-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathaction.yml
79 lines (73 loc) · 2.52 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
name: 'AWS Open Firewall'
description: 'This action will add the github server IP Address to a Security Group on AWS EC2'
branding:
icon: unlock
color: gray-dark
inputs:
rule-id:
description: 'Security Group Id on AWS EC2 Firewall Panel'
required: false
default: ''
rule-name:
description: 'Security Group Name on AWS EC2 Firewall Panel'
required: false
default: ''
port:
description: 'The port to allow'
required: false
default: ''
protocol:
description: 'The protocol to allow for the selected port'
required: false
default: 'all'
aws-access-key-id:
description: 'AWS Access Key ID'
required: true
aws-secret-access-key:
description: 'AWS Secret Access Key'
required: true
aws-region:
description: 'AWS Region'
required: false
default: 'us-east-1'
runs:
using: "composite"
steps:
- name: Get My IP
run: |
echo 'MYIP<<EOF' >> $GITHUB_ENV
curl https://checkip.amazonaws.com >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
shell: bash
- name: Configure AWS command line
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ inputs.aws-access-key-id }}
aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
aws-region: ${{ inputs.aws-region }}
- name: Get Security Group ID
run: |
GROUP_ID="${{ inputs.rule-id }}"
PORT_RULE=""
if [ -z "$GROUP_ID" ]
then
GROUP_ID=$(aws ec2 describe-security-groups --filters Name=group-name,Values=${{ inputs.rule-name }} --query 'SecurityGroups[*].[GroupId]' --output text)
fi
if [ -z "$GROUP_ID" ]
then
echo "::error::Couldn't find the securty group id" && exit 1;
else
echo "GROUP_ID=$GROUP_ID" >> $GITHUB_ENV;
fi
if [ ! -z "${{ inputs.port }}" ]
then
echo "PORT_RULE=--port ${{ inputs.port }}" >> $GITHUB_ENV;
fi
shell: bash
- name: Allow our connection on AWS Firewall rule by Rule Id
run: aws ec2 authorize-security-group-ingress --group-id ${{ env.GROUP_ID }} --protocol ${{ inputs.protocol }} --cidr ${{ env.MYIP }}/32 ${{ env.PORT_RULE }}
shell: bash
- name: Close our connection on AWS Firewall rule by Rule Id
uses: webiny/[email protected]
with:
run: aws ec2 revoke-security-group-ingress --group-id ${{ env.GROUP_ID }} --protocol ${{ inputs.protocol }} --cidr ${{ env.MYIP }}/32 ${{ env.PORT_RULE }}