search

tailscale / github-action

A GitHub Action to connect your workflow to your Tailscale network.
BSD 3-Clause "New" or "Revised" License
519 stars 78 forks source link

Again sha256sum: WARNING as of today #118

Closed rasdani closed 2 months ago

rasdani commented 2 months ago

Hit these today and a couple of weeks ago again...

88

89

version is set to latest in the GH action.

ivanip-plb commented 2 months ago

Hi there,

We have encountered this issue as well. TS version: 1.64.1 Passed TS version to GitHub Action

-- Ivan @lifehome

awly commented 2 months ago

This could be a caching issue in our https://pkgs.tailscale.com CDN, we've restarted the edge nodes to flush the cache. Could you check if that fixed your issue? If not, could you please paste as much of the action output as you can?

ivanip-plb commented 2 months ago

Thanks @awly but I think we still not seeing 1.64.1 on pkgs.tailscale.com... We can see the release on GitHub repo release tho

EDIT: We have now rolledback to 1.64.0 for failover.

-- Ivan @lifehome

geofox commented 2 months ago

Hi there!

I'm encountering this issue as well with latest TS version: 1.64.2. 

Warning: Input 'authkey' has been deprecated with message: An OAuth API client https://tailscale.com/s/oauth-clients is recommended instead of an authkey
Run tailscale/github-action@7a0b30ed3517c2244d1330e39467b95f067a33bd
  with:
    authkey: ***
    version: 1.64.2
 (...)
Run if [ X64 = "ARM64" ]; then
  if [ X64 = "ARM64" ]; then
    TS_ARCH="arm64"
  elif [ X64 = "ARM" ]; then
    TS_ARCH="arm"
  elif [ X64 = "X86" ]; then
    TS_ARCH="386"
  elif [ X64 = "X64" ]; then
    TS_ARCH="amd64"
  else
    TS_ARCH="amd64"
  fi
  MINOR=$(echo "$VERSION" | awk -F '.' {'print $2'})
  if [ $((MINOR % 2)) -eq 0 ]; then
    URL="https://pkgs.tailscale.com/stable/tailscale_${VERSION}_${TS_ARCH}.tgz"
  else
    URL="https://pkgs.tailscale.com/unstable/tailscale_${VERSION}_${TS_ARCH}.tgz"
  fi
  if ! [[ "$SHA256SUM" ]] ; then
    SHA256SUM="$(curl -H user-agent:tailscale-github-action -L "${URL}.sha256")"
  fi
  curl -H user-agent:tailscale-github-action -L "$URL" -o tailscale.tgz --max-time 300
  echo "Expected sha256: $SHA256SUM"
  echo "Actual sha256: $(sha256sum tailscale.tgz)"
  echo "$SHA256SUM  tailscale.tgz" | sha256sum -c
  tar -C /tmp -xzf tailscale.tgz
  rm tailscale.tgz
  TSPATH=/tmp/tailscale_${VERSION}_${TS_ARCH}
  sudo mv "${TSPATH}/tailscale" "${TSPATH}/tailscaled" /usr/bin
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
  env:
(...)
    VERSION: 1.64.2
    SHA256SUM: 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100    19  100    19    0     0    245      0 --:--:-- --:--:-- --:--:--   246
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100    10  100    10    0     0    194      0 --:--:-- --:--:-- --:--:--   196
Expected sha256: failed to get hash
Actual sha256: 7515bf959b73b956ceb967351c7e299cbb3668a53d35f9c770eb72e00d93ced6  tailscale.tgz
sha256sum: 'standard input': no properly formatted SHA256 checksum lines found
Error: Process completed with exit code 1.
awly commented 2 months ago

Ahh, I see what's happening. We didn't build 1.64.1 or 1.64.2 for Linux because neither version contained any changes for Linux (only Synology and Windows).

So when the action runs 

    SHA256SUM="$(curl -H user-agent:tailscale-github-action -L "${URL}.sha256")"

It's getting a 500 response and failed to get hash as the body (which you can see logged in Expected sha256. And downloading the actual tarball

  curl -H user-agent:tailscale-github-action -L "$URL" -o tailscale.tgz --max-time 300

Gets a 404 response with body Not Found which is written into tailscale.tgz. You can verify that with:

$ echo 'Not Found' | sha256sum
7515bf959b73b956ceb967351c7e299cbb3668a53d35f9c770eb72e00d93ced6  -

For your actions, please use 1.64.0. I will update the script to catch when a version is not available and return a better message.

awly commented 2 months ago

Generally, you can see the latest available Linux version at https://pkgs.tailscale.com/stable/#static. Or with this on the CLI: curl 'https://pkgs.tailscale.com/stable/?mode=json' | jq .TarballsVersion.

As of today, Github releases are not the most accurate way to find latest available versions for all platforms.

awly commented 2 months ago

OK, this should now fail slightly more obviously with tailscale/github-action@main