From 3db88d27de119895bafd78f08e1523d3fd5e7919 Mon Sep 17 00:00:00 2001 From: ohdearaugustin Date: Mon, 14 Feb 2022 22:58:01 +0100 Subject: [PATCH 1/4] github/workflows: init renovatebot --- .github/renovate.json | 7 +++++++ .github/workflows/renovatebot.yml | 26 ++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 .github/renovate.json create mode 100644 .github/workflows/renovatebot.yml diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 00000000..85962d7e --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,7 @@ +{ + "extends": ["config:base"]", + "baseBranches": ["main"], + "branchPrefix": "renovateaction", + "extends": ["config:base", ":rebaseStalePrs"], + "enabledManagers": ["dockerfile", "go", "github-actions"] +} diff --git a/.github/workflows/renovatebot.yml b/.github/workflows/renovatebot.yml new file mode 100644 index 00000000..d6023323 --- /dev/null +++ b/.github/workflows/renovatebot.yml @@ -0,0 +1,26 @@ +--- +name: Renovate +on: + schedule: + - cron: '* * 5,20 * *' #Every 5th and 20th of the month + workflow_dispatch: +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - name: Get token + id: get_token + uses: machine-learning-apps/actions-app-token@master + with: + APP_PEM: ${{ secrets.RENOVATEBOT_SECRET }} + APP_ID: ${{ secrets.RENOVATEBOT_APP_ID }} + + - name: Checkout + uses: actions/checkout@v2.0.0 + + - name: Self-hosted Renovate + uses: renovatebot/github-action@v31.81.2 + with: + configurationFile: .github/renovate.json + token: 'x-access-token:${{ steps.get_token.outputs.app_token }}' + onboarding: false From a19550adbfcab8b0a8044a9ec4cb96530f0ac9ec Mon Sep 17 00:00:00 2001 From: ohdearaugustin Date: Mon, 14 Feb 2022 23:03:03 +0100 Subject: [PATCH 2/4] prettier: renovatebot.yml --- .github/workflows/renovatebot.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/renovatebot.yml b/.github/workflows/renovatebot.yml index d6023323..3f912566 100644 --- a/.github/workflows/renovatebot.yml +++ b/.github/workflows/renovatebot.yml @@ -2,8 +2,8 @@ name: Renovate on: schedule: - - cron: '* * 5,20 * *' #Every 5th and 20th of the month - workflow_dispatch: + - cron: "* * 5,20 * *" # Every 5th and 20th of the month + workflow_dispatch: jobs: renovate: runs-on: ubuntu-latest @@ -22,5 +22,5 @@ jobs: uses: renovatebot/github-action@v31.81.2 with: configurationFile: .github/renovate.json - token: 'x-access-token:${{ steps.get_token.outputs.app_token }}' + token: "x-access-token:${{ steps.get_token.outputs.app_token }}" onboarding: false From fe6d47030f42954fc2d8c85712b4318c873f365a Mon Sep 17 00:00:00 2001 From: ohdearaugustin Date: Mon, 14 Feb 2022 23:33:55 +0100 Subject: [PATCH 3/4] renovatebot: configure --- .github/renovate.json | 37 ++++++++++++++++++++++++++++--- .github/workflows/renovatebot.yml | 5 +++-- 2 files changed, 37 insertions(+), 5 deletions(-) diff --git a/.github/renovate.json b/.github/renovate.json index 85962d7e..ce38ba96 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,7 +1,38 @@ { - "extends": ["config:base"]", "baseBranches": ["main"], - "branchPrefix": "renovateaction", + "username": "renovate-release", + "gitAuthor": "Renovate Bot ", + "branchPrefix": "renovateaction/", + "onboarding": false, "extends": ["config:base", ":rebaseStalePrs"], - "enabledManagers": ["dockerfile", "go", "github-actions"] + "ignorePresets": [":prHourlyLimit2"], + "enabledManagers": ["dockerfile", "gomod", "github-actions","regex" ], + "includeForks": true, + "repositories": ["juanfont/headscale"], + "platform": "github", + "packageRules": [ + { + "matchDatasources": ["go"], + "groupName": "Go modules", + "groupSlug": "gomod", + "separateMajorMinor": false + }, + { + "matchDatasources": ["docker"], + "groupName": "Dockerfiles", + "groupSlug": "dockerfiles" + } + ], + "regexManagers": [ + { + "fileMatch": [ + ".github/workflows/.*.yml$" + ], + "matchStrings": [ + "\\s*go-version:\\s*\"?(?.*?)\"?\\n" + ], + "datasourceTemplate": "golang-version", + "depNameTemplate": "actions/go-version" + } + ] } diff --git a/.github/workflows/renovatebot.yml b/.github/workflows/renovatebot.yml index 3f912566..53b976ca 100644 --- a/.github/workflows/renovatebot.yml +++ b/.github/workflows/renovatebot.yml @@ -19,8 +19,9 @@ jobs: uses: actions/checkout@v2.0.0 - name: Self-hosted Renovate - uses: renovatebot/github-action@v31.81.2 + uses: renovatebot/github-action@v31.81.3 with: configurationFile: .github/renovate.json token: "x-access-token:${{ steps.get_token.outputs.app_token }}" - onboarding: false + # env: + # LOG_LEVEL: "debug" From f2f8d834e81bd1818e7f96a9446b356276927164 Mon Sep 17 00:00:00 2001 From: Adrien Raffin-Caboisse Date: Tue, 22 Feb 2022 11:26:21 +0100 Subject: [PATCH 4/4] fix(machine): remove comment After some more tests in tailscale I couldn't replicate the behavior described in there. When adding a rule, allowing A to talk to B the reverse connection was instantly added to B to allow communication to B. The previous assumption was probably wrong. --- machine.go | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/machine.go b/machine.go index ee483422..3c704ad3 100644 --- a/machine.go +++ b/machine.go @@ -167,21 +167,6 @@ func getFilteredByACLPeers( peers := make(map[uint64]Machine) // Aclfilter peers here. We are itering through machines in all namespaces and search through the computed aclRules // for match between rule SrcIPs and DstPorts. If the rule is a match we allow the machine to be viewable. - - // FIXME: On official control plane if a rule allow user A to talk to user B but NO rule allows user B to talk to - // userĀ A. The behaviour is the following - // - // On official tailscale control plane: - // on first `tailscale status`` on node A we can see node B. The `tailscale status` command on node B doesn't show node A - // We can successfully establish a communication from A to B. When it's done, if we run the `tailscale status` command - // on node B again we can now see node A. It's not possible to establish a communication from node B to node A. - // On this implementation of the feature - // on any `tailscale status` command on node A we can see node B. The `tailscale status` command on node B DOES show A. - // - // I couldn't find a way to not clutter the output of `tailscale status` with all nodes that we could be talking to. - // In order to do this we would need to be able to identify that node A want to talk to node B but that Node B doesn't know - // how to talk to node A and then add the peering resource. - for _, peer := range machines { if peer.ID == machine.ID { continue