I'm setting up a GitHub Actions workflow to deploy an Oracle APEX application to an Autonomous Database on Oracle Cloud Infrastructure (OCI).
To verify the database connection before deployment, I've added a step to execute SELECT SYSDATE FROM DUAL; using SQLcl. However, when the workflow runs, the expected output from this query doesn't appear in the logs.
Here's the relevant part of my workflow YAML:
name: Query SYSDATE from Oracle Autonomous DB
on: [push]
permissions:
contents: read
jobs:
query-sysdate:
environment: Development
runs-on: ubuntu-latest
steps:
- name: Checkout Public Repo
uses: actions/checkout@v4
- name: Print variables
run: |
echo ${{ secrets.ACCESS_TOKEN }}
- name: Checkout private wallet repo
uses: actions/checkout@v4
with:
repository: myrepo/secretsrepo
path: oci_wallet
token: "${{ secrets.ACCESS_TOKEN }}"
- name: Checkout private wallet repo
uses: actions/checkout@v4
with:
repository: myrepo/secretsrepo
path: oci_wallet
token: "${{ secrets.ACCESS_TOKEN }}"
- name: Debug Wallet Structure
run: |
echo "===== Repository Structure ====="
find . -type d | sort
echo "===== oci_wallet Contents ====="
if [ -d "oci_wallet/oci_wallet" ]; then
echo "⚠️ Nested oci_wallet directory found!"
ls -la oci_wallet/oci_wallet/
else
ls -la oci_wallet/
fi
- name: Setup Java 17
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 17
- name: Install SQLcl
run: |
# Clean up any existing installations
sudo rm -f /usr/bin/sql
# Setup directories
SQLCL_DIR="$HOME/sqlcl"
mkdir -p "$SQLCL_DIR"
cd "$SQLCL_DIR"
# Download and extract
echo "Downloading SQLcl..."
curl -L -o sqlcl.zip https://download.oracle.com/otn_software/java/sqldeveloper/sqlcl-latest.zip
unzip -q sqlcl.zip -d "$SQLCL_DIR"
rm sqlcl.zip
# Handle nested directory structure
if [ -d "$SQLCL_DIR/sqlcl" ]; then
echo "Moving files from nested directory..."
mv "$SQLCL_DIR/sqlcl"/* "$SQLCL_DIR"/
rm -r "$SQLCL_DIR/sqlcl"
fi
# Set permissions
chmod +x "$SQLCL_DIR/bin/sql"
# Verify installation
echo "SQLcl version:"
"$SQLCL_DIR/bin/sql" -version
# Add to PATH
echo "$SQLCL_DIR/bin" >> $GITHUB_PATH
- name: Configure Wallet
run: |
mkdir -p $HOME/wallet
cp -r oci_wallet/oci_wallet/* $HOME/wallet/
sed -i 's|?/network/admin|$TNS_ADMIN|g' $HOME/wallet/sqlnet.ora
shell: bash
- name: Set Env Variables
run: |
echo "TNS_ADMIN=$HOME/wallet" >> $GITHUB_ENV
echo "PATH=$PATH:$(pwd)/sqlcl/bin" >> $GITHUB_ENV
- name: Check TNS connectivity
env:
ORACLE_USER: ${{ secrets.DB_USER }}
ORACLE_PASSWORD: ${{ secrets.DB_PASSWORD }}
ORACLE_HOST: ${{ secrets.ORACLE_HOST }}
ORACLE_PORT: ${{ secrets.ORACLE_PORT }}
ORACLE_SERVICE: ${{ secrets.ORACLE_SERVICE }}
run: |
echo "Testing with TNS entry..."
# Single-line TNS descriptor (no line breaks)
TNS_DESCRIPTOR="(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=$ORACLE_HOST)(PORT=$ORACLE_PORT))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=$ORACLE_SERVICE)))"
$HOME/sqlcl/bin/sql -l "$ORACLE_USER/$ORACLE_PASSWORD@$TNS_DESCRIPTOR" <<< "SELECT 'TNS connection test' FROM DUAL;"
The output of the action is as follows.
Error Message = ORA-17002: I/O error: Connection reset, connect lapse 167 ms., Authentication lapse 0 ms.
I tried adding following IP addresses as a comma separated list to Access Control List as CIDR block, but error still persists?
curl https://api.github.com/meta | jq '.actions[]'
However, I was able connect to this db via sqlDeveloper(using wallet) and also via sqlcl.