On member NotificationThread.list:list will be removed. Use the optionalList field instead. Effective 2026-01-01.
On member NotificationThread.subject:subject will be removed. Use the optionalSubject field instead. Effective 2026-01-01.
subject will be removed. Use the optionalSubject field instead.
Null values are possible for this field.
", + "date": "2026-01-01", + "criticality": "breaking", + "owner": "github/notifications" + }, + { + "location": "NotificationThread.list", + "description": "list will be removed. Use the optionalList field instead.
Null values are possible for this field.
", + "date": "2026-01-01", + "criticality": "breaking", + "owner": "github/notifications" + } + ], "2025-10-01": [ { "location": "SecurityAdvisory.cvss", diff --git a/src/graphql/data/ghec/graphql_upcoming_changes.public.yml b/src/graphql/data/ghec/graphql_upcoming_changes.public.yml index 4d0c9d0962c9..6f13e8c4bafc 100644 --- a/src/graphql/data/ghec/graphql_upcoming_changes.public.yml +++ b/src/graphql/data/ghec/graphql_upcoming_changes.public.yml @@ -1526,6 +1526,18 @@ upcoming_changes: date: '2025-10-01T00:00:00+00:00' criticality: breaking owner: github/advisory-database + - location: NotificationThread.list + description: '`list` will be removed. Use the `optionalList` field instead.' + reason: Null values are possible for this field. + date: '2026-01-01T00:00:00+00:00' + criticality: breaking + owner: github/notifications + - location: NotificationThread.subject + description: '`subject` will be removed. Use the `optionalSubject` field instead.' + reason: Null values are possible for this field. + date: '2026-01-01T00:00:00+00:00' + criticality: breaking + owner: github/notifications - location: AuditEntry.action description: '`action` will be removed.' reason: The GraphQL audit-log is deprecated. Please use the REST API instead. diff --git a/src/graphql/data/ghec/upcoming-changes.json b/src/graphql/data/ghec/upcoming-changes.json index 4f5ab80b738c..bbeb98409f6e 100644 --- a/src/graphql/data/ghec/upcoming-changes.json +++ b/src/graphql/data/ghec/upcoming-changes.json @@ -8873,6 +8873,24 @@ "owner": "audit_logs" } ], + "2026-01-01": [ + { + "location": "NotificationThread.subject", + "description": "subject will be removed. Use the optionalSubject field instead.
Null values are possible for this field.
", + "date": "2026-01-01", + "criticality": "breaking", + "owner": "github/notifications" + }, + { + "location": "NotificationThread.list", + "description": "list will be removed. Use the optionalList field instead.
Null values are possible for this field.
", + "date": "2026-01-01", + "criticality": "breaking", + "owner": "github/notifications" + } + ], "2025-10-01": [ { "location": "SecurityAdvisory.cvss", diff --git a/src/rest/data/ghec-2022-11-28/schema.json b/src/rest/data/ghec-2022-11-28/schema.json index 23f338a4936c..63e8c96d1652 100644 --- a/src/rest/data/ghec-2022-11-28/schema.json +++ b/src/rest/data/ghec-2022-11-28/schema.json @@ -1351,13 +1351,13 @@ } ], "previews": [], - "descriptionHTML": "Gets GitHub Actions cache usage for a repository.\nThe data fetched using this API is refreshed approximately every 5 minutes, so values returned from this endpoint may take at least 5 minutes to get updated.
\nAnyone with read access to the repository can use this endpoint.
\nIf the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Gets GitHub Actions cache usage for a repository.\nThe data fetched using this API is refreshed approximately every 5 minutes, so values returned from this endpoint may take at least 5 minutes to get updated.
\nAnyone with read access to the repository can use this endpoint.
\nIf the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Gets a GitHub-hosted runner configured in an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Gets a GitHub-hosted runner configured in an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
Deletes a GitHub-hosted runner for an enterprise.
", "statusCodes": [ { "httpStatusCode": "202", "description": "Accepted
" } - ] + ], + "descriptionHTML": "Deletes a GitHub-hosted runner for an enterprise.
" }, { "serverUrl": "https://api.github.com", @@ -4918,13 +4918,13 @@ } ], "previews": [], - "descriptionHTML": "Get the list of partner images available for GitHub-hosted runners for an organization.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Get the list of partner images available for GitHub-hosted runners for an organization.
" }, { "serverUrl": "https://api.github.com", @@ -5129,13 +5129,13 @@ } ], "previews": [], - "descriptionHTML": "Get the list of machine specs available for GitHub-hosted runners for an organization.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Get the list of machine specs available for GitHub-hosted runners for an organization.
" }, { "serverUrl": "https://api.github.com", @@ -7495,13 +7495,13 @@ } ], "previews": [], - "descriptionHTML": "Replaces the list of selected organizations that are enabled for GitHub Actions in an enterprise. To use this endpoint, the enterprise permission policy for enabled_organizations must be configured to selected. For more information, see \"Set GitHub Actions permissions for an enterprise.\"
OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
No Content
" } - ] + ], + "descriptionHTML": "Replaces the list of selected organizations that are enabled for GitHub Actions in an enterprise. To use this endpoint, the enterprise permission policy for enabled_organizations must be configured to selected. For more information, see \"Set GitHub Actions permissions for an enterprise.\"
OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Gets the selected actions and reusable workflows that are allowed in an enterprise. To use this endpoint, the enterprise permission policy for allowed_actions must be configured to selected. For more information, see \"Set GitHub Actions permissions for an enterprise.\"
OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Gets the selected actions and reusable workflows that are allowed in an enterprise. To use this endpoint, the enterprise permission policy for allowed_actions must be configured to selected. For more information, see \"Set GitHub Actions permissions for an enterprise.\"
OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Gets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an enterprise,\nas well as whether GitHub Actions can submit approving pull request reviews. For more information, see\n\"Enforcing a policy for workflow permissions in your enterprise.\"
OAuth tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Success response
" } - ] + ], + "descriptionHTML": "Gets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an enterprise,\nas well as whether GitHub Actions can submit approving pull request reviews. For more information, see\n\"Enforcing a policy for workflow permissions in your enterprise.\"
OAuth tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Lists the selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be configured to selected. For more information, see \"Set GitHub Actions permissions for an organization.\"
OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Lists the selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be configured to selected. For more information, see \"Set GitHub Actions permissions for an organization.\"
OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Replaces the list of selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be configured to selected. For more information, see \"Set GitHub Actions permissions for an organization.\"
OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
No Content
" } - ] + ], + "descriptionHTML": "Replaces the list of selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be configured to selected. For more information, see \"Set GitHub Actions permissions for an organization.\"
OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Removes a repository from the list of selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be configured to selected. For more information, see \"Set GitHub Actions permissions for an organization.\"
OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
No Content
" } - ] + ], + "descriptionHTML": "Removes a repository from the list of selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories must be configured to selected. For more information, see \"Set GitHub Actions permissions for an organization.\"
OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Gets your public key, which you need to encrypt secrets. You need to\nencrypt a secret before you can create or update secrets.
\nThe authenticated user must have collaborator access to a repository to create, update, or read secrets.
\nOAuth tokens and personal access tokens (classic) need theadmin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Gets your public key, which you need to encrypt secrets. You need to\nencrypt a secret before you can create or update secrets.
\nThe authenticated user must have collaborator access to a repository to create, update, or read secrets.
\nOAuth tokens and personal access tokens (classic) need theadmin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Creates or updates an organization secret with an encrypted value. Encrypt your secret using\nLibSodium. For more information, see \"Encrypting secrets for the REST API.\"
\nAuthenticated users must have collaborator access to a repository to create, update, or read secrets.
\nOAuth tokens and personal access tokens (classic) need theadmin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Response when updating a secret
" } - ] + ], + "descriptionHTML": "Creates or updates an organization secret with an encrypted value. Encrypt your secret using\nLibSodium. For more information, see \"Encrypting secrets for the REST API.\"
\nAuthenticated users must have collaborator access to a repository to create, update, or read secrets.
\nOAuth tokens and personal access tokens (classic) need theadmin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Deletes a secret in an organization using the secret name.
\nAuthenticated users must have collaborator access to a repository to create, update, or read secrets.
\nOAuth tokens and personal access tokens (classic) need theadmin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
No Content
" } - ] + ], + "descriptionHTML": "Deletes a secret in an organization using the secret name.
\nAuthenticated users must have collaborator access to a repository to create, update, or read secrets.
\nOAuth tokens and personal access tokens (classic) need theadmin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Replaces all repositories for an organization secret when the visibility\nfor repository access is set to selected. The visibility is set when you Create\nor update an organization secret.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. If the repository is private, the repo scope is also required.
No Content
" } - ] + ], + "descriptionHTML": "Replaces all repositories for an organization secret when the visibility\nfor repository access is set to selected. The visibility is set when you Create\nor update an organization secret.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. If the repository is private, the repo scope is also required.
Gets a specific self-hosted runner group for an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Gets a specific self-hosted runner group for an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
Replaces the list of organizations that have access to a self-hosted runner configured in an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
No Content
" } - ] + ], + "descriptionHTML": "Replaces the list of organizations that have access to a self-hosted runner configured in an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
Adds an organization to the list of selected organizations that can access a self-hosted runner group. The runner group must have visibility set to selected. For more information, see \"Create a self-hosted runner group for an enterprise.\"
OAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
No Content
" } - ] + ], + "descriptionHTML": "Adds an organization to the list of selected organizations that can access a self-hosted runner group. The runner group must have visibility set to selected. For more information, see \"Create a self-hosted runner group for an enterprise.\"
OAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
Lists the self-hosted runners that are in a specific enterprise group.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Lists the self-hosted runners that are in a specific enterprise group.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
Replaces the list of self-hosted runners that are part of an enterprise runner group.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
No Content
" } - ] + ], + "descriptionHTML": "Replaces the list of self-hosted runners that are part of an enterprise runner group.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
Lists all self-hosted runner groups configured in an organization and inherited from an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Lists all self-hosted runner groups configured in an organization and inherited from an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Lists the GitHub-hosted runners in an organization group.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Lists the GitHub-hosted runners in an organization group.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Lists all self-hosted runners configured for an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Lists all self-hosted runners configured for an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
Returns a token that you can pass to the config script to remove a self-hosted runner from an organization. The token expires after one hour.
For example, you can replace TOKEN in the following example with the registration token provided by this endpoint to remove your self-hosted runner from an organization:
./config.sh remove --token TOKEN\nAuthenticated users must have admin access to the organization to use this endpoint.
\nOAuth tokens and personal access tokens (classic) need theadmin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Created
" } - ] + ], + "descriptionHTML": "Returns a token that you can pass to the config script to remove a self-hosted runner from an organization. The token expires after one hour.
For example, you can replace TOKEN in the following example with the registration token provided by this endpoint to remove your self-hosted runner from an organization:
./config.sh remove --token TOKEN\nAuthenticated users must have admin access to the organization to use this endpoint.
\nOAuth tokens and personal access tokens (classic) need theadmin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Gets a specific self-hosted runner configured in an organization.
\nAuthenticated users must have admin access to the organization to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. If the repository is private, the repo scope is also required.
OK
" } - ] + ], + "descriptionHTML": "Gets a specific self-hosted runner configured in an organization.
\nAuthenticated users must have admin access to the organization to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. If the repository is private, the repo scope is also required.
Lists binaries for the runner application that you can download and run.
\nAuthenticated users must have admin access to the repository to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Lists binaries for the runner application that you can download and run.
\nAuthenticated users must have admin access to the repository to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Approve or reject pending deployments that are waiting on approval by a required reviewer.
\nRequired reviewers with read access to the repository contents and deployments can use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Approve or reject pending deployments that are waiting on approval by a required reviewer.
\nRequired reviewers with read access to the repository contents and deployments can use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Note
\n\nThis API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
\nOK
" } - ] + ], + "descriptionHTML": "Note
\n\nThis API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
\nLists repositories a user is watching.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Lists repositories a user is watching.
" } ] }, @@ -100305,13 +100305,13 @@ } ], "previews": [], - "descriptionHTML": "Gets the announcement banner currently set for the organization. Only returns the announcement banner set at the\norganization level. Organization members may also see an enterprise-level announcement banner. To get an\nannouncement banner displayed at the enterprise level, use the enterprise-level endpoint.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Gets the announcement banner currently set for the organization. Only returns the announcement banner set at the\norganization level. Organization members may also see an enterprise-level announcement banner. To get an\nannouncement banner displayed at the enterprise level, use the enterprise-level endpoint.
" }, { "serverUrl": "https://api.github.com", @@ -100436,13 +100436,13 @@ } ], "previews": [], - "descriptionHTML": "Sets the announcement banner to display for the organization.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Sets the announcement banner to display for the organization.
" }, { "serverUrl": "https://api.github.com", @@ -109646,13 +109646,13 @@ } ], "previews": [], - "descriptionHTML": "Enables an authenticated GitHub App to find the organization's installation information.
\nYou must use a JWT to access this endpoint.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Enables an authenticated GitHub App to find the organization's installation information.
\nYou must use a JWT to access this endpoint.
" }, { "serverUrl": "https://api.github.com", @@ -113035,13 +113035,13 @@ } ], "previews": [], - "descriptionHTML": "Revokes the installation token you're using to authenticate as an installation and access this endpoint.
\nOnce an installation token is revoked, the token is invalidated and cannot be used. Other endpoints that require the revoked installation token must have a new installation token to work. You can create a new token using the \"Create an installation access token for an app\" endpoint.
", "statusCodes": [ { "httpStatusCode": "204", "description": "No Content
" } - ] + ], + "descriptionHTML": "Revokes the installation token you're using to authenticate as an installation and access this endpoint.
\nOnce an installation token is revoked, the token is invalidated and cannot be used. Other endpoints that require the revoked installation token must have a new installation token to work. You can create a new token using the \"Create an installation access token for an app\" endpoint.
" }, { "serverUrl": "https://api.github.com", @@ -120702,13 +120702,13 @@ } ], "previews": [], - "descriptionHTML": "Returns the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see \"Creating a GitHub App.\"
\nYou must use a JWT to access this endpoint.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Returns the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see \"Creating a GitHub App.\"
\nYou must use a JWT to access this endpoint.
" }, { "serverUrl": "https://api.github.com", @@ -121830,13 +121830,13 @@ } ], "previews": [], - "descriptionHTML": "Gets the free and paid storage used for GitHub Packages in gigabytes.
\nPaid minutes only apply to packages stored for private repositories. For more information, see \"Managing billing for GitHub Packages.\"
\nOAuth app tokens and personal access tokens (classic) need the repo or admin:org scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Gets the free and paid storage used for GitHub Packages in gigabytes.
\nPaid minutes only apply to packages stored for private repositories. For more information, see \"Managing billing for GitHub Packages.\"
\nOAuth app tokens and personal access tokens (classic) need the repo or admin:org scope to use this endpoint.
Gets the summary of the free and paid GitHub Actions minutes used.
\nPaid minutes only apply to workflows in private repositories that use GitHub-hosted runners. Minutes used is listed for each GitHub-hosted runner operating system. Any job re-runs are also included in the usage. The usage returned includes any minute multipliers for macOS and Windows runners, and is rounded up to the nearest whole minute. For more information, see \"Managing billing for GitHub Actions\".
\nOAuth app tokens and personal access tokens (classic) need the user scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Gets the summary of the free and paid GitHub Actions minutes used.
\nPaid minutes only apply to workflows in private repositories that use GitHub-hosted runners. Minutes used is listed for each GitHub-hosted runner operating system. Any job re-runs are also included in the usage. The usage returned includes any minute multipliers for macOS and Windows runners, and is rounded up to the nearest whole minute. For more information, see \"Managing billing for GitHub Actions\".
\nOAuth app tokens and personal access tokens (classic) need the user scope to use this endpoint.
Gets the estimated paid and estimated total storage used for GitHub Actions and GitHub Packages.
\nPaid minutes only apply to packages stored for private repositories. For more information, see \"Managing billing for GitHub Packages.\"
\nOAuth app tokens and personal access tokens (classic) need the user scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Gets the estimated paid and estimated total storage used for GitHub Actions and GitHub Packages.
\nPaid minutes only apply to packages stored for private repositories. For more information, see \"Managing billing for GitHub Packages.\"
\nOAuth app tokens and personal access tokens (classic) need the user scope to use this endpoint.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub's products in the GitHub Help documentation.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub's products in the GitHub Help documentation.
" }, { "serverUrl": "https://api.github.com", @@ -144730,7 +144730,6 @@ } ], "previews": [], - "descriptionHTML": "Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub's products in the GitHub Help documentation.
\nReplaces the list of apps that have push access to this branch. This removes all apps that previously had push access and grants push access to the new list of apps. Only GitHub Apps that are installed on the repository and that have been granted write access to the repository contents can be added as authorized actors on a protected branch.
", "statusCodes": [ { "httpStatusCode": "200", @@ -144740,7 +144739,8 @@ "httpStatusCode": "422", "description": "Validation failed, or the endpoint has been spammed.
" } - ] + ], + "descriptionHTML": "Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub's products in the GitHub Help documentation.
\nReplaces the list of apps that have push access to this branch. This removes all apps that previously had push access and grants push access to the new list of apps. Only GitHub Apps that are installed on the repository and that have been granted write access to the repository contents can be added as authorized actors on a protected branch.
" }, { "serverUrl": "https://api.github.com", @@ -153342,13 +153342,13 @@ } ], "previews": [], - "descriptionHTML": "Creates a new check run for a specific commit in a repository.
\nTo create a check run, you must use a GitHub App. OAuth apps and authenticated users are not able to create a check suite.
\nIn a check suite, GitHub limits the number of check runs with the same name to 1000. Once these check runs exceed 1000, GitHub will start to automatically delete older check runs.
\nNote
\n\nThe Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array.
Created
" } - ] + ], + "descriptionHTML": "Creates a new check run for a specific commit in a repository.
\nTo create a check run, you must use a GitHub App. OAuth apps and authenticated users are not able to create a check suite.
\nIn a check suite, GitHub limits the number of check runs with the same name to 1000. Once these check runs exceed 1000, GitHub will start to automatically delete older check runs.
\nNote
\n\nThe Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array.
Gets a single check suite using its id.
Note
\n\nThe Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array and a null value for head_branch.
OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint on a private repository.
OK
" } - ] + ], + "descriptionHTML": "Gets a single check suite using its id.
Note
\n\nThe Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array and a null value for head_branch.
OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint on a private repository.
Triggers GitHub to rerequest an existing check suite, without pushing new code to a repository. This endpoint will trigger the check_suite webhook event with the action rerequested. When a check suite is rerequested, its status is reset to queued and the conclusion is cleared.
Created
" } - ] + ], + "descriptionHTML": "Triggers GitHub to rerequest an existing check suite, without pushing new code to a repository. This endpoint will trigger the check_suite webhook event with the action rerequested. When a check suite is rerequested, its status is reset to queued and the conclusion is cleared.
Lists the default code security configurations for an enterprise.
\nThe authenticated user must be an administrator of the enterprise in order to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the read:enterprise scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Lists the default code security configurations for an enterprise.
\nThe authenticated user must be an administrator of the enterprise in order to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the read:enterprise scope to use this endpoint.
Attach a code security configuration to a set of repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration.
\nIf insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled.
\nThe authenticated user must be an administrator or security manager for the organization to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.
Accepted
" } - ] + ], + "descriptionHTML": "Attach a code security configuration to a set of repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration.
\nIf insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled.
\nThe authenticated user must be an administrator or security manager for the organization to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.
Gets a public key for an organization, which is required in order to encrypt secrets. You need to encrypt the value of a secret before you can create or update secrets.\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Gets a public key for an organization, which is required in order to encrypt secrets. You need to encrypt the value of a secret before you can create or update secrets.\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Gets your public key, which you need to encrypt secrets. You need to\nencrypt a secret before you can create or update secrets.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Gets your public key, which you need to encrypt secrets. You need to\nencrypt a secret before you can create or update secrets.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Replaces all repositories for an organization secret when the visibility\nfor repository access is set to selected. The visibility is set when you Create\nor update an organization secret.
OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
No Content
" } - ] + ], + "descriptionHTML": "Replaces all repositories for an organization secret when the visibility\nfor repository access is set to selected. The visibility is set when you Create\nor update an organization secret.
OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "" }, { "serverUrl": "https://api.github.com", @@ -292109,13 +292109,13 @@ } ], "previews": [], - "descriptionHTML": "Creates a hosted compute network configuration for an enterprise.
", "statusCodes": [ { "httpStatusCode": "201", "description": "Created
" } - ] + ], + "descriptionHTML": "Creates a hosted compute network configuration for an enterprise.
" }, { "serverUrl": "https://api.github.com", @@ -326336,13 +326336,13 @@ } ], "previews": [], - "descriptionHTML": "Shows which type of GitHub user can interact with this organization and when the restriction expires. If there is no restrictions, you will see an empty response.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Shows which type of GitHub user can interact with this organization and when the restriction expires. If there is no restrictions, you will see an empty response.
" }, { "serverUrl": "https://api.github.com", @@ -352894,13 +352894,13 @@ } ], "previews": [], - "descriptionHTML": "Adds up to 10 assignees to an issue. Users already assigned to an issue are not replaced.
", "statusCodes": [ { "httpStatusCode": "201", "description": "Created
" } - ] + ], + "descriptionHTML": "Adds up to 10 assignees to an issue. Users already assigned to an issue are not replaced.
" }, { "serverUrl": "https://api.github.com", @@ -427101,7 +427101,6 @@ } ], "previews": [], - "descriptionHTML": "Lists the most commonly used licenses on GitHub. For more information, see \"Licensing a repository .\"
", "statusCodes": [ { "httpStatusCode": "200", @@ -427111,7 +427110,8 @@ "httpStatusCode": "304", "description": "Not modified
" } - ] + ], + "descriptionHTML": "Lists the most commonly used licenses on GitHub. For more information, see \"Licensing a repository .\"
" }, { "serverUrl": "https://api.github.com", @@ -427986,13 +427986,13 @@ } ], "previews": [], - "descriptionHTML": "Get Hypermedia links to resources accessible in GitHub's REST API
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Get Hypermedia links to resources accessible in GitHub's REST API
" }, { "serverUrl": "https://api.github.com", @@ -428342,7 +428342,6 @@ } ], "previews": [], - "descriptionHTML": "Returns meta information about GitHub, including a list of GitHub's IP addresses. For more information, see \"About GitHub's IP addresses.\"
\nThe API's response also includes a list of GitHub's domain names.
\nThe values shown in the documentation's response are example values. You must always query the API directly to get the latest values.
\nNote
\n\nThis endpoint returns both IPv4 and IPv6 addresses. However, not all features support IPv6. You should refer to the specific documentation for each feature to determine if IPv6 is supported.
\nNot modified
" } - ] + ], + "descriptionHTML": "Returns meta information about GitHub, including a list of GitHub's IP addresses. For more information, see \"About GitHub's IP addresses.\"
\nThe API's response also includes a list of GitHub's domain names.
\nThe values shown in the documentation's response are example values. You must always query the API directly to get the latest values.
\nNote
\n\nThis endpoint returns both IPv4 and IPv6 addresses. However, not all features support IPv6. You should refer to the specific documentation for each feature to determine if IPv6 is supported.
\nLists all organizations, in the order that they were created.
\nNote
\n\nPagination is powered exclusively by the since parameter. Use the Link header to get the URL for the next page of organizations.
Not modified
" } - ] + ], + "descriptionHTML": "Lists all organizations, in the order that they were created.
\nNote
\n\nPagination is powered exclusively by the since parameter. Use the Link header to get the URL for the next page of organizations.
Gets information about an organization.
\nWhen the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, outside collaborators, guest collaborators, repository collaborators, or everyone with access to any repository within the organization to enable two-factor authentication.
To see the full details about an organization, the authenticated user must be an organization owner.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.
To see information about an organization's GitHub Enterprise Cloud plan, GitHub Apps need the Organization plan permission.
Resource not found
" } - ] + ], + "descriptionHTML": "Gets information about an organization.
\nWhen the value of two_factor_requirement_enabled is true, the organization requires all members, billing managers, outside collaborators, guest collaborators, repository collaborators, or everyone with access to any repository within the organization to enable two-factor authentication.
To see the full details about an organization, the authenticated user must be an organization owner.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to see the full details about an organization.
To see information about an organization's GitHub Enterprise Cloud plan, GitHub Apps need the Organization plan permission.
Lists all GitHub Apps in an organization. The installation count includes\nall GitHub Apps installed on repositories in the organization.
\nThe authenticated user must be an organization owner to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the admin:read scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Lists all GitHub Apps in an organization. The installation count includes\nall GitHub Apps installed on repositories in the organization.
\nThe authenticated user must be an organization owner to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the admin:read scope to use this endpoint.
Get API request statistics for all subjects within an organization within a specified time frame. Subjects can be users or GitHub Apps.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Get API request statistics for all subjects within an organization within a specified time frame. Subjects can be users or GitHub Apps.
" }, { "serverUrl": "https://api.github.com", @@ -450249,13 +450249,13 @@ } ], "previews": [], - "descriptionHTML": "List the users blocked by an organization.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "List the users blocked by an organization.
" }, { "serverUrl": "https://api.github.com", @@ -452515,13 +452515,13 @@ } ], "previews": [], - "descriptionHTML": "Warning
\n\nClosing down notice: This operation is closing down and will be removed in the future. Use the \"List custom repository roles\" endpoint instead.
\nList the custom repository roles available in this organization. For more information on custom repository roles, see \"About custom repository roles.\"
\nThe authenticated user must be administrator of the organization or of a repository of the organization to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the admin:org or repo scope to use this endpoint.
Response - list of custom role names
" } - ] + ], + "descriptionHTML": "Warning
\n\nClosing down notice: This operation is closing down and will be removed in the future. Use the \"List custom repository roles\" endpoint instead.
\nList the custom repository roles available in this organization. For more information on custom repository roles, see \"About custom repository roles.\"
\nThe authenticated user must be administrator of the organization or of a repository of the organization to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the admin:org or repo scope to use this endpoint.
Deletes a custom role from an organization. Once the custom role has been deleted, any\nuser, team, or invitation with the deleted custom role will be reassigned the inherited role. For more information about custom repository roles, see \"About custom repository roles.\"
\nThe authenticated user must be an administrator for the organization to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
No Content
" } - ] + ], + "descriptionHTML": "Deletes a custom role from an organization. Once the custom role has been deleted, any\nuser, team, or invitation with the deleted custom role will be reassigned the inherited role. For more information about custom repository roles, see \"About custom repository roles.\"
\nThe authenticated user must be an administrator for the organization to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Lists the fine-grained permissions that can be used in custom repository roles for an organization. For more information, see \"About custom repository roles.\"
\nThe authenticated user must be an administrator of the organization or of a repository of the organization to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the admin:org or repo scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Lists the fine-grained permissions that can be used in custom repository roles for an organization. For more information, see \"About custom repository roles.\"
\nThe authenticated user must be an administrator of the organization or of a repository of the organization to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the admin:org or repo scope to use this endpoint.
Removes the public membership for the authenticated user from the specified organization, unless public visibility is enforced by default.
", "statusCodes": [ { "httpStatusCode": "204", "description": "No Content
" } - ] + ], + "descriptionHTML": "Removes the public membership for the authenticated user from the specified organization, unless public visibility is enforced by default.
" }, { "serverUrl": "https://api.github.com", @@ -461465,13 +461465,13 @@ } ], "previews": [], - "descriptionHTML": "Deletes a hosted compute network configuration from an organization.
\nOAuth app tokens and personal access tokens (classic) need the write:network_configurations scope to use this endpoint.
No Content
" } - ] + ], + "descriptionHTML": "Deletes a hosted compute network configuration from an organization.
\nOAuth app tokens and personal access tokens (classic) need the write:network_configurations scope to use this endpoint.
Gets a hosted compute network settings resource configured for an organization.
\nOAuth app tokens and personal access tokens (classic) need the read:network_configurations scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "Gets a hosted compute network settings resource configured for an organization.
\nOAuth app tokens and personal access tokens (classic) need the read:network_configurations scope to use this endpoint.
Revokes all assigned organization roles from a user. For more information on organization roles, see \"Using organization roles.\"
\nThe authenticated user must be an administrator for the organization to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
No Content
" } - ] + ], + "descriptionHTML": "Revokes all assigned organization roles from a user. For more information on organization roles, see \"Using organization roles.\"
\nThe authenticated user must be an administrator for the organization to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Warning
\n\nClosing down notice: This operation is closing down and will be removed starting January 1, 2026. Please use the \"Organization Roles\" endpoints instead.
\nOK
" } - ] + ], + "descriptionHTML": "Warning
\n\nClosing down notice: This operation is closing down and will be removed starting January 1, 2026. Please use the \"Organization Roles\" endpoints instead.
\nGets a specific package in an organization.
\nOAuth app tokens and personal access tokens (classic) need the read:packages scope to use this endpoint. For more information, see \"About permissions for GitHub Packages.\"
OK
" } - ] + ], + "descriptionHTML": "Gets a specific package in an organization.
\nOAuth app tokens and personal access tokens (classic) need the read:packages scope to use this endpoint. For more information, see \"About permissions for GitHub Packages.\"
Edits the content of a specified review comment.
\nThis endpoint supports the following custom media types. For more information, see \"Media types.\"
\napplication/vnd.github-commitcomment.raw+json: Returns the raw markdown body. Response will include body. This is the default if you do not pass any specific media type.application/vnd.github-commitcomment.text+json: Returns a text only representation of the markdown body. Response will include body_text.application/vnd.github-commitcomment.html+json: Returns HTML rendered from the body's markdown. Response will include body_html.application/vnd.github-commitcomment.full+json: Returns raw, text, and HTML representations. Response will include body, body_text, and body_html.OK
" } - ] + ], + "descriptionHTML": "Edits the content of a specified review comment.
\nThis endpoint supports the following custom media types. For more information, see \"Media types.\"
\napplication/vnd.github-commitcomment.raw+json: Returns the raw markdown body. Response will include body. This is the default if you do not pass any specific media type.application/vnd.github-commitcomment.text+json: Returns a text only representation of the markdown body. Response will include body_text.application/vnd.github-commitcomment.html+json: Returns HTML rendered from the body's markdown. Response will include body_html.application/vnd.github-commitcomment.full+json: Returns raw, text, and HTML representations. Response will include body, body_text, and body_html.List the reactions to a team discussion comment.
\nNote
\n\nYou can also specify a team by org_id and team_id using the route GET /organizations/:org_id/team/:team_id/discussions/:discussion_number/comments/:comment_number/reactions.
OAuth app tokens and personal access tokens (classic) need the read:discussion scope to use this endpoint.
OK
" } - ] + ], + "descriptionHTML": "List the reactions to a team discussion comment.
\nNote
\n\nYou can also specify a team by org_id and team_id using the route GET /organizations/:org_id/team/:team_id/discussions/:discussion_number/comments/:comment_number/reactions.
OAuth app tokens and personal access tokens (classic) need the read:discussion scope to use this endpoint.
List a collection of artifact attestations with a given subject digest that are associated with a repository.
\nThe authenticated user making the request must have read access to the repository. In addition, when using a fine-grained access token the attestations:read permission is required.
Please note: in order to offer meaningful security benefits, an attestation's signature and timestamps must be cryptographically verified, and the identity of the attestation signer must be validated. Attestations can be verified using the GitHub CLI attestation verify command. For more information, see our guide on how to use artifact attestations to establish a build's provenance.
OK
" } - ] + ], + "descriptionHTML": "List a collection of artifact attestations with a given subject digest that are associated with a repository.
\nThe authenticated user making the request must have read access to the repository. In addition, when using a fine-grained access token the attestations:read permission is required.
Please note: in order to offer meaningful security benefits, an attestation's signature and timestamps must be cryptographically verified, and the identity of the attestation signer must be validated. Attestations can be verified using the GitHub CLI attestation verify command. For more information, see our guide on how to use artifact attestations to establish a build's provenance.
Shows whether Dependabot security updates are enabled, disabled or paused for a repository. The authenticated user must have admin read access to the repository. For more information, see \"Configuring Dependabot security updates\".
", "statusCodes": [ { "httpStatusCode": "200", @@ -576084,7 +576083,8 @@ "httpStatusCode": "404", "description": "Not Found if Dependabot is not enabled for the repository
" } - ] + ], + "descriptionHTML": "Shows whether Dependabot security updates are enabled, disabled or paused for a repository. The authenticated user must have admin read access to the repository. For more information, see \"Configuring Dependabot security updates\".
" }, { "serverUrl": "https://api.github.com", @@ -592028,13 +592028,13 @@ } ], "previews": [], - "descriptionHTML": "Lists public repositories for the specified user.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Lists public repositories for the specified user.
" } ], "autolinks": [ @@ -603381,13 +603381,13 @@ } ], "previews": [], - "descriptionHTML": "Disables Git LFS for a repository.
\nOAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
No Content
" } - ] + ], + "descriptionHTML": "Disables Git LFS for a repository.
\nOAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Warning
\n\nClosing down notice: Projects (classic) is being deprecated in favor of the new Projects experience.\nSee the changelog for more information.
\nNot Found if project is not managed by this team
" } - ] + ], + "descriptionHTML": "Warning
\n\nClosing down notice: Projects (classic) is being deprecated in favor of the new Projects experience.\nSee the changelog for more information.
\nDisplays information about the specific group's usage. Provides a list of the group's external members as well as a list of teams that this group is connected to.
\nYou can manage team membership with your identity provider using Enterprise Managed Users for GitHub Enterprise Cloud. For more information, see \"GitHub's products\" in the GitHub Help documentation.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Displays information about the specific group's usage. Provides a list of the group's external members as well as a list of teams that this group is connected to.
\nYou can manage team membership with your identity provider using Enterprise Managed Users for GitHub Enterprise Cloud. For more information, see \"GitHub's products\" in the GitHub Help documentation.
" }, { "serverUrl": "https://api.github.com", @@ -683891,13 +683891,13 @@ } ], "previews": [], - "descriptionHTML": "Lists external groups available in an organization. You can query the groups using the display_name parameter, only groups with a group_name containing the text provided in the display_name parameter will be returned. You can also limit your page results using the per_page parameter. GitHub Enterprise Cloud generates a url-encoded page token using a cursor value for where the next page begins. For more information on cursor pagination, see \"Offset and Cursor Pagination explained.\"
You can manage team membership with your identity provider using Enterprise Managed Users for GitHub Enterprise Cloud. For more information, see \"GitHub's products\" in the GitHub Help documentation.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Lists external groups available in an organization. You can query the groups using the display_name parameter, only groups with a group_name containing the text provided in the display_name parameter will be returned. You can also limit your page results using the per_page parameter. GitHub Enterprise Cloud generates a url-encoded page token using a cursor value for where the next page begins. For more information on cursor pagination, see \"Offset and Cursor Pagination explained.\"
You can manage team membership with your identity provider using Enterprise Managed Users for GitHub Enterprise Cloud. For more information, see \"GitHub's products\" in the GitHub Help documentation.
" }, { "serverUrl": "https://api.github.com", @@ -684686,13 +684686,13 @@ } ], "previews": [], - "descriptionHTML": "The return hash contains a role field which refers to the Organization Invitation role and will be one of the following values: direct_member, admin, billing_manager, hiring_manager, or reinstate. If the invitee is not a GitHub Enterprise Cloud member, the login field in the return hash will be null.
Note
\n\nYou can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/invitations.
OK
" } - ] + ], + "descriptionHTML": "The return hash contains a role field which refers to the Organization Invitation role and will be one of the following values: direct_member, admin, billing_manager, hiring_manager, or reinstate. If the invitee is not a GitHub Enterprise Cloud member, the login field in the return hash will be null.
Note
\n\nYou can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/invitations.
Creates, updates, or removes a connection between a team and an IdP group. When adding groups to a team, you must include all new and existing groups to avoid replacing existing groups with the new ones. Specifying an empty groups array will remove all connections for a team.
Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see GitHub's products in the GitHub Help documentation.
\nNote
\n\nYou can also specify a team by org_id and team_id using the route PATCH /organizations/{org_id}/team/{team_id}/team-sync/group-mappings.
OK
" } - ] + ], + "descriptionHTML": "Creates, updates, or removes a connection between a team and an IdP group. When adding groups to a team, you must include all new and existing groups to avoid replacing existing groups with the new ones. Specifying an empty groups array will remove all connections for a team.
Team synchronization is available for organizations using GitHub Enterprise Cloud. For more information, see GitHub's products in the GitHub Help documentation.
\nNote
\n\nYou can also specify a team by org_id and team_id using the route PATCH /organizations/{org_id}/team/{team_id}/team-sync/group-mappings.
Lists all users, in the order that they signed up on GitHub Enterprise Cloud. This list includes personal user accounts and organization accounts.
\nNote: Pagination is powered exclusively by the since parameter. Use the Link header to get the URL for the next page of users.
Not modified
" } - ] + ], + "descriptionHTML": "Lists all users, in the order that they signed up on GitHub Enterprise Cloud. This list includes personal user accounts and organization accounts.
\nNote: Pagination is powered exclusively by the since parameter. Use the Link header to get the URL for the next page of users.
Lists social media accounts for a user. This endpoint is accessible by anyone.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ] + ], + "descriptionHTML": "Lists social media accounts for a user. This endpoint is accessible by anyone.
" } ], "ssh-signing-keys": [ diff --git a/src/rest/data/ghes-3.16-2022-11-28/schema.json b/src/rest/data/ghes-3.16-2022-11-28/schema.json index 8a77e35075aa..f4ebada4a17b 100644 --- a/src/rest/data/ghes-3.16-2022-11-28/schema.json +++ b/src/rest/data/ghes-3.16-2022-11-28/schema.json @@ -2555,13 +2555,13 @@ } ], "previews": [], + "descriptionHTML": "Gets the GitHub Actions permissions policy for organizations and allowed actions in an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
OK
" } - ], - "descriptionHTML": "Gets the GitHub Actions permissions policy for organizations and allowed actions in an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Adds an organization to the list of selected organizations that are enabled for GitHub Actions in an enterprise. To use this endpoint, the enterprise permission policy for enabled_organizations must be configured to selected. For more information, see \"Set GitHub Actions permissions for an enterprise.\"
OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
No Content
" } - ], - "descriptionHTML": "Adds an organization to the list of selected organizations that are enabled for GitHub Actions in an enterprise. To use this endpoint, the enterprise permission policy for enabled_organizations must be configured to selected. For more information, see \"Set GitHub Actions permissions for an enterprise.\"
OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Lists all secrets available in a repository without revealing their encrypted\nvalues.
\nAuthenticated users must have collaborator access to a repository to create, update, or read secrets.
\nOAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
OK
" } - ], - "descriptionHTML": "Lists all secrets available in a repository without revealing their encrypted\nvalues.
\nAuthenticated users must have collaborator access to a repository to create, update, or read secrets.
\nOAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Gets a single environment secret without revealing its encrypted value.
\nAuthenticated users must have collaborator access to a repository to create, update, or read secrets.
\nOAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
OK
" } - ], - "descriptionHTML": "Gets a single environment secret without revealing its encrypted value.
\nAuthenticated users must have collaborator access to a repository to create, update, or read secrets.
\nOAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Updates the name and visibility of a self-hosted runner group in an enterprise.
OAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
OK
" } - ], - "descriptionHTML": "Updates the name and visibility of a self-hosted runner group in an enterprise.
OAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
Lists the organizations with access to a self-hosted runner group.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
OK
" } - ], - "descriptionHTML": "Lists the organizations with access to a self-hosted runner group.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
Adds a self-hosted runner to a runner group configured in an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
No Content
" } - ], - "descriptionHTML": "Adds a self-hosted runner to a runner group configured in an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
Removes a self-hosted runner from a group configured in an enterprise. The runner is then returned to the default group.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
No Content
" } - ], - "descriptionHTML": "Removes a self-hosted runner from a group configured in an enterprise. The runner is then returned to the default group.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
Gets a specific self-hosted runner configured in an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
OK
" } - ], - "descriptionHTML": "Gets a specific self-hosted runner configured in an enterprise.
\nOAuth app tokens and personal access tokens (classic) need the manage_runners:enterprise scope to use this endpoint.
Creates a repository variable that you can reference in a GitHub Actions workflow.
\nAuthenticated users must have collaborator access to a repository to create, update, or read variables.
\nOAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Created
" } - ], - "descriptionHTML": "Creates a repository variable that you can reference in a GitHub Actions workflow.
\nAuthenticated users must have collaborator access to a repository to create, update, or read variables.
\nOAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
List all workflow runs for a workflow. You can replace workflow_id with the workflow file name. For example, you could use main.yaml. You can use parameters to narrow the list of results. For more information about using parameters, see Parameters.
Anyone with read access to the repository can use this endpoint
\nOAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.
This endpoint will return up to 1,000 results for each search when using the following parameters: actor, branch, check_suite_id, created, event, head_sha, status.
OK
" } - ], - "descriptionHTML": "List all workflow runs for a workflow. You can replace workflow_id with the workflow file name. For example, you could use main.yaml. You can use parameters to narrow the list of results. For more information about using parameters, see Parameters.
Anyone with read access to the repository can use this endpoint
\nOAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.
This endpoint will return up to 1,000 results for each search when using the following parameters: actor, branch, check_suite_id, created, event, head_sha, status.
Lists the feeds available to the authenticated user. The response provides a URL for each feed. You can then get a specific feed by sending a request to one of the feed URLs.
\nuri_template. For more information, see \"Hypermedia.\"By default, timeline resources are returned in JSON. You can specify the application/atom+xml type in the Accept header to return timeline resources in Atom format. For more information, see \"Media types.\"
Note
\n\nPrivate feeds are only returned when authenticating via Basic Auth since current feed URIs use the older, non revocable auth tokens.
\nOK
" } - ], - "descriptionHTML": "Lists the feeds available to the authenticated user. The response provides a URL for each feed. You can then get a specific feed by sending a request to one of the feed URLs.
\nuri_template. For more information, see \"Hypermedia.\"By default, timeline resources are returned in JSON. You can specify the application/atom+xml type in the Accept header to return timeline resources in Atom format. For more information, see \"Media types.\"
Note
\n\nPrivate feeds are only returned when authenticating via Basic Auth since current feed URIs use the older, non revocable auth tokens.
\nCreates a new check run for a specific commit in a repository.
\nTo create a check run, you must use a GitHub App. OAuth apps and authenticated users are not able to create a check suite.
\nIn a check suite, GitHub limits the number of check runs with the same name to 1000. Once these check runs exceed 1000, GitHub will start to automatically delete older check runs.
\nNote
\n\nThe Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array.
Created
" } - ], - "descriptionHTML": "Creates a new check run for a specific commit in a repository.
\nTo create a check run, you must use a GitHub App. OAuth apps and authenticated users are not able to create a check suite.
\nIn a check suite, GitHub limits the number of check runs with the same name to 1000. Once these check runs exceed 1000, GitHub will start to automatically delete older check runs.
\nNote
\n\nThe Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests array.
Lists the environments for a repository.
\nAnyone with read access to the repository can use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.
OK
" } - ], - "descriptionHTML": "Lists the environments for a repository.
\nAnyone with read access to the repository can use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.
OK
" } - ], - "descriptionHTML": "" + ] }, { "serverUrl": "http(s)://HOSTNAME/api/v3", @@ -209569,13 +209569,13 @@ } ], "previews": [], + "descriptionHTML": "", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ], - "descriptionHTML": "" + ] }, { "serverUrl": "http(s)://HOSTNAME/api/v3", @@ -211238,13 +211238,13 @@ } ], "previews": [], + "descriptionHTML": "Lists one audit log stream configuration via a stream ID.
\nWhen using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See \"Encrypting secrets for the REST API.\"
", "statusCodes": [ { "httpStatusCode": "200", "description": "Lists one audit log stream configuration via stream ID.
" } - ], - "descriptionHTML": "Lists one audit log stream configuration via a stream ID.
\nWhen using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See \"Encrypting secrets for the REST API.\"
" + ] }, { "serverUrl": "http(s)://HOSTNAME/api/v3", @@ -213804,13 +213804,13 @@ } ], "previews": [], + "descriptionHTML": "", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ], - "descriptionHTML": "" + ] } ], "manage-ghes": [ @@ -302035,13 +302035,13 @@ } ], "previews": [], + "descriptionHTML": "Updates a label using the given label name.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ], - "descriptionHTML": "Updates a label using the given label name.
" + ] }, { "serverUrl": "http(s)://HOSTNAME/api/v3", @@ -368610,13 +368610,13 @@ } ], "previews": [], + "descriptionHTML": "Updates the webhook configuration for an organization. To update more information about the webhook, including the active state and events, use \"Update an organization webhook .\"
You must be an organization owner to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need admin:org_hook scope. OAuth apps cannot list, view, or edit\nwebhooks that they did not create and users cannot list, view, or edit webhooks that were created by OAuth apps.
OK
" } - ], - "descriptionHTML": "Updates the webhook configuration for an organization. To update more information about the webhook, including the active state and events, use \"Update an organization webhook .\"
You must be an organization owner to use this endpoint.
\nOAuth app tokens and personal access tokens (classic) need admin:org_hook scope. OAuth apps cannot list, view, or edit\nwebhooks that they did not create and users cannot list, view, or edit webhooks that were created by OAuth apps.
Gets a specific package version in an organization.
\nOAuth app tokens and personal access tokens (classic) need the read:packages scope to use this endpoint. For more information, see \"About permissions for GitHub Packages.\"
OK
" } - ], - "descriptionHTML": "Gets a specific package version in an organization.
\nOAuth app tokens and personal access tokens (classic) need the read:packages scope to use this endpoint. For more information, see \"About permissions for GitHub Packages.\"
Gets the org public key, which is needed to encrypt private registry secrets. You need to encrypt a secret before you can create or update secrets.
\nOAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Resource not found
" } - ], - "descriptionHTML": "Gets the org public key, which is needed to encrypt private registry secrets. You need to encrypt a secret before you can create or update secrets.
\nOAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
Lists all reviews for a specified pull request. The list of reviews returns in chronological order.
\nThis endpoint supports the following custom media types. For more information, see \"Media types.\"
\napplication/vnd.github-commitcomment.raw+json: Returns the raw markdown body. Response will include body. This is the default if you do not pass any specific media type.application/vnd.github-commitcomment.text+json: Returns a text only representation of the markdown body. Response will include body_text.application/vnd.github-commitcomment.html+json: Returns HTML rendered from the body's markdown. Response will include body_html.application/vnd.github-commitcomment.full+json: Returns raw, text, and HTML representations. Response will include body, body_text, and body_html.The list of reviews returns in chronological order.
" } - ], - "descriptionHTML": "Lists all reviews for a specified pull request. The list of reviews returns in chronological order.
\nThis endpoint supports the following custom media types. For more information, see \"Media types.\"
\napplication/vnd.github-commitcomment.raw+json: Returns the raw markdown body. Response will include body. This is the default if you do not pass any specific media type.application/vnd.github-commitcomment.text+json: Returns a text only representation of the markdown body. Response will include body_text.application/vnd.github-commitcomment.html+json: Returns HTML rendered from the body's markdown. Response will include body_html.application/vnd.github-commitcomment.full+json: Returns raw, text, and HTML representations. Response will include body, body_text, and body_html.Gets a team using the team's slug. To create the slug, GitHub Enterprise Server replaces special characters in the name string, changes all words to lowercase, and replaces spaces with a - separator. For example, \"My TEam Näme\" would become my-team-name.
Note
\n\nYou can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}.
Resource not found
" } - ], - "descriptionHTML": "Gets a team using the team's slug. To create the slug, GitHub Enterprise Server replaces special characters in the name string, changes all words to lowercase, and replaces spaces with a - separator. For example, \"My TEam Näme\" would become my-team-name.
Note
\n\nYou can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}.
Lists the child teams of the team specified by {team_slug}.
Note
\n\nYou can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/teams.
if child teams exist
" } - ], - "descriptionHTML": "Lists the child teams of the team specified by {team_slug}.
Note
\n\nYou can also specify a team by org_id and team_id using the route GET /organizations/{org_id}/team/{team_id}/teams.
Deletes a connection between a team and an external group.
\nYou can manage team membership with your IdP using Enterprise Managed Users for GitHub Enterprise Cloud. For more information, see GitHub's products in the GitHub Help documentation.
", "statusCodes": [ { "httpStatusCode": "204", "description": "No Content
" } - ], - "descriptionHTML": "Deletes a connection between a team and an external group.
\nYou can manage team membership with your IdP using Enterprise Managed Users for GitHub Enterprise Cloud. For more information, see GitHub's products in the GitHub Help documentation.
" + ] } ], "members": [ @@ -550079,13 +550079,13 @@ } ], "previews": [], + "descriptionHTML": "Lists the verified public SSH keys for a user. This is accessible by anyone.
", "statusCodes": [ { "httpStatusCode": "200", "description": "OK
" } - ], - "descriptionHTML": "Lists the verified public SSH keys for a user. This is accessible by anyone.
" + ] } ], "social-accounts": [ diff --git a/src/search/components/helpers/execute-search-actions.ts b/src/search/components/helpers/execute-search-actions.ts index 5d7dffa4da4c..e6aa9a43bc1c 100644 --- a/src/search/components/helpers/execute-search-actions.ts +++ b/src/search/components/helpers/execute-search-actions.ts @@ -49,6 +49,7 @@ export async function executeAISearch(version: string, query: string, debug = fa const body = { query, version, + client_name: 'docs.github.com-client', ...(debug && { debug: '1' }), } @@ -80,6 +81,9 @@ export async function executeCombinedSearch( params.set('debug', '1') } + // Add client_name to identify requests from our frontend + params.set('client_name', 'docs.github.com-client') + // Always fetch 4 results for autocomplete params.set('size', '4') diff --git a/src/search/lib/helpers/external-search-analytics.ts b/src/search/lib/helpers/external-search-analytics.ts index e6e4754d8246..74b4ca2c68ad 100644 --- a/src/search/lib/helpers/external-search-analytics.ts +++ b/src/search/lib/helpers/external-search-analytics.ts @@ -12,27 +12,40 @@ export async function handleExternalSearchAnalytics( const host = req.headers['x-host'] || req.headers.host const normalizedHost = stripPort(host as string) - // Skip analytics entirely for production and internal staging environments - if ( - normalizedHost === 'docs.github.com' || - normalizedHost.endsWith('.github.net') || - normalizedHost.endsWith('.githubapp.com') - ) { - return null - } + // Check if this is likely an external API call rather than a browser request + const isLikelyExternalAPI = isExternalAPIRequest(req) - // For localhost, send analytics but auto-set client_name if not provided + // Get client_name from query or body let client_name = req.query.client_name || req.body?.client_name - if (normalizedHost === 'localhost' && !client_name) { - client_name = 'localhost' + + // Rule 1: Skip analytics for browser requests from our own frontend + if (!isLikelyExternalAPI && client_name === 'docs.github.com-client') { + return null } - // For all other external requests, require explicit client_name - if (!client_name) { - return { - status: 400, - error: "Missing required parameter 'client_name' for external requests", + // Rule 2: Send analytics for any request with a client_name that's not 'docs.github.com-client' + // (This includes partner APIs and other external clients) + if (client_name && client_name !== 'docs.github.com-client') { + // Analytics will be sent at the end of this function + } + // Rule 3: For requests without client_name, require it for external API requests + else if (!client_name) { + if (isLikelyExternalAPI) { + return { + status: 400, + error: "Missing required parameter 'client_name' for external requests", + } } + // For browser requests without client_name to internal environments, skip analytics + else if (normalizedHost.endsWith('.github.net') || normalizedHost.endsWith('.githubapp.com')) { + return null + } + // For localhost development without client_name, we'll still send analytics below + } + + // For localhost, ensure we have a client_name for analytics + if (normalizedHost === 'localhost' && !client_name) { + client_name = 'localhost' } // Send search event with client identifier @@ -71,19 +84,16 @@ export async function handleExternalSearchAnalytics( /** * Determines if a host should bypass client_name requirement for analytics - * Returns true if the host is docs.github.com or ends with github.net or githubapp.com - * (for production and internal staging environments) + * Returns true if the host ends with github.net or githubapp.com + * (for internal staging environments) + * Note: docs.github.com is removed since normalizedHost will always be docs.github.com in production * Note: localhost is NOT included here as it should send analytics with auto-set client_name */ export function shouldBypassClientNameRequirement(host: string | undefined): boolean { if (!host) return false const normalizedHost = stripPort(host) - return ( - normalizedHost === 'docs.github.com' || - normalizedHost.endsWith('.github.net') || - normalizedHost.endsWith('.githubapp.com') - ) + return normalizedHost.endsWith('.github.net') || normalizedHost.endsWith('.githubapp.com') } /** @@ -93,3 +103,42 @@ function stripPort(host: string): string { const [hostname] = host.split(':') return hostname } + +interface ExternalAPIRequestLike { + headers: Record