Not only is it the end of the financial year, but it’s the end of another month of Github changelog updates and following is the highlights reel of what’s been released throughout June and what actions might be useful in your organisation.
GitHub Enterprise Importer has been publicly launched: Already in use by many organisations, GitHub Enterprise Importer (GEI) is now a self-serve tool made available to all users wanting to migrate to GitHub Enterprise Cloud and GitHub.com. You can learn more about this tool in our blog post here as we run you through the basic steps of an Azure DevOps to GitHub.com migration
GitHub Enterprise Server 3.9 release candidate is here: Improvements include Autoscaling with self-hosted runners, additions to Projects functionality such as a “Roadmap view” and the ability to copy existing projects, REST API versioning by date, and an upgrade from MySQL 5.7 to 8. You can read more in the release notes here
General Availability of Actions Runner Controller and Runner Scale Sets: GitHub announced the general availability of auto-scaling self-hosted runners. Actions Runner Controller (ARC) has been in beta for a while but has moved to general release so you can move to using this for production runners. ARC is based on Kubernetes orchestration and you can find out more about it here
Just-in-time Self-Hosted Runners: GitHub has introduced just-in-time runners, which allow users to create single-use self-hosted runners that can run a single job before being automatically removed. This is a great step for security so worth implementing where it makes sense.
Introduction of Larger Runners: GitHub has launched larger hosted runners for GitHub Actions for paid Team and Enterprise Cloud plans. These larger runners allow development teams to use machine sizes up to 64 vCPUs with 256 GB of RAM, and 2 TB of SSD storage. This has been in beta since September last year, but you can now run production CI/CD jobs on turbo charge. Other capabilities that come with these runners include Static IP addresses and organisation level access control through runner groups. Beware, these runners are pricey, and they do not consume included minutes, so you will pay for every job minute they run.
All actions will run on Node 16 by default: Node 12 has been out of support for over a year now and as of this month, Node 16 will be enforced. Now is the time to update or retire any remaining actions you have been keeping on Node 12, you can continue to run them by allowing unsecure node versions but come the end of this calendar year the Node 12 runner will no longer be available.
Stale Repos Action: Developed by GitHub to maintain their own open-source projects this action will identify and report repos in your organisation with no activity for a configurable amount of time. This will help ensure you aren’t letting repos stagnate that should either be archived or revived. This is an open source action available here GitHub Stale Repo
Dependabot: Group version updates is in beta so you can create custom grouping rules and the regularly scheduled updates will create a pull request per group. This is a nice feature and helps reduce noise. Support for pnmp has now been added for those of you managing node.js with pnpm instead of npm. At this time, Dependabot will not open security alerts against pnmp dependencies though. Learn more here
GitHub Advanced Security trial free for GitHub Enterprise users: If you have a GitHub enterprise account, you can now try GitHub Enterprise Security for free for 14 days. If you’ve been thinking about it, now is your chance to try before you buy and test out the features such as Code scanning, Secret Scanning and Dependency reviews. This tool can raise the base level of code security across your organisation and is well worth a try. Learn more here