Skip to main content
ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。

Enabling automatic access to GitHub.com actions using GitHub Connect

To allow GitHub Actions in your enterprise to use actions from GitHub.com, you can connect your enterprise instance to GitHub Enterprise Cloud.

Enterprise owners can enable access to all GitHub.com actions.

ノート: GitHubホストランナーは、現在GitHub Enterprise Serverでサポートされていません。 GitHubパブリックロードマップで、計画されている将来のサポートに関する詳しい情報を見ることができます。

About automatic access to GitHub.com actions

By default, GitHub Actions workflows on GitHub Enterprise Server cannot use actions directly from GitHub.com or GitHub Marketplace. To make all actions from GitHub.com available on your enterprise instance, you can use GitHub Connect to integrate GitHub Enterprise Server with GitHub Enterprise Cloud.

To use actions from GitHub.com, both GitHub Enterprise Serverインスタンス and your self-hosted runners must be able to make outbound connections to GitHub.com. No inbound connections from GitHub.com are required. For more information. 詳しい情報については、「セルフホストランナーについて」を参照してください。

Alternatively, if you want stricter control over which actions are allowed in your enterprise, you can manually download and sync actions onto your enterprise instance using the actions-sync tool. For more information, see "Manually syncing actions from GitHub.com."

About resolution for actions using GitHub Connect

When a workflow uses an action by referencing the repository where the action is stored, GitHub Actions will first try to find the repository on GitHub Enterprise Serverインスタンス. If the repository does not exist on GitHub Enterprise Serverインスタンス, and if you have automatic access to GitHub.com enabled, GitHub Actions will try to find the repository on GitHub.com.

If a user has already created an organization and repository in your enterprise that matches an organization and repository name on GitHub.com, the repository on your enterprise will be used instead of the GitHub.com repository. For more information, see "Automatic retirement of namespaces for actions accessed on GitHub.com."

Enabling automatic access to all GitHub.com actions

Before enabling access to all actions from GitHub.com for your enterprise, you must:

  1. GitHub Enterprise Serverの右上で、プロフィール写真をクリックし、続いてEnterprise settings(Enterpriseの設定)をクリックしてください。 GitHub Enterprise Serverのプロフィール写真のドロップダウンメニュー内の"Enterprise settings"

  2. In the enterprise account sidebar, click GitHub Connect. GitHub Connect tab in the enterprise account sidebar

  3. Under "Users can utilize actions from GitHub.com in workflow runs", use the drop-down menu and select Enabled. Drop-down menu to actions from GitHub.com in workflows runs

  4. GitHub Connectを有効化した後は、Enterprise内のリポジトリでどのパブリックなアクションが使えるかを制限するポリシーが利用できます。 詳しい情報については、「Enterprise に GitHub Actions のポリシーを施行する」を参照してください。

Automatic retirement of namespaces for actions accessed on GitHub.com

When you enable GitHub Connect, users see no change in behavior for existing workflows because GitHub Actions searches GitHub Enterprise Serverインスタンス for each action before falling back to GitHub.com. This ensures that any custom versions of actions your enterprise has created are used in preference to their counterparts on GitHub.com.

Automatic retirement of namespaces for actions accessed on GitHub.com blocks the potential for a man-in-the-middle attack by a malicious user with access to GitHub Enterprise Serverインスタンス. When an action on GitHub.com is used for the first time, that namespace is retired in GitHub Enterprise Serverインスタンス. This blocks any user creating an organization and repository in your enterprise that matches that organization and repository name on GitHub.com. This ensures that when a workflow runs, the intended action is always run.

After using an action from GitHub.com, if you want to create an action in GitHub Enterprise Serverインスタンス with the same name, first you need to make the namespace for that organization and repository available.

  1. From an administrative account on GitHub Enterprise Server, in the upper-right corner of any page, click .

    Screenshot of the rocket ship icon for accessing site admin settings

  2. If you're not already on the "Site admin" page, in the upper-left corner, click Site admin.

    Screenshot of "Site admin" link

  3. In the left sidebar, under Site admin click Retired namespaces.

  4. Locate the namespace that you want use in GitHub Enterprise Serverインスタンス and click Unretire. Unretire namespace

  5. Go to the relevant organization and create a new repository.

    Tip: When you unretire a namespace, always create the new repository with that name as soon as possible. If a workflow calls the associated action on GitHub.com before you create the local repository, the namespace will be retired again. For actions used in workflows that run frequently, you may find that a namespace is retired again before you have time to create the local repository. In this case, you can temporarily disable the relevant workflows until you have created the new repository.