diff --git a/assets/images/help/settings/actions-enterprise-account-add-runner-group-options.png b/assets/images/help/settings/actions-enterprise-account-add-runner-group-options.png index b61b6207a965..2da71a5d3316 100644 Binary files a/assets/images/help/settings/actions-enterprise-account-add-runner-group-options.png and b/assets/images/help/settings/actions-enterprise-account-add-runner-group-options.png differ diff --git a/assets/images/help/settings/actions-org-add-runner-group-options.png b/assets/images/help/settings/actions-org-add-runner-group-options.png index a06d0354fb8f..5fdeffc92589 100644 Binary files a/assets/images/help/settings/actions-org-add-runner-group-options.png and b/assets/images/help/settings/actions-org-add-runner-group-options.png differ diff --git a/content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md b/content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md index 555d974156bd..d6410327232f 100644 --- a/content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md +++ b/content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md @@ -33,7 +33,7 @@ All organizations have a single default self-hosted runner group. Organizations Self-hosted runners are automatically assigned to the default group when created, and can only be members of one group at a time. You can move a runner from the default group to any group you create. -When creating a group, you must choose a policy that defines which repositories have access to the runner group. You can configure a runner group to be accessible to a specific list of repositories, all private repositories, or all repositories in the organization. +When creating a group, you must choose a policy that defines which repositories have access to the runner group. {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.org_settings %} @@ -41,9 +41,19 @@ When creating a group, you must choose a policy that defines which repositories 1. In the **Self-hosted runners** section, click **Add new**, and then **New group**. ![Add runner group](/assets/images/help/settings/actions-org-add-runner-group.png) -1. Enter a name for your runner group, and select an access policy from the **Repository access** dropdown list. +1. Enter a name for your runner group, and assign a policy for repository access. - ![Add runner group options](/assets/images/help/settings/actions-org-add-runner-group-options.png) + {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} You can configure a runner group to be accessible to a specific list of repositories, or to all repositories in the organization. By default, public repositories can't access runners in a runner group, but you can use the **Allow public repositories** option to override this.{% else if currentVersion == "enterprise-server@2.22"%}You can configure a runner group to be accessible to a specific list of repositories, all private repositories, or all repositories in the organization.{% endif %} + + {% warning %} + + **Warning** + {% indented_data_reference site.data.reusables.github-actions.self-hosted-runner-security spaces=3 %} + For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)." + + {% endwarning %} + + ![Add runner group options](/assets/images/help/settings/actions-org-add-runner-group-options.png) 1. Click **Save group** to create the group and apply the policy. ### Creating a self-hosted runner group for an enterprise @@ -52,7 +62,7 @@ Enterprises can add their self-hosted runners to groups for access management. E Self-hosted runners are automatically assigned to the default group when created, and can only be members of one group at a time. You can assign the runner to a specific group during the registration process, or you can later move the runner from the default group to a custom group. -When creating a group, you must choose a policy that grants access to all organizations in the enterprise or choose specific organizations. +When creating a group, you must choose a policy that defines which organizations have access to the runner group. {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} @@ -61,7 +71,17 @@ When creating a group, you must choose a policy that grants access to all organi 1. Click **Add new**, and then **New group**. ![Add runner group](/assets/images/help/settings/actions-enterprise-account-add-runner-group.png) -1. Enter a name for your runner group, and select an access policy from the **Organization access** dropdown list. +1. Enter a name for your runner group, and assign a policy for organization access. + + {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} You can configure a runner group to be accessible to a specific list of organizations, or all organizations in the enterprise. By default, public repositories can't access runners in a runner group, but you can use the **Allow public repositories** option to override this.{% else if currentVersion == "enterprise-server@2.22"%}You can configure a runner group to be accessible to all organizations in the enterprise or choose specific organizations.{% endif %} + + {% warning %} + + **Warning** + {% indented_data_reference site.data.reusables.github-actions.self-hosted-runner-security spaces=3 %} + For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)." + + {% endwarning %} ![Add runner group options](/assets/images/help/settings/actions-enterprise-account-add-runner-group-options.png) 1. Click **Save group** to create the group and apply the policy. diff --git a/data/reusables/github-actions/self-hosted-runner-configure-runner-group-access.md b/data/reusables/github-actions/self-hosted-runner-configure-runner-group-access.md index ca9344288821..3b16ae0499dc 100644 --- a/data/reusables/github-actions/self-hosted-runner-configure-runner-group-access.md +++ b/data/reusables/github-actions/self-hosted-runner-configure-runner-group-access.md @@ -1,3 +1,11 @@ 1. In the **Self-hosted runners** section of the settings page, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %} next to the runner group you'd like to configure, then click **Edit name and [organization|repository] access**. ![Manage repository permissions](/assets/images/help/settings/actions-runner-manage-permissions.png) -1. Select a new policy from the dropdown list, or modify the runner group name. +1. Modify your policy options, or change the runner group name. + + {% warning %} + + **Warning** + {% indented_data_reference site.data.reusables.github-actions.self-hosted-runner-security spaces=3 %} + For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories)." + + {% endwarning %}