Maintainers of GitHub repositories can now use Category Forms to create templates for their Discussions, which means that users can start new discussions with all the necessary information already included. We hope this leads to less repetitive back and forth conversation with maintainers, as users are more likely to capture all relevant details in their first Discussion post.
Similar to Issue Forms, maintainers can create a discussion template, which will live in .github/DISCUSSION_TEMPLATE/. Each template will map 1:1 with the available Discussion Categories slugs. For example, the template for the “Announcements” category will be .github/DISCUSSION_TEMPLATE/announcements.yml. Once created, Category Forms in Discussions will be familiar to users who have seen them in issues:
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.
We have partnered with Persona to scan for their API keys and help secure our mutual users on all public repositories and private repositories with GitHub Advanced Security. Persona API keys allow users to create, update, and interact with their identity-related data. GitHub will forward API keys found in public repositories to Persona, who will notify affected customers and work with them to rotate their API keys. You can read more information about Persona API keys here.
GitHub Advanced Security customers can also scan for Persona API keys and block them from entering their private and public repositories with push protection.
Previously, GitHub Actions gets a GITHUB_TOKEN with both read/write permissions by default whenever Actions is enabled on a repository.
As a default, this is too permissive, so to improve security we would like to change the default going forward to a read-only token. You can still flip it to read/write if needed.
This change will not impact any existing enterprises, organizations or repositories. Here is how the defaults are set going forward.
Enterprises: New enterprises will have read-only token.
GitHub Enterprise Cloud customers can now join a private beta which allows API request events to be streamed as part of their enterprise audit log.
In this private beta, REST API calls against enterprise private repositories can be streamed to one of GitHub's supported streaming endpoints. Further iterations on this feature are planned to expand the API events captured and make this data available via the audit log API.
Many GitHub users leverage GitHub's APIs to extend and customize their GitHub experience. However, use of APIs can create unique security and operational challenges for Enterprises.
With the introduction of targeted audit log streaming API requests, Enterprise owners are now able to:
Better understand and analyze API usage targeting their private repositories;
Identify and diagnose potentially misconfigured applications or integrations;
Troubleshoot API activity targeting private repositories that may be contributing to API rate limiting; and
Develop API specific anomaly detection algorithms to identify potentially malicious activity.
Enterprise owners interested in participating in the private beta should reach out to your GitHub account manager or contact our sales team to have this feature enabled for your enterprise. Once enabled, you should begin seeing API request events in your audit log stream. Feedback can be provided at our beta feedback community discussion post.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
We are making changes to job summaries and logs in GitHub Actions that will impact customers using self-hosted runners. Over the next six months, customers using self-hosted runners will need to ensure machines have appropriate network access to communicate with the GitHub hosts below so that job summaries and logs emitted from Actions workflows can work as expected.
actions-results-receiver-production.githubapp.com
productionresultssa*.blob.core.windows.net
After July 31, 2023, if you are using self-hosted runners and have not updated your network access settings to allow the aforementioned hosts, your job summaries and logs may not display correctly.
Data exploration: Examine streamed events using your preferred tool for querying large quantities of data. The stream contains both audit and Git events across the entire enterprise account.
Data continuity: Pause the stream for up to seven days without losing any audit data.
Data retention: Keep your exported audit logs and Git events data as long as you need to.
To expand on this offering, enterprises streaming their audit log to AWS S3 now have the ability to use AWS CloudTrail Lake integration to automatically consolidate and ingest GitHub audit logs into AWS Cloud Trail Lake. AWS CloudTrail Lake is a managed security and audit data lake that allows organizations to aggregate, immutably store, and query events. By deploying this integration in your own AWS account, AWS CloudTrail Lake will capture and provide tools to analyze GitHub audit log events using SQL-based queries.
Today we are announcing the public beta of roadmaps in GitHub Projects! 🎉
Last November at GitHub Universe, we announced the private beta for roadmap. With your help and feedback over the last three months, we have shipped many exciting updates making it easier for you to visualize and plan your work over time, understand what is in progress or coming up next, and keep your team and stakeholders up to date.
🗺 Creating a roadmap
You can quickly build a roadmap alongside the same table and board views you already know and love.
When creating a roadmap, use existing date or iteration fields in your project to populate your items on the roadmap or create a new field from the Date fields menu. Set the zoom level to Month, Quarter, or Year depending on how granular you need your roadmap to be.
➕ Adding items and dates
Adding roadmap items works just like adding project items in any other view. Use the + Add item to search for or create a new issue, or type to create a draft placeholder. Once you’ve added the item, assign it to a specific date or within an iteration with a single click.
If plans change (which they often do!), you can adjust and move an item directly on the roadmap to reflect the new plan.
🎨 Customizing the view
Customizing your roadmap helps you create a tailored view for you and your teams. Select a group by field to segment and bucket your items by a custom field, such as status or team. This allows you to visually separate your items to understand both how they line up with each other and how long they all are expected to take.
Select a sort by field to further organize your roadmap, and specify a filter so that you only include relevant project items.
✍ Tell us what you think!
We’ve got more improvements planned but we want to hear from you! Be sure to drop a note in the discussion and let us know how we can improve! Check out the documentation for more details.
If you would like to request access for the tasklists private beta to visualize the hierarchy of your items on the roadmap, sign up on the waitlist.
See how to use GitHub for project planning with GitHub Issues, check out what’s on the roadmap, and learn more in the docs.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
We are reverting this change for now. More details to follow.
The default compression for Git archives has recently changed. As result, archives downloaded from GitHub may have different checksums even though the contents are completely unchanged.<
GitHub doesn’t guarantee the stability of checksums for automatically generated archives. These are marked with the words “Source code (zip)” and “Source code (tar.gz)” on the Releases tab. If you need to rely on a consistent checksum, you may upload archives directly to GitHub Releases.
These are guaranteed not to change.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
A GraphQL mutation is now available for reverting a merged pull request: revertPullRequest.
Like the revert action on the pull request page in the web, calling this API creates a new pull request that reverses the changes made by the merged pull request.
GitHub Desktop 3.1.5 improves support for force pushing and fetching through the newly added Repository menu items as well as supporting pull request notifications on forks. This release also comes with many great contributions (12 changelog entries! ✨❤✨) from our open source contributors.
Force-pushing and Fetching
Previously, a user could only force push after an action such as rebasing. Now, when users find their branch in any diverged state, they can opt to use the force push Repository menu item. For example, a user can force push when commits exist on the remote that they are sure they want to overwrite.
Similarly, a user may find themselves in a new local branch they are not ready to publish, yet they want to fetch to see if there are any new changes on their main branch they would want to merge in. Instead of having to switch branches, they can use the Repository menu item to fetch those changes.
Notifications for Forks
If you have been enjoying our Pull Request notifications on your repositories, you will be happy to hear that with 3.1.5 those same notifications are supported on forks.
Open Source Contributions
We love the help we get from the open source community, providing many fixes and improvements for everyone to enjoy.
Thank you @angusdev for contributing all these fixes:
Hide window instead of hiding the app on macOS
The repository change indicator is visible if repository list item is selected and in focus
Tooltips are positioned properly if mouse is not moved
Tooltips of long commit author emails wrap to multiple lines
Clone repository progress bar no longer hidden by repository list
Close repository list after creating or adding repositories
Thank you @tsvetilian-ty for adding support for JetBrains Toolbox and JetBrains Fleet editor for Windows.
Thank you @zipperer for adding support for emacs editor.
Thank you @patinthehat for adding support for JetBrains PhpStorm and WebStorm editors
Thank you @daniel-ciaglia for adding support for VSCodium as an external editor.
Thank you @Shivareddy-Aluri for adding the ability to copy tag names from the commit list.
Thank you @j-f1 for improving the the diff view by adding highlighting to Arduino's .ino files as C++ source.
This week, we’ve shipped a new experience for creating issues directly from Projects, improved sorting by custom fields across all layouts, and fixed a few bugs.
📝 Create issues in a snap with the new issue creation dialog
Create new issues quickly and easily by clicking the + icon on the omnibar and selecting Create new issue. Add labels, select a milestone, and assign to a teammate without ever leaving your project.
🗂 Sorting by field values on the board layout
Sort by field values on the board layout to easily organize your work items within your board columns. Select a sorting field from the view configuration menu to reorder items within each column, and move your items freely between columns while still maintaining the sorted order.
Starting today, when linking to a Dependabot alert in an issue and or pull requests, anyone with permissions to view the alert will see a rich Dependabot alert mention, with detailed hovercard and a prettified link with the title of the alert.
Card details include:
Alert title, repository, and description
Date that the alert was opened
Alert severity and status (fixed, dismissed, or open).
Starting on February 23, 2023, GitHub Sponsors will no longer support PayPal as a payments processor. As such, it will no longer be possible to sponsor individuals or organizations using PayPal.
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.
We have partnered with Twilio Segment to scan for their tokens and help secure our mutual users on all public repositories, and private repositories with GitHub Advanced Security. Twilio Segment tokens allow users to programmatically manage their workspaces. GitHub will forward access tokens found in public repositories to Twilio Segment, who will immediately revoke the token and notify workspace owners. You can learn more about Twilio Segment tokens here.
GitHub Advanced Security customers can also block Twilio Segment tokens from entering their private and public repositories with push protection.
You can now add a note to describe why the blocking of a user took place, to provide projects and teams with the context around privacy and safety decisions. Notes on blocked users at the organization level will be visible to the owners and moderators of that organization. Notes on blocked users from your personal account will be visible just to you.
✕
Wait! Don't Go Yet 🚀
Get our FREE eBook "10 Programming Tips That Changed Everything" when you subscribe!
Secret scanning users can now view the validity of detected GitHub tokens by clicking into the related alert's UI page. The alert page will tell you whether the GitHub token is still active and able to be used.
Secret scanning alerts are available for free on public repositories and as part of GitHub Advanced Security on private repositories.
From today, GitHub will scan every commit to a public repository for exposed crates.io keys. We will forward any tokens we find to crates.io, who will automatically disable the tokens and notify their owners. The end-to-end process takes only a few seconds.
Crates.io is the latest GitHub secret scanning integrator; since 2018, GitHub has partnered with over 100 token issuers to help keep our mutual customers safe. We continue to welcome new partners for public repository secret scanning. In addition, GitHub Advanced Security customers can scan their private repositories for leaked secrets.
We’d like to thank the crates.io team, the staff at the Rust Foundation, and the work from AWS’ Dan Gardner on this GitHub pull request that made our collaboration with Rust possible.
