Add github action for deploying egress proxy

2025-12-11 15:52:21 -05:00 · 2022-11-08 13:51:39 -05:00
parent 898a570f8f
commit 3020d3d94e
7 changed files with 51 additions and 0 deletions
--- a/.github/actions/deploy-proxy/action.yml
+++ b/.github/actions/deploy-proxy/action.yml
@@ -0,0 +1,33 @@
+name: Deploy egress proxy
+description: Setup egres space and deploy proxy
+inputs:
+  cf_space:
+    description: The space the target app exists in.
+    required: true
+  app:
+    description: application name to be proxied.
+    required: true
+runs:
+  using: composite
+  steps:
+    - name: Set restricted space egress
+      shell: bash
+      run: ./terraform/set_space_egress.sh -t -s ${{ inputs.cf_space }}
+    - name: Set public space egress
+      shell: bash
+      run: ./terraform/set_space_egress.sh -p -s ${{ inputs.cf_space }}-egress
+    - name: Create temp directory
+      shell: bash
+      id: create-temp-dir
+      run: echo "path=$(mktemp -d -t egress-XXXXXXXXXX --tmpdir=$RUNNER_TEMP)" >> $GITHUB_OUTPUT
+    - name: Clone egress-proxy
+      shell: bash
+      run: git clone https://github.com/rahearn/cg-egress-proxy.git ${{ steps.create-temp-dir.outputs.path }}
+    - name: Copy config files
+      shell: bash
+      run: cp ./deploy-config/egress_proxy/${{ inputs.app }}.*.acl ${{ steps.create-temp-dir.outputs.path }}
+    - name: Deploy proxy
+      shell: bash
+      run: >
+        cd ${{ steps.create-temp-dir.outputs.path }};
+        ./bin/cf-deployproxy -a ${{ inputs.app }} -p egress-proxy -e egress_proxy
--- a/.github/workflows/deploy-demo.yml
+++ b/.github/workflows/deploy-demo.yml
@@ -65,3 +65,9 @@ jobs:
          --var ADMIN_CLIENT_SECRET="$ADMIN_CLIENT_SECRET"
          --var AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID"
          --var AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY"
+
+    - name: Deploy egress proxy
+      uses: ./.github/actions/deploy-proxy
+      with:
+        cf_space: notify-demo
+        app: notify-api-demo
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -71,6 +71,12 @@ jobs:
          --var AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID"
          --var AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY"

+    - name: Deploy egress proxy
+      uses: ./.github/actions/deploy-proxy
+      with:
+        cf_space: notify-staging
+        app: notify-api-staging
+
  bail:
    runs-on: ubuntu-latest
    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
--- a/deploy-config/egress_proxy/notify-api-demo.allow.acl
+++ b/deploy-config/egress_proxy/notify-api-demo.allow.acl
@@ -0,0 +1,3 @@
+email.us-west-2.amazonaws.com
+sns.us-west-2.amazonaws.com
+logs.us-west-2.amazonaws.com
--- a/deploy-config/egress_proxy/notify-api-demo.deny.acl
+++ b/deploy-config/egress_proxy/notify-api-demo.deny.acl
--- a/deploy-config/egress_proxy/notify-api-staging.allow.acl
+++ b/deploy-config/egress_proxy/notify-api-staging.allow.acl
@@ -0,0 +1,3 @@
+email.us-west-2.amazonaws.com
+sns.us-west-2.amazonaws.com
+logs.us-west-2.amazonaws.com
--- a/deploy-config/egress_proxy/notify-api-staging.deny.acl
+++ b/deploy-config/egress_proxy/notify-api-staging.deny.acl