How to Enforce an Organization Required Workflow Across Repos
A required workflow configured on an org ruleset runs on pull requests in targeted repos and must pass before merge, enforced centrally.
In org Settings, create a repository ruleset that targets a set of repos and requires a specific workflow from a source repo. The workflow runs on matching pull requests and blocks merges until it succeeds.
Steps
- Store the enforcement workflow in a source repo (public or org-accessible).
- In org Settings to Rulesets, add a ruleset targeting the desired repos.
- Add a "Require workflows to pass" rule pointing at
owner/source/.github/workflows/policy.yml@ref.
The enforced workflow
.github/workflows/policy.yml
on:
pull_request:
jobs:
policy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: ./scripts/license-check.shGotchas
- Required workflows apply to pull_request events on the targeted repos; they do not retroactively gate direct pushes.
- The source workflow must be reachable by the target repos, so keep it in an org-visible repo.
Related guides
How to Share a Reusable Workflow From a Central RepoKeep one canonical CI workflow in a central repository and call it from every other repo with uses and workfl…
How to Share Secrets Across Repos With Organization SecretsDefine a secret once at the organization level and scope it to selected repositories, so many repos share the…