, `--allow-all`, `--allow-all-tools`, `--allow-all-paths`, and `--allow-all-urls` command-line options and the `/yolo` and `/allow-all` slash commands are blocked.
+* In {% data variables.product.prodname_vscode_shortname %}, the global auto-approve setting (`chat.tools.global.autoApprove`), also known as "YOLO mode," is turned off and cannot be re-enabled.
+
+## Disabling bypass mode for your enterprise
{% data reusables.copilot.create-managed-settings %}
1. Add the following property.
diff --git a/content/copilot/how-tos/copilot-cli/customize-copilot/use-hooks.md b/content/copilot/how-tos/copilot-cli/customize-copilot/use-hooks.md
index 75ec1a7dcefe..d11c08814f2f 100644
--- a/content/copilot/how-tos/copilot-cli/customize-copilot/use-hooks.md
+++ b/content/copilot/how-tos/copilot-cli/customize-copilot/use-hooks.md
@@ -18,7 +18,7 @@ docsTeamMetrics:
## Prerequisite
-**For Windows only:** The examples in this article use PowerShell. If you're using Windows, you must have PowerShell 7.0 or later installed and in your PATH. You can check your PowerShell version by running `pwsh --version` in a terminal. To install PowerShell, run `winget install Microsoft.PowerShell` then restart your terminal.
+**Windows users only:** The example hooks in this article are designed to run on Windows, Linux, and macOS. For Windows, they use PowerShell and require you to have PowerShell 7.0 or later installed and in your PATH. You can check your PowerShell version by running `pwsh --version` in a terminal. To install PowerShell, run `winget install Microsoft.PowerShell` then restart your terminal.
## Creating a repository-level hook
diff --git a/content/copilot/how-tos/copilot-cli/use-copilot-cli/overview.md b/content/copilot/how-tos/copilot-cli/use-copilot-cli/overview.md
index b0113c29eb8c..5c330a1b9336 100644
--- a/content/copilot/how-tos/copilot-cli/use-copilot-cli/overview.md
+++ b/content/copilot/how-tos/copilot-cli/use-copilot-cli/overview.md
@@ -239,6 +239,12 @@ You can create skills to enhance the ability of {% data variables.product.prodna
For more information, see [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-copilot/add-skills).
+### Use hooks
+
+You can use hooks to extend and customize the behavior of {% data variables.copilot.copilot_cli_short %}. Hooks allow you to run custom shell commands automatically at key points during a CLI session.
+
+For more information, see [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-copilot/use-hooks).
+
### Add an MCP server
{% data variables.copilot.copilot_cli_short %} comes with the {% data variables.product.github %} MCP server already configured. This MCP server allows you to interact with resources on {% data variables.product.prodname_dotcom_the_website %}—for example, allowing you to merge pull requests from the CLI.
diff --git a/content/copilot/reference/copilot-cli-reference/cli-command-reference.md b/content/copilot/reference/copilot-cli-reference/cli-command-reference.md
index 454bb98b8995..03febf0bebba 100644
--- a/content/copilot/reference/copilot-cli-reference/cli-command-reference.md
+++ b/content/copilot/reference/copilot-cli-reference/cli-command-reference.md
@@ -273,6 +273,7 @@ For a complete list of available slash commands enter `/help` in the CLI's inter
| `--additional-mcp-config=JSON` | Add an MCP server for this session only. The server configuration can be supplied as a JSON string or a file path (prefix with `@`). Augments the configuration from `~/.copilot/mcp-config.json`. Overrides any installed MCP server configuration with the same name. See [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-copilot/add-mcp-servers). |
| `--agent=AGENT` | Specify a {% data variables.copilot.copilot_custom_agent_short %} to use. See [AUTOTITLE](/copilot/concepts/agents/copilot-cli/about-custom-agents). |
| `--allow-all` | Enable all permissions (equivalent to `--allow-all-tools --allow-all-paths --allow-all-urls`). |
+| `--allow-all-mcp-server-instructions` | Include initialization instructions from all MCP servers in the system prompt. By default, only allowlisted server instructions are included up front; other servers' instructions are retrieved on demand. |
| `--allow-all-paths` | Disable file path verification and allow access to any path. |
| `--allow-all-tools` | Allow all tools to run automatically without confirmation. Required when using the CLI programmatically (env: `COPILOT_ALLOW_ALL`). |
| `--allow-all-urls` | Allow access to all URLs without confirmation. |
diff --git a/content/education/about-github-education/github-education-for-students/apply-to-github-education-as-a-student.md b/content/education/about-github-education/github-education-for-students/apply-to-github-education-as-a-student.md
index 751f837fbd3c..20e661ba27f5 100644
--- a/content/education/about-github-education/github-education-for-students/apply-to-github-education-as-a-student.md
+++ b/content/education/about-github-education/github-education-for-students/apply-to-github-education-as-a-student.md
@@ -21,7 +21,7 @@ category:
You qualify for {% data variables.product.prodname_global_campus %} if you:
* Are enrolled in a degree- or diploma-granting program, such as a high school, college, university, or homeschool.
-* Have a verifiable school-issued email or documents proving your student status.
+* Provide documents that prove your current student status. See [Academic email requirements](#academic-email-requirements) below.
* Own a [{% data variables.product.prodname_dotcom %} personal account](/get-started/start-your-journey/creating-an-account-on-github).
* Are at least 13 years old.
@@ -32,6 +32,22 @@ You qualify for {% data variables.product.prodname_global_campus %} if you:
* Your transcript
* An affiliation or enrollment verification letter
+## Academic email requirements
+
+{% data variables.product.github %}'s verification process is individually tailored. When the system detects that recent applicants from your school successfully verified using their academic email, future applicants from the same school must also use an academic email.
+
+### Your school requires an academic email address
+
+If the application asks for an academic email, you must add and verify one on your {% data variables.product.prodname_dotcom %} account before applying. See [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account).
+
+### Your school does not provide an academic email address
+
+If your institution does not issue academic emails, provide official documentation, such as a school webpage or a letter on school letterhead, explaining the policy. Then reapply for {% data variables.product.prodname_global_campus %}.
+
+### Your school's email domain is not recognized
+
+If your school email domain is not recognized in the application, [contact {% data variables.product.prodname_global_campus %} Support](https://support.github.com/contact/education) with your school's full name, website URL, and the email domain you are attempting to use.
+
## Applying to {% data variables.product.prodname_global_campus %}
{% data reusables.education.apply-to-github-eduction-procedures %}
diff --git a/content/education/about-github-education/github-education-for-students/solving-problems-with-your-github-education-access.md b/content/education/about-github-education/github-education-for-students/solving-problems-with-your-github-education-access.md
index 7f08acb2b354..8bdf311a4a34 100644
--- a/content/education/about-github-education/github-education-for-students/solving-problems-with-your-github-education-access.md
+++ b/content/education/about-github-education/github-education-for-students/solving-problems-with-your-github-education-access.md
@@ -54,6 +54,18 @@ For more information, see:
* [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/changing-your-github-username)
* [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account)
+### Why does the application require an academic email?
+
+{% data variables.product.github %}'s verification process is individually tailored. When the system detects that recent applicants from your school successfully verified using their academic email, future applicants from the same school must also use an academic email.
+
+**What to do:**
+
+* **Get your academic email:** Contact your school's IT or administrative office. This is the fastest path to verification.
+* **School doesn't issue academic emails?** Provide official documentation (such as a school webpage or a letter on school letterhead) explaining the policy.
+* **School domain not recognized?** [Contact GitHub Education Support](https://support.github.com/contact/education) and include your school's full name, website URL, and the domain you are attempting to use.
+* **Email formatting issues:** Ensure your email address is all lowercase and doesn't use plus-addressing (such as "user+school@example.com"). If needed, delete and re-add it under **Settings > Emails**.
+* **Tried everything and still stuck?** [Contact {% data variables.product.prodname_global_campus %} Support](https://support.github.com/contact/education) and include which steps you attempted, what happened at each step, and where you encountered an issue.
+
### Ineligible student status
You're ineligible for a {% data variables.product.prodname_student_pack %} if:
diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets.md b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets.md
index 9a8cee618f37..fc6b92ca6f82 100644
--- a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets.md
+++ b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets.md
@@ -270,7 +270,9 @@ Metadata restrictions block "ref updates." If a contributor pushes work that inc
Metadata restrictions can increase friction for people contributing to a repository. Generally, if you impose metadata restrictions, you should do so on a limited set of branches to avoid impacting contributors' daily work. For example, instead of requiring consistent commit messages on any topic branch that a contributor might work on, you should require consistent commit messages on `main` only, then require pull requests into `main`.
-If you use squash merges, the individual commits in the pull request are ignored. Instead, restrictions are only validated against the metadata of the single, resulting merge commit. The pull request page validates this information before the merge is allowed, ensuring the final commit is compliant. For metadata restrictions that apply to committer emails, the pattern must also include `noreply@github.com` for squash merges to satisfy the restriction.
+If you use squash merges, the individual commits in the pull request are ignored. Instead, restrictions are only validated against the metadata of the single, resulting merge commit. The pull request page validates this information before the merge is allowed, ensuring the final commit is compliant.
+
+For metadata restrictions that apply to committer emails, to satisfy the restriction, the pattern must also include `noreply@github.com` for web-based merges and other commits created on {% data variables.product.prodname_dotcom_the_website %}.
When you add metadata restrictions to an existing branch or tag, the rules are enforced for new commits pushed to the branch or tag from that point forward, but they are not enforced against the existing history of the branch or tag.