Actions: Outbound network control for GitHub-hosted runners #821
Labels
actions
Feature: GitHub Actions
cloud
Available on Cloud
Enterprise
Product SKU: GitHub Enterprise
github team
Product SKU: GitHub Team
preview
Feature phase: Preview
runners
C2C - Actions Compute
Comments
github-product-roadmap
added
actions
ankneis
moved this from Q4 2023 – Oct-Dec
to Q2 2024 – Apr-Jun
in GitHub Public Roadmap
|
Please continue to refer to our updated Public Roadmap for the latest ships, including updates on the continuation of these projects. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Summary
Customers can now configure a list of IP address or domains that are allowed to be accessible by GitHub-hosted runners.
Intended Outcome
This feature allows platform administrators to control their Enterprise or org-owned GitHub-hosted runners to only access approved destinations while blocking access to everything else giving them control on the network security of their build machines. This also enables teams to run workflows on GitHub-hosted runners that require access to private resources (private artifact repository, on-prem test database, cloud-based storage etc.) as software is deployed.
How will it work?
Platform administrators can enter a range of allowed IPs or domains while configuring a runner group. All runners created as part of that runner group will inherit the outbound allow-list and will only be able to reach the approved destinations.
The text was updated successfully, but these errors were encountered: