Skip to content

making whitelist step same as deploy #925

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
maxsibilla merged 1 commit into from
Jan 9, 2026
Merged

making whitelist step same as deploy #925

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 1 addition & 6 deletions .github/workflows/build-and-deploy-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,78 +7,73 @@

jobs:
build-and-push:
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}

- name: Create $ENTITY_API_VERSION
run: |
export ENTITY_API_VERSION=$(tr -d "\n\r" < ../VERSION | xargs)
echo "ENTITY_API_VERSION=$ENTITY_API_VERSION" >> $GITHUB_ENV
working-directory: ./docker

- name: Make build script executable
run: chmod +x ./docker-development.sh
working-directory: ./docker

- name: Run the Docker build shell script
run: ./docker-development.sh build
working-directory: ./docker

- name: Tag the Docker Image
# Alternatively we could use ${{ github.sha }} instead of latest
run: docker image tag sennet/entity-api:$ENTITY_API_VERSION sennet/entity-api-dev:latest
working-directory: ./docker

- name: Push the Docker image
run: docker push sennet/entity-api-dev:latest
working-directory: ./docker

whitelist-github-actions-ip:
deploy:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
runs-on: ubuntu-latest
needs: build-and-push
steps:
- name: Whitelist GitHub Actions IP
uses: bbharathkumarreddy/aws-whitelist-ip@v1.0
with:
security-group-id: sg-0ddfcbe0a83a5266c
action: whitelist
port: 22
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1

deploy:
runs-on: ubuntu-latest
needs: whitelist-github-actions-ip
steps:
- name: Deploy to Server via SSH
uses: appleboy/ssh-action@v1
with:
host: '${{ secrets.REMOTE_HOST }}'
username: ${{ secrets.REMOTE_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
use_insecure_cipher: true
script: |
# Change to codcc user on server
sudo su - codcc -c "cd /opt/sennet/entity-api/docker/; git pull; docker pull sennet/entity-api-dev:latest; ./docker-development.sh down; ./docker-development.sh start;"

remove-whitelist-ip:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}
runs-on: ubuntu-latest
needs: deploy
steps:
- name: Remove GitHub Actions IP
uses: bbharathkumarreddy/aws-whitelist-ip@v1.0
with:
security-group-id: sg-0ddfcbe0a83a5266c
action: remove
port: 22
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
Expand Down