Enabling automatic access to GitHub.com actions using GitHub Connect

To allow GitHub Actions in your enterprise to use actions from GitHub.com, you can connect your enterprise instance to GitHub Enterprise Cloud.

Site administrators for GitHub Enterprise Server who are also owners of the connected GitHub Enterprise Cloud organization or enterprise account can enable access to all GitHub.com actions.

注: GitHub 托管的运行器目前在 GitHub Enterprise Server 上不受支持。 您可以在 GitHub 公共路线图 上查看有关未来支持计划的更多信息。

About automatic access to GitHub.com actions

By default, GitHub Actions workflows on GitHub Enterprise Server cannot use actions directly from GitHub.com or GitHub Marketplace.

To make all actions from GitHub.com available on your enterprise instance, you can use GitHub Connect to integrate GitHub Enterprise Server with GitHub Enterprise Cloud. For other ways of accessing actions from GitHub.com, see "About using actions in your enterprise."

To use actions from GitHub.com, your self-hosted runners must be able to download public actions from api.github.com.

Enabling automatic access to all GitHub.com actions

注:启用 GitHub Connect 后,GitHub Actions 将尝试在您的 GitHub Enterprise Server 实例上查找仓库,然后返回到 GitHub.com。 If a user has already created an organization and repository in your enterprise that matches an organization and repository name on GitHub, the repository on your enterprise will be used in place of the GitHub repository. For more information, see "Automatic retirement of namespaces for actions accessed on GitHub.com."

Before enabling access to all actions from GitHub.com on your enterprise instance, you must connect your enterprise to GitHub.com. For more information, see "Connecting your enterprise to GitHub Enterprise Cloud."

  1. 在 GitHub Enterprise Server 的右上角,单击您的个人资料照片,然后单击 Enterprise settings(Enterprise 设置)GitHub Enterprise Server 上个人资料照片下拉菜单中的"Enterprise settings(企业设置)"

  2. In the enterprise account sidebar, click GitHub Connect. GitHub Connect tab in the enterprise account sidebar

  3. Under "Users can utilize actions from GitHub.com in workflow runs", use the drop-down menu and select Enabled. Drop-down menu to actions from GitHub.com in workflows runs

  4. 在启用 GitHub Connect 后,您可以使用策略限制哪些公共操作可用于您企业的仓库中。 更多信息请参阅“为企业执行 GitHub Actions 策略”。

Automatic retirement of namespaces for actions accessed on GitHub.com

When you enable GitHub Connect, users see no change in behavior for existing workflows because GitHub Actions searches your GitHub Enterprise Server instance for each action before falling back to GitHub.com. This ensures that any custom versions of actions your enterprise has created are used in preference to their counterparts on GitHub.com.

Automatic retirement of namespaces for actions accessed on GitHub.com blocks the potential for a man-in-the-middle attack by a malicious user with access to your GitHub Enterprise Server instance. When an action on GitHub.com is used for the first time, that namespace is retired in your GitHub Enterprise Server instance. This blocks any user creating an organization and repository in your enterprise that matches that organization and repository name on GitHub.com. This ensures that when a workflow runs, the intended action is always run.

After using an action from GitHub.com, if you want to create an action in your GitHub Enterprise Server instance with the same name, first you need to make the namespace for that organization and repository available.

  1. 从 GitHub Enterprise Server 上的管理帐户,点击任何页面右上角的 用于访问站点管理员设置的火箭图标

  2. In the left sidebar, under Site admin click Retired namespaces.

  3. Locate the namespace that you want use in your GitHub Enterprise Server instance and click Unretire. Unretire namespace

  4. Go to the relevant organization and create a new repository.

    Tip: When you unretire a namespace, always create the new repository with that name as soon as possible. If a workflow calls the associated action on GitHub.com before you create the local repository, the namespace will be retired again. For actions used in workflows that run frequently, you may find that a namespace is retired again before you have time to create the local repository. In this case, you can temporarily disable the relevant workflows until you have created the new repository.

此文档对您有帮助吗?

隐私政策

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或者, 了解如何参与。