-
Notifications
You must be signed in to change notification settings - Fork 0
36 lines (31 loc) · 1.24 KB
/
build-firewall-lists.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
---
name: 'Import New GitHub Firewall Exceptions'
on:
workflow_dispatch:
schedule:
- cron: '17 2 * * 0'
env:
ACTIONS_FIREWALL_FILE: github-actions-subnets.txt
HOOKS_FIREWALL_FILE: github-hooks-subnets.txt
ACTIONS_IPV4_FILE: github-actions-ipv4-only.txt
HOOKS_IPV4_FILE: github-hooks-ipv4-only.txt
jobs:
build_ip_list:
runs-on: ubuntu-latest
steps:
- name: 'Check out repository'
uses: actions/checkout@v2
- name: 'Obtain actions meta info from API and update file'
run: 'curl --silent -H "Accept: application/vnd.github.v3+json" https://api.github.com/meta | jq -r ".actions[]" > $ACTIONS_FIREWALL_FILE'
shell: bash
- name: 'Obtain hooks meta info from API and update file'
run: 'curl --silent -H "Accept: application/vnd.github.v3+json" https://api.github.com/meta | jq -r ".hooks[]" > $HOOKS_FIREWALL_FILE'
shell: bash
- name: 'Create IPv4-only file for actions'
run: 'grep -v : "$ACTIONS_FIREWALL_FILE" > "$ACTIONS_IPV4_FILE"'
- name: 'Create IPv4-only file for hooks'
run: 'grep -v : "$HOOKS_FIREWALL_FILE" > "$HOOKS_IPV4_FILE"'
- name: 'Commit any files changed'
uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_message: 'Automated update'