Remarque : Les exécuteurs hébergés sur GitHub ne sont pas pris en charge sur GitHub Enterprise Server. Vous pouvez voir plus d’informations sur le support futur planifié dans la GitHub public roadmap.
About automatic access to GitHub.com actions
By default, GitHub Actions workflows on GitHub Enterprise Server cannot use actions directly from GitHub.com or GitHub Marketplace. To make all actions from GitHub.com available on your enterprise instance, you can use GitHub Connect to integrate GitHub Enterprise Server with GitHub Enterprise Cloud.
Pour utiliser des actions à partir de GitHub.com, votre instance GitHub Enterprise Server et vos exécuteurs auto-hébergés doivent être en mesure d’établir des connexions sortantes à GitHub.com. Aucune connexion entrante à partir de GitHub.com n’est obligatoire. Pour plus d’informations, consultez Pour plus d’informations, consultez « À propos des exécuteurs auto-hébergés ».
Alternatively, if you want stricter control over which actions are allowed in your enterprise, you can manually download and sync actions onto your enterprise instance using the actions-sync
tool. For more information, see "Manually syncing actions from GitHub.com."
About resolution for actions using GitHub Connect
Lorsqu’un workflow utilise une action en référençant le dépôt où l’action est stockée, GitHub Actions tente d’abord de trouver le dépôt sur votre instance GitHub Enterprise Server. Si le dépôt n’existe pas sur votre instance GitHub Enterprise Server, et si vous avez activé l’accès automatique à GitHub.com, GitHub Actions tente de trouver le dépôt sur GitHub.com.
If a user has already created an organization and repository in your enterprise that matches an organization and repository name on GitHub.com, the repository on your enterprise will be used instead of the GitHub.com repository. For more information, see "Automatic retirement of namespaces for actions accessed on GitHub.com."
Enabling automatic access to public GitHub.com actions
Before enabling access to public actions from GitHub.com for your enterprise, you must:
- Configure votre instance GitHub Enterprise Server to use GitHub Actions. For more information, see "Getting started with GitHub Actions for GitHub Enterprise Server."
- Enable GitHub Connect. For more information, see "Managing GitHub Connect."
-
Dans le coin supérieur droit de GitHub Enterprise Server, cliquez sur votre photo de profil, puis sur Paramètres d’entreprise.
-
Dans la barre latérale du compte d’entreprise, cliquez sur GitHub Connect .
-
Under "Users can utilize actions from GitHub.com in workflow runs", use the drop-down menu and select Enabled.
-
Après avoir activé GitHub Connect, vous pouvez utiliser des stratégies pour restreindre les actions publiques utilisables dans les dépôts de votre entreprise. Pour plus d’informations, consultez « Enforcing policies for GitHub Actions in your enterprise ».
Automatic retirement of namespaces for actions accessed on GitHub.com
When you enable GitHub Connect, users see no change in behavior for existing workflows because GitHub Actions searches votre instance GitHub Enterprise Server for each action before falling back to GitHub.com. This ensures that any custom versions of actions your enterprise has created are used in preference to their counterparts on GitHub.com.
Automatic retirement of namespaces for actions accessed on GitHub.com blocks the potential for a man-in-the-middle attack by a malicious user with access to votre instance GitHub Enterprise Server. When an action on GitHub.com is used for the first time, that namespace is retired in votre instance GitHub Enterprise Server. This blocks any user creating an organization and repository in your enterprise that matches that organization and repository name on GitHub.com. This ensures that when a workflow runs, the intended action is always run.
After using an action from GitHub.com, if you want to create an action in votre instance GitHub Enterprise Server with the same name, first you need to make the namespace for that organization and repository available.
-
À partir d’un compte d’administration sur GitHub Enterprise Server, cliquez sur en haut à droite de n’importe quelle page.
-
Si vous ne figurez pas déjà sur la page « Administrateur du site », dans le coin supérieur gauche, cliquez sur Administrateur du site.
-
In the left sidebar, under Site admin click Retired namespaces.
-
To the right of the namespace that you want use in votre instance GitHub Enterprise Server, click Unretire.
-
Go to the relevant organization and create a new repository.
Tip: When you unretire a namespace, always create the new repository with that name as soon as possible. If a workflow calls the associated action on GitHub.com before you create the local repository, the namespace will be retired again. For actions used in workflows that run frequently, you may find that a namespace is retired again before you have time to create the local repository. In this case, you can temporarily disable the relevant workflows until you have created the new repository.