diff --git a/.github/workflows/dsf_single_account_cli.yml b/.github/workflows/dsf_single_account_cli.yml index 2d955273b..01b011751 100644 --- a/.github/workflows/dsf_single_account_cli.yml +++ b/.github/workflows/dsf_single_account_cli.yml @@ -16,6 +16,10 @@ on: required: true type: string secrets: + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true AWS_ACCESS_KEY_ID_STAGE: required: true AWS_SECRET_ACCESS_KEY_STAGE: @@ -24,10 +28,8 @@ on: required: true JUMP_SERVER_KEY: required: true - - push: - branches: - - 'sprint_10_segev' + DAM_LICENSE: + required: true env: TF_CLI_ARGS: "-no-color" @@ -70,9 +72,9 @@ jobs: with: ref: ${{ env.REF }} -# - name: Change the modules source to local -# run: | -# find ./examples/ -type f -exec sed -i -f sed.expr {} \; + - name: Change the modules source to local + run: | + find ./examples/ -type f -exec sed -i -f sed.expr {} \; - name: Sets env vars for environment run: | @@ -124,6 +126,17 @@ jobs: run: | aws_sg=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --protocol tcp --port 22 --cidr $curr_ip/32) echo sg_id=$(echo $aws_sg | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV + aws_sg_for_singapore=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.SINGAPORE_SG_ID }} --protocol tcp --port 8443 --cidr $curr_ip/32) + echo sg_id_for_singapore=$(echo $aws_sg_for_singapore | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV + + - name: Set IP in AWS Security Group - Sydney + env: + AWS_REGION: ap-southeast-2 + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} + run: | + aws_sg_for_sydney=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.SYDNEY_SG_ID }} --protocol tcp --port 8443 --cidr $curr_ip/32) + echo sg_id_for_sydney=$(echo $aws_sg_for_sydney | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV - name: Create Key File run: | @@ -167,6 +180,7 @@ jobs: run: terraform -chdir=$EXAMPLE_DIR output -json - name: Collect Artifacts + if: always() uses: actions/upload-artifact@v2 with: name: collected-keys @@ -183,7 +197,18 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} if: always() - run: aws ec2 revoke-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --security-group-rule-ids ${{ env.sg_id }} + run: | + aws ec2 revoke-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --security-group-rule-ids ${{ env.sg_id }} + aws ec2 revoke-security-group-ingress --group-id ${{ vars.SINGAPORE_SG_ID }} --security-group-rule-ids ${{ env.sg_id_for_singapore }} + + - name: Delete Security Group - Sydney + env: + AWS_REGION: ap-southeast-2 + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} + if: always() + run: | + aws ec2 revoke-security-group-ingress --group-id ${{ vars.SYDNEY_SG_ID }} --security-group-rule-ids ${{ env.sg_id_for_sydney }} - name: Check how was the workflow run id: check-trigger diff --git a/.github/workflows/terraform_nightly_manager.yml b/.github/workflows/terraform_nightly_manager.yml index 68d991e90..edaf2d45a 100644 --- a/.github/workflows/terraform_nightly_manager.yml +++ b/.github/workflows/terraform_nightly_manager.yml @@ -76,7 +76,7 @@ jobs: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} master_dsf_single_account: - uses: imperva/dsfkit/.github/workflows/terraform_nightly_manager.yml@master + uses: imperva/dsfkit/.github/workflows/dsf_single_account_cli.yml@master with: branch: master secrets: @@ -89,7 +89,7 @@ jobs: DAM_LICENSE: ${{ secrets.DAM_LICENSE }} dev_dsf_single_account: - uses: imperva/dsfkit/.github/workflows/terraform_nightly_manager.yml@dev + uses: imperva/dsfkit/.github/workflows/dsf_single_account_cli.yml@dev with: branch: dev secrets: