IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
GitHub releases updates to Actions for better workflows
Wed, 30th Mar 2022
FYI, this story is more than a year old

GitHub has released three new features for GitHub Actions to assist teams of all sizes to work faster at scale and enable increased productivity.

GitHub says one of the critical areas for greater efficiency is automation, which the company notes is vital to open source developers.

Prior to this, GitHub has made it easier for large companies to improve the consistency and security of their CI/CD workflows when using GitHub Actions.

The company explains that the latest updates will make the Actions platform more secure by offering admins the ability to pick which specific workflows can access a runner group.

GitHub adds that combining with reusable workflows also allows admins to enforce consistent usage of runner groups and workflows across the company.

Furthermore, GitHub Actions now provides the means to re-run only failed jobs or a single job on the platform, and additional navigation improvements that enable customers to view the complete results of previous runs.

GitHub says this feature is an essential addition because of the complex workflow requirements users build with the platform, usually relying on multiple jobs and dependencies.

Re-running only failed or single jobs saves time and doesn't repeat work that has already been successfully completed.

As a result, customers who use the GitHub Actions platform regularly can expect to avoid concurrency limits and have self-hosted runners freed up for other jobs.

Partial re-runs are available via GitHub's REST API and command-line tools.

Updates to the GitHub Actions platform come as the company recently announced the GitHub Advisory Database is now open to community contributions, allowing anyone to contribute security information to advisories to better secure software supply chains.

GitHub says the world of open source security is fast-moving, with new vulnerabilities and different attack vectors driving the community to continuously seek to learn more.

GitHub has teams of security researchers that review all changes and help keep security advisories up to date, but often there are community members with additional insights and intelligence on CVEs that do not have a place to share this knowledge.

GitHub is publishing the entire contents of the Advisory Database to a new public repository to make it easier for the community to benefit from this data.

It has also built a user interface for making contributions. The data is licensed under a Creative Commons license, and has been since the database's inception, making it forever free and usable by the community.

The GitHub Advisory Database is the largest database of vulnerabilities in software dependencies in the world.

It is maintained by a dedicated team of full-time curators and powers the security audit experience for npm and NuGet, as well as GitHub's own Dependabot alerts.

By making it easier to contribute to and consume, Github says it hopes it will power more experiences and will further help improve the security of all software.