GitHub Actions now supports a digest for validating your artifacts at runtime

Developers using upload-artifact and download-artifact in their Actions workflows can now ensure the integrity of their artifacts with the new SHA256 digest. This feature automatically verifies that the artifact uploaded is identical to the one downloaded, providing security for Actions runs and ensuring the artifact remains unchanged.

How it works

Whenever upload-artifact is used, it now computes and stores an output called digest. This is the SHA256 digest of the artifact uploaded during the run.

When download-artifact is used to download that same artifact, it uses the same process to compute a digest for the downloaded file and compares the two digests to validate that they match.

If a mismatch is detected, the run displays a warning in the UI and in the job logs. The workflow won’t fail if the digests don’t match, but this may change in a future release.

Note: This functionality is only available with artifacts v4 or newer. It’s also not currently available on GitHub Enterprise Server.

Where can I view the digest?

The digest will appear in the logs of the workflow run under the “upload-artifact” step. They’ll also appear in the Artifact output that appears in the workflow run UI.

Learn more

To get started using the artifacts actions view our documentation on storing and sharing data from a workflow.

Instant previews, flexible editing, and working with issues in Copilot available in public preview

A dark-themed code editor interface displaying a preview of a 'Planetary Travel Time' calculator. The interface includes a rocket icon, a title, and a description prompting users to select a planet and a NASA spacecraft to calculate travel time from Earth. Dropdown menus show 'Mars' as the selected planet and 'Voyager 1' as the selected spacecraft. A floating 3D GitHub Copilot assistant with a glowing, futuristic helmet is visible in the bottom-right corner.

Inspired by our previous release, working with Copilot Chat on GitHub has become even more seamless. You can instantly preview HTML files, edit files you’ve created, and work on issues right away. Several exciting new capabilities give you more control and flexibility.

What’s new

  • Preview your rendered HTML files directly in the side panel
  • Edit files in the side panel to seamlessly refine and adjust them
  • Generate and preview Mermaid diagrams for fast visualizations, whether they’re flowcharts or sequence diagrams
  • Keep tabs on your issues in the same right side panel, ensuring you can tackle open tasks while discussing them
  • Track issues or pull requests in responses that are rendered in a familiar GitHub style, making working with them easier

In addition, you can enjoy a smoother streaming experience and enhanced rendering of attachments.

Try it out

See the updated experience in action by submitting any of the following example prompts:

Join us as we continue to streamline Copilot Chat, giving you instant previews, flexible editing, and more power right where you need it! Your feedback drives our improvements. Let us know how these new changes enhance your workflow by using the in-product feedback option or sharing your thoughts in the GitHub Community.

See more

GitHub is now PCI DSS v4.0 compliant with our 4.0 service provider attestation available to customers

GitHub’s Payment Card Industry Data Security Standard (PCI DSS) v4.0 service provider Attestation of Compliance (AoC) as well as the corresponding shared responsibility matrix has been completed. This report is the first time GitHub has provided a PCI DSS service provider report for our customers. This enables customers to meet their own PCI DSS compliance needs using GitHub as part of their development environment.

Going forward, GitHub intends to provide this attestation of compliance each year.

If you’re an Enterprise customer and need to obtain copies of GitHub’s AoC or Shared Responsibility Matrix, please reach out to your account manager.

See more
View all changes