英文:
How to whitelist GitHub Action IPs in windows server firewall
问题
我有Windows Server 2012。我已设置GitLab CI/CD以自动构建并上传构建到服务器。我使用appleboy/scp-action@master GitHub操作来复制文件。它有效!我使用用户名/密钥身份验证,并希望为SSH添加Windows防火墙规则。
是否可以创建防火墙入站规则,允许GitHub Actions的所有IP?如果我理解正确,它们都列在此处。
英文:
I have windows server 2012. I did setup gitlab CI/CD to automatically build and upload build to server. I do copy files with appleboy/scp-action@master GitHub Action. It works! I do have username/key authentication and would like to add windows firewall rules for ssh.
Is this possible to make firewall inbound rule for all IPs of GitHub Actions. If I understand correctly, they are all listed in here.
答案1
得分: 1
我不确定你是否真的需要这样做(对于https://api.github.com/meta列出的所有IP),但如果你需要的话,这将是一个PowerShell脚本(确保以管理员身份运行):
``` powershell
$ips = @()
$response = Invoke-RestMethod -Uri https://api.github.com/meta
$ips += $response.actions
Get-NetFirewallrule -DisplayName 'WEB-Inbound'|Set-NetFirewallRule -RemoteAddress $ips
在$ips中添加你从meta需要的JSON部分('web'、'packages'、'pages',...)
<details>
<summary>英文:</summary>
I do not know if you actually need to do that (for *all* IPs listed at https://api.github.com/meta), but if you do, that would be a powershell script (surely run as admin) with:
``` powershell
$ips = @()
$response = Invoke-RestMethod -Uri https://api.github.com/meta
$ips += $response.actions
Get-NetFirewallrule -DisplayName 'WEB-Inbound'|Set-NetFirewallRule -RemoteAddress $ips
Add in $ips the JSON section you need from meta ('web', 'packages', 'pages', ...)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论