Unable to check for updates

[phlax]

We (https://github.com/envoyproxy/envoy) have a dependency scanner that checks for release updates

Currently this breaks trying to check latest releases for libdrdkafka with

Check disabled, `preload_releases` failed: Although you appear to have the correct authorization credentials, the `confluentinc` organization has an IP allow list enabled, and your IP address is not permitted to access this resource.

this is running from github actions, running locally works as expected.

im wondering if this is intentional, its the github api that is being queried

[milindl]

Hi @phlax , thanks for reporting this. I asked around internally, and there have been some changes regarding the IP allow list.

But we intend for the workflow you've described to keep working, listing releases from anywhere should work. Could you try running your workflow once again on Github Actions? We've made some changes that might fix it, please let me know if it does.

[phlax]

hi @milindl i just tested in a private repo and afaict no change, same error

[milindl]

We'll be checking it with github support, I'll update this issue when there's an update

[milindl]

hi @phlax , we got in touch with github support. Are you using the token that's provided by github actions while using the API, or another token?

[phlax]

we use appauth for quite a few things - but not for this - so its the standard GITHUB_TOKEN provided in ci

we dont have this issue with any other deps.

issing a PAT and testing locally it works

[phlax]

~relatedly we used to use the edenhill repo/link to check this dep - this continued working (mostly, but unreliably) until recently

i tested switching to the confluentinc repo some time back and hit this issue immediately so we held off updating the repo until it stopped working altogether

atm we have a workaround to specifically exclude this dep from our checkers