In the secret scanning list view, you can now apply a filter to display alerts that are the result of having bypassed push protection. This filter can be applied at the repository, organization, and enterprise levels from the sort menu in the list view UI or by adding
bypassed:true to the search bar.
We listened to your feedback and released new versions (
v4) of actions/upload-artifact and actions/download-artifact. While this version of the artifact actions includes up to 10x performance improvements and several new features, there are also key differences from previous versions that may require updates to your workflows.
- Artifacts will be scoped to a job rather than a workflow. This allows the artifact to become immediately available to download from the API after being uploaded, which was not possible before.
v4is not cross-compatible with previous versions. For example, an artifact uploaded using
v3cannot be used with
upload-artifact@v4ensures artifacts are immutable, improving performance and protecting objects from corruption, which would often happen with concurrent uploads. Artifacts should be uploaded separately and then downloaded into a single directory using the two new inputs,
merge-multiple, available in
download-artifact@v4. These objects can then be re-uploaded as a single artifact.
- A single job can upload a maximum of 500 artifacts.
Customers will still be able to use
v3 of the artifact actions. If you wish to upgrade your workflow to use
v4, please carefully consider the impact the aforementioned major version changes will have on your project and any downstream dependencies.
v4 is only available to GitHub.com customers today but we will be extending support to GitHub Enterprise Server (GHES) customers in the future.