Action silently fails with success with invalid policy file.

[adamus1red]

With the following policy file, both the test and deploy actions succeed but the policy file in invalid according to TailScale when submitted directly via the web portal.

The error appears that it does not validate that the dst is in the porper format of <address>:<port>.

policy.hujson

{
    "groups": {
        "group:test": [
            "user@example.com",
        ],

    },
    // Access control lists.
    "acls": [
    // Server Network
        {"action": "accept", "src": ["group:test"], "dst": ["10.100.0.0/16"]},

    ],
    "tests": [
        {
            "user":  "user@example.com",
            "allow": ["10.100.0.1:22"],
        },
    ],
}

Error from Tailscale website when directly submitting the policy file

Test CI job showing that the policy passes testing without error.

CI job where we found the issue showing that it reports as deployed successfully

[raggi]

This is in a dup of issue #11.

Because your workflow includes Fetch old version info (seen in screenshot above) it is actually fetching an old ACL file from the workflow cache and applying that, rather than the incoming policy.hujson.

There was a fix I just merged in https://github.com/tailscale/gitops-acl-action/commit/e50bab9c639fd3202c464759e10f6b8c547d57cc - please apply this change to your workflow file in order to get the correct behavior!