Update Terraform to match new requirements for immutable actions #3
Description
The below email went out about immutable actions going GA. We need to update the Terraform for the new documented NSG rules and hostnames.
With the upcoming GA of Immutable Actions, Actions will now be stored as packages in the GitHub Container Registry. We are reaching out because your runners currently cannot access one or both of the required domains.
Please ensure that your self-hosted runner allow lists are updated to accommodate the network traffic. Specifically, you should allow traffic to pkg.actions.githubusercontent .com to ensure Immutable Actions can be downloaded successfully and jobs don’t fail during setup. If you already allow *.actions.githubusercontent .com which is listed as a required domain then no action is necessary. Traffic will also be required to ghcr .io for publishing new versions of an Immutable Action in the future, which will be available with the GA release.
This update also affects runners in all versions of GitHub Enterprise Server that use the GitHub Connect feature to download actions directly from github.com. Customers are advised to update their self-hosted runner network allow lists accordingly. For further guidance on communication between self-hosted runners and GitHub, please refer to our documentation.
Additionally, our guidance for configuring Azure private networking has been updated to account for the new domains. The following IP addresses have been added to the NSG template in our documentation.
140.82.121.33/32
140.82.121.34/32
140.82.113.33/32
140.82.113.34/32
140.82.112.33/32
140.82.112.34/32
140.82.114.33/32
140.82.114.34/32
192.30.255.164/31
4.237.22.32/32
20.217.135.1/32
4.225.11.196/32
20.26.156.211/32