Use aproxy for the oci-publish step for self-hosted runners

canonical · Nov 8, 2023 · 10a0cc9 · 10a0cc9
1 parent cbf5f2e
commit 10a0cc9
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/.github/workflows/server-publish-oci-image.yml b/.github/workflows/server-publish-oci-image.yml
@@ -27,6 +27,27 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
+      - name: Configure Aproxy
+        run: |
+          sudo snap set aproxy proxy=squid.internal:3128
+          sudo nft -f - << EOF
+          define default-ip = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+')
+          define private-ips = { 10.0.0.0/8, 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16 }
+          table ip aproxy
+          flush table ip aproxy
+          table ip aproxy {
+                  chain prerouting {
+                          type nat hook prerouting priority dstnat; policy accept;
+                          ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443
+                  }
+
+                  chain output {
+                          type nat hook output priority -100; policy accept;
+                          ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443
+                  }
+          }
+          EOF
+
       - name: Log in to the Container registry
         uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
         with: