tailscale/cmd/gitops-pusher
Jenny Zhang c446451bfa cmd/gitops-pusher: only use OAuth creds if non-empty string
`os.LookupEnv` may return true if the variable is present in
the environment but an empty string. We should only attempt
to set OAuth Config if thsoe values are non-empty.

Updates gitops-acl-action#33

Signed-off-by: Jenny Zhang <jz@tailscale.com>
2024-02-09 10:55:59 -05:00
..
.gitignore cmd/gitops-pusher: add etag cache file for the three version problem (#5124) 2022-07-22 15:07:38 -04:00
cache.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
gitops-pusher_test.go cmd/gitops-pusher: re-use existing types from acl package 2023-07-19 14:44:45 -04:00
gitops-pusher.go cmd/gitops-pusher: only use OAuth creds if non-empty string 2024-02-09 10:55:59 -05:00
README.md .github,cmd/gitops-pusher: update to checkout@v4 2023-09-04 15:12:57 -07:00

gitops-pusher

This is a small tool to help people achieve a GitOps workflow with Tailscale ACL changes. This tool is intended to be used in a CI flow that looks like this:

name: Tailscale ACL syncing

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]

jobs:
  acls:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
      
      - name: Setup Go environment
        uses: actions/setup-go@v3.2.0
        
      - name: Install gitops-pusher
        run: go install tailscale.com/cmd/gitops-pusher@latest
              
      - name: Deploy ACL
        if: github.event_name == 'push'
        env:
          TS_API_KEY: ${{ secrets.TS_API_KEY }}
          TS_TAILNET: ${{ secrets.TS_TAILNET }}
        run: |
          ~/go/bin/gitops-pusher --policy-file ./policy.hujson apply          

      - name: ACL tests
        if: github.event_name == 'pull_request'
        env:
          TS_API_KEY: ${{ secrets.TS_API_KEY }}
          TS_TAILNET: ${{ secrets.TS_TAILNET }}
        run: |
          ~/go/bin/gitops-pusher --policy-file ./policy.hujson test          

Change the value of the --policy-file flag to point to the policy file on disk. Policy files should be in HuJSON format.