diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml deleted file mode 100644 index 9007882..0000000 --- a/.github/actions/setup/action.yaml +++ /dev/null @@ -1,53 +0,0 @@ -name: setup -description: Setup the environment for tailout - -inputs: - binary_name: - description: The name of the binary to build - required: true - default: "tailout" - tailscale_oauth_client_id: - description: The tailscale oauth client id - required: true - tailscale_oauth_client_secret: - description: The tailscale oauth client secret - required: true - tailscale_version: - description: The version of tailscale to use - required: false - default: "1.70.0" - role_arn: - description: The role to assume - required: true - region: - description: The region to use - required: true - -runs: - using: "composite" - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5 - with: - role-to-assume: ${{ inputs.role_arn }} - role-session-name: tailout-${{ github.job }} - aws-region: ${{ inputs.region }} - - - name: Connect runner to tailscale - uses: tailscale/github-action@84a3f23bb4d843bcf4da6cf824ec1be473daf4de # v3 - with: - oauth-client-id: ${{ inputs.tailscale_oauth_client_id }} - oauth-secret: ${{ inputs.tailscale_oauth_client_secret }} - version: ${{ inputs.tailscale_version }} - tags: tag:github-actions-runner - args: --operator=runner - - - name: Fetch Cached Artifacts - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 - with: - path: ${{ github.workspace }}/dist - key: tailout-${{ github.run_id }}-${{ github.run_number }} - - - name: Move binary to /usr/local/bin - run: sudo mv dist/tailout_linux_amd64*/tailout /usr/local/bin/ - shell: bash diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 312490c..6d864e8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -10,15 +10,6 @@ on: branches: - main -env: - # tailout environment variables - TAILOUT_REGION: eu-west-3 - TAILOUT_NON_INTERACTIVE: "true" - TAILOUT_CREATE_CONNECT: "true" - TAILOUT_CREATE_SHUTDOWN: 5m - TAILOUT_TAILSCALE_API_KEY: ${{ secrets.TAILSCALE_API_KEY }} - TAILOUT_TAILSCALE_AUTH_KEY: ${{ secrets.TAILSCALE_AUTH_KEY }} - defaults: run: shell: bash @@ -242,59 +233,57 @@ jobs: needs: binary permissions: id-token: write - strategy: - fail-fast: false - matrix: - include: - - first_command: "tailout init" - - first_command: "tailout create" - second_command: "tailout status" - third_command: "tailout disconnect" - - first_command: "tailout create" - second_command: "tailout disconnect" - third_command: "tailout status" + env: + # tailout environment variables + TAILOUT_REGION: us-west-1 + TAILOUT_NON_INTERACTIVE: "true" + TAILOUT_CREATE_CONNECT: "true" + TAILOUT_CREATE_SHUTDOWN: 5m + TAILOUT_TAILSCALE_API_KEY: ${{ secrets.TAILSCALE_API_KEY }} steps: - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + with: + role-to-assume: ${{ secrets.AWS_GITHUB_ACTIONS_TAILOUT_ROLE_ARN }} + role-session-name: tailout-${{ github.job }} + aws-region: ${{ env.TAILOUT_REGION }} - - name: Setup environment - uses: ./.github/actions/setup + - name: Connect runner to tailscale + uses: tailscale/github-action@aa604318b61e5b25107287e0d07db6a08b3e72c0 # v4.0.2 with: - region: ${{ env.TAILOUT_REGION }} - role_arn: ${{ secrets.AWS_GITHUB_ACTIONS_TAILOUT_ROLE_ARN }} - tailscale_oauth_client_id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }} - tailscale_oauth_client_secret: ${{ secrets.TAILSCALE_OAUTH_CLIENT_SECRET }} - - name: First command - run: ${{ matrix.first_command }} - - name: Second command - if: ${{ matrix.second_command != '' }} - run: ${{ matrix.second_command }} - - name: Third command - if: ${{ matrix.third_command != '' }} - run: ${{ matrix.third_command }} - # TODO: check if the public IP address matches the one from the new instance - - # TODO: find a better concurrency pattern - cleanup: - runs-on: ubuntu-24.04 - if: ${{ github.event.repository.fork == false && github.actor != 'renovate[bot]' }} - needs: e2e-tests - concurrency: - group: cleanup - cancel-in-progress: true - permissions: - id-token: write - steps: - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + oauth-client-id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }} + oauth-secret: ${{ secrets.TAILSCALE_OAUTH_CLIENT_SECRET }} + version: 1.88.3 # renovate: datasource=github-tags depName=tailscale/tailscale + tags: tag:github-actions-runner + args: --operator=runner - - name: Setup environment - uses: ./.github/actions/setup + - name: Fetch Cached Artifacts + uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: - region: ${{ env.TAILOUT_REGION }} - role_arn: ${{ secrets.AWS_GITHUB_ACTIONS_TAILOUT_ROLE_ARN }} - tailscale_oauth_client_id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }} - tailscale_oauth_client_secret: ${{ secrets.TAILSCALE_OAUTH_CLIENT_SECRET }} - - name: Cleanup + path: ${{ github.workspace }}/dist + key: ${{ needs.binary.outputs.cache-key }} + + - name: Move binary to /usr/local/bin + run: sudo mv dist/tailout_linux_amd64*/tailout /usr/local/bin/ + shell: bash + + - name: Run init + run: tailout init + + - name: Create instance + run: tailout create + + - name: Check instance status + run: tailout status + + - name: Disconnect instance + run: tailout disconnect + + - name: Check instance status after disconnect + run: tailout status + + # TODO: check if the public IP address matches the one from the new instance + + - name: Cleanup instances run: tailout stop --all - # TODO: Add cleanup for github nodes as well + if: always()