Clarify that Actions policies never restrict access to local actions (#56059)

steiza · jc-clark · web-flow · commit 2e5295037cca · 2025-06-13T22:06:04.000Z
Co-authored-by: Joe Clark &lt;31087804+jc-clark@users.noreply.github.com&gt;
diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md
@@ -77,6 +77,8 @@ When specifying actions{% ifversion actions-workflow-policy %} and reusable work
    * To allow all actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %} in organizations that start with `space-org`, use `space-org*/*`.
    * To allow all actions{% ifversion actions-workflow-policy %} and reusable workflows{% endif %} in repositories that start with octocat, use `*/octocat**@*`.
 
+Policies never restrict access to local actions on the runner filesystem (where the `uses:` path start with `./`).
+
 ## Runners
 
 By default, anyone with admin access to a repository can add a self-hosted runner for the repository, and self-hosted runners come with risks:
