chore: fix for wide open ssh for vsi for Z (quay#3591)

fix for wide open ssh for vsi

.github/workflows/build-and-publish.yaml

@@ -31,6 +31,21 @@ jobs:
           BRANCH_NAME=${GITHUB_REF#refs/heads/}
           echo "version=${BRANCH_NAME/${{ env.BRANCH_PREFIX }}/}" >> $GITHUB_OUTPUT
 
+      - name: install ibmcli and setup ibm login
+        run: |
+          curl -fsSL https://clis.cloud.ibm.com/install/linux | sh
+          ibmcloud login -q --apikey ${{ secrets.IBMCLOUD_API_KEY }} -r eu-gb
+          ibmcloud plugin install vpc-infrastructure
+
+      - name: Add rule to VPC
+        id: sg-rule-id
+        run: |
+          cidr="$(hostname -i)"
+          echo $cidr
+          SGRID=$(ibmcloud is security-group-rule-add --sg ${{ secrets.SG_ID }} --direction=inbound --protocol=tcp --port-min=22 --port-max=22 --remote=$cidr --output JSON | jq -r '.id')
+          echo $SGRID
+          echo "RID=${SGRID}" >> $GITHUB_ENV
+
       - name: Setup SSH config for builders
         env:
           BUILDER_AARCH64_SSH_CONFIG: ${{ secrets.BUILDER_AARCH64_SSH_CONFIG }}
@@ -110,3 +125,7 @@ jobs:
           platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.REPO_NAME }}:${{ github.event.inputs.tag || env.TAG }}
+
+      - name: Clean up
+        run: |
+          ibmcloud is security-group-rule-delete ${{ secrets.SG_ID }} $RID -f