Skip to content

/ Blog

Try GitHub Copilot Contact sales

AI & ML
- AI & ML
  Learn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry.
  - Generative AI
    Learn about and how to build with generative AI.
  - GitHub Copilot
    Change how you work with GitHub Copilot.
  - LLMs
    Everything developers need to know about LLMs.
  - Machine learning
    Machine learning tips, tricks, and best practices.
- How AI code generation works
  Explore the capabilities and benefits of AI code generation and how it can improve your developer experience.
  Learn more
Developer skills
- Developer skills
  Resources for developers to grow in their skills and careers.
  - Application development
    Insights and best practices for building apps.
  - Career growth
    Tips & tricks to grow as a professional developer.
  - GitHub
    Improve how you use GitHub at work.
  - GitHub Education
    Learn how to move into your first professional role.
  - Programming languages & frameworks
    Stay current on what’s new (or new again).
- Get started with GitHub documentation
  Learn how to start building, shipping, and maintaining software with GitHub.
  Learn more
Engineering
- Engineering
  Get an inside look at how we’re building the home for all developers.
  - Architecture & optimization
    Discover how we deliver a performant and highly available experience across the GitHub platform.
  - Engineering principles
    Explore best practices for building software at scale with a majority remote team.
  - Infrastructure
    Get a glimpse at the technology underlying the world’s leading AI-powered developer platform.
  - Platform security
    Learn how we build security into everything we do across the developer lifecycle.
  - Scripting & automation
    How GitHub engineers use scripting and automation.
  - User experience
    Find out what goes into making GitHub the home for all developers.
- How we use GitHub to be more productive, collaborative, and secure
  Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.
  Learn more
Enterprise software
- Enterprise software
  Explore how to write, build, and deploy enterprise software at scale.
  - Automation
    Automating your way to faster and more secure ships.
  - CI/CD
    Guides on continuous integration and delivery.
  - Collaboration
    Tips, tools, and tricks to improve developer collaboration.
  - DevOps
    DevOps resources for enterprise engineering teams.
  - DevSecOps
    How to integrate security into the SDLC.
  - Governance & compliance
    Ensuring your builds stay clean.
  - Secure enterprise development
    Locking down the SDLC one step at time.
- How enterprise engineering teams can successfully adopt AI
  Learn how to bring AI to your engineering teams and maximize the value that you get from it.
  Learn more
News & insights
- News & insights
  Keep up with what’s new and notable from inside GitHub.
  - Company news
    An inside look at news and product updates from GitHub.
  - Product
    The latest on GitHub’s platform, products, and tools.
  - Octoverse
    Insights into the state of open source on GitHub.
  - Policy
    The latest policy and regulatory changes in software.
  - Research
    Data-driven insights around the developer ecosystem.
  - Surveys
    What developers and industry leaders say matters most.
  - The library
    Older news and updates from GitHub.
- Unlocking the power of unstructured data with RAG
  Learn how to use retrieval-augmented generation (RAG) to capture more insights.
  Learn more
Open source
- Open source
  Everything open source on GitHub.
  - Documentation
    Tips for creating and maintaining documentation.
  - Gaming
    Open source games on GitHub.
  - Git
    The latest Git updates.
  - Licenses
    Open source licenses, explained.
  - Maintainers
    Spotlighting open source maintainers.
  - Social impact
    How open source is driving positive change.
- An introduction to innersource
  Organizations worldwide are incorporating open source methodologies into the way they build and ship their own software.
  Learn more
Security
- Security
  Stay up to date on everything security.
  - Application security
    Application security, explained.
  - Supply chain security
    Demystifying supply chain security.
  - Vulnerability research
    Updates from the GitHub Security Lab.
  - Web application security
    Helpful tips on securing web applications.
- The enterprise guide to AI-powered DevSecOps
  Learn about core challenges in DevSecOps, and how you can start addressing them with AI and automation.
  Learn more

Categories

AI & ML
- AI & ML
  Learn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry.
  - Generative AI
    Learn about and how to build with generative AI.
  - GitHub Copilot
    Change how you work with GitHub Copilot.
  - LLMs
    Everything developers need to know about LLMs.
  - Machine learning
    Machine learning tips, tricks, and best practices.
- How AI code generation works
  Explore the capabilities and benefits of AI code generation and how it can improve your developer experience.
  Learn more
Developer skills
- Developer skills
  Resources for developers to grow in their skills and careers.
  - Application development
    Insights and best practices for building apps.
  - Career growth
    Tips & tricks to grow as a professional developer.
  - GitHub
    Improve how you use GitHub at work.
  - GitHub Education
    Learn how to move into your first professional role.
  - Programming languages & frameworks
    Stay current on what’s new (or new again).
- Get started with GitHub documentation
  Learn how to start building, shipping, and maintaining software with GitHub.
  Learn more
Engineering
- Engineering
  Get an inside look at how we’re building the home for all developers.
  - Architecture & optimization
    Discover how we deliver a performant and highly available experience across the GitHub platform.
  - Engineering principles
    Explore best practices for building software at scale with a majority remote team.
  - Infrastructure
    Get a glimpse at the technology underlying the world’s leading AI-powered developer platform.
  - Platform security
    Learn how we build security into everything we do across the developer lifecycle.
  - Scripting & automation
    How GitHub engineers use scripting and automation.
  - User experience
    Find out what goes into making GitHub the home for all developers.
- How we use GitHub to be more productive, collaborative, and secure
  Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.
  Learn more
Enterprise software
- Enterprise software
  Explore how to write, build, and deploy enterprise software at scale.
  - Automation
    Automating your way to faster and more secure ships.
  - CI/CD
    Guides on continuous integration and delivery.
  - Collaboration
    Tips, tools, and tricks to improve developer collaboration.
  - DevOps
    DevOps resources for enterprise engineering teams.
  - DevSecOps
    How to integrate security into the SDLC.
  - Governance & compliance
    Ensuring your builds stay clean.
  - Secure enterprise development
    Locking down the SDLC one step at time.
- How enterprise engineering teams can successfully adopt AI
  Learn how to bring AI to your engineering teams and maximize the value that you get from it.
  Learn more
News & insights
- News & insights
  Keep up with what’s new and notable from inside GitHub.
  - Company news
    An inside look at news and product updates from GitHub.
  - Product
    The latest on GitHub’s platform, products, and tools.
  - Octoverse
    Insights into the state of open source on GitHub.
  - Policy
    The latest policy and regulatory changes in software.
  - Research
    Data-driven insights around the developer ecosystem.
  - Surveys
    What developers and industry leaders say matters most.
  - The library
    Older news and updates from GitHub.
- Unlocking the power of unstructured data with RAG
  Learn how to use retrieval-augmented generation (RAG) to capture more insights.
  Learn more
Open source
- Open source
  Everything open source on GitHub.
  - Documentation
    Tips for creating and maintaining documentation.
  - Gaming
    Open source games on GitHub.
  - Git
    The latest Git updates.
  - Licenses
    Open source licenses, explained.
  - Maintainers
    Spotlighting open source maintainers.
  - Social impact
    How open source is driving positive change.
- An introduction to innersource
  Organizations worldwide are incorporating open source methodologies into the way they build and ship their own software.
  Learn more
Security
- Security
  Stay up to date on everything security.
  - Application security
    Application security, explained.
  - Supply chain security
    Demystifying supply chain security.
  - Vulnerability research
    Updates from the GitHub Security Lab.
  - Web application security
    Helpful tips on securing web applications.
- The enterprise guide to AI-powered DevSecOps
  Learn about core challenges in DevSecOps, and how you can start addressing them with AI and automation.
  Learn more

Contact sales Try GitHub Copilot

actions

Subscribe to all “actions” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

→ ~ cd github-changelog

→ ~/github-changelog|main git log main

showing all changes successfully

GitHub Actions: Cache size is now increased to 10GB per repository

November 23, 2021

You can now enjoy a higher per-repository cache size. The cache storage for each repository has doubled to 10GB. This enables Actions users on github.com to run workflows faster by caching even bigger dependencies and other commonly reused files from previous jobs. There is no limit on the number of caches you can store, but the total size of all caches in a repository is now be limited to 10 GB.

Learn more about Caching dependencies to speed up workflows. For questions, visit the GitHub Actions community. To see what’s next for Actions, visit our public roadmap.

See more See more

GitHub Actions: Windows Server 2022 with Visual Studio 2022 is now generally available on GitHub-hosted runners

November 16, 2021

actions

Windows Server 2022 with Visual Studio 2022 is now generally available on GitHub-hosted runners. To use it now, simply add runs-on: windows-2022 in your workflow file. Otherwise, our recommendation is to use windows-latest, which currently utilizes Windows 2019 but will begin running on Windows 2022 in the near future. This will ensure your workflows are always using a recent OS and removes the need to constantly update workflow files with image versions.

jobs:
  build:
    runs-on: windows-2022
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-dotnet@v1
      - name: Build
        run: dotnet build
      - name: Run tests
        run: dotnet test

The Windows Server 2022 runner image has different tools and tool versions than Windows Server 2019.

Read more on available runner images and beta images terms of use in our documentation.

See more See more

GitHub Actions: Input types for manual workflows

November 10, 2021

actions

You can now specify input types for manually triggered workflows allowing you to provide a better experience to users of your workflow. In addition to the default string type, we now support choice, boolean, and environment.

name: Mixed inputs

on:
  workflow_dispatch:
    inputs:
      name:
        type: choice
        description: Who to greet
        options: 
        - monalisa
        - cschleiden
      message:
        required: true
      use-emoji:
        type: boolean
        description: Include 🎉🤣 emojis
      environment:
        type: environment

jobs:
  greet:
    runs-on: ubuntu-latest

    steps:
    - name: Send greeting
      run: echo "${{ github.event.inputs.message }} ${{ fromJSON('["", "🥳"]')[github.event.inputs.use-emoji == 'true'] }} ${{ github.event.inputs.name }}"

Learn more about workflow inputs.
For questions, visit the GitHub Actions community.
To see what's next for Actions, visit our public roadmap.

See more See more

GitHub Actions: Conditional execution of steps in actions

November 9, 2021

actions

Actions written in YAML, also known as composite actions, now support if conditionals. This lets you prevent specific steps from executing unless a condition has been met. Like steps defined in workflows, you can use any supported context and expression to create a conditional.

Learn more about actions written in YAML.

For questions, visit the GitHub Actions community

See more See more

Actions support for branch protection changes

November 1, 2021

You can now use GitHub Actions to run workflows when branch protection rules change on a repository. For more info, see our docs.

See more See more

GitHub Actions: Secure cloud deployments with OpenID Connect

October 27, 2021

GitHub Actions now supports OpenID Connect (OIDC) for secure deployments to cloud, which uses short-lived tokens that are automatically rotated for each deployment.
This enables:

Seamless authentication between Cloud Providers and GitHub without the need for storing any long-lived cloud secrets in GitHub
Cloud Admins can rely on the security mechanisms of their cloud provider to ensure that GitHub Actions workflows get the minimal access for cloud resources. There is no duplication of secret management in GitHub and the cloud.

How this works:

Developers set up OIDC trust on their cloud roles to manage access between their deployment workflows and cloud resources.
In each deployment, GitHub Actions workflow presents an autogenerated OIDC JWT token to the cloud provider
Cloud provider validates the claims in the OIDC token against the cloud role definition and provides a cloud access token to connect and deploy to the Cloud only during the workflow run.

Learn more about Security hardening your GitHub Workflows using OpenID Connect.

See more See more

GitHub Actions : The Windows 2016 runner image will be removed from GitHub-hosted runners on March 15, 2022

October 19, 2021

actions

As part of our ongoing efforts to keep GitHub-hosted runners updated and secure, the Windows 2016 virtual environment will be removed from GitHub Actions on March 15, 2022. We recommend you change jobs using runs-on: windows-2016 to use runs-on: windows-latest which will ensure you're always running on the latest version of Windows Server.

If you need to pin your job to a specific version of Windows Server, you can see the full list of supported versions and instructions here: supported-runners-and-hardware-resources

To raise awareness of the upcoming removal, we will temporarily fail jobs using Windows 2016 for two short 'brownout' periods. Builds that are scheduled to run during the brownout periods will fail. The brownouts are scheduled for the following dates and times:

December 1, 2021 4:00pm UTC – 10:00pm UTC
February 7, 2022 4:00pm UTC – 10:00pm UTC

Once deprecated, the Windows 2016 image is now excluded from the service level agreement and warranty therefore it is recommended that you move to a supported version of Windows before March 15, 2022.

You can learn more about our software and image guidelines for GitHub-hosted runners in the virtual environment repository. Please contact support if you experience any issues due to this change.

See more See more

GitHub Actions: Granular personal access token scopes for self-hosted runners in enterprises

October 11, 2021

Managing self-hosted runners within an enterprise no longer requires personal access tokens with the admin:enterprise scope. Tighten down the permissions on your token by using the manage_runners:enterprise scope instead. A token with this scope can be used to authenticate to use many endpoints to manage your enterprise's self-hosted runners.

Learn more about self-hosted runners for your Actions workflows.

See more See more

GitHub Actions: Workflows triggered by Dependabot PRs will respect permissions key in workflows

October 6, 2021

In March we made a change in GitHub Actions that forced workflows triggered by Dependabot to run with a read-only token. This change was made to protect your repositories from potentially malicious dependencies in the same way we prevent pull requests from forks from having privileged access to your repository. We received a lot of feedback from you on how this impacted your workflows and while it was great to be in a safe configuration by default, you wanted to have the option to continue working as you had prior to this change.

In April we introduced the permissions key in the Actions workflow config which enables you to control which permissions are given to a particular workflow or job.

Starting October 11, 2021 workflow runs on push and pull_request events triggered by Dependabot will begin to respect the permissions specified in your workflows putting you back in control of how you manage automatic dependency updates. The default token permissions will remain read-only.

In addition to the permissions change we are working to enable workflows triggered by Dependabot to use Dependabot secrets. This change will enable you to use those secrets to pull dependencies from private repositories.

Learn more about the permissions key in Actions workflows

For questions, visit the GitHub Actions community

To see what's next for Actions, visit our public roadmap

See more See more

GitHub Actions: DRY your GitHub Actions configuration by reusing workflows

October 5, 2021

actions

Now available in public beta, you can reuse entire workflows as if they were an action. Instead of copying and pasting workflow definitions across repositories, you can now reference an existing workflow with a single line of configuration.

Reusing workflows are great for reducing configuration. Here’s a few examples:

Create a workflow for building your homegrown framework so your users can quickly setup CI
Create a workflow to deploy to production, and reference it from each repository of your microservice application
Create a workflow to roll up end-of-sprint metrics, and encourage every team to add it to their repository

Learn more about reusing workflows.
For questions, visit the GitHub Actions community.
To see what's next for Actions, visit our public roadmap.

See more See more

GitHub Actions: Jobs running on `macos-latest` are now running on macOS Big Sur (11).

September 29, 2021

actions

macOS Big Sur (11) became generally available on GitHub-hosted runners in August 2021. Over the next 8 weeks, jobs using the macos-latest runner label will migrate from Catalina (10.15) to Big Sur (11). During migration, you can determine if your job has migrated by viewing the Virtual Environment information in the Set up job step of your logs.

Start using GitHub Actions to build and publish apps for the Apple ecosystem by updating your jobs to include runs-on: macos-latest

jobs:
  build:
    runs-on: macos-latest
     steps:
      - uses: actions/checkout@v2
      - name: Build
        run: swift build
      - name: Run tests
        run: swift test

The macOS 11 Big Sur runner image has different tools and tool versions than macOS 10.15 Catalina. See the full list of changed software.

If you spot any issues with your workflows when using Big Sur, please let us know by creating an issue in the virtual-environments repository.

See more See more

Sunset Notice Affecting Actions: API Authentication via Query Parameters

September 28, 2021

GitHub will stop supporting API Authentication via Query Parameters with Actions on October 6th 2021 at 14:00 UTC. If you are passing credentials via query or path parameters, GitHub will respond with client errors. Please refer to this blog post for details on authenticating API requests to GitHub using the Authorization header.

Removal

October 6 2021 at 14:00 UTC

See more See more

GitHub Actions: Ephemeral self-hosted runners & new webhooks for auto-scaling

September 20, 2021

actions

GitHub Actions now supports ephemeral (i.e. single job) self-hosted runners and a new workflow_job webhook to make autoscaling your runners easier. After a job is run, ephemeral runners are automatically unregistered from the service, allowing you to do any required post-job management.

Ephemeral runners are a good choice for self-managed environments where you need each job to run on a clean image. A runner is configured as ephemeral by adding the optional --ephemeral parameter during configuration. Learn more about registering ephemeral runners.

Example ephemeral runner registration:

$ ./config.sh --url https://github.com/octo-org --token example-token --ephemeral

Combine ephemeral runners with the new workflow_job webhook to automatically scale your self-hosted runners in response to your Actions job requests, including the runner labels from the runs-on: key from your workflow. Learn more about the workflow_job webhook and how to use it to autoscale your self-hosted runners.

Get started with automating the configuration of your self-hosted runners by following this automation guide in the runner repo.

See more See more

GitHub Actions: Experience refresh for the management of self-hosted runners

September 20, 2021

actions

GitHub Actions now has an updated management experience for your self-hosted runners that makes it easier to manage runner groups and see the status of your runners. New Runners and Runner groups pages give you flexibility to get a summary view of your runners, or deep dive into a specific runner to edit it or see what job it may be currently running. You'll find both of these experiences in the Actions settings page of your repository or organization.

Runner List

Similarly, a new Runner groups page gives you a cleaner view of all the runner groups you've created, and how many runners are included in each one.

Runner Groups List

Learn more about self-hosting your runners for GitHub Actions.
Learn more about managing access to your runners with runner groups.

See more See more

GitHub Actions: Setup-node supports dependency caching for projects with monorepo and pnpm package manager

September 7, 2021

actions

You can now use setup-node action to cache dependencies for projects with monorepo and pnpm package manager. Use the optional cache-dependency-path field to specify the path to dependency file(s).

steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
  with:
    node-version: 14
    cache: npm
    cache-dependency-path: 'sub-project/package-lock.json'

For questions, visit the setup-node repository and GitHub Actions community.

See more See more

View more changes