|
|
|
|
|
|
by kureikain
2234 days ago
|
|
|
For Jenkins, what I do is: 1. Configured webhook override in Jenkins. So Jenkins will register sth like https://ci-webhook.domain.com to github webhook. 2. This ci-webhook is a simple webapp that validate webhook and if it's valid(sign by correct key), write the payload to SQS queue 3. A small daemon, run on same Jenkins master, that pulls SQS queue, and replay it to local jenkins I used to rely on Github IP whitelist but one day i realized anyone can hit my Jenkins use Github. |
|
|
That's a really good point but I guess you are talking about Actions egress right? Webhook in theory have dedicated IP ranges [1] and I think they are not shared with Actions egress, although TBH I haven't tested it.
[1] https://api.github.com/meta