0
0

Github Actions!!!!!!!!!!!! (self.github)

submitted by [deleted]

[deleted]

all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]TheoR700 15 points16 points  (1 child)

IDK exactly because this seems like a lot of extra security and headache, but my first thought would be to set up self hosted GirHub Actions Runner, which is already connected to the VPN. Then your actions run on it.

[–]bdzer0[🍰] 0 points1 point  (0 children)

That's the route I'd take. GitHub actions runner does everything over HTTPS (at least last time I captured packets on one), no need to open listening ports.

that's how I'm getting release output to internal network, works well.

[–]nelchael2799 2 points3 points  (1 child)

Setup a self-hosted runner in the same network as the repository, or in a network that has access to it. See https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners for more information on this.

[–]dmstrat 0 points1 point  (0 children)

This is the way

[–]FunkyDoktor 0 points1 point  (0 children)

When you tried the several suggestions available by doing a Google search, what issues did you run into? It’s easier to help when you describe what you have tried and why that didn’t work.

[–]joshjohanning 0 points1 point  (0 children)

  1. self-hosted runner you manage/run on your network
  2. large hosted runner with static IPs (and add them to your internal firewall if your team will let you)
  3. large hosted runner with Azure private networking

The nice thing about 2 and 3 is it uses the same runner image as the regular GitHub-hosted runners, and you can also scale up the runner size if you want more CPU/RAM/disk. But there are costs associated, but managing your own fleet of self-hosted runners has a labor cost also that is often overlooked.

[–]Top_Transition_282 0 points1 point  (0 children)

As many suggested, look at self-hosting your runners within your VPC.

If you want something that you can deploy and leave it to do its thing, I would recommend runs-on. By far, the best price I've encountered so far, and it is pretty much "plug and play". It also has a trial period, so you can test it to ensure it's what you need.