Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

Now in public preview, Linux arm64 hosted runners are available for free in public repositories. Following the release of arm64 larger hosted runners in June, this offering now extends to the open source-community. Powered by the Cobalt 100-based processors, these 4 vCPU runners can deliver up to a 40% performance boost compared to Microsoft Azure’s previous generation of Arm-based VMs, providing a power-efficient compute layer for your workloads. Arm-native developers can now build, test and deploy entirely within the arm64 architecture without the need for virtualization on your Actions runs.

How to use the runners

To leverage the arm64 hosted runners, add the following labels in your public repository workflow runs:
ubuntu-24.04-arm
ubuntu-22.04-arm

Please note that these labels will not work in private repositories, and the workflow will fail if added. All runs in public repositories will adhere to our standard runners usage limits, with maximum concurrencies based on your plan type. While the arm64 runners are in public preview, you may experience longer queue times during peak usage hours.

Images

In partnership with Arm, GitHub provides the Ubuntu VM images for these runners, helping customers with a seamless start to building on Arm. To view the list of installed software, give feedback, or report issues with the image, visit the partner-runner-images repository.

Get started today!

To get started, simply add one of the new labels to theruns-on syntax in your public Actions workflow file. For more information on arm64 runners and how to use them, see our documentation and join the conversation in the community discussion.

See more

The ability to ask Copilot chat about Actions job failures is now Generally Available. You can now press “Explain Error” from the PR mergebox or the Actions Job Page to kick off a conversation with Copilot about why a job failed and what steps can be taken to resolve the issue.

Mergebox
Within the mergebox, you can select the “More actions” option for a failing check and click “Explain Error” as seen below:

Screenshot of Explain Error in the mergebox of a PR
This will open Copilot chat and ask Copilot about this particular job.

Actions Job Page
You can go to the Job page for a failing job and press the “Explain Error” button next to the search bar for logs as seen below:

Screenshot of Explain Error in the Actions job page

This will open Copilot chat and ask Copilot about this job.

Who has access to this capability?

“Explain Error” can only analyze one job at a time. It is available on all Copilot tiers, but does consume a chat message to use. See the Copilot subscriptions page for more information on limits per tier.

Join the discussion within the GitHub Community.

See more

Phi-4 Model Release on GitHub Models

The latest AI model from Phi, Phi-4, is now available in GitHub Models.

Phi-4 is a 14B parameter state-of-the-art small language model (SLM) that excels at complex reasoning and conventional language processing.

GitHub Models makes it easy for every developer to build AI features and products on GitHub.

Easily try, compare, and implement this model in your code for free in the playground or via the API. Compare it to a previous Phi model using the side-by-side feature in GitHub Models.

To learn more about GitHub Models, check out product documentation on GitHub Models. You can also join our community discussions.

See more

Ubuntu 20 image is closing down

We are beginning the process of closing down the Ubuntu 20 hosted runner image, following our N-1 OS support policy. This image will be fully retired by April 1, 2025. We recommend updating workflows to use ubuntu-22.04, or ubuntu-24.04.

Brownout dates

To raise awareness of the upcoming removal we will temporarily fail jobs using the ubuntu-20.04 label starting in March 2025. The brownouts will occur on the following dates and times:
– March 4 14:00 UTC – 22:00 UTC
– March 11 13:00 UTC – 21:00 UTC
– March 18 13:00 UTC – 21:00 UTC
– March 25 13:00 UTC – 21:00 UTC

Upcoming breaking changes to hosted runner images

For a full list of this month’s breaking changes to our hosted runner images, please see our announcement page.

Artifact actions v3 brownouts

Artifact actions v3 will be closing down by January 30th, 2025. To raise awareness of the upcoming removal, we will temporarily fail jobs using v3 of actions/upload-artifact or actions/download-artifact. Builds that are scheduled to run during the brownout periods will fail. The brownouts are scheduled for the following dates and times:
– January 16th 3pm – 7pm UTC
– January 23rd 2pm – 10pm UTC

Note: v3 of the artifact actions will continue to be supported for GitHub Enterprise Server customers. The brownouts and retirement will not affect your workflows.

actions/cache v1-v2 and actions/toolkit cache package closing down

Starting February 1st, 2025, Actions’ cache storage will move to a new architecture, as a result we are closing down v1-v2 of actions/cache. In conjunction, all previous versions of the @actions/cache package (prior to 4.0.0) in actions/toolkitwill be closing down. If users run workflows that call the retired versions after February 1st, 2025, the workflows will fail.

You should upgrade to actions/cache v4 or v3 as soon as possible to avoid any disruption in February. For information on how to migrate, see the announcements in the actions/cache and actions/toolkit repositories.

Note: all versions of actions/cache will continue to be supported for GitHub Enterprise Server customers. The retirement will not affect your workflows.

See more

Audit log streaming of API requests targeting your enterprise’s private assets is now generally available. This feature provides you as enterprise administrators new visibility into the API activity within your enterprise.

Audit logs play a critical role in an enterprise owners’ ability to monitor and secure their enterprise. Many enterprises leverage GitHub’s API ecosystem to automate and operate their enterprise at scale. However, API use can also create unique security and operational challenges that must be managed. To help manage these challenges, API requests targeting your enterprise’s private assets can be included in your enterprise’s audit log streams. Please note that API requests targeting public repositories will be omitted from your enterprise’s audit log stream. This new data will allow you as an enterprise owner to:

  • Better understand and analyze API usage targeting your private enterprise assets;
  • Identify and diagnose potentially misconfigured applications or integrations;
  • Track the authentication tokens being used by specific applications or integrations;
  • Troubleshoot API requests contributing to API rate limiting;
  • Analyze API activity when performing forensic investigations; and
  • Develop API specific anomaly detection algorithms to proactively identify potentially malicious API activity.

    An example event payload can be found below:

Example API request audit log event.

Note: Sensitive fields have been redacted for security reasons.

To start streaming API requests, you can follow the instructions in our docs for enabling audit log streaming of API requests. Once enabled, you should begin seeing API request events in your audit log stream.

See more

The latest AI model from Mistral, Codestral 25.01, is now available in GitHub Models.

Codestral 25.01 is explicitly designed for code generation tasks. It helps developers write and interact with code through a shared instruction and completion API endpoint. As it masters code and can also converse in a variety of languages, it can be used to design advanced AI applications for software developers.

GitHub Models makes it easy for every developer to build AI features and products on GitHub.

Easily try, compare, and implement this model in your code for free in the playground or via the API. Compare it to other code generation models using the side-by-side feature in GitHub Models.

To learn more about GitHub Models, check out the docs. You can also join our community discussions.

See more

Following our opt-in preview last year, we are excited to release sub-issues, issue types and advanced search for issues to everyone! 🎉

Thank you to everyone who opted-in and gave us feedback on these new additions. We will be rolling out these changes incrementally and expect all users to have access by the end of this week.

🔗 Break down and nest issues with sub-issues

Sub-issues allow you to break down and organize issues within a parent-child hierarchy. You can create sub-issues from any issue and use their nested structure to track progress and understand remaining work. You can also easily track sub-issues progress within your projects.

Learn more and share feedback on sub-issues.

📁 Organize your work with issue types

Issues types allow you to classify and manage your issues with a shared and consistent language across all repositories in an organization. You can quickly understand the progress of your bug backlog, find all of the high level initiatives teams are working on, and understand the breakdown of work in a project.

Issue types displayed as part of a repo index page

Learn more and share feedback on issue types.

From the repository issues page, you can build advanced searches using the AND and OR keywords and parentheses for nested searches. This allows you to build more complex filters to find the exact set of issues you’re looking for.

A user searches for type bug OR type task

Learn more and share feedback on advanced search for issues.

🎨 Issues UI updates

All these new features are based upon an update to the issues front end, designed to be fast and familiar. This means there are no new UI patterns to slow you down, but we did include a few tweaks to speed you up, including:

  • The issues index page has a new filter bar with autocomplete and syntax highlighting.
  • Creating multiple issues is faster with a ‘create more’ option to quickly get back to the creation screen.
  • Issue form and templates are now presented in alphabetical order based on file name, making it easier for you to set just the right order.
  • Easily share the URL to an issue with a new ‘copy link’ button.
  • On long issues, selecting ‘load more’ will now fetch 150 events instead of 50.

Learn more and share feedback on the updated issues UI.

👀 Not ready yet?

Head over to your account’s feature preview page to switch between the new and old experiences. Due to the incremental roll out of the new experiences over the course of this week, you may find you only have access to the feature preview toggle once the roll out has completed.

See more

On December 13, 2023, we released CodeQL Action v3, which runs on the Node.js 20 runtime. In January 2024, we announced that CodeQL Action v2 would be retired at the same time as GitHub Enterprise Server (GHES) 3.11. This retirement period has elapsed and CodeQL Action v2 is now discontinued. It will no longer be updated or supported, and while we will not be deleting it except in the case of a security vulnerability, workflows using it may eventually break. New CodeQL analysis capabilities will only be available to users of v3.

For more information about this retirement, please see the original retirement announcement from January 2024.

How does this affect me?

Default setup

Users of code scanning default setup do not need to take any action in order to automatically move to CodeQL Action v3.

Advanced setup

Users of code scanning advanced setup need to change their workflow files in order to start using CodeQL Action v3.

Users of GitHub.com and GitHub Enterprise Server 3.12 (and newer)

All users of GitHub code scanning (which by default uses the CodeQL analysis engine) on GitHub Actions on the following platforms should update their workflow files:

  • GitHub.com (including open source repositories, users of GitHub Teams and GitHub Enterprise Cloud)
  • GitHub Enterprise Server (GHES) 3.12 (and newer)

Users of the above-mentioned platforms should update their CodeQL workflow file(s) to refer to the new v3 version of the CodeQL Action. Note that the upcoming release of GitHub Enterprise Server 3.12 will ship with v3 of the CodeQL Action included.

Users of GitHub Enterprise Server 3.11 (and older)

GitHub Enterprise Server 3.11 (and older) is now retired. For more information on using the CodeQL Action on a retired GitHub Enterprise Server version, refer to the relevant sections of the CodeQL Action v2 retirement announcement.

Exactly what do I need to change?

To upgrade to CodeQL Action v3, open your CodeQL workflow file(s) in the .github directory of your repository and look for references to:

  • github/codeql-action/init@v2
  • github/codeql-action/autobuild@v2
  • github/codeql-action/analyze@v2
  • github/codeql-action/upload-sarif@v2

These entries need to be replaced with their v3 equivalents:

  • github/codeql-action/init@v3
  • github/codeql-action/autobuild@v3
  • github/codeql-action/analyze@v3
  • github/codeql-action/upload-sarif@v3

Can I use Dependabot to help me with this upgrade?

Yes, you can! For more details on how to configure Dependabot to automatically upgrade your Actions dependencies, please see this page.

See more

GitHub continually updates the default pattern set for secret scanning with new patterns and upgrades of existing patterns, ensuring your repositories have comprehensive detection for different secret types.

The following new patterns were added over the last few months. Secret scanning automatically detects any secrets matching these patterns in your repositories. See the full list of supported secrets in the documentation.

Provider Token Partner User Push protection
Anthropic anthropic_admin_api_key
Asaas asaas_api_token
Asana asana_legacy_format_personal_access_token  ✓
Azure azure_openai_key
Azure microsoft_azure_common_annotated_security_key
Azure microsoft_azure_entra_id_token
Cfx.re cfxre_server_key
Cockroach Labs ccdb_api_key
Coveo coveo_access_token
Databento databento_api_key
Datastax datastax_astracs_token
Google google_cloud_service_account_credentials
Google google_gcp_api_key_bound_service_account ✓  
Hubspot hubspot_private_apps_user_token
Hubspot hubspot_smtp_credential
Hugging Face hf_user_access_token
Iterative iterative_dvc_studio_access_token
Lichess lichess_personal_access_token
Lichess lichess_oauth_access_token
MongoDB mongodb_atlas_db_uri_with_credentials
Netflix netflix_netkey
OpenRouter openrouter_api_key
Oracle oracle_api_key
Polar polar_access_token
Polar polar_authorization_code
Polar polar_client_registration_token
Polar polar_client_secret
Polar polar_personal_access_token
Polar polar_refresh_token
Replicate replicate_api_token
Scalr scalr_api_token
Sentry sentry_org_auth_token
Sentry sentry_user_auth_token
Sentry sentry_user_app_auth_token
Sentry sentry_integration_token
Shopee shopee_open_platform_partner_key
Siemens siemens_api_token
Sindri sindri_api_key
Tailscale tailscale_api_key

The following existing patterns were upgraded to be included in push protection. When push protection is enabled, secret scanning automatically blocks any pushes that contain a secret matching these patterns.

Provider Token
Contentful contentful_personal_access_token
GitLab gitlab_access_token
Ionic ionic_refresh_token
Orbit orbit_api_token
PyPI pypi_api_token
Thunderstore thunderstore_io_api_token
Yandex yandex_cloud_iam_access_secret

Learn more about securing your repositories with secret scanning.

See more

You can now specify a custom JSON schema as a response format, alongside the existing text and recently released general JSON option. When JSON schema is selected, an input box will allow you to define your desired schema format directly in the playground.

JSON Schema support in Models

This enhancement provides more control if you’re working with models that require structured responses, helping to mitigate issues like models outputting unnecessary tokens. You can either specify a single object or an array of objects. Additionally, you can save this JSON schema as a preset so that you can use it again later.

JSON Schema structured outputs are currently only supported for the GPT 4o model, and specifically for the api-version: “2024-08-01-preview”.

GitHub Models is a catalog and playground of AI models to help you build AI features and products. You can start using models for free with just your GitHub PAT.

Learn more about GitHub Models or join the conversation in our community discussions.

See more

Happy New Year! We’ve got fresh Copilot Workspace updates for you this week, so let’s jump right in! 🎉

Copilot Workspace

Adding new files from file tree

You can now add a new file directly to the file tree, rather than having to modify the plan.

photo of adding a new file from the file tree

Error toggling

We’ve enabled an option to toggle errors on and off within your editor. This will allow you to hide errors when you’re not actively working on them.

gif of error toggling

Improved codespace creation

Now when you create a codespace, your codespace will be created in the region closest to you. This will improve the latency of your connection, providing a smoother experience while editing and using the terminal.

Copilot Workspace for pull requests

Accessibility improvements

Screen readers will now announce when suggestions are applied.

Bug fixes

Fixed a design regression where there was no border between the editor and the file.

Providing feedback

Please give feedback in our GitHub Discussion. We appreciate any and all feedback you have!

See more

On February 5th, 2025, Dependabot will end support for Python version 3.8, which has reached its end-of-life. If you continue to use Python version 3.8, there’s a risk that Dependabot will not create pull requests to update dependencies. To prevent this from happening, please update to a supported release of Python. As of January 2025, the latest supported release of Python is version 3.13. View Python’s official documentation for more information about supported releases.

See more

Starting January 6, 2025 GitHub-Hosted macOS runner images will be replacing Xcode 16.0 with Xcode 16.2. This change applies to both macOS-14 Intel and ARM64 based runner images. If you rely on Xcode 16.0, upgrade to Xcode 16.1 in order to maintain service continuity in your Actions workflows.

Our support policy for macOS-14 is:
Xcode 15: All minor releases with the full platform tools suite.
Xcode 16: Two minor releases (excluding visionOS tools), following a “last two” principle where the oldest version is replaced by the latest as updates are released. Beta versions are not included.

Additional Resources

See more

We are excited to announce that all paying Copilot customers can now use the technical preview of GitHub Copilot Workspace.

hero image for the copilot workspace technical preview

Copilot Workspace is a Copilot-native development environment designed to help you with everyday tasks, from idea to merge.

Starting from a GitHub Issue or natural language task, you can work with Copilot Workspace to iterate on solving your problem. Together, you can:

  • Brainstorm your ideas: Ask Copilot questions about how your codebase currently works, and explore ideas for how to solve your task.
  • Plan your changes: Leverage Copilot Workspace to generate a comprehensive plan for your code change, surfacing relevant code and describing the changes necessary in each file to achieve your goal.
  • Implement and validate: Let Copilot Workspace propose code changes that you can iterate on and refine in natural language or code. You can even build, run, and test the code directly within Copilot Workspace with a fully functional compute environment provided by GitHub Codespaces before creating a pull request.

Everything that GitHub Copilot Workspace proposes – from the plan to the code – is fully editable, allowing you to rapidly iterate until you’re confident in the change.

To find out more, check out the blog that first launched Copilot Workspace to the world.

Getting Started

Sign up for the technical preview by logging into Copilot Workspace. Please note that Enterprise Managed Users are not eligible for the technical preview.

Once you have access, check out the user manual, or these 5 helpful tips and tricks for getting the most out of Copilot Workspace.

Organization administrators can enable members to use Copilot Workspace with repositories owned by their organization by approving the Copilot Workspace OAuth app for the organization. OAuth app restrictions are enabled by default when new organizations are created, so unless you’ve changed this setting, members of your organization will not have access to Copilot Workspace on organization-owned repositories by default. To enable Copilot Workspace for your organization’s repositories:

You can share any questions, concerns, or ideas in this discussion post. We can’t wait to see what you build!

See more

Welcome to another week of Copilot Workspace updates! We have a bunch this week, so let’s jump right in! 🎉

Copilot Workspace

Handling large files

Workspace will now inform you when a file is too large to be displayed, and link you to view the file in the repo editor.

"image of file too large with correct warning"

Copying the branch name

Now when selecting a branch, you’ll be able to copy the branch name to your clipboard. You’ll will see a check mark after successfully copying the branch name.

Improvements to the diff editor

  • The scrolling experience has been improved, allowing you to scroll through all your files at once instead of each file individually.
  • We’ve enabled collapsing regions outside the diff, and are showing 3 lines of context padding the diff.
  • We’ve enabled word wrapping within the editor.

Bug fixes

  • Empty files now display correctly
  • Fixed a bug during plan creation that was causing Copilot Workspace to crash
  • No longer does renaming the spec question include a scroll bar
  • Fixed an issue where renamed files did not update all references across the plan, tabs, and editor. Now when you rename a file you will see that name change reflected everywhere.

Copilot Workspace for PRs

New file path auto-populating

Adding new files will auto-populate the path, making it easier to add new files to your repository.

Individual file resets

You can now reset individual files, rather than having to reset the state of all changes.

Hiding trailing whitespace

We’ve enabled an option for you to hide whitespace when viewing a diff.
showing trailing whitespace and then hiding it

Add indication when suggestion cannot be applied

We now alert you when a suggestion can’t be applied.
photo-of-improved-file-handler

Accessibility improvements

Accessibility continues to be core to the GitHub experience. Over the upcoming changelogs we’ll be highlighting improvements to our accessibility experience.

  • User operating system specific hints on keyboard shortcuts are enabled
  • A missing checkbox label on commit dialog has been added
  • Screen reader feedback on suggestions are now applied

Bug fixes

  • Copilot Workspace now informs users if a file is too large to be viewed
  • Changing files is enabled when focusing on a suggestion
  • Suggestions that would be applied to files you have removed are now deleted

Providing Feedback

Please give feedback in our GitHub Discussion. We appreciate any and all feedback you have!

See more

As a GitHub Enterprise Cloud organization owner, you and your designated users can now use API insights to visualize REST API activity for your entire organization or specific apps and users. This new feature helps you understand the sources of your REST API activity and manage against your primary rate limits—giving you visibility into the timeframe, apps, and API endpoints involved.

Who can access it

The API insights feature is available only at the organization level. By default, only organization owners can access it. However, organization owners can grant access to non-owners by creating a custom role at the organization level, assigning the permission named View organization API insights to the custom role, and then assigning the custom role to an organization member or team. See the documentation for managing organization custom roles.

Where to find it

The API insights feature is available to all GitHub Enterprise Cloud organizations. To access it on your organization home page, select Insights near the top of the page, and then select REST API on the left side of the page.

An image of an organization homepage where selecting Insights and then REST API will navigate to the new API insights feature.

How to use it

Use the Period and Interval drop-downs to choose the range of time displayed in the chart and how granularly to display REST API requests on the chart. These drop-downs also set the time range for the “Total REST requests,” the “Primary-rate-limited requests,” and the Actors table below the chart.

An image of the API insights feature page showing the Period drop-down expanded for selecting the time period of REST API activity to include.

The Actors table displays the GitHub Apps and users that made REST API requests in the current organization within the selected time period. Select a GitHub App to display its REST API activity and any primary rate-limiting. Select a user to display their personal REST API activity from personal access tokens (PATs) and OAuth apps acting on their behalf.

An image of the API insights feature page showing a table of actors, including GitHub Apps and users, that created REST API activity in the selected time period.

Tell us what you think

We welcome your feedback in the Enterprise community discussions.

Refer to the documentation for API insights for more details about understanding your organization’s REST API activity and investigating primary rate-limiting.

See more

To enhance auditing and troubleshooting, we’ve introduced new webhook and audit log events to track the completion of certain secret backfill scans on repositories.

The events specify the type of backfill scan completed (e.g., Git backfill or issues backfill) and the secret types scanned, including custom patterns. Note that secrets detected through Copilot Secret Scanning are not included.

Backfill scans cover the entire repository and occur when secret scanning is enabled or patterns are updated. These events do not include information on incremental scans, which focus on new content pushed to a repository.

A repository must have a GitHub Advanced Security license to access these events.

Learn more about how to secure your repositories with secret scanning.

See more

OpenAI’s brand new o1 model is now available in Copilot Chat for Copilot Pro, Business and Enterprise subscribers.

The new o1 model replaces o1-preview, and offers even better performance in complex tasks.

To try it, just pick o1 (Preview) from the model picker in Visual Studio Code or in the full-screen, immersive Copilot Chat experience at github.com/copilot.

Picking the o1 model in Copilot Chat in Visual Studio Code

Access to the o1 model is currently in public preview, so if you’re a Copilot Business or Copilot Enterprise subscriber, an administrator must enable access to the o1 family of models before o1 shows up in the model picker.

Support for o1 is coming soon to Visual Studio, and we’re working to bring the model picker to the JetBrains IDEs.

OpenAI o1 is also available in GitHub Models – to learn more, check out the changelog.

See more

GitHub Models makes it easy for every developer on GitHub to build AI features and products, with access to top AI models via a playground, API, and more.

Today, we’ve added access to OpenAI’s brand new o1 model. The new o1 model replaces o1-preview, and offers even better performance in complex tasks. You can learn more about this launch and its availability on both GitHub Models and Copilot in our blog post.

Start working with o1 directly in our GitHub Models playground. You can even compare it side-by-side with GPT-4o to evaluate how they work differently.

OpenAI o1 in GitHub Models

If you’re ready to jump in and integrate o1 into your code, check out our API.

Learn more about GitHub Models or join the conversation in our community discussions to share your feedback!

See more