Closed joao-paulo-parity closed 11 months ago
Since the API is only used from GitHub Action Runners, it would be a good idea to only handle requests coming from GitHub Action Runners' IPs. Doing this would help against DoS attacks since our API's address is public.
https://api.github.com/meta (https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses) lists IPs related to GitHub actions.
Since the API is only used from GitHub Action Runners, it would be a good idea to only handle requests coming from GitHub Action Runners' IPs. Doing this would help against DoS attacks since our API's address is public.
https://api.github.com/meta (https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses) lists IPs related to GitHub actions.