nopcoder
diff --git a/‎components/guides/ProductGuides.tsx
Lines changed: 21 additions & 19 deletions b/‎components/guides/ProductGuides.tsx
Lines changed: 21 additions & 19 deletions
diff --git a/‎content/actions/creating-actions/creating-a-docker-container-action.md
Lines changed: 1 addition & 1 deletion b/‎content/actions/creating-actions/creating-a-docker-container-action.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database.md
Lines changed: 2 additions & 1 deletion b/‎content/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md
Lines changed: 1 addition & 1 deletion b/‎content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/developers/overview/secret-scanning-partner-program.md
Lines changed: 41 additions & 19 deletions b/‎content/developers/overview/secret-scanning-partner-program.md
Lines changed: 41 additions & 19 deletions
diff --git a/‎content/get-started/writing-on-github/working-with-saved-replies/about-saved-replies.md
Lines changed: 1 addition & 1 deletion b/‎content/get-started/writing-on-github/working-with-saved-replies/about-saved-replies.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue.md
Lines changed: 4 additions & 0 deletions b/‎content/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎content/rest/enterprise-admin/scim.md
Lines changed: 68 additions & 1 deletion b/‎content/rest/enterprise-admin/scim.md
Lines changed: 68 additions & 1 deletion
diff --git a/‎data/release-notes/enterprise-server/3-3/12.yml
Lines changed: 1 addition & 0 deletions b/‎data/release-notes/enterprise-server/3-3/12.yml
Lines changed: 1 addition & 0 deletions
diff --git a/‎lib/redirects/static/client-side-rest-api-redirects.json
Lines changed: 2 additions & 2 deletions b/‎lib/redirects/static/client-side-rest-api-redirects.json
Lines changed: 2 additions & 2 deletions
@@ -17,26 +17,28 @@ export const ProductGuides = () => {
         <GuidesHero />
       </LandingSection>
 
-      {learningTracks && learningTracks.length > 0 && (
-        <LandingSection
-          title={`${title} learning paths`}
-          className="border-top py-6"
-          sectionLink="learning-paths"
-          description={t('learning_paths_desc')}
-        >
-          <LearningTracks />
-        </LandingSection>
-      )}
+      <div data-search="article-body">
+        {learningTracks && learningTracks.length > 0 && (
+          <LandingSection
+            title={`${title} learning paths`}
+            className="border-top py-6"
+            sectionLink="learning-paths"
+            description={t('learning_paths_desc')}
+          >
+            <LearningTracks />
+          </LandingSection>
+        )}
 
-      {includeGuides && (
-        <LandingSection
-          title={`All ${title} guides`}
-          className="border-top py-6 color-border-default"
-          sectionLink="all-guides"
-        >
-          <ArticleCards />
-        </LandingSection>
-      )}
+        {includeGuides && (
+          <LandingSection
+            title={`All ${title} guides`}
+            className="border-top py-6 color-border-default"
+            sectionLink="all-guides"
+          >
+            <ArticleCards />
+          </LandingSection>
+        )}
+      </div>
     </DefaultLayout>
   )
 }
@@ -124,7 +124,7 @@ Next, the script gets the current time and sets it as an output variable that ac
 1. Make your `entrypoint.sh` file executable. Git provides a way to explicitly change the permission mode of a file so that it doesn’t get reset every time there is a clone/fork.
 
   ```shell{:copy}
-  $ git update-index —chmod=+x entrypoint.sh
+  $ git update-index --chmod=+x entrypoint.sh
   ```
 
 1. Optionally, to check the permission mode of the file in the git index, run the following command.
 
@@ -57,7 +57,8 @@ Generally, we name our supported ecosystems after the software programming langu
 - Maven (registry: https://repo.maven.apache.org/maven2)
 - npm (registry: https://www.npmjs.com/)
 - NuGet (registry: https://www.nuget.org/)
-- pip (registry: https://pypi.org/)
+- pip (registry: https://pypi.org/){% ifversion dependency-graph-dart-support %}
+- pub (registry: https://pub.dev/packages/registry){% endif %}
 - RubyGems (registry: https://rubygems.org/)
 - Rust (registry: https://crates.io/)
 
 
@@ -61,7 +61,7 @@ jobs:
           go-version: ">=1.18.0"
 
       - name: Run snapshot action
-        uses: @actions/go-dependency-submission@v1
+        uses: actions/go-dependency-submission@v1
         with:
             # Required: Define the repo path to the go.mod file used by the
             # build target
 
@@ -59,26 +59,25 @@ Send this information to <a href="mailto:secret-scanning@github.com">secret-scan
 
 Create a public, internet accessible HTTP endpoint at the URL you provided to us. When a match of your regular expression is found in a public repository, {% data variables.product.prodname_dotcom %} will send an HTTP `POST` message to your endpoint.
 
-#### Example POST sent to your endpoint
+#### Example request body
 
-```http
-POST / HTTP/2
-Host: HOST
-Accept: */*
-Content-Type: application/json
-GITHUB-PUBLIC-KEY-IDENTIFIER: f9525bf080f75b3506ca1ead061add62b8633a346606dc5fe544e29231c6ee0d
-GITHUB-PUBLIC-KEY-SIGNATURE: MEUCIQDfLvT8/zM8F1aB3cM0ZwyeWF1m5YR6IhcUIv1OKQYL0wIgBZ5lVXB3gHK+dT8+xt0WgRVLqvsTPFiDO9QP/7eJ4yE=
-Content-Length: 187
-
-[{"token":"NMIfyYncKcRALEXAMPLE","type":"mycompany_api_token","url":"https://github.com/octocat/Hello-World/blob/12345600b9cbe38a219f39a9941c9319b600c002/foo/bar.txt","source":"content"}]
+```json
+[
+  {
+    "token":"NMIfyYncKcRALEXAMPLE",
+    "type":"mycompany_api_token",
+    "url":"https://github.com/octocat/Hello-World/blob/12345600b9cbe38a219f39a9941c9319b600c002/foo/bar.txt",
+    "source":"content"
+  }
+]
 ```
 
-The message body is a JSON array that contains one or more objects with the following contents. When multiple matches are found, {% data variables.product.prodname_dotcom %}  may send a single message with more than one secret match. Your endpoint should be able to handle requests with a large number of matches without timing out.
+The message body is a JSON array that contains one or more objects, with each object representing a single secret match. Your endpoint should be able to handle requests with a large number of matches without timing out. The keys for each secret match are:
 
 * **token**: The value of the secret match.
 * **type**: The unique name you provided to identify your regular expression.
 * **url**: The public URL where the match was found (may be empty)
-* **source**: Where the token was found on GitHub.
+* **source**: Where the token was found on {% data variables.product.prodname_dotcom %}.
 
 The list of valid values for `source` are:
 
@@ -97,26 +96,32 @@ The list of valid values for `source` are:
 
 ### Implement signature verification in your secret alert service
 
-We strongly recommend you implement signature validation in your secret alert service to ensure that the messages you receive are genuinely from {% data variables.product.prodname_dotcom %} and not malicious.
+The HTTP request to your service will also contain headers that we strongly recommend using
+to validate the messages you receive are genuinely from {% data variables.product.prodname_dotcom %}, and are not malicious.
+
+The two HTTP headers to look for are:
+
+* `GITHUB-PUBLIC-KEY-IDENTIFIER`: Which `key_identifier` to use from our API
+* `GITHUB-PUBLIC-KEY-SIGNATURE`: Signature of the payload
 
-You can retrieve the {% data variables.product.prodname_dotcom %} secret scanning public key from https://api.github.com/meta/public_keys/secret_scanning and validate the message using the `ECDSA-NIST-P256V1-SHA256` algorithm.
+You can retrieve the {% data variables.product.prodname_dotcom %} secret scanning public key from https://api.github.com/meta/public_keys/secret_scanning and validate the message using the `ECDSA-NIST-P256V1-SHA256` algorithm. The endpoint
+will provide several `key_identifier` and public keys. You can determine which public
+key to use based on the value of `GITHUB-PUBLIC-KEY-IDENTIFIER`.
 
 {% note %}
 
 **Note**: When you send a request to the public key endpoint above, you may hit rate limits. To avoid hitting rate limits, you can use a personal access token (no scopes required) as suggested in the samples below, or use a conditional request. For more information, see "[Getting started with the REST API](/rest/guides/getting-started-with-the-rest-api#conditional-requests)."
 
 {% endnote %}
 
-Assuming you receive the following message, the code snippets below demonstrate how you could perform signature validation.
-The code snippets assume you've set an environment variable called `GITHUB_PRODUCTION_TOKEN` with a generated PAT (https://github.com/settings/tokens) to avoid hitting rate limits. The PAT does not need any scopes/permissions.
-
 {% note %}
 
 **Note**: The signature was generated using the raw message body. So it's important you also use the raw message body for signature validation, instead of parsing and stringifying the JSON, to avoid rearranging the message or changing spacing.
 
 {% endnote %}
 
-**Sample message sent to verify endpoint**
+**Sample HTTP POST sent to verify endpoint**
+
 ```http
 POST / HTTP/2
 Host: HOST
@@ -129,6 +134,23 @@ Content-Length: 83
 [{"token":"some_token","type":"some_type","url":"some_url","source":"some_source"}]
 ```
 
+{% note %}
+
+**Note**: The key id and signature from the example payload is derived from a test key.
+The public key for them is:
+
+```
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsz9ugWDj5jK5ELBK42ynytbo38gP
+HzZFI03Exwz8Lh/tCfL3YxwMdLjB+bMznsanlhK0RwcGP3IDb34kQDIo3Q==
+-----END PUBLIC KEY-----
+```
+
+{% endnote %}
+
+The following code snippets demonstrate how you could perform signature validation.
+The code examples assume you've set an environment variable called `GITHUB_PRODUCTION_TOKEN` with a generated [personal access token](https://github.com/settings/tokens) (PAT) to avoid hitting rate limits. The PAT does not need any scopes/permissions.
+
 **Validation sample in Go**
 ```golang
 package main
 
@@ -15,7 +15,7 @@ versions:
 
 Saved replies allow you to create a reusable response to issues and pull requests. Save time by creating a saved reply for the responses you use most frequently.
 
-Once you've added a saved reply, it can be used in both issues and pull requests. Saved replies are tied to your personal account. Once they're created, you'll be able to use them across repositories and organizations.
+Once you've added a saved reply, it can be used in issues, pull requests, and discussions. Saved replies are tied to your personal account. Once they're created, you'll be able to use them across repositories and organizations.
 
 You can create a maximum of 100 saved replies. If you've reached the maximum limit, you can delete saved replies that you no longer use or edit existing saved replies.
 
 
@@ -57,6 +57,10 @@ With other CI providers, you may need to update your CI configuration to run whe
 
 Repository administrators can require a merge queue by enabling the branch protection setting "Require merge queue" in the protection rules for the base branch.
 
+### About the merge group size setting
+
+You can configure a merge queue's merge group size, which determines how many pull requests are included in each merge group. When there are no status check failures or merge conflicts, choosing the default "small" merge group size will form groups containing 2 pull requests. If you want to group more pull requests per group, you may choose the "medium" merge group size to form groups containing 5 pull requests each.
+
 For information about how to enable the merge queue protection setting, see "[Managing a branch protection rule](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/managing-a-branch-protection-rule#creating-a-branch-protection-rule)."
 
 ## Further reading
 
@@ -1,10 +1,77 @@
 ---
 title: SCIM
-intro: ''
+intro: 'You can automate user creation and team memberships using the SCIM API.'
 versions:
   ghes: '>=3.6'
 topics:
   - API
 miniTocMaxHeadingLevel: 3
 ---
 
+{% note %}
+
+**Note:** The SCIM API for {% data variables.product.product_name %} is currently in private beta and subject to change. To access the private beta and test the API, contact your account manager on {% data variables.contact.contact_enterprise_sales %}.
+
+{% endnote %}
+
+## About the SCIM API
+
+{% data variables.product.product_name %} provides a SCIM API for use by SCIM-enabled Identity Providers (IdPs). An integration on the IdP can use the API to automatically provision, manage, or deprovision user accounts on a {% data variables.product.product_name %} instance that uses SAML single sign-on (SSO) for authentication. For more information about SAML SSO, see "[About SAML for enterprise IAM](/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam)."
+
+The SCIM API is based on SCIM 2.0. For more information, see the [specification](https://www.simplecloud.info/#Specification).
+
+### SCIM endpoint URLs
+
+An IdP can use the following root URL to communicate with the SCIM API for a {% data variables.product.product_name %} instance.
+
+```
+{% data variables.product.api_url_code %}/scim/v2/
+```
+
+Endpoint URLs for the SCIM API are case-sensitive. For example, the first letter in the `Users` endpoint must be capitalized.
+
+```shell
+GET /scim/v2/Users/{scim_user_id}
+```
+
+### Authenticating calls to the SCIM API
+
+The SCIM integration on the IdP performs actions on behalf of an enterprise owner for the {% data variables.product.product_name %} instance. For more information, see "[Roles in an enterprise](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise#enterprise-owners)."
+
+To authenticate requests to the API, the person who configures SCIM on the IdP must use a personal access token (classic) with `admin:enterprise` scope, which the IdP must provide in the request's `Authorization` header. For more information about personal access tokens (classic), see "[Creating a personal access token](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)".
+
+{% note %}
+
+**Note:** Enterprise owners must generate and use a personal access token (classic) for authentication of requests to the SCIM API. {% ifversion ghes > 3.8 %}Fine-grained personal access tokens and {% endif %}GitHub app callers are not supported at this time.
+
+{% endnote %}
+
+### About mapping of SAML and SCIM data
+  
+The {% data variables.product.product_name %} instance links each user who authenticates successfully with SAML SSO to a SCIM identity. To link the identities successfully, the SAML IdP and the SCIM integration must use matching SAML `NameID` and SCIM `userName` values for each user.
+
+{% ifversion ghes > 3.7 %}
+{% note %}
+
+**Note:** If the {% data variables.product.product_name %} uses Azure AD as a SAML IdP, {% data variables.product.product_name %} will also check the SCIM `externalId` claim and SAML `http://schemas.microsoft.com/identity/claims/objectidentifier` claim to match users first, instead of using `NameID` and `userName`. 
+
+{% endnote %}
+{% endif %}
+
+### Supported SCIM user attributes
+
+The SCIM API's `User` endpoints support the following attributes within a request's parameters.
+
+| Name | Type | Description |
+| :- | :- | :- |
+| `displayName` | String | Human-readable name for a user. |
+| `name.formatted` | String | The user's full name, including all middle names, titles, and suffixes, formatted for display.
+| `name.givenName` | String | The first name of the user. |
+| `name.familyName` | String | The last name of the user. |
+| `userName` | String | The username for the user, generated by the IdP. Undergoes [normalization](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication#about-username-normalization) before being used. 
+| `emails` | Array | List of the user's emails. |
+| `roles` | Array | List of the user's roles. |
+| `externalId` | String | This identifier is generated by an IdP provider. You can find the `externalId` for a user either on the IdP, or by using the [List SCIM provisioned identities](#list-scim-provisioned-identities-for-an-enterprise) endpoint and filtering on other known attributes, such as a user's username or email address on the {% data variables.product.product_name %} instance. |
+| `id` | String | Identifier generated by the instance's SCIM endpoint. |
+| `active` | Boolean | Indicates whether the identity is active (`true`) or should be suspended (`false`). |
+
@@ -20,3 +20,4 @@ sections:
     - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
     - '{% data variables.product.prodname_actions %} storage settings cannot be validated and saved in the {% data variables.enterprise.management_console %} when "Force Path Style" is selected, and must instead be configured with the `ghe-actions-precheck` command line utility.'
     - '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
+    - The [file finder](/search-github/searching-on-github/finding-files-on-github) does not return any results. To restore functionality, reinstall the 3.3.12 patch release using a full upgrade package. For more information, see "[Upgrading GitHub Enterprise Server](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#upgrading-with-an-upgrade-package)."
@@ -956,8 +956,8 @@
   "/rest/teams#unlink-external-idp-group-team-connection": "/rest/teams/external-groups#unlink-external-idp-group-team-connection",
   "/rest/teams#list-idp-groups-for-a-team": "/rest/teams/team-sync#list-idp-groups-for-a-team",
   "/rest/teams#create-or-update-idp-group-connections": "/rest/teams/team-sync#create-or-update-idp-group-connections",
-  "/rest/actions/oidc#get-the-opt-out-flag-of-an-oidc-subject-claim-customization-for-a-repository": "/rest/actions/oidc#get-the-opt-out-flag-of-an-oidc-subject-claim-customization-for-a-repository",
-  "/rest/actions/oidc#set-the-opt-out-flag-of-an-oidc-subject-claim-customization-for-a-repository": "/rest/actions/oidc#set-the-opt-out-flag-of-an-oidc-subject-claim-customization-for-a-repository",
+  "/rest/actions/oidc#get-the-customization-template-for-an-oidc-subject-claim-for-a-repository": "/rest/actions/oidc#get-the-customization-template-for-an-oidc-subject-claim-for-a-repository",
+  "/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository": "/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository",
   "/rest/teams#list-idp-groups-for-a-team-legacy": "/rest/teams/team-sync#list-idp-groups-for-a-team-legacy",
   "/rest/teams#create-or-update-idp-group-connections-legacy": "/rest/teams/team-sync#create-or-update-idp-group-connections-legacy",
   "/rest/enterprise-admin#list-global-webhooks": "/rest/enterprise-admin/global-webhooks#list-global-webhooks",