Sync Cloudflare network ranges #25204
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Sync Cloudflare network ranges | |
| on: # yamllint disable-line rule:truthy | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 * * * *" | |
| jobs: | |
| sync: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| - name: Process YAML | |
| run: | | |
| # renovate depName=mikefarah/yq | |
| wget -O /tmp/yq https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 | |
| chmod +x /tmp/yq | |
| readarray -d '' nets < <(curl -sS https://www.cloudflare.com/ips-v4/ | sort) || (echo "Error reading and processing data returned by curl" && exit 1) | |
| # check if nets is not empty | |
| if [ -z "${nets[@]}" ]; then | |
| echo "ERROR: No data returned by curl" | |
| exit 1 | |
| fi | |
| # cilium network policy | |
| cilium_nets=$(printf '"%s", ' ${nets[@]}) # add quotes and commas for yq | |
| /tmp/yq --inplace ".spec.ingress[0].fromCIDR = [ ${cilium_nets%,*} ]" cluster/apps/ingress-nginx/networkpolicies/ingress-nginx-controller.yaml | |
| # proxy-real-ip-cidr: | |
| ingress_nets=$(printf '%s,' ${nets[@]}) | |
| /tmp/yq --inplace ".spec.values.controller.config.proxy-real-ip-cidr = \"${ingress_nets%,*}\"" cluster/apps/ingress-nginx/helmrelease.yaml | |
| - name: Create pull request for cloudflare network range update | |
| uses: peter-evans/create-pull-request@v6 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| branch: "cf/update-nets" | |
| delete-branch: true | |
| title: "update cloudflare network ranges" | |
| signoff: true | |
| committer: "${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>" | |
| author: "${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>" | |
| assignees: "gi8lino" | |
| commit-message: "update cloudflare network ranges" | |
| body: | | |
| Cloudflare IP ranges: https://www.cloudflare.com/ips/ | |
| labels: cf/ip-ranges |