Skip to main content

About using actions in your enterprise

GitHub Enterprise Server includes most GitHub-authored actions, and has options for enabling access to other actions from GitHub.com and GitHub Marketplace.

Note

GitHub-hosted runners are not currently supported on GitHub Enterprise Server. You can see more information about planned future support on the GitHub public roadmap.

About actions on GitHub Enterprise Server

GitHub Actions workflows can use actions, which are individual tasks that you can combine to create jobs and customize your workflow. You can create your own actions, or use and customize actions shared by the GitHub community.

GitHub Actions on GitHub Enterprise Server is designed to work in environments without full internet access. By default, workflows cannot use actions from GitHub.com and GitHub Marketplace. You can restrict your developers to using actions that are stored on your GitHub Enterprise Server instance, which includes most official GitHub-authored actions, as well as any actions your developers create. Alternatively, to allow your developers to benefit from the full ecosystem of actions built by industry leaders and the open source community, you can configure access to other actions from GitHub.com.

We recommend allowing automatic access to all actions from GitHub.com. However, this does require GitHub Enterprise Server to make outbound connections to GitHub.com. If you don't want to allow these connections, or you want to have greater control over which actions are used on your enterprise, you can manually sync specific actions from GitHub.com.

Official actions bundled with your enterprise instance

Most official GitHub-authored actions are automatically bundled with GitHub Enterprise Server, and are captured at a point in time from GitHub Marketplace.

The bundled official actions include the following, among others.

  • actions/checkout
  • actions/upload-artifact
  • actions/download-artifact
  • actions/labeler
  • Various actions/setup- actions

To see all the official actions included on your enterprise instance, browse to the actions organization on your instance: https://HOSTNAME/actions.

There is no connection required between your GitHub Enterprise Server instance and GitHub.com to use these actions.

Each action is a repository in the actions organization, and each action repository includes the necessary tags, branches, and commit SHAs that your workflows can use to reference the action. For information on how to update the bundled official actions, see Using the latest version of the official bundled actions.

Note

  • When using setup actions (such as actions/setup-LANGUAGE) on GitHub Enterprise Server with self-hosted runners, you might need to set up the tools cache on runners that do not have internet access. For more information, see Setting up the tool cache on self-hosted runners without internet access.
  • When GitHub Enterprise Server is updated, bundled actions are automatically replaced with default versions in the upgrade package.

Configuring access to actions on GitHub.com

If users in your enterprise need access to other actions from GitHub.com or GitHub Marketplace, there are a few configuration options.

The recommended approach is to enable automatic access to all actions from GitHub.com. You can do this by using GitHub Connect to integrate GitHub Enterprise Server with GitHub Enterprise Cloud. For more information, see Enabling automatic access to GitHub.com actions using GitHub Connect.

Note

Before you can configure access to actions on GitHub.com, you must configure your GitHub Enterprise Server instance to use GitHub Actions. For more information, see Getting started with GitHub Actions for GitHub Enterprise Server.

To use actions from GitHub.com, both GitHub Enterprise Server and your self-hosted runners must be able to make outbound connections to GitHub.com. No inbound connections from GitHub.com are required. For more information. For more information, see About self-hosted runners.

After you enable GitHub Connect, you can use policies to restrict which public actions can be used in repositories in your enterprise. For more information, see Enforcing policies for GitHub Actions in your enterprise.

Alternatively, if you want stricter control over which actions are allowed in your enterprise, or you do not want to allow outbound connections to GitHub.com, you can manually download and sync actions onto your enterprise instance using the actions-sync tool. For more information, see Manually syncing actions from GitHub.com.