actions

Subscribe to all “actions” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

GitHub CLI 1.9 allows you to work with GitHub Actions in your terminal:

  • List and view workflows and runs with gh workflow list, gh workflow view, gh run list, and gh run view
  • View the logs for a particular run with gh run view --log
  • View the logs for runs with jobs that failed with gh run view --log-failed
  • Download run artifacts with gh run download
  • Re-run runs with failed jobs using gh run rerun
  • Watch runs in progress using gh run watch
  • Trigger workflows with the workflow_dispatch event using gh workflow run
  • Enable and disable workflows with gh workflow enable and gh workflow disable

Learn more about GitHub CLI and check out the blog post to learn more about this release.

See more

You can now use setup-java v2 to download and cache binaries from different distributions, including Adopt OpenJDK and Zulu OpenJDK.

With setup-java v2, you can:

  • Add Java distributions of your choice
  • Get native support for Adopt OpenJDK
  • Reduce your Java setup time significantly as the action can utilize pre-cached Adopt OpenJDK distributions from GitHub-hosted runner images

As part of the v2 release, setup-java now requires a mandatory distribution argument and no longer supports legacy Java version syntax 1.x. You can use our migration guide to learn more about upgrading to v2.

steps:
- uses: actions/checkout@v2
- uses: actions/setup-java@v2
  with:
    distribution: 'adopt'
    java-version: '11'
- run: java -cp java HelloWorldApp

For questions, visit the setup-java repo and GitHub Actions community

See more

GitHub Actions deployment reviews are now available on GitHub Mobile.

You can approve or reject jobs awaiting review, view deployment status and deployed environments, and receive push notifications for requests for your review for a given deployment. Deployments awaiting your approval will also appear within the Notifications tab on GitHub Mobile.

Screenshot of reviewing a deployment on GitHub for Android

Screen capture of reviewing a deployment on GitHub for iOS


Learn more about the reviewing deployments on GitHub Actions.

For questions, visit the GitHub Actions community.

Read more about GitHub Mobile and send us your feedback to help us improve.

See more

The Audit Log now includes events associated with GitHub Actions workflow runs. This data provides enterprise customers with a greatly expanded data set for security and compliance audits.

New events will be incorporated into the audit log when:

  • A workflow run is created, completed, deleted, or re-run
  • A workflow job is prepared. Importantly, this job will include the list of secrets that were provided to the runner
  • A self-hosted runner’s version is updated

Screenshot of audit log UI with new events

These new events are only available to customers on the Enterprise plan. All events are available in the REST API, and all events except for workflow run created, workflow run completed, and workflow job prepared are available in the UI and exports.

Learn more about Audit Log events

For questions please visit the GitHub Actions community forum

To see what’s next for GitHub Actions, visit our public roadmap.

See more

Starting March 1st, 2021 workflow runs that are triggered by Dependabot from push, pull_request, pull_request_review, or pull_request_review_comment events will be treated as if they were opened from a repository fork. This means they will receive a read-only GITHUB_TOKEN and will not have access to any secrets available in the repository. This will cause any workflows that attempt to write to the repository to fail.

This change will affect all repositories, both public and private, regardless of how they are configured, and is being made to prevent potentially compromised dependencies from capturing secrets referenced in your workflows.

If your workflow needs to have a write token or access to secrets, you can use the pull_request_target event; however, please read
Keeping your GitHub Actions and workflows secure: Preventing pwn requests
to better understand the risks.

For questions, visit the GitHub Actions community

To see what’s next for Actions, visit our public roadmap

See more

You can now limit which branches can deploy to an environment using Environment protection rules.

When a job tries to deploy to an environment with Deployment branches configured Actions will check the value of github.ref against the configuration and if it does not match the job will fail and the run will stop.

The Deployment branches rule can be configured to allow:

  1. All branches – Any branch in the repository can deploy

  2. Protected branches – Only branches with protection rules

  3. Selected branches – Branches matching a set of name patterns

    Configure Deployment branches

Learn more about Environment protection rules

For questions, visit the GitHub Actions community

To see what's next for Actions, visit our public roadmap

See more

GitHub Actions now supports skipping push and pull_request workflows by looking for some common keywords in your commit message.

If any commit message in your push or the HEAD commit of your PR contains the strings [skip ci], [ci skip], [no ci], [skip actions], or [actions skip] workflows triggered on the push or pull_request events will be skipped.

For questions, visit the GitHub Actions community

To see what's next for Actions, visit our public roadmap

See more

Beginning March 1, 2021, we will remove .NET Core 3.0 from macOS 10.15, Ubuntu 16.04, and Ubuntu 18.04 virtual environments for GitHub-hosted runners. We follow a general guideline of removing software tools from our hosted images six months after they are deprecated, and .NET Core 3.0 reached its end of life on March 3, 2020.

You can continue to use .NET Core 3.0 with our setup-dotnet action. The setup-dotnet action is always the recommended way of using .NET with GitHub Actions because it ensures consistent behavior across different runners or versions of .NET and protects your workflow from possible future deprecation of additional .NET versions:

steps:
- uses: actions/checkout@main
- uses: actions/setup-dotnet@v1
  with:
    dotnet-version: '3.0.x'
- run: dotnet build <my project>

For the latest updates, be sure to subscribe to the announcement in the actions/virtual-environments repository.

See more

On February 15th, GitHub Actions will remove support for referencing actions using the shortened version of a git commit SHA. This may cause some workflows in your repository to break. To fix these workflows, you will need to update the action reference to use the full commit SHA.

For example, if your workflow references actions/checkout@5a4ac90, you should change it to actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f. You can find the full commit SHA in the referenced action's repository.

This change is being made to align product functionality with our published security guidance

See more

Today we are releasing an open beta for the new continuous delivery capabilities in GitHub Actions. In this open beta there is no need to sign up, all existing GitHub organizations and accounts can use the new capabilities in their public repositories and GitHub Enterprise Cloud organizations can use them in all repositories.

The addition of environment protection rules and environment secrets enable separation of concerns between deployment and development to meet compliance and security requirements. The required reviewers environment protection rule will automatically pause a job trying to deploy to the protected environment and notifies the reviewers. Once approved, the job runs and is given secured access to the environment’s secrets. Also, the environments page includes a deployment log and information on the latest code change deployed to each environment.

Protection rules and secrets

Environment history

Learn more about environments

For questions, visit the GitHub Actions community

To see what's next for Actions, visit our public roadmap

See more

GitHub Actions can now generate a visual graph of your workflow on every run. With workflow visualization, you can

  • view and understand complex workflows
  • track progress of workflows in real-time
  • troubleshoot runs quickly by easily accessing logs and jobs metadata
  • monitor progress of deployment jobs and easily access deployment targets

Workflow visualization for GitHub Actions is now available in a public beta. To view a visual graph of your workflow, simply navigate to the workflow home page and select the run for which you will like to see the graph.

graph example of a workflow run

For questions, visit the GitHub Actions community

To see what's next for Actions, visit our public roadmap

See more

On October 1, 2020, we published a CVE outlining a vulnerability in the set-env and add-path workflow commands feature of GitHub Actions, and announced that we would be deprecating those features. In addition, we began flagging to customers in their Actions logs about the coming deprecation and provided guidance on how to migrate to the replacement functionality.

Specific vulnerabilities introduced by these commands have been patched, but in order to completely close the attack vector we need to disable the set-env and add-path workflow commands.

Security and transparency are essential to maintaining your trust. Therefore, while our investigations show no evidence at this time of this vulnerability being exploited, out of an abundance of caution, we will disable those commands and start failing workflow runs that use them on November 16, 2020.

For details on how to use the new functionality and prevent your workflows from breaking please see https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/.

Update 11/19/2020: Version [v2.274.2](https://github.com/actions/runner/releases/tag/v2.274.2) of the GitHub Actions runner removes support for these commands and has been rolled out across GitHub.

See more

Workflows using the ubuntu-latest runner label will soon run on Ubuntu-20.04. GitHub Actions has supported Ubuntu-20.04 in preview mode since June 2. During these past four months we have monitored image stability and customer feedback, and waited for a range of critical software tools to improve support for Ubuntu-20.04.

Now Ubuntu-20.04 is ready to be the default version for the ubuntu-latest label in GitHub Actions workflows. This change will be rolled out over a period of several weeks beginning on November 30, 2020.

If you see any issues with your workflows when they are transitioned to Ubuntu-20.04:

  • File an issue in the virtual-environments repository
  • Switch back to Ubuntu 18.04 by specifying the ubuntu-18.04 runner label. We will continue to support Ubuntu 18.04.

Note that image software between Ubuntu-18.04 and Ubuntu-20.04 differs by the pre-installed and default versions versions of some tools. See the full list of changed software.

See more