Merge pull request #44551 from github/repo-sync

Repo sync

Author: docs-bot

.github/workflows/create-changelog-pr.yml

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6.0.1
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: 'Ensure ${{ env.CHANGELOG_FILE }} exists'
         run: |

.github/workflows/first-responder-v2-prs-collect.yml

@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # Add to the FR project
       # and set type to "Maintenance"

.github/workflows/moda-allowed-ips.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repository
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Update list of allowed IPs
         run: |

.github/workflows/reviewers-content-systems.yml

@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Add content systems as a reviewer
         uses: ./.github/actions/retry-command

.github/workflows/reviewers-dependabot.yml

@@ -37,7 +37,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Add dependabot as a reviewer
         uses: ./.github/actions/retry-command

.github/workflows/reviewers-docs-engineering.yml

@@ -49,7 +49,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # Detect PRs that only changed package-lock.json (no engineering source files).
       # These are usually cross-platform `npm install` churn from contributors

.github/workflows/reviewers-legal.yml

@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           # Fetch 2 commits so tj-actions/changed-files can diff without extra API calls
           fetch-depth: 2

content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md

@@ -194,7 +194,7 @@ Across all organizations owned by your enterprise, you can allow members with ad
 
 ## Enforcing a policy for renaming protected branches
 
-By default, repository administrators can rename branches that are targeted by enterprise-level rules, provided the new branch name is still targeted by those rules. You can restrict this ability to enterprise owners only.
+By default, repository administrators can rename branches that are targeted by enterprise-level rules, provided the new branch name is still targeted by those same rules, or the administrator has permission to bypass the rule in question. You can restrict this ability to enterprise owners only.
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}

content/organizations/managing-organization-settings/allowing-repository-admins-to-rename-branches-with-organization-rulesets.md

@@ -9,15 +9,12 @@ category:
   - Configure organization features
 ---
 
-Organization owners control whether repository administrators can rename branches that are targeted by one or more branch rulesets. For existing organizations, this setting is off by default. For newly created organizations, this setting is on by default.
+Organization owners control whether repository administrators can rename branches that are targeted by one or more branch rulesets. For existing organizations, this setting is disabled by default. For newly created organizations, this setting is enabled by default.
 
-When this setting is enabled, repository administrators can rename these branches, provided the new branch name is still targeted by all the same organization rulesets as the current branch name. This ensures that rulesets cannot be circumvented through branch renaming.
+When this setting is enabled, repository administrators can rename these branches, provided the new branch name is still targeted by all the same organization rulesets as the current branch name, or the repository administrator has permission to bypass any which are no longer targeted. This ensures that rulesets cannot be circumvented through branch renaming.
 
 Organization administrators can rename branches targeted by organization rulesets without restriction.
 
-> [!NOTE]
-> Even with this setting enabled, changing the default branch of a repository still requires an organization administrator when organization rulesets are in play.
-
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
 {% data reusables.organizations.member-privileges %}

content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch.md

@@ -34,7 +34,7 @@ Some branches can only be renamed by a repository administrator: the repository'
 
 When organization-level or enterprise-level rulesets target branches in a repository, renaming those branches typically requires an organization or enterprise administrator.
 
-However, organization and enterprise owners can allow repository administrators to rename branches covered by these rulesets, provided the new branch name is still subject to all the same rules as the current name. Changing the default branch still requires an organization or enterprise administrator when rulesets are in play.
+However, organization and enterprise owners can allow repository administrators to rename branches covered by these rulesets, provided the new branch name is still subject to all the same rules as the current name, or the repository administrator has permission to bypass those rules. Changing the default branch works similarly.
 
 For more information, see [AUTOTITLE](/organizations/managing-organization-settings/allowing-repository-admins-to-rename-branches-with-organization-rulesets) and [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-renaming-protected-branches).