How to access the GitHub Runner host from the GitHub Actions Workflow Step container?
I want to run Liquibase migration to AWS RDS Postgres in GitHub Action. My RDS instance is in a private subnet so I do SSM session manager port forwarding through EC2 Bastion Instance. The issue occurs because the Liquibase step runs inside a container.
Issue: Liquibase can't connect to the RDS with an error "Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections"
My GitHub Action Workflow:
- name: SSM Port Forward
uses: enkhjile/[email protected]
with:
target: ${{ vars.TARGET }}
host: ${{ vars.HOST }}
port: 5432
local-port: 5432
- name: Run Liquibase Migration
uses: liquibase-github-actions/[email protected]
with:
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
url: "jdbc:postgresql://________:5432/${{ vars.DB_NAME }}"
What I've already tried:
- Telnet and NC tools were used in a Workflow to ensure that the 5432 port is accessible, and it is!
- PSQL was used in a Workflow to ensure database connectivity, and it connects successfully.
- Different Liquibase steps URL parameters, localhost, 127.0.0.1, 172.17.0.1, host.docker.internal, IP of a GitHub Runner
How to access the GitHub Runner host from the GitHub Actions Workflow Step container?
I want to run Liquibase migration to AWS RDS Postgres in GitHub Action. My RDS instance is in a private subnet so I do SSM session manager port forwarding through EC2 Bastion Instance. The issue occurs because the Liquibase step runs inside a container.
Issue: Liquibase can't connect to the RDS with an error "Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections"
My GitHub Action Workflow:
- name: SSM Port Forward
uses: enkhjile/[email protected]
with:
target: ${{ vars.TARGET }}
host: ${{ vars.HOST }}
port: 5432
local-port: 5432
- name: Run Liquibase Migration
uses: liquibase-github-actions/[email protected]
with:
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}
url: "jdbc:postgresql://________:5432/${{ vars.DB_NAME }}"
What I've already tried:
- Telnet and NC tools were used in a Workflow to ensure that the 5432 port is accessible, and it is!
- PSQL was used in a Workflow to ensure database connectivity, and it connects successfully.
- Different Liquibase steps URL parameters, localhost, 127.0.0.1, 172.17.0.1, host.docker.internal, IP of a GitHub Runner
1 Answer
Reset to default 1I believe you'll have to configure another layer of port forwarding between the Liquibase Docker container and the runner. This way Liquibase will run against localhost:5432 -> runnerhost:5432 -> rdshost:5432
I'll usually use the LB Docker container directly instead of using the GitHub Action in a scenario like this so I can pass in the port mapping using the docker command's -p arg. If you wanted to go that route, it might look like:
- name: Checkout code
uses: actions/checkout@v3
- name: SSM Port Forward
uses: enkhjile/[email protected]
with:
target: ${{ vars.TARGET }}
host: ${{ vars.HOST }}
port: 5432
local-port: 5432
- name: Run Liquibase
run: |
docker run --rm \
-v "$(pwd):/liquibase/changelog" \
-p 5432:5432 \
-e LIQUIBASE_URL=jdbc:postgresql://localhost:5432/testdb \
-e LIQUIBASE_USERNAME=postgres \
-e LIQUIBASE_PASSWORD=password \
-e LIQUIBASE_CHANGELOG_FILE=/liquibase/changelog/db.changelog.xml \
liquibase/liquibase:4.31.0 \
update
In the above, the -v parameter sets the working directory for the changelog and the -p configures the
Full disclosure, I'm a Liquibase founder and am currently focusing in on the Liquibase developer experience. I would love to hear if this or another solution worked for you. Good luck!