Changelog

Subscribe to all Changelog posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

GitHub Desktop 3.1 improves submodule support and now supports multi-commit diffing.

Submodule support just got much better from GitHub Desktop by providing a more detailed “diff” when they have changes. You will now know whether submodules are just pointing at a different commit or if there are changes within them that you must commit. You can also open the submodule at the click of a button!

Screenshot of GitHub Desktop displaying a submodule diff

You can now also see all the changes across multiple commits by just selecting them. That way, you can be certain about the changes you’re about to push or merge onto another branch, and make sure no unintended changes are included in them.

Screenshot of GitHub Desktop displaying multi-commit diffs

Learn more about GitHub Desktop

See more

The functionality for GitHub Enterprise Cloud customers to configure audit log streaming to AWS S3 with OpenID Connect (OIDC) is now generally available. Audit log streaming configured with OIDC eliminates storage of long-lived cloud secrets on GitHub by using short-lived tokens exchanged via REST/JSON message flows for authentication.

For additional information, please read about setting up audit log streaming to AWS S3 with OpenID Connect.

See more

Actions on GitHub Mobile

Actions are coming to GitHub Mobile! You can now view and manage your pull requests on the go.

Tapping on checks when viewing a pull request now leads to a vastly improved experience, including the ability to view a workflow-run, its jobs and even the logs of completed steps inside.

A run did not go as planned? No problem. GitHub Mobile now supports re-running single jobs, failed jobs as well as entire workflows directly from your mobile device. For checks that are already running, support for cancellation has been added as well.


Read more about GitHub Mobile and send us your feedback to help us improve.

See more

As previously mentioned, starting today, all Sponsors profiles will have custom amounts enabled by default. This means if you have a GitHub Sponsors profile, people can sponsor you for a dollar amount they choose, rather than just the amounts you published. This will simplify setting up Sponsors profiles as well as make it easier for users to make sponsorships.

For maintainers who did not have custom amounts previously enabled, and therefore had no minimum, we set a minimum based on their lowest tier value. If you prefer to change your minimum custom amount, you can do so via the Sponsors dashboard. Learn more about managing sponsorship tiers.

Custom sponsorship amounts settings on the Sponsors dashboard page

See more

GitHub's audit log allows admins to quickly review the actions performed by members of their Enterprise. It includes details such as who performed the action, what the action was, and when it was performed. GitHub's audit log provides users with the ability to export audit log activity for your enterprise as a JSON or CSV file download. Moving forward, customers can expect to see the following enhancements to their audit log exports:

  • Audit log exports will contain the same fields as the REST API and audit log streaming, bringing consistency across these three audit log consumption modalities.
  • actions events will be present in audit log exports.
  • For Enterprises who have enabled the feature to display IP addresses in their enterprise audit logs, IP addresses will be present in audit log exports.
  • Audit log exports will be delivered as a compressed file.
  • Audit log JSON exports will be formatted with each line of the JSON file contains a single event, rather than a single JSON document with an array containing all the events as array elements.

This feature will be gradually enabled for an increasing percentage of GitHub Enterprise Cloud customers with a goal of 100% enablement by October 28, 2022. Should you encounter a problem with your audit log exports, please reach out to GitHub Support for assistance.

See more

macOS 12 became generally available on GitHub-hosted runners in June 2022. Over the next 10 weeks, jobs using the macos-latest runner label will migrate from macOS 11 to 12. During migration, you can determine if your job has migrated by viewing the Runner Image information in the Set up job step of your logs.

Start using GitHub Actions to build and publish apps for the Apple ecosystem by updating your jobs to include runs-on: macos-latest

jobs:
  build:
    runs-on: macos-latest
     steps:
      - uses: actions/checkout@v2
      - name: Build
        run: swift build
      - name: Run tests
        run: swift test

The macOS 12 runner image has different tools and tool versions than macOS 11. See the full list of changed software.

If you spot any issues with your workflows when using macOS 12, please let us know by creating an issue in the runner image repository.

See more

Organization administrators are now able to prevent outside collaborators from requesting the installation of both GitHub and OAuth apps to their organization. The "Allow integration requests from outside collaborators" setting can be found under Organization Settings > Member Privileges > Integration installation requests. This setting is enabled by default, and disabling it prevents outside collaborators from making app installation requests, unless the app has already been approved for use within the organization.

integration-installation-requests-setting

On the app integration page, organizations that do not permit installation requests will be disabled.

disabled OAuth integration installation page

Learn more about outside collaborators permissions in our documentation, "Setting permissions for adding outside collaborators".

See more

Private profiles (now generally available) enables users to turn their GitHub profile "private", which gives users control over features that share user data across the GitHub platform. When a profile
is private, the following content is hidden from the profile page:

  • Achievements and highlights
  • Activity overview and activity feed
  • Contribution graph
  • Follower and following counts
  • Follow and Sponsor buttons
  • Organization memberships
  • Stars, projects, packages, and sponsoring tabs

To enable this setting, visit https://github.com/settings/profile.
image

Learn more about private profiles. As we continue to release new privacy control features, please share your feedback.

See more

GitHub Enterprise Cloud enterprise owners may now download an enterprise members CSV report, which is now available as a public beta. This new CSV report provides an extensive list of members associated with their Enterprise Cloud environment, including members synced from a GitHub Enterprise Server instance. To download the report, navigate to the enterprise's people page: https://github.com/enterprises/<enterprise>/people.

To learn more about this report, read our exporting membership information for your enterprise documentation.

See more

We’ve been responding to your feedback – here’s a recap of some changes recently made to Dependabot alerts.

  • Dependabot Alerts details pages now auto-magically refresh after PR generation attempts are completed, rather than spinning forever
  • Alerts are more accurately mapped to Dependabot pull requests
  • Labels in the Dependabot Alerts row page now act as filters
  • You can now suggest improvements to an advisory directly from the alert details page (shown below).

Suggest improvements from a Dependabot alert

Let us know of other improvements you’d like to see in our GitHub community discussion page.

See more

GitHub Advanced Security customers can now view a timeline of actions taken on a secret scanning alert, including when a contributor bypassed the push protection on a secret. Users can also now add an optional comment when closing an alert via the UI or the API.

secret-scanning-timeline-comment-on-close

For more information:

See more

In February 2022, we launched a new feature called community contributions to security advisories. We've continued to iterate on this feature, and recently released more improvements:

  • You're now prompted to add a reason for the change, so your contribution can be reviewed more quickly.
  • You can now submit a contributions without reference links getting reordered in the diff.
  • You can now click through to relevant docs from the advisories page.
  • You can overall enjoy a cleaner UX experience through a handful of other small fixes.

Further reading:

See more

We recently released a set of organization-level APIs (in beta) to enable administrators to programmatically manage their organization-owned codespaces at scale. Today we're releasing support for additional organization-level APIs based on the feedback that you shared with us. With this release, we've added support for the following REST API commands:

  • Manage organization-level codespaces secrets
    • List organization secrets
    • Get an organization public key
    • Get an organization secret
    • Create or update an organization secret
    • Delete an organization secret
    • List selected repositories for an organization secret
    • Set selected repositories for an organization secret
    • Add selected repository to an organization secret
    • Remove selected repository from an organization secret
  • Manage access control for organization-owned codespaces
    • Enable Codespaces for all members of the organization
    • Enable Codespaces for select members of the organization
    • Enable Codespaces for all members and outside collaborators of the organization
    • Disable Codespaces for the organization

Organization-level APIs are in beta for GitHub Team and Enterprise Cloud plans. Here are links to our documentation to get started:

If you have any feedback to help improve this experience, be sure to post it on our discussions forum.

See more

Actions runner support for Windows ARM hardware, is now in public beta . This provides teams with the capability to run self-hosted Windows workflows in a Windows ARM64 runtime.

There are some limitations of the current beta product to be aware of:

  • Windows ARM runners are currently using nodejs's "unofficial" win-arm64 builds
  • Some first party actions will not work until a win-arm64 version of that language is released:
    • setup-node
    • Some first party actions don't support the arm64 architecture:
    • setup-python -issue tracking it here

For additional information on how to set up a self-hosted Windows ARM64 runner, please refer to our documentation. If you have any feedback or questions for Actions self-hosted Windows ARM support, you can submit an issue in the runner repository.

See more

Previously, we announced the ability for enterprise owners to limit where private and internal repository forks can be created. We heard from some customers that they need a more granular control over fork permissions for each organization within the enterprise.

Now, we've added the ability for enterprise organization admins to set fork policy at the organization level, further restricting enterprise policy. Forking can be limited to organizations within the enterprise, within the same organization, user accounts and organization within the enterprise, user accounts, or everywhere. Fork policies cascade from the enterprise policy to organization policy to repository policy. Enterprise policies dictate the policy options available for organizations, i.e. an organization admin can only set a more restrictive forking policy than the enterprise allows.

Screenshot of organization fork policy settings

See more

Today’s Changelog brings numerical field sums, Team linked projects, project migration improvements, and URL pasting preferences!

➕ Display sum of numeric fields

Addressing a top user request, you can now display the sum of a numeric field on the group header in both the table and board layouts.

Select one or multiple numeric fields you would like to display the total for from the view configuration menu to assist with your planning! 📝

Ever wanted to curate the list of projects important to your team? Wouldn’t it be great to ensure your team has access to the projects they need to use all the time? With our latest ship, now you can link projects for quick access on your team pages and we’ll also automatically grant your team read access. Note, you currently need to be a maintainer for the team and a project admin to add it to the team page.

Navigate to the Projects tab for your team to add the projects you need today. 🎉

🚀 Migration improvements

Project Migration now includes archived items! We’ve also fixed several migration states so that your entire team is aware that the project has been transfered. Plan your migration today so that you can leverage all the new features and capabilities Projects has to offer 💖

🖌 Paste URLs formatted or as plain text

Choose your own adventure for URL pasting! Based on your feedback we have made paste preference part of our accessibility settings under your profile. Find it under editor settings to change from pasting as a formatted link (default) to pasting as plain text.

setting URL paste behavior

✨ Bug fixes & improvements

Other changes include:

  • Filtering by draft state (is:draft) now applies to open draft pull requests, in addition to draft issues
  • Issue and pull request numbers are now displayed alongside archived item titles
  • Improved condensed keyboard shortcut visuals

See how to use GitHub for project planning with GitHub Issues, check out what’s on the roadmap, and learn more in the docs.

See more

Additional information has been added to the payload of github.event for scheduled runs. Before this change, github.event for scheduled runs would only include the cron schedule. This change adds information about the repository, organization, and enterprise (when available).

For questions, visit the GitHub Actions community.

To see what’s next for Actions, visit our public roadmap.

See more

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with DevCycle to scan for their SDK tokens and help secure our mutual users on public repositories. DevCycle tokens allow users to target and toggle feature flags by environment and platform. GitHub will forward access tokens found in public repositories to DevCycle, who will immediately mark the token as compromised. More information about DevCycle Tokens can be found here.

GitHub Advanced Security customers can also scan for DevCycle tokens and block them from entering their private and public repositories with push protection.

See more