GitHub Community
Possibility to block a deprecated Action #45456
Unanswered
Wivik
asked this question in
Enterprise
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
Product Feedback
Body
Hello,
When the "Allow GitHub Actions, Verified Actions, and the following authorized list" setting is enabled for the Enterprise policy, the users in the organization enjoy the freedom to use the various official and Verified Actions which covers most of the needs, and the admins will just have to enable some specific requirements.
The Authorized list provides a very fine-grained definition because you can allow specific versions for an Action (ex : v2 when v1 is deprecated).
But for the GitHub Official or Verified Actions, it seems like I don't have the possibility to block a deprecated or archived version.
For example : If I have a user putting
actions/checkout@v1in their workflow, I can't block it. Same for an Action that have been archived, you can still use it in your Workflows (ex :azure/get-keyvault-secretswhich is archived, or theactions/create-release).I think a setting for blocking Archived repositories from being used in GitHub Actions would help to avoid using abandoned stuff.
For the deprecated versions, maybe a kind of tag the developer could apply (if not already existing) and the Enterprise policy would disallow them ?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions