What’s up with GitHub? November 2023 Edition

What’s up with GitHub? is a series where we explore… what’s new in GitHub! We go through the GitHub blog, changelog, and announcements and create a bite-sized digest of the most exciting changes.

The October edition feels really special as it’s the last one before the GitHub Universe 2023! If only you could feel the excitement at our IPDX household 😻 Without further ado, let’s dive into it!

🚢 Actions

🏃🏃‍♀️🏃‍♂️ So many new runner types! M1 macos runners (that you can request via macos-latest-xlarge, macos-13-xlarge), GPU runners for ML workflows (with private beta opening up this month), and ARM-based runners (with a private beta scheduled for January). Small disclaimer: you currently have to be either on a Team or Enterprise Cloud plan to be able to enjoy the new toys but there is always a chance they’ll open them up to the open-source community in the future 🤞

⚠️ Node 16 is getting deprecated as an action environment in Spring 2024. If you’re using any actions configured for Node 16 (you most probably are), you should start seeing warnings about it in your Actions tabs. It feels like it was only yesterday we were dealing with Node 12 → Node 16 transition. In moments like this, I feel so grateful we’re committed to building tooling for streamlining processes like this here at IPDX.

👻 Have you ever been stuck with a workflow run that just didn’t want to go away? Worry no more, you can now force cancel workflow runs via API!

⚠️ In workflows triggered on pull request merge, the GITHUB_REF and github.ref values changed to fully qualified refs (main → refs/heads/main). It is worth noting, but in reality, this affects only a tiny number of workflows. None out of so many that IPDX is managing, for example.

🔓 If you’re an enterprise customer, you can now configure the HOSTED runners to run in your own Azure VNET!

🪞GitHub will now allow you to disallow self-reviews of jobs targeting protected environments. We really like this direction! It’ll undoubtedly make it a lot easier to model real-world system expectations.

🤖 Dependabot

🏥 Not too long ago, GitHub introduced custom auto-triage rules that allowed you to automatically dismiss or snooze Dependabot alerts based on severity, scope, package-name, cwe, ecosystem, manifest. Now, you can take them up a notch and configure them for your entire organization!

🔄 API

🔑 We’ve been waiting for this for so long! No more cryptic 403s from GitHub! You can now inspect the X-Accepted-GitHub-Permissions header to find out what permissions you’re missing. That’s definitely a quality-of-life game-changer for us.

🤡 On another note, an announcement that does make sense but gave us a little chuckle nonetheless, rate limit endpoint is now rate limited.

🎨 UI

📫 The comment box got a new look. You’ve got to appreciate GitHub’s commitment to design, consistency, and, most importantly, accessibility. We’re definitely enjoying all the recent quite a bit. It’s also an excellent time to remind everyone about the recent addition to the GitHub Markdown syntax that was rolled out relatively quietly - ALERTS! We absolutely love them - they can really make your messaging stand out.

〰️ You might have also noticed that the links are getting underlined now. Another ➕ for accessibility.

📅 You can also opt-in to the new branches and commits pages. It’s worth it! If you’re not convinced yet, let us tell you this - filtering by date 😻

🗳️ Configuration

💍 GitHub repository custom properties are entering beta. It makes repository rulesets on the organization level so much more helpful. The way we’re picturing this is being able to define common rulesets parameterised by custom properties - that’s quite powerful. I guess you can tell we’re quite excited to play with these 🪀

📏 It looks like GitHub is doubling down on repository rules. They just made it a few clicks process to migrate to them from tag protection rules. They’re coming out with fantastic new additions like JSON export & import (which we utterly adore and would love GitHub to replicate in many other places) or filtering by status. Finally, they’re introducing features that could suggest the days of branch protections, as we know them today, are numbered - required workflows (reserved for GitHub Enterprise Cloud for now).

⭐ Features

🤹 Did someone say personal, work, bot accounts? Yes! You can now seamlessly switch between them on GitHub.com without having to log out and back in every time. Thank you 🙏

📱 Full-featured code search finally made it to the mobile app.

📜 Documentation

📖 GitHub added a new meta section to their documentation on contributing to GitHub Docs. By the looks of it, it outlines the whys and hows of GitHub documentation. It might be a good inspiration for how to tackle documentation at your organization. We’ll certainly give it a read 💪

Thank you for your attention 🙇 And now… let’s go to GitHub Universe 2023 👾🚀