jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-21 10:57:10 -05:00
Code Issues Projects Releases Wiki Activity

[DO NOT MERGE] GitHub Enterprise Server 3.8 release candidate (#34113)

Browse Source 
Co-authored-by: Rachael Sewell <rachmari@github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: David Jarzebowski <davidjarzebowski@github.com>
Co-authored-by: Steve Guntrip <stevecat@github.com>
Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com>
Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com>
Co-authored-by: docubot <67483024+docubot@users.noreply.github.com>
This commit is contained in:
Matt Pollard
2023-02-07 18:49:44 +01:00
committed by GitHub
parent d7b52e772d
commit 891e81b824
124 changed files with 801820 additions and 352 deletions
Download Patch File Download Diff File Expand all files Collapse all files

147
content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md
View File

@@ -13,10 +13,17 @@ topics:
redirect_from:
- /admin/github-actions/enabling-github-actions-with-amazon-s3-storage
shortTitle: Amazon S3 storage
miniTocMaxHeadingLevel: 3
---
{% data reusables.actions.enterprise-storage-about %}
{% ifversion ghes-actions-storage-oidc %}
{% data reusables.actions.enterprise-storage-about-oidc %}
{% data reusables.actions.ghes-storage-oidc-beta-note %}
{% endif %}
## Prerequisites
{% note %}
@@ -29,25 +36,149 @@ shortTitle: Amazon S3 storage
Before enabling {% data variables.product.prodname_actions %}, make sure you have completed the following steps:
* Create your Amazon S3 bucket for storing data generated by workflow runs. {% indented_data_reference reusables.actions.enterprise-s3-permission spaces=2 %}
* Create your Amazon S3 bucket for storing data generated by workflow runs.
{% data reusables.actions.enterprise-common-prereqs %}
{% data reusables.actions.enterprise-oidc-prereqs %}
## Enabling {% data variables.product.prodname_actions %} with Amazon S3 storage
{% ifversion ghes-actions-storage-oidc %}
## Enabling {% data variables.product.prodname_actions %} with Amazon S3 using OIDC (recommended)
{% data reusables.actions.ghes-storage-oidc-beta-note %}
To configure {% data variables.product.prodname_ghe_server %} to use OIDC with an Amazon S3 bucket, you must first create an Amazon OIDC provider, then create an Identity and Access Management (IAM) role, and finally configure {% data variables.product.prodname_ghe_server %} to use the provider and role to access your S3 bucket.
### 1. Create an Amazon OIDC provider
1. Get the thumbprint for {% data variables.location.product_location_enterprise %}.
1. Use the following OpenSSL command to get the SHA1 thumbprint for {% data variables.location.product_location_enterprise %}, replacing `HOSTNAME` with the public hostname for {% data variables.location.product_location_enterprise %}
```shell{:copy}
openssl s_client -connect HOSTNAME:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -sha1 -in /dev/stdin
```
For example:
```shell
openssl s_client -connect my-ghes-host.example.com:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -sha1 -in /dev/stdin
```
The command returns a thumbprint in the following format:
```
SHA1 Fingerprint=AB:12:34:56:78:90:AB:CD:EF:12:34:56:78:90:AB:CD:EF:12:34:56
```
1. Remove the colons (`:`) from the thumbprint value, and save the value to use later.
For example, the thumbprint for the value returned in the previous step is:
```
AB1234567890ABCDEF1234567890ABCDEF123456
```
1. Using the AWS CLI, use the following command to create an OIDC provider for {% data variables.location.product_location_enterprise %}. Replace `HOSTNAME` with the public hostname for {% data variables.location.product_location_enterprise %}, and `THUMBPRINT` with the thumbprint value from the previous step.
```shell{:copy}
aws iam create-open-id-connect-provider \
--url https://HOSTNAME/_services/token \
--client-id-list "sts.amazonaws.com" \
--thumbprint-list "THUMBPRINT"
```
For example:
```shell{:copy}
aws iam create-open-id-connect-provider \
--url https://my-ghes-host.example.com/_services/token \
--client-id-list "sts.amazonaws.com" \
--thumbprint-list "AB1234567890ABCDEF1234567890ABCDEF123456"
```
For more information on installing the AWS CLI, see the [Amazon documentation](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).
{% warning %}
**Warning:** If the certificate for {% data variables.location.product_location_enterprise %} changes in the future, you must update the thumbprint value in the Amazon OIDC provider for the OIDC trust to continue to work.
{% endwarning %}
### 2. Create an IAM role
1. Open the AWS Console, and navigate to the Identity and Access Management (IAM) service.
1. In the left menu, under "Access management", click **Roles**, then click **Create Role**.
1. On the "Select trusted entity" page, enter the following options:
* For "Trusted entity type", click **Web identity**.
* For "Identity provider", use the **Choose provider** drop-down menu and select the OIDC provider you created in the previous steps. It should be named `HOSTNAME/_services/token`, where `HOSTNAME` is the public hostname for {% data variables.location.product_location_enterprise %}.
* For "Audience", select `sts.amazonaws.com`.
1. Click **Next**.
1. On the "Add permissions" page, use the filter to find and select the `AmazonS3FullAccess` policy.
1. Click **Next**.
1. On the "Name, review, and create" page, enter a name for the role, and click **Create role**.
1. On the IAM "Roles" page, select the role you just created.
1. Under "Summary", note the ARN value for the role, as this is needed later.
1. Click the **Trust relationships** tab, then click **Edit trust policy**.
1. Edit the trust policy to add a new `sub` claim. The value for `Condition` must match the following example, replacing `HOSTNAME` with the public hostname for {% data variables.location.product_location_enterprise %}:
```json
...
"Condition": {
"StringEquals": {
"HOSTNAME/_services/token:aud": "sts.amazonaws.com",
"HOSTNAME/_services/token:sub": "HOSTNAME"
}
}
...
```
For example:
```json
...
"Condition": {
"StringEquals": {
"my-ghes-host.example.com/_services/token:aud": "sts.amazonaws.com",
"my-ghes-host.example.com/_services/token:sub": "my-ghes-host.example.com"
}
}
...
```
1. Click **Update policy**.
### 3. Configure {% data variables.product.prodname_ghe_server %} to connect to Amazon S3 using OIDC
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.management-console %}
{% data reusables.enterprise_management_console.actions %}
{% data reusables.actions.enterprise-enable-checkbox %}
{% data reusables.actions.enterprise-s3-storage-setup %}
1. Under "Authentication", select **OpenID Connect (OIDC)**, and enter the values for your storage:
* **AWS S3 Bucket**: The name of your S3 bucket.
* **AWS Role**: The ARN for the role you created in the previous procedures. For example, `arn:aws:iam::123456789:role/my-role-name`.
* **AWS Region**: The AWS region for your bucket. For example, `us-east-1`.
{% data reusables.enterprise_management_console.test-storage-button %}
{% data reusables.enterprise_management_console.save-settings %}
{% endif %}
## Enabling {% data variables.product.prodname_actions %} with Amazon S3 storage{% ifversion ghes-actions-storage-oidc %} using access keys{% endif %}
1. Using the AWS Console or CLI, create an access key for your storage bucket. {% indented_data_reference reusables.actions.enterprise-s3-permission spaces=3 %}
For more information on managing AWS access keys, see the "[AWS Identity and Access Management Documentation](https://docs.aws.amazon.com/iam/index.html)."
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.management-console %}
{% data reusables.enterprise_management_console.actions %}
{% data reusables.actions.enterprise-enable-checkbox %}
{%- ifversion ghes-actions-storage-oidc %}
{% data reusables.actions.enterprise-s3-storage-setup %}
1. Under "Authentication", select **Credentials-based**, and enter your storage bucket's details:
{% indented_data_reference reusables.actions.enterprise-s3-storage-credential-fields spaces=3 %}
{%- else %}
1. Under "Artifact & Log Storage", select **Amazon S3**, and enter your storage bucket's details:
* **AWS Service URL**: The service URL for your bucket. For example, if your S3 bucket was created in the `us-west-2` region, this value should be `https://s3.us-west-2.amazonaws.com`.
For more information, see "[AWS service endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html)" in the AWS documentation.
* **AWS S3 Bucket**: The name of your S3 bucket.
* **AWS S3 Access Key** and **AWS S3 Secret Key**: The AWS access key ID and secret key for your bucket. For more information on managing AWS access keys, see the "[AWS Identity and Access Management Documentation](https://docs.aws.amazon.com/iam/index.html)."
{% indented_data_reference reusables.actions.enterprise-s3-storage-credential-fields spaces=3 %}
![Radio button for selecting Amazon S3 Storage and fields for S3 configuration](/assets/images/enterprise/management-console/actions-aws-s3-storage.png)
{%- endif %}
{% data reusables.enterprise_management_console.test-storage-button %}
{% data reusables.enterprise_management_console.save-settings %}

76
content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-azure-blob-storage.md
View File

@@ -13,10 +13,17 @@ topics:
redirect_from:
- /admin/github-actions/enabling-github-actions-with-azure-blob-storage
shortTitle: Azure Blob storage
miniTocMaxHeadingLevel: 3
---
{% data reusables.actions.enterprise-storage-about %}
{% ifversion ghes-actions-storage-oidc %}
{% data reusables.actions.enterprise-storage-about-oidc %}
{% data reusables.actions.ghes-storage-oidc-beta-note %}
{% endif %}
## Prerequisites
Before enabling {% data variables.product.prodname_actions %}, make sure you have completed the following steps:
@@ -33,16 +40,83 @@ Before enabling {% data variables.product.prodname_actions %}, make sure you hav
For more information on Azure storage account types and performance tiers, see the [Azure documentation](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview?toc=/azure/storage/blobs/toc.json#types-of-storage-accounts).
{% data reusables.actions.enterprise-common-prereqs %}
{% data reusables.actions.enterprise-oidc-prereqs %}
## Enabling {% data variables.product.prodname_actions %} with Azure Blob storage
{% ifversion ghes-actions-storage-oidc %}
## Enabling {% data variables.product.prodname_actions %} with Azure Blob storage using OIDC (recommended)
{% data reusables.actions.ghes-storage-oidc-beta-note %}
To configure {% data variables.product.prodname_ghe_server %} to use OIDC with an Azure storage account, you must first register an Azure Active Directory application with OIDC credentials, then configure your storage account, and finally configure {% data variables.product.prodname_ghe_server %} to access the storage container using the Azure Active Directory application.
### 1. Register an Azure Active Directory application
1. Log in to the Azure portal.
1. Register a new application in Azure Active Directory. For more information, see [Register an application](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-an-application) in the Azure documentation.
1. In your Azure application, under "Essentials", take note of the values for "Application (client) ID" and "Directory (tenant) ID". These values are used later.
![Azure portal showing the Active Directory app "Essentials" section](/assets/images/azure/azure-aad-app-storage-ids.png)
1. In your Azure application, under "Manage", click **Certificates & secrets**, select the **Federated credentials** tab, then click **Add credential**.
![Azure portal showing the Active Directory app "certificates & secrets" page](/assets/images/azure/azure-federated-credential.png)
1. Enter the following details for the credential:
1. For "Federated credential scenario", select **Other issuer**.
1. For "Issuer", enter `https://HOSTNAME/_services/token`, where `HOSTNAME` is the public hostname for {% data variables.location.product_location_enterprise %}. For example, `https://my-ghes-host.example.com/_services/token`.
1. For "Subject identifier", enter the public hostname for {% data variables.location.product_location_enterprise %}. For example, `my-ghes-host.example.com`.
{% note %}
**Note:** The subject identifier must only have the hostname of {% data variables.location.product_location_enterprise %}, and _must not_ include the protocol.
{% endnote %}
1. For "Name", enter a name for the credential.
1. Click **Add**.
### 2. Configure your storage account
1. In the Azure portal, navigate to your storage account.
1. Click **Access Control (IAM)**, then click **Add**, and select **Add role assignment**.
1. For the role, select "Storage Blob Data Owner", then click **Next**.
1. For members, click **Select members**, and then search for and select the name of the Azure application you created earlier. Click **Select**.
1. Click **Review + assign**, review the role assignment, then click **Review + assign** again.
1. In the left menu, under "Settings", click **Endpoints**.
1. Under "Blob service", take note of the value for "Blob service", specifically the blob endpoint suffix. This is the value after `https://<storageaccountname>.blob`. It is typically `core.windows.net`, but might vary depending on your Azure region or account type.
For example, if your blob service URL is `https://my-storage-account.blob.core.windows.net`, the blob endpoint suffix is `core.windows.net`.
Note your storage account name and blob endpoint suffix, as these values are used later.
### 3. Configuring {% data variables.product.prodname_ghe_server %} to connect to Azure using OIDC
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.management-console %}
{% data reusables.enterprise_management_console.actions %}
{% data reusables.actions.enterprise-enable-checkbox %}
{% data reusables.actions.enterprise-azure-storage-setup %}
1. Under "Authentication", select **OpenID Connect (OIDC)**, and enter the values for your storage that you noted down in the previous procedures:
* Azure tenant ID
* Azure client ID
* Azure storage account name
* Azure blob endpoint suffix
{% data reusables.enterprise_management_console.test-storage-button %}
{% data reusables.enterprise_management_console.save-settings %}
{% endif %}
## Enabling {% data variables.product.prodname_actions %} with Azure Blob storage{% ifversion ghes-actions-storage-oidc %} using a connection string{% endif %}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.management-console %}
{% data reusables.enterprise_management_console.actions %}
{% data reusables.actions.enterprise-enable-checkbox %}
{%- ifversion ghes-actions-storage-oidc %}
{% data reusables.actions.enterprise-azure-storage-setup %}
1. Under "Authentication", select **Credentials-based**, and enter your Azure storage account's connection string. For more information on getting the connection string for your storage account, see the [Azure documentation](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#view-account-access-keys).
{%- else %}
1. Under "Artifact & Log Storage", select **Azure Blob Storage**, and enter your Azure storage account's connection string. For more information on getting the connection string for your storage account, see the [Azure documentation](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#view-account-access-keys).
![Radio button for selecting Azure Blob Storage and the Connection string field](/assets/images/enterprise/management-console/actions-azure-storage.png)
{%- endif %}
{% data reusables.enterprise_management_console.test-storage-button %}
{% data reusables.enterprise_management_console.save-settings %}

145
content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md
View File

@@ -11,6 +11,7 @@ topics:
- Infrastructure
- Storage
shortTitle: Google Cloud Storage
miniTocMaxHeadingLevel: 3
---
{% note %}
@@ -21,39 +22,149 @@ shortTitle: Google Cloud Storage
{% data reusables.actions.enterprise-storage-about %}
{% ifversion ghes-actions-storage-oidc %}
{% data reusables.actions.enterprise-storage-about-oidc %}
{% data reusables.actions.ghes-storage-oidc-beta-note %}
{% endif %}
## Prerequisites
Before enabling {% data variables.product.prodname_actions %}, make sure you have completed the following steps:
* Create your Google Cloud Storage bucket for storing data generated by workflow runs.
* Create a Google Cloud service account that can access the bucket, and create a Hash-based Message Authentication Code (HMAC) key for the service account. For more information, see "[Manage HMAC keys for service accounts](https://cloud.google.com/storage/docs/authentication/managing-hmackeys)" in the Google Cloud documentation.
The service account must have the following [Identity and Access Management (IAM) permissions](https://cloud.google.com/storage/docs/access-control/iam-permissions) for the bucket:
* `storage.objects.create`
* `storage.objects.get`
* `storage.objects.list`
* `storage.objects.update`
* `storage.objects.delete`
* `storage.multipartUploads.create`
* `storage.multipartUploads.abort`
* `storage.multipartUploads.listParts`
* `storage.multipartUploads.list`
{% data reusables.actions.enterprise-common-prereqs %}
{% data reusables.actions.enterprise-oidc-prereqs %}
## Enabling {% data variables.product.prodname_actions %} with Google Cloud Storage
{% ifversion ghes-actions-storage-oidc %}
## Enabling {% data variables.product.prodname_actions %} with Google Cloud Storage using OIDC (recommended)
{% data reusables.actions.ghes-storage-oidc-beta-note %}
To configure {% data variables.product.prodname_ghe_server %} to use OIDC with Google Cloud Storage, you must first create a Google Cloud service account, then create a Google Cloud identity pool and identity provider, and finally configure {% data variables.product.prodname_ghe_server %} to use the provider and service account to access your Google Cloud Storage bucket.
### 1. Create a service account
1. Create a service account that can access your bucket using OIDC. For more information, see [Creating and managing service accounts](https://cloud.google.com/iam/docs/creating-managing-service-accounts) in the Google Cloud documentation.
When creating the service account, ensure that you do the following:
* Enable the IAM API as described at the start of [Creating and managing service accounts](https://cloud.google.com/iam/docs/creating-managing-service-accounts).
* Add the following roles to the service account:
* Service Account Token Creator
* Storage Object Admin
1. After creating the service account, note its email address, as it is need later. The service account email address is in the format `SERVICE-ACCOUNT-NAME@PROJECT-NAME.iam.gserviceaccount.com`.
### 2. Create an identity pool and identity provider
1. In the Google Cloud console, go to the [New workload provider and pool](https://console.cloud.google.com/iam-admin/workload-identity-pools/create) page.
1. Under "Create an identity pool", enter a name for the identity pool, and click **Continue**.
1. Under "Add a provider to pool":
!["Add a provider to pool" screen when setting a new identity pool in Google Cloud Platform](/assets/images/enterprise/management-console/actions-gcp-idp-setup-1.png)
1. For "Select a provider", select **OpenID Connect (OIDC)**.
1. For "Provider name", enter a name for the provider.
1. For "Issuer (URL)", enter the following URL, replacing `HOSTNAME` with the public hostname for {% data variables.location.product_location_enterprise %}:
```
https://HOSTNAME/_services/token
```
For example:
```
https://my-ghes-host.example.com/_services/token
```
1. Under "Audiences", leave **Default audience** selected, but note the identity provider URL, as it is needed later. The identity provider URL is in the format `https://iam.googleapis.com/projects/PROJECT-NUMBER/locations/global/workloadIdentityPools/POOL-NAME/providers/PROVIDER-NAME`.
1. Click **Continue**.
1. Under "Configure provider attributes":
!["Configure provider attributes" screen when setting a new identity pool and provider in Google Cloud Platform](/assets/images/enterprise/management-console/actions-gcp-idp-setup-2.png)
1. For the "OIDC 1" mapping, enter `assertion.sub`.
1. Under "Attribute Conditions", click **Add condition**.
1. For "Condition CEL", enter the following condition, replacing `HOSTNAME` with the public hostname for {% data variables.location.product_location_enterprise %}:
```
google.subject == "HOSTNAME"
```
For example:
```
google.subject == "my-ghes-host.example.com"
```
{% note %}
**Note:** The hostname of {% data variables.location.product_location_enterprise %} used here _must not_ include the protocol.
{% endnote %}
1. Click **Save**.
1. After creating the identity pool, at the top of the identity pool's page, click **Grant access**.
!["Grant access to service account" screen when modifying an identity pool in Google Cloud Platform](/assets/images/enterprise/management-console/actions-gcp-idp-setup-3.png)
1. Under "Select service account", select the service account that you created in the previous procedure.
1. Under "Select principals (identities that can access the service account)", select **Only identities matching the filter**.
1. For "Attribute name", select **subject**.
1. For "Attribute value", enter your {% data variables.product.prodname_ghe_server %} hostname, without the protocol. For example, `my-ghes-host.example.com`.
1. Click **Save**.
1. You can dismiss the "Configure your application" dialog, as the configuration file is not needed.
### 3. Configure {% data variables.product.prodname_ghe_server %} to connect to Google Cloud Storage using OIDC
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.management-console %}
{% data reusables.enterprise_management_console.actions %}
{% data reusables.actions.enterprise-enable-checkbox %}
{% data reusables.actions.enterprise-gcp-storage-setup %}
1. Under "Authentication", select **OpenID Connect (OIDC)**, and enter the values for your storage:
* **Service URL**: The service URL for your bucket. This is usually `https://storage.googleapis.com`.
* **Bucket name**: The name of your bucket.
* **Workload Identity Provider ID**: The identity provider ID for your identity pool.
This is in the format `projects/PROJECT-NUMBER/locations/global/workloadIdentityPools/POOL-NAME/providers/PROVIDER-NAME`. Note that you must remove the `https://iam.googleapis.com/` prefix from the value noted in the previous procedure.
For example, `projects/1234567890/locations/global/workloadIdentityPools/my-pool/providers/my-provider`.
* **Service account**: The service account email address that you noted in the previous procedure. For example, `ghes-oidc-service-account@my-project.iam.gserviceaccount.com`.
{% data reusables.enterprise_management_console.test-storage-button %}
{% data reusables.enterprise_management_console.save-settings %}
{% endif %}
## Enabling {% data variables.product.prodname_actions %} with Google Cloud Storage{% ifversion ghes-actions-storage-oidc %} using a HMAC key{% endif %}
1. Create a Google Cloud service account that can access the bucket, and create a Hash-based Message Authentication Code (HMAC) key for the service account. For more information, see "[Manage HMAC keys for service accounts](https://cloud.google.com/storage/docs/authentication/managing-hmackeys)" in the Google Cloud documentation.
The service account must have the following [Identity and Access Management (IAM) permissions](https://cloud.google.com/storage/docs/access-control/iam-permissions) for the bucket:
* `storage.objects.create`
* `storage.objects.get`
* `storage.objects.list`
* `storage.objects.update`
* `storage.objects.delete`
* `storage.multipartUploads.create`
* `storage.multipartUploads.abort`
* `storage.multipartUploads.listParts`
* `storage.multipartUploads.list`
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.management-console %}
{% data reusables.enterprise_management_console.actions %}
{% data reusables.actions.enterprise-enable-checkbox %}
{%- ifversion ghes-actions-storage-oidc %}
{% data reusables.actions.enterprise-gcp-storage-setup %}
1. Under "Authentication", select **Credentials-based**, and enter your storage bucket's details:
{% indented_data_reference reusables.actions.enterprise-gcp-storage-credential-fields spaces=3 %}
{%- else %}
1. Under "Artifact & Log Storage", select **Google Cloud Storage**, and enter your bucket's details:
* **Service URL**: The service URL for your bucket. This is usually `https://storage.googleapis.com`.
* **Bucket Name**: The name of your bucket.
* **HMAC Access Id** and **HMAC Secret**: The Google Cloud access ID and secret for your storage account. For more information, see "[Manage HMAC keys for service accounts](https://cloud.google.com/storage/docs/authentication/managing-hmackeys)" in the Google Cloud documentation.
{% indented_data_reference reusables.actions.enterprise-gcp-storage-credential-fields spaces=3 %}
![Radio button for selecting Google Cloud Storage and fields for configuration](/assets/images/enterprise/management-console/actions-google-cloud-storage.png)
{%- endif %}
{% data reusables.enterprise_management_console.test-storage-button %}
{% data reusables.enterprise_management_console.save-settings %}

17
content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-minio-storage.md
View File

@@ -35,13 +35,24 @@ Before enabling {% data variables.product.prodname_actions %}, make sure you hav
{% data reusables.enterprise_site_admin_settings.management-console %}
{% data reusables.enterprise_management_console.actions %}
{% data reusables.actions.enterprise-enable-checkbox %}
{%- ifversion ghes-actions-storage-oidc %}
{% data reusables.actions.enterprise-s3-storage-setup %}
1. Under "Authentication", select **Credentials-based**, and enter your storage bucket's details:
{% note %}
**Note:** For MinIO, you cannot use OpenID Connect (OIDC) authentication. You must use credentials-based authentication.
{% endnote %}
{% indented_data_reference reusables.actions.enterprise-minio-storage-credential-fields spaces=3 %}
{%- else %}
1. Under "Artifact & Log Storage", select **Amazon S3**, and enter your storage bucket's details:
* **AWS Service URL**: The URL to your MinIO service. For example, `https://my-minio.example:9000`.
* **AWS S3 Bucket**: The name of your S3 bucket.
* **AWS S3 Access Key** and **AWS S3 Secret Key**: The `MINIO_ACCESS_KEY` and `MINIO_SECRET_KEY` used for your MinIO instance.
{% indented_data_reference reusables.actions.enterprise-minio-storage-credential-fields spaces=3 %}
![Radio button for selecting Amazon S3 Storage and fields for MinIO configuration](/assets/images/enterprise/management-console/actions-minio-s3-storage.png)
{% endif %}
1. Under "Artifact & Log Storage", select **Force path style**.
![Checkbox to Force path style](/assets/images/enterprise/management-console/actions-minio-force-path-style.png)