actions

Subscribe to all “actions” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

For securely enabling OpenID Connect (OIDC) in your reusable workflows, we are now making the permissions more restrictive.

If you need to fetch an OIDC token generated within a reusable (called) workflow that is outside your enterprise/organization, then the permissions setting for id-token should now be explicitly set to write at the caller workflow level or in the specific job that calls the reusable workflow.

permissions:
id-token: write # This is required for requesting the JWT

This change would ensure that the OIDC token generated in the called workflow is allowed to be consumed in the caller workflows only when intended.

Learn more about permission settings to enable OIDC in your workflows

See more

We've shipped a small fix to improve security around creation of pull requests in public repos.

Prior to this fix and under very specific conditions, a user could create a pull request in a public repo even though they did not have push access to either the base or head branch and were not a member of the repo's organization. Often these pull requests were created by mistake and quickly closed, but could still trigger unexpected GitHub Actions or other CI jobs.

This fix has no impact on the common open source workflow where a user forks a public repo, makes a change in their fork, and then proposes their change using a pull request. This fix also has no impact on pull requests already created.

We want to hear from you! Let us know if you have questions or feedback.

See more

Node12 has been out of support since April 2022. As a result we have started the deprecation process of Node12 for GitHub Actions. We plan to migrate all actions to run on Node16 by Summer 2023.
Following on from our warning in workflows using Node12 we will start enforcing the use of Node16 rather than Node12 on the 14th of June.

To opt out of this and continue using Node12 while it is still available in the runner, you can choose to set ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true
as an 'env' in their workflow or as an environment variable on your runner machine. This will only work until we upgrade the runner removing Node12 later in the summer.

What you need to do

For Actions maintainers: Update your actions to run on Node16 instead of Node12 (Actions configuration settings)
For Actions users: Update your workflows with latest versions of the actions which runs on Node16 (Using versions for Actions)

See more

Enterprise administrators can now disable repository level self-hosted runners across organizations and enterprise user namespaces.

Once this new setting has been enabled users will no longer be able to register new self-hosted runners in a repository and existing runners will not be able to receive new jobs.

Learn more about Disabling or limiting GitHub Actions for your organization

See more

You can now create single-use self-hosted runners without time-limited registration tokens using the REST API.

When a runner registers using this API it will only be allowed to run a single job before being automatically removed from the repository, organization, or enterprise. This enables you to improve the security of your self-hosted runner infrastructure by limiting the exposure of long lived credentials.

Learn more about just-in-time runners

See more

Bamboo Server and Data Center migrations to GitHub Actions are now in public beta! You can now plan, test, and automate the migration of your Bamboo pipelines to GitHub Actions easily and for free using GitHub Actions Importer.

For details on how to get started, check out our documentation. For questions and feedback about the public beta, please visit the GitHub Actions Importer community.

See more

Edit workflow files on GitHub Mobile

Editing workflow files is now possible on GitHub Mobile! You can create and merge pull requests after modifying your workflow files using the Android or iOS app.

Simply navigate to the file you would like to edit by tapping Browse code in the repository view, then select Edit File in the dropdown menu in the top right hand corner.

More info on how to edit a file or create a pull request on GitHub Mobile can be found here.


Read more about GitHub Mobile and share your feedback to help us improve.

See more

Actions on GitHub Mobile

Actions are coming to your Repositories on GitHub Mobile! Find all your repository's workflows in one convenient place.

Tapping on the new "Actions" row on a Repository now shows you a list of all of the Repository's workflows. Choosing a workflow will show you all of its runs, allowing you to check up on things while on the go. If you want to dig into the details, tapping on a run will lead you into the familiar workflow experience we brought you last year to explore everything from a run's overall status to its individual jobs and even logs.

A run didn't go as planned? No problem. Toggle the new debug-switch when re-running a workflow to see what's going on under the hood, just like you would on GitHub.com.


Read more about GitHub Mobile and share your feedback to help us improve.

See more

Node 12 has been out of support since April 2022, as a result we have started the deprecation process of Node 12 for GitHub Actions. We plan to migrate all actions to run on Node16 by Summer 2023.
Following on from our warning in workflows using Node 12, we will start enforcing the use of Node16 rather than Node12 on the 14th of June.

What you need to do
For Actions maintainers: Update your actions to run on Node 16 instead of Node 12 (Actions configuration settings)
For Actions users: Update your workflows with latest versions of the actions which runs on Node 16 (Using versions for Actions)

See more

XL macOS runners can now be used by any developer, without the need to sign-up! You can try the new runners today by setting the runs-on: key to macos-latest-xl, macos-12-xl, or macos-13-xl in your workflow file. The runners are available today to all customers!

More information about using the runner can be found here.
To learn more about runner per job minute pricing, check out the docs.

See more

The macOS 13 (Ventura) beta runner image is now available for GitHub-hosted macOS runners. You can try it today by setting the runs-on: key to macos-13 or macos-13-xl in your workflow file. The full list of software available for macOS 13 can be found here. If you see any issues with your workflows when using macOS 13, please create an issue in the runner-images repository.

More information about the runner can be found in our docs. To learn more about pricing, click here.

See more

GitHub today announced public beta support for custom deployment protection rules for safely rolling out deployments using GitHub Actions.

Custom deployment protection rules are powered by GitHub Apps and can be enabled on any GitHub org/repo/environment to allow external systems to approve or reject deployments.
Each rule evaluates specific conditions in those external systems to assess the readiness of the environments for automated deployments, making them less risky and more robust.

Starting with this public beta, GitHub Enterprise Cloud (GHEC) users can create their own protection rules to control deployment workflows and, if desired, share them by publishing their apps to the GitHub Marketplace.
You could also install official apps for deployment protection rules from various external partners to define security, compliance and governance related conditions in their services that can be used to control deployments with Actions workflows.

Two custom deployment protection rules enabled on a production environment

Learn more about creating and configuring custom deployment protection rules to set up rigorous, streamlined guardrails for your deployments that ensure only the deployments that have passed all quality, security, and manual approval requirements make it to production.

For questions, visit the GitHub Actions community.
To see what's next for Actions, visit our public roadmap.

See more

Caching dependencies and other commonly reused files enables developers to speed up their GitHub Actions workflows and make them more efficient.
We have now enabled Cache Management from the web interface to enable developers to get more transparency and control over their cache usage within their GitHub repositories.

Actions users who use actions/cache can now:

  • View a list of all cache entries for a repository.
  • Filter and sort the list of caches using specific metadata such as cache size, creation time, or last accessed time.
  • Delete a corrupt or a stale cache entry
  • Monitor aggregate cache usage for repositories and organizations.

In addition to the Cache Management UX that we have now enabled, you could also use our Cache APIs or install the GitHub CLI extension for Actions cache to manage your caches from your terminal.

Learn more about dependency caching to speed up your Actions workflows.
For questions or to share your feedback, visit the GitHub Actions community.

See more