GitHub Actions Certification

GitHub Actions in the Enterprise Cloud

Define how to distribute actions for an enterprise

In this guide, you’ll learn how to enable GitHub Actions workflows on a self-hosted GitHub Enterprise Server to consume Marketplace actions. By default, Enterprise Server workflows only use actions stored on the instance. To extend this capability, you can integrate with GitHub.com or selectively import actions.

The image features a blue gradient background with the text "Distributing Actions for an Enterprise Server" in the center. It also includes a copyright notice for KodeKloud in the bottom left corner.

Built-in Actions on Enterprise Server

When you set up GitHub Enterprise Server, it pre-bundles a snapshot of core Marketplace actions—such as Checkout and upload/download artifact actions. You can browse these on your instance:

https://<YOUR_ENTERPRISE_HOST>/_actions

Each action lives in its own repository under the actions organization, complete with tags, branches, and commits.

Note

Pre-bundled actions are static snapshots captured at installation time. If you need newer versions or third-party actions, use one of the methods below.

Handling External Action Dependencies

Imagine a workflow requiring:

on: push
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: [email protected]

Without internet access, [email protected] can’t be fetched. You have two options:

MethodDescriptionIdeal for
GitHub ConnectIntegrates Enterprise Server with GitHub.com, allowing approved Marketplace actions.Seamless access with policy controls
actions-syncCLI tool to download and import specific action versions into your Enterprise Server.Air-gapped environments or tight control

Option 1: GitHub Connect

GitHub Connect links your Enterprise Server to GitHub Enterprise Cloud. Once enabled, workflows can reference all Marketplace actions while you enforce Action Policies to approve or block specific actions.

on: push
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: [email protected]

Note

After configuring GitHub Connect, approved public actions resolve automatically without additional steps.

Option 2: Selective Sync with actions-sync

For air-gapped or highly controlled environments, use the actions-sync CLI to pull and import only the action versions you need.

  1. Install actions-sync.

  2. Sync an action version:

    actions-sync sync \
      --action actions/checkout \
      --version v4 \
      --enterprise-host <YOUR_ENTERPRISE_HOST>
    
  3. Reference the synced action in your workflow:

    on: push
    jobs:
      build:
        runs-on: ubuntu-latest
        steps:
          - uses: actions/checkout@v4
    

Warning

Always pin to a specific version when syncing with actions-sync. This prevents unintended updates and maintains workflow stability.

Summary

By leveraging GitHub Connect or the actions-sync tool, you can distribute Marketplace actions to your GitHub Enterprise Server while enforcing security policies and compliance.

Watch Video

Watch video content

Practice Lab

Practice lab

Previous
Documenting GitHub Actions