GitHub gets automating, introduces own take on Configuration as Code


Developers spend too much time configuring workflows, according to GitHub’s head of technology Jason Warner, which is why the company now started a limited public beta for so-called GitHub Actions.

Whether you agree with that statement or not, configuration as code has been around for a while now and Actions is GitHub’s take on this approach (and presumably weasle its way even deeper into your day-to-day work).

Actions offer a way to build, connect and share containers to run a software development workflow on GitHub. Those workflows will be triggered by GitHub platform events like push or release. By using them, devs could automate tasks such as the testing and deployment of code to the cloud or the packaging of modules.

To make the feature more accessible, Actions can apparently be written in any language – which might be a bit of a stretch given all the obscure things (ArnoldC, anyone?) available on GitHub. Interested developers can sign up for the test phase, if they are subscribed to either a Developer, Team, or Business Cloud plan.

GitHub Enterprise 2.15 is here to break down barriers

On top of that, GitHub used its GitHub Universe conference to launch GitHub Enterprise 2.15, which marks the start of the GitHub Connect initiative. In the accompanying blog post, Connect is described as a way to work across the different accounts an organisation might have – Enterprise and Business Cloud to be more precise.

To get that going, the unified search now offers an interface for advanced searches and includes private Business Cloud repositories. Developers who have Enterprise accounts as well as public profiles, are now also able to connect the two and showcase their contribution counts across profiles.

Organisations that haven’t found a suitable support package yet now have even more options to choose from: The Premium Support program includes new Premium and Premium Plus packages, with Premium including 24/7 web and phone support, guaranteed initial response times (30 minutes for urgent, four hours for high priority), access to premium content, and scheduled health checks. Premium Plus tops that off with a named technical support account manager, monthly administration support hours, and one virtual training class on Git and GitHub best practices.

Other new features include a new system for protecting branches, which allows admins to create a protected branch configuration which will automatically be used if a branch’s name matches a specified pattern. Once updated, GitHub Enterprise is also able to verify S/MIME Git signatures. If you don’t use those yet, a new client tool called smimesign can help in creating and using such signatures.

Even more security

But not only Enterprise users have additional security features available to them, there are still some more for those on Developer, Team, and Business Cloud plans. Java and .NET developers for example will now be supported with security vulnerability alerts, which were previously only in place for JavaScript, Ruby, and Python.

To prevent tokens and keys from being accidentally committed to public repositories, GitHub Token Scanning has been implemented, and is now available in public beta. The tool scans public repositories for known token formats and alerts the provider to validate the commit and contact the owner to issue a new token if necessary.

Also in preview is the GitHub Security Advisory API, which is meant to provide security advisories by aggregating security feeds and monitoring dependency upgrades across the platform.