How can I allow Google Cloud Build through GitHub Enterprise's IP allow list restriction?
I have already added all 80 IP ranges for the region of the Cloud Build I am using and that did not seem to work.
Asked
Active
Viewed 179 times
0
-
You can try to use a private pool, deny internet access from the private pool and perform a peering between the pool and your VPC. From there you should be able to create a Cloud Nat to have you OWN IP to allow to Github Enterprise. – guillaume blaquiere Oct 26 '22 at 14:46
-
In fact no. I tested and I can't achieve this pattern. Except with a proxy machine in your project (bad design). Maybe another member will have a better idea than mine. – guillaume blaquiere Oct 26 '22 at 15:14
1 Answers
0
In additional to adding the IP Addresses from the https://www.gstatic.com/ipranges/cloud.json for the regions that you cloud build/triggers located.
You will also need to add this list of ipv4 and ipv6 prefixes: https://www.gstatic.com/ipranges/goog.json
Not ideal to randomly add such huge list of IP ranges, but it is what it is.
Google Cloud Build's GitHub App is not as good as JIRA's GitHub App, which adds the static IPs automatically to the GitHub's IP Allow List when you "Enable IP allow list configuration for installed GitHub Apps" turned on.
Fan Chen
- 21
- 2