How to setup cloudflare to allow github actions to complete

Question

I was using github actions fine for ftp purposes in updating my server it worked fine untill when i integrated cloudflare and for security reasons decided to block all traffic except that from my country. Since then github action to deploy on server does not work.

Tried researching on internet and so that my setup of cloudflare is what is causing the issue, but i do not know how to whitelist the ip addresses from github so that the actions can work fine.

The specific github action is https://github.com/SamKirkland/FTP-Deploy-Action

This is what i get from on my failure of github action

Run SamKirkland/[email protected]
----------------------------------------------------------------
 Thanks for using ftp-deploy. Let's deploy some stuff!   
----------------------------------------------------------------
If you found this project helpful, please support it
by giving it a ⭐ on Github --> https://github.com/SamKirkland/FTP-Deploy-Action
or add a badge ️ to your projects readme --> https://github.com/SamKirkland/FTP-Deploy-Action#badge
Failed to connect, are you sure your server works via FTP or FTPS? Users sometimes get this error when the server only supports SFTP.

----------------------------------------------------------------
--------------   an error occurred    --------------
----------------------------------------------------------------

----------------------------------------------------------------
----------------------  full error below  ----------------------
----------------------------------------------------------------

Error: Timeout (control socket)
    at Socket.<anonymous> (/home/runner/work/_actions/SamKirkland/FTP-Deploy-Action/v4.3.4/dist/index.js:5288:33)
    at Object.onceWrapper (node:events:627:28)
    at Socket.emit (node:events:513:28)
    at Socket._onTimeout (node:net:550:8)
    at listOnTimeout (node:internal/timers:559:17)
    at processTimers (node:internal/timers:502:7)
Error: Error: Timeout (control socket)

Answer 1

You can read how to retrieve IP addresses of GitHub in that page: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses

The simplest way for getting all GitHub IP addresses:

curl -L -H "Accept: application/vnd.github+json" https://api.github.com/meta

For allowing access in Cloudflare, you need to create WAF custom rule as shown here: https://developers.cloudflare.com/waf/custom-rules/create-dashboard/

But from security perspective you need to consider a solution with self-hosted runner, this will be much much safer: https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners