github-action icon indicating copy to clipboard operation
github-action copied to clipboard
verified publisher icon tailscale

GitHub Action Failing with Error in Tailscale Setup

Open rexdivakar opened this issue 1 year ago • 3 comments

The TS_OAUTH_CLIENT_ID and TS_OAUTH_SECRET secrets are confirmed to be set correctly, as indicated by the "Debug Secrets" step.

The error occurs specifically during the "Set up Tailscale" step.

Please provide guidance on resolving this issue or suggest modifications to the workflow to ensure it works correctly.

on:
  push:
    branches:
      - main

jobs:
  connect:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Debug Secrets
        run: |
          echo "Checking TS_OAUTH_CLIENT_ID"
          if [ -z "${{ secrets.TS_OAUTH_CLIENT_ID }}" ]; then
            echo "::error::TS_OAUTH_CLIENT_ID is empty"
            exit 1
          else
            echo "TS_OAUTH_CLIENT_ID is set"
          fi
          echo "Checking TS_OAUTH_SECRET"
          if [ -z "${{ secrets.TS_OAUTH_SECRET }}" ]; then
            echo "::error::TS_OAUTH_SECRET is empty"
            exit 1
          else
            echo "TS_OAUTH_SECRET is set"
          fi


      - name: Set up Tailscale
        uses: tailscale/github-action@v2
        with:
          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
          # tags: tag:ci
          version: 1.52.0

      - name: Verify Tailscale connection
        run: |
          tailscale ping <IP ADDRESS>
image

rexdivakar avatar Aug 18 '24 05:08 rexdivakar

I am having the same issue. My secrets are set, but I am getting the message that I need to populate them for my workflow. My secrets are at the organizational level, and these worked when I set them up 2 months ago

xLionTamer avatar Sep 03 '24 16:09 xLionTamer

Hey @xLionTamer I got them figured out you can use my template and try it by setting up TS_OAUTH_CLIENT_ID

name: Tailscale_deploy
on:
  push:
    branches:
      - main

jobs:
  deploy-via-tailscale:
    runs-on: ubuntu-latest
    steps:
      - name: Check out code
        uses: actions/checkout@v2

      - name: Debug Secrets
        run: |
          echo "Checking TS_OAUTH_CLIENT_ID"
          if [ -z "${{ secrets.TS_OAUTH_CLIENT_ID }}" ]; then
            echo "::error::TS_OAUTH_CLIENT_ID is empty"
            exit 1
          else
            echo "TS_OAUTH_CLIENT_ID is set"
          fi
          echo "Checking TS_OAUTH_SECRET"
          if [ -z "${{ secrets.TS_OAUTH_SECRET }}" ]; then
            echo "::error::TS_OAUTH_SECRET is empty"
            exit 1
          else
            echo "TS_OAUTH_SECRET is set"
          fi

      - name: Setup Tailscale
        uses: tailscale/github-action@v2
        with:
          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
          tags: tag:ci

      - name: Verify Tailscale connection
        run: |
          tailscale ping <NODE IP>
        
      - name: Deploy Application
        run: |
            echo "Deploying application..."
            sshpass -p ${{ secrets.HOSTKEY }} ssh -o StrictHostKeyChecking=no debian@<NODE IP> \
            "hostname > /tmp/hostname.txt && echo 'Deployment successful' > /tmp/deploy_status.txt"

rexdivakar avatar Sep 03 '24 17:09 rexdivakar

The fix is, you must use the tag:cli and define it in the ACL sector at the Tailscale admin page.

caejb avatar Sep 19 '24 06:09 caejb