GitHub Actions: Environments, environment protection rules and environment secrets (beta)

Today we are releasing an open beta for the new continuous delivery capabilities in GitHub Actions. In this open beta there is no need to sign up, all existing GitHub organizations and accounts can use the new capabilities in their public repositories and GitHub Enterprise Cloud organizations can use them in all repositories.

The addition of environment protection rules and environment secrets enable separation of concerns between deployment and development to meet compliance and security requirements. The required reviewers environment protection rule will automatically pause a job trying to deploy to the protected environment and notifies the reviewers. Once approved, the job runs and is given secured access to the environment’s secrets. Also, the environments page includes a deployment log and information on the latest code change deployed to each environment.

Protection rules and secrets

Environment history

Learn more about environments

For questions, visit the GitHub Actions community

To see what's next for Actions, visit our public roadmap

GitHub Enterprise Cloud administrators may now download and view current GitHub compliance reports from the Security settings tab of their enterprise account: https://github.com/enterprises/"your-enterprise"/settings/security.

Enterprise plan organization owners may also view the reports from the Organization security settings tab of their organization: https://github.com/organizations/"your-org"/settings/security.

The artifacts available are SOC 1 and SOC 2 Type 2 reports, and a Cloud Security Alliance CAIQ self-assessment.

See more