github
Actions: New org level CI/CD admin role to enable management of Actions settings
Summary
Previously, the ability to manage CI/CD and package management was limited to organization administrators which resulted in a high burden on these individuals or teams. Organization administrators can now delegate CI/CD and package management-related controls to other users and teams.
Intended Outcome
Today, many customers are overburdening their Git admins by also making them into CI/CD admins, due to their only being one permission. Others are having to take their CI/CD admins and make them 'global GitHub Admins' which, given the ever-growing functionality, in GitHub is a significant scope for their role. Each org admin account has a large blast radius if compromised, so reducing the number of Org admins and having the right Role Based Access Controls (RBAC) in place is top of mind for a lot of customers.
This feature will introduce a CI/CD admin role with a set of rights to manage only the CI/CD (Actions) components of the GitHub platform, including runners, cache, secrets, variables, policy like required workflows, and more.
How will it work?
You will see a new predefined organization-level role called "CI/CD admin". Org admins can now assign users/teams to this new role. This empowers them to support and scale their CI/CD process by managing Actions settings, runners, runner groups, cache, secrets & variables and packages. The new CI/CD admin role will inherit a base role for rest of the permissions in GitHub but will have manage permissions for Actions and packages-specific controls at org level.
