Skip to content

GitHub Actions: Improvements to GitHub Actions starter experience

Getting started with GitHub Actions just got easier! Now, when you want to create an Actions workflow in the Actions tab of your repository, the workflow recommendations will be based on repository analysis that detects elements, such as programming language, build tools, frameworks, and package managers.

For example, if a repository contains a Node.js application that has been containerized, then the repository analysis will prioritize showing you container and Node related workflows.

We have also extended recommendations to the deployment category.
and added search and filters to help you find the right workflow that matches your unique requirements.

Learn more about this GitHub Actions improvement.

GitHub Pages: using GitHub Actions for builds and deployments for public repositories

Today you will begin to see a new workflow running called pages build and deployment in your public GitHub Pages repositories. This workflow is automatically triggered when you push to the branch configured for GitHub Pages in your repository. As the name suggests, it builds and deploys your pages site. The initial benefit of this change is enabling you to see your build logs and any errors that may occur which has been a long standing issue for Pages users. However, in the future this will enable us to give you the ability to fully customize your pages build and deployment workflow to use any static site generator you want without having to push the build output to a special branch of the repository.

You may notice this workflow uses some new actions actions/pages-deploy, and actions/jekyll-build-pages. For now these actions are designed to be used in the generated workflow, however, starting early next year we will introduce some additional changes that will enable you to take advantage of them.

Learn more about GitHub Pages

See more

Advisory Database now includes an Unreviewed Advisories section

Up until today, the GitHub Advisory Database has only published advisories that have been curated and approved by our Security Lab team.

This approach meant users sometimes couldn't find advisories in our database when searching, so the Advisory Database now has a separate section of listings for unreviewed advisories. These will be auto-published from the National Vulnerability Database feed.

Screenshot of unreviewed advisories

If you search for a term like "WordPress plugin," you can now see listings that are both GitHub reviewed and unreviewed. If you'd like to filter for only reviewed advisories, add type:reviewed to your query. Alternatively, you can also enter your query and then click the "All reviewed" button on the left-hand sidebar.

Screenshot of filtering for reviewed advisories

Dependabot alerts will continue to only be generated for GitHub Reviewed advisories in order to preserve their curated level of quality.

See more
View all changes