Reusable workflows reference

Access to reusable workflows

A reusable workflow can be used by another workflow if any of the following is true:

Both workflows are in the same repository.
The called workflow is stored in a public repository on GitHub Enterprise Server.

You cannot directly use reusable workflows defined on GitHub.com. Instead store a copy of the reusable workflow on Ihre GitHub Enterprise Server-Instance, and call the workflow from that path.
The called workflow is stored in an internal repository and the settings for that repository allow it to be accessed. For more information, see Freigeben von Aktionen und Workflows in deinem Unternehmen.
The called workflow is stored in a private repository and the settings for that repository allow it to be accessed. For more information, see Freigeben von Aktionen und Workflows in deinem Unternehmen.

The following table shows the accessibility of reusable workflows to a caller workflow, depending on the visibility of the host repository.

Caller repository	Accessible workflows repositories
`private`	`private`, `internal`, and `public`
`internal`	`internal`, and `public`
`public`	`public`

The Actions permissions on the callers repository's Actions settings page must be configured to allow the use of actions and reusable workflows - see Verwalten von GitHub Actions-Einstellungen für ein Repository.

For internal or private repositories, the Access policy on the Actions settings page of the called workflow's repository must be explicitly configured to allow access from repositories containing caller workflows - see Verwalten von GitHub Actions-Einstellungen für ein Repository.

Hinweis

Um die Sicherheit zu erhöhen, unterstützt GitHub Actions keine Umleitungen für Aktionen oder wiederverwendbare Workflows. Dies bedeutet, dass bei einer Änderung des Besitzers bzw. der Besitzerin, des Namens des Repositorys einer Aktion oder des Namens einer Aktion alle Workflows, die diese Aktion mit dem vorherigen Namen verwenden, fehlschlagen.

Limitations

You can connect up to four levels of workflows. For more information, see Nesting reusable workflows.
You can call a maximum of 20 unique reusable workflows from a single workflow file. This limit includes any trees of nested reusable workflows that may be called starting from your top-level caller workflow file.

For example, top-level-caller-workflow.yml → called-workflow-1.yml → called-workflow-2.yml counts as 2 reusable workflows.
Any environment variables set in an env context defined at the workflow level in the caller workflow are not propagated to the called workflow. For more information, see Speichern von Informationen in Variablen and Contexts reference.
Similarly, environment variables set in the env context, defined in the called workflow, are not accessible in the env context of the caller workflow. Instead, you must use outputs of the reusable workflow. For more information, see Using outputs from a reusable workflow.
To reuse variables in multiple workflows, set them at the organization, repository, or environment levels and reference them using the vars context. For more information see Speichern von Informationen in Variablen and Contexts reference.
Reusable workflows are called directly within a job, and not from within a job step. You cannot, therefore, use GITHUB_ENV to pass values to job steps in the caller workflow.

Supported keywords for jobs that call a reusable workflow

When you call a reusable workflow, you can only use the following keywords in the job containing the call:

jobs.<job_id>.name
jobs.<job_id>.uses
jobs.<job_id>.with
jobs.<job_id>.with.<input_id>
jobs.<job_id>.secrets
jobs.<job_id>.secrets.<secret_id>
jobs.<job_id>.secrets.inherit
jobs.<job_id>.strategy
jobs.<job_id>.needs
jobs.<job_id>.if
jobs.<job_id>.concurrency
jobs.<job_id>.permissions
Hinweis
- If jobs.<job_id>.permissions is not specified in the calling job, the called workflow will have the default permissions for the GITHUB_TOKEN. For more information, see GITHUB_TOKEN reference.
- The GITHUB_TOKEN permissions passed from the caller workflow can be only downgraded (not elevated) by the called workflow.
- If you use jobs.<job_id>.concurrency.cancel-in-progress: true, don't use the same value for jobs.<job_id>.concurrency.group in the called and caller workflows as this will cause the workflow that's already running to be cancelled. A called workflow uses the name of its caller workflow in ${{ github.workflow }}, so using this context as the value of jobs.<job_id>.concurrency.group in both caller and called workflows will cause the caller workflow to be cancelled when the called workflow runs.

How reusable workflows use runners

GitHub-hosted runners

The assignment of GitHub-hosted runners is always evaluated using only the caller's context. Billing for GitHub-hosted runners is always associated with the caller. The caller workflow cannot use GitHub-hosted runners from the called repository. For more information, see About GitHub-hosted runners.

Self-hosted runners

Called workflows that are owned by the same user or organization or enterprise as the caller workflow can access self-hosted runners from the caller's context. This means that a called workflow can access self-hosted runners that are:

In the caller repository
In the caller repository's organization or enterprise, provided that the runner has been made available to the caller repository

Access and permissions for nested workflows

A workflow that contains nested reusable workflows will fail if any of the nested workflows is inaccessible to the initial caller workflow. For more information, see Access to reusable workflows.

GITHUB_TOKEN permissions can only be the same or more restrictive in nested workflows. For example, in the workflow chain A > B > C, if workflow A has package: read token permission, then B and C cannot have package: write permission. For more information, see Use GITHUB_TOKEN in workflows.

For information on how to use the API to determine which workflow files were involved in a particular workflow run, see Reuse workflows.

Behavior of reusable workflows when re-running jobs

Auf wiederverwendbare Workflows aus öffentlichen Repositorys kann mithilfe eines SHA, eines Releasetags oder eines Branchnamens verwiesen werden. Weitere Informationen finden Sie unter Reuse workflows.

Wenn du einen Workflow, der einen wiederverwendbaren Workflow verwendet, erneut ausführst, und der Verweis kein SHA-Verweis ist, sind einige Verhaltensweisen zu beachten:

Bei erneuter Ausführung aller Aufträge in einem Workflow wird der wiederverwendbare Workflow aus dem angegebenen Verweis verwendet. Weitere Informationen zum erneuten Ausführen aller Aufträge in einem Workflow findest du unter Erneutes Ausführen von Workflows und Jobs.
Beim erneuten Ausführen fehlerhafter Aufträge oder eines bestimmten Auftrags in einem Workflow wird der wiederverwendbare Workflow aus dem Commit-SHA des ersten Versuches verwendet. Weitere Informationen zum erneuten Ausführen fehlerhafter Aufträge in einem Workflow findest du unter Erneutes Ausführen von Workflows und Jobs. Weitere Informationen zum erneuten Ausführen eines bestimmten Auftrags in einem Workflow findest du unter Erneutes Ausführen von Workflows und Jobs.

`github` context

When a reusable workflow is triggered by a caller workflow, the github context is always associated with the caller workflow. The called workflow is automatically granted access to github.token and secrets.GITHUB_TOKEN. For more information about the github context, see Contexts reference.

In diesem Artikel