In this lab you will restrict the usage of Actions in your own repository
Duration: 5-10 minutes
References:
- Navigate to the
Settings > Actions > Generalpage of your own repository - In the section
Actions permissionsclick on the last option to only allow specified actions and reusable workflows - Check the setting
Allow actions created by GitHub - Click
Save - In the section
Workflow permissionsselect the optionRead repository contents permissionto change the default permissions granted to the GITHUB_TOKEN when running workflows. - Cick
Save - Go to
Actionstab of your repository - Create your first
Simple workflowby clickingConfigureon the suggested workflow - Name you file
ci.ymland commit the changes to your main branch - The workflow will be triggered automatically, wait to finish the execution
- Open the workflow file ci.yml
- Edit the file and copy the following YAML content at the end of the file:
hello_world_job:
runs-on: ubuntu-latest
name: A first job to say hello
steps:
- id: hello-world
uses: githubdevopsabcs/hello-world-composite-action@v1.0.1
with:
who-to-greet: 'Hello from GH ABCs'
- run: echo random-number ${{ steps.hello-world.outputs.random-number }}
shell: bash- Commit the changes into the
mainbranch - Go to
Actionsand see the details of your running workflow - The workflow has the error:
[githubdevopsabcs/hello-world-composite-action@main] is not allowed to be used in [organization].
Actions in this workflow must be: within a repository that belongs to your Enterprise account or created by GitHub.
- Navigate to the
Settings > Actions > Generalpage of your own repository - Allow the action by adding it to the
Allow specified actions and reusable workflowsfield:
githubdevopsabcs/hello-world-composite-action@v1.0.1