Disabling or limiting GitHub Actions for your organization

Organization owners can disable, enable, and limit GitHub Actions for an organization.

In this article

About GitHub Actions permissions for your organization

By default, GitHub Actions is enabled on all repositories and organizations. You can choose to disable GitHub Actions or limit them to private actions only, which means that people can only use actions that exist in your repository. For more information about GitHub Actions, see "About GitHub Actions."

You can enable GitHub Actions for all repositories in your organization. When you enable GitHub Actions, workflows are able to run actions located within your repository and any other public repository. You can disable GitHub Actions for all repositories in your organization. When you disable GitHub Actions, no workflows run in your repository.

Alternatively, you can enable GitHub Actions for all repositories in your organization but limit the actions a workflow can run. When you enable local actions only, workflows can only run actions located in your repository or organization.

Managing GitHub Actions permissions for your organization

  1. In the top right corner of GitHub, click your profile photo, then click Your profile.
    Profile photo
  2. On the left side of your profile page, under "Organizations", click the icon for your organization.
    organization icons
  3. Under your organization name, click Settings.
    Organization settings button
  4. In the left sidebar, click Actions.
    Actions setting
  5. Under Local and third-party Actions, select an option.
    Enable, disable, or limit actions for this organization
  6. Click Save.

Enabling workflows for private repository forks

If you rely on using forks of your private repositories, you can configure policies that control how users can run workflows on pull_request events. Available to private repositories only, you can configure these policy settings for enterprise accounts, organizations, or repositories. For enterprise accounts, the policies are applied to all repositories in all organizations.

  • Run workflows from fork pull requests - Allows users to run workflows from fork pull requests, using a GITHUB_TOKEN with read-only permission, and with no access to secrets.
  • Send write tokens to workflows from pull requests - Allows pull requests from forks to use a GITHUB_TOKEN with write permission.
  • Send secrets to workflows from pull requests - Makes all secrets available to the pull request.

Configuring the private fork policy for an organization

  1. In the top right corner of GitHub, click your profile photo, then click Your profile.
    Profile photo
  2. On the left side of your profile page, under "Organizations", click the icon for your organization.
    organization icons
  3. Under your organization name, click Settings.
    Organization settings button
  4. In the left sidebar, click Actions.
    Actions setting
  5. Under Fork pull request workflows, select your options. For example:
    Enable, disable, or limits actions for this repository
  6. Click Save to apply the settings.

Ask a human

Can't find what you're looking for?

Contact us