Skip to content

Commit 2bba3c7

Browse files
chrispatyaananthSarah Edwards
authored
Add warning about GitHub Connect behavior with Actions (github#18771)
Co-authored-by: Yashwanth Anantharaju <yaananth@users.noreply.github.com> Co-authored-by: Sarah Edwards <skedwards88@github.com>
1 parent 2e0d32e commit 2bba3c7

2 files changed

Lines changed: 8 additions & 0 deletions

File tree

content/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ topics:
1313

1414
{% data reusables.actions.enterprise-beta %}
1515
{% data reusables.actions.enterprise-github-hosted-runners %}
16+
{% data reusables.actions.enterprise-github-connect-warning %}
1617
{% data reusables.actions.ae-beta %}
1718

1819
By default, {% data variables.product.prodname_actions %} workflows on {% data variables.product.product_name %} cannot use actions directly from {% data variables.product.prodname_dotcom_the_website %} or [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions).
Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21" %}
2+
{% note %}
3+
4+
**Note:** With {% data variables.product.prodname_github_connect %} enabled, {% data variables.product.prodname_actions %} will try to find the repository on your {% data variables.product.prodname_ghe_server %} instance first before falling back to {% data variables.product.prodname_dotcom %}. If a user creates an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom %}, the repository on your enterprise will be used in place of the {% data variables.product.prodname_dotcom %} repository. A malicious user could take advantage of this behavior to run code as part of a workflow.
5+
6+
{% endnote %}
7+
{% endif %}

0 commit comments

Comments
 (0)