Do you want to protect your GitHub Actions so they are not public?
GitHub has finally released a new feature that allows sharing custom GitHub Actions privately only within an organization. You don’t need to have them in a public repo anymore.
Let’s see how!
The Problem
As you probably know, until now when you created a custom GitHub Action you had to store them in a Public Repo to be able to use them.
This means that anybody on the internet could see your Actions and use or copy them. And while this is not necessarily a problem, and in fact promotes Open Source, it is a limitation in the cases in which you or your company has some kind of IP in those Actions, or simply want to keep them private to avoid security issues or other problems.
The Solution
And this is where the new feature comes into play: less than a couple of week ago, GitHub has made available the hosting of Actions in Internal repos.
And this means that your Action is effectively “Private” since internal repos can be seen only by members of an organization.
There is actually a catch on this being private. In GitHub docs, there is this curious warning that says: “If you make an internal repository in your enterprise accessible to GitHub Actions workflows in other repositories, outside collaborators on the other repositories can indirectly access the internal repository, even though they do not have direct access to the internal repository”
They also mention they can view the logs when the Action is used, but first I would expect that to be the case, if I use an Action I should be able to read the logs, and second, it is not clear if that is the only access they have or if there’s anything else they can do as part of what they call “indirect access”. I’ve tried this feature and I didn’t seem to be able to access or see the internal repo with an account that didn’t have access to the org, but I think this is worth a deeper investigation.
With that said, let’s see quickly how to enable this.
Video
As usual, if you are a visual learner, or simply prefer to watch and listen instead of reading, here you have the video with the whole explanation and demo, which to be fair is much more complete than this post.
Link to the video: https://youtu.be/_qS9UbbkGa4
If you rather prefer reading, well... let's just continue :)
Enable Actions in Internal Repos
Alright, first thing you have to do is making sure the repo you want to host your custom Action into is internal.
Just go to the repo Settings, scroll down to the Danger Zone, click “Change Visibility”, and select “Make internal”.
If you don’t see the Internal option but only Public and Private, make sure the repository you are working on is part of an organization in the GitHub Enterprise Cloud
Next, we need to enable the access to this repo from the GitHub Actions workflows that will reference our custom action.
To do this, still in the Settings section of your repo, find and expand the “Actions” tab, and click on “General”. Scroll down until you see the “Access” section, and here you can find the 2 options the allow to access the repo from workflows in the same organization, or even taking it a step forward enabling the sharing to the whole enterprise.
And that’s basically it, now you can reference the action stored in that repository from the repos in your organization or enterprise respectively. Just use the usual syntax:
owner/repo@version
where owner
is the name of the organization where the repo is hosted.
Notes
Quick note: the Actions you store in internal repositories can only be used by workflows defined in other private and internal repositories, but cannot be used in workflows defined within any public repositories.
Also, at the time of recording this video this feature is still in beta so things may change, and it is only available for accounts in the GitHub Enterprise Cloud as I’ve mentioned before.
Conclusions
Let me know in the comments below if you are happy that this feature is finally here.
Also, check out this video where I talk about sharing entire workflows in GitHub Actions.
Like, share and follow me 🚀 for more content:
📽 YouTube
☕ Buy me a coffee
💖 Patreon
📧 Newsletter
🌐 CoderDave.io Website
👕 Merch
👦🏻 Facebook page
🐱💻 GitHub
👲🏻 Twitter
👴🏻 LinkedIn
🔉 Podcast
Top comments (0)