GitHub has updated the default security alert email setting to be a single email which details the impact of a new vulnerability across all of your repositories. Previously, for a new vulnerability GitHub sent one email per repository. Users who have opted to receive a digest email of security vulnerabilities instead of individual emails are unaffected by this change.
Changes in GitHub Actions push event payload
GitHub Actions are triggered by webhook events. The original payload of the event is stored in a file that actions can read at workflow/event.json (see the docs). We’ve made a slight change to the payload for push events in Actions. The following attributes have been removed from the commits section of push payloads for Actions:
added
removed
modified
These diffs can instead be requested using the API https://developer.github.com/v3/repos/commits/#get-a-single-commit.
To publish an action to the GitHub Marketplace, you are now required to have a properly formed actions metadata file placed at action.yml
in the root of your action’s repository. This applies to both container-based actions and JavaScript-based actions.
If you have any questions or thoughts about these changes, we recommend sharing in our GitHub Community Forum’s Actions Board!