Using GitHub Actions with an IP allow list #27106
-
We’ve recently migrated to Github Enterprise Cloud so that we can begin to leverage the IP allowlist. It says in the documentation that we must use self-hosted runners now. I’ve set up a test org that enforces an IP allowlist and have been able to successfully run a workflow using Github-hosted runners. Is the above documentation still up-to-date? If it is true, could anoyone further elaborate on which features of actions won’t be available once we enforce an IP allowlist on our primary organization? |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments
-
I was able to confirm that the IP allowlist does in fact disallow Github-hosted runners from executing properly. When attempting to run the checkout action, my workflow failed with a 403. |
Beta Was this translation helpful? Give feedback.
-
You might be able to add the IP range for the hosted runners and it might work, but the problem is that IP range could change constantly. |
Beta Was this translation helpful? Give feedback.
-
Yeah, that’s my current plan. |
Beta Was this translation helpful? Give feedback.
-
@braedongough, It looks a pretty ugly and vast range of possible GitHub IP addresses related to GitHub hosted runners and all IP address ranges are subject to change. |
Beta Was this translation helpful? Give feedback.
-
@braedongough, you can leverage Have your self-hosted runners upload your code base, then use the GitHub hosted runners to do the build. We've wrapped checkout and upload in an action for convenience: https://github.com/reecetech/transfer-action/ |
Beta Was this translation helpful? Give feedback.
I was able to confirm that the IP allowlist does in fact disallow Github-hosted runners from executing properly.
When attempting to run the checkout action, my workflow failed with a 403.