Skip to content

Commit aaa5e61

Browse files
authored
Merge pull request #44817 from github/repo-sync
Repo sync
2 parents 60487f3 + 9815003 commit aaa5e61

43 files changed

Lines changed: 946 additions & 1124 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

content/copilot/how-tos/github-copilot-app/getting-started.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ To work on code, you need at least one repository connected to the app. If you s
4848

4949
The sidebar gives you access to the main areas of the app:
5050

51-
* **My work** - Browse and filter issues and pull requests from your repositories, check CI status, and leave reviews.
51+
* **My work** Browse and filter issues and pull requests from your repositories, check CI status, and leave reviews.
5252
* **Automations** — Saved agent tasks that run on a schedule or on demand.
5353
* **Search** — Search across your repositories directly from the app.
5454
* **Sessions** — Active agent sessions, grouped by repository. This also includes **Quick chats**, which are general chat conversations.

content/rest/repos/index.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ children:
1919
- /contents
2020
- /custom-properties
2121
- /forks
22+
- /issue-types
2223
- /lfs
2324
- /repos
2425
- /rule-suites

content/rest/repos/issue-types.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
---
2+
title: REST API endpoints for issue types
3+
shortTitle: Issue types
4+
intro: Use the REST API to manage issue types for a repository.
5+
versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
6+
fpt: '*'
7+
ghec: '*'
8+
autogenerated: rest
9+
allowTitleToDifferFromFilename: true
10+
category:
11+
- Manage repositories and code
12+
---
13+
14+
<!-- Content after this section is automatically generated -->
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
date: '2026-06-18'
2+
sections:
3+
security_fixes:
4+
- |
5+
**CRITICAL:** An attacker could exploit a pre-authentication server-side request forgery (SSRF) vulnerability in an upload endpoint to send crafted requests to internal services by exploiting insufficient input validation, potentially accessing internal services and exposing sensitive credentials. This attack required network access to the GHES instance. The vulnerability was addressed by adding input validation to request parameters. GitHub has requested CVE ID [CVE-2026-9312](https://www.cve.org/cverecord?id=CVE-2026-9312) for this vulnerability, which was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program.
6+
known_issues:
7+
- |
8+
During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading.
9+
- |
10+
During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start.
11+
- |
12+
If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [Troubleshooting access to the Management Console](/enterprise-server@latest/admin/administering-your-instance/administering-your-instance-from-the-web-ui/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account).
13+
- |
14+
{% data reusables.release-notes.large-adoc-files-issue %}
15+
- |
16+
Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised.
17+
- |
18+
When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed.
19+
- |
20+
Running a config apply as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps.
21+
- |
22+
When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`.
23+
- |
24+
When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration.
25+
- |
26+
In a cluster, the host running restore requires access the storage nodes via their private IPs.
27+
- |
28+
On an instance hosted on Azure, commenting on an issue via email meant the comment was not added to the issue.
29+
- |
30+
After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance.
31+
- |
32+
After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the actions workflow of a repository does not have any suggested workflows.
33+
- |
34+
When publishing npm packages in a workflow after restoring from a backup to GitHub Enterprise Server 3.13.5.gm4 or 3.14.2.gm3, you may encounter a `401 Unauthorized` error from the GitHub Packages service. This can happen if the restore is from an N-1 or N-2 version and the workflow targets the npm endpoint on the backup instance. To avoid this issue, ensure the access token is valid and includes the correct scopes for publishing to GitHub Packages.
35+
- |
36+
When applying an enterprise security configuration to all repositories (for example, enabling Secret Scanning or Code Scanning across all repositories), the system immediately enqueues enablement jobs for every organization in the enterprise simultaneously. For enterprises with a large number of repositories, this can result in significant system load and potential performance degradation. If you manage a large enterprise with many organizations and repositories, we recommend applying security configurations at the organization level rather than at the enterprise level in the UI. This allows you to enable security features incrementally and monitor system performance as you roll out changes.
37+
- |
38+
On instances with multiple Git storage nodes in a voting configuration, including cluster and geo-replication high availability topologies, upgrading may fail to correctly install Actions that ship with the new version. In some cases, previous versions of these Actions remain on the instance. To resolve this issue, run the following commands on the primary node: `ghe-config --unset 'app.actions.actions-repos-sha1sum'`, `ghe-config-apply`, and `/usr/local/share/enterprise/ghe-run-init-actions-graph`.
39+
- |
40+
Users attempting to clone repositories via HTTPS receive an "Internal Server Error" message, and the clone operation fails with a 500 error. This issue affects all deployment topologies including cluster, standalone, high availability, and geo-replication configurations.

eslint.config.ts

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -233,10 +233,7 @@ export default [
233233

234234
// Legacy files with @typescript-eslint/no-explicit-any violations (see github/docs-engineering#5797)
235235
{
236-
files: [
237-
'src/article-api/transformers/rest-transformer.ts',
238-
'src/frame/components/context/MainContext.tsx',
239-
],
236+
files: ['src/frame/components/context/MainContext.tsx'],
240237
rules: {
241238
'@typescript-eslint/no-explicit-any': 'off',
242239
},

src/article-api/transformers/rest-transformer.ts

Lines changed: 44 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,43 @@ import GithubSlugger from 'github-slugger'
1414
// These are only used by REST templates and kept here (not in engine.ts)
1515
// to avoid a circular dependency: rest-tags → renderContent → engine.
1616
for (const [tagName, tagClass] of Object.entries(apiTransformerTags)) {
17-
engine.registerTag(tagName, tagClass as any)
17+
engine.registerTag(tagName, tagClass as unknown as Parameters<typeof engine.registerTag>[1])
1818
}
1919

2020
const DEBUG = process.env.RUNNER_DEBUG === '1' || process.env.DEBUG === '1'
2121

22+
type PreparedCodeExample = {
23+
request: {
24+
description: string
25+
url: string
26+
acceptHeader?: string
27+
bodyParameters: string | null
28+
}
29+
response: {
30+
statusCode?: string
31+
schema: string | null
32+
}
33+
}
34+
35+
type PreparedOperation = Omit<Operation, 'statusCodes' | 'codeExamples'> & {
36+
description: string
37+
hasParameters: boolean
38+
showHeaders: boolean
39+
needsContentTypeHeader: boolean
40+
statusCodes?: Array<{ httpStatusCode: string; description?: string }>
41+
codeExamples: PreparedCodeExample[]
42+
}
43+
44+
type PreparedTemplateData = {
45+
page: {
46+
title: Page['title']
47+
intro: string
48+
}
49+
manualContent: string
50+
restOperations: PreparedOperation[]
51+
apiVersion?: string
52+
}
53+
2254
/**
2355
* Transformer for REST API pages
2456
* Converts REST operations and their data into markdown format using a Liquid template
@@ -114,12 +146,14 @@ export class RestTransformer implements PageTransformer {
114146
// Load and render template
115147
const templateContent = loadTemplate(this.templateName)
116148

117-
// Render the template with Liquid
149+
// Render the template with Liquid. templateData intentionally replaces
150+
// context.page with a simplified, text-rendered {title, intro} for the
151+
// template, so the merged object is not a strict Context.
118152
const rendered = await renderContent(templateContent, {
119153
...context,
120154
...templateData,
121155
markdownRequested: true,
122-
})
156+
} as unknown as Context)
123157

124158
if (DEBUG) console.log(`[DEBUG] RestTransformer completed in ${Date.now() - startTime}ms`)
125159
return rendered
@@ -134,7 +168,7 @@ export class RestTransformer implements PageTransformer {
134168
context: Context,
135169
manualContent: string,
136170
apiVersion?: string,
137-
): Promise<Record<string, any>> {
171+
): Promise<PreparedTemplateData> {
138172
// Prepare page intro
139173
const intro = page.intro ? await page.renderProp('intro', context, { textOnly: true }) : ''
140174

@@ -152,8 +186,7 @@ export class RestTransformer implements PageTransformer {
152186
}
153187
const schemaMap = new Map<string, string>()
154188
for (const op of preparedOperations) {
155-
if (!op.codeExamples) continue
156-
for (const example of op.codeExamples as any[]) {
189+
for (const example of op.codeExamples) {
157190
const schema = example.response?.schema
158191
if (!schema || typeof schema !== 'string') continue
159192

@@ -181,7 +214,7 @@ export class RestTransformer implements PageTransformer {
181214
/**
182215
* Prepare a single operation for template rendering
183216
*/
184-
private async prepareOperation(operation: Operation): Promise<Record<string, any>> {
217+
private async prepareOperation(operation: Operation): Promise<PreparedOperation> {
185218
// Convert HTML description to text
186219
const description = operation.descriptionHTML ? fastTextOnly(operation.descriptionHTML) : ''
187220

@@ -213,6 +246,9 @@ export class RestTransformer implements PageTransformer {
213246
}
214247
}
215248

249+
const responseSchema = (
250+
example.response as { schema?: Parameters<typeof summarizeSchema>[0] } | undefined
251+
)?.schema
216252
return {
217253
request: {
218254
description: example.request?.description
@@ -226,9 +262,7 @@ export class RestTransformer implements PageTransformer {
226262
},
227263
response: {
228264
statusCode: example.response?.statusCode,
229-
schema: (example.response as any)?.schema
230-
? summarizeSchema((example.response as any).schema)
231-
: null,
265+
schema: responseSchema ? summarizeSchema(responseSchema) : null,
232266
},
233267
}
234268
}) || []

src/github-apps/data/fpt-2022-11-28/fine-grained-pat-permissions.json

Lines changed: 14 additions & 86 deletions
Original file line numberDiff line numberDiff line change
@@ -720,15 +720,6 @@
720720
"additional-permissions": true,
721721
"access": "write"
722722
},
723-
{
724-
"category": "copilot",
725-
"slug": "get-copilot-metrics-for-an-organization",
726-
"subcategory": "copilot-metrics",
727-
"verb": "get",
728-
"requestPath": "/orgs/{org}/copilot/metrics",
729-
"additional-permissions": true,
730-
"access": "read"
731-
},
732723
{
733724
"category": "dependabot",
734725
"slug": "lists-the-repositories-dependabot-can-access-in-an-organization",
@@ -981,15 +972,6 @@
981972
"additional-permissions": true,
982973
"access": "write"
983974
},
984-
{
985-
"category": "copilot",
986-
"slug": "get-copilot-metrics-for-a-team",
987-
"subcategory": "copilot-metrics",
988-
"verb": "get",
989-
"requestPath": "/orgs/{org}/team/{team_slug}/copilot/metrics",
990-
"additional-permissions": true,
991-
"access": "read"
992-
},
993975
{
994976
"category": "orgs",
995977
"slug": "enable-or-disable-a-security-feature-for-an-organization",
@@ -1650,15 +1632,6 @@
16501632
"additional-permissions": true,
16511633
"access": "write"
16521634
},
1653-
{
1654-
"category": "copilot",
1655-
"slug": "get-copilot-metrics-for-an-organization",
1656-
"subcategory": "copilot-metrics",
1657-
"verb": "get",
1658-
"requestPath": "/orgs/{org}/copilot/metrics",
1659-
"additional-permissions": true,
1660-
"access": "read"
1661-
},
16621635
{
16631636
"category": "copilot",
16641637
"slug": "get-copilot-seat-assignment-details-for-a-user",
@@ -1667,15 +1640,6 @@
16671640
"requestPath": "/orgs/{org}/members/{username}/copilot",
16681641
"additional-permissions": true,
16691642
"access": "read"
1670-
},
1671-
{
1672-
"category": "copilot",
1673-
"slug": "get-copilot-metrics-for-a-team",
1674-
"subcategory": "copilot-metrics",
1675-
"verb": "get",
1676-
"requestPath": "/orgs/{org}/team/{team_slug}/copilot/metrics",
1677-
"additional-permissions": true,
1678-
"access": "read"
16791643
}
16801644
]
16811645
},
@@ -5184,7 +5148,7 @@
51845148
"subcategory": "artifact-metadata",
51855149
"verb": "post",
51865150
"requestPath": "/orgs/{org}/artifacts/metadata/deployment-record",
5187-
"additional-permissions": true,
5151+
"additional-permissions": false,
51885152
"access": "write"
51895153
},
51905154
{
@@ -5193,7 +5157,7 @@
51935157
"subcategory": "artifact-metadata",
51945158
"verb": "post",
51955159
"requestPath": "/orgs/{org}/artifacts/metadata/deployment-record/cluster/{cluster}",
5196-
"additional-permissions": true,
5160+
"additional-permissions": false,
51975161
"access": "write"
51985162
},
51995163
{
@@ -5202,7 +5166,7 @@
52025166
"subcategory": "artifact-metadata",
52035167
"verb": "post",
52045168
"requestPath": "/orgs/{org}/artifacts/metadata/storage-record",
5205-
"additional-permissions": true,
5169+
"additional-permissions": false,
52065170
"access": "write"
52075171
},
52085172
{
@@ -5211,7 +5175,7 @@
52115175
"subcategory": "artifact-metadata",
52125176
"verb": "get",
52135177
"requestPath": "/orgs/{org}/artifacts/{subject_digest}/metadata/deployment-records",
5214-
"additional-permissions": true,
5178+
"additional-permissions": false,
52155179
"access": "read"
52165180
},
52175181
{
@@ -5220,7 +5184,7 @@
52205184
"subcategory": "artifact-metadata",
52215185
"verb": "get",
52225186
"requestPath": "/orgs/{org}/artifacts/{subject_digest}/metadata/storage-records",
5223-
"additional-permissions": true,
5187+
"additional-permissions": false,
52245188
"access": "read"
52255189
}
52265190
]
@@ -5739,51 +5703,6 @@
57395703
"additional-permissions": false,
57405704
"access": "read"
57415705
},
5742-
{
5743-
"category": "orgs",
5744-
"slug": "create-an-artifact-deployment-record",
5745-
"subcategory": "artifact-metadata",
5746-
"verb": "post",
5747-
"requestPath": "/orgs/{org}/artifacts/metadata/deployment-record",
5748-
"additional-permissions": true,
5749-
"access": "write"
5750-
},
5751-
{
5752-
"category": "orgs",
5753-
"slug": "set-cluster-deployment-records",
5754-
"subcategory": "artifact-metadata",
5755-
"verb": "post",
5756-
"requestPath": "/orgs/{org}/artifacts/metadata/deployment-record/cluster/{cluster}",
5757-
"additional-permissions": true,
5758-
"access": "write"
5759-
},
5760-
{
5761-
"category": "orgs",
5762-
"slug": "create-artifact-metadata-storage-record",
5763-
"subcategory": "artifact-metadata",
5764-
"verb": "post",
5765-
"requestPath": "/orgs/{org}/artifacts/metadata/storage-record",
5766-
"additional-permissions": true,
5767-
"access": "write"
5768-
},
5769-
{
5770-
"category": "orgs",
5771-
"slug": "list-artifact-deployment-records",
5772-
"subcategory": "artifact-metadata",
5773-
"verb": "get",
5774-
"requestPath": "/orgs/{org}/artifacts/{subject_digest}/metadata/deployment-records",
5775-
"additional-permissions": true,
5776-
"access": "read"
5777-
},
5778-
{
5779-
"category": "orgs",
5780-
"slug": "list-artifact-storage-records",
5781-
"subcategory": "artifact-metadata",
5782-
"verb": "get",
5783-
"requestPath": "/orgs/{org}/artifacts/{subject_digest}/metadata/storage-records",
5784-
"additional-permissions": true,
5785-
"access": "read"
5786-
},
57875706
{
57885707
"category": "repos",
57895708
"slug": "list-repository-activities",
@@ -7461,6 +7380,15 @@
74617380
"additional-permissions": false,
74627381
"access": "read"
74637382
},
7383+
{
7384+
"category": "repos",
7385+
"slug": "list-issue-types-for-a-repository",
7386+
"subcategory": "issue-types",
7387+
"verb": "get",
7388+
"requestPath": "/repos/{owner}/{repo}/issue-types",
7389+
"additional-permissions": false,
7390+
"access": "read"
7391+
},
74647392
{
74657393
"category": "repos",
74667394
"slug": "list-repository-languages",

0 commit comments

Comments
 (0)