Immutable Actions [GA] #592
Labels
cloud
Available on Cloud
Enterprise
Product SKU: GitHub Enterprise
Free
Product SKU: GitHub Free
ga
Feature phase: Generally available
Team
Product SKU: GitHub Team
Comments
github-product-roadmap
added
actions
ankneis
changed the title
ankneis
moved this from Q4 2025 – Oct-Dec
to Q1 2025 – Jan-Mar
in GitHub Public Roadmap
ankneis
added
Enterprise
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Value Prop
We are building a new way to publish and consume actions that will improve the security of the CI/CD supply chain. Building on top of the OCI distribution specification, actions can now be pushed to GitHub Packages as immutable image versions with familiar semantic versions. The immutable packages and semantic versions bring greater predictability and security to users' workflows.
Expected Outcome
Users consuming actions will be able to reference an immutable package of an action by version, providing better security in their CI/CD supply chain. Over time we will build additional functionality like signing, build attestation, malware scanning, etc. to further improve the security of the supply chain and allow organizations to apply more specific policies. Developers creating Actions will have a fully automated workflow for publishing their actions that follows a natural build, package, and publish model with standard package versioning.
Actions publishers will use a new packaging action and workflow to take their existing actions code and publish it to GitHub Packages. Users consuming actions by version tags will automatically start getting the packaged version of the action after it is published. Those referencing by commit SHA or git branch reference will simply need to switch to an appropriate version.
The text was updated successfully, but these errors were encountered: