github
diff --git a/‎content/actions/guides/index.md‎
Lines changed: 1 addition & 2 deletions b/‎content/actions/guides/index.md‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎content/actions/guides/managing-github-actions-with-github-cli.md‎
Lines changed: 0 additions & 38 deletions b/‎content/actions/guides/managing-github-actions-with-github-cli.md‎
Lines changed: 0 additions & 38 deletions
diff --git a/‎content/actions/guides/using-github-cli-in-workflows.md‎
Lines changed: 69 additions & 0 deletions b/‎content/actions/guides/using-github-cli-in-workflows.md‎
Lines changed: 69 additions & 0 deletions
diff --git a/‎content/actions/managing-workflow-runs/disabling-and-enabling-a-workflow.md‎
Lines changed: 3 additions & 7 deletions b/‎content/actions/managing-workflow-runs/disabling-and-enabling-a-workflow.md‎
Lines changed: 3 additions & 7 deletions
diff --git a/‎content/actions/managing-workflow-runs/downloading-workflow-artifacts.md‎
Lines changed: 1 addition & 3 deletions b/‎content/actions/managing-workflow-runs/downloading-workflow-artifacts.md‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎content/actions/managing-workflow-runs/manually-running-a-workflow.md‎
Lines changed: 3 additions & 5 deletions b/‎content/actions/managing-workflow-runs/manually-running-a-workflow.md‎
Lines changed: 3 additions & 5 deletions
diff --git a/‎content/actions/managing-workflow-runs/re-running-a-workflow.md‎
Lines changed: 1 addition & 3 deletions b/‎content/actions/managing-workflow-runs/re-running-a-workflow.md‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎content/actions/managing-workflow-runs/using-workflow-run-logs.md‎
Lines changed: 1 addition & 1 deletion b/‎content/actions/managing-workflow-runs/using-workflow-run-logs.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/actions/managing-workflow-runs/viewing-workflow-run-history.md‎
Lines changed: 1 addition & 3 deletions b/‎content/actions/managing-workflow-runs/viewing-workflow-run-history.md‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎content/actions/reference/encrypted-secrets.md‎
Lines changed: 100 additions & 7 deletions b/‎content/actions/reference/encrypted-secrets.md‎
Lines changed: 100 additions & 7 deletions
@@ -72,7 +72,6 @@ includeGuides:
   - /actions/guides/commenting-on-an-issue-when-a-label-is-added
   - /actions/guides/moving-assigned-issues-on-project-boards
   - /actions/guides/removing-a-label-when-a-card-is-added-to-a-project-board-column
-  - /actions/guides/managing-github-actions-with-github-cli
   - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions
   - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
 children:
@@ -109,6 +108,6 @@ children:
   - /commenting-on-an-issue-when-a-label-is-added
   - /moving-assigned-issues-on-project-boards
   - /removing-a-label-when-a-card-is-added-to-a-project-board-column
-  - /managing-github-actions-with-github-cli
+  - /using-github-cli-in-workflows
 ---
 
@@ -0,0 +1,69 @@
+---
+title: Using GitHub CLI in workflows
+shortTitle: GitHub CLI in workflows
+intro: 'You can script with {% data variables.product.prodname_cli %} in {% data variables.product.prodname_actions %} workflows.'
+versions:
+  fpt: '*'
+  ghes: '>=2.22'
+  ghae: '*'
+topics:
+  - CLI
+  - Workflows
+type: how_to
+---
+
+{% data reusables.cli.cli-learn-more %}
+
+{% data variables.product.prodname_cli %} is preinstalled on all {% data variables.product.prodname_dotcom %}-hosted runners. For each step that uses {% data variables.product.prodname_cli %}, you must set an environment variable called `GITHUB_TOKEN` to a token with the required scopes.
+
+You can execute any {% data variables.product.prodname_cli %} command. For example, this workflow uses the `gh issue comment` subcommand to add a comment when an issue is opened.
+
+```yaml{:copy}
+name: Comment when opened
+on:
+  issues:
+    types:
+      - opened
+jobs:
+  comment:
+    runs-on: ubuntu-latest
+    steps:
+      - run: gh issue comment $ISSUE --body "Thank you for opening this issue!"
+        env:
+          GITHUB_TOKEN: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
+          ISSUE: {% raw %}${{ github.event.issue.html_url }}{% endraw %}
+```
+
+You can also execute API calls through {% data variables.product.prodname_cli %}. For example, this workflow first uses the `gh api` subcommand to query the GraphQL API and parse the result. Then it stores the result in an environment variable that it can access in a later step. In the second step, it uses the `gh issue create` subcommand to create an issue containing the information from the first step.
+
+```yaml{:copy}
+name: Report remaining open issues
+on: 
+  schedule: 
+    # Daily at 8:20 UTC
+    - cron: '20 8 * * *'
+jobs:
+  track_pr:
+    runs-on: ubuntu-latest
+    steps:
+      - run: |
+          numOpenIssues="$(gh api graphql -F owner=$OWNER -F name=$REPO -f query='
+            query($name: String!, $owner: String!) {
+              repository(owner: $owner, name: $name) {
+                issues(states:OPEN){
+                  totalCount
+                }
+              }
+            }
+          ' --jq '.data.repository.issues.totalCount')"
+
+          echo 'NUM_OPEN_ISSUES='$numOpenIssues >> $GITHUB_ENV
+        env:
+          GITHUB_TOKEN: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
+          OWNER: {% raw %}${{ github.repository_owner }}{% endraw %}
+          REPO: {% raw %}${{ github.event.repository.name }}{% endraw %}
+      - run: |
+          gh issue create --title "Issue report" --body "$NUM_OPEN_ISSUES issues remaining" --repo $GITHUB_REPOSITORY
+        env:
+          GITHUB_TOKEN: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
+```
@@ -30,7 +30,7 @@ Temporarily disabling a workflow can be useful in many scenarios. These are a fe
 
 You can also disable and enable a workflow using the REST API. For more information, see the "[Actions REST API](/rest/reference/actions#workflows)."
 
-### Disabling a workflow
+## Disabling a workflow
 
 {% include tool-switcher %}
 
@@ -51,9 +51,7 @@ The disabled workflow is marked {% octicon "stop" aria-label="The stop icon" %}
 
 {% cli %}
 
-{% data reusables.cli.download-cli %}
-
-{% data reusables.actions.actions-cli %}
+{% data reusables.cli.cli-learn-more %}
 
 To disable a workflow, use the `workflow disable` subcommand. Replace `workflow` with either the name, ID, or file name of the workflow you want to disable. For example, `"Link Checker"`, `1234567`, or `"link-check-test.yml"`. If you don't specify a workflow, {% data variables.product.prodname_cli %} returns an interactive menu for you to choose a workflow.
 
@@ -63,7 +61,7 @@ gh workflow disable <em>workflow</em>
 
 {% endcli %}
 
-### Enabling a workflow
+## Enabling a workflow
 
 {% include tool-switcher %}
 
@@ -82,8 +80,6 @@ You can re-enable a workflow that was previously disabled.
 
 {% cli %}
 
-{% data reusables.actions.actions-cli %}
-
 To enable a workflow, use the `workflow enable` subcommand. Replace `workflow` with either the name, ID, or file name of the workflow you want to enable. For example, `"Link Checker"`, `1234567`, or `"link-check-test.yml"`. If you don't specify a workflow, {% data variables.product.prodname_cli %} returns an interactive menu for you to choose a workflow.
 
 ```shell
 
@@ -37,9 +37,7 @@ shortTitle: Download workflow artifacts
 
 {% cli %}
 
-{% data reusables.cli.download-cli %}
-
-{% data reusables.actions.actions-cli %}
+{% data reusables.cli.cli-learn-more %}
 
 {% data variables.product.prodname_cli %} will download each artifact into separate directories based on the artifact name. If only a single artifact is specified, it will be extracted into the current directory.
 
 
@@ -19,7 +19,7 @@ To run a workflow manually, the workflow must be configured to run on the `workf
 
 {% data reusables.repositories.permissions-statement-write %}
 
-### Running a workflow
+## Running a workflow
 
 {% include tool-switcher %}
 
@@ -38,9 +38,7 @@ To run a workflow manually, the workflow must be configured to run on the `workf
 
 {% cli %}
 
-{% data reusables.cli.download-cli %}
-
-{% data reusables.actions.actions-cli %}
+{% data reusables.cli.cli-learn-more %}
 
 To run a workflow, use the `workflow run` subcommand. Replace the `workflow` parameter with either the name, ID, or file name of the workflow you want to run. For example, `"Link Checker"`, `1234567`, or `"link-check-test.yml"`. If you don't specify a workflow, {% data variables.product.prodname_cli %} returns an interactive menu for you to choose a workflow.
 
@@ -74,7 +72,7 @@ gh run watch
 
 {% endcli %}
 
-### Running a workflow using the REST API
+## Running a workflow using the REST API
 
 When using the REST API, you configure the `inputs` and `ref` as request body parameters. If the inputs are omitted, the default values defined in the workflow file are used.
 
 
@@ -29,9 +29,7 @@ Re-running a workflow uses the same `GITHUB_SHA` (commit SHA) and `GITHUB_REF` (
 
 {% cli %}
 
-{% data reusables.cli.download-cli %}
-
-{% data reusables.actions.actions-cli %}
+{% data reusables.cli.cli-learn-more %}
 
 To re-run a failed workflow run, use the `run rerun` subcommand. Replace `run-id` with the ID of the failed run that you want to re-run.  If you don't specify a `run-id`, {% data variables.product.prodname_cli %} returns an interactive menu for you to choose a recent failed run.
 
 
@@ -112,7 +112,7 @@ After the logs have been deleted, the **Delete all logs** button is removed to i
 
 ## Viewing logs with {% data variables.product.prodname_cli %}
 
-{% data reusables.actions.actions-cli %}
+{% data reusables.cli.cli-learn-more %}
 
 To view the log for a specific job, use the `run view` subcommand. Replace `run-id` with the ID of run that you want to view logs for. {% data variables.product.prodname_cli %} returns an interactive menu for you to choose a job from the run. If you don't specify `run-id`, {% data variables.product.prodname_cli %} returns an interactive menu for you to choose a recent run, and then returns another interactive menu for you to choose a job from the run.
 
 
@@ -28,9 +28,7 @@ shortTitle: View workflow run history
 
 {% cli %}
 
-{% data reusables.cli.download-cli %}
-
-{% data reusables.actions.actions-cli %}
+{% data reusables.cli.cli-learn-more %}
 
 ### Viewing recent workflow runs
 
 
@@ -58,10 +58,20 @@ You can also manage secrets using the REST API. For more information, see "[Secr
 
 When generating credentials, we recommend that you grant the minimum permissions possible. For example, instead of using personal credentials, use [deploy keys](/developers/overview/managing-deploy-keys#deploy-keys) or a service account. Consider granting read-only permissions if that's all that is needed, and limit access as much as possible. When generating a personal access token (PAT), select the fewest scopes necessary.
 
+{% note %}
+
+**Note:** You can use the REST API to manage secrets. For more information, see "[{% data variables.product.prodname_actions %} secrets API](/rest/reference/actions#secrets)."
+
+{% endnote %}
+
 ## Creating encrypted secrets for a repository
 
 {% data reusables.github-actions.permissions-statement-secrets-repository %}
 
+{% include tool-switcher %}
+
+{% webui %}
+
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.github-actions.sidebar-secret %}
@@ -72,26 +82,65 @@ When generating credentials, we recommend that you grant the minimum permissions
 
 If your repository {% ifversion fpt or ghes > 3.0 or ghae %}has environment secrets or {% endif %}can access secrets from the parent organization, then those secrets are also listed on this page.
 
-{% note %}
+{% endwebui %}
 
-**Note:** Users with collaborator access can use the REST API to manage secrets for a repository. For more information, see "[{% data variables.product.prodname_actions %} secrets API](/rest/reference/actions#secrets)."
+{% cli %}
 
-{% endnote %}
+{% data reusables.cli.cli-learn-more %}
+
+To add a repository secret, use the `gh secret set` subcommand. Replace `secret-name` with the name of your secret.
+
+```shell
+gh secret set <em>secret-name</em>
+```
+
+The CLI will prompt you to enter a secret value. Alternatively, you can read the value of the secret from a file.
+
+```shell
+gh secret set <em>secret-name</em> < secret.txt
+```
+
+To list all secrets for the repository, use the `gh secret list` subcommand.
+
+{% endcli %}
 
 {% ifversion fpt or ghes > 3.0 or ghae %}
 
 ## Creating encrypted secrets for an environment
 
 {% data reusables.github-actions.permissions-statement-secrets-environment %}
 
+{% include tool-switcher %}
+
+{% webui %}
+
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.github-actions.sidebar-environment %}
 1. Click on the environment that you want to add a secret to.
-1. Under **Environment secrets**, click **Add secret**.
-1. Type a name for your secret in the **Name** input box.
-1. Enter the value for your secret.
-1. Click **Add secret**.
+2. Under **Environment secrets**, click **Add secret**.
+3. Type a name for your secret in the **Name** input box.
+4. Enter the value for your secret.
+5. Click **Add secret**.
+
+{% endwebui %}
+
+{% cli %}
+
+To add a secret for an environment, use the `gh secret set` subcommand with the `--env` or `-e` flag followed by the environment name.
+
+```shell
+gh secret set --env <em>environment-name</em> <em>secret-name</em>
+```
+
+To list all secrets for an environment, use the `gh secret list` subcommand with the `--env` or `-e` flag followed by the environment name.
+
+```shell
+gh secret list --env <em>environment-name</em>
+```
+
+{% endcli %}
+
 {% endif %}
 
 ## Creating encrypted secrets for an organization
@@ -100,6 +149,10 @@ When creating a secret in an organization, you can use a policy to limit which r
 
 {% data reusables.github-actions.permissions-statement-secrets-organization %}
 
+{% include tool-switcher %}
+
+{% webui %}
+
 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.org_settings %}
 {% data reusables.github-actions.sidebar-secret %}
@@ -109,6 +162,46 @@ When creating a secret in an organization, you can use a policy to limit which r
 1. From the **Repository access** dropdown list, choose an access policy.
 1. Click **Add secret**.
 
+{% endwebui %}
+
+{% cli %}
+
+{% note %}
+
+**Note:** By default, {% data variables.product.prodname_cli %} authenticates with the `repo` and `read:org` scopes. To manage organization secrets, you must additionally authorize the `admin:org` scope.
+
+```
+gh auth login --scopes "admin:org"
+```
+
+{% endnote %}
+
+To add a secret for an organization, use the `gh secret set` subcommand with the `--org` or `-o` flag followed by the organization name.
+
+```shell
+gh secret set --org <em>organization-name</em> <em>secret-name</em>
+```
+
+By default, the secret is only available to private repositories. To specify that the secret should be available to all repositories within the organization, use the `--visibility` or `-v` flag.
+
+```shell
+gh secret set --org <em>organization-name</em> <em>secret-name</em> --visibility all
+```
+
+To specify that the secret should be available to selected repositories within the organization, use the `--repos` or `-r` flag.
+
+```shell
+gh secret set --org <em>organization-name</em> <em>secret-name</em> --repos <em>repo-name-1</em>,<em>repo-name-2</em>"
+```
+
+To list all secrets for an organization, use the `gh secret list` subcommand with the `--org` or `-o` flag followed by the organization name.
+
+```shell
+gh secret list --org <em>organization-name</em>
+```
+
+{% endcli %}
+
 ## Reviewing access to organization-level secrets
 
 You can check which access policies are being applied to a secret in your organization.