github
diff --git a/‎.devcontainer.json
+2-3 b/‎.devcontainer.json
+2-3
diff --git a/‎.github/CODEOWNERS
+2 b/‎.github/CODEOWNERS
+2
diff --git a/‎.github/ISSUE_TEMPLATE/production-config-change.md
+24 b/‎.github/ISSUE_TEMPLATE/production-config-change.md
+24
diff --git a/‎.github/allowed-actions.js
+4-1 b/‎.github/allowed-actions.js
+4-1
diff --git a/‎.github/commands/remove.yaml
+10 b/‎.github/commands/remove.yaml
+10
diff --git a/‎.github/workflows/browser-test.yml
+4-2 b/‎.github/workflows/browser-test.yml
+4-2
diff --git a/‎.github/workflows/merged-notification.yml
+1-1 b/‎.github/workflows/merged-notification.yml
+1-1
diff --git a/‎.github/workflows/move-help-wanted-issues.yml
+17 b/‎.github/workflows/move-help-wanted-issues.yml
+17
diff --git a/‎.github/workflows/move-ready-to-merge-issues.yaml
+22 b/‎.github/workflows/move-ready-to-merge-issues.yaml
+22
diff --git a/‎.github/workflows/remove-from-fr-board.yaml
+64 b/‎.github/workflows/remove-from-fr-board.yaml
+64
diff --git a/‎.github/workflows/site-policy-sync.yml
+1-1 b/‎.github/workflows/site-policy-sync.yml
+1-1
diff --git a/‎assets/images/enterprise/github-ae/settings/access-token-scopes-for-ghae.png
174 KB b/‎assets/images/enterprise/github-ae/settings/access-token-scopes-for-ghae.png
174 KB
diff --git a/‎assets/images/help/enterprises/ghas-orgs-list-click-org.png renamed to ‎assets/images/help/billing/ghas-orgs-list-enterprise-click-org.png b/‎assets/images/help/enterprises/ghas-orgs-list-click-org.png renamed to ‎assets/images/help/billing/ghas-orgs-list-enterprise-click-org.png
diff --git a/‎assets/images/help/enterprises/ghas-orgs-list.png renamed to ‎assets/images/help/billing/ghas-orgs-list-enterprise.png b/‎assets/images/help/enterprises/ghas-orgs-list.png renamed to ‎assets/images/help/billing/ghas-orgs-list-enterprise.png
diff --git a/‎assets/images/help/billing/ghas-seats-org.png
30.4 KB b/‎assets/images/help/billing/ghas-seats-org.png
30.4 KB
diff --git a/‎assets/images/help/billing/settings_organization_billing_planning_tab.png
17.6 KB b/‎assets/images/help/billing/settings_organization_billing_planning_tab.png
17.6 KB
diff --git a/‎assets/images/help/desktop/click-branch-in-drop-down.png renamed to ‎assets/images/help/desktop/click-branch-in-drop-down-mac.png b/‎assets/images/help/desktop/click-branch-in-drop-down.png renamed to ‎assets/images/help/desktop/click-branch-in-drop-down-mac.png
diff --git a/‎assets/images/help/desktop/select-branch-to-delete.png renamed to ‎assets/images/help/desktop/select-branch-from-dropdown.png b/‎assets/images/help/desktop/select-branch-to-delete.png renamed to ‎assets/images/help/desktop/select-branch-from-dropdown.png
diff --git a/‎assets/images/help/enterprises/enterprise-licensing-tab-ghas-no-seats.png
39.5 KB b/‎assets/images/help/enterprises/enterprise-licensing-tab-ghas-no-seats.png
39.5 KB
diff --git a/‎assets/images/help/enterprises/enterprise-licensing-tab-ghas.png
30.6 KB b/‎assets/images/help/enterprises/enterprise-licensing-tab-ghas.png
30.6 KB
diff --git a/‎assets/images/help/enterprises/settings-security-analysis-ghas-repos-list.png
111 KB b/‎assets/images/help/enterprises/settings-security-analysis-ghas-repos-list.png
111 KB
diff --git a/‎assets/images/help/organizations/ghas-repos-list.png
-81.5 KB b/‎assets/images/help/organizations/ghas-repos-list.png
-81.5 KB
diff --git a/‎assets/images/help/organizations/settings-security-analysis-ghas-repos-list.png
109 KB b/‎assets/images/help/organizations/settings-security-analysis-ghas-repos-list.png
109 KB
diff --git a/‎content/actions/creating-actions/metadata-syntax-for-github-actions.md
+1-1 b/‎content/actions/creating-actions/metadata-syntax-for-github-actions.md
+1-1
diff --git a/‎content/actions/guides/about-continuous-integration.md
+20 b/‎content/actions/guides/about-continuous-integration.md
+20
diff --git a/‎content/actions/guides/building-and-testing-net.md
+6-6 b/‎content/actions/guides/building-and-testing-net.md
+6-6
diff --git a/‎content/actions/guides/caching-dependencies-to-speed-up-workflows.md
+1-1 b/‎content/actions/guides/caching-dependencies-to-speed-up-workflows.md
+1-1
diff --git a/‎content/actions/learn-github-actions/essential-features-of-github-actions.md
+1-1 b/‎content/actions/learn-github-actions/essential-features-of-github-actions.md
+1-1
diff --git a/‎content/actions/learn-github-actions/migrating-from-circleci-to-github-actions.md
+1-1 b/‎content/actions/learn-github-actions/migrating-from-circleci-to-github-actions.md
+1-1
diff --git a/‎content/actions/learn-github-actions/security-hardening-for-github-actions.md
+1-1 b/‎content/actions/learn-github-actions/security-hardening-for-github-actions.md
+1-1
diff --git a/‎content/actions/reference/authentication-in-a-workflow.md
+2 b/‎content/actions/reference/authentication-in-a-workflow.md
+2
diff --git a/‎content/actions/reference/encrypted-secrets.md
+6 b/‎content/actions/reference/encrypted-secrets.md
+6
@@ -2,13 +2,12 @@
 // For format details, see https://aka.ms/vscode-remote/devcontainer.json 
 {
     "name": "docs.github.com",
-    "service": "container-doc",
     "settings": {
         "terminal.integrated.shell.linux": "/bin/bash",
         "cSpell.language": ",en"
     },
-    // Install pre-requisites, and start to serve docs.github.com locally
-    "postCreateCommand": "npm install && npm start",
+    // Install pre-requisites and run a build to ensure we are ready to start serving docs.github.com locally (via `npm start`)
+    "postCreateCommand": "npm ci && npm run build",
     "forwardPorts": [4000],
     // Visual Studio Code extensions which help authoring for docs.github.com.
     "extensions": [
 
@@ -7,6 +7,8 @@
 *.js @github/docs-engineering
 /.github/ @github/docs-engineering
 /script/ @github/docs-engineering
+/includes/ @github/docs-engineering
+/layouts/ @github/docs-engineering
 app.json @github/docs-engineering
 Dockerfile @github/docs-engineering
 package-lock.json @github/docs-engineering
 
@@ -0,0 +1,24 @@
+---
+name: Change production configuration
+about: Track changes to the production docs.github.com site
+title: ''
+labels: engineering
+assignees: ''
+---
+
+A configuration change would be something outside of our code that we change with our production environment, such as environment variables, virtual machine tier or quantity, or service providers.
+
+- _Primary person_:
+- _Second person_:
+- _When_:
+- _Zoom URL_:
+
+### What is the configuration change?
+
+### Why are we updating this configuration?
+
+### What risks are there with this configuration change?
+
+### If an issue happens, how do we roll back?
+
+Once the change is verified good, please close this issue.
@@ -11,6 +11,8 @@ module.exports = [
   "actions/setup-node@c46424eee26de4078d34105d3de3cc4992202b1e", //actions/[email protected]
   "ruby/setup-ruby@fdcfbcf14ec9672f6f615cb9589a1bc5dd69d262", //ruby/[email protected]
   "actions/stale@9d6f46564a515a9ea11e7762ab3957ee58ca50da", //actions/stale@v3.0.16
+  "alex-page/github-project-automation-plus@fdb7991b72040d611e1123d2b75ff10eda9372c9",
+  "andymckay/labeler@22d5392de2b725cea4b284df5824125054049d84",
   "archive/github-actions-slack@d368c5a4ad757515a9344918f84c490b05777d94",
   "ashley-taylor/regex-property-action@93a24f845cd20790924208225cc72da8b4c6d46d",
   "crowdin/github-action@fd9429dd63d6c0f8a8cb4b93ad8076990bd6e688",
@@ -21,17 +23,18 @@ module.exports = [
   "fkirc/skip-duplicate-actions@36feb0d8d062137530c2e00bd278d138fe191289",
   "github/codeql-action/analyze@v1",
   "github/codeql-action/init@v1",
-  "ianwalter/puppeteer-container@2466ba8ecf689ccf4e5dfadeff3ac2db227b2e17",
   "juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8",
   "juliangruber/find-pull-request-action@2fc55e82a6d5d36fe1e7f1848f7e64fd02d99de9",
   "juliangruber/read-file-action@e0a316da496006ffd19142f0fd594a1783f3b512",
   "lee-dohm/close-matching-issues@22002609b2555fe18f52b8e2e7c07cbf5529e8a8",
+  "octokit/graphql-action@5b3e01d42dee4509b0ac6b1cb2cf7778cdce85c2",
   "pascalgn/automerge-action@c9bd1823770819dc8fb8a5db2d11a3a95fbe9b07", //pascalgn/[email protected]
   "peter-evans/create-issue-from-file@a04ce672e3acedb1f8e416b46716ddfd09905326",
   "peter-evans/create-or-update-comment@5221bf4aa615e5c6e95bb142f9673a9c791be2cd",
   "peter-evans/create-pull-request@8c603dbb04b917a9fc2dd991dc54fef54b640b43",
   "rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9",
   "rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e",
+  "rachmari/puppeteer-container@6d56d6e132a3df76cf60bc290a4282f7fbaed05e",
   "repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88",
   "repo-sync/pull-request@33777245b1aace1a58c87a29c90321aa7a74bd7d",
   "someimportantcompany/github-actions-slack-message@0b470c14b39da4260ed9e3f9a4f1298a74ccdefd",
 
@@ -0,0 +1,10 @@
+trigger: remove-from-fr-board
+title: Remove from FR board
+description: Remove the current issue or pull request from the project board for the docs content first responder
+surfaces:
+  - issue
+  - pull_request
+  - discussion
+steps:
+  - type: repository_dispatch
+    eventType: remove_from_FR_board
@@ -39,12 +39,14 @@ jobs:
 
       - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
         name: Install
-        uses: ianwalter/puppeteer-container@2466ba8ecf689ccf4e5dfadeff3ac2db227b2e17
+        uses: rachmari/puppeteer-container@6d56d6e132a3df76cf60bc290a4282f7fbaed05e
+        timeout-minutes: 5
         with:
           args: npm ci
 
       - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
         name: Test
-        uses: ianwalter/puppeteer-container@2466ba8ecf689ccf4e5dfadeff3ac2db227b2e17
+        timeout-minutes: 10
+        uses: rachmari/puppeteer-container@6d56d6e132a3df76cf60bc290a4282f7fbaed05e
         with:
           args: npm run browser-test
@@ -15,5 +15,5 @@ jobs:
             github.issues.createComment({
               ...context.repo,
               issue_number: context.payload.pull_request.number,
-              body: 'Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our [help wanted issues](https://github.com/github/docs/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22) :zap:'
+              body: "Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our [help wanted issues](https://github.com/github/docs/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22) :zap:"
             })
@@ -0,0 +1,17 @@
+name: Move help wanted issues
+on:
+  issues:
+    types:
+      - labeled
+
+jobs:
+  move_issues:
+    if: github.repository == 'github/docs' && (github.event.label.name == 'help wanted' || github.event.label.name == 'good first issue')
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: alex-page/github-project-automation-plus@fdb7991b72040d611e1123d2b75ff10eda9372c9
+        with:
+          project: Docs team reviews
+          column: Help wanted
+          repo-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
@@ -0,0 +1,22 @@
+name: Move and unlabel ready to merge issues
+on:
+  issues:
+    types:
+      - labeled
+
+jobs:
+  unmark_for_review:
+    if: github.repository == 'github/docs' && github.event.label.name == 'ready to merge'
+    runs-on: ubuntu-latest
+    steps:
+      - name: move issue
+        uses: alex-page/github-project-automation-plus@fdb7991b72040d611e1123d2b75ff10eda9372c9
+        with:
+          project: Docs team reviews
+          column: Triage
+          repo-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
+      - name: remove label
+        uses: andymckay/labeler@22d5392de2b725cea4b284df5824125054049d84
+        with:
+          remove-labels: 'waiting for review'
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,64 @@
+name: Remove card from FR board
+
+on:
+  repository_dispatch:
+    types: remove_from_FR_board
+
+jobs:
+  remove_from_FR_board:
+    if: github.repository == 'github/docs-internal'
+    runs-on: ubuntu-latest
+    steps:
+      - id: find_project_cards
+        uses: octokit/graphql-action@5b3e01d42dee4509b0ac6b1cb2cf7778cdce85c2
+        with:
+          query: |
+            query($issue_node_id:ID!) {
+              node(id:$issue_node_id) {
+                ... on Issue {
+                  projectCards(first: 10) {
+                    nodes {
+                      id
+                      project {
+                        name
+                        id
+                      }
+                    }
+                  }
+                }
+                ... on PullRequest {
+                  projectCards(first: 10) {
+                    nodes {
+                      id
+                      project {
+                        name
+                        id
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          issue_node_id: ${{ github.event.client_payload.command.resource.id }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
+
+      - run: "echo 'Project cards found: ${{ steps.find_project_cards.outputs.data }}'"
+
+      - name: Get FR card
+        env:
+          QUERY_DATA: ${{ steps.find_project_cards.outputs.data }}
+        run: |
+          echo 'FR_CARDS='$(jq '.node.projectCards.nodes | .[] | select(.project.id == "MDc6UHJvamVjdDQ1NzI0ODI=") | .id' <<< "$QUERY_DATA") >> $GITHUB_ENV
+
+      - name: Delete card
+        id: delete_project_card
+        if: ${{ env.FR_CARDS }}
+        uses: octokit/graphql-action@5b3e01d42dee4509b0ac6b1cb2cf7778cdce85c2
+        with:
+          query: |
+            mutation DeleteCard {
+              deleteProjectCard(input:{cardId:${{ env.FR_CARDS }}}) {deletedCardId}
+            }
+        env:
+          GITHUB_TOKEN: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
@@ -18,7 +18,7 @@ on:
 jobs:
   # This workflow contains a single job called "build"
   copy-file:
-    if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
+    if: github.repository == 'github/docs-internal'
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
 
@@ -299,7 +299,7 @@ runs:
 
 #### `runs.image`
 
-**Required** The Docker image to use as the container to run the action. The value can be the Docker base image name, a local `Dockerfile` in your repository, or a public image in Docker Hub or another registry. To reference a `Dockerfile` local to your repository, use a path relative to your action metadata file. The `docker` application will execute this file.
+**Required** The Docker image to use as the container to run the action. The value can be the Docker base image name, a local `Dockerfile` in your repository, or a public image in Docker Hub or another registry. To reference a `Dockerfile` local to your repository, the file must be named `Dockerfile` and you must use a path relative to your action metadata file. The `docker` application will execute this file.
 
 #### `runs.env`
 
 
@@ -53,6 +53,26 @@ For a definition of common terms, see "[Core concepts for {% data variables.prod
 
 Browse the complete list of CI workflow templates offered by {% data variables.product.product_name %} in the {% if currentVersion == "free-pro-team@latest" %}[actions/starter-workflows](https://github.com/actions/starter-workflows/tree/main/ci) repository{% else %} `actions/starter-workflows` repository on {% data variables.product.product_location %}{% endif %}.
 
+### Skipping workflow runs
+
+If you want to temporarily prevent a workflow from being triggered, you can add a skip instruction to the commit message. Workflows that would otherwise be triggered `on: push` or `on: pull_request`, won't be triggered if you add any any of the following strings to the commit message in a push, or the HEAD commit of a pull request:
+
+* `[skip ci]`
+* `[ci skip]`
+* `[no ci]`
+* `[skip actions]`
+* `[actions skip]`
+
+Alternatively, you can end the commit message with two empty lines followed by either `skip-checks: true` or `skip-checks:true`.
+
+You won't be able to merge the pull request if your repository is configured to require specific checks to pass first. To allow the pull request to be merged you can push a new commit to the pull request without the skip instruction in the commit message.
+
+{% note %}
+
+**Note:** Skip instructions only apply to the `push` and `pull_request` events. For example, adding `[skip ci]` to a commit message won't stop a workflow that's triggered `on: pull_request_target` from running.
+
+{% endnote %}
+
 ### Notifications for workflow runs
 
 {% data reusables.repositories.workflow-notifications %}
 
@@ -49,7 +49,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Setup .NET Core SDK ${{ matrix.dotnet }}
-      uses: actions/setup-dotnet@v1.6.0
+      uses: actions/setup-dotnet@v1.7.2
       with:
         dotnet-version: ${{ matrix.dotnet-version }}
     - name: Install dependencies
@@ -86,7 +86,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Setup dotnet ${{ matrix.dotnet-version }}
-      uses: actions/setup-dotnet@v1.6.0
+      uses: actions/setup-dotnet@v1.7.2
       with:
         dotnet-version: ${{ matrix.dotnet-version }}
     # You can test your matrix by printing the current dotnet version
@@ -118,7 +118,7 @@ You can configure your job to use a specific version of .NET, such as `3.1.3`. A
 steps:
 - uses: actions/checkout@v2
 - name: Setup dotnet
-  uses: actions/setup-dotnet@v1.6.0
+  uses: actions/setup-dotnet@v1.7.2
   with:
     dotnet-version: '3.1.x'
 - name: Install dependencies
@@ -139,7 +139,7 @@ For more information, see "[Caching dependencies to speed up workflows](/actions
 steps:
 - uses: actions/checkout@v2
 - name: Setup dotnet
-  uses: actions/setup-dotnet@v1.6.0
+  uses: actions/setup-dotnet@v1.7.2
   with:
     dotnet-version: '3.1.x'
 - uses: actions/cache@v2
@@ -171,7 +171,7 @@ You can use the same commands that you use locally to build and test your code.
 steps:
 - uses: actions/checkout@v2
 - name: Setup dotnet
-  uses: actions/setup-dotnet@v1.6.0
+  uses: actions/setup-dotnet@v1.7.2
   with:
     dotnet-version: '3.1.x'
 - name: Install dependencies
@@ -206,7 +206,7 @@ jobs:
       steps:
       - uses: actions/checkout@v2
       - name: Setup dotnet
-        uses: actions/setup-dotnet@v1.6.0
+        uses: actions/setup-dotnet@v1.7.2
         with:
           dotnet-version: ${{ matrix.dotnet-version }}
       - name: Install dependencies
 
@@ -22,7 +22,7 @@ Workflow runs often reuse the same outputs or downloaded dependencies from one r
 
 Jobs on {% data variables.product.prodname_dotcom %}-hosted runners start in a clean virtual environment and must download dependencies each time, causing increased network utilization, longer runtime, and increased cost. To help speed up the time it takes to recreate these files, {% data variables.product.prodname_dotcom %} can cache dependencies you frequently use in workflows.
 
-To cache dependencies for a job, you'll need to use {% data variables.product.prodname_dotcom %}'s `cache` action. The action retrieves a cache identified by a unique key. For more information, see [`actions/cache`](https://github.com/actions/cache).
+To cache dependencies for a job, you'll need to use {% data variables.product.prodname_dotcom %}'s `cache` action. The action retrieves a cache identified by a unique key. For more information, see [`actions/cache`](https://github.com/actions/cache). If you are caching Ruby gems, instead consider using the Ruby maintained action, which can cache bundle installs on initiation. For more information, see [`ruby/setup-ruby`](https://github.com/ruby/setup-ruby#caching-bundle-install-automatically).
 
 {% warning %}
 
 
@@ -75,7 +75,7 @@ jobs:
         run: |
           expr 1 + 1 > output.log
       - name: Upload output file
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v2
         with:
           name: output-log-file
           path: output.log
 
@@ -117,7 +117,7 @@ GitHub Actions
 </tr>
 </table>
 
-{% data variables.product.prodname_actions %} caching is only applicable to {% data variables.product.prodname_dotcom %}-hosted runners. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
+{% data variables.product.prodname_actions %} caching is only applicable for repositories hosted on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
 
 {% data variables.product.prodname_actions %} does not have an equivalent of CircleCI’s Docker Layer Caching (or DLC).
 
 
@@ -77,7 +77,7 @@ This means that a compromise of a single action within a workflow can be very si
 
 ### Considering cross-repository access
 
-{% data variables.product.product_name %} is intentionally scoped for a single repository at a time. The `GITHUB_TOKEN` grants the same level of access as a write-access user, because any write-access user can access this token by creating or modifying workflow files. Users have specific permissions for each repository, so having the `GITHUB_TOKEN` for one repository grant access to another would impact the {% data variables.product.prodname_dotcom %} permission model if not implemented carefully. Similarly, caution must be taken when adding {% data variables.product.prodname_dotcom %} authentication tokens to a workflow, because this can also affect the {% data variables.product.prodname_dotcom %} permission model by inadvertently granting broad access to collaborators.
+{% data variables.product.prodname_actions %} is intentionally scoped for a single repository at a time. The `GITHUB_TOKEN` grants the same level of access as a write-access user, because any write-access user can access this token by creating or modifying workflow files. Users have specific permissions for each repository, so allowing the `GITHUB_TOKEN` for one repository to grant access to another would impact the {% data variables.product.prodname_dotcom %} permission model if not implemented carefully. Similarly, caution must be taken when adding {% data variables.product.prodname_dotcom %} authentication tokens to a workflow, because this can also affect the {% data variables.product.prodname_dotcom %} permission model by inadvertently granting broad access to collaborators.
 
 We have [a plan on the {% data variables.product.prodname_dotcom %} roadmap](https://github.com/github/roadmap/issues/74) to support a flow that allows cross-repository access within {% data variables.product.product_name %}, but this is not yet a supported feature. Currently, the only way to perform privileged cross-repository interactions is to place a {% data variables.product.prodname_dotcom %} authentication token or SSH key as a secret within the workflow. Because many authentication token types do not allow for granular access to specific resources, there is significant risk in using the wrong token type, as it can grant much broader access than intended.
 
 
@@ -95,6 +95,8 @@ For information about the API endpoints {% data variables.product.prodname_githu
 | repository projects | read/write | read |
 | statuses | read/write  | read |
 
+{% data reusables.actions.workflow-runs-dependabot-note %}
+
 If you need a token that requires permissions that aren't available in the `GITHUB_TOKEN`, you can create a personal access token and set it as a secret in your repository:
 
 1. Use or create a token with the appropriate permissions for that repository. For more information, see "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
 
@@ -77,6 +77,12 @@ When generating credentials, we recommend that you grant the minimum permissions
 
 If your repository {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "[email protected]"or currentVersion == "github-ae@latest" %}has environment secrets or {% endif %}can access secrets from the parent organization, then those secrets are also listed on this page.
 
+{% note %}
+
+**Note:** Users with collaborator access can use the REST API to manage secrets for a repository. For more information, see "[{% data variables.product.prodname_actions %} secrets API](/rest/reference/actions#secrets)."
+
+{% endnote %}
+
 {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "[email protected]" or currentVersion == "github-ae@latest" }
 ### Creating encrypted secrets for an environment