Actions: Outbound network control for GitHub-hosted runners #821
Labels
actions
Feature: GitHub Actions
beta
Feature phase: Beta
cloud
Available on Cloud
github enterprise
Product SKU: GitHub Enterprise
github team
Product SKU: GitHub Team
runners
C2C - Actions Compute
Comments
github-product-roadmap
added
actions
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Summary
Customers can now configure a list of IP address or domains that are allowed to be accessible by GitHub-hosted runners.
Intended Outcome
This feature allows platform administrators to control their Enterprise or org-owned GitHub-hosted runners to only access approved destinations while blocking access to everything else giving them control on the network security of their build machines. This also enables teams to run workflows on GitHub-hosted runners that require access to private resources (private artifact repository, on-prem test database, cloud-based storage etc.) as software is deployed.
How will it work?
Platform administrators can enter a range of allowed IPs or domains while configuring a runner group. All runners created as part of that runner group will inherit the outbound allow-list and will only be able to reach the approved destinations.
The text was updated successfully, but these errors were encountered: