Description
Hello,
I’ve just received this email from Github:
With the upcoming GA of Immutable Actions, Actions will now be stored as packages in the GitHub Container Registry. We are reaching out because your runners currently cannot access one or both of the required domains.
Please ensure that your self-hosted runner allow lists are updated to accommodate the network traffic. Specifically, you should allow traffic to pkg.actions.githubusercontent .com to ensure Immutable Actions can be downloaded successfully and jobs don’t fail during setup. If you already allow *.actions.githubusercontent .com which is listed as a required domain then no action is necessary. Traffic will also be required to ghcr .io for publishing new versions of an Immutable Action in the future, which will be available with the GA release.
This update also affects runners in all versions of GitHub Enterprise Server that use the GitHub Connect feature to download actions directly from github.com. Customers are advised to update their self-hosted runner network allow lists accordingly. For further guidance on communication between self-hosted runners and GitHub, please refer to our documentation.
I’m surprised to read this, as the runners defined here have egress allowing all traffics.