permissions
Creates, updates, deletes, gets or lists a permissions resource.
Overview
| Name | permissions |
| Type | Resource |
| Id | github.actions.permissions |
Fields
The following fields are returned by SELECT queries:
- get_github_actions_permissions_repository
- get_github_actions_permissions_organization
Response
| Name | Datatype | Description |
|---|---|---|
allowed_actions | string | The permissions policy that controls the actions and reusable workflows that are allowed to run. (all, local_only, selected) |
enabled | boolean | Whether GitHub Actions is enabled on the repository. |
selected_actions_url | string | The API URL to use to get or set the actions and reusable workflows that are allowed to run, when allowed_actions is set to selected. |
sha_pinning_required | boolean | Whether actions must be pinned to a full-length commit SHA. |
Response
| Name | Datatype | Description |
|---|---|---|
allowed_actions | string | The permissions policy that controls the actions and reusable workflows that are allowed to run. (all, local_only, selected) |
enabled_repositories | string | The policy that controls the repositories in the organization that are allowed to run GitHub Actions. (all, none, selected) |
selected_actions_url | string | The API URL to use to get or set the actions and reusable workflows that are allowed to run, when allowed_actions is set to selected. |
selected_repositories_url | string | The API URL to use to get or set the selected repositories that are allowed to run GitHub Actions, when enabled_repositories is set to selected. |
sha_pinning_required | boolean | Whether actions must be pinned to a full-length commit SHA. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_github_actions_permissions_repository | select | owner, repo | Gets the GitHub Actions permissions policy for a repository, including whether GitHub Actions is enabled and the actions and reusable workflows allowed to run in the repository. OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
get_github_actions_permissions_organization | select | org | Gets the GitHub Actions permissions policy for repositories and allowed actions and reusable workflows in an organization. OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. | |
set_github_actions_permissions_repository | replace | owner, repo, enabled | Sets the GitHub Actions permissions policy for enabling GitHub Actions and allowed actions and reusable workflows in the repository. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
set_github_actions_permissions_organization | replace | org, enabled_repositories | Sets the GitHub Actions permissions policy for repositories and allowed actions and reusable workflows in an organization. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
org | string | The organization name. The name is not case sensitive. |
owner | string | The account owner of the repository. The name is not case sensitive. |
repo | string | The name of the repository without the .git extension. The name is not case sensitive. |
SELECT examples
- get_github_actions_permissions_repository
- get_github_actions_permissions_organization
Gets the GitHub Actions permissions policy for a repository, including whether GitHub Actions is enabled and the actions and reusable workflows allowed to run in the repository.
OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
SELECT
allowed_actions,
enabled,
selected_actions_url,
sha_pinning_required
FROM github.actions.permissions
WHERE owner = '{{ owner }}' -- required
AND repo = '{{ repo }}' -- required
;
Gets the GitHub Actions permissions policy for repositories and allowed actions and reusable workflows in an organization.
OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
SELECT
allowed_actions,
enabled_repositories,
selected_actions_url,
selected_repositories_url,
sha_pinning_required
FROM github.actions.permissions
WHERE org = '{{ org }}' -- required
;
REPLACE examples
- set_github_actions_permissions_repository
- set_github_actions_permissions_organization
Sets the GitHub Actions permissions policy for enabling GitHub Actions and allowed actions and reusable workflows in the repository.
OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
REPLACE github.actions.permissions
SET
enabled = {{ enabled }},
allowed_actions = '{{ allowed_actions }}',
sha_pinning_required = {{ sha_pinning_required }}
WHERE
owner = '{{ owner }}' --required
AND repo = '{{ repo }}' --required
AND enabled = {{ enabled }} --required;
Sets the GitHub Actions permissions policy for repositories and allowed actions and reusable workflows in an organization.
OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
REPLACE github.actions.permissions
SET
enabled_repositories = '{{ enabled_repositories }}',
allowed_actions = '{{ allowed_actions }}',
sha_pinning_required = {{ sha_pinning_required }}
WHERE
org = '{{ org }}' --required
AND enabled_repositories = '{{ enabled_repositories }}' --required;