Import New GitHub Firewall Exceptions #129
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: 'Import New GitHub Firewall Exceptions' | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: '17 2 * * 0' | |
env: | |
ACTIONS_FIREWALL_FILE: github-actions-subnets.txt | |
HOOKS_FIREWALL_FILE: github-hooks-subnets.txt | |
ACTIONS_IPV4_FILE: github-actions-ipv4-only.txt | |
HOOKS_IPV4_FILE: github-hooks-ipv4-only.txt | |
jobs: | |
build_ip_list: | |
runs-on: ubuntu-latest | |
steps: | |
- name: 'Check out repository' | |
uses: actions/checkout@v2 | |
- name: 'Obtain actions meta info from API and update file' | |
run: 'curl --silent -H "Accept: application/vnd.github.v3+json" https://api.github.com/meta | jq -r ".actions[]" > $ACTIONS_FIREWALL_FILE' | |
shell: bash | |
- name: 'Obtain hooks meta info from API and update file' | |
run: 'curl --silent -H "Accept: application/vnd.github.v3+json" https://api.github.com/meta | jq -r ".hooks[]" > $HOOKS_FIREWALL_FILE' | |
shell: bash | |
- name: 'Create IPv4-only file for actions' | |
run: 'grep -v : "$ACTIONS_FIREWALL_FILE" > "$ACTIONS_IPV4_FILE"' | |
- name: 'Create IPv4-only file for hooks' | |
run: 'grep -v : "$HOOKS_FIREWALL_FILE" > "$HOOKS_IPV4_FILE"' | |
- name: 'Commit any files changed' | |
uses: stefanzweifel/git-auto-commit-action@v4 | |
with: | |
commit_message: 'Automated update' |