[feature/#366] GitHub Actions 배포 시 SSH IP 동적 허용 및 삭제 로직 추가

Author: agree0002

.github/workflows/deploy-dev.yml

@@ -28,14 +28,32 @@ jobs:
     - name: Build with Gradle
       run: ./gradlew build -x test
 
+    - name: Get GitHub Actions IP
+      id: ip
+      uses: haythem/public-ip@v1.3
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v5.1.1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_USER_ACCESS_KEY }}
+        aws-secret-access-key: ${{ secrets.AWS_USER_SECRET_KEY }}
+        aws-region: ap-northeast-2
+
+    - name: Add GitHub IP to Security Group
+      run: |
+        aws ec2 authorize-security-group-ingress \
+          --group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} \
+          --protocol tcp \
+          --port 22 \
+          --cidr ${{ steps.ip.outputs.ipv4 }}/32
+
     - name: copy file via ssh
       uses: appleboy/scp-action@master
       with:
         host: ${{ secrets.IBAS_DEV_HOST }}
         username: ${{ secrets.IBAS_DEV_USERNAME }}
         key: ${{ secrets.IBAS_DEV_SSH_KEY }}
         passphrase: ${{ secrets.IBAS_DEV_PASSWORD }}
-        # port: ${{ secrets.PORT }} # default : 22
         source: "docker-compose.yml"
         target: ${{ secrets.IBAS_DEV_DEPLOY_PATH }}
 
@@ -66,6 +84,14 @@ jobs:
         username: ${{ secrets.IBAS_DEV_USERNAME }}
         key: ${{ secrets.IBAS_DEV_SSH_KEY }}
         passphrase: ${{ secrets.IBAS_DEV_PASSWORD }}
-        # port: ${{ secrets.PORT }} # default : 22
         script: |
           bash ${{ secrets.IBAS_DEV_DEPLOY_PATH }}/deploy.sh
+
+    - name: Remove GitHub IP from Security Group
+      if: always()
+      run: |
+        aws ec2 revoke-security-group-ingress \
+          --group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} \
+          --protocol tcp \
+          --port 22 \
+          --cidr ${{ steps.ip.outputs.ipv4 }}/32