1

The way Github Actions work is that they spin up a VM for every workflow run. Therefore, every run takes place on a different VM. Virtual Machines generally get a different IP whenever they are spun up. I can however find no official documentation which clarifies if this is the case with Github Actions runner VMs.

Upamanyu Das
  • 162
  • 1
  • 8
  • I don't think that I understand what you're really asking here. Since there's a finite number of IPv4 addresses, there must be _some_ reuse. But whether a particular VM re-uses its IPs or not would be immaterial to end-users since you have no control over which virtual machine(s) get your workflow to execute. I'm not sure what you're _really_ asking, but if it is: can you rely on multiple workflow executions, or even jobs within the same workflow execution to use the same IP addresses? The answer is a definitive no. – Edward Thomson Jan 13 '21 at 10:17
  • Hi, I wanted to run a scraper like function as a github action and wanted to know if the use of proxies would be required but if the VM gets assigned a random IP as is mentioned in the docs and @VonC's answer then the use of proxies would be redundant. – Upamanyu Das Jan 13 '21 at 12:58

2 Answers2

1

Update 2022:

As noted in Krzysztof Madej's answer, GitHub now (Sept. 2022) proposes:

GitHub Actions Larger runners – Are now in public beta

That includes (for Team and Enterprise GitHub Action users only):

Fixed IP ranges to provide access to runners via allow list services.

So that would not apply for github.com runners.

2021:
This thread mentions (in 2019, so that might have changed since then):

Windows and Ubuntu hosted runners are hosted in Azure and have the same IP address ranges as Azure Data centers.
Currently, all hosted runners are in the East US 2 Azure region, but more regions may added over time.

Microsoft updates the Azure IP address ranges weekly in a JSON file that you can download from the Azure IP Ranges and Service Tags - Public Cloud 153 website. You can use this range of IP addresses if you require an allow-list to prevent unauthorized access to your internal resources.

So there should be a new address within a range of IPs.

It references: "Specifications for GitHub-hosted runners", which mentions:

Note: If you use an IP address allow list for your GitHub organization or enterprise account, you cannot use GitHub-hosted runners and must instead use self-hosted runners.
For more information, see "About self-hosted runners."

(Specifically, the IP address section)

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • I looked around some more and found a link to the issue in the official docs. [Link](https://docs.github.com/en/free-pro-team@latest/actions/reference/specifications-for-github-hosted-runners#ip-addresses). – Upamanyu Das Jan 13 '21 at 12:52
  • @UpamanyuDas Great! Do you have the link? – VonC Jan 13 '21 at 12:52
  • 1
    @UpamanyuDas OK. I have edited the answer to reference directly that doc section. – VonC Jan 13 '21 at 12:57
0

You can assign fixed IP address for your runners:

Fixed IP ranges

Setup a fixed IP range for your machines by simply ticking a check box, this provides an IP range that can be allow listed in internal systems and in GitHub’s allow list to keep using Actions while making your GitHub environment more secure.

enter image description here

This in beta, but it helps to whitelist it on your firewall.

Krzysztof Madej
  • 32,704
  • 10
  • 78
  • 107