About actions on GitHub AE
GitHub Actions workflows can use actions, which are individual tasks that you can combine to create jobs and customize your workflow. You can create your own actions, or use and customize actions shared by the GitHub community.
GitHub Actions on GitHub AE is designed to work in environments without full internet access. By default, workflows cannot use actions from GitHub.com and GitHub Marketplace. You can restrict your developers to using actions that are stored on your enterprise, which includes most official GitHub-authored actions, as well as any actions your developers create. Alternatively, to allow your developers to benefit from the full ecosystem of actions built by industry leaders and the open source community, you can configure access to other actions from GitHub.com.
We recommend allowing automatic access to all actions from GitHub.com. If you want to have greater control over which actions are used on your enterprise, you can manually sync specific actions from GitHub.com.
Official actions bundled with your enterprise instance
Most official GitHub-authored actions are automatically bundled with GitHub AE, and are captured at a point in time from GitHub Marketplace.
The bundled official actions include the following, among others.
actions/checkoutactions/upload-artifactactions/download-artifactactions/labeler- Various
actions/setup-actions
To see all the official actions included on your enterprise instance, browse to the actions organization on your instance: https://HOSTNAME/actions.
There is no connection required between your enterprise and GitHub.com to use these actions.
Each action is a repository in the actions organization, and each action repository includes the necessary tags, branches, and commit SHAs that your workflows can use to reference the action. For information on how to update the bundled official actions, see "Using the latest version of the official bundled actions."
Notes:
- When using setup actions (such as
actions/setup-LANGUAGE) on GitHub AE with self-hosted runners, you might need to set up the tools cache on runners that do not have internet access. For more information, see "Setting up the tool cache on self-hosted runners without internet access." - When GitHub AE is updated, bundled actions are automatically replaced with default versions in the upgrade package.
Configuring access to actions on GitHub.com
If users in your enterprise need access to other actions from GitHub.com or GitHub Marketplace, there are a few configuration options.
The recommended approach is to enable automatic access to all actions from GitHub.com. You can do this by using GitHub Connect to integrate GitHub AE with GitHub Enterprise Cloud. For more information, see "Enabling automatic access to GitHub.com actions using GitHub Connect".
To use actions from GitHub.com, your self-hosted runners must be able to make outbound connections to GitHub.com. No inbound connections from GitHub.com are required. For more information. For more information, see "About self-hosted runners."
After you enable GitHub Connect, you can use policies to restrict which public actions can be used in repositories in your enterprise. For more information, see "Enforcing policies for GitHub Actions in your enterprise."
Alternatively, if you want stricter control over which actions are allowed in your enterprise, or you do not want to allow outbound connections to GitHub.com, you can manually download and sync actions onto your enterprise instance using the actions-sync tool. For more information, see "Manually syncing actions from GitHub.com."