GitHub Actions – Required workflows improvements

Today, we are adding a couple of new improvements to required workflows in GitHub Actions.

  • Blocking direct push: Direct pushes are now blocked on branches of the repositories where required workflows are enforced. To push to a branch where required workflows are enforced at the organizational level, create a pull request to make the necessary changes. If you want to allow direct pushes for a particular repository, you must remove the repository as a target from respective required workflows.
    Block direct push PR
    Block direct push CI
  • Ability to configure required workflows from refs: Required workflows can now be referenced using any branch, tag, or commit SHA from the repository containing the workflow file, during its configuration. This helps you to freeze your required workflow file to a fully validated golden version and gives you the flexibility to move to latest version after testing it thoroughly. The branch, tag, or commit can be specified in the workflow path text field similar to how it is specified for actions within a workflow yaml.
    Required workflows ref

Link to Documentation

Note: Required workflows is currently in beta.

Today's Changelog brings you auto-add and auto-archive workflows for all users to make managing your project a breeze, and tasklists improvements!

🤖 Automatically add and archive project items

We previously announced the public beta of the auto-archive workflow and the auto-add workflow for Enterprise users, and today we are excited to share these are now available to everyone!

From the Workflows page in your project, configure the filter criteria for when you want to automatically archive items from your project via Auto-archive items, as well as automatically adding items from a repository to your project via Auto-add to project.

Note Multi-repository auto-add workflows are only available to Team and Enterprise users

✅ Tasklist improvements

As part of our ongoing Private Beta for Tasklists, we continue to ship weekly improvements! We're letting in new organizations regularly, sign yours up here.

🟣 See completion pills for issues

Issues in your tasklist now have completion pills which indicate whether or not they have children, making it easier to understand how close your tasklist is to completion.

✏️ Edit issue metadata directly from the tasklist

Quickly make edits to assignees, labels and projects straight from a tasklist.

🐞 Tasklist bug fixes and improvements

  • Fixed a bug where labels and assignee meta-data took a very long time to be reflected on tasklists
  • Better support for issue deletion and transfer of issues within tasklists
  • Fixed a visual bug with tasklist drag-and-drop
  • Fixed a bug where long task titles broke tasklists
  • Fixed a bug where empty tasks broke tasklists

Bug fixes and improvements

  • Fixed misaligned field pills on board items
  • Fixed misaligned board columns when grouped by an iteration field
  • Fixed a bug where closed projects were included in the project count

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

See more

Today we have released multi-repository variant analysis for CodeQL in public beta to help the OSS security community power up their research with CodeQL.

CodeQL is the static code analysis engine that powers GitHub code scanning. Out of the box, CodeQL is able to find many different types of security vulnerability and flag them up in pull requests.

But one of CodeQL’s superpowers is its versatility and customizability: you can use it to find virtually any pattern in source code. As such, it’s a great tool for finding new types of vulnerabilities – once you’ve identified an interesting pattern, model it as a CodeQL query, and then run it against your repository to find all occurrences of that pattern! But most vulnerabilities are relevant to many codebases. Wouldn’t it be amazing if you could easily run your query against many repos at the same time? Well, now you can with multi-repository variant analysis — which we’ve just shipped in public beta!

Screenshot 2023-02-22 at 16 39 39

This new feature will allow security researchers to run CodeQL analyses against large numbers of repos, straight from the CodeQL extension for VS Code, making it possible to identify new types of security vulnerabilities in the most popular open-source codebases.

Checkout the CodeQL for VS Code documentation to get learn how to get started with multi-repository variant analysis. We'd also love to hear your feedback on this GitHub community discussion.

See more