From 4f6a48113eee70d833c0740f8ed9682e9568114b Mon Sep 17 00:00:00 2001 From: mc <42146119+mchammer01@users.noreply.github.com> Date: Tue, 15 Oct 2024 06:47:27 +0100 Subject: [PATCH] Push protection delegated bypass for file uploads [GA] (#52564) Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com> Co-authored-by: Courtney Claessens --- .../secret-scanning/introduction/about-push-protection.md | 3 ++- .../working-with-push-protection-in-the-github-ui.md | 2 +- .../push-protection-delegated-bypass-file-upload-support.yml | 4 ++++ .../secret-scanning/push-protection-delegated-bypass-intro.md | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 data/features/push-protection-delegated-bypass-file-upload-support.yml diff --git a/content/code-security/secret-scanning/introduction/about-push-protection.md b/content/code-security/secret-scanning/introduction/about-push-protection.md index bc47536efdab..4792c34c38cf 100644 --- a/content/code-security/secret-scanning/introduction/about-push-protection.md +++ b/content/code-security/secret-scanning/introduction/about-push-protection.md @@ -41,7 +41,8 @@ For information about the secrets and service providers supported by push protec Push protection works: * From the command line. See "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line)." -* In the {% data variables.product.prodname_dotcom %} UI. See "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui)."{% ifversion secret-scanning-push-protection-content-endpoints %} +* In the {% data variables.product.prodname_dotcom %} UI. See "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui)."{% ifversion push-protection-delegated-bypass-file-upload-support %} +* On files uploaded onto the repository on {% data variables.product.prodname_dotcom %}.{% endif %}{% ifversion secret-scanning-push-protection-content-endpoints %} * From the REST API. See "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api)."{% endif %} Once enabled, if push protection detects a potential secret during a push attempt, it will block the push and provide a detailed message explaining the reason for the block. You will need to review the code in question, remove any sensitive information, and reattempt the push. diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md index 8a72e495a47a..1ed152d8172a 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md +++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md @@ -17,7 +17,7 @@ topics: ## About push protection in the {% data variables.product.prodname_dotcom %} UI -When you are creating and editing files in the {% data variables.product.prodname_dotcom %} UI, push protection prevents you from accidentally committing secrets to a repository by blocking commits containing supported secrets. +When you {% ifversion push-protection-delegated-bypass-file-upload-support %}upload, create, {% else %}create {% endif %}or edit files from the {% data variables.product.prodname_dotcom %} UI, push protection prevents you from accidentally committing secrets to a repository by blocking commits containing supported secrets. {% ifversion push-protection-block-uploads %} diff --git a/data/features/push-protection-delegated-bypass-file-upload-support.yml b/data/features/push-protection-delegated-bypass-file-upload-support.yml new file mode 100644 index 000000000000..dd896ed918ce --- /dev/null +++ b/data/features/push-protection-delegated-bypass-file-upload-support.yml @@ -0,0 +1,4 @@ +# Issue 16148 - Push protection delegated bypass for file uploads [GA] +versions: + ghec: '*' + ghes: '>3.15' diff --git a/data/reusables/secret-scanning/push-protection-delegated-bypass-intro.md b/data/reusables/secret-scanning/push-protection-delegated-bypass-intro.md index cffdc83e633d..9a475326c40c 100644 --- a/data/reusables/secret-scanning/push-protection-delegated-bypass-intro.md +++ b/data/reusables/secret-scanning/push-protection-delegated-bypass-intro.md @@ -1 +1 @@ -Delegated bypass for push protection lets you define contributors who can bypass push protection and adds an approval process for other contributors. +Delegated bypass for push protection lets you define contributors who can bypass push protection and adds an approval process for other contributors.{% ifversion push-protection-delegated-bypass-file-upload-support %} Delegated bypass applies to files created, edited, and uploaded on {% data variables.product.prodname_dotcom %}.{% endif %}