From 42aebc2d10154e6028fdefec9165c58e67057277 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 10:39:43 -0500 Subject: [PATCH 01/26] Creating new github action to build and push docker image --- .github/workflows/build-and-deploy-dev.yml | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/build-and-deploy-dev.yml diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml new file mode 100644 index 00000000..2ec0fdc7 --- /dev/null +++ b/.github/workflows/build-and-deploy-dev.yml @@ -0,0 +1,26 @@ +name: Build and Deploy Docker Image on Dev + +on: + push: + branches: + - dev-integrate + +jobs: + build-and-push: + runs-on: ubuntu-24.04 + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: sennet/entity-api-dev:latest From 6b9a37cb394f4b003af37462c2724394a56fb881 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 10:51:57 -0500 Subject: [PATCH 02/26] Modifying github actions to utilize shell script for docker build --- .github/workflows/build-and-deploy-dev.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 2ec0fdc7..8e314792 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -18,9 +18,11 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Build and push Docker image - uses: docker/build-push-action@v5 - with: - context: . - push: true - tags: sennet/entity-api-dev:latest + - name: Make build script executable + run: chmod +x ./docker/docker-development.sh + + - name: Run the Docker build shell script + run: ./docker/docker-development.sh build + + - name: Push the Docker image + run: docker push sennet/entity-api-dev:latest From 4aa65c38bd538d92ca3b0d4ec1e2f6dc8a5ebcac Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 10:56:55 -0500 Subject: [PATCH 03/26] Setting working-directory --- .github/workflows/build-and-deploy-dev.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 8e314792..7f1d4f94 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -20,9 +20,12 @@ jobs: - name: Make build script executable run: chmod +x ./docker/docker-development.sh + working-directory: ./docker - name: Run the Docker build shell script run: ./docker/docker-development.sh build + working-directory: ./docker - name: Push the Docker image run: docker push sennet/entity-api-dev:latest + working-directory: ./docker From 1fbc9c6b329460214d451285fff26da83c870b41 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 11:00:14 -0500 Subject: [PATCH 04/26] Updating paths --- .github/workflows/build-and-deploy-dev.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 7f1d4f94..b51746ee 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -19,11 +19,11 @@ jobs: password: ${{ secrets.DOCKER_PASSWORD }} - name: Make build script executable - run: chmod +x ./docker/docker-development.sh + run: chmod +x ./docker-development.sh working-directory: ./docker - name: Run the Docker build shell script - run: ./docker/docker-development.sh build + run: ./docker-development.sh build working-directory: ./docker - name: Push the Docker image From 059692d9d97ecd37d68706fbed71bded5b252b4f Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 11:08:10 -0500 Subject: [PATCH 05/26] Updating image tag --- .github/workflows/build-and-deploy-dev.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index b51746ee..477af815 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -26,6 +26,10 @@ jobs: run: ./docker-development.sh build working-directory: ./docker + - name: Tag the Docker Image + run: docker image tag sennet/entity-api:latest sennet/entity-api-dev:latest + working-directory: ./docker + - name: Push the Docker image run: docker push sennet/entity-api-dev:latest working-directory: ./docker From f1779ff412eb0427f421f8c8bd336682d95b67b4 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 11:10:30 -0500 Subject: [PATCH 06/26] Updating image tag --- .github/workflows/build-and-deploy-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 477af815..56a69b58 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -27,7 +27,7 @@ jobs: working-directory: ./docker - name: Tag the Docker Image - run: docker image tag sennet/entity-api:latest sennet/entity-api-dev:latest + run: docker image tag sennet/entity-api:${ENTITY_API_VERSION} sennet/entity-api-dev:latest working-directory: ./docker - name: Push the Docker image From 8f020a60e1d2e2f28ffb2418f77365ddfdea9bdc Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 11:18:17 -0500 Subject: [PATCH 07/26] Adding version variable --- .github/workflows/build-and-deploy-dev.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 56a69b58..3d52ad65 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -9,6 +9,11 @@ jobs: build-and-push: runs-on: ubuntu-24.04 steps: + - name: Create $ENTITY_API_VERSION + run: | + export ENTITY_API_VERSION=$(tr -d "\n\r" < ../VERSION | xargs) + echo "ENTITY_API_VERSION: $ENTITY_API_VERSION" >> $ENTITY_API_VERSION + - name: Checkout repository uses: actions/checkout@v4 From 29492949bd788c5116c035aefa6030df07972940 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 11:20:01 -0500 Subject: [PATCH 08/26] Adding version variable --- .github/workflows/build-and-deploy-dev.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 3d52ad65..b8dea8be 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -13,6 +13,7 @@ jobs: run: | export ENTITY_API_VERSION=$(tr -d "\n\r" < ../VERSION | xargs) echo "ENTITY_API_VERSION: $ENTITY_API_VERSION" >> $ENTITY_API_VERSION + working-directory: ./docker - name: Checkout repository uses: actions/checkout@v4 From 5124d9fac4c0ec1e53b6a987c9a77dd95937e588 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 11:23:08 -0500 Subject: [PATCH 09/26] Adding version variable --- .github/workflows/build-and-deploy-dev.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index b8dea8be..31118be8 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -9,12 +9,6 @@ jobs: build-and-push: runs-on: ubuntu-24.04 steps: - - name: Create $ENTITY_API_VERSION - run: | - export ENTITY_API_VERSION=$(tr -d "\n\r" < ../VERSION | xargs) - echo "ENTITY_API_VERSION: $ENTITY_API_VERSION" >> $ENTITY_API_VERSION - working-directory: ./docker - - name: Checkout repository uses: actions/checkout@v4 @@ -24,6 +18,12 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + - name: Create $ENTITY_API_VERSION + run: | + export ENTITY_API_VERSION=$(tr -d "\n\r" < ../VERSION | xargs) + echo "ENTITY_API_VERSION: $ENTITY_API_VERSION" >> $ENTITY_API_VERSION + working-directory: ./docker + - name: Make build script executable run: chmod +x ./docker-development.sh working-directory: ./docker From 84c18b1bbdbced08ace935c345498c307386c8a6 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 11:24:56 -0500 Subject: [PATCH 10/26] Reference variable properly --- .github/workflows/build-and-deploy-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 31118be8..e54a1537 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -33,7 +33,7 @@ jobs: working-directory: ./docker - name: Tag the Docker Image - run: docker image tag sennet/entity-api:${ENTITY_API_VERSION} sennet/entity-api-dev:latest + run: docker image tag sennet/entity-api:${{ ENTITY_API_VERSION }} sennet/entity-api-dev:latest working-directory: ./docker - name: Push the Docker image From faed110ae8d49664dcc1cf0104d222854dda61d2 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 11:31:35 -0500 Subject: [PATCH 11/26] Reference variable properly --- .github/workflows/build-and-deploy-dev.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index e54a1537..242ec363 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -21,7 +21,7 @@ jobs: - name: Create $ENTITY_API_VERSION run: | export ENTITY_API_VERSION=$(tr -d "\n\r" < ../VERSION | xargs) - echo "ENTITY_API_VERSION: $ENTITY_API_VERSION" >> $ENTITY_API_VERSION + echo "ENTITY_API_VERSION=$ENTITY_API_VERSION" >> $GITHUB_ENV working-directory: ./docker - name: Make build script executable @@ -33,7 +33,7 @@ jobs: working-directory: ./docker - name: Tag the Docker Image - run: docker image tag sennet/entity-api:${{ ENTITY_API_VERSION }} sennet/entity-api-dev:latest + run: docker image tag sennet/entity-api:$ENTITY_API_VERSION sennet/entity-api-dev:latest working-directory: ./docker - name: Push the Docker image From 739ba4a401843a9ddd567a0e9f35df43b1c16eb4 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 13:18:13 -0500 Subject: [PATCH 12/26] Adding action to deploy docker image on remote server --- .github/workflows/build-and-deploy-dev.yml | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 242ec363..3f34075f 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -39,3 +39,30 @@ jobs: - name: Push the Docker image run: docker push sennet/entity-api-dev:latest working-directory: ./docker + + deploy: + runs-on: ubuntu-latest + needs: build-and-push + steps: + - name: Deploy to Server via SSH + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.REMOTE_HOST }} + username: ${{ secrets.REMOTE_USER }} + key: ${{ secrets.SSH_PRIVATE_KEY }} + script: | + # Change to codcc user on server + sudo -u codcc -i + + # Navigate to proper directory + cd /opt/sennet/entity-api/docker/ + + # Pull latest GitHub changes + git pull + + # Pull the new image + docker pull sennet/entity-api-dev:latest + + # Restart container container + ./docker-development.sh down + ./docker-development.sh start From 522f35969ab04f99b4a2a11467bd0f35dc426712 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 13:35:54 -0500 Subject: [PATCH 13/26] Creating new docker compose file to handle dev repository --- docker/docker-compose.deployment.dev.yml | 4 ++++ docker/docker-development.sh | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 docker/docker-compose.deployment.dev.yml diff --git a/docker/docker-compose.deployment.dev.yml b/docker/docker-compose.deployment.dev.yml new file mode 100644 index 00000000..0f645cae --- /dev/null +++ b/docker/docker-compose.deployment.dev.yml @@ -0,0 +1,4 @@ +services: + entity-api: + # Use the published image and tag from DockerHub + image: sennet/entity-api-dev:latest diff --git a/docker/docker-development.sh b/docker/docker-development.sh index ec46f0c6..b75e1e50 100755 --- a/docker/docker-development.sh +++ b/docker/docker-development.sh @@ -108,7 +108,7 @@ else docker compose -f docker-compose.yml -f docker-compose.development.yml -p entity-api build elif [ "$1" = "start" ]; then - docker compose -f docker-compose.yml -f docker-compose.development.yml -p entity-api up -d + docker compose -f docker-compose.yml -f docker-compose.deployment.dev.yml -p entity-api up -d elif [ "$1" = "stop" ]; then docker compose -f docker-compose.yml -f docker-compose.development.yml -p entity-api stop elif [ "$1" = "down" ]; then From 6050b9cab4e74324c076a54cdf65230180859da5 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 14:06:42 -0500 Subject: [PATCH 14/26] Adding AWS IP whitelist step --- .github/workflows/build-and-deploy-dev.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 3f34075f..1885774e 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -33,6 +33,7 @@ jobs: working-directory: ./docker - name: Tag the Docker Image + # Alternatively we could use ${{ github.sha }} instead of latest run: docker image tag sennet/entity-api:$ENTITY_API_VERSION sennet/entity-api-dev:latest working-directory: ./docker @@ -40,6 +41,19 @@ jobs: run: docker push sennet/entity-api-dev:latest working-directory: ./docker + whitelist-github-actions-ip: + runs-on: ubuntu-latest + steps: + - name: Whitelist GitHub Actions IP + uses: bbharathkumarreddy/aws-whitelist-ip@v1.0 + with: + security-group-id: sg-0ddfcbe0a83a5266c + action: whitelist + port: 22 + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + deploy: runs-on: ubuntu-latest needs: build-and-push From 91ab9e49f912f56d71e1a6434f78746664e8e209 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 14:08:33 -0500 Subject: [PATCH 15/26] Adding AWS IP whitelist step --- .github/workflows/build-and-deploy-dev.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 1885774e..cde382db 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -80,3 +80,16 @@ jobs: # Restart container container ./docker-development.sh down ./docker-development.sh start + + remove-whitelist-ip: + runs-on: ubuntu-latest + steps: + - name: Remove GitHub Actions IP + uses: bbharathkumarreddy/aws-whitelist-ip@v1.0 + with: + security-group-id: sg-0ddfcbe0a83a5266c + action: remove + port: 22 + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 \ No newline at end of file From c5d059ef236b5b864ded01da697cb3c33da57715 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 14:11:00 -0500 Subject: [PATCH 16/26] Modifying when removal of whitelist occurs --- .github/workflows/build-and-deploy-dev.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index cde382db..f61cd6ab 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -83,6 +83,7 @@ jobs: remove-whitelist-ip: runs-on: ubuntu-latest + needs: deploy steps: - name: Remove GitHub Actions IP uses: bbharathkumarreddy/aws-whitelist-ip@v1.0 From 9a963267426286686867c915222731aaae25ab42 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 14:32:24 -0500 Subject: [PATCH 17/26] Updating ssh action version --- .github/workflows/build-and-deploy-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index f61cd6ab..df6be6c8 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -59,7 +59,7 @@ jobs: needs: build-and-push steps: - name: Deploy to Server via SSH - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@v1 with: host: ${{ secrets.REMOTE_HOST }} username: ${{ secrets.REMOTE_USER }} From e2a0f9f822c84d79126493bc0bed70150281b025 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 14:35:03 -0500 Subject: [PATCH 18/26] Increasing ssh timeout --- .github/workflows/build-and-deploy-dev.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index df6be6c8..cc51b02e 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -64,6 +64,7 @@ jobs: host: ${{ secrets.REMOTE_HOST }} username: ${{ secrets.REMOTE_USER }} key: ${{ secrets.SSH_PRIVATE_KEY }} + timeout: 120s script: | # Change to codcc user on server sudo -u codcc -i From b787cb06e29fc85030dbec30d57a952c9e6faafa Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 16:31:40 -0500 Subject: [PATCH 19/26] Combining all commands into a single line to run as codcc user --- .github/workflows/build-and-deploy-dev.yml | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index cc51b02e..05817fa6 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -67,20 +67,7 @@ jobs: timeout: 120s script: | # Change to codcc user on server - sudo -u codcc -i - - # Navigate to proper directory - cd /opt/sennet/entity-api/docker/ - - # Pull latest GitHub changes - git pull - - # Pull the new image - docker pull sennet/entity-api-dev:latest - - # Restart container container - ./docker-development.sh down - ./docker-development.sh start + sudo su - codcc -c "cd /opt/sennet/entity-api/docker/; git pull; docker pull sennet/entity-api-dev:latest; ./docker-development.sh down; ./docker-development.sh start;" remove-whitelist-ip: runs-on: ubuntu-latest From a1cce33ba1d527d13361270184eef5eb708423e7 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 16:43:03 -0500 Subject: [PATCH 20/26] Updating known hosts on remote server --- .github/workflows/build-and-deploy-dev.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 05817fa6..fe3e08f0 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -58,6 +58,12 @@ jobs: runs-on: ubuntu-latest needs: build-and-push steps: + - name: Setup SSH + uses: kielabokkie/ssh-key-and-known-hosts-action@v1 + with: + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + ssh-host: ${{ secrets.REMOTE_USER }} + - name: Deploy to Server via SSH uses: appleboy/ssh-action@v1 with: From 59d4c3ceddb97247fc00e57072dcd41a5342337e Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 18:01:02 -0500 Subject: [PATCH 21/26] Updating known hosts on remote server --- .github/workflows/build-and-deploy-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index fe3e08f0..1c720552 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -62,7 +62,7 @@ jobs: uses: kielabokkie/ssh-key-and-known-hosts-action@v1 with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - ssh-host: ${{ secrets.REMOTE_USER }} + ssh-host: ${{ secrets.REMOTE_HOST }} - name: Deploy to Server via SSH uses: appleboy/ssh-action@v1 From 03b92b5cf545a3e8e8889221034ac82f9cfa46e9 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Thu, 8 Jan 2026 18:31:09 -0500 Subject: [PATCH 22/26] Add use_insecure_cipher property --- .github/workflows/build-and-deploy-dev.yml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 1c720552..cb749fbc 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -58,19 +58,13 @@ jobs: runs-on: ubuntu-latest needs: build-and-push steps: - - name: Setup SSH - uses: kielabokkie/ssh-key-and-known-hosts-action@v1 - with: - ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - ssh-host: ${{ secrets.REMOTE_HOST }} - - name: Deploy to Server via SSH uses: appleboy/ssh-action@v1 with: - host: ${{ secrets.REMOTE_HOST }} + host: '${{ secrets.REMOTE_HOST }}' username: ${{ secrets.REMOTE_USER }} key: ${{ secrets.SSH_PRIVATE_KEY }} - timeout: 120s + use_insecure_cipher: true script: | # Change to codcc user on server sudo su - codcc -c "cd /opt/sennet/entity-api/docker/; git pull; docker pull sennet/entity-api-dev:latest; ./docker-development.sh down; ./docker-development.sh start;" From 15886b04af5837a37140bab9a2e88b018c28ca0d Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Fri, 9 Jan 2026 08:50:37 -0500 Subject: [PATCH 23/26] Making workflow async --- .github/workflows/build-and-deploy-dev.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index cb749fbc..c2439ebe 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -43,6 +43,7 @@ jobs: whitelist-github-actions-ip: runs-on: ubuntu-latest + needs: build-and-push steps: - name: Whitelist GitHub Actions IP uses: bbharathkumarreddy/aws-whitelist-ip@v1.0 @@ -56,7 +57,7 @@ jobs: deploy: runs-on: ubuntu-latest - needs: build-and-push + needs: whitelist-github-actions-ip steps: - name: Deploy to Server via SSH uses: appleboy/ssh-action@v1 From b2b86353652502cbe2b000b2887244e70f405086 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Fri, 9 Jan 2026 09:35:46 -0500 Subject: [PATCH 24/26] making whitelist step same as deploy --- .github/workflows/build-and-deploy-dev.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index c2439ebe..774bed7a 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -41,7 +41,7 @@ jobs: run: docker push sennet/entity-api-dev:latest working-directory: ./docker - whitelist-github-actions-ip: + deploy: runs-on: ubuntu-latest needs: build-and-push steps: @@ -54,11 +54,6 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: us-east-1 - - deploy: - runs-on: ubuntu-latest - needs: whitelist-github-actions-ip - steps: - name: Deploy to Server via SSH uses: appleboy/ssh-action@v1 with: From 4116927cf7cbeed20289917186661715f583b110 Mon Sep 17 00:00:00 2001 From: maxsibilla Date: Fri, 9 Jan 2026 09:51:31 -0500 Subject: [PATCH 25/26] Merging whitelist cleanup job into deploy job, adding condition to ensure it always runs --- .github/workflows/build-and-deploy-dev.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 774bed7a..6df75590 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -64,13 +64,9 @@ jobs: script: | # Change to codcc user on server sudo su - codcc -c "cd /opt/sennet/entity-api/docker/; git pull; docker pull sennet/entity-api-dev:latest; ./docker-development.sh down; ./docker-development.sh start;" - - remove-whitelist-ip: - runs-on: ubuntu-latest - needs: deploy - steps: - name: Remove GitHub Actions IP uses: bbharathkumarreddy/aws-whitelist-ip@v1.0 + if: always() with: security-group-id: sg-0ddfcbe0a83a5266c action: remove From 7e2fd47c07e926a1ea42ed451bf0d5f79bd45c40 Mon Sep 17 00:00:00 2001 From: Max Sibilla Date: Mon, 12 Jan 2026 10:08:23 -0500 Subject: [PATCH 26/26] Potential fix for code scanning alert no. 7: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/build-and-deploy-dev.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build-and-deploy-dev.yml b/.github/workflows/build-and-deploy-dev.yml index 6df75590..e2a523f5 100644 --- a/.github/workflows/build-and-deploy-dev.yml +++ b/.github/workflows/build-and-deploy-dev.yml @@ -5,6 +5,9 @@ on: branches: - dev-integrate +permissions: + contents: read + jobs: build-and-push: runs-on: ubuntu-24.04