0

I've created 2 workflows, one is caller workflow A in repository A and other is called workflow B in repository B. Both the repositories are part of Github Org OrgName. Workflow B in repository B is intended to be reusable by certain private repositories in my Github Org, not all private repositories. Github says that all private repositories in an org will get access to a private reusable workflow. https://docs.github.com/en/actions/creating-actions/sharing-actions-and-workflows-with-your-organization#about-github-actions-access-to-private-repositories

Any actions or reusable workflows stored in the private repository can be used in workflows defined in other private repositories owned by the same organization. Actions and reusable workflows stored in internal repositories cannot be used in public repositories and actions and reusable workflows stored in private repositories cannot be used in public or internal repositories.

How can I make sure only selected private repos in my org are able to use this reusable workflow A. Thanks!

Karan Tikku
  • 197
  • 12
  • You can't. Whether you share workflows / actions from a user private repository, or a private org repository for other private repositories to access it. It's not possible to select specific repositories(yet?). [Reference](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-access-to-components-in-a-private-repository) – GuiFalourd Jun 19 '23 at 11:28
  • is there any hack or check I can add to make sure only certain repos are able to get access to the reusable workflow? – Karan Tikku Jun 19 '23 at 16:49
  • 1
    The best solution would probably involve a custom API managing the reusable workflow calls. If you can't, an option could be to ask for a PAT or specific KEY as input to your reusable workflow, and only allow PAT / KEY from a specific list of users / repositories in your organization to run the workflow when (through a check job). It may not be enough, but would already gives you control to who can or not use the workflow. – GuiFalourd Jun 19 '23 at 16:59

0 Answers0