From 2265331813f423571cd7ac5420c98e566bea76a2 Mon Sep 17 00:00:00 2001 From: NKoelblen Date: Mon, 4 May 2026 13:21:53 +0200 Subject: [PATCH] feat: update runner IP handling in deployment workflows for consistency --- .github/workflows/deploy-production.yml | 12 +++++++++--- .github/workflows/deploy-staging.yml | 12 +++++++++--- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml index 9697a14..513b55c 100644 --- a/.github/workflows/deploy-production.yml +++ b/.github/workflows/deploy-production.yml @@ -13,17 +13,19 @@ jobs: name: Deploy if: github.event.pull_request.merged == true runs-on: ubuntu-latest + env: + RUNNER_IP: "" steps: # 1. Récupérer l'IP publique du runner - name: Get runner public IP id: ip - run: echo "ip=$(curl -s https://api.ipify.org)" >> $GITHUB_OUTPUT + run: echo "RUNNER_IP=$(curl -s https://api.ipify.org)" >> $GITHUB_ENV # 2. Ajouter l'IP en liste blanche sur le pare-feu o2switch - name: Whitelist runner IP on o2switch firewall run: | curl -sm 45 \ -H "Authorization: cpanel ${{ secrets.CPANEL_USERNAME }}:${{ secrets.CPANEL_API_TOKEN }}" \ - "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/add?address=${{ steps.ip.outputs.ip }}&port=22" + "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/add?address=${{ env.RUNNER_IP }}&port=22" # 3. Courte pause pour que la règle firewall soit effective - name: Wait for firewall rule to propagate run: sleep 5 @@ -48,6 +50,10 @@ jobs: - name: Remove runner IP from whitelist if: always() run: | + echo "Removing $RUNNER_IP" curl -sm 45 \ -H "Authorization: cpanel ${{ secrets.CPANEL_USERNAME }}:${{ secrets.CPANEL_API_TOKEN }}" \ - "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/remove?address=${{ steps.ip.outputs.ip }}&port=22" + "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/remove?address=$RUNNER_IP&port=22&direction=in" + curl -sm 45 \ + -H "Authorization: cpanel ${{ secrets.CPANEL_USERNAME }}:${{ secrets.CPANEL_API_TOKEN }}" \ + "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/remove?address=$RUNNER_IP&port=22&direction=out" diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index d8df9f7..2a4ece2 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -13,17 +13,19 @@ jobs: name: Deploy if: github.event.pull_request.merged == true runs-on: ubuntu-latest + env: + RUNNER_IP: "" steps: # 1. Récupérer l'IP publique du runner - name: Get runner public IP id: ip - run: echo "ip=$(curl -s https://api.ipify.org)" >> $GITHUB_OUTPUT + run: echo "RUNNER_IP=$(curl -s https://api.ipify.org)" >> $GITHUB_ENV # 2. Ajouter l'IP en liste blanche sur le pare-feu o2switch - name: Whitelist runner IP on o2switch firewall run: | curl -sm 45 \ -H "Authorization: cpanel ${{ secrets.CPANEL_USERNAME }}:${{ secrets.CPANEL_API_TOKEN }}" \ - "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/add?address=${{ steps.ip.outputs.ip }}&port=22" + "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/add?address=${{ env.RUNNER_IP }}&port=22" # 3. Courte pause pour que la règle firewall soit effective - name: Wait for firewall rule to propagate run: sleep 5 @@ -48,6 +50,10 @@ jobs: - name: Remove runner IP from whitelist if: always() run: | + echo "Removing $RUNNER_IP" curl -sm 45 \ -H "Authorization: cpanel ${{ secrets.CPANEL_USERNAME }}:${{ secrets.CPANEL_API_TOKEN }}" \ - "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/remove?address=${{ steps.ip.outputs.ip }}&port=22" + "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/remove?address=$RUNNER_IP&port=22&direction=in" + curl -sm 45 \ + -H "Authorization: cpanel ${{ secrets.CPANEL_USERNAME }}:${{ secrets.CPANEL_API_TOKEN }}" \ + "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/remove?address=$RUNNER_IP&port=22&direction=out"