Skip to content

kty1965/add-github-meta-ips-to-allowlist

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
2 Branches46 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

kty1965kty1965
Merge pull request #4 from kty1965/fix/add-ownerId-to-delete-op
Feb 29, 2024
8d490fe · Feb 29, 2024

History

59 Commits
.husky
.husky
Feb 14, 2024
dist
dist
Feb 29, 2024
src
src
Feb 29, 2024
.editorconfig
.editorconfig
Feb 14, 2024
.gitignore
.gitignore
Feb 14, 2024
.lintstagedrc
.lintstagedrc
Feb 14, 2024
.nvmrc
.nvmrc
Feb 14, 2024
.prettierignore
.prettierignore
Feb 14, 2024
.prettierrc
.prettierrc
Feb 14, 2024
LICENSE
LICENSE
Feb 14, 2024
README.md
README.md
Feb 16, 2024
action.yaml
action.yaml
Feb 15, 2024
commitlint.config.js
commitlint.config.js
Feb 14, 2024
index.js
index.js
Feb 16, 2024
package-lock.json
package-lock.json
Feb 16, 2024
package.json
package.json
Feb 16, 2024

Repository files navigation

add-github-meta-ips-to-allowlist

A GitHub Action that will load Enterprise IP Allow List Entries from the GitHub meta API.

Prerequisite

  • Make Github PAT(classic) which has admin:enterprise permission

  • In first, process this workflow need to disable ip allowlist in Enterprise setting

Inputs

name required description
github_token true A GitHub Access Token that has the admin:enterprise permission. Required
enterprise_slug true The slug for the enterprise account to be modified. Required
metadata_key false Check the meta API, dependabot, actions, importer, pages, packages, github_enterprise_importer, git, api, web, hooks
additional_cidr_entries false additional cidr entries with yaml string names
scope false default: @scope, select prefix of name
mode false default: sync, mode sync, delete available

Environments

name description
API_CONCURRENCY using request to github graphql concurrency

Examples

if you change input scope already created allowlist does not changed. The scope groups only the allowList that we want to manage.

  • only metadata actions

    - name: Add Actions to IP Allow List
  uses: kty1965/[email protected]
  with:
    github_token: ${{ secrets.ENTERPRISE_ACCESS_PAT }}
    enterprise_slug: ENTERPRISE_NAME
    metadata_key: actions

  • only additional_cidr_entries

    - name: Add additional cidr entries to IP Allow List
  uses: kty1965/[email protected]
  with:
    github_token: ${{ secrets.ENTERPRISE_ACCESS_PAT }}
    enterprise_slug: ENTERPRISE_NAME
    additional_cidr_entries: |
      - name: internal-vpc-a
        cidr: 10.0.0.0/16
        isActive: true
      - name: internal-vpc-b
        cidr: 10.1.0.0/16
        isActive: false

  • everyday sync & trigger on github web

    on:
  push:
    branches:
      - main
  # https://api.github.com/meta ip cidrs can change, so every day sync
  schedule:
    - cron: '0 20 * * *'
  # workflow can trigger on github web
  workflow_call:

concurrency:
  group: ${{ github.workflow }}
  cancel-in-progress: false

jobs:
  github-ip-allow-list-sync:
    runs-on: ubuntu-22.04
    steps:
      - name: Add Custom CIDRs to IP Allow List
        env:
          UV_THREADPOOL_SIZE: 32
        uses: kty1965/[email protected]
        with:
          github_token: ${{ secrets.ENTERPRISE_ACCESS_PAT }}
          enterprise_slug: modusign
          metadata_key: actions
          scope: '@scope'
          mode: 'sync'
          additional_cidr_entries: |
            - name: internal-vpc-a
              cidr: 10.0.0.0/16
              isActive: true
            - name: internal-vpc-b
              cidr: 10.1.0.0/16
              isActive: false

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 46

Release v0.2.1 Latest
Feb 29, 2024
+ 45 releases

Packages

No packages published

Languages