Add code to deploy yaml for Github actions

vickykohnen1966 · vickykohnen1966 · commit a8df683415cd · 2026-01-28T19:55:20.000+01:00
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -91,6 +91,37 @@ jobs:
         with:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
 
+      - name: Whitelist Runner IP
+        uses: azure/CLI@v1
+        with:
+          inlineScript: |
+            # 1. Get Runner IP
+            RUNNER_IP=$(curl -s https://api.ipify.org)
+            echo "Runner IP is $RUNNER_IP"
+            
+            # 2. Get existing ranges
+            EXISTING_RANGES=$(az aks show \
+              --resource-group learningstepsRG \
+              --name learningsteps-aks \
+              --query "apiServerAccessProfile.authorizedIpRanges" \
+              -o tsv | tr '\t' ',')
+            
+            # 3. Add Runner IP to list
+            if [ -z "$EXISTING_RANGES" ]; then
+              NEW_RANGES="$RUNNER_IP/32"
+            else
+              NEW_RANGES="$EXISTING_RANGES,$RUNNER_IP/32"
+            fi
+            
+            # 4. Update AKS
+            az aks update \
+              --resource-group learningstepsRG \
+              --name learningsteps-aks \
+              --api-server-authorized-ip-ranges $NEW_RANGES
+            
+            echo "Waiting 60s for Azure firewall propagation..."
+            sleep 60          
+
       - name: Set AKS Context
         uses: azure/aks-set-context@v4
         with:
@@ -99,7 +130,7 @@ jobs:
 
       - name: Update AKS Deployment
         run: |
-          # 1. Apply all 
+          # 1. Apply all (manifests)
           kubectl apply -f kubernetes/      
           
           # 2. Update the image to the latest version built in the pipeline
@@ -113,4 +144,20 @@ jobs:
         run: |
           kubectl get pods -o wide
           kubectl describe deployment learningsteps-api
-          kubectl describe pods -l app=learningsteps-api
+          kubectl describe pods -l app=learningsteps-api
+
+      - name: Cleanup Runner IP
+        if: always()
+        uses: azure/CLI@v1
+        with:
+          inlineScript: |
+            RUNNER_IP=$(curl -s https://api.ipify.org)
+            CURRENT_RANGES=$(az aks show -g learningstepsRG -n learningsteps-aks --query "apiServerAccessProfile.authorizedIpRanges" -o tsv | tr '\t' ',')
+            
+            # Remove only the runner's IP from the string
+            CLEANED_RANGES=$(echo $CURRENT_RANGES | sed "s|$RUNNER_IP/32||g" | sed 's/,,/,/g' | sed 's/^,//;s/,$//')
+            
+            az aks update \
+              --resource-group learningstepsRG \
+              --name learningsteps-aks \
+              --api-server-authorized-ip-ranges "$CLEANED_RANGES"          
