Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 3
Message 1 of 5

Github actions IP ranges?

Hello, I need to know subnets of github actions, because my staging server blocks access by default and need to whitelist specific IP/Subnet, it's necessary to run e2e tests in Github Actions against my staging server. Please help.

4 Replies
Highlighted
GitHub Partner
Message 2 of 5

Re: Github actions IP ranges?

GitHub Hosted Windows or Ububtu runner use the same IP address arranges as Azure Data Center. You can following our documentation here to get the IP address: IP addresses of GitHub-hosted runners.

 

By the way, Self-hosted runners is now in beta, you can also try with it if you want to control the runner by yourself and whitelist the runners more eaisly.

Highlighted
Copilot Lvl 2
Message 3 of 5

Re: Github actions IP ranges?

Hi,

 

I'm discovering GitHub Action. It seems to be great. but...

are we sure the ip ranges provided by Microsoft is always up to date ?

 

  • I've just downloaded from MS the current official file named ServiceTags_Public_20200112.json
  • I have trigged, with a GitHub-hosted runner, a GitHub Action to build my project and deploy to my Debian server (with strict firewall rules). It's a simple rsync command
  • It failed (connection timeout)
  • in /var/log/messages I see that an ip (ex: 40.70.58.112 but it is variable) has tried to access my server (at the very same time of the action so it is an ip from GitHub Action). But this ip does not belong to the json file !
  • When I disable my firewall, the connection is done (I have others problems but it's another story ;-)

 

Thx for your help

 

Highlighted
Ground Controller Lvl 1
Message 4 of 5

Re: Github actions IP ranges?

I just checked the latest IP ranges, same filename as yours. The IP is there, as it belongs to subnet 40.70.0.0/18.

Highlighted
Copilot Lvl 2
Message 5 of 5

Re: Github actions IP ranges?

Thanks for taking the time about my issue.

I had done a mistake in my iptables rules where the order of the lines is important.

I was logging all rejected packets in the end of my main firewall script, and added allow rules for the azure ip only after. So theses azure rules were never reached.

Just an iptables noobs problem :)