Enforcing GitHub Actions policies in your enterprise account

Enterprise owners can disable, enable, and limit GitHub Actions for an enterprise account.

Enterprise accounts are available with GitHub Enterprise Cloud and GitHub Enterprise Server. For more information, see "About enterprise accounts."

In this article

About GitHub Actions permissions for your enterprise account

By default, GitHub Actions is enabled in all organizations owned by an enterprise account. You can choose to disable GitHub Actions for all organizations owned by an enterprise account, or only allow specified organizations. You can also limit the use of public actions, so that people can only use local actions that exist in your organization.

For more information about GitHub Actions, see "About GitHub Actions."

Managing GitHub Actions permissions for your enterprise account

  1. Navigate to your enterprise account by visiting https://github.com/enterprises/ENTERPRISE-NAME, replacing ENTERPRISE-NAME with your enterprise account's name.
  2. In the enterprise account sidebar, click Policies.
    Policies tab in the enterprise account sidebar
  3. Under " Policies", click Actions.
  4. Under "Policies", select an option.
    Enable, disable, or limits actions for this enterprise account

Enabling workflows for private repository forks

If you rely on using forks of your private repositories, you can configure policies that control how users can run workflows on pull_request events. Available to private repositories only, you can configure these policy settings for enterprise accounts, organizations, or repositories. For enterprise accounts, the policies are applied to all repositories in all organizations.

  • Run workflows from fork pull requests - Allows users to run workflows from fork pull requests, using a GITHUB_TOKEN with read-only permission, and with no access to secrets.
  • Send write tokens to workflows from pull requests - Allows pull requests from forks to use a GITHUB_TOKEN with write permission.
  • Send secrets to workflows from pull requests - Makes all secrets available to the pull request.

Configuring the private fork policy for your enterprise account

  1. Navigate to your enterprise account by visiting https://github.com/enterprises/ENTERPRISE-NAME, replacing ENTERPRISE-NAME with your enterprise account's name.
  2. In the enterprise account sidebar, click Policies.
    Policies tab in the enterprise account sidebar
  3. Under " Policies", click Actions.
  4. Under Fork pull request workflows, select your options. For example:
    Enable, disable, or limits actions for this repository
  5. Click Save to apply the settings.

Ask a human

Can't find what you're looking for?

Contact us