Enforcing GitHub Actions policies for your enterprise

Enterprise administrators can manage access to GitHub Actions in an enterprise.

About GitHub Actions permissions for your enterprise

When you enable GitHub Actions on GitHub Enterprise Server, it is enabled for all organizations in your enterprise. You can choose to disable GitHub Actions for all organizations in your enterprise, or only allow specific organizations. You can also limit the use of public actions, so that people can only use local actions that exist in your enterprise.

Managing GitHub Actions permissions for your enterprise

  1. In the top-right corner of GitHub Enterprise Server, click your profile photo, then click Enterprise settings. "Enterprise settings" in drop-down menu for profile photo on GitHub Enterprise Server

  2. Klicke auf der Seitenleiste des Enterprise-Kontos auf Policies (Richtlinien). Registerkarte „Policies“ (Richtlinien) auf der Seitenleiste des Enterprise-Kontos

  3. Under " Policies", click Actions.

  4. Under "Policies", select your options.

    You can choose which organizations in your enterprise can use GitHub Actions, and you can restrict access to public actions.

    Note: To enable access to public actions, you must first configure your GitHub Enterprise Server instance to connect to GitHub Marketplace. For more information, see "Enabling automatic access to GitHub.com actions using GitHub Connect."

    Enable, disable, or limits actions for this enterprise account

Enabling workflows for private repository forks

If you rely on using forks of your private repositories, you can configure policies that control how users can run workflows on pull_request events. Available to private repositories only, you can configure these policy settings for enterprise accounts, organizations, or repositories. For enterprise accounts, the policies are applied to all repositories in all organizations.

  • Run workflows from fork pull requests - Allows users to run workflows from fork pull requests, using a GITHUB_TOKEN with read-only permission, and with no access to secrets.
  • Send write tokens to workflows from pull requests - Allows pull requests from forks to use a GITHUB_TOKEN with write permission.
  • Send secrets to workflows from pull requests - Makes all secrets available to the pull request.

Configuring the private fork policy for your enterprise

  1. In the top-right corner of GitHub Enterprise Server, click your profile photo, then click Enterprise settings. "Enterprise settings" in drop-down menu for profile photo on GitHub Enterprise Server

  2. Klicke auf der Seitenleiste des Enterprise-Kontos auf Policies (Richtlinien). Registerkarte „Policies“ (Richtlinien) auf der Seitenleiste des Enterprise-Kontos

  3. Under " Policies", click Actions.

  4. Under Fork pull request workflows, select your options. Ein Beispiel: Aktiviere, deaktiviere oder limitiere die Aktionen für dieses Repository

  5. Click Save to apply the settings.

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Oder, learn how to contribute.