Skip to content

Latest commit

 

History

History
67 lines (53 loc) · 2.39 KB

README.md

File metadata and controls

67 lines (53 loc) · 2.39 KB

Tailscale GitHub Action

This GitHub Action connects to your Tailscale network by adding a step to your workflow.

  - name: Tailscale
    uses: tailscale/github-action@v2
    with:
      oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
      oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
      tags: tag:ci

Subsequent steps in the Action can then access nodes in your Tailnet.

oauth-client-id and oauth-secret are an OAuth client for the tailnet to be accessed. We recommend storing these as GitHub Encrypted Secrets. OAuth clients used for this purpose must have the auth_keys scope.

tags is a comma-separated list of one or more ACL Tags for the node. At least one tag is required: an OAuth client is not associated with any of the Users on the tailnet, it has to Tag its nodes.

Nodes created by this Action are marked as Ephemeral to be automatically removed by the coordination server a short time after they finish their run. The nodes are also marked Preapproved on tailnets which use Device Approval

Tailnet Lock

If you are using this Action in a Tailnet Lock enabled network, you need to:

  • Authenticate using an ephemeral reusable pre-signed auth key rather than an OAuth client.
  • Specify a state directory for the client to store the Tailnet Key Authority data in.
  - name: Tailscale
    uses: tailscale/github-action@v2
    with:
      authkey: tskey-auth-...
      statedir: /tmp/tailscale-state/

Defining Tailscale version

Which Tailscale version to use can be set like this:

  - name: Tailscale
    uses: tailscale/github-action@v2
    with:
      oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
      oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
      tags: tag:ci
      version: 1.52.0

You can find the latest Tailscale stable version number at https://pkgs.tailscale.com/stable/#static.