diff --git a/provider/cmd/pulumi-resource-github/bridge-metadata.json b/provider/cmd/pulumi-resource-github/bridge-metadata.json
index 4bb1e3c9..2602c568 100644
--- a/provider/cmd/pulumi-resource-github/bridge-metadata.json
+++ b/provider/cmd/pulumi-resource-github/bridge-metadata.json
@@ -307,6 +307,32 @@
"current": "github:index/emuGroupMapping:EmuGroupMapping",
"majorVersion": 6
},
+ "github_enterprise_actions_permissions": {
+ "current": "github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions",
+ "majorVersion": 6,
+ "fields": {
+ "allowed_actions_config": {
+ "maxItemsOne": true,
+ "elem": {
+ "fields": {
+ "patterns_allowed": {
+ "maxItemsOne": false
+ }
+ }
+ }
+ },
+ "enabled_organizations_config": {
+ "maxItemsOne": true,
+ "elem": {
+ "fields": {
+ "organization_ids": {
+ "maxItemsOne": false
+ }
+ }
+ }
+ }
+ }
+ },
"github_enterprise_organization": {
"current": "github:index/enterpriseOrganization:EnterpriseOrganization",
"majorVersion": 6,
diff --git a/provider/cmd/pulumi-resource-github/schema.json b/provider/cmd/pulumi-resource-github/schema.json
index b49c2693..6d9ab840 100644
--- a/provider/cmd/pulumi-resource-github/schema.json
+++ b/provider/cmd/pulumi-resource-github/schema.json
@@ -403,6 +403,44 @@
},
"type": "object"
},
+ "github:index/EnterpriseActionsPermissionsAllowedActionsConfig:EnterpriseActionsPermissionsAllowedActionsConfig": {
+ "properties": {
+ "githubOwnedAllowed": {
+ "type": "boolean",
+ "description": "Whether GitHub-owned actions are allowed in the organization.\n"
+ },
+ "patternsAlloweds": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "description": "Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*.\"\n"
+ },
+ "verifiedAllowed": {
+ "type": "boolean",
+ "description": "Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.\n"
+ }
+ },
+ "type": "object",
+ "required": [
+ "githubOwnedAllowed"
+ ]
+ },
+ "github:index/EnterpriseActionsPermissionsEnabledOrganizationsConfig:EnterpriseActionsPermissionsEnabledOrganizationsConfig": {
+ "properties": {
+ "organizationIds": {
+ "type": "array",
+ "items": {
+ "type": "integer"
+ },
+ "description": "List of organization IDs to enable for GitHub Actions.\n"
+ }
+ },
+ "type": "object",
+ "required": [
+ "organizationIds"
+ ]
+ },
"github:index/IssueLabelsLabel:IssueLabelsLabel": {
"properties": {
"color": {
@@ -5416,6 +5454,89 @@
"type": "object"
}
},
+ "github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions": {
+ "description": "This resource allows you to create and manage GitHub Actions permissions within your GitHub enterprise.\nYou must have admin access to an enterprise to use this resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as github from \"@pulumi/github\";\n\nconst example-enterprise = github.getEnterprise({\n slug: \"my-enterprise\",\n});\nconst example-org = github.getOrganization({\n name: \"my-org\",\n});\nconst test = new github.EnterpriseActionsPermissions(\"test\", {\n enterpriseId: example_enterprise.then(example_enterprise =\u003e example_enterprise.slug),\n allowedActions: \"selected\",\n enabledOrganizations: \"selected\",\n allowedActionsConfig: {\n githubOwnedAllowed: true,\n patternsAlloweds: [\n \"actions/cache@*\",\n \"actions/checkout@*\",\n ],\n verifiedAllowed: true,\n },\n enabledOrganizationsConfig: {\n organizationIds: [example_org.then(example_org =\u003e example_org.id)],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_github as github\n\nexample_enterprise = github.get_enterprise(slug=\"my-enterprise\")\nexample_org = github.get_organization(name=\"my-org\")\ntest = github.EnterpriseActionsPermissions(\"test\",\n enterprise_id=example_enterprise.slug,\n allowed_actions=\"selected\",\n enabled_organizations=\"selected\",\n allowed_actions_config=github.EnterpriseActionsPermissionsAllowedActionsConfigArgs(\n github_owned_allowed=True,\n patterns_alloweds=[\n \"actions/cache@*\",\n \"actions/checkout@*\",\n ],\n verified_allowed=True,\n ),\n enabled_organizations_config=github.EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs(\n organization_ids=[example_org.id],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Github = Pulumi.Github;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example_enterprise = Github.GetEnterprise.Invoke(new()\n {\n Slug = \"my-enterprise\",\n });\n\n var example_org = Github.GetOrganization.Invoke(new()\n {\n Name = \"my-org\",\n });\n\n var test = new Github.EnterpriseActionsPermissions(\"test\", new()\n {\n EnterpriseId = example_enterprise.Apply(example_enterprise =\u003e example_enterprise.Apply(getEnterpriseResult =\u003e getEnterpriseResult.Slug)),\n AllowedActions = \"selected\",\n EnabledOrganizations = \"selected\",\n AllowedActionsConfig = new Github.Inputs.EnterpriseActionsPermissionsAllowedActionsConfigArgs\n {\n GithubOwnedAllowed = true,\n PatternsAlloweds = new[]\n {\n \"actions/cache@*\",\n \"actions/checkout@*\",\n },\n VerifiedAllowed = true,\n },\n EnabledOrganizationsConfig = new Github.Inputs.EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs\n {\n OrganizationIds = new[]\n {\n example_org.Apply(example_org =\u003e example_org.Apply(getOrganizationResult =\u003e getOrganizationResult.Id)),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-github/sdk/v6/go/github\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample_enterprise, err := github.GetEnterprise(ctx, \u0026github.GetEnterpriseArgs{\n\t\t\tSlug: \"my-enterprise\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample_org, err := github.GetOrganization(ctx, \u0026github.GetOrganizationArgs{\n\t\t\tName: \"my-org\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = github.NewEnterpriseActionsPermissions(ctx, \"test\", \u0026github.EnterpriseActionsPermissionsArgs{\n\t\t\tEnterpriseId: *pulumi.String(example_enterprise.Slug),\n\t\t\tAllowedActions: pulumi.String(\"selected\"),\n\t\t\tEnabledOrganizations: pulumi.String(\"selected\"),\n\t\t\tAllowedActionsConfig: \u0026github.EnterpriseActionsPermissionsAllowedActionsConfigArgs{\n\t\t\t\tGithubOwnedAllowed: pulumi.Bool(true),\n\t\t\t\tPatternsAlloweds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"actions/cache@*\"),\n\t\t\t\t\tpulumi.String(\"actions/checkout@*\"),\n\t\t\t\t},\n\t\t\t\tVerifiedAllowed: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEnabledOrganizationsConfig: \u0026github.EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs{\n\t\t\t\tOrganizationIds: pulumi.IntArray{\n\t\t\t\t\t*pulumi.String(example_org.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.github.GithubFunctions;\nimport com.pulumi.github.inputs.GetEnterpriseArgs;\nimport com.pulumi.github.inputs.GetOrganizationArgs;\nimport com.pulumi.github.EnterpriseActionsPermissions;\nimport com.pulumi.github.EnterpriseActionsPermissionsArgs;\nimport com.pulumi.github.inputs.EnterpriseActionsPermissionsAllowedActionsConfigArgs;\nimport com.pulumi.github.inputs.EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example-enterprise = GithubFunctions.getEnterprise(GetEnterpriseArgs.builder()\n .slug(\"my-enterprise\")\n .build());\n\n final var example-org = GithubFunctions.getOrganization(GetOrganizationArgs.builder()\n .name(\"my-org\")\n .build());\n\n var test = new EnterpriseActionsPermissions(\"test\", EnterpriseActionsPermissionsArgs.builder() \n .enterpriseId(example_enterprise.slug())\n .allowedActions(\"selected\")\n .enabledOrganizations(\"selected\")\n .allowedActionsConfig(EnterpriseActionsPermissionsAllowedActionsConfigArgs.builder()\n .githubOwnedAllowed(true)\n .patternsAlloweds( \n \"actions/cache@*\",\n \"actions/checkout@*\")\n .verifiedAllowed(true)\n .build())\n .enabledOrganizationsConfig(EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs.builder()\n .organizationIds(example_org.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: github:EnterpriseActionsPermissions\n properties:\n enterpriseId: ${[\"example-enterprise\"].slug}\n allowedActions: selected\n enabledOrganizations: selected\n allowedActionsConfig:\n githubOwnedAllowed: true\n patternsAlloweds:\n - actions/cache@*\n - actions/checkout@*\n verifiedAllowed: true\n enabledOrganizationsConfig:\n organizationIds:\n - ${[\"example-org\"].id}\nvariables:\n example-enterprise:\n fn::invoke:\n Function: github:getEnterprise\n Arguments:\n slug: my-enterprise\n example-org:\n fn::invoke:\n Function: github:getOrganization\n Arguments:\n name: my-org\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource can be imported using the name of the GitHub enterprise:\n\n```sh\n $ pulumi import github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions test github_enterprise_name\n```\n ",
+ "properties": {
+ "allowedActions": {
+ "type": "string",
+ "description": "The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.\n"
+ },
+ "allowedActionsConfig": {
+ "$ref": "#/types/github:index/EnterpriseActionsPermissionsAllowedActionsConfig:EnterpriseActionsPermissionsAllowedActionsConfig",
+ "description": "Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.\n"
+ },
+ "enabledOrganizations": {
+ "type": "string",
+ "description": "The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.\n"
+ },
+ "enabledOrganizationsConfig": {
+ "$ref": "#/types/github:index/EnterpriseActionsPermissionsEnabledOrganizationsConfig:EnterpriseActionsPermissionsEnabledOrganizationsConfig",
+ "description": "Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.\n"
+ },
+ "enterpriseId": {
+ "type": "string",
+ "description": "The ID of the enterprise.\n"
+ }
+ },
+ "required": [
+ "enabledOrganizations",
+ "enterpriseId"
+ ],
+ "inputProperties": {
+ "allowedActions": {
+ "type": "string",
+ "description": "The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.\n"
+ },
+ "allowedActionsConfig": {
+ "$ref": "#/types/github:index/EnterpriseActionsPermissionsAllowedActionsConfig:EnterpriseActionsPermissionsAllowedActionsConfig",
+ "description": "Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.\n"
+ },
+ "enabledOrganizations": {
+ "type": "string",
+ "description": "The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.\n"
+ },
+ "enabledOrganizationsConfig": {
+ "$ref": "#/types/github:index/EnterpriseActionsPermissionsEnabledOrganizationsConfig:EnterpriseActionsPermissionsEnabledOrganizationsConfig",
+ "description": "Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.\n"
+ },
+ "enterpriseId": {
+ "type": "string",
+ "description": "The ID of the enterprise.\n",
+ "willReplaceOnChanges": true
+ }
+ },
+ "requiredInputs": [
+ "enabledOrganizations",
+ "enterpriseId"
+ ],
+ "stateInputs": {
+ "description": "Input properties used for looking up and filtering EnterpriseActionsPermissions resources.\n",
+ "properties": {
+ "allowedActions": {
+ "type": "string",
+ "description": "The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.\n"
+ },
+ "allowedActionsConfig": {
+ "$ref": "#/types/github:index/EnterpriseActionsPermissionsAllowedActionsConfig:EnterpriseActionsPermissionsAllowedActionsConfig",
+ "description": "Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.\n"
+ },
+ "enabledOrganizations": {
+ "type": "string",
+ "description": "The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.\n"
+ },
+ "enabledOrganizationsConfig": {
+ "$ref": "#/types/github:index/EnterpriseActionsPermissionsEnabledOrganizationsConfig:EnterpriseActionsPermissionsEnabledOrganizationsConfig",
+ "description": "Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.\n"
+ },
+ "enterpriseId": {
+ "type": "string",
+ "description": "The ID of the enterprise.\n",
+ "willReplaceOnChanges": true
+ }
+ },
+ "type": "object"
+ }
+ },
"github:index/enterpriseOrganization:EnterpriseOrganization": {
"description": "This resource allows you to create and manage a GitHub enterprise organization.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as github from \"@pulumi/github\";\n\nconst org = new github.EnterpriseOrganization(\"org\", {\n enterpriseId: data.github_enterprise.enterprise.id,\n displayName: \"Some Awesome Org\",\n description: \"Organization created with terraform\",\n billingEmail: \"jon@winteriscoming.com\",\n adminLogins: [\"jon-snow\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_github as github\n\norg = github.EnterpriseOrganization(\"org\",\n enterprise_id=data[\"github_enterprise\"][\"enterprise\"][\"id\"],\n display_name=\"Some Awesome Org\",\n description=\"Organization created with terraform\",\n billing_email=\"jon@winteriscoming.com\",\n admin_logins=[\"jon-snow\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Github = Pulumi.Github;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var org = new Github.EnterpriseOrganization(\"org\", new()\n {\n EnterpriseId = data.Github_enterprise.Enterprise.Id,\n DisplayName = \"Some Awesome Org\",\n Description = \"Organization created with terraform\",\n BillingEmail = \"jon@winteriscoming.com\",\n AdminLogins = new[]\n {\n \"jon-snow\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-github/sdk/v6/go/github\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := github.NewEnterpriseOrganization(ctx, \"org\", \u0026github.EnterpriseOrganizationArgs{\n\t\t\tEnterpriseId: pulumi.Any(data.Github_enterprise.Enterprise.Id),\n\t\t\tDisplayName: pulumi.String(\"Some Awesome Org\"),\n\t\t\tDescription: pulumi.String(\"Organization created with terraform\"),\n\t\t\tBillingEmail: pulumi.String(\"jon@winteriscoming.com\"),\n\t\t\tAdminLogins: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"jon-snow\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.github.EnterpriseOrganization;\nimport com.pulumi.github.EnterpriseOrganizationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var org = new EnterpriseOrganization(\"org\", EnterpriseOrganizationArgs.builder() \n .enterpriseId(data.github_enterprise().enterprise().id())\n .displayName(\"Some Awesome Org\")\n .description(\"Organization created with terraform\")\n .billingEmail(\"jon@winteriscoming.com\")\n .adminLogins(\"jon-snow\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n org:\n type: github:EnterpriseOrganization\n properties:\n enterpriseId: ${data.github_enterprise.enterprise.id}\n displayName: Some Awesome Org\n description: Organization created with terraform\n billingEmail: jon@winteriscoming.com\n adminLogins:\n - jon-snow\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGitHub Enterprise Organization can be imported using the `slug` of the enterprise, combined with the `orgname` of the organization, separated by a `/` character.\n\n```sh\n $ pulumi import github:index/enterpriseOrganization:EnterpriseOrganization org enterp/some-awesome-org\n```\n ",
"properties": {
diff --git a/sdk/dotnet/EnterpriseActionsPermissions.cs b/sdk/dotnet/EnterpriseActionsPermissions.cs
new file mode 100644
index 00000000..60e86304
--- /dev/null
+++ b/sdk/dotnet/EnterpriseActionsPermissions.cs
@@ -0,0 +1,223 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Github
+{
+ ///
+ /// This resource allows you to create and manage GitHub Actions permissions within your GitHub enterprise.
+ /// You must have admin access to an enterprise to use this resource.
+ ///
+ /// ## Example Usage
+ ///
+ /// ```csharp
+ /// using System.Collections.Generic;
+ /// using System.Linq;
+ /// using Pulumi;
+ /// using Github = Pulumi.Github;
+ ///
+ /// return await Deployment.RunAsync(() =>
+ /// {
+ /// var example_enterprise = Github.GetEnterprise.Invoke(new()
+ /// {
+ /// Slug = "my-enterprise",
+ /// });
+ ///
+ /// var example_org = Github.GetOrganization.Invoke(new()
+ /// {
+ /// Name = "my-org",
+ /// });
+ ///
+ /// var test = new Github.EnterpriseActionsPermissions("test", new()
+ /// {
+ /// EnterpriseId = example_enterprise.Apply(example_enterprise => example_enterprise.Apply(getEnterpriseResult => getEnterpriseResult.Slug)),
+ /// AllowedActions = "selected",
+ /// EnabledOrganizations = "selected",
+ /// AllowedActionsConfig = new Github.Inputs.EnterpriseActionsPermissionsAllowedActionsConfigArgs
+ /// {
+ /// GithubOwnedAllowed = true,
+ /// PatternsAlloweds = new[]
+ /// {
+ /// "actions/cache@*",
+ /// "actions/checkout@*",
+ /// },
+ /// VerifiedAllowed = true,
+ /// },
+ /// EnabledOrganizationsConfig = new Github.Inputs.EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs
+ /// {
+ /// OrganizationIds = new[]
+ /// {
+ /// example_org.Apply(example_org => example_org.Apply(getOrganizationResult => getOrganizationResult.Id)),
+ /// },
+ /// },
+ /// });
+ ///
+ /// });
+ /// ```
+ ///
+ /// ## Import
+ ///
+ /// This resource can be imported using the name of the GitHub enterprise:
+ ///
+ /// ```sh
+ /// $ pulumi import github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions test github_enterprise_name
+ /// ```
+ ///
+ [GithubResourceType("github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions")]
+ public partial class EnterpriseActionsPermissions : global::Pulumi.CustomResource
+ {
+ ///
+ /// The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ ///
+ [Output("allowedActions")]
+ public Output AllowedActions { get; private set; } = null!;
+
+ ///
+ /// Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ ///
+ [Output("allowedActionsConfig")]
+ public Output AllowedActionsConfig { get; private set; } = null!;
+
+ ///
+ /// The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ ///
+ [Output("enabledOrganizations")]
+ public Output EnabledOrganizations { get; private set; } = null!;
+
+ ///
+ /// Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ ///
+ [Output("enabledOrganizationsConfig")]
+ public Output EnabledOrganizationsConfig { get; private set; } = null!;
+
+ ///
+ /// The ID of the enterprise.
+ ///
+ [Output("enterpriseId")]
+ public Output EnterpriseId { get; private set; } = null!;
+
+
+ ///
+ /// Create a EnterpriseActionsPermissions resource with the given unique name, arguments, and options.
+ ///
+ ///
+ /// The unique name of the resource
+ /// The arguments used to populate this resource's properties
+ /// A bag of options that control this resource's behavior
+ public EnterpriseActionsPermissions(string name, EnterpriseActionsPermissionsArgs args, CustomResourceOptions? options = null)
+ : base("github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions", name, args ?? new EnterpriseActionsPermissionsArgs(), MakeResourceOptions(options, ""))
+ {
+ }
+
+ private EnterpriseActionsPermissions(string name, Input id, EnterpriseActionsPermissionsState? state = null, CustomResourceOptions? options = null)
+ : base("github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions", name, state, MakeResourceOptions(options, id))
+ {
+ }
+
+ private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id)
+ {
+ var defaultOptions = new CustomResourceOptions
+ {
+ Version = Utilities.Version,
+ };
+ var merged = CustomResourceOptions.Merge(defaultOptions, options);
+ // Override the ID if one was specified for consistency with other language SDKs.
+ merged.Id = id ?? merged.Id;
+ return merged;
+ }
+ ///
+ /// Get an existing EnterpriseActionsPermissions resource's state with the given name, ID, and optional extra
+ /// properties used to qualify the lookup.
+ ///
+ ///
+ /// The unique name of the resulting resource.
+ /// The unique provider ID of the resource to lookup.
+ /// Any extra arguments used during the lookup.
+ /// A bag of options that control this resource's behavior
+ public static EnterpriseActionsPermissions Get(string name, Input id, EnterpriseActionsPermissionsState? state = null, CustomResourceOptions? options = null)
+ {
+ return new EnterpriseActionsPermissions(name, id, state, options);
+ }
+ }
+
+ public sealed class EnterpriseActionsPermissionsArgs : global::Pulumi.ResourceArgs
+ {
+ ///
+ /// The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ ///
+ [Input("allowedActions")]
+ public Input? AllowedActions { get; set; }
+
+ ///
+ /// Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ ///
+ [Input("allowedActionsConfig")]
+ public Input? AllowedActionsConfig { get; set; }
+
+ ///
+ /// The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ ///
+ [Input("enabledOrganizations", required: true)]
+ public Input EnabledOrganizations { get; set; } = null!;
+
+ ///
+ /// Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ ///
+ [Input("enabledOrganizationsConfig")]
+ public Input? EnabledOrganizationsConfig { get; set; }
+
+ ///
+ /// The ID of the enterprise.
+ ///
+ [Input("enterpriseId", required: true)]
+ public Input EnterpriseId { get; set; } = null!;
+
+ public EnterpriseActionsPermissionsArgs()
+ {
+ }
+ public static new EnterpriseActionsPermissionsArgs Empty => new EnterpriseActionsPermissionsArgs();
+ }
+
+ public sealed class EnterpriseActionsPermissionsState : global::Pulumi.ResourceArgs
+ {
+ ///
+ /// The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ ///
+ [Input("allowedActions")]
+ public Input? AllowedActions { get; set; }
+
+ ///
+ /// Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ ///
+ [Input("allowedActionsConfig")]
+ public Input? AllowedActionsConfig { get; set; }
+
+ ///
+ /// The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ ///
+ [Input("enabledOrganizations")]
+ public Input? EnabledOrganizations { get; set; }
+
+ ///
+ /// Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ ///
+ [Input("enabledOrganizationsConfig")]
+ public Input? EnabledOrganizationsConfig { get; set; }
+
+ ///
+ /// The ID of the enterprise.
+ ///
+ [Input("enterpriseId")]
+ public Input? EnterpriseId { get; set; }
+
+ public EnterpriseActionsPermissionsState()
+ {
+ }
+ public static new EnterpriseActionsPermissionsState Empty => new EnterpriseActionsPermissionsState();
+ }
+}
diff --git a/sdk/dotnet/Inputs/EnterpriseActionsPermissionsAllowedActionsConfigArgs.cs b/sdk/dotnet/Inputs/EnterpriseActionsPermissionsAllowedActionsConfigArgs.cs
new file mode 100644
index 00000000..61128940
--- /dev/null
+++ b/sdk/dotnet/Inputs/EnterpriseActionsPermissionsAllowedActionsConfigArgs.cs
@@ -0,0 +1,44 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Github.Inputs
+{
+
+ public sealed class EnterpriseActionsPermissionsAllowedActionsConfigArgs : global::Pulumi.ResourceArgs
+ {
+ ///
+ /// Whether GitHub-owned actions are allowed in the organization.
+ ///
+ [Input("githubOwnedAllowed", required: true)]
+ public Input GithubOwnedAllowed { get; set; } = null!;
+
+ [Input("patternsAlloweds")]
+ private InputList? _patternsAlloweds;
+
+ ///
+ /// Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ ///
+ public InputList PatternsAlloweds
+ {
+ get => _patternsAlloweds ?? (_patternsAlloweds = new InputList());
+ set => _patternsAlloweds = value;
+ }
+
+ ///
+ /// Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ ///
+ [Input("verifiedAllowed")]
+ public Input? VerifiedAllowed { get; set; }
+
+ public EnterpriseActionsPermissionsAllowedActionsConfigArgs()
+ {
+ }
+ public static new EnterpriseActionsPermissionsAllowedActionsConfigArgs Empty => new EnterpriseActionsPermissionsAllowedActionsConfigArgs();
+ }
+}
diff --git a/sdk/dotnet/Inputs/EnterpriseActionsPermissionsAllowedActionsConfigGetArgs.cs b/sdk/dotnet/Inputs/EnterpriseActionsPermissionsAllowedActionsConfigGetArgs.cs
new file mode 100644
index 00000000..a422f1f1
--- /dev/null
+++ b/sdk/dotnet/Inputs/EnterpriseActionsPermissionsAllowedActionsConfigGetArgs.cs
@@ -0,0 +1,44 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Github.Inputs
+{
+
+ public sealed class EnterpriseActionsPermissionsAllowedActionsConfigGetArgs : global::Pulumi.ResourceArgs
+ {
+ ///
+ /// Whether GitHub-owned actions are allowed in the organization.
+ ///
+ [Input("githubOwnedAllowed", required: true)]
+ public Input GithubOwnedAllowed { get; set; } = null!;
+
+ [Input("patternsAlloweds")]
+ private InputList? _patternsAlloweds;
+
+ ///
+ /// Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ ///
+ public InputList PatternsAlloweds
+ {
+ get => _patternsAlloweds ?? (_patternsAlloweds = new InputList());
+ set => _patternsAlloweds = value;
+ }
+
+ ///
+ /// Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ ///
+ [Input("verifiedAllowed")]
+ public Input? VerifiedAllowed { get; set; }
+
+ public EnterpriseActionsPermissionsAllowedActionsConfigGetArgs()
+ {
+ }
+ public static new EnterpriseActionsPermissionsAllowedActionsConfigGetArgs Empty => new EnterpriseActionsPermissionsAllowedActionsConfigGetArgs();
+ }
+}
diff --git a/sdk/dotnet/Inputs/EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs.cs b/sdk/dotnet/Inputs/EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs.cs
new file mode 100644
index 00000000..66e944ef
--- /dev/null
+++ b/sdk/dotnet/Inputs/EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs.cs
@@ -0,0 +1,32 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Github.Inputs
+{
+
+ public sealed class EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs : global::Pulumi.ResourceArgs
+ {
+ [Input("organizationIds", required: true)]
+ private InputList? _organizationIds;
+
+ ///
+ /// List of organization IDs to enable for GitHub Actions.
+ ///
+ public InputList OrganizationIds
+ {
+ get => _organizationIds ?? (_organizationIds = new InputList());
+ set => _organizationIds = value;
+ }
+
+ public EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs()
+ {
+ }
+ public static new EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs Empty => new EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs();
+ }
+}
diff --git a/sdk/dotnet/Inputs/EnterpriseActionsPermissionsEnabledOrganizationsConfigGetArgs.cs b/sdk/dotnet/Inputs/EnterpriseActionsPermissionsEnabledOrganizationsConfigGetArgs.cs
new file mode 100644
index 00000000..f88b4fae
--- /dev/null
+++ b/sdk/dotnet/Inputs/EnterpriseActionsPermissionsEnabledOrganizationsConfigGetArgs.cs
@@ -0,0 +1,32 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Github.Inputs
+{
+
+ public sealed class EnterpriseActionsPermissionsEnabledOrganizationsConfigGetArgs : global::Pulumi.ResourceArgs
+ {
+ [Input("organizationIds", required: true)]
+ private InputList? _organizationIds;
+
+ ///
+ /// List of organization IDs to enable for GitHub Actions.
+ ///
+ public InputList OrganizationIds
+ {
+ get => _organizationIds ?? (_organizationIds = new InputList());
+ set => _organizationIds = value;
+ }
+
+ public EnterpriseActionsPermissionsEnabledOrganizationsConfigGetArgs()
+ {
+ }
+ public static new EnterpriseActionsPermissionsEnabledOrganizationsConfigGetArgs Empty => new EnterpriseActionsPermissionsEnabledOrganizationsConfigGetArgs();
+ }
+}
diff --git a/sdk/dotnet/Outputs/EnterpriseActionsPermissionsAllowedActionsConfig.cs b/sdk/dotnet/Outputs/EnterpriseActionsPermissionsAllowedActionsConfig.cs
new file mode 100644
index 00000000..2dce8de0
--- /dev/null
+++ b/sdk/dotnet/Outputs/EnterpriseActionsPermissionsAllowedActionsConfig.cs
@@ -0,0 +1,42 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Github.Outputs
+{
+
+ [OutputType]
+ public sealed class EnterpriseActionsPermissionsAllowedActionsConfig
+ {
+ ///
+ /// Whether GitHub-owned actions are allowed in the organization.
+ ///
+ public readonly bool GithubOwnedAllowed;
+ ///
+ /// Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ ///
+ public readonly ImmutableArray PatternsAlloweds;
+ ///
+ /// Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ ///
+ public readonly bool? VerifiedAllowed;
+
+ [OutputConstructor]
+ private EnterpriseActionsPermissionsAllowedActionsConfig(
+ bool githubOwnedAllowed,
+
+ ImmutableArray patternsAlloweds,
+
+ bool? verifiedAllowed)
+ {
+ GithubOwnedAllowed = githubOwnedAllowed;
+ PatternsAlloweds = patternsAlloweds;
+ VerifiedAllowed = verifiedAllowed;
+ }
+ }
+}
diff --git a/sdk/dotnet/Outputs/EnterpriseActionsPermissionsEnabledOrganizationsConfig.cs b/sdk/dotnet/Outputs/EnterpriseActionsPermissionsEnabledOrganizationsConfig.cs
new file mode 100644
index 00000000..1b1026fd
--- /dev/null
+++ b/sdk/dotnet/Outputs/EnterpriseActionsPermissionsEnabledOrganizationsConfig.cs
@@ -0,0 +1,27 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.Github.Outputs
+{
+
+ [OutputType]
+ public sealed class EnterpriseActionsPermissionsEnabledOrganizationsConfig
+ {
+ ///
+ /// List of organization IDs to enable for GitHub Actions.
+ ///
+ public readonly ImmutableArray OrganizationIds;
+
+ [OutputConstructor]
+ private EnterpriseActionsPermissionsEnabledOrganizationsConfig(ImmutableArray organizationIds)
+ {
+ OrganizationIds = organizationIds;
+ }
+ }
+}
diff --git a/sdk/go/github/enterpriseActionsPermissions.go b/sdk/go/github/enterpriseActionsPermissions.go
new file mode 100644
index 00000000..813bde66
--- /dev/null
+++ b/sdk/go/github/enterpriseActionsPermissions.go
@@ -0,0 +1,350 @@
+// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT.
+// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***
+
+package github
+
+import (
+ "context"
+ "reflect"
+
+ "errors"
+ "github.com/pulumi/pulumi-github/sdk/v6/go/github/internal"
+ "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
+)
+
+// This resource allows you to create and manage GitHub Actions permissions within your GitHub enterprise.
+// You must have admin access to an enterprise to use this resource.
+//
+// ## Example Usage
+//
+// ```go
+// package main
+//
+// import (
+//
+// "github.com/pulumi/pulumi-github/sdk/v6/go/github"
+// "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
+//
+// )
+//
+// func main() {
+// pulumi.Run(func(ctx *pulumi.Context) error {
+// example_enterprise, err := github.GetEnterprise(ctx, &github.GetEnterpriseArgs{
+// Slug: "my-enterprise",
+// }, nil)
+// if err != nil {
+// return err
+// }
+// example_org, err := github.GetOrganization(ctx, &github.GetOrganizationArgs{
+// Name: "my-org",
+// }, nil)
+// if err != nil {
+// return err
+// }
+// _, err = github.NewEnterpriseActionsPermissions(ctx, "test", &github.EnterpriseActionsPermissionsArgs{
+// EnterpriseId: *pulumi.String(example_enterprise.Slug),
+// AllowedActions: pulumi.String("selected"),
+// EnabledOrganizations: pulumi.String("selected"),
+// AllowedActionsConfig: &github.EnterpriseActionsPermissionsAllowedActionsConfigArgs{
+// GithubOwnedAllowed: pulumi.Bool(true),
+// PatternsAlloweds: pulumi.StringArray{
+// pulumi.String("actions/cache@*"),
+// pulumi.String("actions/checkout@*"),
+// },
+// VerifiedAllowed: pulumi.Bool(true),
+// },
+// EnabledOrganizationsConfig: &github.EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs{
+// OrganizationIds: pulumi.IntArray{
+// *pulumi.String(example_org.Id),
+// },
+// },
+// })
+// if err != nil {
+// return err
+// }
+// return nil
+// })
+// }
+//
+// ```
+//
+// ## Import
+//
+// This resource can be imported using the name of the GitHub enterprise:
+//
+// ```sh
+//
+// $ pulumi import github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions test github_enterprise_name
+//
+// ```
+type EnterpriseActionsPermissions struct {
+ pulumi.CustomResourceState
+
+ // The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `localOnly`, or `selected`.
+ AllowedActions pulumi.StringPtrOutput `pulumi:"allowedActions"`
+ // Sets the actions that are allowed in an enterprise. Only available when `allowedActions` = `selected`. See Allowed Actions Config below for details.
+ AllowedActionsConfig EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput `pulumi:"allowedActionsConfig"`
+ // The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ EnabledOrganizations pulumi.StringOutput `pulumi:"enabledOrganizations"`
+ // Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabledOrganizations` = `selected`. See Enabled Organizations Config below for details.
+ EnabledOrganizationsConfig EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput `pulumi:"enabledOrganizationsConfig"`
+ // The ID of the enterprise.
+ EnterpriseId pulumi.StringOutput `pulumi:"enterpriseId"`
+}
+
+// NewEnterpriseActionsPermissions registers a new resource with the given unique name, arguments, and options.
+func NewEnterpriseActionsPermissions(ctx *pulumi.Context,
+ name string, args *EnterpriseActionsPermissionsArgs, opts ...pulumi.ResourceOption) (*EnterpriseActionsPermissions, error) {
+ if args == nil {
+ return nil, errors.New("missing one or more required arguments")
+ }
+
+ if args.EnabledOrganizations == nil {
+ return nil, errors.New("invalid value for required argument 'EnabledOrganizations'")
+ }
+ if args.EnterpriseId == nil {
+ return nil, errors.New("invalid value for required argument 'EnterpriseId'")
+ }
+ opts = internal.PkgResourceDefaultOpts(opts)
+ var resource EnterpriseActionsPermissions
+ err := ctx.RegisterResource("github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions", name, args, &resource, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return &resource, nil
+}
+
+// GetEnterpriseActionsPermissions gets an existing EnterpriseActionsPermissions resource's state with the given name, ID, and optional
+// state properties that are used to uniquely qualify the lookup (nil if not required).
+func GetEnterpriseActionsPermissions(ctx *pulumi.Context,
+ name string, id pulumi.IDInput, state *EnterpriseActionsPermissionsState, opts ...pulumi.ResourceOption) (*EnterpriseActionsPermissions, error) {
+ var resource EnterpriseActionsPermissions
+ err := ctx.ReadResource("github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions", name, id, state, &resource, opts...)
+ if err != nil {
+ return nil, err
+ }
+ return &resource, nil
+}
+
+// Input properties used for looking up and filtering EnterpriseActionsPermissions resources.
+type enterpriseActionsPermissionsState struct {
+ // The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `localOnly`, or `selected`.
+ AllowedActions *string `pulumi:"allowedActions"`
+ // Sets the actions that are allowed in an enterprise. Only available when `allowedActions` = `selected`. See Allowed Actions Config below for details.
+ AllowedActionsConfig *EnterpriseActionsPermissionsAllowedActionsConfig `pulumi:"allowedActionsConfig"`
+ // The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ EnabledOrganizations *string `pulumi:"enabledOrganizations"`
+ // Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabledOrganizations` = `selected`. See Enabled Organizations Config below for details.
+ EnabledOrganizationsConfig *EnterpriseActionsPermissionsEnabledOrganizationsConfig `pulumi:"enabledOrganizationsConfig"`
+ // The ID of the enterprise.
+ EnterpriseId *string `pulumi:"enterpriseId"`
+}
+
+type EnterpriseActionsPermissionsState struct {
+ // The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `localOnly`, or `selected`.
+ AllowedActions pulumi.StringPtrInput
+ // Sets the actions that are allowed in an enterprise. Only available when `allowedActions` = `selected`. See Allowed Actions Config below for details.
+ AllowedActionsConfig EnterpriseActionsPermissionsAllowedActionsConfigPtrInput
+ // The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ EnabledOrganizations pulumi.StringPtrInput
+ // Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabledOrganizations` = `selected`. See Enabled Organizations Config below for details.
+ EnabledOrganizationsConfig EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrInput
+ // The ID of the enterprise.
+ EnterpriseId pulumi.StringPtrInput
+}
+
+func (EnterpriseActionsPermissionsState) ElementType() reflect.Type {
+ return reflect.TypeOf((*enterpriseActionsPermissionsState)(nil)).Elem()
+}
+
+type enterpriseActionsPermissionsArgs struct {
+ // The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `localOnly`, or `selected`.
+ AllowedActions *string `pulumi:"allowedActions"`
+ // Sets the actions that are allowed in an enterprise. Only available when `allowedActions` = `selected`. See Allowed Actions Config below for details.
+ AllowedActionsConfig *EnterpriseActionsPermissionsAllowedActionsConfig `pulumi:"allowedActionsConfig"`
+ // The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ EnabledOrganizations string `pulumi:"enabledOrganizations"`
+ // Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabledOrganizations` = `selected`. See Enabled Organizations Config below for details.
+ EnabledOrganizationsConfig *EnterpriseActionsPermissionsEnabledOrganizationsConfig `pulumi:"enabledOrganizationsConfig"`
+ // The ID of the enterprise.
+ EnterpriseId string `pulumi:"enterpriseId"`
+}
+
+// The set of arguments for constructing a EnterpriseActionsPermissions resource.
+type EnterpriseActionsPermissionsArgs struct {
+ // The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `localOnly`, or `selected`.
+ AllowedActions pulumi.StringPtrInput
+ // Sets the actions that are allowed in an enterprise. Only available when `allowedActions` = `selected`. See Allowed Actions Config below for details.
+ AllowedActionsConfig EnterpriseActionsPermissionsAllowedActionsConfigPtrInput
+ // The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ EnabledOrganizations pulumi.StringInput
+ // Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabledOrganizations` = `selected`. See Enabled Organizations Config below for details.
+ EnabledOrganizationsConfig EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrInput
+ // The ID of the enterprise.
+ EnterpriseId pulumi.StringInput
+}
+
+func (EnterpriseActionsPermissionsArgs) ElementType() reflect.Type {
+ return reflect.TypeOf((*enterpriseActionsPermissionsArgs)(nil)).Elem()
+}
+
+type EnterpriseActionsPermissionsInput interface {
+ pulumi.Input
+
+ ToEnterpriseActionsPermissionsOutput() EnterpriseActionsPermissionsOutput
+ ToEnterpriseActionsPermissionsOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsOutput
+}
+
+func (*EnterpriseActionsPermissions) ElementType() reflect.Type {
+ return reflect.TypeOf((**EnterpriseActionsPermissions)(nil)).Elem()
+}
+
+func (i *EnterpriseActionsPermissions) ToEnterpriseActionsPermissionsOutput() EnterpriseActionsPermissionsOutput {
+ return i.ToEnterpriseActionsPermissionsOutputWithContext(context.Background())
+}
+
+func (i *EnterpriseActionsPermissions) ToEnterpriseActionsPermissionsOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsOutput {
+ return pulumi.ToOutputWithContext(ctx, i).(EnterpriseActionsPermissionsOutput)
+}
+
+// EnterpriseActionsPermissionsArrayInput is an input type that accepts EnterpriseActionsPermissionsArray and EnterpriseActionsPermissionsArrayOutput values.
+// You can construct a concrete instance of `EnterpriseActionsPermissionsArrayInput` via:
+//
+// EnterpriseActionsPermissionsArray{ EnterpriseActionsPermissionsArgs{...} }
+type EnterpriseActionsPermissionsArrayInput interface {
+ pulumi.Input
+
+ ToEnterpriseActionsPermissionsArrayOutput() EnterpriseActionsPermissionsArrayOutput
+ ToEnterpriseActionsPermissionsArrayOutputWithContext(context.Context) EnterpriseActionsPermissionsArrayOutput
+}
+
+type EnterpriseActionsPermissionsArray []EnterpriseActionsPermissionsInput
+
+func (EnterpriseActionsPermissionsArray) ElementType() reflect.Type {
+ return reflect.TypeOf((*[]*EnterpriseActionsPermissions)(nil)).Elem()
+}
+
+func (i EnterpriseActionsPermissionsArray) ToEnterpriseActionsPermissionsArrayOutput() EnterpriseActionsPermissionsArrayOutput {
+ return i.ToEnterpriseActionsPermissionsArrayOutputWithContext(context.Background())
+}
+
+func (i EnterpriseActionsPermissionsArray) ToEnterpriseActionsPermissionsArrayOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsArrayOutput {
+ return pulumi.ToOutputWithContext(ctx, i).(EnterpriseActionsPermissionsArrayOutput)
+}
+
+// EnterpriseActionsPermissionsMapInput is an input type that accepts EnterpriseActionsPermissionsMap and EnterpriseActionsPermissionsMapOutput values.
+// You can construct a concrete instance of `EnterpriseActionsPermissionsMapInput` via:
+//
+// EnterpriseActionsPermissionsMap{ "key": EnterpriseActionsPermissionsArgs{...} }
+type EnterpriseActionsPermissionsMapInput interface {
+ pulumi.Input
+
+ ToEnterpriseActionsPermissionsMapOutput() EnterpriseActionsPermissionsMapOutput
+ ToEnterpriseActionsPermissionsMapOutputWithContext(context.Context) EnterpriseActionsPermissionsMapOutput
+}
+
+type EnterpriseActionsPermissionsMap map[string]EnterpriseActionsPermissionsInput
+
+func (EnterpriseActionsPermissionsMap) ElementType() reflect.Type {
+ return reflect.TypeOf((*map[string]*EnterpriseActionsPermissions)(nil)).Elem()
+}
+
+func (i EnterpriseActionsPermissionsMap) ToEnterpriseActionsPermissionsMapOutput() EnterpriseActionsPermissionsMapOutput {
+ return i.ToEnterpriseActionsPermissionsMapOutputWithContext(context.Background())
+}
+
+func (i EnterpriseActionsPermissionsMap) ToEnterpriseActionsPermissionsMapOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsMapOutput {
+ return pulumi.ToOutputWithContext(ctx, i).(EnterpriseActionsPermissionsMapOutput)
+}
+
+type EnterpriseActionsPermissionsOutput struct{ *pulumi.OutputState }
+
+func (EnterpriseActionsPermissionsOutput) ElementType() reflect.Type {
+ return reflect.TypeOf((**EnterpriseActionsPermissions)(nil)).Elem()
+}
+
+func (o EnterpriseActionsPermissionsOutput) ToEnterpriseActionsPermissionsOutput() EnterpriseActionsPermissionsOutput {
+ return o
+}
+
+func (o EnterpriseActionsPermissionsOutput) ToEnterpriseActionsPermissionsOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsOutput {
+ return o
+}
+
+// The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `localOnly`, or `selected`.
+func (o EnterpriseActionsPermissionsOutput) AllowedActions() pulumi.StringPtrOutput {
+ return o.ApplyT(func(v *EnterpriseActionsPermissions) pulumi.StringPtrOutput { return v.AllowedActions }).(pulumi.StringPtrOutput)
+}
+
+// Sets the actions that are allowed in an enterprise. Only available when `allowedActions` = `selected`. See Allowed Actions Config below for details.
+func (o EnterpriseActionsPermissionsOutput) AllowedActionsConfig() EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput {
+ return o.ApplyT(func(v *EnterpriseActionsPermissions) EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput {
+ return v.AllowedActionsConfig
+ }).(EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput)
+}
+
+// The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+func (o EnterpriseActionsPermissionsOutput) EnabledOrganizations() pulumi.StringOutput {
+ return o.ApplyT(func(v *EnterpriseActionsPermissions) pulumi.StringOutput { return v.EnabledOrganizations }).(pulumi.StringOutput)
+}
+
+// Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabledOrganizations` = `selected`. See Enabled Organizations Config below for details.
+func (o EnterpriseActionsPermissionsOutput) EnabledOrganizationsConfig() EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput {
+ return o.ApplyT(func(v *EnterpriseActionsPermissions) EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput {
+ return v.EnabledOrganizationsConfig
+ }).(EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput)
+}
+
+// The ID of the enterprise.
+func (o EnterpriseActionsPermissionsOutput) EnterpriseId() pulumi.StringOutput {
+ return o.ApplyT(func(v *EnterpriseActionsPermissions) pulumi.StringOutput { return v.EnterpriseId }).(pulumi.StringOutput)
+}
+
+type EnterpriseActionsPermissionsArrayOutput struct{ *pulumi.OutputState }
+
+func (EnterpriseActionsPermissionsArrayOutput) ElementType() reflect.Type {
+ return reflect.TypeOf((*[]*EnterpriseActionsPermissions)(nil)).Elem()
+}
+
+func (o EnterpriseActionsPermissionsArrayOutput) ToEnterpriseActionsPermissionsArrayOutput() EnterpriseActionsPermissionsArrayOutput {
+ return o
+}
+
+func (o EnterpriseActionsPermissionsArrayOutput) ToEnterpriseActionsPermissionsArrayOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsArrayOutput {
+ return o
+}
+
+func (o EnterpriseActionsPermissionsArrayOutput) Index(i pulumi.IntInput) EnterpriseActionsPermissionsOutput {
+ return pulumi.All(o, i).ApplyT(func(vs []interface{}) *EnterpriseActionsPermissions {
+ return vs[0].([]*EnterpriseActionsPermissions)[vs[1].(int)]
+ }).(EnterpriseActionsPermissionsOutput)
+}
+
+type EnterpriseActionsPermissionsMapOutput struct{ *pulumi.OutputState }
+
+func (EnterpriseActionsPermissionsMapOutput) ElementType() reflect.Type {
+ return reflect.TypeOf((*map[string]*EnterpriseActionsPermissions)(nil)).Elem()
+}
+
+func (o EnterpriseActionsPermissionsMapOutput) ToEnterpriseActionsPermissionsMapOutput() EnterpriseActionsPermissionsMapOutput {
+ return o
+}
+
+func (o EnterpriseActionsPermissionsMapOutput) ToEnterpriseActionsPermissionsMapOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsMapOutput {
+ return o
+}
+
+func (o EnterpriseActionsPermissionsMapOutput) MapIndex(k pulumi.StringInput) EnterpriseActionsPermissionsOutput {
+ return pulumi.All(o, k).ApplyT(func(vs []interface{}) *EnterpriseActionsPermissions {
+ return vs[0].(map[string]*EnterpriseActionsPermissions)[vs[1].(string)]
+ }).(EnterpriseActionsPermissionsOutput)
+}
+
+func init() {
+ pulumi.RegisterInputType(reflect.TypeOf((*EnterpriseActionsPermissionsInput)(nil)).Elem(), &EnterpriseActionsPermissions{})
+ pulumi.RegisterInputType(reflect.TypeOf((*EnterpriseActionsPermissionsArrayInput)(nil)).Elem(), EnterpriseActionsPermissionsArray{})
+ pulumi.RegisterInputType(reflect.TypeOf((*EnterpriseActionsPermissionsMapInput)(nil)).Elem(), EnterpriseActionsPermissionsMap{})
+ pulumi.RegisterOutputType(EnterpriseActionsPermissionsOutput{})
+ pulumi.RegisterOutputType(EnterpriseActionsPermissionsArrayOutput{})
+ pulumi.RegisterOutputType(EnterpriseActionsPermissionsMapOutput{})
+}
diff --git a/sdk/go/github/init.go b/sdk/go/github/init.go
index 9ac983b5..5f4eab0a 100644
--- a/sdk/go/github/init.go
+++ b/sdk/go/github/init.go
@@ -75,6 +75,8 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi
r = &DependabotSecret{}
case "github:index/emuGroupMapping:EmuGroupMapping":
r = &EmuGroupMapping{}
+ case "github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions":
+ r = &EnterpriseActionsPermissions{}
case "github:index/enterpriseOrganization:EnterpriseOrganization":
r = &EnterpriseOrganization{}
case "github:index/issue:Issue":
@@ -323,6 +325,11 @@ func init() {
"index/emuGroupMapping",
&module{version},
)
+ pulumi.RegisterResourceModule(
+ "github",
+ "index/enterpriseActionsPermissions",
+ &module{version},
+ )
pulumi.RegisterResourceModule(
"github",
"index/enterpriseOrganization",
diff --git a/sdk/go/github/pulumiTypes.go b/sdk/go/github/pulumiTypes.go
index e4b22556..8f94bf20 100644
--- a/sdk/go/github/pulumiTypes.go
+++ b/sdk/go/github/pulumiTypes.go
@@ -1747,6 +1747,318 @@ func (o BranchProtectionV3RestrictionsPtrOutput) Users() pulumi.StringArrayOutpu
}).(pulumi.StringArrayOutput)
}
+type EnterpriseActionsPermissionsAllowedActionsConfig struct {
+ // Whether GitHub-owned actions are allowed in the organization.
+ GithubOwnedAllowed bool `pulumi:"githubOwnedAllowed"`
+ // Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ PatternsAlloweds []string `pulumi:"patternsAlloweds"`
+ // Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ VerifiedAllowed *bool `pulumi:"verifiedAllowed"`
+}
+
+// EnterpriseActionsPermissionsAllowedActionsConfigInput is an input type that accepts EnterpriseActionsPermissionsAllowedActionsConfigArgs and EnterpriseActionsPermissionsAllowedActionsConfigOutput values.
+// You can construct a concrete instance of `EnterpriseActionsPermissionsAllowedActionsConfigInput` via:
+//
+// EnterpriseActionsPermissionsAllowedActionsConfigArgs{...}
+type EnterpriseActionsPermissionsAllowedActionsConfigInput interface {
+ pulumi.Input
+
+ ToEnterpriseActionsPermissionsAllowedActionsConfigOutput() EnterpriseActionsPermissionsAllowedActionsConfigOutput
+ ToEnterpriseActionsPermissionsAllowedActionsConfigOutputWithContext(context.Context) EnterpriseActionsPermissionsAllowedActionsConfigOutput
+}
+
+type EnterpriseActionsPermissionsAllowedActionsConfigArgs struct {
+ // Whether GitHub-owned actions are allowed in the organization.
+ GithubOwnedAllowed pulumi.BoolInput `pulumi:"githubOwnedAllowed"`
+ // Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ PatternsAlloweds pulumi.StringArrayInput `pulumi:"patternsAlloweds"`
+ // Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ VerifiedAllowed pulumi.BoolPtrInput `pulumi:"verifiedAllowed"`
+}
+
+func (EnterpriseActionsPermissionsAllowedActionsConfigArgs) ElementType() reflect.Type {
+ return reflect.TypeOf((*EnterpriseActionsPermissionsAllowedActionsConfig)(nil)).Elem()
+}
+
+func (i EnterpriseActionsPermissionsAllowedActionsConfigArgs) ToEnterpriseActionsPermissionsAllowedActionsConfigOutput() EnterpriseActionsPermissionsAllowedActionsConfigOutput {
+ return i.ToEnterpriseActionsPermissionsAllowedActionsConfigOutputWithContext(context.Background())
+}
+
+func (i EnterpriseActionsPermissionsAllowedActionsConfigArgs) ToEnterpriseActionsPermissionsAllowedActionsConfigOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsAllowedActionsConfigOutput {
+ return pulumi.ToOutputWithContext(ctx, i).(EnterpriseActionsPermissionsAllowedActionsConfigOutput)
+}
+
+func (i EnterpriseActionsPermissionsAllowedActionsConfigArgs) ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutput() EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput {
+ return i.ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutputWithContext(context.Background())
+}
+
+func (i EnterpriseActionsPermissionsAllowedActionsConfigArgs) ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput {
+ return pulumi.ToOutputWithContext(ctx, i).(EnterpriseActionsPermissionsAllowedActionsConfigOutput).ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutputWithContext(ctx)
+}
+
+// EnterpriseActionsPermissionsAllowedActionsConfigPtrInput is an input type that accepts EnterpriseActionsPermissionsAllowedActionsConfigArgs, EnterpriseActionsPermissionsAllowedActionsConfigPtr and EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput values.
+// You can construct a concrete instance of `EnterpriseActionsPermissionsAllowedActionsConfigPtrInput` via:
+//
+// EnterpriseActionsPermissionsAllowedActionsConfigArgs{...}
+//
+// or:
+//
+// nil
+type EnterpriseActionsPermissionsAllowedActionsConfigPtrInput interface {
+ pulumi.Input
+
+ ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutput() EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput
+ ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutputWithContext(context.Context) EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput
+}
+
+type enterpriseActionsPermissionsAllowedActionsConfigPtrType EnterpriseActionsPermissionsAllowedActionsConfigArgs
+
+func EnterpriseActionsPermissionsAllowedActionsConfigPtr(v *EnterpriseActionsPermissionsAllowedActionsConfigArgs) EnterpriseActionsPermissionsAllowedActionsConfigPtrInput {
+ return (*enterpriseActionsPermissionsAllowedActionsConfigPtrType)(v)
+}
+
+func (*enterpriseActionsPermissionsAllowedActionsConfigPtrType) ElementType() reflect.Type {
+ return reflect.TypeOf((**EnterpriseActionsPermissionsAllowedActionsConfig)(nil)).Elem()
+}
+
+func (i *enterpriseActionsPermissionsAllowedActionsConfigPtrType) ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutput() EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput {
+ return i.ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutputWithContext(context.Background())
+}
+
+func (i *enterpriseActionsPermissionsAllowedActionsConfigPtrType) ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput {
+ return pulumi.ToOutputWithContext(ctx, i).(EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput)
+}
+
+type EnterpriseActionsPermissionsAllowedActionsConfigOutput struct{ *pulumi.OutputState }
+
+func (EnterpriseActionsPermissionsAllowedActionsConfigOutput) ElementType() reflect.Type {
+ return reflect.TypeOf((*EnterpriseActionsPermissionsAllowedActionsConfig)(nil)).Elem()
+}
+
+func (o EnterpriseActionsPermissionsAllowedActionsConfigOutput) ToEnterpriseActionsPermissionsAllowedActionsConfigOutput() EnterpriseActionsPermissionsAllowedActionsConfigOutput {
+ return o
+}
+
+func (o EnterpriseActionsPermissionsAllowedActionsConfigOutput) ToEnterpriseActionsPermissionsAllowedActionsConfigOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsAllowedActionsConfigOutput {
+ return o
+}
+
+func (o EnterpriseActionsPermissionsAllowedActionsConfigOutput) ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutput() EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput {
+ return o.ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutputWithContext(context.Background())
+}
+
+func (o EnterpriseActionsPermissionsAllowedActionsConfigOutput) ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput {
+ return o.ApplyTWithContext(ctx, func(_ context.Context, v EnterpriseActionsPermissionsAllowedActionsConfig) *EnterpriseActionsPermissionsAllowedActionsConfig {
+ return &v
+ }).(EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput)
+}
+
+// Whether GitHub-owned actions are allowed in the organization.
+func (o EnterpriseActionsPermissionsAllowedActionsConfigOutput) GithubOwnedAllowed() pulumi.BoolOutput {
+ return o.ApplyT(func(v EnterpriseActionsPermissionsAllowedActionsConfig) bool { return v.GithubOwnedAllowed }).(pulumi.BoolOutput)
+}
+
+// Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+func (o EnterpriseActionsPermissionsAllowedActionsConfigOutput) PatternsAlloweds() pulumi.StringArrayOutput {
+ return o.ApplyT(func(v EnterpriseActionsPermissionsAllowedActionsConfig) []string { return v.PatternsAlloweds }).(pulumi.StringArrayOutput)
+}
+
+// Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+func (o EnterpriseActionsPermissionsAllowedActionsConfigOutput) VerifiedAllowed() pulumi.BoolPtrOutput {
+ return o.ApplyT(func(v EnterpriseActionsPermissionsAllowedActionsConfig) *bool { return v.VerifiedAllowed }).(pulumi.BoolPtrOutput)
+}
+
+type EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput struct{ *pulumi.OutputState }
+
+func (EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput) ElementType() reflect.Type {
+ return reflect.TypeOf((**EnterpriseActionsPermissionsAllowedActionsConfig)(nil)).Elem()
+}
+
+func (o EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput) ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutput() EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput {
+ return o
+}
+
+func (o EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput) ToEnterpriseActionsPermissionsAllowedActionsConfigPtrOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput {
+ return o
+}
+
+func (o EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput) Elem() EnterpriseActionsPermissionsAllowedActionsConfigOutput {
+ return o.ApplyT(func(v *EnterpriseActionsPermissionsAllowedActionsConfig) EnterpriseActionsPermissionsAllowedActionsConfig {
+ if v != nil {
+ return *v
+ }
+ var ret EnterpriseActionsPermissionsAllowedActionsConfig
+ return ret
+ }).(EnterpriseActionsPermissionsAllowedActionsConfigOutput)
+}
+
+// Whether GitHub-owned actions are allowed in the organization.
+func (o EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput) GithubOwnedAllowed() pulumi.BoolPtrOutput {
+ return o.ApplyT(func(v *EnterpriseActionsPermissionsAllowedActionsConfig) *bool {
+ if v == nil {
+ return nil
+ }
+ return &v.GithubOwnedAllowed
+ }).(pulumi.BoolPtrOutput)
+}
+
+// Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+func (o EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput) PatternsAlloweds() pulumi.StringArrayOutput {
+ return o.ApplyT(func(v *EnterpriseActionsPermissionsAllowedActionsConfig) []string {
+ if v == nil {
+ return nil
+ }
+ return v.PatternsAlloweds
+ }).(pulumi.StringArrayOutput)
+}
+
+// Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+func (o EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput) VerifiedAllowed() pulumi.BoolPtrOutput {
+ return o.ApplyT(func(v *EnterpriseActionsPermissionsAllowedActionsConfig) *bool {
+ if v == nil {
+ return nil
+ }
+ return v.VerifiedAllowed
+ }).(pulumi.BoolPtrOutput)
+}
+
+type EnterpriseActionsPermissionsEnabledOrganizationsConfig struct {
+ // List of organization IDs to enable for GitHub Actions.
+ OrganizationIds []int `pulumi:"organizationIds"`
+}
+
+// EnterpriseActionsPermissionsEnabledOrganizationsConfigInput is an input type that accepts EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs and EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput values.
+// You can construct a concrete instance of `EnterpriseActionsPermissionsEnabledOrganizationsConfigInput` via:
+//
+// EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs{...}
+type EnterpriseActionsPermissionsEnabledOrganizationsConfigInput interface {
+ pulumi.Input
+
+ ToEnterpriseActionsPermissionsEnabledOrganizationsConfigOutput() EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput
+ ToEnterpriseActionsPermissionsEnabledOrganizationsConfigOutputWithContext(context.Context) EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput
+}
+
+type EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs struct {
+ // List of organization IDs to enable for GitHub Actions.
+ OrganizationIds pulumi.IntArrayInput `pulumi:"organizationIds"`
+}
+
+func (EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs) ElementType() reflect.Type {
+ return reflect.TypeOf((*EnterpriseActionsPermissionsEnabledOrganizationsConfig)(nil)).Elem()
+}
+
+func (i EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs) ToEnterpriseActionsPermissionsEnabledOrganizationsConfigOutput() EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput {
+ return i.ToEnterpriseActionsPermissionsEnabledOrganizationsConfigOutputWithContext(context.Background())
+}
+
+func (i EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs) ToEnterpriseActionsPermissionsEnabledOrganizationsConfigOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput {
+ return pulumi.ToOutputWithContext(ctx, i).(EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput)
+}
+
+func (i EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs) ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput() EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput {
+ return i.ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutputWithContext(context.Background())
+}
+
+func (i EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs) ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput {
+ return pulumi.ToOutputWithContext(ctx, i).(EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput).ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutputWithContext(ctx)
+}
+
+// EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrInput is an input type that accepts EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs, EnterpriseActionsPermissionsEnabledOrganizationsConfigPtr and EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput values.
+// You can construct a concrete instance of `EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrInput` via:
+//
+// EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs{...}
+//
+// or:
+//
+// nil
+type EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrInput interface {
+ pulumi.Input
+
+ ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput() EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput
+ ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutputWithContext(context.Context) EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput
+}
+
+type enterpriseActionsPermissionsEnabledOrganizationsConfigPtrType EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs
+
+func EnterpriseActionsPermissionsEnabledOrganizationsConfigPtr(v *EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs) EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrInput {
+ return (*enterpriseActionsPermissionsEnabledOrganizationsConfigPtrType)(v)
+}
+
+func (*enterpriseActionsPermissionsEnabledOrganizationsConfigPtrType) ElementType() reflect.Type {
+ return reflect.TypeOf((**EnterpriseActionsPermissionsEnabledOrganizationsConfig)(nil)).Elem()
+}
+
+func (i *enterpriseActionsPermissionsEnabledOrganizationsConfigPtrType) ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput() EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput {
+ return i.ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutputWithContext(context.Background())
+}
+
+func (i *enterpriseActionsPermissionsEnabledOrganizationsConfigPtrType) ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput {
+ return pulumi.ToOutputWithContext(ctx, i).(EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput)
+}
+
+type EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput struct{ *pulumi.OutputState }
+
+func (EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput) ElementType() reflect.Type {
+ return reflect.TypeOf((*EnterpriseActionsPermissionsEnabledOrganizationsConfig)(nil)).Elem()
+}
+
+func (o EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput) ToEnterpriseActionsPermissionsEnabledOrganizationsConfigOutput() EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput {
+ return o
+}
+
+func (o EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput) ToEnterpriseActionsPermissionsEnabledOrganizationsConfigOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput {
+ return o
+}
+
+func (o EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput) ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput() EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput {
+ return o.ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutputWithContext(context.Background())
+}
+
+func (o EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput) ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput {
+ return o.ApplyTWithContext(ctx, func(_ context.Context, v EnterpriseActionsPermissionsEnabledOrganizationsConfig) *EnterpriseActionsPermissionsEnabledOrganizationsConfig {
+ return &v
+ }).(EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput)
+}
+
+// List of organization IDs to enable for GitHub Actions.
+func (o EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput) OrganizationIds() pulumi.IntArrayOutput {
+ return o.ApplyT(func(v EnterpriseActionsPermissionsEnabledOrganizationsConfig) []int { return v.OrganizationIds }).(pulumi.IntArrayOutput)
+}
+
+type EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput struct{ *pulumi.OutputState }
+
+func (EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput) ElementType() reflect.Type {
+ return reflect.TypeOf((**EnterpriseActionsPermissionsEnabledOrganizationsConfig)(nil)).Elem()
+}
+
+func (o EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput) ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput() EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput {
+ return o
+}
+
+func (o EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput) ToEnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutputWithContext(ctx context.Context) EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput {
+ return o
+}
+
+func (o EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput) Elem() EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput {
+ return o.ApplyT(func(v *EnterpriseActionsPermissionsEnabledOrganizationsConfig) EnterpriseActionsPermissionsEnabledOrganizationsConfig {
+ if v != nil {
+ return *v
+ }
+ var ret EnterpriseActionsPermissionsEnabledOrganizationsConfig
+ return ret
+ }).(EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput)
+}
+
+// List of organization IDs to enable for GitHub Actions.
+func (o EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput) OrganizationIds() pulumi.IntArrayOutput {
+ return o.ApplyT(func(v *EnterpriseActionsPermissionsEnabledOrganizationsConfig) []int {
+ if v == nil {
+ return nil
+ }
+ return v.OrganizationIds
+ }).(pulumi.IntArrayOutput)
+}
+
type IssueLabelsLabel struct {
// A 6 character hex code, **without the leading #**, identifying the color of the label.
Color string `pulumi:"color"`
@@ -14404,6 +14716,10 @@ func init() {
pulumi.RegisterInputType(reflect.TypeOf((*BranchProtectionV3RequiredStatusChecksPtrInput)(nil)).Elem(), BranchProtectionV3RequiredStatusChecksArgs{})
pulumi.RegisterInputType(reflect.TypeOf((*BranchProtectionV3RestrictionsInput)(nil)).Elem(), BranchProtectionV3RestrictionsArgs{})
pulumi.RegisterInputType(reflect.TypeOf((*BranchProtectionV3RestrictionsPtrInput)(nil)).Elem(), BranchProtectionV3RestrictionsArgs{})
+ pulumi.RegisterInputType(reflect.TypeOf((*EnterpriseActionsPermissionsAllowedActionsConfigInput)(nil)).Elem(), EnterpriseActionsPermissionsAllowedActionsConfigArgs{})
+ pulumi.RegisterInputType(reflect.TypeOf((*EnterpriseActionsPermissionsAllowedActionsConfigPtrInput)(nil)).Elem(), EnterpriseActionsPermissionsAllowedActionsConfigArgs{})
+ pulumi.RegisterInputType(reflect.TypeOf((*EnterpriseActionsPermissionsEnabledOrganizationsConfigInput)(nil)).Elem(), EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs{})
+ pulumi.RegisterInputType(reflect.TypeOf((*EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrInput)(nil)).Elem(), EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs{})
pulumi.RegisterInputType(reflect.TypeOf((*IssueLabelsLabelInput)(nil)).Elem(), IssueLabelsLabelArgs{})
pulumi.RegisterInputType(reflect.TypeOf((*IssueLabelsLabelArrayInput)(nil)).Elem(), IssueLabelsLabelArray{})
pulumi.RegisterInputType(reflect.TypeOf((*OrganizationRulesetBypassActorInput)(nil)).Elem(), OrganizationRulesetBypassActorArgs{})
@@ -14588,6 +14904,10 @@ func init() {
pulumi.RegisterOutputType(BranchProtectionV3RequiredStatusChecksPtrOutput{})
pulumi.RegisterOutputType(BranchProtectionV3RestrictionsOutput{})
pulumi.RegisterOutputType(BranchProtectionV3RestrictionsPtrOutput{})
+ pulumi.RegisterOutputType(EnterpriseActionsPermissionsAllowedActionsConfigOutput{})
+ pulumi.RegisterOutputType(EnterpriseActionsPermissionsAllowedActionsConfigPtrOutput{})
+ pulumi.RegisterOutputType(EnterpriseActionsPermissionsEnabledOrganizationsConfigOutput{})
+ pulumi.RegisterOutputType(EnterpriseActionsPermissionsEnabledOrganizationsConfigPtrOutput{})
pulumi.RegisterOutputType(IssueLabelsLabelOutput{})
pulumi.RegisterOutputType(IssueLabelsLabelArrayOutput{})
pulumi.RegisterOutputType(OrganizationRulesetBypassActorOutput{})
diff --git a/sdk/java/src/main/java/com/pulumi/github/EnterpriseActionsPermissions.java b/sdk/java/src/main/java/com/pulumi/github/EnterpriseActionsPermissions.java
new file mode 100644
index 00000000..e689deec
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/github/EnterpriseActionsPermissions.java
@@ -0,0 +1,208 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.github;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Export;
+import com.pulumi.core.annotations.ResourceType;
+import com.pulumi.core.internal.Codegen;
+import com.pulumi.github.EnterpriseActionsPermissionsArgs;
+import com.pulumi.github.Utilities;
+import com.pulumi.github.inputs.EnterpriseActionsPermissionsState;
+import com.pulumi.github.outputs.EnterpriseActionsPermissionsAllowedActionsConfig;
+import com.pulumi.github.outputs.EnterpriseActionsPermissionsEnabledOrganizationsConfig;
+import java.lang.String;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+/**
+ * This resource allows you to create and manage GitHub Actions permissions within your GitHub enterprise.
+ * You must have admin access to an enterprise to use this resource.
+ *
+ * ## Example Usage
+ * ```java
+ * package generated_program;
+ *
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.github.GithubFunctions;
+ * import com.pulumi.github.inputs.GetEnterpriseArgs;
+ * import com.pulumi.github.inputs.GetOrganizationArgs;
+ * import com.pulumi.github.EnterpriseActionsPermissions;
+ * import com.pulumi.github.EnterpriseActionsPermissionsArgs;
+ * import com.pulumi.github.inputs.EnterpriseActionsPermissionsAllowedActionsConfigArgs;
+ * import com.pulumi.github.inputs.EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ *
+ * public class App {
+ * public static void main(String[] args) {
+ * Pulumi.run(App::stack);
+ * }
+ *
+ * public static void stack(Context ctx) {
+ * final var example-enterprise = GithubFunctions.getEnterprise(GetEnterpriseArgs.builder()
+ * .slug("my-enterprise")
+ * .build());
+ *
+ * final var example-org = GithubFunctions.getOrganization(GetOrganizationArgs.builder()
+ * .name("my-org")
+ * .build());
+ *
+ * var test = new EnterpriseActionsPermissions("test", EnterpriseActionsPermissionsArgs.builder()
+ * .enterpriseId(example_enterprise.slug())
+ * .allowedActions("selected")
+ * .enabledOrganizations("selected")
+ * .allowedActionsConfig(EnterpriseActionsPermissionsAllowedActionsConfigArgs.builder()
+ * .githubOwnedAllowed(true)
+ * .patternsAlloweds(
+ * "actions/cache@*",
+ * "actions/checkout@*")
+ * .verifiedAllowed(true)
+ * .build())
+ * .enabledOrganizationsConfig(EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs.builder()
+ * .organizationIds(example_org.id())
+ * .build())
+ * .build());
+ *
+ * }
+ * }
+ * ```
+ *
+ * ## Import
+ *
+ * This resource can be imported using the name of the GitHub enterprise:
+ *
+ * ```sh
+ * $ pulumi import github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions test github_enterprise_name
+ * ```
+ *
+ */
+@ResourceType(type="github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions")
+public class EnterpriseActionsPermissions extends com.pulumi.resources.CustomResource {
+ /**
+ * The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ *
+ */
+ @Export(name="allowedActions", refs={String.class}, tree="[0]")
+ private Output allowedActions;
+
+ /**
+ * @return The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ *
+ */
+ public Output> allowedActions() {
+ return Codegen.optional(this.allowedActions);
+ }
+ /**
+ * Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ *
+ */
+ @Export(name="allowedActionsConfig", refs={EnterpriseActionsPermissionsAllowedActionsConfig.class}, tree="[0]")
+ private Output allowedActionsConfig;
+
+ /**
+ * @return Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ *
+ */
+ public Output> allowedActionsConfig() {
+ return Codegen.optional(this.allowedActionsConfig);
+ }
+ /**
+ * The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ *
+ */
+ @Export(name="enabledOrganizations", refs={String.class}, tree="[0]")
+ private Output enabledOrganizations;
+
+ /**
+ * @return The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ *
+ */
+ public Output enabledOrganizations() {
+ return this.enabledOrganizations;
+ }
+ /**
+ * Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ *
+ */
+ @Export(name="enabledOrganizationsConfig", refs={EnterpriseActionsPermissionsEnabledOrganizationsConfig.class}, tree="[0]")
+ private Output enabledOrganizationsConfig;
+
+ /**
+ * @return Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ *
+ */
+ public Output> enabledOrganizationsConfig() {
+ return Codegen.optional(this.enabledOrganizationsConfig);
+ }
+ /**
+ * The ID of the enterprise.
+ *
+ */
+ @Export(name="enterpriseId", refs={String.class}, tree="[0]")
+ private Output enterpriseId;
+
+ /**
+ * @return The ID of the enterprise.
+ *
+ */
+ public Output enterpriseId() {
+ return this.enterpriseId;
+ }
+
+ /**
+ *
+ * @param name The _unique_ name of the resulting resource.
+ */
+ public EnterpriseActionsPermissions(String name) {
+ this(name, EnterpriseActionsPermissionsArgs.Empty);
+ }
+ /**
+ *
+ * @param name The _unique_ name of the resulting resource.
+ * @param args The arguments to use to populate this resource's properties.
+ */
+ public EnterpriseActionsPermissions(String name, EnterpriseActionsPermissionsArgs args) {
+ this(name, args, null);
+ }
+ /**
+ *
+ * @param name The _unique_ name of the resulting resource.
+ * @param args The arguments to use to populate this resource's properties.
+ * @param options A bag of options that control this resource's behavior.
+ */
+ public EnterpriseActionsPermissions(String name, EnterpriseActionsPermissionsArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+ super("github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions", name, args == null ? EnterpriseActionsPermissionsArgs.Empty : args, makeResourceOptions(options, Codegen.empty()));
+ }
+
+ private EnterpriseActionsPermissions(String name, Output id, @Nullable EnterpriseActionsPermissionsState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+ super("github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions", name, state, makeResourceOptions(options, id));
+ }
+
+ private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
+ var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
+ .version(Utilities.getVersion())
+ .build();
+ return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
+ }
+
+ /**
+ * Get an existing Host resource's state with the given name, ID, and optional extra
+ * properties used to qualify the lookup.
+ *
+ * @param name The _unique_ name of the resulting resource.
+ * @param id The _unique_ provider ID of the resource to lookup.
+ * @param state
+ * @param options Optional settings to control the behavior of the CustomResource.
+ */
+ public static EnterpriseActionsPermissions get(String name, Output id, @Nullable EnterpriseActionsPermissionsState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+ return new EnterpriseActionsPermissions(name, id, state, options);
+ }
+}
diff --git a/sdk/java/src/main/java/com/pulumi/github/EnterpriseActionsPermissionsArgs.java b/sdk/java/src/main/java/com/pulumi/github/EnterpriseActionsPermissionsArgs.java
new file mode 100644
index 00000000..8092278d
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/github/EnterpriseActionsPermissionsArgs.java
@@ -0,0 +1,240 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.github;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import com.pulumi.github.inputs.EnterpriseActionsPermissionsAllowedActionsConfigArgs;
+import com.pulumi.github.inputs.EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs;
+import java.lang.String;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class EnterpriseActionsPermissionsArgs extends com.pulumi.resources.ResourceArgs {
+
+ public static final EnterpriseActionsPermissionsArgs Empty = new EnterpriseActionsPermissionsArgs();
+
+ /**
+ * The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ *
+ */
+ @Import(name="allowedActions")
+ private @Nullable Output allowedActions;
+
+ /**
+ * @return The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ *
+ */
+ public Optional> allowedActions() {
+ return Optional.ofNullable(this.allowedActions);
+ }
+
+ /**
+ * Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ *
+ */
+ @Import(name="allowedActionsConfig")
+ private @Nullable Output allowedActionsConfig;
+
+ /**
+ * @return Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ *
+ */
+ public Optional> allowedActionsConfig() {
+ return Optional.ofNullable(this.allowedActionsConfig);
+ }
+
+ /**
+ * The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ *
+ */
+ @Import(name="enabledOrganizations", required=true)
+ private Output enabledOrganizations;
+
+ /**
+ * @return The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ *
+ */
+ public Output enabledOrganizations() {
+ return this.enabledOrganizations;
+ }
+
+ /**
+ * Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ *
+ */
+ @Import(name="enabledOrganizationsConfig")
+ private @Nullable Output enabledOrganizationsConfig;
+
+ /**
+ * @return Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ *
+ */
+ public Optional> enabledOrganizationsConfig() {
+ return Optional.ofNullable(this.enabledOrganizationsConfig);
+ }
+
+ /**
+ * The ID of the enterprise.
+ *
+ */
+ @Import(name="enterpriseId", required=true)
+ private Output enterpriseId;
+
+ /**
+ * @return The ID of the enterprise.
+ *
+ */
+ public Output enterpriseId() {
+ return this.enterpriseId;
+ }
+
+ private EnterpriseActionsPermissionsArgs() {}
+
+ private EnterpriseActionsPermissionsArgs(EnterpriseActionsPermissionsArgs $) {
+ this.allowedActions = $.allowedActions;
+ this.allowedActionsConfig = $.allowedActionsConfig;
+ this.enabledOrganizations = $.enabledOrganizations;
+ this.enabledOrganizationsConfig = $.enabledOrganizationsConfig;
+ this.enterpriseId = $.enterpriseId;
+ }
+
+ public static Builder builder() {
+ return new Builder();
+ }
+ public static Builder builder(EnterpriseActionsPermissionsArgs defaults) {
+ return new Builder(defaults);
+ }
+
+ public static final class Builder {
+ private EnterpriseActionsPermissionsArgs $;
+
+ public Builder() {
+ $ = new EnterpriseActionsPermissionsArgs();
+ }
+
+ public Builder(EnterpriseActionsPermissionsArgs defaults) {
+ $ = new EnterpriseActionsPermissionsArgs(Objects.requireNonNull(defaults));
+ }
+
+ /**
+ * @param allowedActions The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ *
+ * @return builder
+ *
+ */
+ public Builder allowedActions(@Nullable Output allowedActions) {
+ $.allowedActions = allowedActions;
+ return this;
+ }
+
+ /**
+ * @param allowedActions The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ *
+ * @return builder
+ *
+ */
+ public Builder allowedActions(String allowedActions) {
+ return allowedActions(Output.of(allowedActions));
+ }
+
+ /**
+ * @param allowedActionsConfig Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ *
+ * @return builder
+ *
+ */
+ public Builder allowedActionsConfig(@Nullable Output allowedActionsConfig) {
+ $.allowedActionsConfig = allowedActionsConfig;
+ return this;
+ }
+
+ /**
+ * @param allowedActionsConfig Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ *
+ * @return builder
+ *
+ */
+ public Builder allowedActionsConfig(EnterpriseActionsPermissionsAllowedActionsConfigArgs allowedActionsConfig) {
+ return allowedActionsConfig(Output.of(allowedActionsConfig));
+ }
+
+ /**
+ * @param enabledOrganizations The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ *
+ * @return builder
+ *
+ */
+ public Builder enabledOrganizations(Output enabledOrganizations) {
+ $.enabledOrganizations = enabledOrganizations;
+ return this;
+ }
+
+ /**
+ * @param enabledOrganizations The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ *
+ * @return builder
+ *
+ */
+ public Builder enabledOrganizations(String enabledOrganizations) {
+ return enabledOrganizations(Output.of(enabledOrganizations));
+ }
+
+ /**
+ * @param enabledOrganizationsConfig Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ *
+ * @return builder
+ *
+ */
+ public Builder enabledOrganizationsConfig(@Nullable Output enabledOrganizationsConfig) {
+ $.enabledOrganizationsConfig = enabledOrganizationsConfig;
+ return this;
+ }
+
+ /**
+ * @param enabledOrganizationsConfig Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ *
+ * @return builder
+ *
+ */
+ public Builder enabledOrganizationsConfig(EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs enabledOrganizationsConfig) {
+ return enabledOrganizationsConfig(Output.of(enabledOrganizationsConfig));
+ }
+
+ /**
+ * @param enterpriseId The ID of the enterprise.
+ *
+ * @return builder
+ *
+ */
+ public Builder enterpriseId(Output enterpriseId) {
+ $.enterpriseId = enterpriseId;
+ return this;
+ }
+
+ /**
+ * @param enterpriseId The ID of the enterprise.
+ *
+ * @return builder
+ *
+ */
+ public Builder enterpriseId(String enterpriseId) {
+ return enterpriseId(Output.of(enterpriseId));
+ }
+
+ public EnterpriseActionsPermissionsArgs build() {
+ if ($.enabledOrganizations == null) {
+ throw new MissingRequiredPropertyException("EnterpriseActionsPermissionsArgs", "enabledOrganizations");
+ }
+ if ($.enterpriseId == null) {
+ throw new MissingRequiredPropertyException("EnterpriseActionsPermissionsArgs", "enterpriseId");
+ }
+ return $;
+ }
+ }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/github/inputs/EnterpriseActionsPermissionsAllowedActionsConfigArgs.java b/sdk/java/src/main/java/com/pulumi/github/inputs/EnterpriseActionsPermissionsAllowedActionsConfigArgs.java
new file mode 100644
index 00000000..d43d1965
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/github/inputs/EnterpriseActionsPermissionsAllowedActionsConfigArgs.java
@@ -0,0 +1,173 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.github.inputs;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.Boolean;
+import java.lang.String;
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class EnterpriseActionsPermissionsAllowedActionsConfigArgs extends com.pulumi.resources.ResourceArgs {
+
+ public static final EnterpriseActionsPermissionsAllowedActionsConfigArgs Empty = new EnterpriseActionsPermissionsAllowedActionsConfigArgs();
+
+ /**
+ * Whether GitHub-owned actions are allowed in the organization.
+ *
+ */
+ @Import(name="githubOwnedAllowed", required=true)
+ private Output githubOwnedAllowed;
+
+ /**
+ * @return Whether GitHub-owned actions are allowed in the organization.
+ *
+ */
+ public Output githubOwnedAllowed() {
+ return this.githubOwnedAllowed;
+ }
+
+ /**
+ * Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ *
+ */
+ @Import(name="patternsAlloweds")
+ private @Nullable Output> patternsAlloweds;
+
+ /**
+ * @return Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ *
+ */
+ public Optional>> patternsAlloweds() {
+ return Optional.ofNullable(this.patternsAlloweds);
+ }
+
+ /**
+ * Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ *
+ */
+ @Import(name="verifiedAllowed")
+ private @Nullable Output verifiedAllowed;
+
+ /**
+ * @return Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ *
+ */
+ public Optional> verifiedAllowed() {
+ return Optional.ofNullable(this.verifiedAllowed);
+ }
+
+ private EnterpriseActionsPermissionsAllowedActionsConfigArgs() {}
+
+ private EnterpriseActionsPermissionsAllowedActionsConfigArgs(EnterpriseActionsPermissionsAllowedActionsConfigArgs $) {
+ this.githubOwnedAllowed = $.githubOwnedAllowed;
+ this.patternsAlloweds = $.patternsAlloweds;
+ this.verifiedAllowed = $.verifiedAllowed;
+ }
+
+ public static Builder builder() {
+ return new Builder();
+ }
+ public static Builder builder(EnterpriseActionsPermissionsAllowedActionsConfigArgs defaults) {
+ return new Builder(defaults);
+ }
+
+ public static final class Builder {
+ private EnterpriseActionsPermissionsAllowedActionsConfigArgs $;
+
+ public Builder() {
+ $ = new EnterpriseActionsPermissionsAllowedActionsConfigArgs();
+ }
+
+ public Builder(EnterpriseActionsPermissionsAllowedActionsConfigArgs defaults) {
+ $ = new EnterpriseActionsPermissionsAllowedActionsConfigArgs(Objects.requireNonNull(defaults));
+ }
+
+ /**
+ * @param githubOwnedAllowed Whether GitHub-owned actions are allowed in the organization.
+ *
+ * @return builder
+ *
+ */
+ public Builder githubOwnedAllowed(Output githubOwnedAllowed) {
+ $.githubOwnedAllowed = githubOwnedAllowed;
+ return this;
+ }
+
+ /**
+ * @param githubOwnedAllowed Whether GitHub-owned actions are allowed in the organization.
+ *
+ * @return builder
+ *
+ */
+ public Builder githubOwnedAllowed(Boolean githubOwnedAllowed) {
+ return githubOwnedAllowed(Output.of(githubOwnedAllowed));
+ }
+
+ /**
+ * @param patternsAlloweds Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ *
+ * @return builder
+ *
+ */
+ public Builder patternsAlloweds(@Nullable Output> patternsAlloweds) {
+ $.patternsAlloweds = patternsAlloweds;
+ return this;
+ }
+
+ /**
+ * @param patternsAlloweds Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ *
+ * @return builder
+ *
+ */
+ public Builder patternsAlloweds(List patternsAlloweds) {
+ return patternsAlloweds(Output.of(patternsAlloweds));
+ }
+
+ /**
+ * @param patternsAlloweds Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ *
+ * @return builder
+ *
+ */
+ public Builder patternsAlloweds(String... patternsAlloweds) {
+ return patternsAlloweds(List.of(patternsAlloweds));
+ }
+
+ /**
+ * @param verifiedAllowed Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ *
+ * @return builder
+ *
+ */
+ public Builder verifiedAllowed(@Nullable Output verifiedAllowed) {
+ $.verifiedAllowed = verifiedAllowed;
+ return this;
+ }
+
+ /**
+ * @param verifiedAllowed Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ *
+ * @return builder
+ *
+ */
+ public Builder verifiedAllowed(Boolean verifiedAllowed) {
+ return verifiedAllowed(Output.of(verifiedAllowed));
+ }
+
+ public EnterpriseActionsPermissionsAllowedActionsConfigArgs build() {
+ if ($.githubOwnedAllowed == null) {
+ throw new MissingRequiredPropertyException("EnterpriseActionsPermissionsAllowedActionsConfigArgs", "githubOwnedAllowed");
+ }
+ return $;
+ }
+ }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/github/inputs/EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs.java b/sdk/java/src/main/java/com/pulumi/github/inputs/EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs.java
new file mode 100644
index 00000000..16003ef7
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/github/inputs/EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs.java
@@ -0,0 +1,96 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.github.inputs;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.Integer;
+import java.util.List;
+import java.util.Objects;
+
+
+public final class EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs extends com.pulumi.resources.ResourceArgs {
+
+ public static final EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs Empty = new EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs();
+
+ /**
+ * List of organization IDs to enable for GitHub Actions.
+ *
+ */
+ @Import(name="organizationIds", required=true)
+ private Output> organizationIds;
+
+ /**
+ * @return List of organization IDs to enable for GitHub Actions.
+ *
+ */
+ public Output> organizationIds() {
+ return this.organizationIds;
+ }
+
+ private EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs() {}
+
+ private EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs(EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs $) {
+ this.organizationIds = $.organizationIds;
+ }
+
+ public static Builder builder() {
+ return new Builder();
+ }
+ public static Builder builder(EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs defaults) {
+ return new Builder(defaults);
+ }
+
+ public static final class Builder {
+ private EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs $;
+
+ public Builder() {
+ $ = new EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs();
+ }
+
+ public Builder(EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs defaults) {
+ $ = new EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs(Objects.requireNonNull(defaults));
+ }
+
+ /**
+ * @param organizationIds List of organization IDs to enable for GitHub Actions.
+ *
+ * @return builder
+ *
+ */
+ public Builder organizationIds(Output> organizationIds) {
+ $.organizationIds = organizationIds;
+ return this;
+ }
+
+ /**
+ * @param organizationIds List of organization IDs to enable for GitHub Actions.
+ *
+ * @return builder
+ *
+ */
+ public Builder organizationIds(List organizationIds) {
+ return organizationIds(Output.of(organizationIds));
+ }
+
+ /**
+ * @param organizationIds List of organization IDs to enable for GitHub Actions.
+ *
+ * @return builder
+ *
+ */
+ public Builder organizationIds(Integer... organizationIds) {
+ return organizationIds(List.of(organizationIds));
+ }
+
+ public EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs build() {
+ if ($.organizationIds == null) {
+ throw new MissingRequiredPropertyException("EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs", "organizationIds");
+ }
+ return $;
+ }
+ }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/github/inputs/EnterpriseActionsPermissionsState.java b/sdk/java/src/main/java/com/pulumi/github/inputs/EnterpriseActionsPermissionsState.java
new file mode 100644
index 00000000..c0f4d110
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/github/inputs/EnterpriseActionsPermissionsState.java
@@ -0,0 +1,233 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.github.inputs;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import com.pulumi.github.inputs.EnterpriseActionsPermissionsAllowedActionsConfigArgs;
+import com.pulumi.github.inputs.EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs;
+import java.lang.String;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class EnterpriseActionsPermissionsState extends com.pulumi.resources.ResourceArgs {
+
+ public static final EnterpriseActionsPermissionsState Empty = new EnterpriseActionsPermissionsState();
+
+ /**
+ * The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ *
+ */
+ @Import(name="allowedActions")
+ private @Nullable Output allowedActions;
+
+ /**
+ * @return The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ *
+ */
+ public Optional> allowedActions() {
+ return Optional.ofNullable(this.allowedActions);
+ }
+
+ /**
+ * Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ *
+ */
+ @Import(name="allowedActionsConfig")
+ private @Nullable Output allowedActionsConfig;
+
+ /**
+ * @return Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ *
+ */
+ public Optional> allowedActionsConfig() {
+ return Optional.ofNullable(this.allowedActionsConfig);
+ }
+
+ /**
+ * The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ *
+ */
+ @Import(name="enabledOrganizations")
+ private @Nullable Output enabledOrganizations;
+
+ /**
+ * @return The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ *
+ */
+ public Optional> enabledOrganizations() {
+ return Optional.ofNullable(this.enabledOrganizations);
+ }
+
+ /**
+ * Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ *
+ */
+ @Import(name="enabledOrganizationsConfig")
+ private @Nullable Output enabledOrganizationsConfig;
+
+ /**
+ * @return Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ *
+ */
+ public Optional> enabledOrganizationsConfig() {
+ return Optional.ofNullable(this.enabledOrganizationsConfig);
+ }
+
+ /**
+ * The ID of the enterprise.
+ *
+ */
+ @Import(name="enterpriseId")
+ private @Nullable Output enterpriseId;
+
+ /**
+ * @return The ID of the enterprise.
+ *
+ */
+ public Optional> enterpriseId() {
+ return Optional.ofNullable(this.enterpriseId);
+ }
+
+ private EnterpriseActionsPermissionsState() {}
+
+ private EnterpriseActionsPermissionsState(EnterpriseActionsPermissionsState $) {
+ this.allowedActions = $.allowedActions;
+ this.allowedActionsConfig = $.allowedActionsConfig;
+ this.enabledOrganizations = $.enabledOrganizations;
+ this.enabledOrganizationsConfig = $.enabledOrganizationsConfig;
+ this.enterpriseId = $.enterpriseId;
+ }
+
+ public static Builder builder() {
+ return new Builder();
+ }
+ public static Builder builder(EnterpriseActionsPermissionsState defaults) {
+ return new Builder(defaults);
+ }
+
+ public static final class Builder {
+ private EnterpriseActionsPermissionsState $;
+
+ public Builder() {
+ $ = new EnterpriseActionsPermissionsState();
+ }
+
+ public Builder(EnterpriseActionsPermissionsState defaults) {
+ $ = new EnterpriseActionsPermissionsState(Objects.requireNonNull(defaults));
+ }
+
+ /**
+ * @param allowedActions The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ *
+ * @return builder
+ *
+ */
+ public Builder allowedActions(@Nullable Output allowedActions) {
+ $.allowedActions = allowedActions;
+ return this;
+ }
+
+ /**
+ * @param allowedActions The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ *
+ * @return builder
+ *
+ */
+ public Builder allowedActions(String allowedActions) {
+ return allowedActions(Output.of(allowedActions));
+ }
+
+ /**
+ * @param allowedActionsConfig Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ *
+ * @return builder
+ *
+ */
+ public Builder allowedActionsConfig(@Nullable Output allowedActionsConfig) {
+ $.allowedActionsConfig = allowedActionsConfig;
+ return this;
+ }
+
+ /**
+ * @param allowedActionsConfig Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ *
+ * @return builder
+ *
+ */
+ public Builder allowedActionsConfig(EnterpriseActionsPermissionsAllowedActionsConfigArgs allowedActionsConfig) {
+ return allowedActionsConfig(Output.of(allowedActionsConfig));
+ }
+
+ /**
+ * @param enabledOrganizations The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ *
+ * @return builder
+ *
+ */
+ public Builder enabledOrganizations(@Nullable Output enabledOrganizations) {
+ $.enabledOrganizations = enabledOrganizations;
+ return this;
+ }
+
+ /**
+ * @param enabledOrganizations The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ *
+ * @return builder
+ *
+ */
+ public Builder enabledOrganizations(String enabledOrganizations) {
+ return enabledOrganizations(Output.of(enabledOrganizations));
+ }
+
+ /**
+ * @param enabledOrganizationsConfig Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ *
+ * @return builder
+ *
+ */
+ public Builder enabledOrganizationsConfig(@Nullable Output enabledOrganizationsConfig) {
+ $.enabledOrganizationsConfig = enabledOrganizationsConfig;
+ return this;
+ }
+
+ /**
+ * @param enabledOrganizationsConfig Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ *
+ * @return builder
+ *
+ */
+ public Builder enabledOrganizationsConfig(EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs enabledOrganizationsConfig) {
+ return enabledOrganizationsConfig(Output.of(enabledOrganizationsConfig));
+ }
+
+ /**
+ * @param enterpriseId The ID of the enterprise.
+ *
+ * @return builder
+ *
+ */
+ public Builder enterpriseId(@Nullable Output enterpriseId) {
+ $.enterpriseId = enterpriseId;
+ return this;
+ }
+
+ /**
+ * @param enterpriseId The ID of the enterprise.
+ *
+ * @return builder
+ *
+ */
+ public Builder enterpriseId(String enterpriseId) {
+ return enterpriseId(Output.of(enterpriseId));
+ }
+
+ public EnterpriseActionsPermissionsState build() {
+ return $;
+ }
+ }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/github/outputs/EnterpriseActionsPermissionsAllowedActionsConfig.java b/sdk/java/src/main/java/com/pulumi/github/outputs/EnterpriseActionsPermissionsAllowedActionsConfig.java
new file mode 100644
index 00000000..8c7f0496
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/github/outputs/EnterpriseActionsPermissionsAllowedActionsConfig.java
@@ -0,0 +1,107 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.github.outputs;
+
+import com.pulumi.core.annotations.CustomType;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.Boolean;
+import java.lang.String;
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+@CustomType
+public final class EnterpriseActionsPermissionsAllowedActionsConfig {
+ /**
+ * @return Whether GitHub-owned actions are allowed in the organization.
+ *
+ */
+ private Boolean githubOwnedAllowed;
+ /**
+ * @return Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ *
+ */
+ private @Nullable List patternsAlloweds;
+ /**
+ * @return Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ *
+ */
+ private @Nullable Boolean verifiedAllowed;
+
+ private EnterpriseActionsPermissionsAllowedActionsConfig() {}
+ /**
+ * @return Whether GitHub-owned actions are allowed in the organization.
+ *
+ */
+ public Boolean githubOwnedAllowed() {
+ return this.githubOwnedAllowed;
+ }
+ /**
+ * @return Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ *
+ */
+ public List patternsAlloweds() {
+ return this.patternsAlloweds == null ? List.of() : this.patternsAlloweds;
+ }
+ /**
+ * @return Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ *
+ */
+ public Optional verifiedAllowed() {
+ return Optional.ofNullable(this.verifiedAllowed);
+ }
+
+ public static Builder builder() {
+ return new Builder();
+ }
+
+ public static Builder builder(EnterpriseActionsPermissionsAllowedActionsConfig defaults) {
+ return new Builder(defaults);
+ }
+ @CustomType.Builder
+ public static final class Builder {
+ private Boolean githubOwnedAllowed;
+ private @Nullable List patternsAlloweds;
+ private @Nullable Boolean verifiedAllowed;
+ public Builder() {}
+ public Builder(EnterpriseActionsPermissionsAllowedActionsConfig defaults) {
+ Objects.requireNonNull(defaults);
+ this.githubOwnedAllowed = defaults.githubOwnedAllowed;
+ this.patternsAlloweds = defaults.patternsAlloweds;
+ this.verifiedAllowed = defaults.verifiedAllowed;
+ }
+
+ @CustomType.Setter
+ public Builder githubOwnedAllowed(Boolean githubOwnedAllowed) {
+ if (githubOwnedAllowed == null) {
+ throw new MissingRequiredPropertyException("EnterpriseActionsPermissionsAllowedActionsConfig", "githubOwnedAllowed");
+ }
+ this.githubOwnedAllowed = githubOwnedAllowed;
+ return this;
+ }
+ @CustomType.Setter
+ public Builder patternsAlloweds(@Nullable List patternsAlloweds) {
+
+ this.patternsAlloweds = patternsAlloweds;
+ return this;
+ }
+ public Builder patternsAlloweds(String... patternsAlloweds) {
+ return patternsAlloweds(List.of(patternsAlloweds));
+ }
+ @CustomType.Setter
+ public Builder verifiedAllowed(@Nullable Boolean verifiedAllowed) {
+
+ this.verifiedAllowed = verifiedAllowed;
+ return this;
+ }
+ public EnterpriseActionsPermissionsAllowedActionsConfig build() {
+ final var _resultValue = new EnterpriseActionsPermissionsAllowedActionsConfig();
+ _resultValue.githubOwnedAllowed = githubOwnedAllowed;
+ _resultValue.patternsAlloweds = patternsAlloweds;
+ _resultValue.verifiedAllowed = verifiedAllowed;
+ return _resultValue;
+ }
+ }
+}
diff --git a/sdk/java/src/main/java/com/pulumi/github/outputs/EnterpriseActionsPermissionsEnabledOrganizationsConfig.java b/sdk/java/src/main/java/com/pulumi/github/outputs/EnterpriseActionsPermissionsEnabledOrganizationsConfig.java
new file mode 100644
index 00000000..90e59ea1
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/github/outputs/EnterpriseActionsPermissionsEnabledOrganizationsConfig.java
@@ -0,0 +1,62 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.github.outputs;
+
+import com.pulumi.core.annotations.CustomType;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.Integer;
+import java.util.List;
+import java.util.Objects;
+
+@CustomType
+public final class EnterpriseActionsPermissionsEnabledOrganizationsConfig {
+ /**
+ * @return List of organization IDs to enable for GitHub Actions.
+ *
+ */
+ private List organizationIds;
+
+ private EnterpriseActionsPermissionsEnabledOrganizationsConfig() {}
+ /**
+ * @return List of organization IDs to enable for GitHub Actions.
+ *
+ */
+ public List organizationIds() {
+ return this.organizationIds;
+ }
+
+ public static Builder builder() {
+ return new Builder();
+ }
+
+ public static Builder builder(EnterpriseActionsPermissionsEnabledOrganizationsConfig defaults) {
+ return new Builder(defaults);
+ }
+ @CustomType.Builder
+ public static final class Builder {
+ private List organizationIds;
+ public Builder() {}
+ public Builder(EnterpriseActionsPermissionsEnabledOrganizationsConfig defaults) {
+ Objects.requireNonNull(defaults);
+ this.organizationIds = defaults.organizationIds;
+ }
+
+ @CustomType.Setter
+ public Builder organizationIds(List organizationIds) {
+ if (organizationIds == null) {
+ throw new MissingRequiredPropertyException("EnterpriseActionsPermissionsEnabledOrganizationsConfig", "organizationIds");
+ }
+ this.organizationIds = organizationIds;
+ return this;
+ }
+ public Builder organizationIds(Integer... organizationIds) {
+ return organizationIds(List.of(organizationIds));
+ }
+ public EnterpriseActionsPermissionsEnabledOrganizationsConfig build() {
+ final var _resultValue = new EnterpriseActionsPermissionsEnabledOrganizationsConfig();
+ _resultValue.organizationIds = organizationIds;
+ return _resultValue;
+ }
+ }
+}
diff --git a/sdk/nodejs/enterpriseActionsPermissions.ts b/sdk/nodejs/enterpriseActionsPermissions.ts
new file mode 100644
index 00000000..fec01e21
--- /dev/null
+++ b/sdk/nodejs/enterpriseActionsPermissions.ts
@@ -0,0 +1,187 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "./types/input";
+import * as outputs from "./types/output";
+import * as utilities from "./utilities";
+
+/**
+ * This resource allows you to create and manage GitHub Actions permissions within your GitHub enterprise.
+ * You must have admin access to an enterprise to use this resource.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as github from "@pulumi/github";
+ *
+ * const example-enterprise = github.getEnterprise({
+ * slug: "my-enterprise",
+ * });
+ * const example-org = github.getOrganization({
+ * name: "my-org",
+ * });
+ * const test = new github.EnterpriseActionsPermissions("test", {
+ * enterpriseId: example_enterprise.then(example_enterprise => example_enterprise.slug),
+ * allowedActions: "selected",
+ * enabledOrganizations: "selected",
+ * allowedActionsConfig: {
+ * githubOwnedAllowed: true,
+ * patternsAlloweds: [
+ * "actions/cache@*",
+ * "actions/checkout@*",
+ * ],
+ * verifiedAllowed: true,
+ * },
+ * enabledOrganizationsConfig: {
+ * organizationIds: [example_org.then(example_org => example_org.id)],
+ * },
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * This resource can be imported using the name of the GitHub enterprise:
+ *
+ * ```sh
+ * $ pulumi import github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions test github_enterprise_name
+ * ```
+ */
+export class EnterpriseActionsPermissions extends pulumi.CustomResource {
+ /**
+ * Get an existing EnterpriseActionsPermissions resource's state with the given name, ID, and optional extra
+ * properties used to qualify the lookup.
+ *
+ * @param name The _unique_ name of the resulting resource.
+ * @param id The _unique_ provider ID of the resource to lookup.
+ * @param state Any extra arguments used during the lookup.
+ * @param opts Optional settings to control the behavior of the CustomResource.
+ */
+ public static get(name: string, id: pulumi.Input, state?: EnterpriseActionsPermissionsState, opts?: pulumi.CustomResourceOptions): EnterpriseActionsPermissions {
+ return new EnterpriseActionsPermissions(name, state, { ...opts, id: id });
+ }
+
+ /** @internal */
+ public static readonly __pulumiType = 'github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions';
+
+ /**
+ * Returns true if the given object is an instance of EnterpriseActionsPermissions. This is designed to work even
+ * when multiple copies of the Pulumi SDK have been loaded into the same process.
+ */
+ public static isInstance(obj: any): obj is EnterpriseActionsPermissions {
+ if (obj === undefined || obj === null) {
+ return false;
+ }
+ return obj['__pulumiType'] === EnterpriseActionsPermissions.__pulumiType;
+ }
+
+ /**
+ * The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `localOnly`, or `selected`.
+ */
+ public readonly allowedActions!: pulumi.Output;
+ /**
+ * Sets the actions that are allowed in an enterprise. Only available when `allowedActions` = `selected`. See Allowed Actions Config below for details.
+ */
+ public readonly allowedActionsConfig!: pulumi.Output;
+ /**
+ * The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ */
+ public readonly enabledOrganizations!: pulumi.Output;
+ /**
+ * Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabledOrganizations` = `selected`. See Enabled Organizations Config below for details.
+ */
+ public readonly enabledOrganizationsConfig!: pulumi.Output;
+ /**
+ * The ID of the enterprise.
+ */
+ public readonly enterpriseId!: pulumi.Output;
+
+ /**
+ * Create a EnterpriseActionsPermissions resource with the given unique name, arguments, and options.
+ *
+ * @param name The _unique_ name of the resource.
+ * @param args The arguments to use to populate this resource's properties.
+ * @param opts A bag of options that control this resource's behavior.
+ */
+ constructor(name: string, args: EnterpriseActionsPermissionsArgs, opts?: pulumi.CustomResourceOptions)
+ constructor(name: string, argsOrState?: EnterpriseActionsPermissionsArgs | EnterpriseActionsPermissionsState, opts?: pulumi.CustomResourceOptions) {
+ let resourceInputs: pulumi.Inputs = {};
+ opts = opts || {};
+ if (opts.id) {
+ const state = argsOrState as EnterpriseActionsPermissionsState | undefined;
+ resourceInputs["allowedActions"] = state ? state.allowedActions : undefined;
+ resourceInputs["allowedActionsConfig"] = state ? state.allowedActionsConfig : undefined;
+ resourceInputs["enabledOrganizations"] = state ? state.enabledOrganizations : undefined;
+ resourceInputs["enabledOrganizationsConfig"] = state ? state.enabledOrganizationsConfig : undefined;
+ resourceInputs["enterpriseId"] = state ? state.enterpriseId : undefined;
+ } else {
+ const args = argsOrState as EnterpriseActionsPermissionsArgs | undefined;
+ if ((!args || args.enabledOrganizations === undefined) && !opts.urn) {
+ throw new Error("Missing required property 'enabledOrganizations'");
+ }
+ if ((!args || args.enterpriseId === undefined) && !opts.urn) {
+ throw new Error("Missing required property 'enterpriseId'");
+ }
+ resourceInputs["allowedActions"] = args ? args.allowedActions : undefined;
+ resourceInputs["allowedActionsConfig"] = args ? args.allowedActionsConfig : undefined;
+ resourceInputs["enabledOrganizations"] = args ? args.enabledOrganizations : undefined;
+ resourceInputs["enabledOrganizationsConfig"] = args ? args.enabledOrganizationsConfig : undefined;
+ resourceInputs["enterpriseId"] = args ? args.enterpriseId : undefined;
+ }
+ opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+ super(EnterpriseActionsPermissions.__pulumiType, name, resourceInputs, opts);
+ }
+}
+
+/**
+ * Input properties used for looking up and filtering EnterpriseActionsPermissions resources.
+ */
+export interface EnterpriseActionsPermissionsState {
+ /**
+ * The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `localOnly`, or `selected`.
+ */
+ allowedActions?: pulumi.Input;
+ /**
+ * Sets the actions that are allowed in an enterprise. Only available when `allowedActions` = `selected`. See Allowed Actions Config below for details.
+ */
+ allowedActionsConfig?: pulumi.Input;
+ /**
+ * The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ */
+ enabledOrganizations?: pulumi.Input;
+ /**
+ * Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabledOrganizations` = `selected`. See Enabled Organizations Config below for details.
+ */
+ enabledOrganizationsConfig?: pulumi.Input;
+ /**
+ * The ID of the enterprise.
+ */
+ enterpriseId?: pulumi.Input;
+}
+
+/**
+ * The set of arguments for constructing a EnterpriseActionsPermissions resource.
+ */
+export interface EnterpriseActionsPermissionsArgs {
+ /**
+ * The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `localOnly`, or `selected`.
+ */
+ allowedActions?: pulumi.Input;
+ /**
+ * Sets the actions that are allowed in an enterprise. Only available when `allowedActions` = `selected`. See Allowed Actions Config below for details.
+ */
+ allowedActionsConfig?: pulumi.Input;
+ /**
+ * The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ */
+ enabledOrganizations: pulumi.Input;
+ /**
+ * Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabledOrganizations` = `selected`. See Enabled Organizations Config below for details.
+ */
+ enabledOrganizationsConfig?: pulumi.Input;
+ /**
+ * The ID of the enterprise.
+ */
+ enterpriseId: pulumi.Input;
+}
diff --git a/sdk/nodejs/index.ts b/sdk/nodejs/index.ts
index e87cc95f..5448fce3 100644
--- a/sdk/nodejs/index.ts
+++ b/sdk/nodejs/index.ts
@@ -140,6 +140,11 @@ export type EmuGroupMapping = import("./emuGroupMapping").EmuGroupMapping;
export const EmuGroupMapping: typeof import("./emuGroupMapping").EmuGroupMapping = null as any;
utilities.lazyLoad(exports, ["EmuGroupMapping"], () => require("./emuGroupMapping"));
+export { EnterpriseActionsPermissionsArgs, EnterpriseActionsPermissionsState } from "./enterpriseActionsPermissions";
+export type EnterpriseActionsPermissions = import("./enterpriseActionsPermissions").EnterpriseActionsPermissions;
+export const EnterpriseActionsPermissions: typeof import("./enterpriseActionsPermissions").EnterpriseActionsPermissions = null as any;
+utilities.lazyLoad(exports, ["EnterpriseActionsPermissions"], () => require("./enterpriseActionsPermissions"));
+
export { EnterpriseOrganizationArgs, EnterpriseOrganizationState } from "./enterpriseOrganization";
export type EnterpriseOrganization = import("./enterpriseOrganization").EnterpriseOrganization;
export const EnterpriseOrganization: typeof import("./enterpriseOrganization").EnterpriseOrganization = null as any;
@@ -723,6 +728,8 @@ const _module = {
return new DependabotSecret(name, undefined, { urn })
case "github:index/emuGroupMapping:EmuGroupMapping":
return new EmuGroupMapping(name, undefined, { urn })
+ case "github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions":
+ return new EnterpriseActionsPermissions(name, undefined, { urn })
case "github:index/enterpriseOrganization:EnterpriseOrganization":
return new EnterpriseOrganization(name, undefined, { urn })
case "github:index/issue:Issue":
@@ -837,6 +844,7 @@ pulumi.runtime.registerResourceModule("github", "index/dependabotOrganizationSec
pulumi.runtime.registerResourceModule("github", "index/dependabotOrganizationSecretRepositories", _module)
pulumi.runtime.registerResourceModule("github", "index/dependabotSecret", _module)
pulumi.runtime.registerResourceModule("github", "index/emuGroupMapping", _module)
+pulumi.runtime.registerResourceModule("github", "index/enterpriseActionsPermissions", _module)
pulumi.runtime.registerResourceModule("github", "index/enterpriseOrganization", _module)
pulumi.runtime.registerResourceModule("github", "index/issue", _module)
pulumi.runtime.registerResourceModule("github", "index/issueLabel", _module)
diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json
index eccd9c0e..5db7975f 100644
--- a/sdk/nodejs/tsconfig.json
+++ b/sdk/nodejs/tsconfig.json
@@ -42,6 +42,7 @@
"dependabotOrganizationSecretRepositories.ts",
"dependabotSecret.ts",
"emuGroupMapping.ts",
+ "enterpriseActionsPermissions.ts",
"enterpriseOrganization.ts",
"getActionsEnvironmentSecrets.ts",
"getActionsEnvironmentVariables.ts",
diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts
index a31a671a..527a2da7 100644
--- a/sdk/nodejs/types/input.ts
+++ b/sdk/nodejs/types/input.ts
@@ -196,6 +196,28 @@ export interface BranchProtectionV3Restrictions {
users?: pulumi.Input[]>;
}
+export interface EnterpriseActionsPermissionsAllowedActionsConfig {
+ /**
+ * Whether GitHub-owned actions are allowed in the organization.
+ */
+ githubOwnedAllowed: pulumi.Input;
+ /**
+ * Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ */
+ patternsAlloweds?: pulumi.Input[]>;
+ /**
+ * Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ */
+ verifiedAllowed?: pulumi.Input;
+}
+
+export interface EnterpriseActionsPermissionsEnabledOrganizationsConfig {
+ /**
+ * List of organization IDs to enable for GitHub Actions.
+ */
+ organizationIds: pulumi.Input[]>;
+}
+
export interface IssueLabelsLabel {
/**
* A 6 character hex code, **without the leading #**, identifying the color of the label.
diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts
index dd482c4c..f8fc7698 100644
--- a/sdk/nodejs/types/output.ts
+++ b/sdk/nodejs/types/output.ts
@@ -196,6 +196,28 @@ export interface BranchProtectionV3Restrictions {
users?: string[];
}
+export interface EnterpriseActionsPermissionsAllowedActionsConfig {
+ /**
+ * Whether GitHub-owned actions are allowed in the organization.
+ */
+ githubOwnedAllowed: boolean;
+ /**
+ * Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ */
+ patternsAlloweds?: string[];
+ /**
+ * Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ */
+ verifiedAllowed?: boolean;
+}
+
+export interface EnterpriseActionsPermissionsEnabledOrganizationsConfig {
+ /**
+ * List of organization IDs to enable for GitHub Actions.
+ */
+ organizationIds: number[];
+}
+
export interface GetActionsEnvironmentSecretsSecret {
/**
* Timestamp of the secret creation
diff --git a/sdk/python/pulumi_github/__init__.py b/sdk/python/pulumi_github/__init__.py
index d943f46f..e19846a4 100644
--- a/sdk/python/pulumi_github/__init__.py
+++ b/sdk/python/pulumi_github/__init__.py
@@ -32,6 +32,7 @@
from .dependabot_organization_secret_repositories import *
from .dependabot_secret import *
from .emu_group_mapping import *
+from .enterprise_actions_permissions import *
from .enterprise_organization import *
from .get_actions_environment_secrets import *
from .get_actions_environment_variables import *
@@ -364,6 +365,14 @@
"github:index/emuGroupMapping:EmuGroupMapping": "EmuGroupMapping"
}
},
+ {
+ "pkg": "github",
+ "mod": "index/enterpriseActionsPermissions",
+ "fqn": "pulumi_github",
+ "classes": {
+ "github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions": "EnterpriseActionsPermissions"
+ }
+ },
{
"pkg": "github",
"mod": "index/enterpriseOrganization",
diff --git a/sdk/python/pulumi_github/_inputs.py b/sdk/python/pulumi_github/_inputs.py
index e06993bd..b1eef14e 100644
--- a/sdk/python/pulumi_github/_inputs.py
+++ b/sdk/python/pulumi_github/_inputs.py
@@ -20,6 +20,8 @@
'BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs',
'BranchProtectionV3RequiredStatusChecksArgs',
'BranchProtectionV3RestrictionsArgs',
+ 'EnterpriseActionsPermissionsAllowedActionsConfigArgs',
+ 'EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs',
'IssueLabelsLabelArgs',
'OrganizationRulesetBypassActorArgs',
'OrganizationRulesetConditionsArgs',
@@ -751,6 +753,82 @@ def users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
pulumi.set(self, "users", value)
+@pulumi.input_type
+class EnterpriseActionsPermissionsAllowedActionsConfigArgs:
+ def __init__(__self__, *,
+ github_owned_allowed: pulumi.Input[bool],
+ patterns_alloweds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+ verified_allowed: Optional[pulumi.Input[bool]] = None):
+ """
+ :param pulumi.Input[bool] github_owned_allowed: Whether GitHub-owned actions are allowed in the organization.
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] patterns_alloweds: Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ :param pulumi.Input[bool] verified_allowed: Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ """
+ pulumi.set(__self__, "github_owned_allowed", github_owned_allowed)
+ if patterns_alloweds is not None:
+ pulumi.set(__self__, "patterns_alloweds", patterns_alloweds)
+ if verified_allowed is not None:
+ pulumi.set(__self__, "verified_allowed", verified_allowed)
+
+ @property
+ @pulumi.getter(name="githubOwnedAllowed")
+ def github_owned_allowed(self) -> pulumi.Input[bool]:
+ """
+ Whether GitHub-owned actions are allowed in the organization.
+ """
+ return pulumi.get(self, "github_owned_allowed")
+
+ @github_owned_allowed.setter
+ def github_owned_allowed(self, value: pulumi.Input[bool]):
+ pulumi.set(self, "github_owned_allowed", value)
+
+ @property
+ @pulumi.getter(name="patternsAlloweds")
+ def patterns_alloweds(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+ """
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ """
+ return pulumi.get(self, "patterns_alloweds")
+
+ @patterns_alloweds.setter
+ def patterns_alloweds(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+ pulumi.set(self, "patterns_alloweds", value)
+
+ @property
+ @pulumi.getter(name="verifiedAllowed")
+ def verified_allowed(self) -> Optional[pulumi.Input[bool]]:
+ """
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ """
+ return pulumi.get(self, "verified_allowed")
+
+ @verified_allowed.setter
+ def verified_allowed(self, value: Optional[pulumi.Input[bool]]):
+ pulumi.set(self, "verified_allowed", value)
+
+
+@pulumi.input_type
+class EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs:
+ def __init__(__self__, *,
+ organization_ids: pulumi.Input[Sequence[pulumi.Input[int]]]):
+ """
+ :param pulumi.Input[Sequence[pulumi.Input[int]]] organization_ids: List of organization IDs to enable for GitHub Actions.
+ """
+ pulumi.set(__self__, "organization_ids", organization_ids)
+
+ @property
+ @pulumi.getter(name="organizationIds")
+ def organization_ids(self) -> pulumi.Input[Sequence[pulumi.Input[int]]]:
+ """
+ List of organization IDs to enable for GitHub Actions.
+ """
+ return pulumi.get(self, "organization_ids")
+
+ @organization_ids.setter
+ def organization_ids(self, value: pulumi.Input[Sequence[pulumi.Input[int]]]):
+ pulumi.set(self, "organization_ids", value)
+
+
@pulumi.input_type
class IssueLabelsLabelArgs:
def __init__(__self__, *,
diff --git a/sdk/python/pulumi_github/enterprise_actions_permissions.py b/sdk/python/pulumi_github/enterprise_actions_permissions.py
new file mode 100644
index 00000000..1cefc23d
--- /dev/null
+++ b/sdk/python/pulumi_github/enterprise_actions_permissions.py
@@ -0,0 +1,405 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+from . import _utilities
+from . import outputs
+from ._inputs import *
+
+__all__ = ['EnterpriseActionsPermissionsArgs', 'EnterpriseActionsPermissions']
+
+@pulumi.input_type
+class EnterpriseActionsPermissionsArgs:
+ def __init__(__self__, *,
+ enabled_organizations: pulumi.Input[str],
+ enterprise_id: pulumi.Input[str],
+ allowed_actions: Optional[pulumi.Input[str]] = None,
+ allowed_actions_config: Optional[pulumi.Input['EnterpriseActionsPermissionsAllowedActionsConfigArgs']] = None,
+ enabled_organizations_config: Optional[pulumi.Input['EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs']] = None):
+ """
+ The set of arguments for constructing a EnterpriseActionsPermissions resource.
+ :param pulumi.Input[str] enabled_organizations: The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ :param pulumi.Input[str] enterprise_id: The ID of the enterprise.
+ :param pulumi.Input[str] allowed_actions: The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ :param pulumi.Input['EnterpriseActionsPermissionsAllowedActionsConfigArgs'] allowed_actions_config: Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ :param pulumi.Input['EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs'] enabled_organizations_config: Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ """
+ pulumi.set(__self__, "enabled_organizations", enabled_organizations)
+ pulumi.set(__self__, "enterprise_id", enterprise_id)
+ if allowed_actions is not None:
+ pulumi.set(__self__, "allowed_actions", allowed_actions)
+ if allowed_actions_config is not None:
+ pulumi.set(__self__, "allowed_actions_config", allowed_actions_config)
+ if enabled_organizations_config is not None:
+ pulumi.set(__self__, "enabled_organizations_config", enabled_organizations_config)
+
+ @property
+ @pulumi.getter(name="enabledOrganizations")
+ def enabled_organizations(self) -> pulumi.Input[str]:
+ """
+ The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ """
+ return pulumi.get(self, "enabled_organizations")
+
+ @enabled_organizations.setter
+ def enabled_organizations(self, value: pulumi.Input[str]):
+ pulumi.set(self, "enabled_organizations", value)
+
+ @property
+ @pulumi.getter(name="enterpriseId")
+ def enterprise_id(self) -> pulumi.Input[str]:
+ """
+ The ID of the enterprise.
+ """
+ return pulumi.get(self, "enterprise_id")
+
+ @enterprise_id.setter
+ def enterprise_id(self, value: pulumi.Input[str]):
+ pulumi.set(self, "enterprise_id", value)
+
+ @property
+ @pulumi.getter(name="allowedActions")
+ def allowed_actions(self) -> Optional[pulumi.Input[str]]:
+ """
+ The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ """
+ return pulumi.get(self, "allowed_actions")
+
+ @allowed_actions.setter
+ def allowed_actions(self, value: Optional[pulumi.Input[str]]):
+ pulumi.set(self, "allowed_actions", value)
+
+ @property
+ @pulumi.getter(name="allowedActionsConfig")
+ def allowed_actions_config(self) -> Optional[pulumi.Input['EnterpriseActionsPermissionsAllowedActionsConfigArgs']]:
+ """
+ Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ """
+ return pulumi.get(self, "allowed_actions_config")
+
+ @allowed_actions_config.setter
+ def allowed_actions_config(self, value: Optional[pulumi.Input['EnterpriseActionsPermissionsAllowedActionsConfigArgs']]):
+ pulumi.set(self, "allowed_actions_config", value)
+
+ @property
+ @pulumi.getter(name="enabledOrganizationsConfig")
+ def enabled_organizations_config(self) -> Optional[pulumi.Input['EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs']]:
+ """
+ Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ """
+ return pulumi.get(self, "enabled_organizations_config")
+
+ @enabled_organizations_config.setter
+ def enabled_organizations_config(self, value: Optional[pulumi.Input['EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs']]):
+ pulumi.set(self, "enabled_organizations_config", value)
+
+
+@pulumi.input_type
+class _EnterpriseActionsPermissionsState:
+ def __init__(__self__, *,
+ allowed_actions: Optional[pulumi.Input[str]] = None,
+ allowed_actions_config: Optional[pulumi.Input['EnterpriseActionsPermissionsAllowedActionsConfigArgs']] = None,
+ enabled_organizations: Optional[pulumi.Input[str]] = None,
+ enabled_organizations_config: Optional[pulumi.Input['EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs']] = None,
+ enterprise_id: Optional[pulumi.Input[str]] = None):
+ """
+ Input properties used for looking up and filtering EnterpriseActionsPermissions resources.
+ :param pulumi.Input[str] allowed_actions: The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ :param pulumi.Input['EnterpriseActionsPermissionsAllowedActionsConfigArgs'] allowed_actions_config: Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ :param pulumi.Input[str] enabled_organizations: The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ :param pulumi.Input['EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs'] enabled_organizations_config: Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ :param pulumi.Input[str] enterprise_id: The ID of the enterprise.
+ """
+ if allowed_actions is not None:
+ pulumi.set(__self__, "allowed_actions", allowed_actions)
+ if allowed_actions_config is not None:
+ pulumi.set(__self__, "allowed_actions_config", allowed_actions_config)
+ if enabled_organizations is not None:
+ pulumi.set(__self__, "enabled_organizations", enabled_organizations)
+ if enabled_organizations_config is not None:
+ pulumi.set(__self__, "enabled_organizations_config", enabled_organizations_config)
+ if enterprise_id is not None:
+ pulumi.set(__self__, "enterprise_id", enterprise_id)
+
+ @property
+ @pulumi.getter(name="allowedActions")
+ def allowed_actions(self) -> Optional[pulumi.Input[str]]:
+ """
+ The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ """
+ return pulumi.get(self, "allowed_actions")
+
+ @allowed_actions.setter
+ def allowed_actions(self, value: Optional[pulumi.Input[str]]):
+ pulumi.set(self, "allowed_actions", value)
+
+ @property
+ @pulumi.getter(name="allowedActionsConfig")
+ def allowed_actions_config(self) -> Optional[pulumi.Input['EnterpriseActionsPermissionsAllowedActionsConfigArgs']]:
+ """
+ Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ """
+ return pulumi.get(self, "allowed_actions_config")
+
+ @allowed_actions_config.setter
+ def allowed_actions_config(self, value: Optional[pulumi.Input['EnterpriseActionsPermissionsAllowedActionsConfigArgs']]):
+ pulumi.set(self, "allowed_actions_config", value)
+
+ @property
+ @pulumi.getter(name="enabledOrganizations")
+ def enabled_organizations(self) -> Optional[pulumi.Input[str]]:
+ """
+ The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ """
+ return pulumi.get(self, "enabled_organizations")
+
+ @enabled_organizations.setter
+ def enabled_organizations(self, value: Optional[pulumi.Input[str]]):
+ pulumi.set(self, "enabled_organizations", value)
+
+ @property
+ @pulumi.getter(name="enabledOrganizationsConfig")
+ def enabled_organizations_config(self) -> Optional[pulumi.Input['EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs']]:
+ """
+ Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ """
+ return pulumi.get(self, "enabled_organizations_config")
+
+ @enabled_organizations_config.setter
+ def enabled_organizations_config(self, value: Optional[pulumi.Input['EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs']]):
+ pulumi.set(self, "enabled_organizations_config", value)
+
+ @property
+ @pulumi.getter(name="enterpriseId")
+ def enterprise_id(self) -> Optional[pulumi.Input[str]]:
+ """
+ The ID of the enterprise.
+ """
+ return pulumi.get(self, "enterprise_id")
+
+ @enterprise_id.setter
+ def enterprise_id(self, value: Optional[pulumi.Input[str]]):
+ pulumi.set(self, "enterprise_id", value)
+
+
+class EnterpriseActionsPermissions(pulumi.CustomResource):
+ @overload
+ def __init__(__self__,
+ resource_name: str,
+ opts: Optional[pulumi.ResourceOptions] = None,
+ allowed_actions: Optional[pulumi.Input[str]] = None,
+ allowed_actions_config: Optional[pulumi.Input[pulumi.InputType['EnterpriseActionsPermissionsAllowedActionsConfigArgs']]] = None,
+ enabled_organizations: Optional[pulumi.Input[str]] = None,
+ enabled_organizations_config: Optional[pulumi.Input[pulumi.InputType['EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs']]] = None,
+ enterprise_id: Optional[pulumi.Input[str]] = None,
+ __props__=None):
+ """
+ This resource allows you to create and manage GitHub Actions permissions within your GitHub enterprise.
+ You must have admin access to an enterprise to use this resource.
+
+ ## Example Usage
+
+ ```python
+ import pulumi
+ import pulumi_github as github
+
+ example_enterprise = github.get_enterprise(slug="my-enterprise")
+ example_org = github.get_organization(name="my-org")
+ test = github.EnterpriseActionsPermissions("test",
+ enterprise_id=example_enterprise.slug,
+ allowed_actions="selected",
+ enabled_organizations="selected",
+ allowed_actions_config=github.EnterpriseActionsPermissionsAllowedActionsConfigArgs(
+ github_owned_allowed=True,
+ patterns_alloweds=[
+ "actions/cache@*",
+ "actions/checkout@*",
+ ],
+ verified_allowed=True,
+ ),
+ enabled_organizations_config=github.EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs(
+ organization_ids=[example_org.id],
+ ))
+ ```
+
+ ## Import
+
+ This resource can be imported using the name of the GitHub enterprise:
+
+ ```sh
+ $ pulumi import github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions test github_enterprise_name
+ ```
+
+ :param str resource_name: The name of the resource.
+ :param pulumi.ResourceOptions opts: Options for the resource.
+ :param pulumi.Input[str] allowed_actions: The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ :param pulumi.Input[pulumi.InputType['EnterpriseActionsPermissionsAllowedActionsConfigArgs']] allowed_actions_config: Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ :param pulumi.Input[str] enabled_organizations: The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ :param pulumi.Input[pulumi.InputType['EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs']] enabled_organizations_config: Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ :param pulumi.Input[str] enterprise_id: The ID of the enterprise.
+ """
+ ...
+ @overload
+ def __init__(__self__,
+ resource_name: str,
+ args: EnterpriseActionsPermissionsArgs,
+ opts: Optional[pulumi.ResourceOptions] = None):
+ """
+ This resource allows you to create and manage GitHub Actions permissions within your GitHub enterprise.
+ You must have admin access to an enterprise to use this resource.
+
+ ## Example Usage
+
+ ```python
+ import pulumi
+ import pulumi_github as github
+
+ example_enterprise = github.get_enterprise(slug="my-enterprise")
+ example_org = github.get_organization(name="my-org")
+ test = github.EnterpriseActionsPermissions("test",
+ enterprise_id=example_enterprise.slug,
+ allowed_actions="selected",
+ enabled_organizations="selected",
+ allowed_actions_config=github.EnterpriseActionsPermissionsAllowedActionsConfigArgs(
+ github_owned_allowed=True,
+ patterns_alloweds=[
+ "actions/cache@*",
+ "actions/checkout@*",
+ ],
+ verified_allowed=True,
+ ),
+ enabled_organizations_config=github.EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs(
+ organization_ids=[example_org.id],
+ ))
+ ```
+
+ ## Import
+
+ This resource can be imported using the name of the GitHub enterprise:
+
+ ```sh
+ $ pulumi import github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions test github_enterprise_name
+ ```
+
+ :param str resource_name: The name of the resource.
+ :param EnterpriseActionsPermissionsArgs args: The arguments to use to populate this resource's properties.
+ :param pulumi.ResourceOptions opts: Options for the resource.
+ """
+ ...
+ def __init__(__self__, resource_name: str, *args, **kwargs):
+ resource_args, opts = _utilities.get_resource_args_opts(EnterpriseActionsPermissionsArgs, pulumi.ResourceOptions, *args, **kwargs)
+ if resource_args is not None:
+ __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+ else:
+ __self__._internal_init(resource_name, *args, **kwargs)
+
+ def _internal_init(__self__,
+ resource_name: str,
+ opts: Optional[pulumi.ResourceOptions] = None,
+ allowed_actions: Optional[pulumi.Input[str]] = None,
+ allowed_actions_config: Optional[pulumi.Input[pulumi.InputType['EnterpriseActionsPermissionsAllowedActionsConfigArgs']]] = None,
+ enabled_organizations: Optional[pulumi.Input[str]] = None,
+ enabled_organizations_config: Optional[pulumi.Input[pulumi.InputType['EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs']]] = None,
+ enterprise_id: Optional[pulumi.Input[str]] = None,
+ __props__=None):
+ opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+ if not isinstance(opts, pulumi.ResourceOptions):
+ raise TypeError('Expected resource options to be a ResourceOptions instance')
+ if opts.id is None:
+ if __props__ is not None:
+ raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+ __props__ = EnterpriseActionsPermissionsArgs.__new__(EnterpriseActionsPermissionsArgs)
+
+ __props__.__dict__["allowed_actions"] = allowed_actions
+ __props__.__dict__["allowed_actions_config"] = allowed_actions_config
+ if enabled_organizations is None and not opts.urn:
+ raise TypeError("Missing required property 'enabled_organizations'")
+ __props__.__dict__["enabled_organizations"] = enabled_organizations
+ __props__.__dict__["enabled_organizations_config"] = enabled_organizations_config
+ if enterprise_id is None and not opts.urn:
+ raise TypeError("Missing required property 'enterprise_id'")
+ __props__.__dict__["enterprise_id"] = enterprise_id
+ super(EnterpriseActionsPermissions, __self__).__init__(
+ 'github:index/enterpriseActionsPermissions:EnterpriseActionsPermissions',
+ resource_name,
+ __props__,
+ opts)
+
+ @staticmethod
+ def get(resource_name: str,
+ id: pulumi.Input[str],
+ opts: Optional[pulumi.ResourceOptions] = None,
+ allowed_actions: Optional[pulumi.Input[str]] = None,
+ allowed_actions_config: Optional[pulumi.Input[pulumi.InputType['EnterpriseActionsPermissionsAllowedActionsConfigArgs']]] = None,
+ enabled_organizations: Optional[pulumi.Input[str]] = None,
+ enabled_organizations_config: Optional[pulumi.Input[pulumi.InputType['EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs']]] = None,
+ enterprise_id: Optional[pulumi.Input[str]] = None) -> 'EnterpriseActionsPermissions':
+ """
+ Get an existing EnterpriseActionsPermissions resource's state with the given name, id, and optional extra
+ properties used to qualify the lookup.
+
+ :param str resource_name: The unique name of the resulting resource.
+ :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+ :param pulumi.ResourceOptions opts: Options for the resource.
+ :param pulumi.Input[str] allowed_actions: The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ :param pulumi.Input[pulumi.InputType['EnterpriseActionsPermissionsAllowedActionsConfigArgs']] allowed_actions_config: Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ :param pulumi.Input[str] enabled_organizations: The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ :param pulumi.Input[pulumi.InputType['EnterpriseActionsPermissionsEnabledOrganizationsConfigArgs']] enabled_organizations_config: Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ :param pulumi.Input[str] enterprise_id: The ID of the enterprise.
+ """
+ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+
+ __props__ = _EnterpriseActionsPermissionsState.__new__(_EnterpriseActionsPermissionsState)
+
+ __props__.__dict__["allowed_actions"] = allowed_actions
+ __props__.__dict__["allowed_actions_config"] = allowed_actions_config
+ __props__.__dict__["enabled_organizations"] = enabled_organizations
+ __props__.__dict__["enabled_organizations_config"] = enabled_organizations_config
+ __props__.__dict__["enterprise_id"] = enterprise_id
+ return EnterpriseActionsPermissions(resource_name, opts=opts, __props__=__props__)
+
+ @property
+ @pulumi.getter(name="allowedActions")
+ def allowed_actions(self) -> pulumi.Output[Optional[str]]:
+ """
+ The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
+ """
+ return pulumi.get(self, "allowed_actions")
+
+ @property
+ @pulumi.getter(name="allowedActionsConfig")
+ def allowed_actions_config(self) -> pulumi.Output[Optional['outputs.EnterpriseActionsPermissionsAllowedActionsConfig']]:
+ """
+ Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
+ """
+ return pulumi.get(self, "allowed_actions_config")
+
+ @property
+ @pulumi.getter(name="enabledOrganizations")
+ def enabled_organizations(self) -> pulumi.Output[str]:
+ """
+ The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`.
+ """
+ return pulumi.get(self, "enabled_organizations")
+
+ @property
+ @pulumi.getter(name="enabledOrganizationsConfig")
+ def enabled_organizations_config(self) -> pulumi.Output[Optional['outputs.EnterpriseActionsPermissionsEnabledOrganizationsConfig']]:
+ """
+ Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See Enabled Organizations Config below for details.
+ """
+ return pulumi.get(self, "enabled_organizations_config")
+
+ @property
+ @pulumi.getter(name="enterpriseId")
+ def enterprise_id(self) -> pulumi.Output[str]:
+ """
+ The ID of the enterprise.
+ """
+ return pulumi.get(self, "enterprise_id")
+
diff --git a/sdk/python/pulumi_github/outputs.py b/sdk/python/pulumi_github/outputs.py
index c97b298b..c5a0cac5 100644
--- a/sdk/python/pulumi_github/outputs.py
+++ b/sdk/python/pulumi_github/outputs.py
@@ -21,6 +21,8 @@
'BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowances',
'BranchProtectionV3RequiredStatusChecks',
'BranchProtectionV3Restrictions',
+ 'EnterpriseActionsPermissionsAllowedActionsConfig',
+ 'EnterpriseActionsPermissionsEnabledOrganizationsConfig',
'IssueLabelsLabel',
'OrganizationRulesetBypassActor',
'OrganizationRulesetConditions',
@@ -789,6 +791,104 @@ def users(self) -> Optional[Sequence[str]]:
return pulumi.get(self, "users")
+@pulumi.output_type
+class EnterpriseActionsPermissionsAllowedActionsConfig(dict):
+ @staticmethod
+ def __key_warning(key: str):
+ suggest = None
+ if key == "githubOwnedAllowed":
+ suggest = "github_owned_allowed"
+ elif key == "patternsAlloweds":
+ suggest = "patterns_alloweds"
+ elif key == "verifiedAllowed":
+ suggest = "verified_allowed"
+
+ if suggest:
+ pulumi.log.warn(f"Key '{key}' not found in EnterpriseActionsPermissionsAllowedActionsConfig. Access the value via the '{suggest}' property getter instead.")
+
+ def __getitem__(self, key: str) -> Any:
+ EnterpriseActionsPermissionsAllowedActionsConfig.__key_warning(key)
+ return super().__getitem__(key)
+
+ def get(self, key: str, default = None) -> Any:
+ EnterpriseActionsPermissionsAllowedActionsConfig.__key_warning(key)
+ return super().get(key, default)
+
+ def __init__(__self__, *,
+ github_owned_allowed: bool,
+ patterns_alloweds: Optional[Sequence[str]] = None,
+ verified_allowed: Optional[bool] = None):
+ """
+ :param bool github_owned_allowed: Whether GitHub-owned actions are allowed in the organization.
+ :param Sequence[str] patterns_alloweds: Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ :param bool verified_allowed: Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ """
+ pulumi.set(__self__, "github_owned_allowed", github_owned_allowed)
+ if patterns_alloweds is not None:
+ pulumi.set(__self__, "patterns_alloweds", patterns_alloweds)
+ if verified_allowed is not None:
+ pulumi.set(__self__, "verified_allowed", verified_allowed)
+
+ @property
+ @pulumi.getter(name="githubOwnedAllowed")
+ def github_owned_allowed(self) -> bool:
+ """
+ Whether GitHub-owned actions are allowed in the organization.
+ """
+ return pulumi.get(self, "github_owned_allowed")
+
+ @property
+ @pulumi.getter(name="patternsAlloweds")
+ def patterns_alloweds(self) -> Optional[Sequence[str]]:
+ """
+ Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*."
+ """
+ return pulumi.get(self, "patterns_alloweds")
+
+ @property
+ @pulumi.getter(name="verifiedAllowed")
+ def verified_allowed(self) -> Optional[bool]:
+ """
+ Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators.
+ """
+ return pulumi.get(self, "verified_allowed")
+
+
+@pulumi.output_type
+class EnterpriseActionsPermissionsEnabledOrganizationsConfig(dict):
+ @staticmethod
+ def __key_warning(key: str):
+ suggest = None
+ if key == "organizationIds":
+ suggest = "organization_ids"
+
+ if suggest:
+ pulumi.log.warn(f"Key '{key}' not found in EnterpriseActionsPermissionsEnabledOrganizationsConfig. Access the value via the '{suggest}' property getter instead.")
+
+ def __getitem__(self, key: str) -> Any:
+ EnterpriseActionsPermissionsEnabledOrganizationsConfig.__key_warning(key)
+ return super().__getitem__(key)
+
+ def get(self, key: str, default = None) -> Any:
+ EnterpriseActionsPermissionsEnabledOrganizationsConfig.__key_warning(key)
+ return super().get(key, default)
+
+ def __init__(__self__, *,
+ organization_ids: Sequence[int]):
+ """
+ :param Sequence[int] organization_ids: List of organization IDs to enable for GitHub Actions.
+ """
+ pulumi.set(__self__, "organization_ids", organization_ids)
+
+ @property
+ @pulumi.getter(name="organizationIds")
+ def organization_ids(self) -> Sequence[int]:
+ """
+ List of organization IDs to enable for GitHub Actions.
+ """
+ return pulumi.get(self, "organization_ids")
+
+
@pulumi.output_type
class IssueLabelsLabel(dict):
def __init__(__self__, *,
diff --git a/upstream b/upstream
index b9af9f3b..dd57a50f 160000
--- a/upstream
+++ b/upstream
@@ -1 +1 @@
-Subproject commit b9af9f3b0c8fe2c7d3c7a0874426ad10ecf5e14a
+Subproject commit dd57a50fc5136dc20ce4f4fb22126bfceedf5ab2