GitHub Actions adds policy controls for organization and repository owners

GitHub Actions has new settings for organizations and repository owners to limit the usage of external Actions.

github actions
|
| 1 minutes

The ability to reuse actions from across the GitHub community is one of the most powerful features of GitHub Actions. As a developer, you can take advantage of the collective knowledge of millions of other developers just as you do in your applications. However, sometimes you just want to use Actions that your organization creates, either to have the most control over change as possible or to meet security and compliance needs.

As a first step in providing repository and organization owners with this type of control, we’ve introduced three settings at both the repository and organization level.

  • Enable local & third party Actions: This enables developers to use the full power of GitHub Actions from anywhere in the GitHub community—this is the default for all repositories and organizations. 
  • Enable local Actions only: This option requires all Actions to be vendored directly into the repository with the workflow that references them.
  • Disable Actions: This option completely disables Actions within your organization or repository. This is useful for organizations that are not yet ready to use Actions or have a different service for CI/CD.

What’s next

We understand that these initial changes will not address everyone’s unique needs, however, they’re a good first step towards providing a rich set of controls from GitHub Actions. We look forward to collaborating with the community in other ways we can make Actions the best choice for your team. If you have questions, comments, or feedback, reach out in the community forum.

Learn more about GitHub Actions

Related posts