From 17843e66121b1814844190f0aa8f082f232f4226 Mon Sep 17 00:00:00 2001
From: ebronson68 <111298136+ebronson68@users.noreply.github.com>
Date: Thu, 12 Oct 2023 09:52:09 -0500
Subject: [PATCH] [DEVOPS-282] Set access restrictions on Container app ingress

---
 .github/workflows/ephemeral-deploy.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/ephemeral-deploy.yaml b/.github/workflows/ephemeral-deploy.yaml
index 12986859..7418d11d 100644
--- a/.github/workflows/ephemeral-deploy.yaml
+++ b/.github/workflows/ephemeral-deploy.yaml
@@ -36,6 +36,11 @@ on:
         type: string
         description: "Location of resources in Azure"
         default: "centralus"
+      ingressWhitelist:
+        required: false
+        type: string
+        description: "IP address that will be allowed to access the ephemeral deployment"
+        default: "207.67.20.252/32"
     secrets:
       azureCredentials:
         required: true
@@ -182,6 +187,10 @@ jobs:
           ingress: external
           disableTelemetry: true
 
+      - name: Add access restrictions to Container App ingress
+        run: |
+          az containerapp ingress access-restriction set --action Allow --ip-address "${{ inputs.ingressWhitelist }}" --rule-name allow-range --name "${{ needs.prepare.outputs.repositoryName }}-${{ needs.prepare.outputs.jiraTicketIdLc }}" --resource-group "${{ inputs.clusterResourceGroup }}"
+
       - name: Get Container App Hostname
         id: hostname
         run: |