GitHub Actions org allowlist blocks a third-party action
Organization actions policy can restrict which actions run - GitHub-authored only, verified creators, or a specific allowlist. A uses step referencing a non-allowed third-party action is blocked before the job runs.
What this error means
A workflow fails because a referenced action is not in the organization’s allowed-actions list.
github-actions
Error: some-org/some-action@v3 is not allowed by the organization's actions policy.
This action is not in the list of allowed actions for the organization.Common causes
Org policy restricts allowed actions
The org limits actions to specific publishers or an explicit allowlist.
Action not added to the allowlist
A new third-party action must be explicitly permitted to run.
How to fix it
Add the action to the org allowlist
- An org admin opens Settings > Actions > General > Allowed actions.
- Add the specific action (with version pattern) to the allowlist.
Use an allowed equivalent or vendor the action
- Replace the blocked action with a GitHub- or verified-creator action that is permitted.
- Or fork/vendor the action into an allowed namespace.
.github/workflows/ci.yml
jobs:
build:
steps:
- uses: actions/checkout@v4How to prevent it
- Know your org actions policy before adding third-party actions.
- Request allowlist additions through your org admins ahead of time.
Related guides
GitHub Actions reusable workflow ref must be a full-length commit SHA (org policy)Fix a blocked reusable-workflow call when org policy requires pinning uses to a 40-character commit SHA, not…
GitHub Actions "Unable to resolve action, repository not found"Fix GitHub Actions "Unable to resolve action, repository not found" - the action repo in uses does not exist…
GitHub Actions "refusing to allow a GitHub App to create or update workflow"Fix GitHub Actions "refusing to allow a GitHub App ... to create or update workflow" - pushing changes to .gi…