The GitHub Discussions GraphQL API public beta is now available. Get started with the GitHub Discussions API.
For questions or feedback, visit GitHub Discussions feedback.
The API for environments, and environment protection rules is now available. The API enables you to automate scenarios like creating an environment or approving a deployment.
Learn more about the Environments API
Learn more about the GitHub Actions API
The GitHub Discussions GraphQL API public beta is now available. Get started with the GitHub Discussions API.
For questions or feedback, visit GitHub Discussions feedback.
Starting March 1st, 2021 workflow runs that are triggered by Dependabot from push
, pull_request
, pull_request_review
, or pull_request_review_comment
events will be treated as if they were opened from a repository fork. This means they will receive a read-only GITHUB_TOKEN
and will not have access to any secrets available in the repository. This will cause any workflows that attempt to write to the repository to fail.
This change will affect all repositories, both public and private, regardless of how they are configured, and is being made to prevent potentially compromised dependencies from capturing secrets referenced in your workflows.
If your workflow needs to have a write token or access to secrets, you can use the pull_request_target
event; however, please read
Keeping your GitHub Actions and workflows secure: Preventing pwn requests to better understand the risks.