Codespaces Settings Sync Updates

Codespaces now supports two-way Settings Sync with VS Code for the Web

Visual Studio Code enables users to Sync Settings between VS Code environments. Codespaces exposes this capability as a way to personalize your experience. Prior to this release, Settings Sync for the VS Code web client was one-way by default, and two-way sync had to be enabled manually for each codespace.

With today's release, you can now choose whether to enable Settings Sync. Settings Sync is off by default. If you enable Settings Sync, the sync is two-way for repositories you trust, and one-way for untrusted repositories. Codespaces will also remember your choice.

The quickest way to enable Settings Sync is to start a codespace using the VS Code for the Web client, then choose 'Turn on Settings Sync…'

Turn on Settings Sync in VS Code web client

You will then be prompted for permission to enable Settings Sync for the repository. If you authorize, the Settings Sync setting on your GitHub profile will be enabled, and the repository will be added to a list of trusted repositories so that future codespaces on that repository will automatically have Settings Sync enabled in VS Code for the Web.
cVS Code Settings Sync is requesting additional permissions

You can manage your Settings Sync and GPG verification settings from your GitHub Codespaces Settings page at
https://github.com/settings/codespaces.

On the Codespaces settings page you can manage which repositories you trust for GPG verification and Settings Sync.
Codespaces Settings for GPG verification and Settings Sync

Trusted repositories

Settings Sync and GPG verification now share a single set of trusted repositories. You can enable or disable GPG verification and Settings Sync independently. If you have Settings Sync enabled and you open a codespace from a repository that is not in your list of trusted repositories, the Settings Sync will be read only – your settings will be pulled from the Settings Sync server and applied to your codespace, but no settings changes will be written back. If you open a codespace for a repository you do trust, your settings will be synced both to and from the server.

If you have enabled GPG verification for all repositories, we advise you to restrict the repositories to a trusted list when you first enable Settings Sync.

VS Code Settings Sync is requesting additional permissions when all repositories are trusted

If you choose to enable Settings Sync for all repositories we will keep that setting for GPG verification as well, but we recommend restricting both Settings Sync and GPG verification to trusted repositories to improve your security posture.

Node 12 has been out of support since April 2022, as a result we have started the deprecation process of Node 12 for GitHub Actions. We plan to migrate all actions to run on Node16 by Summer 2023.
Following on from our warning in workflows using Node 12, we will start enforcing the use of Node16 rather than Node12 on the 14th of June.

What you need to do
For Actions maintainers: Update your actions to run on Node 16 instead of Node 12 (Actions configuration settings)
For Actions users: Update your workflows with latest versions of the actions which runs on Node 16 (Using versions for Actions)

See more

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Doppler to scan for their tokens and help secure our mutual users on public repositories. Doppler tokens allow users to access and manage their secrets from their existing tooling and infrastructure. GitHub will forward access tokens found in public repositories to Doppler, who will revoke the tokens and email affected customers. You can read more information about Doppler tokens here.

GitHub Advanced Security customers can also scan for Doppler tokens and block them from entering their private and public repositories with push protection.

See more