Allow GH Actions to access a site via Access policies?

cloudflare / pages-action

MIT License

468 stars 95 forks source link

Allow GH Actions to access a site via Access policies? #77

Closed mattkoch-bb closed 1 year ago

mattkoch-bb commented 1 year ago

We have a job that deploys to CloudFlare via direct upload, and we're looking to have it also run some end to end tests using the deployed URL after that's finished. We don't want these URLs universally open to the world as they are production like environments that we want to limit access to. Can we set up an Access Policy in Cloudflare that would allow GitHub Actions to access URLs?

https://developers.cloudflare.com/cloudflare-one/policies/access/

WalshyDev commented 1 year ago

Service tokens: https://developers.cloudflare.com/cloudflare-one/identity/service-tokens/

mattkoch-bb commented 1 year ago

Thank you - @WalshyDev How do I configure the action to send the appropriate headers as indicated in the https://developers.cloudflare.com/cloudflare-one/identity/service-tokens/#connect-your-service-to-access section?

WalshyDev commented 1 year ago

That's a question for whatever you're using for your end to end tests.

They're just HTTP headers, so however you add them into whatever tool.

With curl it's just:

curl -H 'CF-Access-Client-Id: <Client ID>' -H 'CF-Access-Client-Secret: <Client Secret>' https://example.pages.dev/

mattkoch-bb commented 1 year ago

Oh right, my mistake. Long day :)