My Workflow
GitHub Actions runners are firewalled from the internet, so you can't test your web server outside of the runners. What if you need to test your web server on GitHub Actions interactively?
This GitHub Action installs the cloudflared
Cloudflare Tunnel client and allows you to tunnel connections so that you can now access your server inside the GitHub Actions runners to the internet.
This is an example workflow that tunnels the Python Simple HTTP server so that it is accessible over the internet.
name: Test setup-cloudflared
on:
push:
paths:
- .github/workflows/test.yml
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Setup cloudflared using setup-cloudflared
uses: AnimMouse/setup-cloudflared@v1
with:
cloudflare_tunnel_certificate: ${{ secrets.CLOUDFLARE_TUNNEL_CERTIFICATE }}
cloudflare_tunnel_credential: ${{ secrets.CLOUDFLARE_TUNNEL_CREDENTIAL }}
cloudflare_tunnel_configuration: ${{ secrets.CLOUDFLARE_TUNNEL_CONFIGURATION }}
cloudflare_tunnel_id: ${{ secrets.CLOUDFLARE_TUNNEL_ID }}
- name: Test cloudflared installed by setup-cloudflared using Python HTTP server for 5 minutes
run: timeout 5m python -m http.server 8000 || true
- name: Shutdown cloudflared using setup-cloudflared/shutdown
if: always()
uses: AnimMouse/setup-cloudflared/shutdown@v1
Submission Category:
Maintainer Must-Haves
Yaml File or Link to Code
name: Setup cloudflared
description: Setup/Install Cloudflare Tunnel client for GitHub Actions
branding:
icon: cloud
color: orange
inputs:
cloudflare_tunnel_certificate:
description: Cloudflare Tunnel Certificate (cert.pem)
required: true
cloudflare_tunnel_credential:
description: Cloudflare Tunnel Credential encoded in base64 (deadbeef-1234-4321-abcd-123456789ab.json)
required: true
cloudflare_tunnel_configuration:
description: Cloudflare Tunnel Configuration encoded in base64 (config.yml)
required: true
cloudflare_tunnel_id:
description: Cloudflare Tunnel ID (deadbeef-1234-4321-abcd-123456789ab)
required: true
autostart:
description: Autostart Cloudflare Tunnel
required: false
default: true
runs:
using: composite
steps:
- name: Download cloudflared for Linux
shell: bash
working-directory: ${{ runner.temp }}
run: aria2c -x 16 "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64"
- name: Install cloudflared
shell: bash
working-directory: ${{ runner.temp }}
run: |
chmod +x cloudflared-linux-amd64
mv cloudflared-linux-amd64 /usr/local/bin/cloudflared
- name: Login to Cloudflare Tunnel client
shell: bash
env:
cloudflare_tunnel_certificate: ${{ inputs.cloudflare_tunnel_certificate }}
cloudflare_tunnel_credential: ${{ inputs.cloudflare_tunnel_credential }}
cloudflare_tunnel_configuration: ${{ inputs.cloudflare_tunnel_configuration }}
cloudflare_tunnel_id: ${{ inputs.cloudflare_tunnel_id }}
run: |
mkdir ~/.cloudflared/
echo $cloudflare_tunnel_certificate > ~/.cloudflared/cert.pem
echo $cloudflare_tunnel_credential | base64 -d > ~/.cloudflared/${cloudflare_tunnel_id}.json
echo $cloudflare_tunnel_configuration | base64 -d > ~/.cloudflared/config.yml
- name: Run Cloudflare Tunnel
if: inputs.autostart == 'true'
shell: bash
env:
cloudflare_tunnel_id: ${{ inputs.cloudflare_tunnel_id }}
run: |
nohup cloudflared tunnel run > ${RUNNER_TEMP}/cloudflared.log 2>&1 &
echo $! > ${RUNNER_TEMP}/cloudflared.pid
AnimMouse / setup-cloudflared
Setup/Install Cloudflare Tunnel client for GitHub Actions
Setup cloudflared for GitHub Actions
Setup Cloudflare Tunnel client for GitHub Actions.
This action installs cloudflared for use in actions by installing it on tool cache using AnimMouse/tool-cache.
This action will automatically sign in and start Cloudflare Tunnel.
Other virtual environments besides Ubuntu are not supported yet.
Test page for setup-cloudflared
Usage
- Paste the contents of the cert.prm file to
CLOUDFLARE_TUNNEL_CERTIFICATE
secret. No need to encode it to base64 as it is already in base64. - Encode the JSON credential in base64 using this command
base64 -w 0 <cloudflare-tunnel-id>.json
and paste it toCLOUDFLARE_TUNNEL_CREDENTIAL
secret. - At the config.yml, set
credentials-file:
to/home/runner/.cloudflared/<cloudflare-tunnel-id>.json
- Encode the config.yml in base64 using this command
base64 -w 0 config.yml
and paste it toCLOUDFLARE_TUNNEL_CONFIGURATION
secret. - Add the Cloudflare Tunnel ID to
CLOUDFLARE_TUNNEL_ID
secret.
To gracefully shutdown Cloudflare Tunnel after being started in the background, use the AnimMouse/setup-cloudflared/shutdown
action as composite actions does not support post:
…
Additional Resources / Info
cloudflare / cloudflared
Cloudflare Tunnel client (formerly Argo Tunnel)
Cloudflare Tunnel client
Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins
This daemon sits between Cloudflare network and your origin (e.g. a webserver). Cloudflare attracts client requests and sends them to you
via this daemon, without requiring you to poke holes on your firewall --- your origin can remain as closed as possible
Extensive documentation can be found in the Cloudflare Tunnel section of the Cloudflare Docs
All usages related with proxying to your origins are available under cloudflared tunnel help
.
You can also use cloudflared
to access Tunnel origins (that are protected with cloudflared tunnel
) for TCP traffic
at Layer 4 (i.e., not HTTP/websocket), which is relevant for use cases such as SSH, RDP, etc.
Such usages are available under cloudflared access help
.
You can instead use WARP client to access private origins behind…
Used by:
AnimMouse / SOCKS5-proxy-actions
Proof of concept SOCKS5 proxy running on GitHub Actions through Chisel
SOCKS5 Proxy Actions
SOCKS5 Proxy hosted on GitHub Actions.
Proof of concept Chisel's SOCKS5 Proxy running on GitHub Actions.
As GitHub Actions runner does not have an accessible IP address, we use Cloudflare Tunnel to have a tunnel to GitHub Actions runner.
Your Computer > Cloudflare > GitHub Actions runner > GitHub Actions' Internet
Usage
- Setup Cloudflare Tunnel Client by following instructions on setup-cloudflared README.md.
- At the config.yml, set
service:
tohttp://localhost:8080
atingress:
.
ingress:
- service: http://localhost:8080
- Run the workflow.
- Connect to your chisel websocket by running
chisel client https://example.com/ socks
. - Connect your browser to chisel's SOCKS5 proxy by setting proxy settings to
localhost:1080
.
Top comments (0)