Merge branch 'github:main' into patch-1

Author: heathdutton

CHANGELOG.md

@@ -2,6 +2,15 @@
 
 **16 January 2026**
 
+The following new articles support the public preview release of Copilot Memory:
+
+* [About agentic memory for GitHub Copilot](https://docs.github.com/copilot/concepts/agents/copilot-memory)
+* [Enabling and curating Copilot Memory](https://docs.github.com/copilot/how-tos/use-copilot-agents/copilot-memory)
+
+<hr>
+
+**16 January 2026**
+
 We published [About user offboarding on GitHub Enterprise Cloud](https://docs.github.com/en/enterprise-cloud@latest/admin/concepts/identity-and-access-management/user-offboarding) to give enterprise customers clear guidance about offboarding processes. The article covers recommended offboarding methods, the effects of offboarding, and what happens when a user is removed from all organizations in an enterprise.
 
 We also updated [Removing a member from your enterprise](https://docs.github.com/en/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise) and [Removing a member from your organization](https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization) to include instructions for enterprises that use Enterprise Managed Users or SCIM for organizations.

content/admin/concepts/enterprise-fundamentals/automations-in-your-enterprise.md

@@ -0,0 +1,135 @@
+---
+title: Automations in your enterprise
+shortTitle: Automations
+intro: 'Learn how {% data variables.product.prodname_github_apps %}, external services, and {% data variables.product.prodname_actions %} work together to automate processes in your enterprise.'
+versions:
+  feature: enterprise-apps-public-beta
+type: overview
+topics:
+  - Enterprise
+  - Fundamentals
+---
+
+Automation on {% data variables.product.github %} typically involves multiple components working together. The most important {% data variables.product.github %} native components are:
+
+* **{% data variables.product.prodname_actions %} workflows**, which provide a runtime for executing automation logic. Out of the box, they work within a single repository, but they can be extended to automate across or even outside of repositories.
+* **{% data variables.product.prodname_github_apps %}**, which do not have a runtime. Instead, they provide identity, permissions, and event delivery so your automations, whether external services or workflows, can authenticate and act securely.
+
+Most enterprise automation use {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_actions %} together. For example, a workflow running in {% data variables.product.prodname_actions %} may use a {% data variables.product.prodname_github_app %} to obtain a short-lived token that allows it to perform tasks across repositories or organizations.
+
+This guide explains how {% data variables.product.prodname_github_apps %}, external automations, and {% data variables.product.prodname_actions %} complement each other, and when to use each in your enterprise.
+
+## {% data variables.product.prodname_github_apps %}
+
+A {% data variables.product.prodname_github_app %} provides the **identity, permissions, and webhook events** required for automation on or across repositories, organizations, or your enterprise. {% data variables.product.prodname_github_apps %} themselves do **not** execute logic, they enable other systems to do so.
+
+{% data variables.product.prodname_github_apps %} support enterprise automation by offering:
+
+* **Granular permissions** to follow least-privilege principles
+* **Scoped installations** at the enterprise, organization, or repository level
+* **Short-lived tokens** for secure access
+* **Distinct identities** with full auditability
+* **Delegated administration** through the {% data variables.product.prodname_github_app %} manager role
+* **Consistency at scale** when owned by the enterprise account
+
+### What do {% data variables.product.prodname_github_apps %} enable?
+
+{% data variables.product.prodname_github_apps %} allow **automations you write elsewhere**—such as external services or workflow steps—to act on {% data variables.product.github %} APIs within the permissions you grant. For example:
+
+* Receiving webhook events and triggering external services
+* Enabling a workflow to act outside its default repository scope
+* Integrating {% data variables.product.github %} with third-party systems
+* Coordinating changes across many repositories
+* Running long-lived bots or services that monitor enterprise-level activity
+
+{% ifversion enterprise-installed-apps %}
+
+> [!NOTE]
+> Enterprise-installed {% data variables.product.prodname_github_apps %} cannot call every API endpoint. See [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-on-your-enterprise#what-enterprise-installed-apps-can-do).
+
+{% endif %}
+
+## {% data variables.product.prodname_actions %}
+
+{% data variables.product.prodname_actions %} provide {% data variables.product.github %}’s built-in **runtime** for executing automation logic inside repositories. Workflows run on hosted or self-hosted runners and are ideal for tasks tied to code changes or repository events.
+
+Use {% data variables.product.prodname_actions %} for:
+
+* CI/CD (build, test, deploy)
+* Pull request checks and validations
+* Repository-level maintenance tasks
+* Event-driven workflows responding to pushes, tags, or issue updates
+* Scheduled jobs with cron
+
+### How {% data variables.product.prodname_actions %} uses {% data variables.product.prodname_github_apps %}
+
+{% data variables.product.prodname_actions %} and {% data variables.product.prodname_github_apps %} are deeply connected:
+
+* Workflow permissions map directly to {% data variables.product.prodname_github_app %} permissions.
+* Workflows can authenticate as a specific {% data variables.product.prodname_github_app %} using `actions/create-github-app-token`.
+* {% data variables.product.prodname_github_apps %} can trigger workflows through events such as `repository_dispatch`.
+
+## External automations and services
+
+External automations run outside {% data variables.product.github %} on your own infrastructure. These services typically:
+
+* Receive webhook events from a {% data variables.product.prodname_github_app %}
+* Use the {% data variables.product.prodname_github_app %} to request short-lived installation tokens
+* Execute long-running or cross-enterprise logic
+* Integrate with external business systems
+
+Examples include:
+
+* Organization-wide configuration management
+* Policy enforcement services
+* Multi-repository code or metadata synchronization
+* Compliance report generation
+* Cross-organization issue or pull request management
+
+All of these rely on {% data variables.product.prodname_github_apps %} for authentication, identity, and events—**not** for execution.
+
+## How these components work together
+
+Most enterprise automation uses a combination of {% data variables.product.prodname_github_apps %}, external services, and {% data variables.product.prodname_actions %} to achieve robust, scalable workflows.
+
+For example:
+
+1. An enterprise {% data variables.product.prodname_github_app %} receives a webhook when a new repository is created, and sends the webhook payload to a server where an external service is running.
+1. The external service standardizes required settings and provisions resources.
+1. The service triggers a {% data variables.product.prodname_actions %} workflow in the repository.
+1. The workflow performs CI, deploys templates, or configures scanning.
+
+Each component handles a different layer of automation.
+
+## When to use each type of automation
+
+Use **a {% data variables.product.prodname_github_app %}** when you need:
+
+* Authentication or permission to act across many repositories
+* Integration with external systems
+* Webhook-driven automations
+* Long-lived or enterprise-wide workflows
+* Auditability and identity separation
+
+Use **external automations** when you need:
+
+* Logic that runs continuously or outside {% data variables.product.github %}
+* Integration with internal systems
+
+Use **{% data variables.product.prodname_actions %}** when you need:
+
+* CI/CD pipelines
+* Repository-scoped automation
+* Automated checks tied to repository events
+* Execution of logic using {% data variables.product.github %}’s runner infrastructure
+
+Use **{% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_actions %} together** when:
+
+* A workflow must act beyond the repository’s default permissions
+* A {% data variables.product.prodname_github_app %} needs to trigger a workflow
+* External logic orchestrates in-repo execution
+* Enterprise-wide policies or workflows require both identity and runtime
+
+## Next steps
+
+Learn how to design and manage {% data variables.product.prodname_github_apps %} at the enterprise level in [AUTOTITLE](/admin/managing-your-enterprise-account/creating-github-apps-for-your-enterprise).

content/admin/concepts/enterprise-fundamentals/index.md

@@ -11,5 +11,6 @@ children:
   - /enterprise-accounts
   - /teams-in-an-enterprise
   - /roles-in-an-enterprise
+  - /automations-in-your-enterprise
 contentType: concepts
 ---

content/apps/using-github-apps/installing-a-github-app-on-your-enterprise.md

@@ -32,15 +32,7 @@ After installation, the app will be able to create an installation token for you
 
 ## What enterprise-installed apps can do
 
-Enterprise-installed {% data variables.product.prodname_github_apps %} cannot call every enterprise API, but several APIs have already been updated to support GitHub Apps. These APIs and GraphQL mutations include:
-
-* [List and create organizations in your enterprise](/graphql/reference/mutations#createenterpriseorganization)
-* [Manage users in your enterprise](/graphql/reference/objects#enterprise)
-* Create and manage {% data variables.product.prodname_github_app %} installations in your organizations
-* Manage enterprise custom repository properties
-* Call the enterprise SCIM APIs
-
-Check the [changelog](https://github.blog/changelog/) for updates on new APIs and permissions for {% data variables.product.prodname_github_apps %}.
+{% data reusables.enterprise-accounts.enterprise-apps-capabilities %}
 
 For more information about available permissions and API endpoints, see [AUTOTITLE](/rest/authentication/permissions-required-for-github-apps).
 

content/copilot/concepts/copilot-metrics.md

@@ -54,6 +54,19 @@ This means the data **does not include** activity from other {% data variables.p
 
 License and seat management data are not included in {% data variables.product.prodname_copilot_short %} usage metrics reports. To view or manage license assignments, use the {% data variables.product.prodname_copilot_short %} user management API, which is the source of truth for license and seat information. See [AUTOTITLE](/rest/copilot/copilot-user-management).
 
+## Why {% data variables.product.prodname_copilot_short %} usage metrics may differ across API resources
+
+The following API resources expose {% data variables.product.prodname_copilot_short %}-related data, but they are not interchangeable and should not be compared directly. Each API resource is designed for a specific use case and data model, and differences in totals or coverage are expected. Use this table to understand which API resource best fits your reporting needs.
+
+> [!NOTE]
+> We strongly recommend using the {% data variables.product.prodname_copilot_short %} usage metrics API for new integrations and analyses, as it provides the most complete and future-facing view of {% data variables.product.prodname_copilot_short %} usage.
+
+| API resource | Scope | Key capabilities |
+| --- | --- | --- |
+| [AUTOTITLE](/rest/copilot/copilot-usage-metrics) | Advanced enterprise- and user-level event telemetry | Provides unified telemetry across completions, chat, and agent modes. Includes usage and lines of code metrics across all IDE modes, languages, and models. Supports detailed breakdowns by feature, IDE, language, model, and user, and is the primary API resource being actively developed and maintained. |
+| [AUTOTITLE](/rest/copilot/copilot-user-management) | License and seat assignment | Lists assigned {% data variables.product.prodname_copilot_short %} seats for an organization or enterprise, including license state, user association, and `last_activity_at`. This API resource is the source of truth for license and seat information. |
+| [AUTOTITLE](/rest/copilot/copilot-metrics) | Enterprise-, organization-, and team-level usage metrics | Provides aggregated usage data for {% data variables.product.prodname_copilot_short %} features on {% data variables.product.prodname_dotcom_the_website %} (such as pull request summaries) and some IDE-based completions and chat. Does not include Agent or Edit mode telemetry. Offers enterprise-wide and per-feature breakdowns by IDE and language. Does not include individual-level data. |
+
 ## How are metrics attributed across organizations?
 
 > [!NOTE]

content/enterprise-onboarding/github-apps/automations-in-your-enterprise.md

@@ -0,0 +1,17 @@
+---
+title: Automations in your enterprise
+shortTitle: Automations
+intro: 'Learn how {% data variables.product.prodname_github_apps %}, external services, and {% data variables.product.prodname_actions %} work together to automate processes in your enterprise.'
+versions:
+  ghec: '*'
+type: overview
+topics:
+  - Enterprise
+  - Fundamentals
+---
+
+{% data reusables.enterprise-onboarding.automations %}
+
+## Next steps
+
+To create {% data variables.product.prodname_github_apps %} that can access enterprise-level resources and automate workflows, see [AUTOTITLE](/enterprise-onboarding/github-apps/create-enterprise-apps).

content/enterprise-onboarding/github-apps/index.md

@@ -9,6 +9,7 @@ topics:
   - Enterprise
   - GitHub Apps
 children:
+  - /automations-in-your-enterprise
   - /create-enterprise-apps
   - /install-enterprise-apps
 ---

data/reusables/code-scanning/require-actions-ghcs.md

@@ -1,3 +1,3 @@
-* {% data variables.product.prodname_actions %} are enabled.{% ifversion fpt or ghec %}
+* {% data variables.product.prodname_actions %} is enabled.{% ifversion fpt or ghec %}
 * It is publicly visible, or {% data variables.product.prodname_GH_code_security %} is enabled.{%- elsif ghes %}
 * {% data variables.product.prodname_GH_code_security %} is enabled.{% endif %}

data/reusables/enterprise-accounts/enterprise-apps-capabilities.md

@@ -0,0 +1,9 @@
+Enterprise-installed {% data variables.product.prodname_github_apps %} cannot call every enterprise API, but several APIs have already been updated to support {% data variables.product.prodname_github_apps %}. These APIs and GraphQL mutations include:
+
+* [List and create organizations in your enterprise](/graphql/reference/mutations#createenterpriseorganization)
+* [Manage users in your enterprise](/graphql/reference/objects#enterprise)
+* Create and manage {% data variables.product.prodname_github_app %} installations in your organizations
+* Manage enterprise custom repository properties
+* Call the enterprise SCIM APIs
+
+Check the [changelog](https://github.blog/changelog/) for updates on new APIs and permissions for {% data variables.product.prodname_github_apps %}.

data/reusables/enterprise-accounts/github-apps-tab.md

@@ -1 +1 @@
-1. In the left sidebar, click **{% octicon "apps" aria-hidden="true" %} GitHub Apps**.
+1. In the left sidebar, click **{% octicon "apps" aria-hidden="true" %} {% data variables.product.prodname_github_apps %}**.