GitHub Actions : The Windows 2016 runner image will be removed from GitHub-hosted runners on March 15, 2022

As part of our ongoing efforts to keep GitHub-hosted runners updated and secure, the Windows 2016 virtual environment will be removed from GitHub Actions on March 15, 2022. We recommend you change jobs using runs-on: windows-2016 to use runs-on: windows-latest which will ensure you're always running on the latest version of Windows Server.

If you need to pin your job to a specific version of Windows Server, you can see the full list of supported versions and instructions here: supported-runners-and-hardware-resources

To raise awareness of the upcoming removal, we will temporarily fail jobs using Windows 2016 for two short 'brownout' periods. Builds that are scheduled to run during the brownout periods will fail. The brownouts are scheduled for the following dates and times:

  • December 1, 2021 4:00pm UTC – 10:00pm UTC
  • February 7, 2022 4:00pm UTC – 10:00pm UTC

Once deprecated, the Windows 2016 image is now excluded from the service level agreement and warranty therefore it is recommended that you move to a supported version of Windows before March 15, 2022.

You can learn more about our software and image guidelines for GitHub-hosted runners in the virtual environment repository. Please contact support if you experience any issues due to this change.

GitHub secret scanning helps protect users by searching repositories for known types of secrets. By flagging leaked secrets, our scans can prevent data leaks and prevent the fraudulent use of accidentally committed secrets.

When enabled on private repositories, GitHub secret scanning raises alerts directly to users. The quality of this experience depends on the quality of the patterns we scan for, which we are constantly refining. In line with that, we are removing our pattern for Azure SQL connection strings from our default pattern set on private repositories.

Advanced Security customers can replicate our previous pattern for Azure SQL connection strings using custom patterns with the following regex:
(?i)[a-z][a-z0-9-]+\.database(?:\.secure)?\.(?:(?:windows|usgovcloudapi)\.net|chinacloudapi\.cn|cloudapi\.de)

We intend to introduce a more general pattern for database connection strings, with a lower false positive rate, in the near future.

Check out our docs for more information on the 100+ patterns that we scan for.

See more