Skip to content
Sync Cloudflare network ranges

Sync Cloudflare network ranges #24374

Sign in to view logs

Sync Cloudflare network ranges

Sync Cloudflare network ranges #24374

Workflow file for this run

.github/workflows/sync-cloudflare-nets.yaml at 55d525e
---
name: Sync Cloudflare network ranges
on: # yamllint disable-line rule:truthy
workflow_dispatch:
schedule:
- cron: "0 * * * *"
jobs:
sync:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Process YAML
run: |
# renovate depName=mikefarah/yq
wget -O /tmp/yq https://github.com/mikefarah/yq/releases/download/v4.44.2/yq_linux_amd64
chmod +x /tmp/yq
readarray -d '' nets < <(curl -sS https://www.cloudflare.com/ips-v4/ | sort) || (echo "Error reading and processing data returned by curl" && exit 1)
# check if nets is not empty
if [ -z "${nets[@]}" ]; then
echo "ERROR: No data returned by curl"
exit 1
fi
# cilium network policy
cilium_nets=$(printf '"%s", ' ${nets[@]}) # add quotes and commas for yq
/tmp/yq eval --inplace ".spec.ingress[0].fromCIDR = [ ${cilium_nets%,*} ]" infra/ingress-nginx/networkpolicies/ingress-nginx-controller.yaml
# proxy-real-ip-cidr:
ingress_nets=$(printf '%s,' ${nets[@]})
/tmp/yq eval --inplace ".spec.values.controller.config.proxy-real-ip-cidr = \"${ingress_nets%,*}\"" infra/ingress-nginx/helmrelease.yaml
- name: Create pull request for cloudflare network range update
uses: peter-evans/create-pull-request@v6
with:
token: ${{ secrets.GITHUB_TOKEN }}
branch: "cf/update-nets"
delete-branch: true
title: "update cloudflare network ranges"
signoff: true
committer: "${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>"
author: "${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>"
assignees: "gi8lino"
commit-message: "update cloudflare network ranges"
body: |
Cloudflare IP ranges: https://www.cloudflare.com/ips/
labels: cf/ip-ranges