From 71c6c282f8c3a9ba8cf0228b30c68d7c9b54b586 Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Fri, 3 Apr 2026 17:14:49 +0000 Subject: [PATCH 1/3] =?UTF-8?q?fix:=20correct=20SAML=20certificate=20forma?= =?UTF-8?q?t=20for=20EMU=20SSO=20configuration=20(Base64=20=E2=86=92=20PEM?= =?UTF-8?q?)=20(#60221)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: lecoursen <14935376+lecoursen@users.noreply.github.com> Co-authored-by: Laura Coursen --- ...figuring-saml-single-sign-on-for-enterprise-managed-users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md index 5a024e7f8ab7..9148fd913734 100644 --- a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md +++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md @@ -88,7 +88,7 @@ To configure SAML SSO for your {% data variables.enterprise.prodname_emu_enterpr | :- | :- | :- | | IdP Sign-On URL | Login URL, IdP URL | Application's URL on your IdP | | IdP Identifier URL | Issuer | IdP's identifier to service providers for SAML authentication | - | Signing certificate, Base64-encoded | Public certificate | Public certificate that IdP uses to sign authentication requests | + | Signing certificate, PEM-encoded | Public certificate | Public certificate that IdP uses to sign authentication requests | ### Configure your enterprise From d996075b284256568d683d399e5773942598767c Mon Sep 17 00:00:00 2001 From: Stacy Carter Date: Fri, 3 Apr 2026 13:49:25 -0400 Subject: [PATCH 2/3] Create new article for updating credentials for an existing GitHub Actions storage provider (#60582) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: benwebb-au <92895514+benwebb-au@users.noreply.github.com> Co-authored-by: Laura Coursen Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../index.md | 1 + ...-credentials-for-github-actions-storage.md | 45 +++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/updating-the-credentials-for-github-actions-storage.md diff --git a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/index.md b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/index.md index 8499543056af..39781c75ea75 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/index.md +++ b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/index.md @@ -8,6 +8,7 @@ children: - /backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled - /using-a-staging-environment - /troubleshooting-github-actions-for-your-enterprise + - /updating-the-credentials-for-github-actions-storage shortTitle: HA & troubleshooting redirect_from: - /admin/github-actions/advanced-configuration-and-troubleshooting diff --git a/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/updating-the-credentials-for-github-actions-storage.md b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/updating-the-credentials-for-github-actions-storage.md new file mode 100644 index 000000000000..b5f612058928 --- /dev/null +++ b/content/admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/updating-the-credentials-for-github-actions-storage.md @@ -0,0 +1,45 @@ +--- +title: Updating the credentials for GitHub Actions storage +shortTitle: Updating credentials for Actions storage +intro: If your credentials for connecting to GitHub Actions storage change, you must update the credentials in the configuration on GitHub Enterprise Server. +versions: + ghes: '*' +contentType: how-tos +category: + - Enable GitHub features for your enterprise +--- + +## Updating the credential secret for your storage provider +To update the credential secret for your {% data variables.product.prodname_actions %} storage provider on {% data variables.product.prodname_ghe_server %}, you have two options. + +> [!WARNING] +> This process is only for updating the secret key used to authenticate to your existing external storage provider. It assumes that your networking configuration, storage provider, and storage account remain unchanged. +> +> Do not use this process to switch between credential-based and OIDC-based authentication in the management console. Changing the authentication method for {% data variables.product.prodname_actions %} storage may result in data loss. + +1. Enable maintenance mode on the server. +1. Update the secret or obtain the updated secret from the storage provider. +1. Use the UI or CLI option below to update the {% data variables.product.prodname_actions %} storage provider credential for {% data variables.product.prodname_ghe_server %}. + +### Updating the credential secret using the management console +1. Navigate to the Actions section of the **Management Console**. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-web-ui/accessing-the-management-console). +1. Update the secret, or in the case of Azure Blob storage, the secret within the connection string, and then click `Test storage settings` to confirm that {% data variables.product.prodname_ghe_server %} is still able to successfully connect to the storage. +1. Click `Save settings` and wait for the services to fully restart. + +### Updating the credential secret using the command line +1. Run the `ghe-actions-precheck` command to test the new Actions storage credentials and update the configuration on your {% data variables.product.prodname_ghe_server %}. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-actions-precheck) +1. After the Actions storage connection test is successful, you'll prompted to type `Yes` or `No` to configure Actions storage with these settings. Type `Yes` and Enter. +1. You'll see a prompt about overwriting the existing Actions storage configuration. Type `Yes` and Enter. + +## Identifying authentication failures for {% data variables.product.prodname_actions %} storage +If {% data variables.product.prodname_ghe_server %} can't connect to your {% data variables.product.prodname_actions %} storage provider because of an incorrect secret or connection string, you'll see an `Access Denied` or authentication-related exception. This exception can appear in two situations: + +* When running `ghe-check-blob-connection`, the command will report the authentication failure directly in its output. +* When `ghe-config-apply` runs, either triggered by clicking "Save settings" in the management console, or by running `ghe-config-apply` manually from the command line. The exception will appear in the `/data/user/common/ghe-config.log` file. When this occurs, `ghe-config-apply` won't complete, which can cause an unexpected outage of services on your appliance. + +Once the storage provider configuration on {% data variables.product.prodname_ghe_server %} is updated with the correct secret or connection string, you can run `ghe-config-apply` to ensure the job re-runs and completes successfully. + +> [!NOTE] Connection failures can also result from other causes, such as network issues or misconfigured storage endpoints. If the error doesn't appear to be authentication-related, review the full error output for additional details. + +For more information on `ghe-check-blob-connection`, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-check-blob-connection). +For more information on `ghe-config-apply`, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-config-apply). From aa0b8138ba94bf8badda5eb678588a34e429576b Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Fri, 3 Apr 2026 18:15:56 +0000 Subject: [PATCH 3/3] [2026-04-02] Organization-level runner controls for Copilot coding agent (#60594) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: timrogers <116134+timrogers@users.noreply.github.com> Co-authored-by: Tim Rogers Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com> Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> --- .../add-copilot-coding-agent.md | 1 + .../configure-runner-for-coding-agent.md | 52 +++++++++++++++++++ .../manage-for-organization/index.md | 1 + .../customize-the-agent-environment.md | 3 ++ 4 files changed, 57 insertions(+) create mode 100644 content/copilot/how-tos/administer-copilot/manage-for-organization/configure-runner-for-coding-agent.md diff --git a/content/copilot/how-tos/administer-copilot/manage-for-organization/add-copilot-coding-agent.md b/content/copilot/how-tos/administer-copilot/manage-for-organization/add-copilot-coding-agent.md index 5394626cc68f..e28b64f0201d 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-organization/add-copilot-coding-agent.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-organization/add-copilot-coding-agent.md @@ -57,6 +57,7 @@ Organization owners can configure the {% data variables.copilot.copilot_coding_a ## Next steps * Tell the members of repositories where {% data variables.copilot.copilot_coding_agent %} is available that they can delegate work to the {% data variables.copilot.copilot_coding_agent_short %}. +* Configure the default runner type for {% data variables.copilot.copilot_coding_agent %} in your organization. For more information, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/configure-runner-for-coding-agent). * Encourage members to educate themselves about setting up their repository to get the most from {% data variables.copilot.copilot_coding_agent %}. Useful resources: * [AUTOTITLE](/copilot/tutorials/coding-agent/best-practices) diff --git a/content/copilot/how-tos/administer-copilot/manage-for-organization/configure-runner-for-coding-agent.md b/content/copilot/how-tos/administer-copilot/manage-for-organization/configure-runner-for-coding-agent.md new file mode 100644 index 000000000000..1b6064c09c40 --- /dev/null +++ b/content/copilot/how-tos/administer-copilot/manage-for-organization/configure-runner-for-coding-agent.md @@ -0,0 +1,52 @@ +--- +title: Configuring runners for GitHub Copilot cloud agent in your organization +shortTitle: Configure agent runners +allowTitleToDifferFromFilename: true +intro: 'Configure the {% data variables.product.prodname_actions %} runners used by {% data variables.copilot.copilot_coding_agent %} and control whether repositories can customize the runner type.' +permissions: Organization owners +product: '{% data reusables.gated-features.copilot-coding-agent %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}' +versions: + feature: copilot +contentType: how-tos +category: + - Manage Copilot for a team +--- + +## About organization-level runner controls + +By default, {% data variables.copilot.copilot_coding_agent %} runs on a standard {% data variables.product.prodname_dotcom %}-hosted {% data variables.product.prodname_actions %} runner (`ubuntu-latest`). As an organization owner, you can change the default runner type for all repositories in your organization, and choose whether individual repositories are allowed to override this default. + +This is useful if your organization requires all {% data variables.copilot.copilot_coding_agent %} sessions to run on specific runners—for example, to use larger runners for better performance, or to use self-hosted runners that have access to internal resources. + +You can configure: + +* **Runner type**: Choose between a standard {% data variables.product.prodname_dotcom %}-hosted runner or a labeled runner from a specific runner group. +* **Allow repositories to customize the runner type**: Control whether repositories can override the organization default using a {% data variables.product.prodname_copilot_short %} setup steps workflow defined at `.github/workflows/copilot-setup-steps.yml`. + +## Configuring the default runner type + +{% data reusables.profile.access_org %} +{% data reusables.profile.org_settings %} +{% data reusables.copilot.coding-agent-settings %} +1. Next to "Runner type," click the pencil icon ({% octicon "pencil" aria-label="Edit" %}). +1. Select the runner type to use by default for {% data variables.copilot.copilot_coding_agent %} across your organization. + * **Standard {% data variables.product.prodname_dotcom %} runner**: {% data variables.copilot.copilot_coding_agent %} will use `ubuntu-latest`. + * **Labeled runner**: {% data variables.copilot.copilot_coding_agent %} will use a runner matching the group name and/or label you specify. Enter values in the **Runner group name** and/or **Runner label** fields. +1. Click **Save runner selection**. + +## Preventing repositories from customizing the runner type + +By default, repositories can override the organization-level runner configuration using a {% data variables.product.prodname_copilot_short %} setup steps workflow located at `.github/workflows/copilot-setup-steps.yml`. If you want to enforce a consistent runner type across all repositories, you can disable this option. + +{% data reusables.profile.access_org %} +{% data reusables.profile.org_settings %} +{% data reusables.copilot.coding-agent-settings %} +1. Under "Allow repositories to customize the runner type," toggle the setting to enable or disable repository-level customization. + * When enabled, repositories can override the default runner by setting the `runs-on` field in the `copilot-setup-steps` job of `copilot-setup-steps.yml`. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment#configure-the-runner). + * When disabled, all repositories in your organization will use the organization-level runner type. +1. Click **Save**. + +## Further reading + +* [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment) +* [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/add-copilot-coding-agent) diff --git a/content/copilot/how-tos/administer-copilot/manage-for-organization/index.md b/content/copilot/how-tos/administer-copilot/manage-for-organization/index.md index b0fca4ea7a53..2e0502a63d59 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-organization/index.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-organization/index.md @@ -15,6 +15,7 @@ children: - /manage-access - /manage-policies - /add-copilot-coding-agent + - /configure-runner-for-coding-agent - /prepare-for-custom-agents - /review-activity - /use-your-own-api-keys diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment.md index 59a5c660c13f..e53917f499a6 100644 --- a/content/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment.md +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment.md @@ -33,6 +33,9 @@ In addition, you can: * [Set environment variables in {% data variables.product.prodname_copilot_short %}'s environment](#setting-environment-variables-in-copilots-environment) * [Disable or customize the agent's firewall](/copilot/customizing-copilot/customizing-or-disabling-the-firewall-for-copilot-coding-agent). +> [!NOTE] +> Organization owners can configure the default runner type for {% data variables.copilot.copilot_coding_agent %} across all repositories in their organization, and choose whether repositories are allowed to override this default. For more information, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-organization/configure-runner-for-coding-agent). + ## Customizing {% data variables.product.prodname_copilot_short %}'s development environment with {% data variables.product.prodname_copilot_short %} setup steps You can customize {% data variables.product.prodname_copilot_short %}'s environment by creating a special {% data variables.product.prodname_actions %} workflow file, located at `.github/workflows/copilot-setup-steps.yml` within your repository.