Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 2
Message 1 of 8

Whitelist Github Workflow

Solved! Go to Solution.

Hey,

Im trying to write up a quick POC for a github workflow for a node modules project that would bump versions and push to our Artifactory cloud repo.

We have jfrog maintain a whitelist of the ips able to hit our repos. In the past, we have always consulted https://api.github.com/meta for the github IPs to whitelist. JFrog has added these IPs to their whitelist yet the connection from the github workflow pushing to Artifactory cloud recieves a forbidden HTTP status.

My question is, what is the appropriate list of IPs to whitelist to allow agents of github actions to hit our Artifactory cloud repo?

 

Thanks in advance!

7 Replies
Copilot Lvl 2
Message 2 of 8

Re: Whitelist Github Workflow

I ran this in my github actions container

wget -qO- https://ipecho.net/plain ; echo

It returned 35.233.207.129.

 

This IP isnt in https://api.github.com/meta

$ curl https://api.github.com/meta                  {
  "verifiable_password_authentication": true,
  "github_services_sha": "2f2313161ed4f940a57ae3f0936eb8e9695bb8a8",
  "hooks": [
    "192.30.252.0/22",
    "185.199.108.0/22",
    "140.82.112.0/20"
  ],
  "git": [
    "192.30.252.0/22",
    "185.199.108.0/22",
    "140.82.112.0/20",
    "13.229.188.59/32",
    "13.250.177.223/32",
    "18.194.104.89/32",
    "18.195.85.27/32",
    "35.159.8.160/32",
    "52.74.223.119/32"
  ],
  "pages": [
    "192.30.252.153/32",
    "192.30.252.154/32",
    "185.199.108.153/32",
    "185.199.109.153/32",
    "185.199.110.153/32",
    "185.199.111.153/32"
  ],
  "importer": [
    "54.87.5.173",
    "54.166.52.62",
    "23.20.92.3"
  ]
}

 

Solution
GitHub Staff
Message 3 of 8

Re: Whitelist Github Workflow

Hi @Delvison, I work on the Actions product and unfortunately we don't support stable IP addresses for Actions today (so there isn't a set of addresses I can give you to allow). I've noted your feedback and we'll incorporate it into our future plans for Actions.

 

Ground Controller Lvl 1
Message 4 of 8

Re: Whitelist Github Workflow

Hi there @mcolyer ,

First off all, I wanted to say the Github Actions are a good addition to the Github environment. I'm really appreciating the simple setup which is required to create images specifically.

 

I do have a question if stable IP's are going to be added anywhere in the near future. Ideally i would also deploy the images to an environment but that's currently not possible because we can't allow the whole web to have access to our cluster.

 

Any ideas how to tackle this / and will this be included in future versions?

Ground Controller Lvl 1
Message 5 of 8

Re: Whitelist Github Workflow

Hi @mcolyer,

 

Actions are great, but for an internal repo I would need this as well. I am wondering if any progress was made / is it on the roadmap?

Thanks!

Ground Controller Lvl 1
Message 6 of 8

Re: Whitelist Github Workflow

It's kind of important if using Actions to perform privileged operations against external systems e.g. provisioning infra to AWS with Terraform

Currently we have to whitelist all Azure Public Cloud IPs ....

Ground Controller Lvl 2
Message 7 of 8

Re: Whitelist Github Workflow

Yes, are there any updates about this yet?

Copilot Lvl 2
Message 8 of 8

Re: Whitelist Github Workflow

I know this thread is old. But for anybody coming from Google, here's the documentation on this. https://help.github.com/en/github/automating-your-workflow-with-github-actions/virtual-environments-...