GitHub Actions – Securing OpenID Connect (OIDC) token permissions in reusable workflows

For securely enabling OpenID Connect (OIDC) in your reusable workflows, we are now making the permissions more restrictive.

If you need to fetch an OIDC token generated within a reusable (called) workflow that is outside your enterprise/organization, then the permissions setting for id-token should now be explicitly set to write at the caller workflow level or in the specific job that calls the reusable workflow.

permissions:
id-token: write # This is required for requesting the JWT

This change would ensure that the OIDC token generated in the called workflow is allowed to be consumed in the caller workflows only when intended.

Learn more about permission settings to enable OIDC in your workflows

Today's Changelog brings you board column limits, an improved item menu to move your board items and updates to Issue hierarchy powered by tasklists!

🔢 Board column limits

You can now set column limits on the board layout to help you limit your work in progress as well as promote focus on the items that really matter. Column limits are based off of the number of items in a column, and are unique to each board view.

To configure a limit, set the value from the column's ... menu. If you exceed the limit, the value will be highlighted in red.

As always, we'd love to hear from you! Let us know your feedback in our community discussion.

Updated menu to move board items

Following our support for bulk updates and keyboard shortcuts, we've made it even easier to move the items on your boards. Select the item ... menu to move an item to the top or bottom of a column, or to a different column altogether.

➕ Add tasklist button

a picture of the same issue in projects and in issues which shows the new add tasklist button on the bottom left of the issue description

You may have noticed a new button has appeared on issues and the projects side-panel! You can now easily add tasklists to your issues without ever having to enter your issue's Markdown.

📁 Drag and drop improvements in table layout

Items can be dragged into collapsed groups in the table layout. Items can also be dragged and dropped across groups when sorting is enabled.

🏗️ Export project view as a CSV file

You can now download a view by selecting the view menu and clicking Download CSV.

Screenshot 2023-06-15 at 2 42 26 PM

👀 Upcoming change to insights

Historical charts will no longer support group by values. We will be phasing historical charts out over the next couple of months and no new accounts will be added to the existing support.

Bug fixes and improvements

  • Fixed a permissions bug when reordering fields within a group
  • Single select edit option modal updates preview label text
  • Updated icon color of Make a copy icon
  • Fixed visual bug on Delete project and Issue transfer modals
  • Can now delete a project if there is an emoji in the name
  • Issue title created using the Add item bar now populates in the issue create modal
  • Added keyboard shortcuts for metadata edits (improvements to this coming soon!)
  • Tasklists now throw an error (instead of silently failing) when formatting is incorrect
  • Fixed a bug where tasklist name changes were not being persisted
  • Fixed a regression where tasklists did not show the preview title when adding issues
  • Fixed a regression in the tasklist omnibar which broke the autocomplete functionality
  • Fixed a bug preventing users from selecting multiple rows in the table
  • Fixed a bug where users couldn't copy assignees table cells

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

See more

Building upon the success of our organization-level security coverage and risk views, today we’re introducing enterprise-level views to offer enhanced visibility into your enterprise’s security coverage and risk analysis. The refreshed design provides you with an improved user experience with insights and dynamic filtering to maximize your productivity.

Coverage view

The coverage view allows you to gain visibility into the enablement status of security features across all repositories within your enterprise. Within the coverage view, you can:

  • Monitor the counts and percentages of repositories with GitHub security features enabled or disabled, which update when you apply filters.
  • Track enablement for additional security features, including secret scanning push protection, Dependabot security updates, and code scanning pull request alerts.

Enterprise-level security coverage

Risk view

Complementing the coverage view, the new risk view provides a comprehensive overview of all alerts across your enterprise. In the risk view, you can:

  • View the counts and percentages of repositories with security vulnerabilities, which also update when you apply filters.
  • Access open alerts categorized by severity for both Dependabot and code scanning.

Enterprise-level security risk

Both views are now available as a public beta. In the next few weeks, we will deprecate the enterprise-level overview page in favor of these two new views.

Learn more about the new risk and coverage views and send us your feedback

Learn more about GitHub Advanced Security

See more