Hello, I need to know subnets of github actions, because my staging server blocks access by default and need to whitelist specific IP/Subnet, it’s necessary to run e2e tests in Github Actions against my staging server. Please help.
GitHub Hosted Windows or Ububtu runner use the same IP address arranges as Azure Data Center. You can following our documentation here to get the IP address: IP addresses of GitHub-hosted runners.
By the way, Self-hosted runners is now in beta, you can also try with it if you want to control the runner by yourself and whitelist the runners more eaisly.
I’m discovering GitHub Action. It seems to be great. but…
are we sure the ip ranges provided by Microsoft is always up to date ?
- I’ve just downloaded from MS the current official file named ServiceTags_Public_20200112.json
- I have trigged, with a GitHub-hosted runner, a GitHub Action to build my project and deploy to my Debian server (with strict firewall rules). It’s a simple rsync command
- It failed (connection timeout)
- in /var/log/messages I see that an ip (ex: 220.127.116.11 but it is variable) has tried to access my server (at the very same time of the action so it is an ip from GitHub Action). But this ip does not belong to the json file !
- When I disable my firewall, the connection is done (I have others problems but it’s another story
Thx for your help
I just checked the latest IP ranges, same filename as yours. The IP is there, as it belongs to subnet 18.104.22.168/18.
Thanks for taking the time about my issue.
I had done a mistake in my iptables rules where the order of the lines is important.
I was logging all rejected packets in the end of my main firewall script, and added allow rules for the azure ip only after. So theses azure rules were never reached.
Just an iptables noobs problem
This thread is a duplicate.
The current thread is https://github.community/t5/GitHub-Actions/Whitelist-Github-Workflow/td-p/15916