You can now restrict self-hosted runner groups to only be accessible from certain workflows.

In addition to restricting which repositories can access specific enterprise and organization runner groups, administrators can further control access by selecting specific workflow files and versions. Combining this feature with reusable workflow can help you create more secure standard workflows in your organization.

Workflow access dialog

Learn more about restricting access to self-hosted runners

For questions, visit the GitHub Actions community

To see what's next for Actions, visit our public roadmap