Copilot CLI no longer needs a personal access token in GitHub Actions
You can now run GitHub Copilot CLI in GitHub Actions using the built-in GITHUB_TOKEN. This means that you no longer need to create and store a personal access token (PAT),…
You can now run GitHub Copilot CLI in GitHub Actions using the built-in GITHUB_TOKEN. This means that you no longer need to create and store a personal access token (PAT),…
The pull_request_target event is one of the most commonly misused triggers in GitHub Actions, leading to vulnerabilities in workflows. Workflows triggered by pull_request_target run with the base repository’s GITHUB_TOKEN, secrets,…
Workflow execution protections are now in public preview for GitHub Enterprise, organizations, and repositories. This new capability lets enterprise administrators define an allow list that controls who can trigger GitHub…
GitHub Actions is resuming enforcement of version requirements for self-hosted runners on github.com and GitHub Enterprise Cloud with Data Residency. This change is part of a broader effort to rebuild…
CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.25.5, which includes accuracy improvements across C/C++,…
There are two upcoming image migrations customers should be aware of, and GitHub is transitioning to owning the Arm64 images for hosted runners. Arm64 runner images now maintained by GitHub…
You can now allow multiple jobs or workflow runs to wait in the same GitHub Actions concurrency group instead of being limited to a single pending run. Previously, a concurrency…
Developers and engineering teams worldwide use GitHub Copilot for high-quality, agent-powered code reviews on every pull request. We understand that any change is significant to our customers, especially when it…
Editor’s note (June 10, 2026): We’ve updated this post to reflect a change in the subject claim format. The delimiter between the name and immutable ID is now the @…
Editor’s note (April 20, 2026): We updated this post to clarify in preview, VNET failover manual and not automated This month, GitHub Actions adds entrypoint and command overrides for service…
A look at GitHub Actions’ 2026 roadmap, outlining how secure defaults, policy controls, and CI/CD observability harden the software supply chain end to end.
This month, GitHub Actions resolves some outstanding papercuts, including support for timezones in scheduled workflows and using environments without automatic deployments. GitHub Actions now allows developers to use environments without…
Set up your first GitHub Actions workflow in this how-to guide.
GitHub Actions now supports uploading and downloading non-zipped artifacts within workflows. Previously, when you uploaded an artifact using the actions/upload-artifact action it was automatically zipped. Downloading it using the actions/download-artifact…
Editor’s note (February 20, 2026): We updated this post to clarify that the v2.329.0 minimum version requirement applies at configuration/registration time (before running ./config.sh), not as the minimum version required…
This month, GitHub Actions introduces new capabilities, including custom runner autoscaling, expanded security controls for all users, and early access to new Windows and macOS runner images. GitHub Actions runner…
We’ve shipped several improvements to GitHub Actions that make it easier to write, validate, and troubleshoot workflow logic, especially when you rely on if: conditionals to control what runs. Here…
GitHub Actions 1 vCPU Linux runners are now generally available. All customers can now take advantage of these lower cost runners. These runners are optimized for automation tasks, issue operations,…
GitHub Actions workflow pages now successfully render workflows with more than 300 jobs. We’ve implemented lazy loading to smoothly handle large workflows. In addition, you can now filter jobs based…
Update: We’ve read your posts and heard your feedback. We’re postponing the announced billing change for self-hosted GitHub Actions to take time to re-evaluate our approach. We are continuing to…
A look at how we rebuilt GitHub Actions’ core architecture and shipped long-requested upgrades to improve performance, workflow flexibility, reliability, and everyday developer experience.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Join us October 28-29 in San Francisco or online for GitHub Universe, our flagship developer event uniting people, agents, and the world’s code.