c0c4791ce7
In a situation when manual edits are made on the admin panel, around the GitOps process, the pusher will be stuck if `--fail-on-manual-edits` is set, as expected. To recover from this, there are 2 options: 1. revert the admin panel changes to get back in sync with the code 2. check in the manual edits to code The former will work well, since previous and local ETags will match control ETag again. The latter will still fail, since local and control ETags match, but previous does not. For this situation, check the local ETag against control first and ignore previous when things are already in sync. Updates https://github.com/tailscale/corp/issues/22177 Signed-off-by: Andrew Lytvynov <awly@tailscale.com> |
||
---|---|---|
.. | ||
.gitignore | ||
README.md | ||
cache.go | ||
gitops-pusher.go | ||
gitops-pusher_test.go |
README.md
gitops-pusher
This is a small tool to help people achieve a GitOps workflow with Tailscale ACL changes. This tool is intended to be used in a CI flow that looks like this:
name: Tailscale ACL syncing
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
acls:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Go environment
uses: actions/setup-go@v3.2.0
- name: Install gitops-pusher
run: go install tailscale.com/cmd/gitops-pusher@latest
- name: Deploy ACL
if: github.event_name == 'push'
env:
TS_API_KEY: ${{ secrets.TS_API_KEY }}
TS_TAILNET: ${{ secrets.TS_TAILNET }}
run: |
~/go/bin/gitops-pusher --policy-file ./policy.hujson apply
- name: ACL tests
if: github.event_name == 'pull_request'
env:
TS_API_KEY: ${{ secrets.TS_API_KEY }}
TS_TAILNET: ${{ secrets.TS_TAILNET }}
run: |
~/go/bin/gitops-pusher --policy-file ./policy.hujson test
Change the value of the --policy-file
flag to point to the policy file on
disk. Policy files should be in HuJSON
format.