What was big in September?
September has marked plenty of new exciting announcements, and there’s something in store for everyone! You have GHES 3.2 for enterprises, the GitHub Issues beta, plus some big news for students: the GitHub Global Campus student portal is the new way for verified students to connect with their community, find access to industry tools, learn about events, and see assigned coursework all in one place. The education team’s blog post has the details.
Literally everything we shipped
All code on GitHub with tab indent will now render using your preferred tab size! Set your preference in the “Appearance” settings of your user account.
The Actions team was busy in September. 😅
- You can now filter workflow runs by date of creation using the
createdfilter. For example:
created:<2021-08-31. It’s also available in the API.
- Using Slack or Microsoft Teams? The GitHub app now provides end-to-end deployment tracking for your Actions environments. You’ll be notified when a review is pending, when an approval is complete, and you can view real-time deployment status. See the GitHub app guidance for Microsoft Teams or Slack.
- You can now use the
setup-nodeaction to cache dependencies for projects with monorepo and pnpm package manager. Use the optional
cache-dependency-pathfield to specify the path to dependency file(s). Check out the repository for more information, or ask questions in the GitHub Actions community.
- GitHub Actions now supports ephemeral (single job) self-hosted runners and a new
workflow_jobwebhook to make autoscaling your runners easier. Ephemeral runners are a good choice for self-managed environments where you need each job to run on a clean image.
- It’s now easier to manage runner groups and see runner status.
Runner groupspages offer a summary view or let you hone in on a specific runner to edit it or see what job it’s running. Access these pages from the Actions settings page of your repository or organization.
- GitHub Pages now supports IPv6 for all pages hosted on *.github.io and custom domains. Here’s the documentation for enabling IPv6 with custom domains.
- macOS Big Sur (11) became generally available on GitHub-hosted runners in August 2021. Jobs using the
macos-latestrunner label have begun to migrate from Catalina (10.15) to Big Sur (11). Determine if your job has migrated by viewing the
Virtual Environmentinformation in the
Set up jobstep of your logs.
- GitHub no longer supports API Authentication via Query Parameters with Actions. See the blog post for details on authenticating API requests to GitHub using the
GitHub Classroom’s Git and GitHub starter course is out of beta. If you’re already using it, your experience won’t change, but we’ve stabilized the content and removed beta tags. Leave feedback at the Education Community Forum, or get started with our documentation.
For teachers: you can now download a CSV file that contains your students’ GitHub aliases, roster identifiers, and individual grades. See the Changelog entry for instructions.
It’s now easier to recognize and filter emails that are discussion notifications. Look for
(Discussion #xx) in the email title.
The Services Continuity and Incident Management Plan for GitHub Enterprise Cloud is now available as a self-service resource:
- Enterprise owners: download and view GitHub compliance reports from the “Compliance” tab of your enterprise account:
- Enterprise plan organization owners: view the reports from the “Organization security” settings tab of your organization:
Audit log streaming is in public beta for GitHub Enterprise Cloud users. You can set up a stream of audit log and Git events to Splunk or an Azure Event Hub. Audit log streaming ensures that no audit log event will be lost. You can satisfy longer term data retention goals by storing streamed events within your own data collection systems. Learn how to set up your stream.
Enterprise managed users (EMU) is now generally available for GitHub Enterprise Cloud. It gives you administrative tools to manage users and code in the cloud, including centralized user and group management, as well as the ability to create and manage GitHub user accounts for work.
If you’re an enterprise owner in GitHub Enterprise Cloud, you can now invite GitHub organizations to join your enterprise account. You can also remove existing enterprise-owned organizations. New invitations will require organization owner approval and a final confirmation from an enterprise owner. Learn more about self-service organization transfers.
Enterprise owners can now also toggle Git large file storage (LFS) for a repository via API. Learn more about the API reference in our documentation.
- You can now bulk select multiple items (in both table and board layouts). You can also bulk delete them.
- Pick and choose which fields display in your board layout. Maybe you’re a minimalist and just want due dates. Maybe you also want labels, assignees, priorities, and milestones.
- Use automated workflows for repetitious project management tasks. There’s a new workflow screen where you can customize
methodsto fit your flow.
- Finished a task? You can now archive it. This lets you keep context but remove visual clutter.
Learn more on the GitHub Issues page.
Add footnote syntax to any Markdown field! Footnotes display as clickable superscript links that jump to the referenced information. Use them to add background info without disrupting flow.
Here is a simple footnote[^1]. With some additional text after it.
[^1]: My reference.
Now you can also add images and videos to Markdown files in gists. Paste them into the Markdown body, or select from the dialog at the bottom of the Markdown file. For a list of supported file types, see the documentation.
npm access tokens have a new format! As part of GitHub’s effort to create a more secure supply chain, they now follow the established format of GitHub authentication tokens. Previously, npm access tokens were created as a UUID pattern of 36 characters, which has limitations, such as inaccurate detection of compromised npm tokens in packages and GitHub repositories. Learn more about npm’s new token format in the blog post.
The npm registry upgraded its public CouchDB instance on September 15, 2021. As part of this upgrade, we promoted a new CouchDB replica to become our new public CouchDB instance, https://replicate.npmjs.com. This upgrade resets the CouchDB sequence number. If you aren’t familiar with CouchDB replication, you will not be impacted by this change. In particular, users running npm install or running other commands using the npm CLI will not be affected by this change. See the Changelog entry for details.
At the bottom of each GitHub release, there’s now an avatar list showing the avatars of all GitHub accounts mentioned in the release notes. Learn more about creating releases.
The new GraphQL mutation
createCommitOnBranch makes it easier to add, update, and delete files in a branch of a repository. This API offers a simpler way to commit changes compared to the existing Git database REST APIs. You don’t need to manually create blobs and trees before creating the commit. This allows you to add, update, or delete multiple files in a single API call. Commits authored using the new API are automatically GPG signed and are marked as verified in the GitHub UI. GitHub Apps can use the mutation to author commits directly or on behalf of users.
You might already use code review assignment to distribute pull request reviews evenly across your team. Now there are ways to customize review assignment, including the ability to limit assignments to direct team members rather than members of child teams. You can also filter pull request searches to only include pull requests you’ve been directly requested to review. See the Changelog entry for more details.
A few more repository management updates:
- Organization owners and individual users can view their large file storage (LFS) usage by repository. See the documentation for instructions.
- Organization and repository admins can now trigger webhooks to listen for changes to branch protection rules on their repositories.
- Filtered files on the pull request “Files changed” tab are now completely hidden from view (not just collapsed) to decrease visual clutter. Learn more about file filtering.
- Copy the full, raw contents of a file in your repository to the clipboard with one click by navigating to the file and clicking Copy raw contents on the toolbar. Previously, you had to open the raw file, select all, and then copy.
The GitHub Advisory Database now includes curated Rust security advisories, which expands Advisory Database coverage to eight programming language ecosystems: Composer (PHP), Go, Maven, npm, NuGet, pip, RubyGems, and Rust. So far, we’ve published 317 Rust Security Advisories, and this number will grow as we collect more data from the community. Learn more in the blog post.
In other news, we’re deprecating Recover Accounts Elsewhere, a security setting that allows users to store recovery tokens with a third-party partner as a 2FA recovery method. Effective immediately, we no longer allow new recovery tokens to be stored using Recover Accounts Elsewhere. On December 1, 2021, account recovery tokens stored using Recover Accounts Elsewhere will no longer be accepted as a recovery option. Learn more from the Changelog entry, or read about other account recovery mechanisms.
September saw a few GitHub Secret Scanning updates:
- GitHub Advanced Security users can now edit custom patterns at the repository, organization, and enterprise levels. After you edit and save a pattern, secret scanning searches for matches across the repository’s Git history and in any new commits. Editing a pattern will close alerts previously associated with the pattern if they no longer match the updated version.
- Organization owners can now view secret scanning alerts across their entire organization in the organization security tab.
A few updates for GitHub Code Scanning too:
- In response to customer feedback, we’ve transferred all CodeQL runner functionality natively into the CodeQL CLI. If you’re running CodeQL code scanning on a 3rd party CI/CD system, this means fewer components to install, use, and update. We’re deprecating the CodeQL runner.
- Unable to run analyses using the default
on:pull_requestGitHub Actions trigger? We’ve made changes so code scanning is easier for users of other CI/CD platforms, as well as users who can only use the
on:pushtriggers in Actions. In both cases, code scanning alerts can now be configured to show up on pull requests. The Changelog entry has the details.
- We added support for Java 16 standard language features to CodeQL. Code using those features can now benefit from CodeQL’s security analysis as part of code scanning.
Light and dark colorblind-accessible themes are now in public beta. These themes swap colors, such as red and green for orange and blue. Navigate to the “Appearance” page in your profile settings to update your theme preferences.
For Visual Studio Code users, a
GitHub Dark High Contrast theme that matches the official GitHub.com theme is now available. To use it, go to the Visual Studio Marketplace, click Install, and select your theme in Visual Studio Code.