HomeInfra/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: allow current CI runner IP through firewall before Ansible
All checks were successful
Deploy Cluster / Terraform (push) Successful in 35s
Details
Deploy Cluster / Ansible (push) Successful in 5m13s
Details

Browse Source
This commit is contained in:
MichaelFisher1997
2026-03-01 14:50:55 +00:00
parent fffd3876fb
commit 54717cccad
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
.gitea/workflows/deploy.yml
View File

@@ -186,6 +186,23 @@ jobs:
mkdir -p ../outputs mkdir -p ../outputs
terraform output -json > ../outputs/terraform_outputs.json terraform output -json > ../outputs/terraform_outputs.json
- name: Detect runner egress IP
run: |
RUNNER_IP=$(curl -fsSL https://api.ipify.org)
echo "RUNNER_CIDR=[\"${RUNNER_IP}/32\"]" >> "$GITHUB_ENV"
echo "Runner egress IP: ${RUNNER_IP}"
- name: Open SSH/API for current runner CIDR
working-directory: terraform
run: |
terraform apply \
-target=hcloud_firewall.cluster \
-var="ssh_public_key=$HOME/.ssh/id_ed25519.pub" \
-var="ssh_private_key=$HOME/.ssh/id_ed25519" \
-var="allowed_ssh_ips=${RUNNER_CIDR}" \
-var="allowed_api_ips=${RUNNER_CIDR}" \
-auto-approve
- name: Install Python Dependencies - name: Install Python Dependencies
run: | run: |
apt-get update && apt-get install -y python3-pip apt-get update && apt-get install -y python3-pip