By default, GitHub Actions workflows on GitHub AE cannot use actions directly from GitHub.com or GitHub Marketplace. To make all actions from GitHub.com available on your enterprise instance, you can use GitHub Connect to integrate GitHub AE with GitHub Enterprise Cloud.
To use actions from GitHub.com, your self-hosted runners must be able to make outbound connections to GitHub.com. No inbound connections from GitHub.com are required. For more information. 更多信息请参阅“关于自托管的运行器”。
Alternatively, if you want stricter control over which actions are allowed in your enterprise, you can manually download and sync actions onto your enterprise instance using the
actions-sync tool. For more information, see "Manually syncing actions from GitHub.com."
When a workflow uses an action by referencing the repository where the action is stored, GitHub Actions will first try to find the repository on 您的企业. If the repository does not exist on 您的企业, and if you have automatic access to GitHub.com enabled, GitHub Actions will try to find the repository on GitHub.com.
If a user has already created an organization and repository in your enterprise that matches an organization and repository name on GitHub.com, the repository on your enterprise will be used instead of the GitHub.com repository. A malicious user could take advantage of this behavior to run code as part of a workflow
Before enabling access to all actions from GitHub.com for your enterprise, you must enable GitHub Connect. For more information, see "Managing GitHub Connect."
在 GitHub AE 的右上角，单击您的个人资料照片，然后单击 Enterprise settings（Enterprise 设置）。
在企业帐户边栏中，单击 GitHub Connect。
Under "Users can utilize actions from GitHub.com in workflow runs", use the drop-down menu and select Enabled.
在启用 GitHub Connect 后，您可以使用策略限制哪些公共操作可用于您企业的仓库中。 更多信息请参阅“为企业执行 GitHub Actions 策略”。
When you enable GitHub Connect, users see no change in behavior for existing workflows because GitHub Actions searches 您的企业 for each action before falling back to GitHub.com. This ensures that any custom versions of actions your enterprise has created are used in preference to their counterparts on GitHub.com.
Automatic retirement of namespaces for actions accessed on GitHub.com blocks the potential for a man-in-the-middle attack by a malicious user with access to 您的企业. When an action on GitHub.com is used for the first time, that namespace is retired in 您的企业. This blocks any user creating an organization and repository in your enterprise that matches that organization and repository name on GitHub.com. This ensures that when a workflow runs, the intended action is always run.
After using an action from GitHub.com, if you want to create an action in 您的企业 with the same name, first you need to make the namespace for that organization and repository available.
从 GitHub AE 上的管理帐户中，在任何页面的右上角，单击 。
如果您尚未进入“站点管理员”页面，请在左上角单击 Site admin（站点管理员）。
In the left sidebar, under Site admin click Retired namespaces.
Locate the namespace that you want use in 您的企业 and click Unretire.
Go to the relevant organization and create a new repository.
Tip: When you unretire a namespace, always create the new repository with that name as soon as possible. If a workflow calls the associated action on GitHub.com before you create the local repository, the namespace will be retired again. For actions used in workflows that run frequently, you may find that a namespace is retired again before you have time to create the local repository. In this case, you can temporarily disable the relevant workflows until you have created the new repository.