Changes in GitHub Actions push event payload

GitHub Actions are triggered by webhook events. The original payload of the event is stored in a file that actions can read at workflow/event.json (see the docs). We’ve made a slight change to the payload for push events in Actions. The following attributes have been removed from the commits section of push payloads for Actions:

  • added
  • removed
  • modified

These diffs can instead be requested using the API https://developer.github.com/v3/repos/commits/#get-a-single-commit.

GitHub has updated the default security alert email setting to be a single email which details the impact of a new vulnerability across all of your repositories. Previously, for a new vulnerability GitHub sent one email per repository. Users who have opted to receive a digest email of security vulnerabilities instead of individual emails are unaffected by this change.

Learn more about GitHub security alerts

See more