Last active
September 4, 2022 10:19
Revisions
-
johannrichard revised this gist
Sep 4, 2022 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,3 @@ # .github/act/.env TS_TAILNET="op://Dev-Vault/TS_TAILNET/credential" TS_API_KEY="op://Dev-Vault/TS_API_KEY/credential" -
Sep 4, 2022 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Sep 4, 2022 .There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,3 @@ # .github/act/.env TS_TAILNET="op://Infrastruktur/TS_TAILNET/credential" TS_API_KEY="op://Infrastruktur/TS_API_KEY/credential" This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,9 @@ # Tailscale ACL Workflow for GitOps Tailscale recently introduced the possibility to [manage Tailnet ACLs in Git Repositories](https://tailscale.com/kb/1204/gitops-acls/). This is my `tailscale.yml` which has a notable difference to the one proposed by Tailscale. By putting the ACL test in front of the ACL deployment, it becomes a bit clearer that a failure happened b/c of a failed ACL. Bonus: by installing [`act`](https://github.com/nektos/act), one can actually run these tests locally, e.g. before committing / pushing to Github. Works well with a [Git pre-commit hook](https://git-scm.com/docs/githooks) that will fail if the ACL test is unsusscessful. Combined with the [1Password `cli` `op` command](https://developer.1password.com/docs/cli/v1/get-started/), you can get a nice little ACL workflow. ```lang=bash op run --env-file=".github/act/.env" -- act --secret TS_API_KEY --secret TS_TAILNET ``` This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,3 @@ #!/bin/bash # Put this into .git/hooks/pre-commit or amend your existing pre-commit hook accordingly op run --env-file=".github/act/.env" -- act --secret TS_API_KEY --secret TS_TAILNET This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,32 @@ name: Sync Tailscale ACLs on: push: branches: ["live", "main"] pull_request: branches: ["live"] jobs: acls: name: "test and deploy" runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Test ACL id: test-acl uses: tailscale/gitops-acl-action@v1 with: api-key: ${{ secrets.TS_API_KEY }} tailnet: ${{ secrets.TS_TAILNET }} action: test - name: Deploy ACL if: github.event_name == 'push' && github.ref == 'refs/heads/live' id: deploy-acl uses: tailscale/gitops-acl-action@v1 with: api-key: ${{ secrets.TS_API_KEY }} tailnet: ${{ secrets.TS_TAILNET }} action: apply