GitHub Actions immutable actions firewall allowlist pkg.actions.githubusercontent.com

Symptom

Action download fails behind the enterprise firewall while git checkout and API calls still work.

Why This Happens

Firewall and proxy rules are external to the repository; local action references do not reveal the platform's new artifact-distribution hostname.

Common Wrong Fixes

• Changing local code without checking the current external contract.
• Retrying the same install, build, or API call with no version/source change.
• Applying a broad unsafe bypass when a narrow compatibility fix is available.

Codex Search Keywords

These are the search terms observed in a neutral Codex validation run for this failure shape.

GitHub Actions immutable actions firewall allowlist pkg.actions.githubusercontent.com
site:docs.github.com actions firewall pkg.actions.githubusercontent.com immutable actions
"pkg.actions.githubusercontent.com" "GitHub Actions"
GitHub Actions Immutable Actions public preview firewall domain
"pkg.actions.githubusercontent.com"
"pkg.actions" GitHub
"pkg.actions.github.com"
"immutable actions" "package" "GitHub"
"immutable" "actions" "pkg.actions"
"Immutable GitHub Actions"
GitHub Docs communication requirements self-hosted runners actions domains actions.githubusercontent.com
https://docs.github.com/en/actions/reference/github-hosted-runners-reference

Source Trail

GitHub source file/reference:

• GitHub source file or repository reference: https://docs.github.com/en/actions/reference/github-hosted-runners-reference

• Immutable Actions network allow-list changes: https://github.blog/changelog/2025-02-12-notice-of-upcoming-deprecations-and-breaking-changes-for-github-actions/
• GitHub source file or repository reference: https://docs.github.com/en/actions/reference/github-hosted-runners-reference