split reusable in two and adds article specific details on fork policies

2026-01-07 00:01:39 -05:00 · 2022-01-25 10:50:00 +01:00
parent 5633a1a4bf
commit bb2537e872
5 changed files with 16 additions and 5 deletions
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
+++ b/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
@@ -100,6 +100,10 @@ You can enforce policies to control how {% data variables.product.prodname_actio

 {% data reusables.github-actions.private-repository-forks-overview %}

+These policies can be enabled and disabled at the enterprise level. Once enabled at the enterprise level, the policies can then be selectively disabled for individual organizations or repositories.
+
+{% data reusables.github-actions.private-repository-forks-options %}
+
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.actions-tab %}
--- a/content/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization.md
+++ b/content/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization.md
@@ -79,6 +79,10 @@ You can configure this behavior for an organization using the procedure below. M

 {% data reusables.github-actions.private-repository-forks-overview %}

+These policies can be enabled and disabled at the {% if fpt %}organization{% elsif ghec or ghae or ghes %}enterprise{% endif %} level. Once enabled at the {% ifversion fpt %}organization{% elsif ghec or ghae or ghes %}enterprise{% endif %} level, the policies can then be selectively disabled for individual {% if ghec or ghae or ghes %}organizations or{% endif %} repositories.
+
+{% data reusables.github-actions.private-repository-forks-options %}
+
 ### Configuring the private fork policy for an organization

 {% data reusables.profile.access_org %}
--- a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md
+++ b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md
@@ -83,6 +83,10 @@ You can configure this behavior for a repository using the procedure below. Modi

 {% data reusables.github-actions.private-repository-forks-overview %}

+These policies can be enabled and disabled at the {% ifversion fpt %}organization{% elsif ghec or ghae or ghes %}enterprise{% endif %} level. Once enabled at the {% ifversion fpt %}organization{% elsif ghec or ghae or ghes %}enterprise{% endif %} level, the policies can then be selectively disabled for individual repositories.
+
+{% data reusables.github-actions.private-repository-forks-options %}
+
 ### Configuring the private fork policy for a repository

 {% data reusables.repositories.navigate-to-repo %}
--- a/data/reusables/github-actions/private-repository-forks-options.md
+++ b/data/reusables/github-actions/private-repository-forks-options.md
@@ -0,0 +1,3 @@
+- **Run workflows from fork pull requests** - Allows users to run workflows from fork pull requests, using a `GITHUB_TOKEN` with read-only permission, and with no access to secrets.
+- **Send write tokens to workflows from pull requests** - Allows pull requests from forks to use a `GITHUB_TOKEN` with write permission.
+- **Send secrets to workflows from pull requests** - Makes all secrets available to the pull request.
--- a/data/reusables/github-actions/private-repository-forks-overview.md
+++ b/data/reusables/github-actions/private-repository-forks-overview.md
@@ -1,5 +1 @@
-If you rely on using forks of your private repositories, you can configure policies that control how users can run workflows on `pull_request` events. Available to private {% ifversion ghec or ghes or ghae %}and internal{% endif %} repositories only, you can configure these policy settings for {% ifversion ghec %}an enterprise{% elsif ghes or ghae %}your enterprise{% elsif fpt %}an organization{% endif %}, which will apply the settings to all applicable repositories{% ifversion ghec or ghes or ghae %} in all organizations within {% ifversion ghec %}the{% elsif ghes or ghae %}your{% endif %} enterprise{% endif %}. You can then disable these policy settings for individual repositories. You can also disable the policy settings for {% ifversion ghec or fpt %}the{% elsif ghes or ghae %}your{% endif %} entire{% ifversion ghec or ghes or ghae %} enterprise {% elsif  fpt %} organization{% endif %} at any time.
-
- **Run workflows from fork pull requests** - Allows users to run workflows from fork pull requests, using a `GITHUB_TOKEN` with read-only permission, and with no access to secrets.
- **Send write tokens to workflows from pull requests** - Allows pull requests from forks to use a `GITHUB_TOKEN` with write permission.
- **Send secrets to workflows from pull requests** - Makes all secrets available to the pull request.
+If you rely on using forks of your private repositories, you can configure policies that control how users can run workflows on `pull_request` events. Available to private {% ifversion ghec or ghes or ghae %}and internal{% endif %} repositories only, you can configure these policy settings for {% ifversion ghec %}enterprises, {% elsif ghes or ghae %}your enterprise, {% endif %}organizations, or repositories.