GitHub Actions simplifies using secrets with reusable workflows with the secrets: inherit keyword.
Previously when passing secrets to a reusable workflow, you had to pass each secret as a separate argument. Now you can simply pass the secrets: inherit to the reusable workflow and the secrets will be inherited from the calling workflow.
Now organization admins can pin a repository to their public or member-facing organization profiles directly from the repository page with the new pin repository dropdown. Public repositories will be pinned to public org profiles, where as public, private and internal repositories can be pinned to the member-facing organization profile. Learn more about organization profile updates here.
Organizations with GitHub Advanced Security can now prevent secrets leaked in code committed via the command line and the GitHub web editor with secret scanning’s push protection feature.
For repositories with push protection enabled, GitHub will block any pushes where a high-confidence token is detected in a commit made via the web editor. Developers can bypass the block by providing details of why the secret needs to be committed via the UI.
Push protection scans for tokens that can be detected with a very low false positive rate. If you run a service that issues tokens we’d love to work with you to make them highly identifiable and include them in push protection. We changed the format of GitHub’s own personal access tokens last year with this in mind.
For more information: