Merge pull request github#20961 from github/repo-sync

repo sync
MarcelRaschke · Sep 28, 2022 · 65368ce · 65368ce
2 parents 04342b4 + 5bb464a
commit 65368ce
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 2 deletions.
diff --git a/...iguration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md b/...iguration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md
@@ -101,7 +101,7 @@ Before you can enable {% data variables.product.prodname_dependabot_alerts %}:
 After you enable {% data variables.product.prodname_dependabot_alerts %} for your enterprise, you can enable {% data variables.product.prodname_dependabot_updates %}.
 
 {% ifversion ghes %}
-Before you enable {% data variables.product.prodname_dependabot_updates %}, you must configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %} with self-hosted runners. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)."
+{% data reusables.dependabot.enabling-actions-for-ghes %} For more information, see "[Getting started with {% data variables.product.prodname_actions %} for GitHub Enterprise Server](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/getting-started-with-github-actions-for-github-enterprise-server)."
 
 {% data variables.product.prodname_dependabot_updates %} are not supported on {% data variables.product.product_name %} if your enterprise uses clustering.
 {% endif %}

diff --git a/...ity/dependabot/dependabot-security-updates/about-dependabot-security-updates.md b/...ity/dependabot/dependabot-security-updates/about-dependabot-security-updates.md
@@ -37,6 +37,7 @@ topics:
 The {% data variables.product.prodname_dependabot_security_updates %} feature is available for repositories where you have enabled the dependency graph and {% data variables.product.prodname_dependabot_alerts %}. You will see a {% data variables.product.prodname_dependabot %} alert for every vulnerable dependency identified in your full dependency graph. However, security updates are triggered only for dependencies that are specified in a manifest or lock file. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#dependencies-included)."
 
 {% ifversion dependabot-security-updates-unlock-transitive-dependencies %} 
+
 {% note %}
 
 **Note**: For npm, {% data variables.product.prodname_dependabot %} will raise a pull request to update an explicitly defined dependency to a secure version, even if it means updating the parent dependency or dependencies{% ifversion dependabot-security-updates-npm %}, or even removing a sub-dependency that is no longer needed by the parent{% endif %}. For other ecosystems, {% data variables.product.prodname_dependabot %} is unable to update an indirect or transitive dependency if it would also require an update to the parent dependency. For more information, see "[Dependabot tries to update dependencies without an alert](/en/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors#dependabot-tries-to-update-dependencies-without-an-alert)."
@@ -47,6 +48,8 @@ You can enable a related feature, {% data variables.product.prodname_dependabot_
 
 {% data reusables.dependabot.pull-request-security-vs-version-updates %}
 
+{% data reusables.dependabot.dependabot-updates-and-actions %}
+
 ## About pull requests for security updates
 
 Each pull request contains everything you need to quickly and safely review and merge a proposed fix into your project. This includes information about the vulnerability like release notes, changelog entries, and commit details. Details of which vulnerability a pull request resolves are hidden from anyone who does not have access to {% data variables.product.prodname_dependabot_alerts %} for the repository.

diff --git a/...urity/dependabot/dependabot-version-updates/about-dependabot-version-updates.md b/...urity/dependabot/dependabot-version-updates/about-dependabot-version-updates.md
@@ -38,6 +38,8 @@ If you enable _security updates_, {% data variables.product.prodname_dependabot
 
 {% data reusables.dependabot.pull-request-security-vs-version-updates %}
 
+{% data reusables.dependabot.dependabot-updates-and-actions %}
+
 {% data reusables.dependabot.dependabot-tos %}
 
 ## Frequency of {% data variables.product.prodname_dependabot %} pull requests

diff --git a/...ecurity/understanding-your-software-supply-chain/about-supply-chain-security.md b/...ecurity/understanding-your-software-supply-chain/about-supply-chain-security.md
@@ -79,14 +79,29 @@ For more information about dependency review, see "[About dependency review](/co
 
 ### What is Dependabot
 
-{% data variables.product.prodname_dependabot %} keeps your dependencies up to date by informing you of any security vulnerabilities in your dependencies{% ifversion fpt or ghec or ghes > 3.2 or ghae %}, and automatically opens pull requests to upgrade your dependencies to the next available secure version when a {% data variables.product.prodname_dependabot %} alert is triggered, or to the latest version when a release is published{% else %} so that you can update that dependency{% endif %}.
+{% data variables.product.prodname_dependabot %} keeps your dependencies up to date by informing you of any security vulnerabilities in your dependencies{% ifversion fpt or ghec or ghes > 3.2 %}, and automatically opens pull requests to upgrade your dependencies to the next available secure version when a {% data variables.product.prodname_dependabot %} alert is triggered, or to the latest version when a release is published{% else %} so that you can update that dependency{% endif %}.
 
 {% ifversion fpt or ghec or ghes > 3.2 %}
 The term "{% data variables.product.prodname_dependabot %}" encompasses the following features:
 - {% data variables.product.prodname_dependabot_alerts %}—Displayed notification on the **Security** tab for the repository, and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version.
 - {% data variables.product.prodname_dependabot_updates %}:
    - {% data variables.product.prodname_dependabot_security_updates %}—Triggered updates to upgrade your dependencies to a secure version when an alert is triggered.
    - {% data variables.product.prodname_dependabot_version_updates %}—Scheduled updates to keep your dependencies up to date with the latest version.
+
+{% endif %}
+
+{% ifversion fpt or ghec %}
+
+{% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dependabot_security_updates %}, and {% data variables.product.prodname_dependabot_version_updates %} do not use {% data variables.product.prodname_actions %} when they run on {% data variables.product.product_name %}. However, pull requests opened by {% data variables.product.prodname_dependabot %} can trigger workflows that run actions. For more information, see "[Automating {% data variables.product.prodname_dependabot %} with {% data variables.product.prodname_actions %}](/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions)."
+
+{% elsif ghes %}
+
+{% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_dependabot_version_updates %} require {% data variables.product.prodname_actions %} to run on {% data variables.product.product_name %}. {% data variables.product.prodname_dependabot_alerts %} do not require {% data variables.product.prodname_actions %}. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
+
+{% elsif ghae %}
+
+{% data variables.product.prodname_actions %} is not required for {% data variables.product.prodname_dependabot_alerts %} to run on {% data variables.product.product_name %}.
+
 {% endif %}
 
 #### What are Dependabot alerts

diff --git a/data/reusables/dependabot/dependabot-updates-and-actions.md b/data/reusables/dependabot/dependabot-updates-and-actions.md
@@ -0,0 +1 @@
+{% data variables.product.prodname_actions %} is {% ifversion ghec or fpt %}not {% endif %}required for {% data variables.product.prodname_dependabot_version_updates %} and {% data variables.product.prodname_dependabot_security_updates %} to run on {% data variables.product.product_name %}.{% ifversion fpt or ghec %} However, pull requests opened by {% data variables.product.prodname_dependabot %} can trigger workflows that run actions. For more information, see "[Automating {% data variables.product.prodname_dependabot %} with {% data variables.product.prodname_actions %}](/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions)."{% elsif ghes %} {% data reusables.dependabot.enabling-actions-for-ghes %} For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."{% endif %}
diff --git a/data/reusables/dependabot/enabling-actions-for-ghes.md b/data/reusables/dependabot/enabling-actions-for-ghes.md
@@ -0,0 +1 @@
+Before you enable {% data variables.product.prodname_dependabot_updates %}, you must configure {% data variables.product.product_location %} to use {% data variables.product.prodname_actions %} with self-hosted runners.