Automate GitHub Actions allow list for GitHub Enterprise Cloud accounts
name: Deploy GitHub Actions allow list
on:
push:
branches: [main]
paths: [github-actions-allow-list.yml]
jobs:
deploy:
runs-on: ubuntu-latest
permissions: read-all
steps:
- name: Checkout
uses: actions/checkout@v2.3.4
- name: Setup node
uses: actions/setup-node@v2.1.5
with:
node-version: 14.x
- name: Deploy GitHub Actions allow list
uses: ActionsDesk/github-actions-allow-list-as-code-action@v1.1.0
with:
token: ${{ secrets.ENTERPRISE_ADMIN_TOKEN }}
enterprise: 'your-enterprise'
# same as defined under `on.pull_requests.paths`
allow_list_path: github-actions-allow-list.yml| Name | Description | Default | Required |
|---|---|---|---|
token |
GitHub Personal Access Token (PAT) with admin:enterprise or admin:org scope |
true |
|
enterprise |
GitHub Enterprise Cloud account slug | false |
|
organization |
GitHub organization slug | false |
|
allow_list_path |
Path to the GitHub Actions allow list YML within the repository | github-actions-allow-list.yml |
false |
ℹ️ Notes for providing enterprise or organization:
- Either provide
enterpriseto update the GitHub Enterprise Cloud's actions allow list, ororganizationto update a single organization's allow list. - Providing both will result in the action run failing with
Please provide only one of: enterprise, organization. - If providing
organization, but the allow list is handled via GitHub Enterprise Cloud's actions allow list, the action run will fail withSelected actions are already set at the enterprise level.