allowed_actions
Creates, updates, deletes, gets or lists an allowed_actions resource.
Overview
| Name | allowed_actions |
| Type | Resource |
| Id | github.actions.allowed_actions |
Fields
The following fields are returned by SELECT queries:
- get_allowed_actions_repository
- get_allowed_actions_organization
Response
| Name | Datatype | Description |
|---|---|---|
github_owned_allowed | boolean | Whether GitHub-owned actions are allowed. For example, this includes the actions in the actions organization. |
patterns_allowed | array | Specifies a list of string-matching patterns to allow specific action(s) and reusable workflow(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*. > [!NOTE] > The patterns_allowed setting only applies to public repositories. |
verified_allowed | boolean | Whether actions from GitHub Marketplace verified creators are allowed. Set to true to allow all actions by GitHub Marketplace verified creators. |
Response
| Name | Datatype | Description |
|---|---|---|
github_owned_allowed | boolean | Whether GitHub-owned actions are allowed. For example, this includes the actions in the actions organization. |
patterns_allowed | array | Specifies a list of string-matching patterns to allow specific action(s) and reusable workflow(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*. > [!NOTE] > The patterns_allowed setting only applies to public repositories. |
verified_allowed | boolean | Whether actions from GitHub Marketplace verified creators are allowed. Set to true to allow all actions by GitHub Marketplace verified creators. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_allowed_actions_repository | select | owner, repo | Gets the settings for selected actions and reusable workflows that are allowed in a repository. To use this endpoint, the repository policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for a repository."OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
get_allowed_actions_organization | select | org | Gets the selected actions and reusable workflows that are allowed in an organization. To use this endpoint, the organization permission policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for an organization."OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. | |
set_allowed_actions_repository | replace | owner, repo | Sets the actions and reusable workflows that are allowed in a repository. To use this endpoint, the repository permission policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for a repository."OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
set_allowed_actions_organization | replace | org | Sets the actions and reusable workflows that are allowed in an organization. To use this endpoint, the organization permission policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for an organization."OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
org | string | The organization name. The name is not case sensitive. |
owner | string | The account owner of the repository. The name is not case sensitive. |
repo | string | The name of the repository without the .git extension. The name is not case sensitive. |
SELECT examples
- get_allowed_actions_repository
- get_allowed_actions_organization
Gets the settings for selected actions and reusable workflows that are allowed in a repository. To use this endpoint, the repository policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for a repository."
OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
SELECT
github_owned_allowed,
patterns_allowed,
verified_allowed
FROM github.actions.allowed_actions
WHERE owner = '{{ owner }}' -- required
AND repo = '{{ repo }}' -- required
;
Gets the selected actions and reusable workflows that are allowed in an organization. To use this endpoint, the organization permission policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for an organization."
OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
SELECT
github_owned_allowed,
patterns_allowed,
verified_allowed
FROM github.actions.allowed_actions
WHERE org = '{{ org }}' -- required
;
REPLACE examples
- set_allowed_actions_repository
- set_allowed_actions_organization
Sets the actions and reusable workflows that are allowed in a repository. To use this endpoint, the repository permission policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for a repository."
OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
REPLACE github.actions.allowed_actions
SET
github_owned_allowed = {{ github_owned_allowed }},
verified_allowed = {{ verified_allowed }},
patterns_allowed = '{{ patterns_allowed }}'
WHERE
owner = '{{ owner }}' --required
AND repo = '{{ repo }}' --required;
Sets the actions and reusable workflows that are allowed in an organization. To use this endpoint, the organization permission policy for allowed_actions must be configured to selected. For more information, see "Set GitHub Actions permissions for an organization."
OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
REPLACE github.actions.allowed_actions
SET
github_owned_allowed = {{ github_owned_allowed }},
verified_allowed = {{ verified_allowed }},
patterns_allowed = '{{ patterns_allowed }}'
WHERE
org = '{{ org }}' --required;