我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

在企业帐户中实施 GitHub 操作策略

企业所有者可以对企业帐户禁用、启用和限制 GitHub Actions。

企业帐户可用于 GitHub Enterprise Cloud 和 GitHub Enterprise Server。 For more information, see "About enterprise accounts."

本文内容

此文档对您有帮助吗?

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或, 了解如何参与。

关于企业帐户的 GitHub Actions 权限

默认情况下,在企业帐户拥有的所有组织中启用 GitHub Actions。 您可以选择对企业账户拥有的所有组织禁用 GitHub Actions,或只对指定的组织启用。 您还可以限制公共操作的使用,以使人们只能使用您的组织中存在的本地操作。

有关 GitHub Actions 的更多信息,请参阅“关于 GitHub Actions”。

管理企业帐户的 GitHub Actions 权限

You can disable all workflows for an enterprise or set a policy that configures which actions can be used in an organization.

If you choose the option to Allow specific actions, there are additional options that you can configure. For more information, see "Allowing specific actions to run."

When you allow local actions only, the policy blocks all access to actions authored by GitHub. For example, the actions/checkout would not be accessible.

  1. In the top-right corner of GitHub, click your profile photo, then click Your enterprises.

    "Your enterprises" in drop-down menu for profile photo on GitHub

  2. In the list of enterprises, click the enterprise you want to view.

    Name of an enterprise in list of your enterprises

  3. 在企业账户侧边栏中,单击 Policies(政策)

    企业帐户侧边栏中的 Policies(政策)选项卡

  4. 在“ Policies(政策)”下,单击 Actions(操作)

  5. 在“Policies(策略)”下,选择一个选项。

    启用、禁用或限制此企业帐户的操作

  6. 单击 Save(保存)

Allowing specific actions to run

When you select the Allow select actions, there are additional options that you need to choose to configure the allowed actions:

  • Allow actions created by GitHub: You can allow all actions created by GitHub to be used by workflows. Actions created by GitHub are located in the actions and github organization. For more information, see the actions and github organizations.

  • Allow Marketplace actions by verified creators: You can allow all GitHub Marketplace actions created by verified creators to be used by workflows. When GitHub has verified the creator of the action as a partner organization, the badge is displayed next to the action in GitHub Marketplace.

  • Allow specified actions: You can restrict workflows to use actions in specific organizations and repositories.

    To restrict access to specific tags or commit SHAs of an action, use the same <OWNER>/<REPO>@<TAG OR SHA> syntax used in the workflow to select the action. For example, actions/javascript-action@v1.0.1 to select a tag or actions/javascript-action@172239021f7ba04fe7327647b213799853a9eb89 to select a SHA. For more information, see "Finding and customizing actions."

    You can use the * wildcard character to match patterns. For example, to allow all actions in organizations that start with space-org, you can specify space-org*/*. To add all actions in repositories that start with octocat, you can use */octocat*@*. For more information about using the * wildcard, see "Workflow syntax for GitHub Actions."

    Note: The Allow specified actions option is only available in public repositories with the GitHub Free, GitHub Pro, GitHub Free for organizations, or GitHub Team plan.

This procedure demonstrates how to add specific actions to the allow list.

  1. In the top-right corner of GitHub, click your profile photo, then click Your enterprises.

    "Your enterprises" in drop-down menu for profile photo on GitHub

  2. In the list of enterprises, click the enterprise you want to view.

    Name of an enterprise in list of your enterprises

  3. 在企业账户侧边栏中,单击 Policies(政策)

    企业帐户侧边栏中的 Policies(政策)选项卡

  4. 在“ Policies(政策)”下,单击 Actions(操作)

  5. Under Policies, select Allow specific actions and add your required actions to the list.

    Add actions to allow list

为私有仓库复刻启用工作流程

如果您依赖于使用私有仓库的复刻,您可以配置策略来控制用户如何在 pull_request 事件上运行工作流程。 (仅适用于私有仓库)您可以为企业、组织或仓库配置这些策略设置。 对于企业,该策略将应用到所有组织中的所有仓库。

  • Run workflows from fork pull requests(从复刻拉取请求运行工作流程) - 允许用户使用具有只读权限、没有密码访问权限的 GITHUB_TOKEN从复刻拉取请求运行工作流程。
  • Send write tokens to workflows from pull requests(从拉取请求向工作流程发送写入令牌) - 允许从复刻拉取请求以使用具有写入权限的 GITHUB_TOKEN
  • Send secrets to workflows from pull requests(从拉取请求向工作流程发送密码) - 使所有密码可用于拉取请求。

为企业帐户配置私有复刻策略

  1. In the top-right corner of GitHub, click your profile photo, then click Your enterprises.

    "Your enterprises" in drop-down menu for profile photo on GitHub

  2. In the list of enterprises, click the enterprise you want to view.

    Name of an enterprise in list of your enterprises

  3. 在企业账户侧边栏中,单击 Policies(政策)

    企业帐户侧边栏中的 Policies(政策)选项卡

  4. 在“ Policies(政策)”下,单击 Actions(操作)

  5. Fork pull request workflows(复刻拉取请求工作流程)下,选择您的选项。 例如:

    启用、禁用或限制此仓库的操作

  6. 单击 Save(保存)以应用设置。

此文档对您有帮助吗?

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或, 了解如何参与。