Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates to the network allow list for self-hosted runners #4417

Open
tetienne opened this issue Feb 11, 2025 · 0 comments
Open

Updates to the network allow list for self-hosted runners #4417

tetienne opened this issue Feb 11, 2025 · 0 comments

Comments

@tetienne
Copy link

Hello,

I’ve just received this email from Github:


With the upcoming GA of Immutable Actions, Actions will now be stored as packages in the GitHub Container Registry. We are reaching out because your runners currently cannot access one or both of the required domains.

Please ensure that your self-hosted runner allow lists are updated to accommodate the network traffic. Specifically, you should allow traffic to pkg.actions.githubusercontent .com to ensure Immutable Actions can be downloaded successfully and jobs don’t fail during setup. If you already allow *.actions.githubusercontent .com which is listed as a required domain then no action is necessary. Traffic will also be required to ghcr .io for publishing new versions of an Immutable Action in the future, which will be available with the GA release.

This update also affects runners in all versions of GitHub Enterprise Server that use the GitHub Connect feature to download actions directly from github.com. Customers are advised to update their self-hosted runner network allow lists accordingly. For further guidance on communication between self-hosted runners and GitHub, please refer to our documentation.


I’m surprised to read this, as the runners defined here have egress allowing all traffics.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant