fixing some code review comments plus firewall removal action fix

brianLoomis · brianLoomis · commit 80433f11fd7d · 2025-07-01T17:34:36.000-04:00
diff --git a/.github/actions/update-firewall-rule/action.yml b/.github/actions/update-firewall-rule/action.yml
@@ -1,4 +1,5 @@
-name: Update Storage Firewall Rule
+# from https://github.com/prgs-community/githubactions-reusableworkflow-evcodesign/tree/main/.github/actions/update-firewall-rule
+name: Update Firewall Rule
 description: Update Firewall Rule by adding or removing runner ip.
 inputs:
   action-to-execute:
@@ -12,8 +13,18 @@ runs:
       shell: bash
       run: |
         AgentPublicIp=$(curl checkip.amazonaws.com)
-        echo "##[warning]Adding $AgentPublicIp To Storage Account Firewall, Please Wait..."
-        az network nsg rule update -n HTTPS_CI --nsg-name vmsonarqubeprod001-nsg -g rg-prgssonarqube-prod-001 --add sourceAddressPrefixes $AgentPublicIp
+        echo "##[warning]${{ inputs.action-to-execute }}ing $AgentPublicIp To Storage Account Firewall, Please Wait..." 
+        az network nsg rule update -n HTTPS_CI --nsg-name vmsonarqubeprod001-nsg -g rg-prgssonarqube-prod-001 --${{ inputs.action-to-execute }} sourceAddressPrefixes $AgentPublicIp
         sleep 30
+      # was echo "##[warning]Adding $AgentPublicIp To Storage Account Firewall, Please Wait..."
       # was AgentPublicIp=$(curl ipconfig.io) which returned a 522/timeout error, so switched to checkip.amazonaws.com
-        
+      # az network nsg rule update -n HTTPS_CI --nsg-name vmsonarqubeprod001-nsg -g rg-prgssonarqube-prod-001 --add sourceAddressPrefixes $AgentPublicIp
+        
+      #  pwsh version az keyvault network-rule ${{ inputs.action-to-execute }} --name caps-evcodesign-useast --ip-address $AgentPublicIp
+        
+      # shell: pwsh
+      # run: |
+      #   $AgentPublicIp = Invoke-RestMethod https://ipinfo.io/json | Select -ExpandProperty Ip
+      #   Write-Host "##[warning]${{ inputs.action-to-execute }}ing $AgentPublicIp To Storage Account Firewall, Please Wait..." 
+      #   az keyvault network-rule ${{ inputs.action-to-execute }} --name caps-evcodesign-useast --ip-address $AgentPublicIp
+      #   Start-Sleep -Seconds 20
diff --git a/.github/workflows/stubs/ci-main-pull-request-stub-trufflehog-only.yml b/.github/workflows/stubs/ci-main-pull-request-stub-trufflehog-only.yml
@@ -1,6 +1,6 @@
 # stub to call common GitHub Action (GA) as part of Continuous Integration (CI) Pull Request process checks for main branch
 #
-# inputs are described in the <org>/common-github-actions/<GA.yml> with same name as this stub
+# inputs are described in the chef/common-github-actions/<GA.yml> with same name as this stub
 #
 
 name: CI Pull Request on Main Branch
@@ -26,7 +26,7 @@ jobs:
     steps:
       - name: echo version of stub and inputs
         run: |
-          echo "[ci-main-pull-request-stub-trufflehog-only.yml] version $STUB_VERSION"
+          echo "CI main pull request stub version $STUB_VERSION"
 
   call-ci-main-pr-check-pipeline:
     uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@main
@@ -51,7 +51,7 @@ jobs:
       # requires secrets POLARIS_SERVER_URL and POLARIS_ACCESS_TOKEN
       perform-blackduck-polaris: false
       polaris-application-name: 'Chef-Chef360'  # one of these: Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services
-      polaris-project-name: ${{ github.event.repository.name }}  # typically the application name, followed by - and the repository name, for example Chef-Chef360-chef-vault'
+      polaris-project-name: Chef-Automate-${{ github.event.repository.name }}  # typically the application name, followed by - and the repository name, for example Chef-Automate-chef-vault
       perform-blackduck-sca-scan: false
       
       # perform application build and unit testing, will use custom repository properties when implemented for chef-primary-application, chef-build-profile, and chef-build-language
@@ -60,7 +60,7 @@ jobs:
       # language: $chef-ga-build-language   # this will be removed from stub as autodetected in central GA
       unit-tests: false
  
-      # perform SonarQube scan, with or wihout unit test coverage data
+      # perform SonarQube scan, with or without unit test coverage data
       # requires secrets SONAR_TOKEN and SONAR_HOST_URL (progress.sonar.com)
       perform-sonarqube-scan: false
       # perform-sonar-build: true
diff --git a/.github/workflows/stubs/ci-main-pull-request-stub.yml b/.github/workflows/stubs/ci-main-pull-request-stub.yml
@@ -1,5 +1,5 @@
 # stub to call common GitHub Action (GA) as part of Continuous Integration (CI) Pull Request process checks for main branch
-# inputs are described in the <org>/common-github-actions/<GA.yml> with same name as this stub
+# inputs are described in the chef/common-github-actions/<GA.yml> with same name as this stub
 #
 # secrets are inherited from the calling workflow, typically SONAR_TOKEN, SONAR_HOST_URL, GH_TOKEN, AKEYLESS_JWT_ID
 
@@ -26,7 +26,7 @@ jobs:
     steps:
       - name: echo version of stub and inputs
         run: |
-          echo "[ci-main-pull-request-stub.yml] version $STUB_VERSION"
+          echo "CI main pull request stub version $STUB_VERSION"
 
   call-ci-main-pr-check-pipeline:
     uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@main
@@ -51,15 +51,15 @@ jobs:
       # requires secrets POLARIS_SERVER_URL and POLARIS_ACCESS_TOKEN
       perform-blackduck-polaris: true
       polaris-application-name: 'Chef-Chef360'  # one of these: Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services
-      polaris-project-name: ${{ polaris_application_name }}-${{ github.event.repository.name }}  # typically the application name, followed by - and the repository name, for example Chef-Chef360-chef-vault'
+      polaris-project-name: ${{ polaris_application_name }}-${{ github.event.repository.name }}  # typically the application name, followed by - and the repository name, for example Chef-Chef360-chef-vault
       perform-blackduck-sca-scan: true
      
       # perform application build and unit testing, will use custom repository properties when implemented for chef-primary-application, chef-build-profile, and chef-build-language
       build: true
       language: 'Ruby'    # Go, Ruby, Rust  
       unit-tests: false
  
-      # perform SonarQube scan, withor wihout unit test coverage data
+      # perform SonarQube scan, withor without unit test coverage data
       # requires secrets SONAR_TOKEN and SONAR_HOST_URL (progress.sonar.com)
       perform-sonarqube-scan: true
       perform-sonar-build: true
