GitHub Actions Certification
GitHub Actions in the Enterprise Cloud
Define how to distribute actions for an enterprise
In this guide, you’ll learn how to enable GitHub Actions workflows on a self-hosted GitHub Enterprise Server to consume Marketplace actions. By default, Enterprise Server workflows only use actions stored on the instance. To extend this capability, you can integrate with GitHub.com or selectively import actions.
Built-in Actions on Enterprise Server
When you set up GitHub Enterprise Server, it pre-bundles a snapshot of core Marketplace actions—such as Checkout and upload/download artifact actions. You can browse these on your instance:
https://<YOUR_ENTERPRISE_HOST>/_actions
Each action lives in its own repository under the actions
organization, complete with tags, branches, and commits.
Note
Pre-bundled actions are static snapshots captured at installation time. If you need newer versions or third-party actions, use one of the methods below.
Handling External Action Dependencies
Imagine a workflow requiring:
actions/checkout@v2
(pre-bundled)[email protected]
(not pre-bundled)
on: push
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: [email protected]
Without internet access, [email protected]
can’t be fetched. You have two options:
Method | Description | Ideal for |
---|---|---|
GitHub Connect | Integrates Enterprise Server with GitHub.com, allowing approved Marketplace actions. | Seamless access with policy controls |
actions-sync | CLI tool to download and import specific action versions into your Enterprise Server. | Air-gapped environments or tight control |
Option 1: GitHub Connect
GitHub Connect links your Enterprise Server to GitHub Enterprise Cloud. Once enabled, workflows can reference all Marketplace actions while you enforce Action Policies to approve or block specific actions.
on: push
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: [email protected]
Note
After configuring GitHub Connect, approved public actions resolve automatically without additional steps.
Option 2: Selective Sync with actions-sync
For air-gapped or highly controlled environments, use the actions-sync
CLI to pull and import only the action versions you need.
Install
actions-sync
.Sync an action version:
actions-sync sync \ --action actions/checkout \ --version v4 \ --enterprise-host <YOUR_ENTERPRISE_HOST>
Reference the synced action in your workflow:
on: push jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4
Warning
Always pin to a specific version when syncing with actions-sync
. This prevents unintended updates and maintains workflow stability.
Summary
By leveraging GitHub Connect or the actions-sync tool, you can distribute Marketplace actions to your GitHub Enterprise Server while enforcing security policies and compliance.
Links and References
- GitHub Connect Documentation
- actions-sync GitHub Repository
- Managing Workflow Policies for GitHub Actions
Watch Video
Watch video content
Practice Lab
Practice lab