github · docs-bot · Jul 14, 2025 · Jul 14, 2025 · Jul 14, 2025 · Jul 14, 2025
diff --git a/Dockerfile b/Dockerfile
@@ -8,7 +8,7 @@
 # ---------------------------------------------------------------
 # To update the sha:
 # https://github.com/github/gh-base-image/pkgs/container/gh-base-image%2Fgh-base-noble
-FROM ghcr.io/github/gh-base-image/gh-base-noble:20250711-151843-g9ff1d29c5 AS base
+FROM ghcr.io/github/gh-base-image/gh-base-noble:20250711-165924-g6f92253c7 AS base
 
 # Install curl for Node install and determining the early access branch
 # Install git for cloning docs-early-access & translations repos

diff --git a/content/actions/concepts/runners/about-runner-scale-sets.md b/content/actions/concepts/runners/about-runner-scale-sets.md
@@ -0,0 +1,32 @@
+---
+title: About runner scale sets
+shortTitle: Runner scale sets
+intro: 'Learn about what a runner scale set is and how they can interact with the {% data variables.product.prodname_actions_runner_controller %}.'
+layout: inline
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '*'
+type: overview
+topics:
+  - Actions Runner Controller
+---
+
+[Legal notice](#legal-notice)
+
+## About runner scale sets
+
+A runner scale set is a group of homogeneous runners that can be assigned jobs from {% data variables.product.prodname_actions %}. The number of active runners owned by a runner scale set can be controlled by auto-scaling runner solutions such as {% data variables.product.prodname_actions_runner_controller %} (ARC).
+
+You can use runner groups to manage runner scale sets. Similar to self-hosted runners, you can add runner scale sets to existing runner groups. However, runner scale sets can belong to only one runner group at a time and can only have one label assigned to them.
+
+To assign jobs to a runner scale set, you must configure your workflow to reference the runner scale set’s name. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/using-actions-runner-controller-runners-in-a-workflow).
+
+## Legal notice
+
+{% data reusables.actions.actions-runner-controller-legal-notice %}
+
+## Next steps
+
+* For more information about the {% data variables.product.prodname_actions_runner_controller %} as a concept, see [AUTOTITLE](/actions/concepts/runners/about-actions-runner-controller).
+* To learn about runner groups, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups).
diff --git a/content/actions/concepts/runners/index.md b/content/actions/concepts/runners/index.md
@@ -12,6 +12,7 @@ children:
   - /about-private-networking-with-github-hosted-runners
   - /about-self-hosted-runners
   - /communicating-with-self-hosted-runners
+  - /about-runner-scale-sets
   - /about-actions-runner-controller
   - /about-support-for-actions-runner-controller
 ---
diff --git a/content/actions/how-tos/hosting-your-own-runners/index.md b/content/actions/how-tos/hosting-your-own-runners/index.md
@@ -18,7 +18,6 @@ versions:
   ghec: '*'
 children:
   - /managing-self-hosted-runners
-  - /managing-self-hosted-runners-with-actions-runner-controller
 ---
 
 {% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/...s/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution.md b/...s/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution.md
@@ -1,6 +1,6 @@
 ---
 title: Using conditions to control job execution
-shortTitle: Use conditions to control job execution
+shortTitle: Control jobs with conditions
 intro: Prevent a job from running unless your conditions are met.
 versions:
   fpt: '*'
@@ -11,15 +11,28 @@ redirect_from:
   - /actions/writing-workflows/choosing-when-your-workflow-runs/using-conditions-to-control-job-execution
 ---
 
-{% data reusables.actions.enterprise-github-hosted-runners %}
+You can use the `jobs.<job_id>.if` conditional to prevent a job from running unless a condition is met. {% data reusables.actions.if-supported-contexts %}
 
-## Overview
+### Example: Only run job for a specific repository
 
-{% data reusables.actions.workflows.skipped-job-status-checks-passing %}
+This example uses `if` to control when the `production-deploy` job can run. It will only run if the repository is named `octo-repo-prod` and is within the `octo-org` organization. Otherwise, the job will be marked as _skipped_.
 
-{% data reusables.actions.jobs.section-using-conditions-to-control-job-execution %}
+```yaml copy
+name: example-workflow
+on: [push]
+jobs:
+  production-deploy:
+    if: github.repository == 'octo-org/octo-repo-prod'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: {% data reusables.actions.action-checkout %}
+      - uses: {% data reusables.actions.action-setup-node %}
+        with:
+          node-version: '14'
+      - run: npm install -g bats
+```
 
-On a skipped job, you should see "This check was skipped."
+Skipped jobs display the message "This check was skipped."
 
 > [!NOTE]
-> In some parts of the workflow you cannot use environment variables. Instead you can use contexts to access the value of an environment variable. For more information, see [AUTOTITLE](/actions/learn-github-actions/variables#using-the-env-context-to-access-environment-variable-values).
+> A job that is skipped will report its status as "Success". It will not prevent a pull request from merging, even if it is a required check.
diff --git a/...oller/authenticating-to-the-github-api.md → ...r/authenticating-arc-to-the-github-api.md b/...oller/authenticating-to-the-github-api.md → ...r/authenticating-arc-to-the-github-api.md
@@ -1,7 +1,7 @@
 ---
-title: Authenticating to the GitHub API
-shortTitle: Authenticating
-intro: 'Learn how to authenticate to the {% data variables.product.company_short %} API to use {% data variables.product.prodname_actions_runner_controller %} with {% data variables.product.github %}.'
+title: Authenticating ARC to the GitHub API
+shortTitle: Authenticating to the API
+intro: 'Learn how to authenticate {% data variables.product.prodname_actions_runner_controller %} to the {% data variables.product.company_short %} API.'
 versions:
   fpt: '*'
   ghec: '*'
@@ -12,12 +12,11 @@ topics:
 defaultPlatform: linux
 redirect_from:
   - /actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api
+  - /actions/how-tos/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api#deploying-using-personal-access-token-classic-authentication
 ---
 
 [Legal notice](#legal-notice)
 
-## Overview
-
 You can authenticate {% data variables.product.prodname_actions_runner_controller %} (ARC) to the {% data variables.product.prodname_dotcom %} API by using a {% data variables.product.prodname_github_app %} or by using a {% data variables.product.pat_v1 %}.
 
 > [!NOTE]

diff --git a/...le-sets-with-actions-runner-controller.md → ...le-sets-with-actions-runner-controller.md b/...le-sets-with-actions-runner-controller.md → ...le-sets-with-actions-runner-controller.md
@@ -12,18 +12,11 @@ topics:
 defaultPlatform: linux
 redirect_from:
   - /actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller
+  - /actions/how-tos/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller
 ---
 
 [Legal notice](#legal-notice)
 
-## About runner scale sets
-
-Runner scale sets is a group of homogeneous runners that can be assigned jobs from {% data variables.product.prodname_actions %}. The number of active runners owned by a runner scale set can be controlled by auto-scaling runner solutions such as {% data variables.product.prodname_actions_runner_controller %} (ARC).
-
-You can use runner groups to manage runner scale sets. Similar to self-hosted runners, you can add runner scale sets to existing runner groups. However, runner scale sets can belong to only one runner group at a time and can only have one label assigned to them. For more information on runner groups, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups).
-
-To assign jobs to a runner scale set, you must configure your workflow to reference the runner scale set's name. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/using-actions-runner-controller-runners-in-a-workflow).
-
 ## Deploying a runner scale set
 
 To deploy a runner scale set, you must have ARC up and running. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller).

diff --git a/...s-with-actions-runner-controller/index.md → ...orials/actions-runner-controller/index.md b/...s-with-actions-runner-controller/index.md → ...orials/actions-runner-controller/index.md
@@ -1,5 +1,5 @@
 ---
-title: Managing self-hosted runners with Actions Runner Controller
+title: Actions Runner Controller
 shortTitle: Actions Runner Controller
 intro: You can host your own runners to run workflows in a highly customizable environment.
 versions:
@@ -9,12 +9,13 @@ versions:
 topics:
   - Actions Runner Controller
 children:
-  - /authenticating-to-the-github-api
+  - /quickstart-for-actions-runner-controller
+  - /authenticating-arc-to-the-github-api
   - /deploying-runner-scale-sets-with-actions-runner-controller
   - /using-actions-runner-controller-runners-in-a-workflow
   - /troubleshooting-actions-runner-controller-errors
 redirect_from:
   - /actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller
+  - /actions/how-tos/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller
 ---
 
-{% data reusables.actions.enterprise-github-hosted-runners %}
diff --git a/...ickstart-for-actions-runner-controller.md → ...ickstart-for-actions-runner-controller.md b/...ickstart-for-actions-runner-controller.md → ...ickstart-for-actions-runner-controller.md
@@ -1,6 +1,6 @@
 ---
 title: Quickstart for Actions Runner Controller
-shortTitle: Actions Runner Controller
+shortTitle: Quickstart
 intro: 'In this tutorial, you''ll try out the basics of {% data variables.product.prodname_actions_runner_controller %}.'
 versions:
   fpt: '*'
@@ -12,6 +12,7 @@ topics:
 defaultPlatform: linux
 redirect_from:
   - /actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller
+  - /actions/tutorials/quickstart-for-actions-runner-controller
 ---
 
 [Legal notice](#legal-notice)

diff --git a/...oting-actions-runner-controller-errors.md → ...oting-actions-runner-controller-errors.md b/...oting-actions-runner-controller-errors.md → ...oting-actions-runner-controller-errors.md
@@ -11,6 +11,7 @@ topics:
   - Actions Runner Controller
 redirect_from:
   - /actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors
+  - /actions/how-tos/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors
 ---
 
 [Legal notice](#legal-notice)

diff --git a/...unner-controller-runners-in-a-workflow.md → ...unner-controller-runners-in-a-workflow.md b/...unner-controller-runners-in-a-workflow.md → ...unner-controller-runners-in-a-workflow.md
@@ -12,11 +12,12 @@ topics:
 defaultPlatform: linux
 redirect_from:
   - /actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/using-actions-runner-controller-runners-in-a-workflow
+  - /actions/how-tos/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/using-actions-runner-controller-runners-in-a-workflow
 ---
 
 [Legal notice](#legal-notice)
 
-## About using ARC runners in a workflow file
+## Using ARC runners in a workflow file
 
 To assign jobs to run on a runner scale set, you can specify the name of the scale set as the value for the `runs-on` key in your {% data variables.product.prodname_actions %} workflow file.
 

diff --git a/content/actions/tutorials/index.md b/content/actions/tutorials/index.md
@@ -8,12 +8,12 @@ versions:
   ghec: '*'
 children:
   - /migrating-to-github-actions
+  - /actions-runner-controller
   - /creating-an-example-workflow
   - /creating-a-docker-container-action
   - /creating-a-javascript-action
   - /creating-a-composite-action
   - /store-and-share-data
-  - /quickstart-for-actions-runner-controller
   - /deploying-with-github-actions
   - /communicating-with-docker-service-containers
 redirect_from:

diff --git a/...enticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md b/...enticating-with-a-github-app/generating-a-user-access-token-for-a-github-app.md
@@ -42,6 +42,8 @@ If your app runs in the browser, you should use the web application flow to gene
    `client_id` | `string` | Required | The client ID for your {% data variables.product.prodname_github_app %}. The client ID is different from the app ID. You can find the client ID on the settings page for your app. For more information about navigating to the settings page for your {% data variables.product.prodname_github_app %}, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration#navigating-to-your-github-app-settings).
    `redirect_uri` | `string` | Strongly recommended |  The URL in your application where users will be sent after authorization. This must be an exact match to one of the URLs you provided as a "Callback URL" in your app's settings and can't contain any additional parameters.
    `state` | `string` | Strongly recommended |  When specified, the value should contain a random string to protect against forgery attacks, and it can also contain any other arbitrary data.
+{% ifversion pkce_support %}   `code_challenge` | `string` | Strongly recommended | Used to secure the authentication flow with PKCE (Proof Key for Code Exchange). Required if `code_challenge_method` is included. Must be a 43 character SHA-256 hash of a random string generated by the client. See the [PKCE RFC](https://datatracker.ietf.org/doc/html/rfc7636) for more details about this security extension.
+   `code_challenge_method` | `string` | Strongly recommended | Used to secure the authentication flow with PKCE (Proof Key for Code Exchange). Required if `code_challenge` is included. Must be `S256` - the `plain` code challenge method is not supported.{% endif %}
    `login` | `string` | Optional | When specified, the web application flow will prompt users with a specific account they can use for signing in and authorizing your app.
    `allow_signup` | `boolean` | Optional |  Whether unauthenticated users will be offered an option to sign up for {% data variables.product.prodname_dotcom %} during the OAuth flow. The default is `true`. Use `false` when a policy prohibits signups.
 {% ifversion oauth_account_picker %}   `prompt` | `string` | Optional | Forces the account picker to appear if set to `select_account`. The account picker will also appear if the application has a non-HTTP redirect URI or if the user has multiple accounts signed in. {% endif %}

diff --git a/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md b/content/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md
@@ -64,12 +64,16 @@ This endpoint takes the following input parameters.
 | `login` | `string` | Optional| Suggests a specific account to use for signing in and authorizing the app. |
 | `scope`|`string` |Context dependent| A space-delimited list of [scopes](/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps). If not provided, `scope` defaults to an empty list for users that have not authorized any scopes for the application. For users who have authorized scopes for the application, the user won't be shown the OAuth authorization page with the list of scopes. Instead, this step of the flow will automatically complete with the set of scopes the user has authorized for the application. For example, if a user has already performed the web flow twice and has authorized one token with `user` scope and another token with `repo` scope, a third web flow that does not provide a `scope` will receive a token with `user` and `repo` scope. |
 | `state` | `string` |Strongly recommended| {% data reusables.apps.state_description %} |
+|  {% ifversion pkce_support %} |
+| `code_challenge` | `string` | Strongly recommended | Used to secure the authentication flow with PKCE (Proof Key for Code Exchange). Required if `code_challenge_method` is included. Must be a 43 character SHA-256 hash of a random string generated by the client. See the [PKCE RFC](https://datatracker.ietf.org/doc/html/rfc7636) for more details about this security extension.
+| `code_challenge_method` | `string` | Strongly recommended | Used to secure the authentication flow with PKCE (Proof Key for Code Exchange). Required if `code_challenge` is included. Must be `S256` - the `plain` code challenge method is not supported.
+|  {% endif %} |
 | `allow_signup`|`string` | Optional | Whether or not unauthenticated users will be offered an option to sign up for GitHub during the OAuth flow. The default is `true`. Use `false` when a policy prohibits signups. |
 |  {% ifversion oauth_account_picker %} |
 | `prompt` | `string` | Optional | Forces the account picker to appear if set to `select_account`. The account picker will also appear if the application has a non-HTTP redirect URI or if the user has multiple accounts signed in. |
 |  {% endif %} |
 
-The PKCE (Proof Key for Code Exchange) parameters `code_challenge` and `code_challenge_method` are not supported at this time. CORS pre-flight requests (OPTIONS) are not supported at this time.
+{% ifversion not pkce_support %}The PKCE (Proof Key for Code Exchange) parameters `code_challenge` and `code_challenge_method` are not supported at this time. {% endif %}CORS pre-flight requests (OPTIONS) are not supported at this time.
 
 ### 2. Users are redirected back to your site by GitHub
 
@@ -87,6 +91,9 @@ Parameter name | Type | Required?| Description
 `client_secret` | `string` | Required | The client secret you received from {% data variables.product.github %} for your {% data variables.product.prodname_oauth_app %}.
 `code` | `string` | Required | The code you received as a response to Step 1.
 `redirect_uri` | `string` | Strongly recommended | The URL in your application where users are sent after authorization. We can use this to match against the URI originally provided when the `code` was issued, to prevent attacks against your service.
+|  {% ifversion pkce_support %} |
+`code_verifier` | `string` | Strongly recommended | Used to secure the authentication flow with PKCE (Proof Key for Code Exchange). Required if `code_challenge` was sent during the user authorization. Must be the original value used to generate the `code_challenge` in the authorization request. This can be stored in a cookie alongside the `state` parameter or in a session variable during authentication, depending on your application architecture.
+|  {% endif %} |
 
 By default, the response takes the following form:
 

diff --git a/content/copilot/tutorials/enhancing-copilot-agent-mode-with-mcp.md b/content/copilot/tutorials/enhancing-copilot-agent-mode-with-mcp.md
@@ -189,7 +189,10 @@ For example, {% data variables.product.prodname_copilot_short %} will add commen
 
 Now you can review the pull request and make any adjustments. Once you have verified that the changes are valid, you can merge as with any other pull request.
 
+## Hands-on practice
+
+Try the [Integrate MCP with {% data variables.product.prodname_copilot %}](https://github.com/skills/integrate-mcp-with-copilot/) Skills exercise for practical experience integrating MCP with {% data variables.product.prodname_copilot %}.
+
 ## Further reading
 
-* **Hands-on practice**: Try the [Integrate MCP with Copilot](https://github.com/skills/integrate-mcp-with-copilot/) Skills course for practical experience with MCP and agent mode.
 * **MCP fundamentals**: For more information about setting up and configuring MCP servers, see [AUTOTITLE](/copilot/customizing-copilot/using-model-context-protocol/extending-copilot-chat-with-mcp).
diff --git a/...-started-with-github-pages/changing-the-visibility-of-your-github-pages-site.md b/...-started-with-github-pages/changing-the-visibility-of-your-github-pages-site.md
@@ -15,7 +15,7 @@ With access control for {% data variables.product.prodname_pages %}, you can res
 
 {% data reusables.pages.privately-publish-ghec-only %}
 
-If your enterprise uses {% data variables.product.prodname_emus %}, access control is not available, and all {% data variables.product.prodname_pages %} sites are only accessible to other enterprise members. For more information about {% data variables.product.prodname_emus %}, see [AUTOTITLE](/pages/getting-started-with-github-pages/github-pages-limits#limits-for-enterprise-managed-users).
+If your enterprise uses {% data variables.product.prodname_emus %}, {% data variables.product.prodname_pages %} sites can only be published as private, and all {% data variables.product.prodname_pages %} sites are only accessible to other enterprise members. For more information about {% data variables.product.prodname_emus %}, see [AUTOTITLE](/pages/getting-started-with-github-pages/github-pages-limits#limits-for-enterprise-managed-users).
 
 If your organization uses {% data variables.product.prodname_ghe_cloud %} without {% data variables.product.prodname_emus %}, you can choose to publish your project sites privately or publicly to anyone on the internet.
 

diff --git a/data/features/pkce_support.yml b/data/features/pkce_support.yml
@@ -0,0 +1,5 @@
+# Reference: github/docs-content#18773
+# Support for PKCE in GitHub Apps and OAuth apps
+versions:
+  fpt: '*'
+  ghec: '*'
diff --git a/data/reusables/actions/about-deployment-with-github-actions.md b/data/reusables/actions/about-deployment-with-github-actions.md