de28b750d1
* Add 'permissions' to reference page * Final set of pre-review changes * Update content/actions/learn-github-actions/security-hardening-for-github-actions.md Co-authored-by: Sarah Edwards <skedwards88@github.com> * Update content/actions/reference/authentication-in-a-workflow.md Co-authored-by: Sarah Edwards <skedwards88@github.com> * Update content/actions/reference/authentication-in-a-workflow.md Co-authored-by: Sarah Edwards <skedwards88@github.com> * Update content/actions/reference/authentication-in-a-workflow.md Co-authored-by: Sarah Edwards <skedwards88@github.com> * Update content/actions/reference/authentication-in-a-workflow.md Co-authored-by: Sarah Edwards <skedwards88@github.com> * Update data/reusables/github-actions/workflow-permissions-intro.md Co-authored-by: Sarah Edwards <skedwards88@github.com> * Update content/actions/reference/authentication-in-a-workflow.md Co-authored-by: Sarah Edwards <skedwards88@github.com> * Update content/actions/reference/authentication-in-a-workflow.md Co-authored-by: Sarah Edwards <skedwards88@github.com> * Update data/reusables/github-actions/publish-to-packages-workflow-step.md Co-authored-by: Sarah Edwards <skedwards88@github.com> * Update content/actions/guides/publishing-nodejs-packages.md * Update content/actions/guides/publishing-java-packages-with-gradle.md * Update content/actions/guides/publishing-java-packages-with-maven.md * Update content/actions/guides/publishing-nodejs-packages.md * Update content/actions/reference/authentication-in-a-workflow.md * Update content/actions/reference/authentication-in-a-workflow.md * Update content/actions/reference/authentication-in-a-workflow.md * Update content/actions/reference/authentication-in-a-workflow.md * Update content/actions/learn-github-actions/security-hardening-for-github-actions.md * Update content/actions/reference/authentication-in-a-workflow.md * Update content/actions/reference/workflow-syntax-for-github-actions.md * Update content/actions/reference/workflow-syntax-for-github-actions.md * Update content/actions/reference/workflow-syntax-for-github-actions.md * Update content/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository.md * Update content/github/setting-up-and-managing-organizations-and-teams/disabling-or-limiting-github-actions-for-your-organization.md * Update content/github/setting-up-and-managing-your-enterprise/enforcing-github-actions-policies-in-your-enterprise-account.md * Update content/packages/guides/using-github-packages-with-github-actions.md * Make review comment changes (locally) * Resolve conflicts caused by remotely made review changes * Remove translation file changes from PR. * Remove rogue indentation in Important box * Remove sentence about default being set to restricted. This *will* be the case for new repos in future, but that isn't being shipped at the moment. * Add permissions to workflow examples (#18393) Co-authored-by: Sarah Edwards <skedwards88@github.com>
3.6 KiB
title, intro, product, redirect_from, miniTocMaxHeadingLevel, versions, topics
| title | intro | product | redirect_from | miniTocMaxHeadingLevel | versions | topics | ||||
|---|---|---|---|---|---|---|---|---|---|---|
| Enforcing GitHub Actions policies in your enterprise account | Enterprise owners can disable, enable, and limit {% data variables.product.prodname_actions %} for an enterprise account. | {% data reusables.gated-features.enterprise-accounts %} |
|
4 |
|
|
About {% data variables.product.prodname_actions %} permissions for your enterprise account
By default, {% data variables.product.prodname_actions %} is enabled in all organizations owned by an enterprise account. You can choose to disable {% data variables.product.prodname_actions %} for all organizations owned by an enterprise account, or only allow specified organizations. You can also limit the use of public actions, so that people can only use local actions that exist in your organization.
For more information about {% data variables.product.prodname_actions %}, see "About {% data variables.product.prodname_actions %}."
Managing {% data variables.product.prodname_actions %} permissions for your enterprise account
You can disable all workflows for an enterprise or set a policy that configures which actions can be used in an organization.
{% data reusables.actions.actions-use-policy-settings %}
{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} {% data reusables.enterprise-accounts.actions-tab %} {% data reusables.actions.enterprise-actions-permissions %}
- Click Save.
Allowing specific actions to run
{% data reusables.actions.allow-specific-actions-intro %}
{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} {% data reusables.enterprise-accounts.actions-tab %}
- Under Policies, select Allow select actions and add your required actions to the list.
Enabling workflows for private repository forks
{% data reusables.github-actions.private-repository-forks-overview %}
Configuring the private fork policy for your enterprise account
{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} {% data reusables.enterprise-accounts.actions-tab %} {% data reusables.github-actions.private-repository-forks-configure %}
Setting the permissions of the GITHUB_TOKEN for your enterprise
{% data reusables.github-actions.workflow-permissions-intro %}
You can set the default permissions for the GITHUB_TOKEN in the settings for your enterprise, organizations, or repositories. If you choose the restricted option as the default in your enterprise settings, this prevents the more permissive setting being chosen in the organization or repository settings.
{% data reusables.github-actions.workflow-permissions-modifying %}
Configuring the default GITHUB_TOKEN permissions
{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} {% data reusables.enterprise-accounts.actions-tab %}
- Under Workflow permissions, choose whether you want the
GITHUB_TOKENto have read and write access for all scopes, or just read access for thecontentsscope.
- Click Save to apply the settings.
