[DO NOT MERGE] GitHub Enterprise Server 3.2 release candidate (#20666)

* Issue template stuff for creating megabranch

* Fix placeholder YAML

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* Add release candidate banner

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* [GHES 3.2]: Remove final notes about machine man preview (GA) (#20939)

* update search indexes

* update search indexes

* Add GHES versioning to "Managing your theme settings" (#20950)

* update search indexes

* [GHES 3.2]: Fix versioning for security alerts (#20761)

* made a start

* rework

* move image to an enterprise 3.1 folder

* forgot to commit

* simplify reusable

* update search indexes

* update search indexes

* update search indexes

* Updated basic 3.2 REST fiels after package change

These will be overwritten before release by the new description files when the 3.2 description is properly published

* update search indexes

* GHAE feature flag for `security alerts` custom notification option (#20979)

* made a start

* rework

* move image to an enterprise 3.1 folder

* forgot to commit

* simplify reusable

* add GHAE feature flag

* remove spurious spaces I had added

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* Update versioning (#21121)

Co-authored-by: Matt Pollard <[email protected]>

* update search indexes

* Add the new service (#21060)

* update search indexes

* update search indexes

* update search indexes

* Fix parent category index versioning for security overview

* update search indexes

* [GHES 3.2] Add documentation for GHES Referrer Policy Admin setting (#20910)

Co-authored-by: jmarlena <[email protected]>
Co-authored-by: Jules Parker <[email protected]>
Co-authored-by: Matt Pollard <[email protected]>

* update search indexes

* update search indexes

* Update "Review hardware considerations" table (#21208)

Performance improvements resulted in higher maximum job throughput and the new benchmarks need to be shared with current and potential customers.

* update search indexes

* Version new GHES 3.2 Actions tested performance (#21212)

* update search indexes

* Update "Review hardware considerations" table v2

Feedback from additional reviewers requires an update to the benchmarks previously merged.

* update search indexes

* update search indexes

* [GHES 3.2] - Dependency Graph: Simplified enablement in GHES (GA) (#21078)

* document UI button for dependency graph GHES 3.2

* update search indexes

* Update getting-started-with-github-actions-for-github-enterprise-server.md

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* [GHES 3.2] Release candidate 1 release notes (#20799)

Co-authored-by: Lucas Costi <[email protected]>
Co-authored-by: bwestover <[email protected]>
Co-authored-by: Martin Lopes <[email protected]>
Co-authored-by: Laura Coursen <[email protected]>
Co-authored-by: Grey Baker <[email protected]>
Co-authored-by: Bas van Schaik <[email protected]>
Co-authored-by: William Bartholomew <[email protected]>

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* update search indexes

* Update OpenAPI Descriptions for GHES 3.2 (#21377)

Also contains a rollup of other unmerged OpenAPI changes

Co-authored-by: github-openapi-bot <[email protected]>
Co-authored-by: Lucas Costi <[email protected]>

* update search indexes

Co-authored-by: Rachael Sewell <[email protected]>
Co-authored-by: GitHub Actions <[email protected]>
Co-authored-by: Docubot <[email protected]>
Co-authored-by: Laura Coursen <[email protected]>
Co-authored-by: Ethan Palm <[email protected]>
Co-authored-by: mc <[email protected]>
Co-authored-by: Felicity Chapman <[email protected]>
Co-authored-by: Matt Pollard <[email protected]>
Co-authored-by: Matthias Wenz <[email protected]>
Co-authored-by: jmarlena <[email protected]>
Co-authored-by: Jules Parker <[email protected]>
Co-authored-by: Steve-Glass <[email protected]>
Co-authored-by: Meg Bird <[email protected]>
Co-authored-by: bwestover <[email protected]>
Co-authored-by: Martin Lopes <[email protected]>
Co-authored-by: Grey Baker <[email protected]>
Co-authored-by: Bas van Schaik <[email protected]>
Co-authored-by: William Bartholomew <[email protected]>
Co-authored-by: github-openapi-bot <[email protected]>
Co-authored-by: github-openapi-bot <[email protected]>

content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md

@@ -156,7 +156,7 @@ If "Automatically watch repositories" is disabled, then you will not automatical
 
 ## Configuring your watch settings for an individual repository
 
-You can choose whether to watch or unwatch an individual repository. You can also choose to only be notified of {% ifversion fpt or ghes > 3.0 or ghae-next %}certain event types such as {% data reusables.notifications-v2.custom-notification-types %} (if enabled for the repository) {% else %}new releases{% endif %}, or completely ignore an individual repository.
+You can choose whether to watch or unwatch an individual repository. You can also choose to only be notified of {% ifversion fpt or ghes > 3.0 or ghae-next %}certain event types such as {% data reusables.notifications-v2.custom-notification-types %} (if enabled for the repository){% else %}new releases{% endif %}, or completely ignore an individual repository.
 
 {% data reusables.repositories.navigate-to-repo %}
 2. In the upper-right corner, click the "Watch" drop-down menu to select a watch option.
@@ -167,10 +167,10 @@ You can choose whether to watch or unwatch an individual repository. You can als
 
 The **Custom** option allows you to further customize notifications so that you're only notified when specific events happen in the repository, in addition to participating and @mentions.
 
-{% ifversion fpt %}
+{% ifversion fpt or ghes > 3.1 or ghae-issue-4910 %}
    ![Custom watch options in a drop-down menu for a repository](/assets/images/help/notifications-v2/watch-repository-options-custom2-dotcom.png)
 {% else %}
-   ![Custom watch options in a drop-down menu for a repository](/assets/images/help/notifications-v2/watch-repository-options-custom2.png)
+   ![Custom watch options in a drop-down menu for a repository](/assets/images/enterprise/3.1/help/notifications-v2/watch-repository-options-custom2.png)
 {% endif %}
 
 If you select "Issues", you will be notified about, and subscribed to, updates on every issue (including those that existed prior to you selecting this option) in the repository. If you're @mentioned in a pull request in this repository, you'll receive notifications for that too, and you'll be subscribed to updates on that specific pull request, in addition to being notified about issues.
@@ -209,7 +209,8 @@ If you are a member of more than one organization, you can configure each one to
 ## Security alert notification options 
 {% endif %}
 
-{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization %}
+{% data reusables.notifications.vulnerable-dependency-notification-enable %}
+{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization2 %}
 {% data reusables.notifications.vulnerable-dependency-notification-options %}
 
 For more information about the notification delivery methods available to you, and advice on optimizing your notifications for {% ifversion fpt or ghes %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %}, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies)."

content/account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-your-theme-settings.md

@@ -3,6 +3,7 @@ title: Managing your theme settings
 intro: 'You can manage how {% data variables.product.product_name %} looks to you by setting a theme preference that either follows your system settings or always uses a light or dark mode.'
 versions:
   fpt: '*'
+  ghes: '>=3.2'
 topics:
   - Accounts
 redirect_from:

content/admin/advanced-security/configuring-secret-scanning-for-your-appliance.md

@@ -50,8 +50,12 @@ If this doesn't return `0`, SSSE3 is not enabled on your VM/KVM. You need to ref
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
-1. Check if there is an **{% data variables.product.prodname_advanced_security %}** entry in the left sidebar.
-![Advanced Security sidebar](/assets/images/enterprise/management-console/sidebar-advanced-security.png)
+1. Check if there is {% ifversion ghes < 3.2 %}an **{% data variables.product.prodname_advanced_security %}**{% else %}a **Security**{% endif %} entry in the left sidebar.
+{% ifversion ghes < 3.2 %}
+   ![Advanced Security sidebar](/assets/images/enterprise/management-console/sidebar-advanced-security.png)
+{% else %}
+   ![Security sidebar](/assets/images/enterprise/3.2/management-console/sidebar-security.png)
+{% endif %}
 
 {% data reusables.enterprise_management_console.advanced-security-license %}
 
@@ -62,7 +66,7 @@ If this doesn't return `0`, SSSE3 is not enabled on your VM/KVM. You need to ref
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_management_console.advanced-security-tab %}
-1. Under "{% data variables.product.prodname_advanced_security %}," click **{% data variables.product.prodname_secret_scanning_caps %}**.
+1. Under "{% ifversion ghes < 3.2 %}{% data variables.product.prodname_advanced_security %}{% else %}Security{% endif %}," click **{% data variables.product.prodname_secret_scanning_caps %}**.
 ![Checkbox to enable or disable {% data variables.product.prodname_secret_scanning %}](/assets/images/enterprise/management-console/enable-secret-scanning-checkbox.png)
 {% data reusables.enterprise_management_console.save-settings %}
 
@@ -73,6 +77,6 @@ If this doesn't return `0`, SSSE3 is not enabled on your VM/KVM. You need to ref
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_management_console.advanced-security-tab %}
-1. Under "{% data variables.product.prodname_advanced_security %}", unselect **{% data variables.product.prodname_secret_scanning_caps %}**.
+1. Under "{% ifversion ghes < 3.2 %}{% data variables.product.prodname_advanced_security %}{% else %}Security{% endif %}," unselect **{% data variables.product.prodname_secret_scanning_caps %}**.
 ![Checkbox to enable or disable {% data variables.product.prodname_secret_scanning %}](/assets/images/enterprise/management-console/secret-scanning-disable.png)
 {% data reusables.enterprise_management_console.save-settings %}

content/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise.md

@@ -61,15 +61,15 @@ When you enable {% data variables.product.prodname_GH_advanced_security %} for y
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_management_console.advanced-security-tab %}{% ifversion ghes > 2.22 %}
-1. Under "{% data variables.product.prodname_advanced_security %}," select the features that you want to enable and deselect any features you want to disable.
+1. Under "{% ifversion ghes < 3.2 %}{% data variables.product.prodname_advanced_security %}{% else %}Security{% endif %}," select the features that you want to enable and deselect any features you want to disable.
 ![Checkbox to enable or disable {% data variables.product.prodname_advanced_security %} features](/assets/images/enterprise/management-console/enable-advanced-security-checkboxes.png){% else %}
 1. Under "{% data variables.product.prodname_advanced_security %}," click **{% data variables.product.prodname_code_scanning_capc %}**.
 ![Checkbox to enable or disable {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/management-console/enable-code-scanning-checkbox.png){% endif %}
 {% data reusables.enterprise_management_console.save-settings %}
 
 When {% data variables.product.product_name %} has finished restarting, you're ready to set up any additional resources required for newly enabled features. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %} for your appliance](/admin/advanced-security/configuring-code-scanning-for-your-appliance)."
 
-## Enabling or disabling {% data variables.product.prodname_GH_advanced_security %} via the administrative shell (SSH)
+## Enabling or disabling {% data variables.product.prodname_GH_advanced_security %} features via the administrative shell (SSH)
 
 You can enable or disable features programmatically on {% data variables.product.product_location %}. For more information about the administrative shell and command-line utilities for {% data variables.product.prodname_ghe_server %}, see "[Accessing the administrative shell (SSH)](/admin/configuration/accessing-the-administrative-shell-ssh)" and "[Command-line utilities](/admin/configuration/command-line-utilities#ghe-config)."
 
@@ -79,20 +79,17 @@ For example, you can enable any {% data variables.product.prodname_GH_advanced_s
 1. Enable features for {% data variables.product.prodname_GH_advanced_security %}.
 
     - To enable {% data variables.product.prodname_code_scanning_capc %}, enter the following commands.
-
     ```shell
     ghe-config app.minio.enabled true
-  ghe-config app.code-scanning.enabled true
+    ghe-config app.code-scanning.enabled true
     ```
     - To enable {% data variables.product.prodname_secret_scanning_caps %}, enter the following command.
-
     ```shell
     ghe-config app.secret-scanning.enabled true
     ```
-    - To enable {% data variables.product.prodname_dependabot %}, enter the following commands.
+    - To enable {% data variables.product.prodname_dependabot %}, enter the following command.
     ```shell
-    ghe-config app.github.dependency-graph-enabled true
-    ghe-config app.github.vulnerability-alerting-and-settings-enabled true
+    {% ifversion ghes > 3.1 %}ghe-config app.dependency-graph.enabled true{% else %}ghe-config app.github.dependency-graph-enabled true{% endif %}
     ```
 2. Optionally, disable features for {% data variables.product.prodname_GH_advanced_security %}.
 
@@ -105,10 +102,9 @@ For example, you can enable any {% data variables.product.prodname_GH_advanced_s
     ```shell
     ghe-config app.secret-scanning.enabled false
     ```
-    - To disable {% data variables.product.prodname_dependabot %}, enter the following commands.
+    - To disable {% data variables.product.prodname_dependabot %}, enter the following command.
     ```shell
-    ghe-config app.github.dependency-graph-enabled false
-    ghe-config app.github.vulnerability-alerting-and-settings-enabled false
+    {% ifversion ghes > 3.1 %}ghe-config app.dependency-graph.enabled false{% else %}ghe-config app.github.dependency-graph-enabled false{% endif %}
     ```
 
 3. Apply the configuration.

content/admin/configuration/configuring-your-enterprise/command-line-utilities.md

@@ -36,6 +36,36 @@ $ ghe-announce -u
 > Removed the announcement message
 ```
 
+{% ifversion ghes > 3.1 %}
+<!--For earlier releases of GHES, see the previous service `ghe-resque-info`-->
+
+### ghe-aqueduct
+
+This utility displays information on background jobs, both active and in the queue. It provides the same job count numbers as the admin stats bar at the top of every page.
+
+This utility can help identify whether the Aqueduct server is having problems processing background jobs. Any of the following scenarios might be indicative of a problem with Aqueduct:
+
+* The number of background jobs is increasing, while the active jobs remain the same.
+* The event feeds are not updating.
+* Webhooks are not being triggered.
+* The web interface is not updating after a Git push.
+
+If you suspect Aqueduct is failing, contact {% data variables.contact.contact_ent_support %} for help.
+
+With this command, you can also pause or resume jobs in the queue.
+
+```shell
+$ ghe-aqueduct status
+# lists queues and the number of currently queued jobs for all queues
+$ ghe-aqueduct queue_depth --queue <em>QUEUE</em>
+# lists the number of currently queued jobs for the specified queue
+$ ghe-aqueduct pause --queue <em>QUEUE</em>
+# pauses the specified queue
+$ ghe-aqueduct resume --queue <em>QUEUE</em>
+# resumes the specified queue
+```
+{% endif %}
+
 ### ghe-check-disk-usage
 
 This utility checks the disk for large files or files that have been deleted but still have open file handles. This should be run when you're trying to free up space on the root partition.
@@ -246,6 +276,9 @@ Use this command to immediately unlock the {% data variables.enterprise.manageme
 $ ghe-reactivate-admin-login
 ```
 
+{% ifversion ghes < 3.2 %}
+<!--For more recent releases of GHES, see the replacement service `ghe-aqueduct`-->
+
 ### ghe-resque-info
 
 This utility displays information on background jobs, both active and in the queue. It provides the same job count numbers as the admin stats bar at the top of every page.
@@ -269,6 +302,7 @@ $ ghe-resque-info -p <em>QUEUE</em>
 $ ghe-resque-info -r <em>QUEUE</em>
 # resumes the specified queue
 ```
+{% endif %}
 
 ### ghe-saml-mapping-csv
 

content/admin/configuration/configuring-your-enterprise/configuring-the-referrer-policy-for-your-enterprise.md

@@ -0,0 +1,38 @@
+---
+title: Configuring the referrer policy for your enterprise
+shortTitle: Configure referrer policy
+intro: 'You can increase the privacy of {% data variables.product.product_location %} by configuring the policy for cross-origin requests.'
+versions:
+  ghes: '>=3.2'
+type: how_to
+topics:
+  - Enterprise
+  - Networking
+  - Privacy
+  - Security
+---
+
+## About the referrer policy for your enterprise
+
+The referrer policy controls the information that {% data variables.product.product_name %} transmits in HTTP headers when someone visits a link from {% data variables.product.product_location %} to an external site.
+
+By default, when a user on {% data variables.product.product_location %} visits a link to another site from a file or comment on your instance, the request includes the hostname for your instance in plain text within the `Referer` header. If the link leads to an external website, the owner of the website could read the hostname for your instance in requests or log files.
+
+You can control the information that {% data variables.product.product_name %} sends when a user visits a link from your instance.
+
+## Enabling the `same-origin` referrer policy
+
+You can enable the `same-origin` referrer policy to instruct modern browsers to exclude the hostname for {% data variables.product.product_location %} from requests to external websites. The setting applies to all links from the web interface on your instance. By default, {% data variables.product.product_name %} uses the `origin-when-cross-origin` and `strict-origin-when-cross-origin` referrer policies, which means your instance's hostname will appear in HTTP and HTTPS requests to external websites.
+
+{% note %}
+
+**Note**: Changing the referrer policy to `same-origin` can affect external sites that expect a hostname in the HTTP headers for a request.
+
+{% endnote %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+1. Under "User Agent Referrer Policy", select **Enable same origin referrer policy for all organizations**.
+  ![Checkbox for enabling same origin referrer policy](/assets/images/enterprise/settings/referrer-policy-checkbox.png)
+1. Click **Save**.
+  ![Save button for enabling same origin referrer policy](/assets/images/enterprise/settings/referrer-policy-save-button.png)

content/admin/configuration/configuring-your-enterprise/index.md

@@ -33,6 +33,7 @@ children:
   - /command-line-utilities
   - /restricting-network-traffic-to-your-enterprise
   - /configuring-github-pages-for-your-enterprise
+  - /configuring-the-referrer-policy-for-your-enterprise
 shortTitle: Configure your enterprise
 ---
 

content/admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/connecting-github-enterprise-server-to-github-enterprise-cloud.md

@@ -48,22 +48,18 @@ For more information about managing enterprise accounts using the GraphQL API, s
 ## Enabling {% data variables.product.prodname_github_connect %}
 
 1. Sign in to {% data variables.product.product_location_enterprise %} and {% data variables.product.prodname_dotcom_the_website %}.
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.github-connect-tab %}
-5. Under "{% data variables.product.prodname_dotcom_the_website %} is not enabled yet", click **Enable {% data variables.product.prodname_github_connect %}**. By clicking **Enable {% data variables.product.prodname_github_connect %}**, you agree to the  <a href="/articles/github-connect-addendum-to-the-github-enterprise-license-agreement/" class="dotcom-only">{% data variables.product.prodname_github_connect %} Addendum to the {% data variables.product.prodname_enterprise %} License Agreement</a>.
+{% data reusables.enterprise-accounts.access-enterprise %}{% ifversion ghes < 3.1 %}{% data reusables.enterprise-accounts.settings-tab %}{% endif %}{% data reusables.enterprise-accounts.github-connect-tab %}
+1. Under "{% data variables.product.prodname_dotcom_the_website %} is not enabled yet", click **Enable {% data variables.product.prodname_github_connect %}**. By clicking **Enable {% data variables.product.prodname_github_connect %}**, you agree to the  <a href="/articles/github-connect-addendum-to-the-github-enterprise-license-agreement/" class="dotcom-only">{% data variables.product.prodname_github_connect %} Addendum to the {% data variables.product.prodname_enterprise %} License Agreement</a>.
   ![Enable GitHub Connect button](/assets/images/enterprise/business-accounts/enable-github-connect-button.png)
-6. Next to the enterprise account or organization you'd like to connect, click **Connect**.
+1. Next to the enterprise account or organization you'd like to connect, click **Connect**.
   ![Connect button next to an enterprise account or business](/assets/images/enterprise/business-accounts/choose-enterprise-or-org-connect.png)
 
 ## Disconnecting a {% data variables.product.prodname_ghe_cloud %} organization or enterprise account from {% data variables.product.product_location_enterprise %}
 
 When you disconnect from {% data variables.product.prodname_ghe_cloud %}, the {% data variables.product.prodname_github_connect %} {% data variables.product.prodname_github_app %} is deleted from your enterprise account or organization and credentials stored on {% data variables.product.product_location_enterprise %} are deleted.
 
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.github-connect-tab %}
-5. Next to the enterprise account or organization you'd like to disconnect, click **Disable {% data variables.product.prodname_github_connect %}**.
+{% data reusables.enterprise-accounts.access-enterprise %}{% ifversion ghes < 3.1 %}{% data reusables.enterprise-accounts.settings-tab %}{% endif %}{% data reusables.enterprise-accounts.github-connect-tab %}
+1. Next to the enterprise account or organization you'd like to disconnect, click **Disable {% data variables.product.prodname_github_connect %}**.
   ![Disable GitHub Connect button next to an enterprise account or organization name](/assets/images/enterprise/business-accounts/disable-github-connect-button.png)
-6. Read the information about disconnecting and click **Disable {% data variables.product.prodname_github_connect %}**.
+1. Read the information about disconnecting and click **Disable {% data variables.product.prodname_github_connect %}**.
   ![Modal with warning information about disconnecting and confirmation button](/assets/images/enterprise/business-accounts/confirm-disable-github-connect.png)