Now, you can standardize and enforce CI/CD best practices across all repositories in your organization to reduce duplication and secure your DevOps processes.
Update: As of June 12, 2023, required workflows in GitHub Actions are now in limited beta enrollment and not available for new signups. See more information here.
Today, we are introducing two new features for GitHub Actions to help standardize policies and reduce duplication, required workflows and configuration variables. Read on for what this means for your DevOps processes.
Required workflows in GitHub Actions are now available in public beta.
Required workflows allows DevOps teams to define and enforce standard CI/CD practices across many source code repositories within an organization without needing to configure each repository individually, which becomes an impossible task in large organizations. In addition to reducing duplication of CI/CD configuration code, required workflows can also help organizations with the following use cases:
Organization admins can configure required workflows to run on all or selected repositories within the organization.
Required workflows will be triggered as required status checks for all the pull requests opened on the default branch, which blocks the ability to merge the pull request until the required workflow succeeds. Individual development teams at the repository level will be able to see what required workflows have been applied to their repository.
Until today, you needed to store all the configuration data as encrypted secrets in order to reuse values in workflows. While extremely secure, this method did not allow for easy storage and retrieval of non-sensitive configuration data such as compiler flags, usernames, server names, etc. While we were developing required workflows, we heard feedback from customers about the need for parameterization to allow local repositories to override certain values in the required workflows.
To help you with standardizing your required workflows, today, we are also adding support for configuration variables.
Configuration variables allow you to store your non sensitive data as plain text variables that can be reused across your workflows in your repository or organization. You can define variables at Organization, Repository, or Environment level based on your requirement.
You no longer have to spend hours configuring hundreds of repositories to protect your critical software assets. Required workflows along with reusable workflows, configuration variables, and secrets will help you apply a consistent set of standards across many repositories with just a couple of clicks. Do, try it out and share your feedback.
We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts.
This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, and Codespaces.
In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device.
Ashok Kirla 
