search

tailscale / github-action

A GitHub Action to connect your workflow to your Tailscale network.
BSD 3-Clause "New" or "Revised" License
551 stars 84 forks source link

Add ephemeral auth and teardown #31

Closed m-bers closed 2 years ago

m-bers commented 2 years ago

Changes:

v2 tag would need to be added for the README blob to work in external workflows.

DentonGentry commented 2 years ago

Could I ask what you're trying to accomplish, rather than jump straight to a PR adding a bunch of stuff to workflows?

In particular:

You're welcome to develop your own GitHub Action to run Tailscale using an API Key. I'm not very enthused about having the Tailscale-supplied Action do so. API Keys are very powerful, and not something I want to encourage people to add to GitHub Action workflows.

m-bers commented 2 years ago

That works for me, I'll just keep my fork. I understand API keys are powerful but I'm just trying to cut down on some of the repetition involved in manually generating the auth key from the admin portal and then deleting the tailscale machine after the workflow finishes.

m-bers commented 2 years ago

One final comment actually:

it looks like the changes being made to action.yml have it take an API key, instead of an authkey, but then uses the API key to do essentially what an ephemeral authkey would have done: create a node and then clean it up when it is done.

This is NOT what it does at least in my experience. When the ephemeral auth key is used, the key does delete itself when it is consumed but the node remains in my tailnet until I delete it manually. Not sure if ephemeral keys are supposed to auto-delete the attached node when the node disconnects but it doesn't do that for me.

I agree that my commit would be less necessary (for my own workflow at least) if ephemeral keys triggered the deletion of the attached node automatically upon disconnection.