OCI ISL update prototype: fix compartment name #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ~OCI IP list update | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| ACTION: | ||
| type: string | ||
| required: true | ||
| description: Action to do for OCI IP list update. Can be either, "add" or "delete" | ||
| JOB_ID: | ||
| type: string | ||
| required: true | ||
| GLOBAL_CIDR: | ||
| type: string | ||
| required: true | ||
| description: Global CIDR to be added/deleted from security list of slurm cluster | ||
| permissions: | ||
| contents: read # to fetch code | ||
| actions: read # to cancel previous workflows | ||
| packages: read # to upload container | ||
| jobs: | ||
| oci-sl-update: | ||
| runs-on: ubuntu-22.04 | ||
| name: Update security list on SLURM cluster | ||
| env: | ||
| OCI_CLI_USER: ${{ secrets.OCI_CLI_USER }} | ||
| OCI_CLI_TENANCY: ${{ secrets.OCI_CLI_TENANCY }} | ||
| OCI_CLI_FINGERPRINT: ${{ secrets.OCI_CLI_FINGERPRINT }} | ||
| OCI_CLI_KEY_CONTENT: ${{ secrets.OCI_CLI_KEY_CONTENT }} | ||
| OCI_CLI_REGION: ${{ secrets.OCI_CLI_REGION }} | ||
| steps: | ||
| - name: Retrieve the OCID of a named compartment in tenancy | ||
| uses: oracle-actions/run-oci-cli-command@v1.3.1 | ||
| id: find-compartment-id | ||
| with: | ||
| command: 'iam compartment list --compartment-id-in-subtree=true' | ||
| query: "data[?name=='jax'].id" | ||
| - name: Debug | ||
| run: | | ||
| ${{ steps.find-compartment-id.outputs.raw_output }} | ||
| echo ${{ steps.find-compartment-id.outputs.output }}' | ||
| echo ${{ steps.find-compartment-id.outputs.raw_output }}' | ||
| - name: Get security list from the compartment | ||
| uses: oracle-actions/run-oci-cli-command@v1.3.1 | ||
| id: ingress-security-rules | ||
| with: | ||
| command: 'network security-list list --compartment-id ${{ steps.find-compartment-id.outputs.output }}' | ||
| query: "data[?\"display-name\"=='Default Security List for aoc-osaka_VCN'].\"ingress-security-rules\" | [0]" | ||
| - name: Generate updated ingress list | ||
| id: new-ingress-list | ||
| shell: bash -x -e {0} | ||
| run: | | ||
| description="JTB GitHub Runner ${{ inputs.JOB_ID }}" | ||
| if [[ "${{ inputs.ACTION }}"" == "add" ]]; then | ||
| sl_update=$(cat << EOF | jq -c | ||
| {"description": "$description", | ||
| "icmp-options": null, | ||
| "is-stateless": false, | ||
| "protocol": "6", | ||
| "source": "${{ inputs.GLOBAL_CIDR }}", | ||
| "source-type": "CIDR_BLOCK", | ||
| "tcp-options": { | ||
| "destination-port-range": { | ||
| "max": 22, | ||
| "min": 22 | ||
| }, | ||
| "source-port-range": null | ||
| }, | ||
| "udp-options": null | ||
| } | ||
| EOF | ||
| ) | ||
| updated_isr=$(echo ${{ steps.ingress-security-rules.outputs.output }} | jq --argjson to_add "$sl_update" '. + [$to_add]') | ||
| elif [[ "${{ inputs.ACTION }}"" == "delete" ]]; then | ||
| delete_pattern='del(.[] | select(.description=="'$description'"))' | ||
| updated_isr=$(echo ${{ steps.ingress-security-rules.outputs.output }} | jq "$delete_pattern") | ||
| # updated_isr=$(echo $updated_slf | jq '(.data[] | select(."display-name"=="Default Security List for aoc-osaka_VCN"))."ingress-security-rules"') | ||
| else | ||
| echo "Unsupported parameter ${{ inputs.ACTION}}" | ||
| exit 1 | ||
| fi | ||
| echo "OCI_UPDATED_ISR=${updated_isr}" | tee -a $GITHUB_OUTPUT | ||
| - name: Update security list | ||
| uses: oracle-actions/run-oci-cli-command@v1.3.1 | ||
| with: | ||
| command: 'network security-list update --force --security-list-id ${{ steps.find-compartment-id.outputs.raw_output }} --ingress-security-rules "${{ steps.new-ingress-list.outputs.OCI_UPDATED_ISR }}"' | ||
