Actions pull_request_target and environment branch protections changes - GitHub Changelog
Actions pull_request_target and environment branch protections changes GitHub is updating how GitHub Actions’ pull_request_target and environment branch protection rules are evaluated for pull-request-related events. These changes will take effect on 12/8/2025. They aim to reduce security critical edge cases in how these events operate on user-controlled branches that may result in unexpected exec
Pricing changes for GitHub Actions
TLDR: We’re postponing the announced billing change for self-hosted GitHub Actions to take time to re-evaluate our approach. We are continuing to reduce hosted-runners prices by up to 39% on January 1, 2026. We’ve read your posts and heard your feedback. We’re postponing the announced billing change for self-hosted GitHub Actions to take time to re-evaluate our approach. We are continuing to reduc
Repository dashboard: Find, search, and save queries in preview - GitHub Changelog
Repository dashboard: Find, search, and save queries in preview Finding the right repository can feel like searching for a needle in a haystack. When you’re juggling multiple projects or collaborating across teams, keeping track of repositories becomes overwhelming. The new repository dashboard preview makes it easy to find and curate a saved view of repositories you have access to, all in one pla
Accessible notifications and messages
Accessible notifications and messagesHow to ensure updates and messages are communicated in an inclusive way. Overview Assistive technology announcements These general guidelines can help you determine when assistive technology should output a message. This helps to ensure everyone understands important updates to an experience. Guidelines Always: Announce location changes — Help users understand
Linter integration with Copilot code review now in public preview - GitHub Changelog
Menu. Currently selected: New static analysis tools in Copilot code review Copilot code review now surfaces actionable feedback from linters, so the small stuff is never missed—and you can customize which linters are used via repository rulesets. This feature is available in public preview for paid GitHub users. New static analysis tools in Copilot code review In addition to CodeQL quality detecti
GitHub Actions cache size can now exceed 10 GB per repository - GitHub Changelog
Menu. Currently selected: GitHub Actions cache size can now exceed 10 GB per repository GitHub Actions cache size can now exceed 10 GB per repository You can now store more build dependencies between workflow runs with expanded GitHub Actions cache storage. Repositories can go beyond the previous 10 GB per-repository cache cap using a pay-as-you-go model. All repositories will continue to receive
GitHub Actionsã§ESLintã®Shardingを実装ã—ã¦ã€CIã®å®Ÿè¡Œæ™‚é–“ã‚’51%削減ã—ã¾ã—㟠- newmo 技術ブãƒã‚°
newmoã§ã¯ã€pnpm workspaceã§ç®¡ç†ã—ã¦ã„る複数ã®ã‚¢ãƒ—リケーションやライブラリã«å¯¾ã—ã¦ESLintを実行ã—ã¦ã„ã¾ã™ã€‚ プãƒã‚¸ã‚§ã‚¯ãƒˆã®æˆé•·ã¨ã¨ã‚‚ã«Lint対象ã®ãƒ•ã‚¡ã‚¤ãƒ«æ•°ãŒå¢—åŠ ã—ã€CI実行時間ã¨ãƒ¡ãƒ¢ãƒªä½¿ç”¨é‡ãŒå¢—åŠ ã—ã¦ã„ã¾ã—ãŸã€‚GitHub Actionsã®matrixオプションを使用ã—ãŸå‹•çš„ãªShardingを実装ã—ã€ã“れらã®å•é¡Œã«å¯¾å¿œã—ã¾ã—ãŸã€‚ newmoフãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰ã®é–‹ç™ºåŽŸå‰‡ newmoã®ãƒ•ãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰é–‹ç™ºã§ã¯ã€æ¬¡ã®åŽŸå‰‡ã‚’é‡è¦–ã—ã¦ã„ã¾ã™ã€‚ 1ã¤ç›®ã¯ã€ã€ŒåŒã˜ç›®çš„ã‚’é”æˆã™ã‚‹ãŸã‚ã®æ‰‹æ®µã‚’統一ã™ã‚‹ã€ã¨ã„ã†åŽŸå‰‡ã§ã™ã€‚åŒã˜ç›®çš„ã«å¯¾ã™ã‚‹è¤‡æ•°ã®æ‰‹æ®µãŒæ··åœ¨ã™ã‚‹ã‚ˆã‚Šã‚‚ã€çµ±ä¸€ã—ãŸæ‰‹æ®µã‚’使ã†ã“ã¨ã§å¦ç¿’コストやä¿å®ˆã‚³ã‚¹ãƒˆã‚’削減ã§ãã¾ã™ã€‚例ãˆã°ã€npmパッケージã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ç®¡ç†ã§ã¯ã€One Version Ruleã«åŸºã¥ãã€åŒã˜ç›®çš„ã‚’æŒã¤ãƒ©ã‚¤ãƒ–ラリã¯1ã¤ã«çµžã£ã¦ã„ã¾ã™ã€‚ã“ã‚Œã¯ã€ŒåŒã˜ã‚³ãƒ¼ãƒ‰ã‚’書ã‹ãªã„ã€
Octoverse: A new developer joins GitHub every second as AI leads TypeScript to #1
AI & MLLearn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry. Generative AILearn how to build with generative AI. GitHub CopilotChange how you work with GitHub Copilot. LLMsEverything developers need to know about LLMs. Machine learningMachine learning tips, tricks, and best practices. How AI code generation worksExplore the capabilities and be
Release GitHub CLI 2.81.0 · cli/cli
Support for GitHub Release Attestations This release introduces the release verify and release verify-asset commands for verifying GitHub Release attestations. Part of the Immutable Releases initiative, a release attestation provides a signed, timestamped binding between a release, its git tag, and any associated assets. These new commands provide a convenient way to verify the integrity of an imm
New date for enforcement of cache eviction policy - GitHub Changelog
We’re delaying the enforcement of a new cache eviction policy for GitHub Actions from mid-October to November. Currently, each repository has a maximum cache size of 10 GB, and we evict the oldest cache entries every 24 hours to keep usage below this limit. We’re changing the eviction interval to every hour. If your repositories use more than 10 GB of cache in a 24-hour period, you have received a
ghtkn ã§ãƒãƒ¼ã‚«ãƒ«é–‹ç™ºç”¨ã« GitHub Access Token ã‚’ã‚»ã‚ュアã«ç”Ÿæˆã—㦠PAT ã‹ã‚‰å’æ¥ã™ã‚‹
ãƒãƒ¼ã‚«ãƒ«é–‹ç™ºã®ãŸã‚ã« GitHub App ã‹ã‚‰ã‚»ã‚ュア㫠User Access Token を生æˆã™ã‚‹ CLI ã§ã‚ã‚‹ ghtkn を紹介ã—ã¾ã™ã€‚ ã¾ã¨ã‚ ghtkn 㯠Device Flow を用ã„㦠GitHub App ã‹ã‚‰ User Access Token を生æˆã™ã‚‹ CLI ã‚»ã‚ュアãªãƒãƒ¼ã‚«ãƒ«é–‹ç™ºã‚’å®Ÿç¾ No More Personal Access Token Personal Access Token ã¨é•ã„çŸå‘½ (8時間) 㪠access token GitHub App ã¨ãƒ¦ãƒ¼ã‚¶ãƒ¼ä¸¡æ–¹ãŒæŒã£ã¦ã‚‹æ¨©é™ã—ã‹æŒãŸãšã€ä¸¡æ–¹ãŒã‚¢ã‚¯ã‚»ã‚¹ã§ãるリãƒã‚¸ãƒˆãƒªã«ã—ã‹ã‚¢ã‚¯ã‚»ã‚¹ã§ããªã„ Secret manager を用ã„㦠access token ã‚’ç®¡ç† ãƒ—ãƒ¬ã‚¤ãƒ³ãƒ†ã‚ストや shell ã®ç’°å¢ƒå¤‰æ•°ã« access token を露出ã—ãªã„ãŸã‚ã€æµå‡ºãƒªã‚¹ã‚¯ãŒä½Žã„ 複数㮠GitHub
GitHub Actionsã®SHA Pinning Enforcementを有効ã«ã™ã‚‹ã¾ã§ã®é“ã®ã‚Š
2025å¹´8月15æ—¥ã«GitHubã‹ã‚‰GitHub Actions周りã®æ–°æ©Ÿèƒ½ã¨ã—㦠"SHA pinning enforcement" 機能ãŒãƒªãƒªãƒ¼ã‚¹ã•ã‚Œã¾ã—ãŸã€‚今年ã®3月ã«GitHub Actionsã§ã®ã‚µãƒ—ライãƒã‚§ãƒ¼ãƒ³æ”»æ’ƒãŒã‚ã£ãŸã“ã¨ã¯è¨˜æ†¶ã«æ–°ã—ã„ã¨æ€ã„ã¾ã™ã€‚ã“ã®æ–°æ©Ÿèƒ½ã¯ã“ã®ç¨®ã®ã‚µãƒ—ライãƒã‚§ãƒ¼ãƒ³æ”»æ’ƒã®ãƒªã‚¹ã‚¯ã‚’低下ã•ã›ã‚‹ãŸã‚ã®ã‚‚ã®ã ã¨è€ƒãˆã¦ã„ã¾ã™ã€‚ ã¾ã リリース後間もãªã„ã®ã§ä¸å®‰å®šãªéƒ¨åˆ†ã‚‚ã‚ã‚Šã¾ã™ãŒã€ã‚»ã‚ュリティå‘上を目的ã«Finatextã§ã¯ã“ã®æ©Ÿèƒ½ã®æœ‰åŠ¹åŒ–ã«å–り組ã¿ã¾ã—ãŸã€‚Finatextã§ã®ã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢é–‹ç™ºã«ã¯ã‚る程度ã®è¦æ¨¡ãŒã‚ã‚‹ãŸã‚ã€å˜ã«æ©Ÿèƒ½ã‚’有効ã«ã™ã‚‹ã®ã§ã¯ãªãプラットフォームã¨ã—ã¦ã®ä»•çµ„ã¿ã‚’æ•´å‚™ã—ã¾ã—ãŸã€‚ãã®éŽç¨‹ã‚’紹介ã—ã¾ã™ã€‚ 機能ã®æ¦‚è¦ SHA pinning enforcementã«é–¢ã™ã‚‹ã¾ã¨ã‚記事をå‚考ã«ã—ã¾ã—ãŸãŒã€æ¤œè¨¼ã—ãŸçµæžœä¸€éƒ¨ã•ã‚‰ã«è©³ç´°ãªæŒ™å‹•ãŒåˆ†ã‹ã‚Šã¾ã—ãŸã€‚ ã“
Copilot code review: Path-scoped custom instruction file support - GitHub Changelog
Menu. Currently selected: Path-scoped instruction files now supported in Copilot code review Copilot code review is becoming even more customizable! You can now use your existing path-scoped instruction files to provide targeted guidance for specific parts of your repository. Plus we have a few other important updates for you to know about. 👇 Path-scoped instruction files now supported in Copilot
Template URLs for fine-grained PATs and updated permissions UI - GitHub Changelog
Template URLs for fine-grained PATs and updated permissions UI @cole-hartman and @dorisbwang joined the GitHub Apps team for the summer with a focus on improving the developer experience around fine-grained PAT creation. They worked with our design and product team to ship two enhancements based on community feedback: A new UX for picking permissions that more closely resembles the permission pick
Releases now support immutability in public preview - GitHub Changelog
Releases now support immutability in public preview GitHub releases now support immutability, adding a new layer of supply chain security. With immutable releases, assets and tags are protected from tampering after publication, so the software you publish — and your users consume — remains secure and trustworthy. What are immutable releases Immutable releases offer: Immutable assets: Once you publ
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
Towards a secure by default GitHub Actions · community · Discussion #179107
Release v6.0.0 · actions/setup-node
GitHub - danielroe/provenance-action: Fail CI when dependencies in your lockfile lose npm provenance or trusted publisher status
GitHub - Finatext/gha-fix: Automates security and maintenance fixes in GitHub Actions workflows
GitHub - AdnaneKhan/gato-x: GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
{{#tags}}- {{label}}
{{/tags}}