Skip to main content
← Back to workflows

How to Use Tailscale GitHub Action

tailscale/github-action -
GitHub Action
Tailscale access v2
565
Contributors
Contributor - DentonGentryContributor - patrickodContributor - tendstofortytwo
Categories
GitHub
CICUBE ANALYTICS INSIGHTS
Engineering Velocity: 25% Team Time Lost to CI Issues
View Platform →
3.5h
Time Saved/Dev/Week
40%
Faster Releases
Click for next insight
Usage
  - name: Tailscale
    uses: tailscale/github-action@v2

github-action logo

github-action

A GitHub Action to connect your workflow to your Tailscale network.

The Tailscale GitHub Action allows you to access nodes in your Tailnet from subsequent steps in your Action workflows. To configure and use this Action effectively:

OAuth Client Configuration

Configure your OAuth client to grant access to your Tailnet nodes with the following parameters:

  • oauth-client-id and oauth-secret: These are the OAuth client credentials for accessing Tailnet. Securely save these as GitHub Encrypted Secrets.
  • tags: A comma-separated list of one or more ACL Tags for the node. At least one tag is required since an OAuth client is not associated with any users on the Tailnet and has to tag its nodes.

Thus, secure and controlled access within the Tailnet is assured with appropriate tagging of nodes and safe storage of OAuth credentials.

How to Define Tailscale Version

You can specify which version of Tailscale to use by setting the version parameter in the workflow file. Here’s a sample configuration:

- name: Tailscale
  uses: tailscale/github-action@v2
  with:
    oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
    oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
    tags: tag:ci
    version: 1.52.0

Adding the version denotes consistency and compatibility with other tools and procedures implemented in your CI/CD pipeline.

Full Configuration Example

Below is a full example of how to configure Tailscale GitHub Action in your workflow:

name: Example Tailscale Workflow
on: push
jobs:
  tailscale-access:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Set up Tailscale
        uses: tailscale/github-action@v2
        with:
          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
          tags: tag:ci
          version: 1.52.0
      - name: Subsequent Step
        run: echo "Accessing nodes in the Tailnet..."

This example demonstrates how to set up Tailscale and access nodes within your CI workflow. Ensure you replace the placeholder secrets with your actual encrypted secrets.

The following example demonstrates how you can configure Tailscale to connect to all your nodes throughout the workflow in your CI. Make sure to replace the placeholder secrets with your actual encrypted secrets.

Managing Node Lifecycle

This Action-created Nodes are ephemeral — they're automatically removed from the coordination server shortly after they finish running. Such nodes are also preapproved on Tailnets that use Device Approval. The ephemeral character of these nodes helps ensure the security and cleanliness of the telnet because unused nodes are not stored for a more extended period than necessary in a network.

So you can include Tailscale in your GitHub Actions workflow, ensuring easy and cost-effective access to your Tailnet nodes. Through this configuration, security is enhanced and, as a result, the management of accesses and versions will be flexible.