feat: new action runner groups endpoints, new code scanning alerts au…

…tofix endpoints, new sub-issues endpoints, new private registries enpoints, new code security endpoints, various description updates (#777)

- Description updates
- New `/enterprises/{enterprise}/copilot/billing/seats`
- New `/enterprises/{enterprise}/settings/billing/cost-centers`
- New `/enterprises/{enterprise}/settings/billing/usage`
- New `/enterprises/{enterprise}/code-security/configurations/defaults`
- New `/enterprises/{enterprise}/code-security/configurations/{configuration_id}`
- New `/enterprises/{enterprise}/code-security/configurations/{configuration_id}/attach`
- New `/orgs/{org}/actions/runner-groups`
- New `/orgs/{org}/actions/runner-groups/{runner_group_id}`
- New `/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories`
- New `/orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}`
- New `/orgs/{org}/actions/runner-groups/{runner_group_id}/runners`
- New `/orgs/{org}/actions/runner-groups/{runner_group_id}/runners/{runner_id}`
- New `/orgs/{org}/copilot/metrics`
- New `/orgs/{org}/insights/api/route-stats/{actor_type}/{actor_id}`
- New `/orgs/{org}/insights/api/subject-stats`
- New `/orgs/{org}/insights/api/summary-stats`
- New `/orgs/{org}/insights/api/summary-stats/users/{user_id}`
- New `/orgs/{org}/insights/api/summary-stats/{actor_type}/{actor_id}`
- New `/orgs/{org}/insights/api/time-stats`
- New `/orgs/{org}/insights/api/time-stats/users/{user_id}`
- New `/orgs/{org}/insights/api/time-stats/{actor_type}/{actor_id}`
- New `/orgs/{org}/insights/api/user-stats/{user_id}`
- New `/orgs/{org}/private-registries`
- New `/orgs/{org}/private-registries/public-key`
- New `/orgs/{org}/private-registries/{secret_name}`
- New `/orgs/{org}/team/{team_slug}/copilot/metrics`
- New `/orgs/{org}/team/{team_slug}/copilot/usage`
- **Deprecate `/orgs/{org}/{security_product}/{enablement}`**
- New `/repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/autofix`
- New `/repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/autofix/commits`
- New `/repos/{owner}/{repo}/code-security-configuration`
- Add discriminators for various properties
- New `/repos/{owner}/{repo}/issues/{issue_number}/sub_issues`
- New `/repos/{owner}/{repo}/issues/{issue_number}/sub_issues/priority`
- New `/repos/{owner}/{repo}/secret-scanning/push-protection-bypasses`
- New `/repos/{owner}/{repo}/secret-scanning/scan-history`

docs/actions/addRepoAccessToSelfHostedRunnerGroupInOrg.md

@@ -0,0 +1,52 @@
+---
+name: Add repository access to a self-hosted runner group in an organization
+example: octokit.rest.actions.addRepoAccessToSelfHostedRunnerGroupInOrg({ org, runner_group_id, repository_id })
+route: PUT /orgs/{org}/actions/runner-groups/{runner_group_id}/repositories/{repository_id}
+scope: actions
+type: API method
+---
+
+# Add repository access to a self-hosted runner group in an organization
+
+Adds a repository to the list of repositories that can access a self-hosted runner group. The runner group must have `visibility` set to `selected`. For more information, see "[Create a self-hosted runner group for an organization](#create-a-self-hosted-runner-group-for-an-organization)."
+
+OAuth tokens and personal access tokens (classic) need the `admin:org` scope to use this endpoint.
+
+```js
+octokit.rest.actions.addRepoAccessToSelfHostedRunnerGroupInOrg({
+  org,
+  runner_group_id,
+  repository_id,
+});
+```
+
+## Parameters
+
+<table>
+  <thead>
+    <tr>
+      <th>name</th>
+      <th>required</th>
+      <th>description</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr><td>org</td><td>yes</td><td>
+
+The organization name. The name is not case sensitive.
+
+</td></tr>
+<tr><td>runner_group_id</td><td>yes</td><td>
+
+Unique identifier of the self-hosted runner group.
+
+</td></tr>
+<tr><td>repository_id</td><td>yes</td><td>
+
+The unique identifier of the repository.
+
+</td></tr>
+  </tbody>
+</table>
+
+See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/actions/self-hosted-runner-groups#add-repository-access-to-a-self-hosted-runner-group-in-an-organization).

docs/actions/listWorkflowRuns.md

@@ -14,6 +14,8 @@ Anyone with read access to the repository can use this endpoint
 
 OAuth app tokens and personal access tokens (classic) need the `repo` scope to use this endpoint with a private repository.
 
+This endpoint will return up to 1,000 results for each search when using the following parameters: `actor`, `branch`, `check_suite_id`, `created`, `event`, `head_sha`, `status`.
+
 ```js
 octokit.rest.actions.listWorkflowRuns({
   owner,

docs/actions/listWorkflowRunsForRepo.md

@@ -14,7 +14,7 @@ Anyone with read access to the repository can use this endpoint.
 
 OAuth app tokens and personal access tokens (classic) need the `repo` scope to use this endpoint with a private repository.
 
-This API will return up to 1,000 results for each search when using the following parameters: `actor`, `branch`, `check_suite_id`, `created`, `event`, `head_sha`, `status`.
+This endpoint will return up to 1,000 results for each search when using the following parameters: `actor`, `branch`, `check_suite_id`, `created`, `event`, `head_sha`, `status`.
 
 ```js
 octokit.rest.actions.listWorkflowRunsForRepo({

docs/actions/reviewCustomGatesForRun.md

@@ -10,8 +10,8 @@ type: API method
 
 Approve or reject custom deployment protection rules provided by a GitHub App for a workflow run. For more information, see "[Using environments for deployment](https://docs.github.com/actions/deployment/targeting-different-environments/using-environments-for-deployment)."
 
-**Note:** GitHub Apps can only review their own custom deployment protection rules.
-To approve or reject pending deployments that are waiting for review from a specific person or team, see [`POST /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments`](/rest/actions/workflow-runs#review-pending-deployments-for-a-workflow-run).
+> [!NOTE]
+> GitHub Apps can only review their own custom deployment protection rules. To approve or reject pending deployments that are waiting for review from a specific person or team, see [`POST /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments`](/rest/actions/workflow-runs#review-pending-deployments-for-a-workflow-run).
 
 OAuth app tokens and personal access tokens (classic) need the `repo` scope to use this endpoint with a private repository.
 

docs/actions/setAllowedActionsOrganization.md

@@ -48,7 +48,8 @@ Whether actions from GitHub Marketplace verified creators are allowed. Set to `t
 
 Specifies a list of string-matching patterns to allow specific action(s) and reusable workflow(s). Wildcards, tags, and SHAs are allowed. For example, `monalisa/octocat@*`, `monalisa/octocat@v2`, `monalisa/*`.
 
-**Note**: The `patterns_allowed` setting only applies to public repositories.
+> [!NOTE]
+> The `patterns_allowed` setting only applies to public repositories.
 
 </td></tr>
   </tbody>

docs/actions/setAllowedActionsRepository.md

@@ -54,7 +54,8 @@ Whether actions from GitHub Marketplace verified creators are allowed. Set to `t
 
 Specifies a list of string-matching patterns to allow specific action(s) and reusable workflow(s). Wildcards, tags, and SHAs are allowed. For example, `monalisa/octocat@*`, `monalisa/octocat@v2`, `monalisa/*`.
 
-**Note**: The `patterns_allowed` setting only applies to public repositories.
+> [!NOTE]
+> The `patterns_allowed` setting only applies to public repositories.
 
 </td></tr>
   </tbody>

docs/activity/getFeeds.md

@@ -20,7 +20,8 @@ Lists the feeds available to the authenticated user. The response provides a URL
 
 By default, timeline resources are returned in JSON. You can specify the `application/atom+xml` type in the `Accept` header to return timeline resources in Atom format. For more information, see "[Media types](https://docs.github.com/rest/using-the-rest-api/getting-started-with-the-rest-api#media-types)."
 
-**Note**: Private feeds are only returned when [authenticating via Basic Auth](https://docs.github.com/rest/overview/other-authentication-methods#basic-authentication) since current feed URIs use the older, non revocable auth tokens.
+> [!NOTE]
+> Private feeds are only returned when [authenticating via Basic Auth](https://docs.github.com/rest/authentication/authenticating-to-the-rest-api#using-basic-authentication) since current feed URIs use the older, non revocable auth tokens.
 
 ```js
 octokit.rest.activity.getFeeds();

docs/activity/listEventsForAuthenticatedUser.md

@@ -8,7 +8,10 @@ type: API method
 
 # List events for the authenticated user
 
-If you are authenticated as the given user, you will see your private events. Otherwise, you'll only see public events.
+If you are authenticated as the given user, you will see your private events. Otherwise, you'll only see public events. _Optional_: use the fine-grained token with following permission set to view private events: "Events" user permissions (read).
+
+> [!NOTE]
+> This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
 
 ```js
 octokit.rest.activity.listEventsForAuthenticatedUser({

docs/activity/listOrgEventsForAuthenticatedUser.md

@@ -10,6 +10,9 @@ type: API method
 
 This is the user's organization dashboard. You must be authenticated as the user to view this.
 
+> [!NOTE]
+> This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
+
 ```js
 octokit.rest.activity.listOrgEventsForAuthenticatedUser({
   username,

docs/activity/listPublicEvents.md

@@ -8,7 +8,8 @@ type: API method
 
 # List public events
 
-We delay the public events feed by five minutes, which means the most recent event returned by the public events API actually occurred at least five minutes ago.
+> [!NOTE]
+> This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
 
 ```js
 octokit.rest.activity.listPublicEvents();

docs/activity/listPublicEventsForRepoNetwork.md

@@ -8,6 +8,9 @@ type: API method
 
 # List public events for a network of repositories
 
+> [!NOTE]
+> This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
+
 ```js
 octokit.rest.activity.listPublicEventsForRepoNetwork({
   owner,

docs/activity/listPublicEventsForUser.md

@@ -8,6 +8,9 @@ type: API method
 
 # List public events for a user
 
+> [!NOTE]
+> This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
+
 ```js
 octokit.rest.activity.listPublicEventsForUser({
   username,

docs/activity/listPublicOrgEvents.md

@@ -8,6 +8,9 @@ type: API method
 
 # List public organization events
 
+> [!NOTE]
+> This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
+
 ```js
 octokit.rest.activity.listPublicOrgEvents({
   org,

docs/activity/listReceivedEventsForUser.md

@@ -8,7 +8,11 @@ type: API method
 
 # List events received by the authenticated user
 
-These are events that you've received by watching repositories and following users. If you are authenticated as the given user, you will see private events. Otherwise, you'll only see public events.
+These are events that you've received by watching repositories and following users. If you are authenticated as the
+given user, you will see private events. Otherwise, you'll only see public events.
+
+> [!NOTE]
+> This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
 
 ```js
 octokit.rest.activity.listReceivedEventsForUser({

docs/activity/listReceivedPublicEventsForUser.md

@@ -8,6 +8,9 @@ type: API method
 
 # List public events received by a user
 
+> [!NOTE]
+> This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
+
 ```js
 octokit.rest.activity.listReceivedPublicEventsForUser({
   username,

docs/activity/listRepoEvents.md

@@ -8,7 +8,8 @@ type: API method
 
 # List repository events
 
-**Note**: This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
+> [!NOTE]
+> This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
 
 ```js
 octokit.rest.activity.listRepoEvents({

docs/apps/addRepoToInstallation.md

@@ -12,6 +12,8 @@ type: API method
 
 Add a single repository to an installation. The authenticated user must have admin access to the repository.
 
+This endpoint only works for PATs (classic) with the `repo` scope.
+
 ```js
 octokit.rest.apps.addRepoToInstallation({
   installation_id,

docs/apps/addRepoToInstallationForAuthenticatedUser.md

@@ -10,6 +10,8 @@ type: API method
 
 Add a single repository to an installation. The authenticated user must have admin access to the repository.
 
+This endpoint only works for PATs (classic) with the `repo` scope.
+
 ```js
 octokit.rest.apps.addRepoToInstallationForAuthenticatedUser({
   installation_id,

docs/apps/checkToken.md

@@ -8,7 +8,7 @@ type: API method
 
 # Check a token
 
-OAuth applications and GitHub applications with OAuth authorizations can use this API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. You must use [Basic Authentication](https://docs.github.com/rest/overview/other-authentication-methods#basic-authentication) to use this endpoint, where the username is the application `client_id` and the password is its `client_secret`. Invalid tokens will return `404 NOT FOUND`.
+OAuth applications and GitHub applications with OAuth authorizations can use this API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. Invalid tokens will return `404 NOT FOUND`.
 
 ```js
 octokit.rest.apps.checkToken({

docs/apps/createInstallationAccessToken.md

@@ -14,8 +14,6 @@ Optionally, you can use the `repositories` or `repository_ids` body parameters t
 
 Optionally, use the `permissions` body parameter to specify the permissions that the installation access token should have. If `permissions` is not specified, the installation access token will have all of the permissions that were granted to the app. The installation access token cannot be granted permissions that the app was not granted.
 
-When using the repository or permission parameters to reduce the access of the token, the complexity of the token is increased due to both the number of permissions in the request and the number of repositories the token will have access to. If the complexity is too large, the token will fail to be issued. If this occurs, the error message will indicate the maximum number of repositories that should be requested. For the average application requesting 8 permissions, this limit is around 5000 repositories. With fewer permissions requested, more repositories are supported.
-
 You must use a [JWT](https://docs.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app) to access this endpoint.
 
 ```js
@@ -197,7 +195,7 @@ The level of permission to grant the access token for custom property management
 </td></tr>
 <tr><td>permissions.organization_copilot_seat_management</td><td>no</td><td>
 
-The level of permission to grant the access token for managing access to GitHub Copilot for members of an organization with a Copilot Business subscription. This property is in beta and is subject to change.
+The level of permission to grant the access token for managing access to GitHub Copilot for members of an organization with a Copilot Business subscription. This property is in public preview and is subject to change.
 
 </td></tr>
 <tr><td>permissions.organization_announcement_banners</td><td>no</td><td>
@@ -232,7 +230,7 @@ The level of permission to grant the access token for viewing an organization's
 </td></tr>
 <tr><td>permissions.organization_projects</td><td>no</td><td>
 
-The level of permission to grant the access token to manage organization projects and projects beta (where available).
+The level of permission to grant the access token to manage organization projects and projects public preview (where available).
 
 </td></tr>
 <tr><td>permissions.organization_packages</td><td>no</td><td>

docs/apps/deleteAuthorization.md

@@ -8,7 +8,7 @@ type: API method
 
 # Delete an app authorization
 
-OAuth and GitHub application owners can revoke a grant for their application and a specific user. You must use [Basic Authentication](https://docs.github.com/rest/overview/other-authentication-methods#basic-authentication) when accessing this endpoint, using the OAuth application's `client_id` and `client_secret` as the username and password. You must also provide a valid OAuth `access_token` as an input parameter and the grant for the token's owner will be deleted.
+OAuth and GitHub application owners can revoke a grant for their application and a specific user. You must provide a valid OAuth `access_token` as an input parameter and the grant for the token's owner will be deleted.
 Deleting an application's grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user's account and will no longer be listed on [the application authorizations settings screen within GitHub](https://github.com/settings/applications#authorized).
 
 ```js

docs/apps/deleteToken.md

@@ -8,7 +8,7 @@ type: API method
 
 # Delete an app token
 
-OAuth or GitHub application owners can revoke a single token for an OAuth application or a GitHub application with an OAuth authorization. You must use [Basic Authentication](https://docs.github.com/rest/overview/other-authentication-methods#basic-authentication) when accessing this endpoint, using the application's `client_id` and `client_secret` as the username and password.
+OAuth or GitHub application owners can revoke a single token for an OAuth application or a GitHub application with an OAuth authorization.
 
 ```js
 octokit.rest.apps.deleteToken({

docs/apps/getBySlug.md

@@ -8,7 +8,8 @@ type: API method
 
 # Get an app
 
-**Note**: The `:app_slug` is just the URL-friendly name of your GitHub App. You can find this on the settings page for your GitHub App (e.g., `https://github.com/settings/apps/:app_slug`).
+> [!NOTE]
+> The `:app_slug` is just the URL-friendly name of your GitHub App. You can find this on the settings page for your GitHub App (e.g., `https://github.com/settings/apps/:app_slug`).
 
 ```js
 octokit.rest.apps.getBySlug({

docs/apps/getSubscriptionPlanForAccount.md

@@ -10,7 +10,7 @@ type: API method
 
 Shows whether the user or organization account actively subscribes to a plan listed by the authenticated GitHub App. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.
 
-GitHub Apps must use a [JWT](https://docs.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app) to access this endpoint. OAuth apps must use [basic authentication](https://docs.github.com/rest/overview/other-authentication-methods#basic-authentication) with their client ID and client secret to access this endpoint.
+GitHub Apps must use a [JWT](https://docs.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app) to access this endpoint. OAuth apps must use [basic authentication](https://docs.github.com/rest/authentication/authenticating-to-the-rest-api#using-basic-authentication) with their client ID and client secret to access this endpoint.
 
 ```js
 octokit.rest.apps.getSubscriptionPlanForAccount({

docs/apps/getSubscriptionPlanForAccountStubbed.md

@@ -10,7 +10,7 @@ type: API method
 
 Shows whether the user or organization account actively subscribes to a plan listed by the authenticated GitHub App. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.
 
-GitHub Apps must use a [JWT](https://docs.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app) to access this endpoint. OAuth apps must use [basic authentication](https://docs.github.com/rest/overview/other-authentication-methods#basic-authentication) with their client ID and client secret to access this endpoint.
+GitHub Apps must use a [JWT](https://docs.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app) to access this endpoint. OAuth apps must use [basic authentication](https://docs.github.com/rest/authentication/authenticating-to-the-rest-api#using-basic-authentication) with their client ID and client secret to access this endpoint.
 
 ```js
 octokit.rest.apps.getSubscriptionPlanForAccountStubbed({

docs/apps/listAccountsForPlan.md

@@ -10,7 +10,7 @@ type: API method
 
 Returns user and organization accounts associated with the specified plan, including free plans. For per-seat pricing, you see the list of accounts that have purchased the plan, including the number of seats purchased. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.
 
-GitHub Apps must use a [JWT](https://docs.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app) to access this endpoint. OAuth apps must use [basic authentication](https://docs.github.com/rest/overview/other-authentication-methods#basic-authentication) with their client ID and client secret to access this endpoint.
+GitHub Apps must use a [JWT](https://docs.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app) to access this endpoint. OAuth apps must use [basic authentication](https://docs.github.com/rest/authentication/authenticating-to-the-rest-api#using-basic-authentication) with their client ID and client secret to access this endpoint.
 
 ```js
 octokit.rest.apps.listAccountsForPlan({

docs/apps/listAccountsForPlanStubbed.md

@@ -10,7 +10,7 @@ type: API method
 
 Returns repository and organization accounts associated with the specified plan, including free plans. For per-seat pricing, you see the list of accounts that have purchased the plan, including the number of seats purchased. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.
 
-GitHub Apps must use a [JWT](https://docs.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app) to access this endpoint. OAuth apps must use [basic authentication](https://docs.github.com/rest/overview/other-authentication-methods#basic-authentication) with their client ID and client secret to access this endpoint.
+GitHub Apps must use a [JWT](https://docs.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-a-github-app) to access this endpoint. OAuth apps must use [basic authentication](https://docs.github.com/rest/authentication/authenticating-to-the-rest-api#using-basic-authentication) with their client ID and client secret to access this endpoint.
 
 ```js
 octokit.rest.apps.listAccountsForPlanStubbed({