From 7bef20a7c70c71116168e2e454921488f2eecf9e Mon Sep 17 00:00:00 2001 From: Oliver Borchert Date: Thu, 2 May 2024 00:15:35 +0200 Subject: [PATCH 1/9] Allow to use pre-installed binaries --- action.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index 7bc7fef..de22eb1 100644 --- a/action.yml +++ b/action.yml @@ -20,12 +20,16 @@ inputs: tags: description: 'Comma separated list of Tags to be applied to nodes. The OAuth client must have permission to apply these tags.' required: false + download: + description: 'Whether to download the `tailscale` and `tailscaled` binaries.' + required: false + default: 'true' version: - description: 'Tailscale version to use.' + description: 'Tailscale version to use if downloading.' required: true default: '1.42.0' sha256sum: - description: 'Expected SHA256 checksum of the tarball.' + description: 'Expected SHA256 checksum of the tarball when downloading.' required: false default: '' args: @@ -57,7 +61,7 @@ runs: exit 1 - name: Download Tailscale shell: bash - id: download + if: ${{ inputs.download }} env: VERSION: ${{ inputs.version }} SHA256SUM: ${{ inputs.sha256sum }} From 5e734e6d5afd1203e8abc366358e165db202a016 Mon Sep 17 00:00:00 2001 From: Oliver Borchert Date: Sat, 4 May 2024 02:14:29 +0200 Subject: [PATCH 2/9] fix --- action.yml | 196 +++++++++++++++++++++++++++-------------------------- 1 file changed, 99 insertions(+), 97 deletions(-) diff --git a/action.yml b/action.yml index de22eb1..0a54d6a 100644 --- a/action.yml +++ b/action.yml @@ -1,123 +1,125 @@ # Copyright (c) Tailscale Inc & AUTHORS # SPDX-License-Identifier: BSD-3-Clause # -name: 'Connect Tailscale' -description: 'Connect your GitHub Action workflow to Tailscale' +name: "Connect Tailscale" +description: "Connect your GitHub Action workflow to Tailscale" branding: - icon: 'arrow-right-circle' - color: 'gray-dark' + icon: "arrow-right-circle" + color: "gray-dark" inputs: authkey: - description: 'Your Tailscale authentication key, from the admin panel.' + description: "Your Tailscale authentication key, from the admin panel." required: false - deprecationMessage: 'An OAuth API client https://tailscale.com/s/oauth-clients is recommended instead of an authkey' + deprecationMessage: + "An OAuth API client https://tailscale.com/s/oauth-clients is recommended instead of an authkey" oauth-client-id: - description: 'Your Tailscale OAuth Client ID.' + description: "Your Tailscale OAuth Client ID." required: false oauth-secret: - description: 'Your Tailscale OAuth Client Secret.' + description: "Your Tailscale OAuth Client Secret." required: false tags: - description: 'Comma separated list of Tags to be applied to nodes. The OAuth client must have permission to apply these tags.' + description: + "Comma separated list of Tags to be applied to nodes. The OAuth client must have permission to apply these tags." required: false download: - description: 'Whether to download the `tailscale` and `tailscaled` binaries.' + description: "Whether to download the `tailscale` and `tailscaled` binaries." required: false - default: 'true' + default: "true" version: - description: 'Tailscale version to use if downloading.' + description: "Tailscale version to use if downloading." required: true - default: '1.42.0' + default: "1.42.0" sha256sum: - description: 'Expected SHA256 checksum of the tarball when downloading.' + description: "Expected SHA256 checksum of the tarball when downloading." required: false - default: '' + default: "" args: - description: 'Optional additional arguments to `tailscale up`' + description: "Optional additional arguments to `tailscale up`" required: false - default: '' + default: "" tailscaled-args: - description: 'Optional additional arguments to `tailscaled`' + description: "Optional additional arguments to `tailscaled`" required: false - default: '' + default: "" hostname: - description: 'Fixed hostname to use.' + description: "Fixed hostname to use." required: false - default: '' + default: "" runs: - using: 'composite' - steps: - - name: Check Runner OS - if: ${{ runner.os != 'Linux' }} - shell: bash - run: | - echo "::error title=⛔ error hint::Support Linux Only" - exit 1 - - name: Check Auth Info Empty - if: ${{ inputs.authkey == '' && (inputs['oauth-secret'] == '' || inputs.tags == '') }} - shell: bash - run: | - echo "::error title=⛔ error hint::OAuth identity empty, Maybe you need to populate it in the Secrets for your workflow, see more in https://docs.github.com/en/actions/security-guides/encrypted-secrets and https://tailscale.com/s/oauth-clients" - exit 1 - - name: Download Tailscale - shell: bash - if: ${{ inputs.download }} - env: - VERSION: ${{ inputs.version }} - SHA256SUM: ${{ inputs.sha256sum }} - run: | - if [ ${{ runner.arch }} = "ARM64" ]; then - TS_ARCH="arm64" - elif [ ${{ runner.arch }} = "ARM" ]; then - TS_ARCH="arm" - elif [ ${{ runner.arch }} = "X86" ]; then - TS_ARCH="386" - elif [ ${{ runner.arch }} = "X64" ]; then - TS_ARCH="amd64" - else - TS_ARCH="amd64" - fi - MINOR=$(echo "$VERSION" | awk -F '.' {'print $2'}) - if [ $((MINOR % 2)) -eq 0 ]; then - URL="https://pkgs.tailscale.com/stable/tailscale_${VERSION}_${TS_ARCH}.tgz" - else - URL="https://pkgs.tailscale.com/unstable/tailscale_${VERSION}_${TS_ARCH}.tgz" - fi - echo "Downloading $URL" - curl -H user-agent:tailscale-github-action -L "$URL" -o tailscale.tgz --max-time 300 --fail - if ! [[ "$SHA256SUM" ]] ; then - SHA256SUM="$(curl -H user-agent:tailscale-github-action -L "${URL}.sha256" --fail)" - fi - echo "Expected sha256: $SHA256SUM" - echo "Actual sha256: $(sha256sum tailscale.tgz)" - echo "$SHA256SUM tailscale.tgz" | sha256sum -c - tar -C /tmp -xzf tailscale.tgz - rm tailscale.tgz - TSPATH=/tmp/tailscale_${VERSION}_${TS_ARCH} - sudo mv "${TSPATH}/tailscale" "${TSPATH}/tailscaled" /usr/bin - - name: Start Tailscale Daemon - shell: bash - env: - ADDITIONAL_DAEMON_ARGS: ${{ inputs.tailscaled-args }} - run: | - sudo -E tailscaled --state=mem: ${ADDITIONAL_DAEMON_ARGS} 2>~/tailscaled.log & - # And check that tailscaled came up. The CLI will block for a bit waiting - # for it. And --json will make it exit with status 0 even if we're logged - # out (as we will be). Without --json it returns an error if we're not up. - sudo -E tailscale status --json >/dev/null - - name: Connect to Tailscale - shell: bash - env: - TAILSCALE_AUTHKEY: ${{ inputs.authkey }} - ADDITIONAL_ARGS: ${{ inputs.args }} - HOSTNAME: ${{ inputs.hostname }} - TS_EXPERIMENT_OAUTH_AUTHKEY: true - run: | - if [ -z "${HOSTNAME}" ]; then - HOSTNAME="github-$(cat /etc/hostname)" - fi - if [ -n "${{ inputs['oauth-secret'] }}" ]; then - TAILSCALE_AUTHKEY="${{ inputs['oauth-secret'] }}?preauthorized=true&ephemeral=true" - TAGS_ARG="--advertise-tags=${{ inputs.tags }}" - fi - timeout 5m sudo -E tailscale up ${TAGS_ARG} --authkey=${TAILSCALE_AUTHKEY} --hostname=${HOSTNAME} --accept-routes ${ADDITIONAL_ARGS} + using: "composite" + steps: + - name: Check Runner OS + if: ${{ runner.os != 'Linux' }} + shell: bash + run: | + echo "::error title=⛔ error hint::Support Linux Only" + exit 1 + - name: Check Auth Info Empty + if: ${{ inputs.authkey == '' && (inputs['oauth-secret'] == '' || inputs.tags == '') }} + shell: bash + run: | + echo "::error title=⛔ error hint::OAuth identity empty, Maybe you need to populate it in the Secrets for your workflow, see more in https://docs.github.com/en/actions/security-guides/encrypted-secrets and https://tailscale.com/s/oauth-clients" + exit 1 + - name: Download Tailscale + shell: bash + if: ${{ inputs.download == 'true' }} + env: + VERSION: ${{ inputs.version }} + SHA256SUM: ${{ inputs.sha256sum }} + run: | + if [ ${{ runner.arch }} = "ARM64" ]; then + TS_ARCH="arm64" + elif [ ${{ runner.arch }} = "ARM" ]; then + TS_ARCH="arm" + elif [ ${{ runner.arch }} = "X86" ]; then + TS_ARCH="386" + elif [ ${{ runner.arch }} = "X64" ]; then + TS_ARCH="amd64" + else + TS_ARCH="amd64" + fi + MINOR=$(echo "$VERSION" | awk -F '.' {'print $2'}) + if [ $((MINOR % 2)) -eq 0 ]; then + URL="https://pkgs.tailscale.com/stable/tailscale_${VERSION}_${TS_ARCH}.tgz" + else + URL="https://pkgs.tailscale.com/unstable/tailscale_${VERSION}_${TS_ARCH}.tgz" + fi + echo "Downloading $URL" + curl -H user-agent:tailscale-github-action -L "$URL" -o tailscale.tgz --max-time 300 --fail + if ! [[ "$SHA256SUM" ]] ; then + SHA256SUM="$(curl -H user-agent:tailscale-github-action -L "${URL}.sha256" --fail)" + fi + echo "Expected sha256: $SHA256SUM" + echo "Actual sha256: $(sha256sum tailscale.tgz)" + echo "$SHA256SUM tailscale.tgz" | sha256sum -c + tar -C /tmp -xzf tailscale.tgz + rm tailscale.tgz + TSPATH=/tmp/tailscale_${VERSION}_${TS_ARCH} + sudo mv "${TSPATH}/tailscale" "${TSPATH}/tailscaled" /usr/bin + - name: Start Tailscale Daemon + shell: bash + env: + ADDITIONAL_DAEMON_ARGS: ${{ inputs.tailscaled-args }} + run: | + sudo -E tailscaled --state=mem: ${ADDITIONAL_DAEMON_ARGS} 2>~/tailscaled.log & + # And check that tailscaled came up. The CLI will block for a bit waiting + # for it. And --json will make it exit with status 0 even if we're logged + # out (as we will be). Without --json it returns an error if we're not up. + sudo -E tailscale status --json >/dev/null + - name: Connect to Tailscale + shell: bash + env: + TAILSCALE_AUTHKEY: ${{ inputs.authkey }} + ADDITIONAL_ARGS: ${{ inputs.args }} + HOSTNAME: ${{ inputs.hostname }} + TS_EXPERIMENT_OAUTH_AUTHKEY: true + run: | + if [ -z "${HOSTNAME}" ]; then + HOSTNAME="github-$(cat /etc/hostname)" + fi + if [ -n "${{ inputs['oauth-secret'] }}" ]; then + TAILSCALE_AUTHKEY="${{ inputs['oauth-secret'] }}?preauthorized=true&ephemeral=true" + TAGS_ARG="--advertise-tags=${{ inputs.tags }}" + fi + timeout 5m sudo -E tailscale up ${TAGS_ARG} --authkey=${TAILSCALE_AUTHKEY} --hostname=${HOSTNAME} --accept-routes ${ADDITIONAL_ARGS} From b7a73433d40ad65373fcddfe14e45fa8fc7254a2 Mon Sep 17 00:00:00 2001 From: Oliver Borchert Date: Sat, 4 May 2024 02:49:33 +0200 Subject: [PATCH 3/9] Link binaries to /usr/bin --- action.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/action.yml b/action.yml index 0a54d6a..c8c1aab 100644 --- a/action.yml +++ b/action.yml @@ -97,6 +97,14 @@ runs: rm tailscale.tgz TSPATH=/tmp/tailscale_${VERSION}_${TS_ARCH} sudo mv "${TSPATH}/tailscale" "${TSPATH}/tailscaled" /usr/bin + - name: Link Tailscale binaries + shell: bash + if: ${{ inputs.download == 'false' }} + run: | + TAILSCALE_PATH=$(which tailscale) + TAILSCALED_PATH=$(which tailscaled) + sudo -E ln -s -f ${TAILSCALE_PATH} /usr/bin/tailscale + sudo -E ln -s -f ${TAILSCALED_PATH} /usr/bin/tailscaled - name: Start Tailscale Daemon shell: bash env: From 529bcc14a8c5212a7507abcaf5f9b421468c125e Mon Sep 17 00:00:00 2001 From: Oliver Borchert Date: Sun, 16 Jun 2024 23:36:34 +0200 Subject: [PATCH 4/9] Revert layout --- action.yml | 202 +++++++++++++++++++++++++---------------------------- 1 file changed, 94 insertions(+), 108 deletions(-) diff --git a/action.yml b/action.yml index cba95e2..a3bbe04 100644 --- a/action.yml +++ b/action.yml @@ -1,133 +1,119 @@ # Copyright (c) Tailscale Inc & AUTHORS # SPDX-License-Identifier: BSD-3-Clause # -name: "Connect Tailscale" -description: "Connect your GitHub Action workflow to Tailscale" +name: 'Connect Tailscale' +description: 'Connect your GitHub Action workflow to Tailscale' branding: - icon: "arrow-right-circle" - color: "gray-dark" + icon: 'arrow-right-circle' + color: 'gray-dark' inputs: authkey: - description: "Your Tailscale authentication key, from the admin panel." + description: 'Your Tailscale authentication key, from the admin panel.' required: false - deprecationMessage: - "An OAuth API client https://tailscale.com/s/oauth-clients is recommended instead of an authkey" + deprecationMessage: 'An OAuth API client https://tailscale.com/s/oauth-clients is recommended instead of an authkey' oauth-client-id: - description: "Your Tailscale OAuth Client ID." + description: 'Your Tailscale OAuth Client ID.' required: false oauth-secret: - description: "Your Tailscale OAuth Client Secret." + description: 'Your Tailscale OAuth Client Secret.' required: false tags: - description: - "Comma separated list of Tags to be applied to nodes. The OAuth client must have permission to apply these tags." + description: 'Comma separated list of Tags to be applied to nodes. The OAuth client must have permission to apply these tags.' required: false - download: - description: "Whether to download the `tailscale` and `tailscaled` binaries." - required: false - default: "true" version: - description: "Tailscale version to use if downloading." + description: 'Tailscale version to use.' required: true default: '1.66.3' sha256sum: - description: "Expected SHA256 checksum of the tarball when downloading." + description: 'Expected SHA256 checksum of the tarball.' required: false - default: "" + default: '' args: - description: "Optional additional arguments to `tailscale up`" + description: 'Optional additional arguments to `tailscale up`' required: false - default: "" + default: '' tailscaled-args: - description: "Optional additional arguments to `tailscaled`" + description: 'Optional additional arguments to `tailscaled`' required: false - default: "" + default: '' hostname: - description: "Fixed hostname to use." + description: 'Fixed hostname to use.' required: false - default: "" + default: '' runs: - using: "composite" - steps: - - name: Check Runner OS - if: ${{ runner.os != 'Linux' }} - shell: bash - run: | - echo "::error title=⛔ error hint::Support Linux Only" - exit 1 - - name: Check Auth Info Empty - if: ${{ inputs.authkey == '' && (inputs['oauth-secret'] == '' || inputs.tags == '') }} - shell: bash - run: | - echo "::error title=⛔ error hint::OAuth identity empty, Maybe you need to populate it in the Secrets for your workflow, see more in https://docs.github.com/en/actions/security-guides/encrypted-secrets and https://tailscale.com/s/oauth-clients" - exit 1 - - name: Download Tailscale - shell: bash - if: ${{ inputs.download == 'true' }} - env: - VERSION: ${{ inputs.version }} - SHA256SUM: ${{ inputs.sha256sum }} - run: | - if [ ${{ runner.arch }} = "ARM64" ]; then - TS_ARCH="arm64" - elif [ ${{ runner.arch }} = "ARM" ]; then - TS_ARCH="arm" - elif [ ${{ runner.arch }} = "X86" ]; then - TS_ARCH="386" - elif [ ${{ runner.arch }} = "X64" ]; then - TS_ARCH="amd64" - else - TS_ARCH="amd64" - fi - MINOR=$(echo "$VERSION" | awk -F '.' {'print $2'}) - if [ $((MINOR % 2)) -eq 0 ]; then - URL="https://pkgs.tailscale.com/stable/tailscale_${VERSION}_${TS_ARCH}.tgz" - else - URL="https://pkgs.tailscale.com/unstable/tailscale_${VERSION}_${TS_ARCH}.tgz" - fi - echo "Downloading $URL" - curl -H user-agent:tailscale-github-action -L "$URL" -o tailscale.tgz --max-time 300 --fail - if ! [[ "$SHA256SUM" ]] ; then - SHA256SUM="$(curl -H user-agent:tailscale-github-action -L "${URL}.sha256" --fail)" - fi - echo "Expected sha256: $SHA256SUM" - echo "Actual sha256: $(sha256sum tailscale.tgz)" - echo "$SHA256SUM tailscale.tgz" | sha256sum -c - tar -C /tmp -xzf tailscale.tgz - rm tailscale.tgz - TSPATH=/tmp/tailscale_${VERSION}_${TS_ARCH} - sudo mv "${TSPATH}/tailscale" "${TSPATH}/tailscaled" /usr/bin - - name: Link Tailscale binaries - shell: bash - if: ${{ inputs.download == 'false' }} - run: | - TAILSCALE_PATH=$(which tailscale) - TAILSCALED_PATH=$(which tailscaled) - sudo -E ln -s -f ${TAILSCALE_PATH} /usr/bin/tailscale - sudo -E ln -s -f ${TAILSCALED_PATH} /usr/bin/tailscaled - - name: Start Tailscale Daemon - shell: bash - env: - ADDITIONAL_DAEMON_ARGS: ${{ inputs.tailscaled-args }} - run: | - sudo -E tailscaled --state=mem: ${ADDITIONAL_DAEMON_ARGS} 2>~/tailscaled.log & - # And check that tailscaled came up. The CLI will block for a bit waiting - # for it. And --json will make it exit with status 0 even if we're logged - # out (as we will be). Without --json it returns an error if we're not up. - sudo -E tailscale status --json >/dev/null - - name: Connect to Tailscale - shell: bash - env: - TAILSCALE_AUTHKEY: ${{ inputs.authkey }} - ADDITIONAL_ARGS: ${{ inputs.args }} - HOSTNAME: ${{ inputs.hostname }} - TS_EXPERIMENT_OAUTH_AUTHKEY: true - run: | - if [ -z "${HOSTNAME}" ]; then - HOSTNAME="github-$(cat /etc/hostname)" - fi - if [ -n "${{ inputs['oauth-secret'] }}" ]; then - TAILSCALE_AUTHKEY="${{ inputs['oauth-secret'] }}?preauthorized=true&ephemeral=true" - TAGS_ARG="--advertise-tags=${{ inputs.tags }}" - fi - timeout 5m sudo -E tailscale up ${TAGS_ARG} --authkey=${TAILSCALE_AUTHKEY} --hostname=${HOSTNAME} --accept-routes ${ADDITIONAL_ARGS} + using: 'composite' + steps: + - name: Check Runner OS + if: ${{ runner.os != 'Linux' }} + shell: bash + run: | + echo "::error title=⛔ error hint::Support Linux Only" + exit 1 + - name: Check Auth Info Empty + if: ${{ inputs.authkey == '' && (inputs['oauth-secret'] == '' || inputs.tags == '') }} + shell: bash + run: | + echo "::error title=⛔ error hint::OAuth identity empty, Maybe you need to populate it in the Secrets for your workflow, see more in https://docs.github.com/en/actions/security-guides/encrypted-secrets and https://tailscale.com/s/oauth-clients" + exit 1 + - name: Download Tailscale + shell: bash + id: download + env: + VERSION: ${{ inputs.version }} + SHA256SUM: ${{ inputs.sha256sum }} + run: | + if [ ${{ runner.arch }} = "ARM64" ]; then + TS_ARCH="arm64" + elif [ ${{ runner.arch }} = "ARM" ]; then + TS_ARCH="arm" + elif [ ${{ runner.arch }} = "X86" ]; then + TS_ARCH="386" + elif [ ${{ runner.arch }} = "X64" ]; then + TS_ARCH="amd64" + else + TS_ARCH="amd64" + fi + MINOR=$(echo "$VERSION" | awk -F '.' {'print $2'}) + if [ $((MINOR % 2)) -eq 0 ]; then + URL="https://pkgs.tailscale.com/stable/tailscale_${VERSION}_${TS_ARCH}.tgz" + else + URL="https://pkgs.tailscale.com/unstable/tailscale_${VERSION}_${TS_ARCH}.tgz" + fi + echo "Downloading $URL" + curl -H user-agent:tailscale-github-action -L "$URL" -o tailscale.tgz --max-time 300 --fail + if ! [[ "$SHA256SUM" ]] ; then + SHA256SUM="$(curl -H user-agent:tailscale-github-action -L "${URL}.sha256" --fail)" + fi + echo "Expected sha256: $SHA256SUM" + echo "Actual sha256: $(sha256sum tailscale.tgz)" + echo "$SHA256SUM tailscale.tgz" | sha256sum -c + tar -C /tmp -xzf tailscale.tgz + rm tailscale.tgz + TSPATH=/tmp/tailscale_${VERSION}_${TS_ARCH} + sudo mv "${TSPATH}/tailscale" "${TSPATH}/tailscaled" /usr/bin + - name: Start Tailscale Daemon + shell: bash + env: + ADDITIONAL_DAEMON_ARGS: ${{ inputs.tailscaled-args }} + run: | + sudo -E tailscaled --state=mem: ${ADDITIONAL_DAEMON_ARGS} 2>~/tailscaled.log & + # And check that tailscaled came up. The CLI will block for a bit waiting + # for it. And --json will make it exit with status 0 even if we're logged + # out (as we will be). Without --json it returns an error if we're not up. + sudo -E tailscale status --json >/dev/null + - name: Connect to Tailscale + shell: bash + env: + TAILSCALE_AUTHKEY: ${{ inputs.authkey }} + ADDITIONAL_ARGS: ${{ inputs.args }} + HOSTNAME: ${{ inputs.hostname }} + TS_EXPERIMENT_OAUTH_AUTHKEY: true + run: | + if [ -z "${HOSTNAME}" ]; then + HOSTNAME="github-$(cat /etc/hostname)" + fi + if [ -n "${{ inputs['oauth-secret'] }}" ]; then + TAILSCALE_AUTHKEY="${{ inputs['oauth-secret'] }}?preauthorized=true&ephemeral=true" + TAGS_ARG="--advertise-tags=${{ inputs.tags }}" + fi + timeout 5m sudo -E tailscale up ${TAGS_ARG} --authkey=${TAILSCALE_AUTHKEY} --hostname=${HOSTNAME} --accept-routes ${ADDITIONAL_ARGS} From 97e978f90eb040f83ef52aeeb065f2916ca124bf Mon Sep 17 00:00:00 2001 From: Oliver Borchert Date: Sun, 16 Jun 2024 23:37:31 +0200 Subject: [PATCH 5/9] Fix? --- action.yml | 174 +++++++++++++++++++++++++++++------------------------ 1 file changed, 94 insertions(+), 80 deletions(-) diff --git a/action.yml b/action.yml index a3bbe04..2c1819c 100644 --- a/action.yml +++ b/action.yml @@ -10,7 +10,8 @@ inputs: authkey: description: 'Your Tailscale authentication key, from the admin panel.' required: false - deprecationMessage: 'An OAuth API client https://tailscale.com/s/oauth-clients is recommended instead of an authkey' + deprecationMessage: + 'An OAuth API client https://tailscale.com/s/oauth-clients is recommended instead of an authkey' oauth-client-id: description: 'Your Tailscale OAuth Client ID.' required: false @@ -18,14 +19,19 @@ inputs: description: 'Your Tailscale OAuth Client Secret.' required: false tags: - description: 'Comma separated list of Tags to be applied to nodes. The OAuth client must have permission to apply these tags.' + description: + 'Comma separated list of Tags to be applied to nodes. The OAuth client must have permission to apply these tags.' required: false + download: + description: 'Whether to download the `tailscale` and `tailscaled` binaries.' + required: false + default: 'true' version: - description: 'Tailscale version to use.' + description: 'Tailscale version to use if downloading.' required: true default: '1.66.3' sha256sum: - description: 'Expected SHA256 checksum of the tarball.' + description: 'Expected SHA256 checksum of the tarball when downloading.' required: false default: '' args: @@ -41,79 +47,87 @@ inputs: required: false default: '' runs: - using: 'composite' - steps: - - name: Check Runner OS - if: ${{ runner.os != 'Linux' }} - shell: bash - run: | - echo "::error title=⛔ error hint::Support Linux Only" - exit 1 - - name: Check Auth Info Empty - if: ${{ inputs.authkey == '' && (inputs['oauth-secret'] == '' || inputs.tags == '') }} - shell: bash - run: | - echo "::error title=⛔ error hint::OAuth identity empty, Maybe you need to populate it in the Secrets for your workflow, see more in https://docs.github.com/en/actions/security-guides/encrypted-secrets and https://tailscale.com/s/oauth-clients" - exit 1 - - name: Download Tailscale - shell: bash - id: download - env: - VERSION: ${{ inputs.version }} - SHA256SUM: ${{ inputs.sha256sum }} - run: | - if [ ${{ runner.arch }} = "ARM64" ]; then - TS_ARCH="arm64" - elif [ ${{ runner.arch }} = "ARM" ]; then - TS_ARCH="arm" - elif [ ${{ runner.arch }} = "X86" ]; then - TS_ARCH="386" - elif [ ${{ runner.arch }} = "X64" ]; then - TS_ARCH="amd64" - else - TS_ARCH="amd64" - fi - MINOR=$(echo "$VERSION" | awk -F '.' {'print $2'}) - if [ $((MINOR % 2)) -eq 0 ]; then - URL="https://pkgs.tailscale.com/stable/tailscale_${VERSION}_${TS_ARCH}.tgz" - else - URL="https://pkgs.tailscale.com/unstable/tailscale_${VERSION}_${TS_ARCH}.tgz" - fi - echo "Downloading $URL" - curl -H user-agent:tailscale-github-action -L "$URL" -o tailscale.tgz --max-time 300 --fail - if ! [[ "$SHA256SUM" ]] ; then - SHA256SUM="$(curl -H user-agent:tailscale-github-action -L "${URL}.sha256" --fail)" - fi - echo "Expected sha256: $SHA256SUM" - echo "Actual sha256: $(sha256sum tailscale.tgz)" - echo "$SHA256SUM tailscale.tgz" | sha256sum -c - tar -C /tmp -xzf tailscale.tgz - rm tailscale.tgz - TSPATH=/tmp/tailscale_${VERSION}_${TS_ARCH} - sudo mv "${TSPATH}/tailscale" "${TSPATH}/tailscaled" /usr/bin - - name: Start Tailscale Daemon - shell: bash - env: - ADDITIONAL_DAEMON_ARGS: ${{ inputs.tailscaled-args }} - run: | - sudo -E tailscaled --state=mem: ${ADDITIONAL_DAEMON_ARGS} 2>~/tailscaled.log & - # And check that tailscaled came up. The CLI will block for a bit waiting - # for it. And --json will make it exit with status 0 even if we're logged - # out (as we will be). Without --json it returns an error if we're not up. - sudo -E tailscale status --json >/dev/null - - name: Connect to Tailscale - shell: bash - env: - TAILSCALE_AUTHKEY: ${{ inputs.authkey }} - ADDITIONAL_ARGS: ${{ inputs.args }} - HOSTNAME: ${{ inputs.hostname }} - TS_EXPERIMENT_OAUTH_AUTHKEY: true - run: | - if [ -z "${HOSTNAME}" ]; then - HOSTNAME="github-$(cat /etc/hostname)" - fi - if [ -n "${{ inputs['oauth-secret'] }}" ]; then - TAILSCALE_AUTHKEY="${{ inputs['oauth-secret'] }}?preauthorized=true&ephemeral=true" - TAGS_ARG="--advertise-tags=${{ inputs.tags }}" - fi - timeout 5m sudo -E tailscale up ${TAGS_ARG} --authkey=${TAILSCALE_AUTHKEY} --hostname=${HOSTNAME} --accept-routes ${ADDITIONAL_ARGS} + using: 'composite' + steps: + - name: Check Runner OS + if: ${{ runner.os != 'Linux' }} + shell: bash + run: | + echo '::error title=⛔ error hint::Support Linux Only' + exit 1 + - name: Check Auth Info Empty + if: ${{ inputs.authkey == '' && (inputs['oauth-secret'] == '' || inputs.tags == '') }} + shell: bash + run: | + echo '::error title=⛔ error hint::OAuth identity empty, Maybe you need to populate it in the Secrets for your workflow, see more in https://docs.github.com/en/actions/security-guides/encrypted-secrets and https://tailscale.com/s/oauth-clients' + exit 1 + - name: Download Tailscale + shell: bash + if: ${{ inputs.download == 'true' }} + env: + VERSION: ${{ inputs.version }} + SHA256SUM: ${{ inputs.sha256sum }} + run: | + if [ ${{ runner.arch }} = 'ARM64' ]; then + TS_ARCH='arm64' + elif [ ${{ runner.arch }} = 'ARM' ]; then + TS_ARCH='arm' + elif [ ${{ runner.arch }} = 'X86' ]; then + TS_ARCH='386' + elif [ ${{ runner.arch }} = 'X64' ]; then + TS_ARCH='amd64' + else + TS_ARCH='amd64' + fi + MINOR=$(echo '$VERSION' | awk -F '.' {'print $2'}) + if [ $((MINOR % 2)) -eq 0 ]; then + URL='https://pkgs.tailscale.com/stable/tailscale_${VERSION}_${TS_ARCH}.tgz' + else + URL='https://pkgs.tailscale.com/unstable/tailscale_${VERSION}_${TS_ARCH}.tgz' + fi + echo 'Downloading $URL' + curl -H user-agent:tailscale-github-action -L '$URL' -o tailscale.tgz --max-time 300 --fail + if ! [[ '$SHA256SUM' ]] ; then + SHA256SUM='$(curl -H user-agent:tailscale-github-action -L '${URL}.sha256' --fail)' + fi + echo 'Expected sha256: $SHA256SUM' + echo 'Actual sha256: $(sha256sum tailscale.tgz)' + echo '$SHA256SUM tailscale.tgz' | sha256sum -c + tar -C /tmp -xzf tailscale.tgz + rm tailscale.tgz + TSPATH=/tmp/tailscale_${VERSION}_${TS_ARCH} + sudo mv '${TSPATH}/tailscale' '${TSPATH}/tailscaled' /usr/bin + - name: Link Tailscale binaries + shell: bash + if: ${{ inputs.download == 'false' }} + run: | + TAILSCALE_PATH=$(which tailscale) + TAILSCALED_PATH=$(which tailscaled) + sudo -E ln -s -f ${TAILSCALE_PATH} /usr/bin/tailscale + sudo -E ln -s -f ${TAILSCALED_PATH} /usr/bin/tailscaled + - name: Start Tailscale Daemon + shell: bash + env: + ADDITIONAL_DAEMON_ARGS: ${{ inputs.tailscaled-args }} + run: | + sudo -E tailscaled --state=mem: ${ADDITIONAL_DAEMON_ARGS} 2>~/tailscaled.log & + # And check that tailscaled came up. The CLI will block for a bit waiting + # for it. And --json will make it exit with status 0 even if we're logged + # out (as we will be). Without --json it returns an error if we're not up. + sudo -E tailscale status --json >/dev/null + - name: Connect to Tailscale + shell: bash + env: + TAILSCALE_AUTHKEY: ${{ inputs.authkey }} + ADDITIONAL_ARGS: ${{ inputs.args }} + HOSTNAME: ${{ inputs.hostname }} + TS_EXPERIMENT_OAUTH_AUTHKEY: true + run: | + if [ -z '${HOSTNAME}' ]; then + HOSTNAME='github-$(cat /etc/hostname)' + fi + if [ -n '${{ inputs['oauth-secret'] }}' ]; then + TAILSCALE_AUTHKEY='${{ inputs['oauth-secret'] }}?preauthorized=true&ephemeral=true' + TAGS_ARG='--advertise-tags=${{ inputs.tags }}' + fi + timeout 5m sudo -E tailscale up ${TAGS_ARG} --authkey=${TAILSCALE_AUTHKEY} --hostname=${HOSTNAME} --accept-routes ${ADDITIONAL_ARGS} From 39b7aa91b329be4dc875c68d5fd201fb31c8339d Mon Sep 17 00:00:00 2001 From: Oliver Borchert Date: Sun, 16 Jun 2024 23:38:14 +0200 Subject: [PATCH 6/9] Fix? --- action.yml | 174 ++++++++++++++++++++++++++--------------------------- 1 file changed, 86 insertions(+), 88 deletions(-) diff --git a/action.yml b/action.yml index 2c1819c..b7ad958 100644 --- a/action.yml +++ b/action.yml @@ -10,8 +10,7 @@ inputs: authkey: description: 'Your Tailscale authentication key, from the admin panel.' required: false - deprecationMessage: - 'An OAuth API client https://tailscale.com/s/oauth-clients is recommended instead of an authkey' + deprecationMessage: 'An OAuth API client https://tailscale.com/s/oauth-clients is recommended instead of an authkey' oauth-client-id: description: 'Your Tailscale OAuth Client ID.' required: false @@ -19,8 +18,7 @@ inputs: description: 'Your Tailscale OAuth Client Secret.' required: false tags: - description: - 'Comma separated list of Tags to be applied to nodes. The OAuth client must have permission to apply these tags.' + description: 'Comma separated list of Tags to be applied to nodes. The OAuth client must have permission to apply these tags.' required: false download: description: 'Whether to download the `tailscale` and `tailscaled` binaries.' @@ -47,87 +45,87 @@ inputs: required: false default: '' runs: - using: 'composite' - steps: - - name: Check Runner OS - if: ${{ runner.os != 'Linux' }} - shell: bash - run: | - echo '::error title=⛔ error hint::Support Linux Only' - exit 1 - - name: Check Auth Info Empty - if: ${{ inputs.authkey == '' && (inputs['oauth-secret'] == '' || inputs.tags == '') }} - shell: bash - run: | - echo '::error title=⛔ error hint::OAuth identity empty, Maybe you need to populate it in the Secrets for your workflow, see more in https://docs.github.com/en/actions/security-guides/encrypted-secrets and https://tailscale.com/s/oauth-clients' - exit 1 - - name: Download Tailscale - shell: bash - if: ${{ inputs.download == 'true' }} - env: - VERSION: ${{ inputs.version }} - SHA256SUM: ${{ inputs.sha256sum }} - run: | - if [ ${{ runner.arch }} = 'ARM64' ]; then - TS_ARCH='arm64' - elif [ ${{ runner.arch }} = 'ARM' ]; then - TS_ARCH='arm' - elif [ ${{ runner.arch }} = 'X86' ]; then - TS_ARCH='386' - elif [ ${{ runner.arch }} = 'X64' ]; then - TS_ARCH='amd64' - else - TS_ARCH='amd64' - fi - MINOR=$(echo '$VERSION' | awk -F '.' {'print $2'}) - if [ $((MINOR % 2)) -eq 0 ]; then - URL='https://pkgs.tailscale.com/stable/tailscale_${VERSION}_${TS_ARCH}.tgz' - else - URL='https://pkgs.tailscale.com/unstable/tailscale_${VERSION}_${TS_ARCH}.tgz' - fi - echo 'Downloading $URL' - curl -H user-agent:tailscale-github-action -L '$URL' -o tailscale.tgz --max-time 300 --fail - if ! [[ '$SHA256SUM' ]] ; then - SHA256SUM='$(curl -H user-agent:tailscale-github-action -L '${URL}.sha256' --fail)' - fi - echo 'Expected sha256: $SHA256SUM' - echo 'Actual sha256: $(sha256sum tailscale.tgz)' - echo '$SHA256SUM tailscale.tgz' | sha256sum -c - tar -C /tmp -xzf tailscale.tgz - rm tailscale.tgz - TSPATH=/tmp/tailscale_${VERSION}_${TS_ARCH} - sudo mv '${TSPATH}/tailscale' '${TSPATH}/tailscaled' /usr/bin - - name: Link Tailscale binaries - shell: bash - if: ${{ inputs.download == 'false' }} - run: | - TAILSCALE_PATH=$(which tailscale) - TAILSCALED_PATH=$(which tailscaled) - sudo -E ln -s -f ${TAILSCALE_PATH} /usr/bin/tailscale - sudo -E ln -s -f ${TAILSCALED_PATH} /usr/bin/tailscaled - - name: Start Tailscale Daemon - shell: bash - env: - ADDITIONAL_DAEMON_ARGS: ${{ inputs.tailscaled-args }} - run: | - sudo -E tailscaled --state=mem: ${ADDITIONAL_DAEMON_ARGS} 2>~/tailscaled.log & - # And check that tailscaled came up. The CLI will block for a bit waiting - # for it. And --json will make it exit with status 0 even if we're logged - # out (as we will be). Without --json it returns an error if we're not up. - sudo -E tailscale status --json >/dev/null - - name: Connect to Tailscale - shell: bash - env: - TAILSCALE_AUTHKEY: ${{ inputs.authkey }} - ADDITIONAL_ARGS: ${{ inputs.args }} - HOSTNAME: ${{ inputs.hostname }} - TS_EXPERIMENT_OAUTH_AUTHKEY: true - run: | - if [ -z '${HOSTNAME}' ]; then - HOSTNAME='github-$(cat /etc/hostname)' - fi - if [ -n '${{ inputs['oauth-secret'] }}' ]; then - TAILSCALE_AUTHKEY='${{ inputs['oauth-secret'] }}?preauthorized=true&ephemeral=true' - TAGS_ARG='--advertise-tags=${{ inputs.tags }}' - fi - timeout 5m sudo -E tailscale up ${TAGS_ARG} --authkey=${TAILSCALE_AUTHKEY} --hostname=${HOSTNAME} --accept-routes ${ADDITIONAL_ARGS} + using: 'composite' + steps: + - name: Check Runner OS + if: ${{ runner.os != 'Linux' }} + shell: bash + run: | + echo '::error title=⛔ error hint::Support Linux Only' + exit 1 + - name: Check Auth Info Empty + if: ${{ inputs.authkey == '' && (inputs['oauth-secret'] == '' || inputs.tags == '') }} + shell: bash + run: | + echo '::error title=⛔ error hint::OAuth identity empty, Maybe you need to populate it in the Secrets for your workflow, see more in https://docs.github.com/en/actions/security-guides/encrypted-secrets and https://tailscale.com/s/oauth-clients' + exit 1 + - name: Download Tailscale + shell: bash + if: ${{ inputs.download == 'true' }} + env: + VERSION: ${{ inputs.version }} + SHA256SUM: ${{ inputs.sha256sum }} + run: | + if [ ${{ runner.arch }} = 'ARM64' ]; then + TS_ARCH='arm64' + elif [ ${{ runner.arch }} = 'ARM' ]; then + TS_ARCH='arm' + elif [ ${{ runner.arch }} = 'X86' ]; then + TS_ARCH='386' + elif [ ${{ runner.arch }} = 'X64' ]; then + TS_ARCH='amd64' + else + TS_ARCH='amd64' + fi + MINOR=$(echo '$VERSION' | awk -F '.' {'print $2'}) + if [ $((MINOR % 2)) -eq 0 ]; then + URL='https://pkgs.tailscale.com/stable/tailscale_${VERSION}_${TS_ARCH}.tgz' + else + URL='https://pkgs.tailscale.com/unstable/tailscale_${VERSION}_${TS_ARCH}.tgz' + fi + echo 'Downloading $URL' + curl -H user-agent:tailscale-github-action -L '$URL' -o tailscale.tgz --max-time 300 --fail + if ! [[ '$SHA256SUM' ]] ; then + SHA256SUM='$(curl -H user-agent:tailscale-github-action -L '${URL}.sha256' --fail)' + fi + echo 'Expected sha256: $SHA256SUM' + echo 'Actual sha256: $(sha256sum tailscale.tgz)' + echo '$SHA256SUM tailscale.tgz' | sha256sum -c + tar -C /tmp -xzf tailscale.tgz + rm tailscale.tgz + TSPATH=/tmp/tailscale_${VERSION}_${TS_ARCH} + sudo mv '${TSPATH}/tailscale' '${TSPATH}/tailscaled' /usr/bin + - name: Link Tailscale binaries + shell: bash + if: ${{ inputs.download == 'false' }} + run: | + TAILSCALE_PATH=$(which tailscale) + TAILSCALED_PATH=$(which tailscaled) + sudo -E ln -s -f ${TAILSCALE_PATH} /usr/bin/tailscale + sudo -E ln -s -f ${TAILSCALED_PATH} /usr/bin/tailscaled + - name: Start Tailscale Daemon + shell: bash + env: + ADDITIONAL_DAEMON_ARGS: ${{ inputs.tailscaled-args }} + run: | + sudo -E tailscaled --state=mem: ${ADDITIONAL_DAEMON_ARGS} 2>~/tailscaled.log & + # And check that tailscaled came up. The CLI will block for a bit waiting + # for it. And --json will make it exit with status 0 even if we're logged + # out (as we will be). Without --json it returns an error if we're not up. + sudo -E tailscale status --json >/dev/null + - name: Connect to Tailscale + shell: bash + env: + TAILSCALE_AUTHKEY: ${{ inputs.authkey }} + ADDITIONAL_ARGS: ${{ inputs.args }} + HOSTNAME: ${{ inputs.hostname }} + TS_EXPERIMENT_OAUTH_AUTHKEY: true + run: | + if [ -z '${HOSTNAME}' ]; then + HOSTNAME='github-$(cat /etc/hostname)' + fi + if [ -n '${{ inputs['oauth-secret'] }}' ]; then + TAILSCALE_AUTHKEY='${{ inputs['oauth-secret'] }}?preauthorized=true&ephemeral=true' + TAGS_ARG='--advertise-tags=${{ inputs.tags }}' + fi + timeout 5m sudo -E tailscale up ${TAGS_ARG} --authkey=${TAILSCALE_AUTHKEY} --hostname=${HOSTNAME} --accept-routes ${ADDITIONAL_ARGS} From af286b60a057bf01be1ffdf5c13a2012fb4207b6 Mon Sep 17 00:00:00 2001 From: Oliver Borchert Date: Sun, 16 Jun 2024 23:39:31 +0200 Subject: [PATCH 7/9] Fix? --- action.yml | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/action.yml b/action.yml index b7ad958..bc208f5 100644 --- a/action.yml +++ b/action.yml @@ -51,13 +51,13 @@ runs: if: ${{ runner.os != 'Linux' }} shell: bash run: | - echo '::error title=⛔ error hint::Support Linux Only' + echo "::error title=⛔ error hint::Support Linux Only" exit 1 - name: Check Auth Info Empty if: ${{ inputs.authkey == '' && (inputs['oauth-secret'] == '' || inputs.tags == '') }} shell: bash run: | - echo '::error title=⛔ error hint::OAuth identity empty, Maybe you need to populate it in the Secrets for your workflow, see more in https://docs.github.com/en/actions/security-guides/encrypted-secrets and https://tailscale.com/s/oauth-clients' + echo "::error title=⛔ error hint::OAuth identity empty, Maybe you need to populate it in the Secrets for your workflow, see more in https://docs.github.com/en/actions/security-guides/encrypted-secrets and https://tailscale.com/s/oauth-clients" exit 1 - name: Download Tailscale shell: bash @@ -66,35 +66,35 @@ runs: VERSION: ${{ inputs.version }} SHA256SUM: ${{ inputs.sha256sum }} run: | - if [ ${{ runner.arch }} = 'ARM64' ]; then - TS_ARCH='arm64' - elif [ ${{ runner.arch }} = 'ARM' ]; then - TS_ARCH='arm' - elif [ ${{ runner.arch }} = 'X86' ]; then - TS_ARCH='386' - elif [ ${{ runner.arch }} = 'X64' ]; then - TS_ARCH='amd64' + if [ ${{ runner.arch }} = "ARM64" ]; then + TS_ARCH="arm64" + elif [ ${{ runner.arch }} = "ARM" ]; then + TS_ARCH="arm" + elif [ ${{ runner.arch }} = "X86" ]; then + TS_ARCH="386" + elif [ ${{ runner.arch }} = "X64" ]; then + TS_ARCH="amd64" else - TS_ARCH='amd64' + TS_ARCH="amd64" fi - MINOR=$(echo '$VERSION' | awk -F '.' {'print $2'}) + MINOR=$(echo "$VERSION" | awk -F '.' {'print $2'}) if [ $((MINOR % 2)) -eq 0 ]; then - URL='https://pkgs.tailscale.com/stable/tailscale_${VERSION}_${TS_ARCH}.tgz' + URL="https://pkgs.tailscale.com/stable/tailscale_${VERSION}_${TS_ARCH}.tgz" else - URL='https://pkgs.tailscale.com/unstable/tailscale_${VERSION}_${TS_ARCH}.tgz' + URL="https://pkgs.tailscale.com/unstable/tailscale_${VERSION}_${TS_ARCH}.tgz" fi - echo 'Downloading $URL' - curl -H user-agent:tailscale-github-action -L '$URL' -o tailscale.tgz --max-time 300 --fail - if ! [[ '$SHA256SUM' ]] ; then - SHA256SUM='$(curl -H user-agent:tailscale-github-action -L '${URL}.sha256' --fail)' + echo "Downloading $URL" + curl -H user-agent:tailscale-github-action -L "$URL" -o tailscale.tgz --max-time 300 --fail + if ! [[ "$SHA256SUM" ]] ; then + SHA256SUM="$(curl -H user-agent:tailscale-github-action -L "${URL}.sha256" --fail)" fi - echo 'Expected sha256: $SHA256SUM' - echo 'Actual sha256: $(sha256sum tailscale.tgz)' - echo '$SHA256SUM tailscale.tgz' | sha256sum -c + echo "Expected sha256: $SHA256SUM" + echo "Actual sha256: $(sha256sum tailscale.tgz)" + echo "$SHA256SUM tailscale.tgz" | sha256sum -c tar -C /tmp -xzf tailscale.tgz rm tailscale.tgz TSPATH=/tmp/tailscale_${VERSION}_${TS_ARCH} - sudo mv '${TSPATH}/tailscale' '${TSPATH}/tailscaled' /usr/bin + sudo mv "${TSPATH}/tailscale" "${TSPATH}/tailscaled" /usr/bin - name: Link Tailscale binaries shell: bash if: ${{ inputs.download == 'false' }} From 45b3c1089e56e9072d6de8414e269e0390b62e65 Mon Sep 17 00:00:00 2001 From: Oliver Borchert Date: Sun, 16 Jun 2024 23:40:16 +0200 Subject: [PATCH 8/9] Fix? --- action.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/action.yml b/action.yml index bc208f5..7719283 100644 --- a/action.yml +++ b/action.yml @@ -121,11 +121,11 @@ runs: HOSTNAME: ${{ inputs.hostname }} TS_EXPERIMENT_OAUTH_AUTHKEY: true run: | - if [ -z '${HOSTNAME}' ]; then - HOSTNAME='github-$(cat /etc/hostname)' + if [ -z "${HOSTNAME}" ]; then + HOSTNAME="github-$(cat /etc/hostname)" fi - if [ -n '${{ inputs['oauth-secret'] }}' ]; then - TAILSCALE_AUTHKEY='${{ inputs['oauth-secret'] }}?preauthorized=true&ephemeral=true' - TAGS_ARG='--advertise-tags=${{ inputs.tags }}' + if [ -n "${{ inputs['oauth-secret'] }}" ]; then + TAILSCALE_AUTHKEY="${{ inputs['oauth-secret'] }}?preauthorized=true&ephemeral=true" + TAGS_ARG="--advertise-tags=${{ inputs.tags }}" fi timeout 5m sudo -E tailscale up ${TAGS_ARG} --authkey=${TAILSCALE_AUTHKEY} --hostname=${HOSTNAME} --accept-routes ${ADDITIONAL_ARGS} From 51383750648119e8c9231e0c5c150a20afb3b9f4 Mon Sep 17 00:00:00 2001 From: Oliver Borchert Date: Mon, 17 Jun 2024 22:10:15 +0200 Subject: [PATCH 9/9] Link conditionally --- action.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 7719283..42e13aa 100644 --- a/action.yml +++ b/action.yml @@ -101,8 +101,12 @@ runs: run: | TAILSCALE_PATH=$(which tailscale) TAILSCALED_PATH=$(which tailscaled) - sudo -E ln -s -f ${TAILSCALE_PATH} /usr/bin/tailscale - sudo -E ln -s -f ${TAILSCALED_PATH} /usr/bin/tailscaled + if [[ ! -f /usr/bin/tailscale ]]; then + sudo -E ln -s -f ${TAILSCALE_PATH} /usr/bin/tailscale + fi + if [[ ! -f /usr/bin/tailscaled ]]; then + sudo -E ln -s -f ${TAILSCALED_PATH} /usr/bin/tailscaled + fi - name: Start Tailscale Daemon shell: bash env: