I’m using Github Actions to automatically archive journey data from my car. For now I’m writing the data to a local sqlite database stored in a private Git repo, but I’d like to push it to a “remote” database so that the data is more easily accessible. The plan is to use Github Actions to run a script to write the data to a Azure CosmosDB “Free Tier” instance.
I’ve configured the Cosmos firewall to only allow access from whitelisted IPs, so I will need to add all the Github Action IP ranges to this whitelist. These IPs can be found at api.github.com/meta, under “actions”. I’ll run the script locally this time, but if I need to automate this in an Action as well then I could use the Azure Login Action to authenticate before running the CLI in a workflow.
Here’s the script for fetching the list of CIDR ranges (taking only the valid IPv4 ranges, since it doesn’t look like IPv6 is supported yet) and then passing the list as a parameter to the “az cosmosdb update” command:
Once the az command is finished then you should see a long list of CIDR ranges under the firewall settings.
It’s a long list of ranges, but it’s better than exposing the database to the entire Internet.