mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-26 03:25:35 +00:00
13f8a669d5
gitops-pusher supports authenticating with an API key or OAuth credentials (added in #7393). You shouldn't ever use both of those together, so we error if both are set. In tailscale/gitops-acl-action#24, OAuth support is being added to the GitHub action. In that environment, both the TS_API_KEY and OAuth variables will be set, even if they are empty values. This causes an error in gitops-pusher which expects only one to be set. Update gitops-pusher to check that only one set of environment variables are non-empty, rather than just checking if they are set. Updates #7393 Signed-off-by: Will Norris <will@tailscale.com> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| cache.go | ||
| gitops-pusher_test.go | ||
| gitops-pusher.go | ||
| README.md | ||
gitops-pusher
This is a small tool to help people achieve a GitOps workflow with Tailscale ACL changes. This tool is intended to be used in a CI flow that looks like this:
name: Tailscale ACL syncing
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
acls:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Go environment
uses: actions/setup-go@v3.2.0
- name: Install gitops-pusher
run: go install tailscale.com/cmd/gitops-pusher@latest
- name: Deploy ACL
if: github.event_name == 'push'
env:
TS_API_KEY: ${{ secrets.TS_API_KEY }}
TS_TAILNET: ${{ secrets.TS_TAILNET }}
run: |
~/go/bin/gitops-pusher --policy-file ./policy.hujson apply
- name: ACL tests
if: github.event_name == 'pull_request'
env:
TS_API_KEY: ${{ secrets.TS_API_KEY }}
TS_TAILNET: ${{ secrets.TS_TAILNET }}
run: |
~/go/bin/gitops-pusher --policy-file ./policy.hujson test
Change the value of the --policy-file flag to point to the policy file on
disk. Policy files should be in HuJSON
format.