Fix versioning for Dependabot OIDC support (#60958)

Co-authored-by: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com>

Author: mchammer01

content/actions/concepts/security/openid-connect.md

@@ -166,6 +166,8 @@ You can use the `repo_property_*` claims in your cloud provider's trust conditio
 
 {% endif %}
 
+{% ifversion dependabot-oidc-support %}
+
 ## OIDC support for {% data variables.product.prodname_dependabot %}
 
 {% data variables.product.prodname_dependabot %} can use OIDC to authenticate with private registries, eliminating the need to store long-lived credentials as repository secrets. With OIDC-based authentication, {% data variables.product.prodname_dependabot %} update jobs can dynamically obtain short-lived credentials from your cloud identity provider.
@@ -180,6 +182,8 @@ The benefits of OIDC authentication for {% data variables.product.prodname_depen
 
 For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#using-oidc-for-authentication).
 
+{% endif %}
+
 ## Next steps
 
 For more information about configuring OIDC, see [AUTOTITLE](/actions/how-tos/security-for-github-actions/security-hardening-your-deployments).

content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot.md

@@ -124,6 +124,8 @@ If your private registry is configured with an IP allow list, you can find the I
 
 {% endif %}
 
+{% ifversion dependabot-oidc-support %}
+
 ## Using OIDC for authentication
 
 {% data variables.product.prodname_dependabot %} can use OpenID Connect (OIDC) to authenticate with private registries, eliminating the need to store long-lived credentials as repository secrets.
@@ -191,6 +193,8 @@ registries:
 
 For more information about how OIDC works, see [AUTOTITLE](/actions/concepts/security/openid-connect).
 
+{% endif %}
+
 ## Allowing external code execution
 
 When you give {% data variables.product.prodname_dependabot %} access to one or more registries, external code execution is automatically disabled to protect your code from compromised packages. However, some version updates may fail.
@@ -430,6 +434,8 @@ registries:
 
 {% endraw %}
 
+{% ifversion dependabot-oidc-support %}
+
 You can also use OIDC authentication to access JFrog Artifactory. {% data reusables.dependabot.dependabot-oidc-credentials %}
 
 {% raw %}
@@ -446,6 +452,8 @@ registries:
 
 {% endraw %}
 
+{% endif %}
+
 ### `npm-registry`
 
 The `npm-registry` type supports username and password, or token. {% data reusables.dependabot.password-definition %}
@@ -516,6 +524,8 @@ registries:
 
 {% endraw %}
 
+{% ifversion dependabot-oidc-support %}
+
 You can also use OIDC authentication to access Azure DevOps Artifacts. {% data reusables.dependabot.dependabot-oidc-credentials %}
 
 {% raw %}
@@ -533,6 +543,8 @@ registries:
 
 The `AZURE_TENANT_ID` and `AZURE_CLIENT_ID` values can be obtained from the overview page of your Entra ID app registration.
 
+{% endif %}
+
 ### `pub-repository`
 
 The `pub-repository` type supports a URL and a token.
@@ -590,6 +602,8 @@ registries:
 
 {% endraw %}
 
+{% ifversion dependabot-oidc-support %}
+
 You can also use OIDC authentication to access Azure DevOps Artifacts. {% data reusables.dependabot.dependabot-oidc-credentials %}
 
 {% raw %}
@@ -606,6 +620,8 @@ registries:
 
 {% endraw %}
 
+{% endif %}
+
 ### `rubygems-server`
 
 The `rubygems-server` type supports username and password, or token. {% data reusables.dependabot.password-definition %}

content/code-security/reference/supply-chain-security/dependabot-options-reference.md

@@ -980,6 +980,8 @@ updates:
 
 The parameters used to provide authentication details for access to a private registry vary according to the registry `type`.
 
+{% ifversion dependabot-oidc-support %}
+
 | Registry `type` | Required authentication parameters |
 |--|--|
 | `cargo-registry` | `token` |
@@ -996,13 +998,37 @@ The parameters used to provide authentication details for access to a private re
 | `rubygems-server` | `username` and `password`<br>or `token`<br>or OIDC with `tenant-id` and `client-id` |
 | `terraform-registry` | `token` |
 
+{% else %}
+
+| Registry `type` | Required authentication parameters |
+|--|--|
+| `cargo-registry` | `token` |
+| `composer-repository` | `username` and `password` |
+| `docker-registry` | `username` and `password` |
+| `git` | `username` and `password` |
+| `hex-organization` | `organization` and `key` |
+| `hex-repository` | `repo` and `auth-key` optionally with the corresponding `public-key-fingerprint` |
+| `maven-repository` | `username` and `password` |
+| `npm-registry` | `username` and `password`<br>or `token` |
+| `nuget-feed` | `username` and `password`<br>or `token` |
+| `pub-registry` | `token` |
+| `python-index` | `username` and `password`<br>or `token` |
+| `rubygems-server` | `username` and `password`<br>or `token` |
+| `terraform-registry` | `token` |
+
+{% endif %}
+
 All sensitive data used for authentication should be stored securely and referenced from that secure location, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot).
 
 > [!TIP]
 > {% data reusables.dependabot.password-definition %}
 
+{% ifversion dependabot-oidc-support %}
+
 For more information about  OIDC support for {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/actions/concepts/security/openid-connect#oidc-support-for-dependabot) and [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot#using-oidc-for-authentication).
 
+{% endif %}
+
 ### `url` and `replaces-base`
 
 The `url` parameter defines where to access a registry. When the optional `replaces-base` parameter is enabled (`true`), {% data variables.product.prodname_dependabot %} resolves dependencies using the value of `url` rather than the base URL of that specific ecosystem.

data/features/dependabot-oidc-support.yml

@@ -0,0 +1,6 @@
+# Reference: #20672
+# Configure Dependabot to use GitHub OIDC [GA]
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.20'