github · Octomerger · Sep 29, 2020 · Sep 28, 2020 · Sep 29, 2020 · Sep 29, 2020
diff --git a/content/actions/reference/workflow-syntax-for-github-actions.md b/content/actions/reference/workflow-syntax-for-github-actions.md
@@ -948,7 +948,25 @@ jobs:
 
 #### **`jobs.<job_id>.container.image`**
 
-The Docker image to use as the container to run the action. The value can be the Docker Hub image name or a public docker registry name.
+The Docker image to use as the container to run the action. The value can be the Docker Hub image name or a {% if currentVersion != "free-pro-team@latest" and currentVersion ver_lt "enterprise-server@2.23" %}public{% endif %} registry name.
+
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+#### **`jobs.<job_id>.container.credentials`**
+
+{% data reusables.actions.registry-credentials %}
+
+##### Example
+
+{% raw %}
+```yaml
+container:
+  image: ghcr.io/owner/image
+  credentials:
+     username: ${{ github.actor }}
+     password: ${{ secrets.ghcr_token }}
+```
+{% endraw %}
+{% endif %}
 
 #### **`jobs.<job_id>.container.env`**
 
@@ -1011,19 +1029,43 @@ services:
       - 6379/tcp
 ```
 
-#### **`jobs.<job_id>.services.image`**
+#### **`jobs.<job_id>.services.<service_id>.image`**
+
+The Docker image to use as the service container to run the action. The value can be the Docker Hub image name or a {% if currentVersion != "free-pro-team@latest" and currentVersion ver_lt "enterprise-server@2.23" %}public{% endif %} registry name.
 
-The Docker image to use as the service container to run the action. The value can be the Docker base image name or a public docker Hub or registry.
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
+#### **`jobs.<job_id>.services.<service_id>.credentials`**
+
+{% data reusables.actions.registry-credentials %}
+
+##### Example
+
+{% raw %}
+```yaml
+services:
+  myservice1: 
+    image: ghcr.io/owner/myservice1
+    credentials:
+      username: ${{ github.actor }}
+      password: ${{ secrets.ghcr_token }}
+  myservice2:
+    image: dockerhub_org/myservice2
+    credentials:
+      username: ${{ secrets.DOCKER_USER }}
+      password: ${{ secrets.DOCKER_PASSWORD }}
+```
+{% endraw %}
+{% endif %}
 
-#### **`jobs.<job_id>.services.env`**
+#### **`jobs.<job_id>.services.<service_id>.env`**
 
 Sets a `map` of environment variables in the service container.
 
-#### **`jobs.<job_id>.services.ports`**
+#### **`jobs.<job_id>.services.<service_id>.ports`**
 
 Sets an `array` of ports to expose on the service container.
 
-#### **`jobs.<job_id>.services.volumes`**
+#### **`jobs.<job_id>.services.<service_id>.volumes`**
 
 Sets an `array` of volumes for the service container to use. You can use volumes to share data between services or other steps in a job. You can specify named Docker volumes, anonymous Docker volumes, or bind mounts on the host.
 
@@ -1042,7 +1084,7 @@ volumes:
   - /source/directory:/destination/directory
 ```
 
-#### **`jobs.<job_id>.services.options`**
+#### **`jobs.<job_id>.services.<service_id>.options`**
 
 Additional Docker container resource options. For a list of options, see "[`docker create` options](https://docs.docker.com/engine/reference/commandline/create/#options)."
 

diff --git a/...-vulnerabilities-and-errors-in-your-code/troubleshooting-the-codeql-workflow.md b/...-vulnerabilities-and-errors-in-your-code/troubleshooting-the-codeql-workflow.md
@@ -57,6 +57,7 @@ If your workflow fails with an error `No source code was seen during the build`
       # ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
       language: ['go', 'javascript']
   ```
+For more information, see the workflow extract in "[Automatic build for a compiled language fails](#automatic-build-for-a-compiled-language-fails)" above.
 1. Your {{ site.data.variables.product.prodname_code_scanning }} workflow is analyzing a compiled language (C, C++, C#, or Java), but the code was not compiled. By default, the {{ site.data.variables.product.prodname_codeql }} analysis workflow contains an `autobuild` step, however, this step represents a best effort process, and may not succeed in building your code, depending on your specific build environment. Compilation may also fail if you have removed the `autobuild` step and did not include build steps manually.  For more information about specifying build steps, see "[Configuring the {{ site.data.variables.product.prodname_codeql }} workflow for compiled languages](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
 1. Your workflow is analyzing a compiled language (C, C++, C#, or Java), but portions of your build are cached to improve performance (most likely to occur with build systems like Gradle or Bazel). Since {{ site.data.variables.product.prodname_codeql }} observes the activity of the compiler to understand the data flows in a repository, {{ site.data.variables.product.prodname_codeql }} requires a complete build to take place in order to perform analysis. 
 1. Your workflow is analyzing a compiled language (C, C++, C#, or Java), but compilation does not occur between the `init` and `analyze` steps in the workflow. {{ site.data.variables.product.prodname_codeql }} requires that your build happens in between these two steps in order to observe the activity of the compiler and perform analysis. 
@@ -99,7 +100,7 @@ If you use self-hosted runners to run {{ site.data.variables.product.prodname_co
 
 #### Use matrix builds to parallelize the analysis
 
-The default {{ site.data.variables.product.prodname_codeql_workflow }} uses a build matrix of languages, which causes the analysis of each language to run in parallel. If you have specified the languages you want to analyze directly in the "Initialize CodeQL" step, analysis of each language will happen sequentially. To speed up analysis of multiple languages, modify your workflow to use a matrix. For more information, see "[Managing complex workflows](/actions/learn-github-actions/managing-complex-workflows/#using-a-build-matrix)."
+The default {{ site.data.variables.product.prodname_codeql_workflow }} uses a build matrix of languages, which causes the analysis of each language to run in parallel. If you have specified the languages you want to analyze directly in the "Initialize CodeQL" step, analysis of each language will happen sequentially. To speed up analysis of multiple languages, modify your workflow to use a matrix. For more information, see the workflow extract in "[Automatic build for a compiled language fails](#automatic-build-for-a-compiled-language-fails)" above.
 
 #### Reduce the amount of code being analyzed in a single workflow
 

diff --git a/data/reusables/actions/registry-credentials.md b/data/reusables/actions/registry-credentials.md
@@ -0,0 +1 @@
+If the image's container registry requires authentication to pull the image, you can use `credentials` to set a `map` of the `username` and `password`. The credentials are the same values that you would provide to the [`docker login`](https://docs.docker.com/engine/reference/commandline/login/) command.
diff --git a/javascripts/wrap-code-terms.js b/javascripts/wrap-code-terms.js
@@ -11,16 +11,21 @@ export default function () {
   if (!codeTerms) return
 
   codeTerms.forEach(node => {
-    node.innerHTML = node.innerHTML.replace(wordsLongerThan18Chars, (str) => {
+    // Do the wrapping on the inner text only, so we don't modify hrefs
+    const oldText = node.textContent
+
+    const newText = oldText.replace(wordsLongerThan18Chars, (str) => {
       return str
-        // GraphQL code terms use camelcase
+      // GraphQL code terms use camelcase
         .replace(camelCaseChars, '$1<wbr>$2')
-        // REST code terms use underscores
-        // to keep word breaks looking nice, only break on underscores after the 12th char
-        // so `has_organization_projects` will break after `has_organization` instead of after `has_`
+      // REST code terms use underscores
+      // to keep word breaks looking nice, only break on underscores after the 12th char
+      // so `has_organization_projects` will break after `has_organization` instead of after `has_`
         .replace(underscoresAfter12thChar, '$1_<wbr>')
-        // Some Actions reference pages have tables with code terms separated by slashes
+      // Some Actions reference pages have tables with code terms separated by slashes
         .replace(slashChars, '$1<wbr>')
     })
+
+    node.innerHTML = node.innerHTML.replace(oldText, newText)
   })
 }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		If the image's container registry requires authentication to pull the image, you can use `credentials` to set a `map` of the `username` and `password`. The credentials are the same values that you would provide to the [`docker login`](https://docs.docker.com/engine/reference/commandline/login/) command.