diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml index c646f3e..513b55c 100644 --- a/.github/workflows/deploy-production.yml +++ b/.github/workflows/deploy-production.yml @@ -13,17 +13,19 @@ jobs: name: Deploy if: github.event.pull_request.merged == true runs-on: ubuntu-latest + env: + RUNNER_IP: "" steps: # 1. Récupérer l'IP publique du runner - name: Get runner public IP id: ip - run: echo "ip=$(curl -s https://api.ipify.org)" >> $GITHUB_OUTPUT + run: echo "RUNNER_IP=$(curl -s https://api.ipify.org)" >> $GITHUB_ENV # 2. Ajouter l'IP en liste blanche sur le pare-feu o2switch - name: Whitelist runner IP on o2switch firewall run: | curl -sm 45 \ -H "Authorization: cpanel ${{ secrets.CPANEL_USERNAME }}:${{ secrets.CPANEL_API_TOKEN }}" \ - "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/add?address=${{ steps.ip.outputs.ip }}&port=22" + "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/add?address=${{ env.RUNNER_IP }}&port=22" # 3. Courte pause pour que la règle firewall soit effective - name: Wait for firewall rule to propagate run: sleep 5 @@ -42,12 +44,16 @@ jobs: cd ~/api.onoko.dev git pull origin prod source /home/kono7602/nodevenv/api.onoko.dev/api/24/bin/activate && cd /home/kono7602/api.onoko.dev/api - npm install + npm install --include=dev npm run build # 6. Retirer l'IP de la liste blanche (nettoyage) - name: Remove runner IP from whitelist if: always() run: | + echo "Removing $RUNNER_IP" curl -sm 45 \ -H "Authorization: cpanel ${{ secrets.CPANEL_USERNAME }}:${{ secrets.CPANEL_API_TOKEN }}" \ - "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/remove?address=${{ steps.ip.outputs.ip }}&port=22" + "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/remove?address=$RUNNER_IP&port=22&direction=in" + curl -sm 45 \ + -H "Authorization: cpanel ${{ secrets.CPANEL_USERNAME }}:${{ secrets.CPANEL_API_TOKEN }}" \ + "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/remove?address=$RUNNER_IP&port=22&direction=out" diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index d8df9f7..2a4ece2 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -13,17 +13,19 @@ jobs: name: Deploy if: github.event.pull_request.merged == true runs-on: ubuntu-latest + env: + RUNNER_IP: "" steps: # 1. Récupérer l'IP publique du runner - name: Get runner public IP id: ip - run: echo "ip=$(curl -s https://api.ipify.org)" >> $GITHUB_OUTPUT + run: echo "RUNNER_IP=$(curl -s https://api.ipify.org)" >> $GITHUB_ENV # 2. Ajouter l'IP en liste blanche sur le pare-feu o2switch - name: Whitelist runner IP on o2switch firewall run: | curl -sm 45 \ -H "Authorization: cpanel ${{ secrets.CPANEL_USERNAME }}:${{ secrets.CPANEL_API_TOKEN }}" \ - "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/add?address=${{ steps.ip.outputs.ip }}&port=22" + "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/add?address=${{ env.RUNNER_IP }}&port=22" # 3. Courte pause pour que la règle firewall soit effective - name: Wait for firewall rule to propagate run: sleep 5 @@ -48,6 +50,10 @@ jobs: - name: Remove runner IP from whitelist if: always() run: | + echo "Removing $RUNNER_IP" curl -sm 45 \ -H "Authorization: cpanel ${{ secrets.CPANEL_USERNAME }}:${{ secrets.CPANEL_API_TOKEN }}" \ - "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/remove?address=${{ steps.ip.outputs.ip }}&port=22" + "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/remove?address=$RUNNER_IP&port=22&direction=in" + curl -sm 45 \ + -H "Authorization: cpanel ${{ secrets.CPANEL_USERNAME }}:${{ secrets.CPANEL_API_TOKEN }}" \ + "https://${{ secrets.CPANEL_HOST }}:2083/execute/SshWhitelist/remove?address=$RUNNER_IP&port=22&direction=out"