The mega-thread edition!
TL;DR
News
Copilot X
❌ GitHub announced a vision document for AI x Developer Tools - GitHub Copilot X
⏰ Join the waitlist for Copilot Chat - ChatGPT-like way to interact with GitHub Copilot
⏰ Enroll your repository to Copilot for Pull Requests - AI powered code reviews - we’ll keep you updated on our progress in this area 🦄
⏰ Join the waitlist for Copilot for Docs - ChatGPT-like way to interact with documentation sites
⏰ Join the waitlist for Copilot for CLI - ChatGPT-like way to interact with CLI tools, get git, gh, and bash suggestions directly in your terminal
Changelog
GitHub Issues
🌍 ROADMAPs reach GA
🗑️ Auto-archiving/adding is now available for all projects
⚓ Cross-org projects finally get native support
🎨 Select can now use colors
Security
🚀 We can enable private vulnerability reporting for all the repositories in an organization and make it a default for new repositories - we’ll keep you updated on our progress in this area 🦄
🚀 We can enable CodeQL for all the repositories in an organization - we’ll keep you updated on our progress in this area 🦄
🚀 We can enable secret scanning for all the repositories in an organization - we’ll keep you updated on our progress in this area 🦄
UI/UX
💨 Dependabot will now pause automatically if you don’t merge any of its PRs for 90 days
📣 Orgs can now create public announcements
👾 Slash commands are coming to GitHub-flavored markdown - it’s in a public beta now
❌ You can close GitHub Discussions
🗒️ You can leave a PR comment on an entire file - it’s especially useful if you want to comment on a binary, for example
♻️ Dependabot can update reusable GitHub Actions workflows - new and improved Unified CI delivery incoming 🚀
💰 Dependabot won’t report on vulnerabilities found in go.sum - it will stick to go.mod only
🎉 You can add pronouns to your GitHub profile
🔎 New Code Search is available to all in public beta - I’ve been using it for months now and I highly recommend it
Deprecations
ℹ️ if you’re using CodeQL Action v1, please upgrade
👋 setup-go action enables caching by default now - sounds like time to deprecate our very own cache-go-action, it served us well
🔴 GHA Importer is now GA - are you still using CircleCI? 🤔
📈 PR Merge Queue is in public beta
🤓 GITHUB_TOKEN will be read-only by default in new repositories from now on - we do have to explicitly grant write permissions in Unified CI workflows!
APIs
♾️ there are big changes to code search APIs coming into effect April 10 - please keep an eye out for workflows failing due to rate limiting and let us know
Give me everything!
News
Copilot X
❎ GitHub announced a vision document for AI x Developer Tools - GitHub Copilot X
⏰ join the waitlist for Copilot Chat - ChatGPT-like way to interact with GitHub Copilot
⏰ enroll your repository to Copilot for Pull Requests - AI powered code reviews - we’ll keep you updated on our progress in this area 🦄
⏰ join the waitlist for Copilot for Docs - ChatGPT-like way to interact with documentation sites
⏰ join the waitlist for Copilot for CLI - ChatGPT-like way to interact with CLI tools, get git, gh, and bash suggestions directly in your terminal
📚 interesting read on responsible pair-programming with Copilot
GitHub Galaxy
🌌 GitHub Galaxy is happening from Mar 28 - Mar 31 - we’ll make sure to bring you the updates
2FA
🔐 GitHub’s aiming to require 2FA for all users by the end of 2023
Public Goods
🥥 GitHub’s launching Open Source Community Manager programme to help open source communities
Changelog
GitHub Issues
🖨️ you can copy existing project’s views, fields, drafts, etc. to a new project - this could be useful to replicate what other, successful projects have done
👓 project events are now visible on PR and issue timelines
🔗 project READMEs are now linkable
🗺 ROADMAPs reach GA
🗑 auto-archiving/adding is now available for all projects
📌 you can have roadmap markers on your roadmap
🪐 Rich Jupyter Notebook Diffs in public preview
🪢 cross-org projects finally get native support
🎨 select can now use colours
Security
🤫 secret scanning now knows whether the GitHub Token it finds is valid or not
🚀 we can enable private vulnerability reporting for all the repositories in an organization and make it a default for new repositories - we’ll keep you updated on our progress in this area 🦄
🗄️ CodeQL can now be enabled via repository settings
📞 extendend CodeQL queries are accepted as a default for repositories
🚀 we can enable CodeQL for all the repositories in an organization - we’ll keep you updated on our progress in this area 🦄
🚨 secret scanning notifications have better defaults now
🚝 CodeQL can scan multiple repositories
🚀 we can enable secret scanning for all the repositories in an organization - we’ll keep you updated on our progress in this area 🦄
Community Moderation
🧱 when you block users, you can attach a note to the block
UI/UX
🔗 dependabot alerts now come with prettified links and hovercards
⏸️ dependabot will now pause automatically if you don’t merge any of its PRs for 90 days
📢 orgs can now create public announcements
🙈 private PRs/issues won’t show up in search anymore
🙅♀️ branch/tag names cannot start with refs/heads/ or refs/tags/ respectively anymore
📜 code scanning alerts became more descriptive
🧨 removed users cannot retain org access anymore
👾 slash commands are coming to GitHub flavored markdown - it’s in a public beta now
❌ you can close GitHub Discussions
🗒️ you can leave a PR comment on an entire file - it’s especially useful if you want to comment on a binary, for example
♻️ dependabot can update reusable GitHub Actions workflows - new and improved Unified CI delivery incoming 🚀
🚀 new credit types are available in security advisories
💰 dependabot won’t report on vulnerabilities found in go.sum - it will stick to go.mod only
🎉 you can add pronouns to your GitHub profile
🔍 new Code Search is available to all in public beta - I’ve been using it for months now and I highly recommend it
🏡 if you’re locked out, you can unlink your email
✍️ whether a pull request is editable by maintainers is now reflected in the UI
Deprecations
☝️ if you’re using CodeQL Action v1, please upgrade
👏 Team Discussions are being sunset
GitHub Actions
🚌 there is a new kid on the block - configuration variables - think public secrets, but, unfortunately, the configuration variables are not available in the workflow runs triggered by pull requests from forks
👋 setup-go action enables caching by default now - sounds like time to deprecate our very own cache-go-action, it served us well
🔴 GHA Importer is now GA - are you still using CircleCI? 🤔
📈 PR Merge Queue is in public beta
it is possible to configure Code scanning not to fail a PR check
🤓 GITHUB_TOKEN will be read-only by default in new repositories from now on - we do have to explicitly grant write permissions in Unified CI workflows!
APIs
🩴 there is a new API for managing the fine-grained PAT flow - if we could integrate it with GitHub Management that would be awesome
🏦 CodeQL repository defaults can be configured via API now - GitHub Management likes it
♾️ there are big changes to code search APIs coming into effect April 10 - please keep an eye out for workflows failing due to rate limiting and let us know
🧻 custom repository roles can be managed through the API
⬅️ PRs can be reverted through the API