GitHub Actions: Restrict self-hosted runner groups to specific workflows

You can now restrict self-hosted runner groups to only be accessible from certain workflows.

In addition to restricting which repositories can access specific enterprise and organization runner groups, administrators can further control access by selecting specific workflow files and versions. Combining this feature with reusable workflow can help you create more secure standard workflows in your organization.

Workflow access dialog

Learn more about restricting access to self-hosted runners

For questions, visit the GitHub Actions community

To see what's next for Actions, visit our public roadmap

JUN.12Retired
GitHub Actions: Minimum version enforcement timeline for self-hosted runners
- Actions
JUN.11Improvement
Bot-created pull requests can run workflows if approved
- Actions
JUN.11Release
GitHub Agentic Workflows is now in public preview
- Actions
JUN.11Release
New runner images in public preview
- Actions
MAY.14Improvement
GitHub Actions: Upcoming image migrations
- Actions
MAY.7Improvement
GitHub Actions concurrency groups now allow larger queues
- Actions
APR.27Improvement
Copilot cloud agent starts 20% faster with Actions custom images
- Actions
APR.27Release
GitHub Copilot code review will start consuming GitHub Actions minutes on June 1, 2026
- Actions
APR.24Improvement
Notice about upcoming new format for GitHub App installation tokens
- Actions

GitHub Actions: Restrict self-hosted runner groups to specific workflows

Related Posts

Subscribe to our developer newsletter