Skip to content

Webhook enhancements for environment protection rules

A GitHub Actions workflow run is made up of one or more jobs and each job is associated with a check run. The workflow_job webhook is sent during state transitions of a workflow job. The job state is included in the webhook payload as the action property, which currently takes the values of queued, in_progress, or completed.

With this change, the workflow_job webhook will now support a new waiting state whenever a job is waiting on an environment protection rule, aligning with the waiting state of the corresponding check run. This enables better insight into the progress of a job when using environment protection rules.

In addition, when a job refers to an environment key in its YAML definition, the resulting workflow_job webhook payload will also include a new property, deployment with the metadata about the deployment created by the check run.

Learn more about using environments for deployment Jobs in a Workflow

For questions, visit the GitHub Actions community.

To see what's next for Actions, visit our public roadmap.

Updates to the two-factor authentication setup flow

As we prepare for next year's 2FA requirement for active contributors on GitHub, we're making improvements to our two-factor setup UI to encourage best practices and ensure new 2FA users have their authentication factors set up correctly from the start.

We now take an opinionated stance on which second factor you should set up first – you'll no longer be asked to choose between SMS or setting up an authenticator app (known as TOTP), and instead see the TOTP setup screen immediately when first setting up 2FA.

If you wish to use SMS when setting up 2FA, you can switch your authentication method via the new option at the bottom. In the future, you'll also find security keys there as an option for initial setup on supported devices and browsers.

For more information, see "Configuring two-factor authentication".

See more

OIDC for Azure AD Enterprise Managed Users is now GA

OpenID Connect (OIDC) for authenticating enterprise managed users is now generally available for enterprises using Azure AD.

OIDC allows GitHub to use your identity provider's IP allow list policies to control where PAT and SSH keys can be used to access GitHub from, with granular control down to individuals. Enterprise customers using OIDC can now select whether to use their identity provider's IP allow list policies, or GitHub's built-in allow list feature.

image

image

To learn more about OIDC and enterprise managed users, see "Enterprise Managed Users" and "Migrating from SAML to OIDC for Enterprise Managed Users". To learn more about Azure AD's IP allow list functionality, see "Location based Conditional access"

See more
View all changes