GitHub has introduced an enhancement to the self-hosted runners experience in GitHub Actions, aimed at bolstering the security and consistency of CI/CD workflows for large organizations. This new feature allows administrators to designate specific workflows that can access particular runner groups, which contain sensitive secrets necessary for production deployments, thereby preventing unauthorized workflows from accessing these runners. This measure enhances security for organizations not yet using OpenID Connect and supports the enforcement of consistent workflow practices across enterprises by integrating with reusable workflows. Admins can standardize deployment workflows by creating reusable workflows that describe the necessary deployment steps, setting repository access to all repositories, and restricting workflow access to selected workflows. This ensures that only workflows following the specified reusable deployment workflow can access the production runner group, thereby increasing security and consistency in deployment practices.