From b3aebcc0ee24017cd4d79b9d355db3a1feb2c5e3 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 22 Oct 2025 17:41:33 -0700 Subject: [PATCH 1/5] Simplify e2e test --- .github/actions/setup/action.yaml | 53 ------------------- .github/workflows/ci.yaml | 87 +++++++++++++------------------ 2 files changed, 36 insertions(+), 104 deletions(-) delete mode 100644 .github/actions/setup/action.yaml diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml deleted file mode 100644 index 9007882..0000000 --- a/.github/actions/setup/action.yaml +++ /dev/null @@ -1,53 +0,0 @@ -name: setup -description: Setup the environment for tailout - -inputs: - binary_name: - description: The name of the binary to build - required: true - default: "tailout" - tailscale_oauth_client_id: - description: The tailscale oauth client id - required: true - tailscale_oauth_client_secret: - description: The tailscale oauth client secret - required: true - tailscale_version: - description: The version of tailscale to use - required: false - default: "1.70.0" - role_arn: - description: The role to assume - required: true - region: - description: The region to use - required: true - -runs: - using: "composite" - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5 - with: - role-to-assume: ${{ inputs.role_arn }} - role-session-name: tailout-${{ github.job }} - aws-region: ${{ inputs.region }} - - - name: Connect runner to tailscale - uses: tailscale/github-action@84a3f23bb4d843bcf4da6cf824ec1be473daf4de # v3 - with: - oauth-client-id: ${{ inputs.tailscale_oauth_client_id }} - oauth-secret: ${{ inputs.tailscale_oauth_client_secret }} - version: ${{ inputs.tailscale_version }} - tags: tag:github-actions-runner - args: --operator=runner - - - name: Fetch Cached Artifacts - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 - with: - path: ${{ github.workspace }}/dist - key: tailout-${{ github.run_id }}-${{ github.run_number }} - - - name: Move binary to /usr/local/bin - run: sudo mv dist/tailout_linux_amd64*/tailout /usr/local/bin/ - shell: bash diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 387a32f..57165e8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -12,7 +12,6 @@ on: env: # tailout environment variables - TAILOUT_REGION: eu-west-3 TAILOUT_NON_INTERACTIVE: "true" TAILOUT_CREATE_CONNECT: "true" TAILOUT_CREATE_SHUTDOWN: 5m @@ -242,59 +241,45 @@ jobs: needs: binary permissions: id-token: write - strategy: - fail-fast: false - matrix: - include: - - first_command: "tailout init" - - first_command: "tailout create" - second_command: "tailout status" - third_command: "tailout disconnect" - - first_command: "tailout create" - second_command: "tailout disconnect" - third_command: "tailout status" steps: - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + with: + role-to-assume: ${{ secrets.AWS_GITHUB_ACTIONS_TAILOUT_ROLE_ARN }} + role-session-name: tailout-${{ github.job }} + aws-region: us-west-1 - - name: Setup environment - uses: ./.github/actions/setup + - name: Connect runner to tailscale + uses: tailscale/github-action@aa604318b61e5b25107287e0d07db6a08b3e72c0 # v4.0.2 with: - region: ${{ env.TAILOUT_REGION }} - role_arn: ${{ secrets.AWS_GITHUB_ACTIONS_TAILOUT_ROLE_ARN }} - tailscale_oauth_client_id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }} - tailscale_oauth_client_secret: ${{ secrets.TAILSCALE_OAUTH_CLIENT_SECRET }} - - name: First command - run: ${{ matrix.first_command }} - - name: Second command - if: ${{ matrix.second_command != '' }} - run: ${{ matrix.second_command }} - - name: Third command - if: ${{ matrix.third_command != '' }} - run: ${{ matrix.third_command }} - # TODO: check if the public IP address matches the one from the new instance - - # TODO: find a better concurrency pattern - cleanup: - runs-on: ubuntu-24.04 - if: ${{ github.event.repository.fork == false && github.actor != 'renovate[bot]' }} - needs: e2e-tests - concurrency: - group: cleanup - cancel-in-progress: true - permissions: - id-token: write - steps: - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + oauth-client-id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }} + oauth-secret: ${{ secrets.TAILSCALE_OAUTH_CLIENT_SECRET }} + version: v1.88.3 # renovate: datasource=github-tags depName=tailscale/tailscale + tags: tag:github-actions-runner + args: --operator=runner - - name: Setup environment - uses: ./.github/actions/setup + - name: Fetch Cached Artifacts + uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: - region: ${{ env.TAILOUT_REGION }} - role_arn: ${{ secrets.AWS_GITHUB_ACTIONS_TAILOUT_ROLE_ARN }} - tailscale_oauth_client_id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }} - tailscale_oauth_client_secret: ${{ secrets.TAILSCALE_OAUTH_CLIENT_SECRET }} - - name: Cleanup + path: ${{ github.workspace }}/dist + key: ${{ needs.binary.outputs.cache-key }} + + - name: Move binary to /usr/local/bin + run: sudo mv dist/tailout_linux_amd64*/tailout /usr/local/bin/ + shell: bash + + - name: Run init + run: tailout init + + - name: Create instance and test workflow + run: | + tailout create + tailout status + tailout disconnect + tailout status + + # TODO: check if the public IP address matches the one from the new instance + + - name: Cleanup instances run: tailout stop --all - # TODO: Add cleanup for github nodes as well + if: always() From fb46dd5740458ea251aa7c995eddcbc8cfe109d3 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 22 Oct 2025 18:15:25 -0700 Subject: [PATCH 2/5] version --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 57165e8..c8c6333 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -254,7 +254,7 @@ jobs: with: oauth-client-id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }} oauth-secret: ${{ secrets.TAILSCALE_OAUTH_CLIENT_SECRET }} - version: v1.88.3 # renovate: datasource=github-tags depName=tailscale/tailscale + version: 1.88.3 # renovate: datasource=github-tags depName=tailscale/tailscale tags: tag:github-actions-runner args: --operator=runner From 29a2491d7da0bd3315837ee783b3dba9e6bf7b36 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 22 Oct 2025 18:17:35 -0700 Subject: [PATCH 3/5] commands --- .github/workflows/ci.yaml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c8c6333..5c6c19d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -271,12 +271,17 @@ jobs: - name: Run init run: tailout init - - name: Create instance and test workflow - run: | - tailout create - tailout status - tailout disconnect - tailout status + - name: Create instance + run: tailout create + + - name: Check instance status + run: tailout status + + - name: Disconnect instance + run: tailout disconnect + + - name: Check instance status after disconnect + run: tailout status # TODO: check if the public IP address matches the one from the new instance From e0e6fc6bf8bb3ba061a0bb04f15c81412fa60488 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 22 Oct 2025 18:54:30 -0700 Subject: [PATCH 4/5] remove --- .github/workflows/ci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5c6c19d..36e6716 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -16,7 +16,6 @@ env: TAILOUT_CREATE_CONNECT: "true" TAILOUT_CREATE_SHUTDOWN: 5m TAILOUT_TAILSCALE_API_KEY: ${{ secrets.TAILSCALE_API_KEY }} - TAILOUT_TAILSCALE_AUTH_KEY: ${{ secrets.TAILSCALE_AUTH_KEY }} defaults: run: From 232c0b191753672467870c42a90c0a846549f2e7 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Fri, 24 Oct 2025 18:16:53 -0700 Subject: [PATCH 5/5] vars --- .github/workflows/ci.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 36e6716..eca173d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -10,13 +10,6 @@ on: branches: - main -env: - # tailout environment variables - TAILOUT_NON_INTERACTIVE: "true" - TAILOUT_CREATE_CONNECT: "true" - TAILOUT_CREATE_SHUTDOWN: 5m - TAILOUT_TAILSCALE_API_KEY: ${{ secrets.TAILSCALE_API_KEY }} - defaults: run: shell: bash @@ -240,13 +233,20 @@ jobs: needs: binary permissions: id-token: write + env: + # tailout environment variables + TAILOUT_REGION: us-west-1 + TAILOUT_NON_INTERACTIVE: "true" + TAILOUT_CREATE_CONNECT: "true" + TAILOUT_CREATE_SHUTDOWN: 5m + TAILOUT_TAILSCALE_API_KEY: ${{ secrets.TAILSCALE_API_KEY }} steps: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.AWS_GITHUB_ACTIONS_TAILOUT_ROLE_ARN }} role-session-name: tailout-${{ github.job }} - aws-region: us-west-1 + aws-region: ${{ env.TAILOUT_REGION }} - name: Connect runner to tailscale uses: tailscale/github-action@aa604318b61e5b25107287e0d07db6a08b3e72c0 # v4.0.2