Im trying to write up a quick POC for a github workflow for a node modules project that would bump versions and push to our Artifactory cloud repo.
We have jfrog maintain a whitelist of the ips able to hit our repos. In the past, we have always consulted https://api.github.com/meta for the github IPs to whitelist. JFrog has added these IPs to their whitelist yet the connection from the github workflow pushing to Artifactory cloud recieves a forbidden HTTP status.
My question is, what is the appropriate list of IPs to whitelist to allow agents of github actions to hit our Artifactory cloud repo?
Hi @delvison, I work on the Actions product and unfortunately we don’t support stable IP addresses for Actions today (so there isn’t a set of addresses I can give you to allow). I’ve noted your feedback and we’ll incorporate it into our future plans for Actions.
First off all, I wanted to say the Github Actions are a good addition to the Github environment. I’m really appreciating the simple setup which is required to create images specifically.
I do have a question if stable IP’s are going to be added anywhere in the near future. Ideally i would also deploy the images to an environment but that’s currently not possible because we can’t allow the whole web to have access to our cluster.
Any ideas how to tackle this / and will this be included in future versions?
Since this is a dated link, I suspect there is a better way to get the “latest” list of CIDRs, but this at least works better for scripting than the .aspx the previous responder provided.
Is there plans to narrow the range of available IPs to just a subset of “all of azure in these 5 regions” ? This would help reduce security risks for those attempting to whitelist github hosted actions runners.
We can only agree with what has been said. We want to use GitHub Actions as a standalone CI/CD tool to deploy websites. However, many hosts restrict access to their servers via an IP allow list and refuse to allow all IP ranges from Azure due to (legitimate) security concerns.
It would be really great if GitHub Actions were limited to a manageable number of static IP addresses.