You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/actions/how-tos/manage-runners/use-proxy-servers.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -33,7 +33,7 @@ On Windows machines, the proxy environment variable names are case-insensitive.
33
33
{% data reusables.actions.self-hosted-runner-ports-protocols %}
34
34
35
35
> [!WARNING]
36
-
> Self-hosted runners do not support using IP addresses in the `no_proxy` environment variable. If your {% data variables.product.prodname_ghe_server %} instance uses an IP address and you configure `no_proxy` to bypass the proxy for that address, the runner will still fail to connect.
36
+
> Self-hosted runners do not support using IP addresses and CIDR ranges in the `no_proxy` environment variable. If your {% data variables.product.prodname_ghe_server %} instance uses an IP address and you configure `no_proxy` to bypass the proxy for that address, the runner will still fail to connect.
37
37
> If your {% data variables.product.prodname_ghe_server %} instance is accessed using an IP address and the connection must bypass the proxy, the runner will fail to connect, even if that IP address is listed in `no_proxy`.
Copy file name to clipboardExpand all lines: content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/migrating-github-actions-external-storage.md
+22-22Lines changed: 22 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,11 +10,11 @@ category:
10
10
- Enable GitHub features for your enterprise
11
11
---
12
12
13
-
## About migrating {% data variables.product.prodname_actions %} external storage
14
-
15
-
You can migrate {% data variables.product.prodname_actions %} external storage to a new bucket, account, or region on the same provider when consolidating cloud accounts, meeting residency requirements, or reorganizing storage tenancy.
16
-
17
-
The migration works because {% data variables.product.prodname_actions %} identifies stored objects by their key (path) within a bucket or container, not by the bucket or account name. As long as you preserve the internal key layout and update your configuration to point at the new location, existing workflow logs and artifacts remain accessible without interruption.
13
+
## About migrating {% data variables.product.prodname_actions %} external storage
14
+
15
+
You can migrate {% data variables.product.prodname_actions %} external storage to a new bucket, account, or region on the same provider when consolidating cloud accounts, meeting residency requirements, or reorganizing storage tenancy.
16
+
17
+
The migration works because {% data variables.product.prodname_actions %} identifies stored objects by their key (path) within a bucket or container, not by the bucket or account name. As long as you preserve the internal key layout and update your configuration to point at the new location, existing workflow logs and artifacts remain accessible without interruption.
18
18
19
19
## Considerations
20
20
@@ -43,12 +43,12 @@ Before you begin, review the following constraints. Each one shapes the migratio
43
43
44
44
Before performing the migration against production, rehearse the full procedure on a staging instance. Provision a staging {% data variables.product.prodname_ghe_server %} instance from a recent production backup, point it at a throwaway destination that mirrors the intended production destination, and run every step of this article end to end. For more information, see [AUTOTITLE](/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance) and [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment).
45
45
46
-
A staging rehearsal validates that:
47
-
48
-
* Provider-side permissions, network access, and policies on the destination are correct.
49
-
* The copy tool you have chosen completes successfully against representative data volumes.
50
-
* The expected object count and total size match between source and destination.
51
-
* Existing workflow run logs and artifacts are retrievable through the UI after cutover.
46
+
A staging rehearsal validates that:
47
+
48
+
* Provider-side permissions, network access, and policies on the destination are correct.
49
+
* The copy tool you have chosen completes successfully against representative data volumes.
50
+
* The expected object count and total size match between source and destination.
51
+
* Existing workflow run logs and artifacts are retrievable through the UI after cutover.
52
52
53
53
> [!WARNING]
54
54
> Your staging instance must use different storage from your production instance. If you do not change the storage configuration, the staging instance may write into your production storage and cause data loss. For more information, see [AUTOTITLE](/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment#configuring-storage).
@@ -135,23 +135,23 @@ Work through the following steps in order. {% data variables.product.prodname_ac
135
135
136
136
If validation fails or you encounter issues after cutover, roll back by pointing {% data variables.location.product_location %} back at the source storage location. The source storage is your known-good copy. Do not copy data from the destination back into the source as part of rollback, because data written to the destination during a failed cutover may be partial or inconsistent, and writing it back into the source risks corrupting your only good copy.
137
137
138
-
> [!WARNING]
139
-
> Rolling back will discard any data written or deleted after the cutover. If validation fails, roll back immediately rather than attempting extended troubleshooting. The longer you wait, the more data is at risk.
140
-
141
-
If validation fails or you encounter issues:
142
-
143
-
1. Enable maintenance mode immediately.
144
-
1. In the {% data variables.enterprise.management_console %}, restore the original storage configuration values and click **Test storage settings**, then **Save settings**.
145
-
1. Disable maintenance mode and re-run the validation steps with the original storage.
146
-
147
-
After a successful rollback, investigate the failure and plan a new migration attempt.
138
+
> [!WARNING]
139
+
> Rolling back will discard any data written or deleted after the cutover. If validation fails, roll back immediately rather than attempting extended troubleshooting. The longer you wait, the more data is at risk.
140
+
141
+
If validation fails or you encounter issues:
142
+
143
+
1. Enable maintenance mode immediately.
144
+
1. In the {% data variables.enterprise.management_console %}, restore the original storage configuration values and click **Test storage settings**, then **Save settings**.
145
+
1. Disable maintenance mode and re-run the validation steps with the original storage.
146
+
147
+
After a successful rollback, investigate the failure and plan a new migration attempt.
148
148
149
149
## {% data variables.product.prodname_registry %} considerations
150
150
151
151
You can apply the same migration approach to {% data variables.product.prodname_registry %} external storage, with the following important differences. Read this section in full before migrating storage on an instance that has {% data variables.product.prodname_registry %} enabled.
152
152
153
153
***OpenID Connect is not available for {% data variables.product.prodname_registry %}.** {% data variables.product.prodname_registry %} only supports credentials-based authentication for external storage. The authentication-method constraint in this article still applies: keep the authentication method unchanged during migration.
154
-
***{% data variables.product.prodname_registry %} is more sensitive to timing mismatches.** When packages are published during the migration window, the system creates both new storage objects and database records. To prevent inconsistency, keep maintenance mode enabled continuously from the start of the final delta sync through successful validation of the new configuration.
154
+
***{% data variables.product.prodname_registry %} is more sensitive to timing mismatches.** When packages are published during the migration window, the system creates both new storage objects and database records. To prevent inconsistency, keep maintenance mode enabled continuously from the start of the final delta sync through successful validation of the new configuration.
155
155
***Update both configurations together if the same provider serves both products.** If you have configured {% data variables.product.prodname_actions %} and {% data variables.product.prodname_registry %} to use the same provider type and you are migrating both, plan the cutover as a single maintenance window and update both configurations before disabling maintenance mode.
156
156
***For cross-provider migrations of {% data variables.product.prodname_registry %} storage, contact {% data variables.contact.contact_ent_support %}.** Cross-provider moves are not covered here.
intro: Define and enforce license policy for dependencies in your repositories with open source license compliance.
5
+
product: 'Organizations owned by an enterprise account with {% data variables.product.prodname_GH_code_security %} enabled'
6
+
versions:
7
+
feature: open-source-license-compliance
8
+
contentType: concepts
9
+
category:
10
+
- Secure your dependencies
11
+
---
12
+
13
+
{% data reusables.code-security.open-source-license-compliance-public-preview-note %}
14
+
15
+
## Overview
16
+
17
+
Open source license compliance helps you **track dependency licenses** and **enforce policy** for the open source software in your supply chain. You can use license compliance to reduce legal and operational risk, catching nonconforming dependencies **before** changes are merged.
18
+
19
+
## How license policy works
20
+
21
+
You can define an enterprise or organization policy that controls which licenses dependencies are allowed to use.
22
+
23
+
You can specify licenses from either a built-in list or, if a license is not listed, by manually adding a SPDX license identifier.
24
+
25
+
Your policy is applied at the enterprise, organization, and repository scope. You can also add package or license exceptions when an **Enterprise Open Source License Manager** approves requests.
26
+
27
+
License evaluation uses dependency data from your repositories, including transitive dependencies detected in the dependency graph.
28
+
29
+
## How pull request enforcement works
30
+
31
+
Open source license compliance is enforced through branch rulesets. When a pull request changes package manifests, {% data variables.product.github %} compares dependency changes between the base and pull request branches, evaluates detected licenses against policy, and reports violations.
32
+
33
+
If there is a ruleset in **Active** mode which uses the "Requires license compliance results before merging" condition, pull requests that introduce noncompliant dependencies are blocked until violations are resolved. An **Evaluate** mode ruleset with that condition will run license checks and annotate the pull request, but not block merges.
34
+
35
+
Additionally, a [branch protection rule](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule) that requires comment resolution before merging will track annotations from license checks, so even alerts generated by **Evaluate** rulesets will be subject to the protection.
36
+
37
+
## Where results appear
38
+
39
+
If a dependency's license isn't in your policy, findings will appear in pull request annotations. The annotations do not automatically generate an exception request, because the developer could decide to modify their code to avoid the noncompliant dependency. If they do want to use the dependency, {% data variables.product.github %} will prompt the developer for more information, then send the closure request to the Enterprise Open Source License Managers, who have permission to modify the policy.
40
+
41
+
For Enterprise Open Source License Managers, pending exception requests are available in enterprise security views and sent as email notifications.
42
+
43
+
## Scope and governance model
44
+
45
+
You can create policy at enterprise scope for a common baseline, then layer repository-specific exceptions where needed.
46
+
47
+
For large enterprises, a common pattern is:
48
+
49
+
* Define broad policy centrally
50
+
* Assign the Enterprise Open Source License Manager role to policy reviewers
51
+
* Use a repository custom property to classify repositories as inactive, evaluate, or active
52
+
* Use rulesets that target the custom property values to control enforcement mode by repository
53
+
54
+
Developers with write access can view the effective policy and exceptions for a repository from the repository's license policy settings page.
55
+
56
+
## Next steps
57
+
58
+
To get started, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-license-policies).
59
+
60
+
For more information about rulesets, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
0 commit comments