Skip to main content

Approving workflow runs from private forks

When someone without write access submits a pull request to a private repository, a maintainer may need to approve any workflow runs.

Who can use this feature?

Maintainers with write access to a repository can approve workflow runs.

About workflow runs from private forks

If you rely on using forks of your private repositories, you can configure policies that control how users can run workflows on pull_request events. Available to private and internal repositories only, you can configure these policy settings for enterprises, organizations, or repositories. For more information, see Enforcing policies for GitHub Actions in your enterprise.

Approving workflow runs on a pull request from a private fork

Maintainers with write access to a repository can use the following procedure to review and run workflows on pull requests from contributors that require approval.

  1. Under your repository name, click Pull requests.

    Screenshot of the main page of a repository. In the horizontal navigation bar, a tab, labeled "Pull requests," is outlined in dark orange.

  2. In the list of pull requests, click the pull request you'd like to review.

  3. On the pull request, click Files changed.

    Screenshot of the tabs for a pull request. The "Files changed" tab is outlined in dark orange.

  4. Inspect the proposed changes in the pull request and ensure that you are comfortable running your workflows on the pull request branch. You should be especially alert to any proposed changes in the .github/workflows/ directory that affect workflow files.

  5. If you are comfortable with running workflows on the pull request branch, return to the Conversation tab, and under "Workflow(s) awaiting approval", click Approve and run.