DEV Community

loading...

Doorkeeper (open/close ports from GHActions) for DigitalOcean

Jorge Maroto
Learning everyday :)
・1 min read

This Github action allows you to open or close an specific port in your DigitalOcean firewall. It's really useful for deploy in your instances from Github Actions, as they don't provide a list of IPs to add to your security groups.

Alt Text

Instructions

  1. You need to generate a personal access token from your DigitalOcean Applications & API page.
  2. Copy that token, and paste in the secrets of your repo.
  3. Create or update a workflow, adding the file .github/workflows/doorkeeper.yml (more info about how to use Github Actions).

############################
## prepare your artifacts ##
############################

- name: Doorkeeper open
  uses: patoroco/doorkeeper@master
  with:
    digitaloceanToken: ${{ secrets.DO_TOKEN }}
    firewallName: "name_of_the_firewall"
    actionToDo: "add"
    dryRun: false

############################
## deploy to DigitalOcean ##
############################

- name: Doorkeeper close
  uses: patoroco/doorkeeper@master
  with:
    digitaloceanToken: ${{ secrets.DO_TOKEN }}
    firewallName: "name_of_the_firewall"
    actionToDo: "remove"
    dryRun: false

To check that everything is working as expected, you have to push these changes to your repo, and a new build in the Actions tab should be starting.

My Workflow

I'm using this workflow to allow to deploy to my small 5$ instance in digitalocean (I'm using dokku as the PaaS).
It's really easy to push a new commit, and wait for the automatic release :)

Submission Category

DIY Deployments

Yaml File or Link to Code

This is a github action, and all the code is available in my repo: https://github.com/patoroco/doorkeeper/

Additional Resources / Info

Feel free to collaborate with issues / PRs :)

Discussion (2)

Collapse
codemouse92 profile image
Jason C. McDonald

Wouldn't SSH be a more secure option?

Collapse
patoroco profile image
Jorge Maroto Author • Edited

The deploy is done pushing the code to git over SSH, indeed.

The issue is that the SSH port shouldn't be always open to the Internet (the ideal would be to have a list of IPs to open that port for, but Github Actions doesn't provide you that list).

Forem Open with the Forem app