feat: github action ip를 동적으로 추가하고 삭제한다

Nexters · Jul 22, 2024 · 2d05314 · 2d05314
1 parent 9f6e52b
commit 2d05314
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/.github/workflows/deploy-workflow.yml b/.github/workflows/deploy-workflow.yml
@@ -37,6 +37,21 @@ jobs:
           docker build --platform linux/amd64 -f Dockerfile -t ${{ secrets.DOCKER_USERNAME }}/bottles:$DOCKER_TAG .
           docker push ${{ secrets.DOCKER_USERNAME }}/bottles:$DOCKER_TAG
 
+      - name: Get Github Actions IP
+        id: ip
+        uses: haythem/[email protected]
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ap-northeast-2
+
+      - name: Add Github Actions IP to Security group
+        run: |
+          aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
+
       - name: Transfer file using SCP
         env:
           SERVER_HOST: ${{ secrets.SERVER_HOST }}
@@ -76,3 +91,7 @@ jobs:
             cd /home/${{ secrets.SERVER_USER_NAME }}/deploy
             sudo chmod +x deploy.sh notify_error.sh
             ./deploy.sh
+
+      - name: Remove Github Actions IP From Security Group
+        run: |
+          aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32