From 70f1abcd8a68d23c9db2853a3dbe12b7c4732ea3 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Fri, 8 Aug 2025 05:12:48 +0200 Subject: [PATCH 01/21] CORE-895 use tailscale github action to connect to our private network --- .github/workflows/nomad-pack.yml | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index b8e421a..0d89eff 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -47,6 +47,17 @@ on: required: false type: string description: The item name in one password "secrets" vault for the cluster's nomad token. + ts_client_id_secret_name: + required: false + type: string + default: github_actions_tailscale_client_id + description: The item name in one password "secrets" vault for the tailscale client id. + + ts_client_secret_secret_name: + required: false + type: string + default: github_actions_tailscale_client_id + description: The item name in one password "secrets" vault for the tailscale client secret. code_version: required: false type: string @@ -65,6 +76,8 @@ on: op_service_account_token: required: false description: "OnePassword service account token" +env: + NOMAD_PACK_VERSION: "0.1.1" jobs: slack-notify-start: @@ -77,7 +90,8 @@ jobs: slack_bot_token: ${{ secrets.slack_bot_token }} nomad: - runs-on: [self-hosted, generic, nomad] + runs-on: ubuntu-latest + if: ${{ github.event_name != 'pull_request' && inputs.run_deploy }} steps: - name: Check if docker image is set shell: bash {0} @@ -86,6 +100,12 @@ jobs: - uses: actions/checkout@v4 id: checkout + - name: Setup `nomad-pack` + uses: hashicorp/setup-nomad-pack@main + id: setup-nomad-pack + with: + version: ${{ env.NOMAD_PACK_VERSION }} + - name: Check for nomad_token input is set id: secret-check # perform secret check & put boolean result as an output @@ -109,6 +129,16 @@ jobs: env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.op_service_account_token }} NOMAD_TOKEN: ${{ format('op://secrets/{0}/password', inputs.op_secret_name) }} + TS_OAUTH_CLIENT_ID: ${{ format('op://secrets/{0}/password', inputs.ts_client_id_secret_name) }} + TS_OAUTH_SECRET: ${{ format('op://secrets/{0}/password', inputs.ts_client_secret_secret_name) }} + + + - name: Tailscale + uses: tailscale/github-action@v3 + with: + oauth-client-id: ${{ env.TS_OAUTH_CLIENT_ID }} + oauth-secret: ${{ env.TS_OAUTH_SECRET }} + use-cache: 'true' - name: Setup SSH uses: webfactory/ssh-agent@v0.9.0 with: From 2fa3f0c9d589f23596c7c3913883b4b0259d27b4 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Fri, 8 Aug 2025 05:14:21 +0200 Subject: [PATCH 02/21] CORE-895 use tailscale github action to connect to our private network --- .github/workflows/nomad-pack.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 0d89eff..5611bae 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -91,7 +91,6 @@ jobs: nomad: runs-on: ubuntu-latest - if: ${{ github.event_name != 'pull_request' && inputs.run_deploy }} steps: - name: Check if docker image is set shell: bash {0} From 089ef110dba57d761abacb3b1df39cfc7decdec9 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Wed, 24 Sep 2025 17:04:18 +0200 Subject: [PATCH 03/21] CORE-895 use TS auth key --- .github/workflows/nomad-pack.yml | 17 +++++++++++------ .python-version | 2 ++ 2 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 .python-version diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 5611bae..4d6e76b 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -51,13 +51,19 @@ on: required: false type: string default: github_actions_tailscale_client_id - description: The item name in one password "secrets" vault for the tailscale client id. - + description: The item name in one password "secrets" vault for the tailscale client id. + ts_client_secret_secret_name: required: false type: string default: github_actions_tailscale_client_id - description: The item name in one password "secrets" vault for the tailscale client secret. + description: The item name in one password "secrets" vault for the tailscale client secret. + + ts_authkey_secret_name: + required: false + type: string + default: github_actions_tailscale_client_id + description: The item name in one password "secrets" vault for the tailscale client secret. code_version: required: false type: string @@ -104,7 +110,7 @@ jobs: id: setup-nomad-pack with: version: ${{ env.NOMAD_PACK_VERSION }} - + - name: Check for nomad_token input is set id: secret-check # perform secret check & put boolean result as an output @@ -131,13 +137,12 @@ jobs: TS_OAUTH_CLIENT_ID: ${{ format('op://secrets/{0}/password', inputs.ts_client_id_secret_name) }} TS_OAUTH_SECRET: ${{ format('op://secrets/{0}/password', inputs.ts_client_secret_secret_name) }} - - name: Tailscale uses: tailscale/github-action@v3 with: oauth-client-id: ${{ env.TS_OAUTH_CLIENT_ID }} oauth-secret: ${{ env.TS_OAUTH_SECRET }} - use-cache: 'true' + use-cache: "true" - name: Setup SSH uses: webfactory/ssh-agent@v0.9.0 with: diff --git a/.python-version b/.python-version new file mode 100644 index 0000000..b5b25d2 --- /dev/null +++ b/.python-version @@ -0,0 +1,2 @@ +3.12.3 +3.10.4 From 8fe1497871d04ed4d21d4a8e2a44f92262868021 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Wed, 24 Sep 2025 17:04:50 +0200 Subject: [PATCH 04/21] CORE-895 use TS auth key --- .python-version | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 .python-version diff --git a/.python-version b/.python-version deleted file mode 100644 index b5b25d2..0000000 --- a/.python-version +++ /dev/null @@ -1,2 +0,0 @@ -3.12.3 -3.10.4 From 0cc659e013954d34a1c3a82db5da3af02f51792a Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Wed, 24 Sep 2025 17:10:49 +0200 Subject: [PATCH 05/21] CORE-895 use TS auth key --- .github/workflows/nomad-pack.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 4d6e76b..d29c512 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -136,12 +136,14 @@ jobs: NOMAD_TOKEN: ${{ format('op://secrets/{0}/password', inputs.op_secret_name) }} TS_OAUTH_CLIENT_ID: ${{ format('op://secrets/{0}/password', inputs.ts_client_id_secret_name) }} TS_OAUTH_SECRET: ${{ format('op://secrets/{0}/password', inputs.ts_client_secret_secret_name) }} + TS_OAUTH_KEY: ${{ format('op://secrets/{0}/password', inputs.ts_authkey_secret_name) }} - name: Tailscale uses: tailscale/github-action@v3 with: - oauth-client-id: ${{ env.TS_OAUTH_CLIENT_ID }} - oauth-secret: ${{ env.TS_OAUTH_SECRET }} + # oauth-client-id: ${{ env.TS_OAUTH_CLIENT_ID }} + # oauth-secret: ${{ env.TS_OAUTH_SECRET }} + authkey: ${{ env.TS_OAUTH_KEY }} use-cache: "true" - name: Setup SSH uses: webfactory/ssh-agent@v0.9.0 From 5cb7319ac35732993f5e784e20e493aefc707857 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Wed, 24 Sep 2025 17:11:57 +0200 Subject: [PATCH 06/21] CORE-895 use TS auth key --- .github/workflows/nomad-pack.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index d29c512..9c31e56 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -134,8 +134,8 @@ jobs: env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.op_service_account_token }} NOMAD_TOKEN: ${{ format('op://secrets/{0}/password', inputs.op_secret_name) }} - TS_OAUTH_CLIENT_ID: ${{ format('op://secrets/{0}/password', inputs.ts_client_id_secret_name) }} - TS_OAUTH_SECRET: ${{ format('op://secrets/{0}/password', inputs.ts_client_secret_secret_name) }} + # TS_OAUTH_CLIENT_ID: ${{ format('op://secrets/{0}/password', inputs.ts_client_id_secret_name) }} + # TS_OAUTH_SECRET: ${{ format('op://secrets/{0}/password', inputs.ts_client_secret_secret_name) }} TS_OAUTH_KEY: ${{ format('op://secrets/{0}/password', inputs.ts_authkey_secret_name) }} - name: Tailscale From e422023c9507b1de246d228ad4686ab9cd1c2297 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Wed, 24 Sep 2025 17:21:27 +0200 Subject: [PATCH 07/21] CORE-895 add nomad binary --- .github/workflows/nomad-pack.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 9c31e56..e500fb5 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -84,6 +84,7 @@ on: description: "OnePassword service account token" env: NOMAD_PACK_VERSION: "0.1.1" + NOMAD_VERSION: "1.10.3" jobs: slack-notify-start: @@ -105,6 +106,12 @@ jobs: - uses: actions/checkout@v4 id: checkout + - name: Setup `nomad` + uses: hashicorp/setup-nomad@main + id: setup + with: + version: ${{ env.NOMAD_VERSION }} + - name: Setup `nomad-pack` uses: hashicorp/setup-nomad-pack@main id: setup-nomad-pack From c0dc6844ce8a5ff034178c0d02eeaf8e5cbcbb31 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Wed, 24 Sep 2025 17:29:28 +0200 Subject: [PATCH 08/21] CORE-895 test connection --- .github/workflows/nomad-pack.yml | 176 ++++++++++++++++--------------- 1 file changed, 89 insertions(+), 87 deletions(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index e500fb5..1f4d7f0 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -167,59 +167,61 @@ jobs: run: | nomad-pack registry add remerge-pack ${{ inputs.registry }} - - name: Validate Nomad Configurations - id: nomad_validate - env: - NOMAD_ADDR: ${{ inputs.api_url }} - NOMAD_VAR_task_image: ${{ inputs.image_name }} - NOMAD_VAR_cluster: ${{ inputs.cluster }} - NOMAD_VAR_environment: ${{ inputs.environment }} - run: | - nomad-pack render ${{ inputs.pack_name }} \ - --var='task_image=${{ inputs.image_name }}' \ - --var='git_workflow_run_id=${{ github.run_id }}' \ - --var='cluster=${{ inputs.cluster }}' \ - --var='environment=${{ inputs.environment }}' \ - --var='code_version=${{ inputs.code_version || steps.checkout.outputs.commit }}' \ - --var-file=${{ inputs.variables_file_name }} \ - --name=${{ inputs.name }} --registry=remerge-pack \ - | tail -n +2 | nomad job validate - + - run: ping -c 2 10.32.32.103 - - name: Run Nomad Pack Plan - id: nomad_pack_plan - if: ${{ inputs.run_plan }} - env: - NOMAD_TOKEN: ${{ env.NOMAD_TOKEN }} - NOMAD_ADDR: ${{ inputs.api_url }} - # continue on error; default is `bash -e {0}` - shell: bash {0} - run: | - res=$(nomad-pack plan ${{ inputs.pack_name }} \ - --var='task_image=${{ inputs.image_name }}' \ - --var='git_workflow_run_id=${{ github.run_id }}' \ - --var='cluster=${{ inputs.cluster }}' \ - --var='environment=${{ inputs.environment }}' \ - --var='code_version=${{ inputs.code_version || steps.checkout.outputs.commit }}' \ - --var-file=${{ inputs.variables_file_name }} \ - --name=${{ inputs.name }} --registry=remerge-pack \ - --exit-code-makes-changes=0) + # - name: Validate Nomad Configurations + # id: nomad_validate + # env: + # NOMAD_ADDR: ${{ inputs.api_url }} + # NOMAD_VAR_task_image: ${{ inputs.image_name }} + # NOMAD_VAR_cluster: ${{ inputs.cluster }} + # NOMAD_VAR_environment: ${{ inputs.environment }} + # run: | + # nomad-pack render ${{ inputs.pack_name }} \ + # --var='task_image=${{ inputs.image_name }}' \ + # --var='git_workflow_run_id=${{ github.run_id }}' \ + # --var='cluster=${{ inputs.cluster }}' \ + # --var='environment=${{ inputs.environment }}' \ + # --var='code_version=${{ inputs.code_version || steps.checkout.outputs.commit }}' \ + # --var-file=${{ inputs.variables_file_name }} \ + # --name=${{ inputs.name }} --registry=remerge-pack \ + # | tail -n +2 | nomad job validate - + + # - name: Run Nomad Pack Plan + # id: nomad_pack_plan + # if: ${{ inputs.run_plan }} + # env: + # NOMAD_TOKEN: ${{ env.NOMAD_TOKEN }} + # NOMAD_ADDR: ${{ inputs.api_url }} + # # continue on error; default is `bash -e {0}` + # shell: bash {0} + # run: | + # res=$(nomad-pack plan ${{ inputs.pack_name }} \ + # --var='task_image=${{ inputs.image_name }}' \ + # --var='git_workflow_run_id=${{ github.run_id }}' \ + # --var='cluster=${{ inputs.cluster }}' \ + # --var='environment=${{ inputs.environment }}' \ + # --var='code_version=${{ inputs.code_version || steps.checkout.outputs.commit }}' \ + # --var-file=${{ inputs.variables_file_name }} \ + # --name=${{ inputs.name }} --registry=remerge-pack \ + # --exit-code-makes-changes=0) - # save exit code for later - ret=$? + # # save exit code for later + # ret=$? - echo "${res}" - res="${res//'%'/'%25'}" - res="${res//$'\n'/'%0A'}" - res="${res//$'\r'/'%0D'}" + # echo "${res}" + # res="${res//'%'/'%25'}" + # res="${res//$'\n'/'%0A'}" + # res="${res//$'\r'/'%0D'}" - { - echo "stdout<> "${GITHUB_OUTPUT}" + # { + # echo "stdout<> "${GITHUB_OUTPUT}" - # let the next step know how everything went - exit ${ret} + # # let the next step know how everything went + # exit ${ret} # - name: PR Comment # if: ${{ github.event_name == 'pull_request' && inputs.run_plan }} @@ -234,45 +236,45 @@ jobs: # body: `Nomad Plan for ${{ inputs.cluster }} \n ${{ steps.nomad_pack_plan.outputs.stdout }}` # }) - - name: Create github deployment - if: ${{ github.event_name != 'pull_request' && inputs.run_deploy }} - id: deployment - uses: chrnorm/deployment-action@v2 - with: - environment: ${{ inputs.environment }} - token: "${{ github.token }}" + # - name: Create github deployment + # if: ${{ github.event_name != 'pull_request' && inputs.run_deploy }} + # id: deployment + # uses: chrnorm/deployment-action@v2 + # with: + # environment: ${{ inputs.environment }} + # token: "${{ github.token }}" - - name: Deploy to Nomad - id: nomad_deployment - if: ${{ github.event_name != 'pull_request' && inputs.run_deploy }} - env: - NOMAD_TOKEN: ${{ env.NOMAD_TOKEN }} - NOMAD_ADDR: ${{ inputs.api_url }} - run: | - nomad-pack run ${{ inputs.pack_name }} \ - --var='task_image=${{ inputs.image_name }}' \ - --var='git_workflow_run_id=${{ github.run_id }}' \ - --var='cluster=${{ inputs.cluster }}' \ - --var='code_version=${{ inputs.code_version || steps.checkout.outputs.commit }}' \ - --var='environment=${{ inputs.environment }}' \ - --var-file=${{ inputs.variables_file_name }} \ - --name=${{ inputs.name }} --registry=remerge-pack + # - name: Deploy to Nomad + # id: nomad_deployment + # if: ${{ github.event_name != 'pull_request' && inputs.run_deploy }} + # env: + # NOMAD_TOKEN: ${{ env.NOMAD_TOKEN }} + # NOMAD_ADDR: ${{ inputs.api_url }} + # run: | + # nomad-pack run ${{ inputs.pack_name }} \ + # --var='task_image=${{ inputs.image_name }}' \ + # --var='git_workflow_run_id=${{ github.run_id }}' \ + # --var='cluster=${{ inputs.cluster }}' \ + # --var='code_version=${{ inputs.code_version || steps.checkout.outputs.commit }}' \ + # --var='environment=${{ inputs.environment }}' \ + # --var-file=${{ inputs.variables_file_name }} \ + # --name=${{ inputs.name }} --registry=remerge-pack - - name: Update github deployment status - if: ${{ github.event_name != 'pull_request' && inputs.run_deploy }} - uses: chrnorm/deployment-status@v2 - with: - token: "${{ github.token }}" - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - state: "${{ steps.nomad_deployment.outcome }}" + # - name: Update github deployment status + # if: ${{ github.event_name != 'pull_request' && inputs.run_deploy }} + # uses: chrnorm/deployment-status@v2 + # with: + # token: "${{ github.token }}" + # deployment-id: ${{ steps.deployment.outputs.deployment_id }} + # state: "${{ steps.nomad_deployment.outcome }}" - slack-notify-finish: - if: ${{ always() && needs.nomad.result != 'skipped' && github.event_name != 'pull_request' && inputs.run_deploy }} - needs: [nomad, slack-notify-start] - uses: remerge/workflows/.github/workflows/slack-notify.yml@main - with: - cluster: ${{ inputs.cluster }} - status: ${{ needs.nomad.result }} - update_ts: ${{ needs.slack-notify-start.outputs.ts }} - secrets: - slack_bot_token: ${{ secrets.slack_bot_token }} + # slack-notify-finish: + # if: ${{ always() && needs.nomad.result != 'skipped' && github.event_name != 'pull_request' && inputs.run_deploy }} + # needs: [nomad, slack-notify-start] + # uses: remerge/workflows/.github/workflows/slack-notify.yml@main + # with: + # cluster: ${{ inputs.cluster }} + # status: ${{ needs.nomad.result }} + # update_ts: ${{ needs.slack-notify-start.outputs.ts }} + # secrets: + # slack_bot_token: ${{ secrets.slack_bot_token }} From a3c8b0ad12c037adf859e109bcff4f069c22d723 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Thu, 25 Sep 2025 09:31:49 +0200 Subject: [PATCH 09/21] CORE-895 --- .github/workflows/nomad-pack.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 1f4d7f0..7c704e1 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -167,7 +167,9 @@ jobs: run: | nomad-pack registry add remerge-pack ${{ inputs.registry }} - - run: ping -c 2 10.32.32.103 + - run: | + tailscale status + ping -c 2 10.32.32.103 # - name: Validate Nomad Configurations # id: nomad_validate From 4b273a30d05234b99b2a3d1af6cbc7fc5234a4f4 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Thu, 25 Sep 2025 09:34:47 +0200 Subject: [PATCH 10/21] CORE-895 --- .github/workflows/nomad-pack.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 7c704e1..9db5bf4 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -87,15 +87,6 @@ env: NOMAD_VERSION: "1.10.3" jobs: - slack-notify-start: - uses: remerge/workflows/.github/workflows/slack-notify.yml@main - if: ${{ github.event_name != 'pull_request' && inputs.run_deploy }} - with: - cluster: ${{ inputs.cluster }} - status: running - secrets: - slack_bot_token: ${{ secrets.slack_bot_token }} - nomad: runs-on: ubuntu-latest steps: From faaa73a1a58b391bd77d9f5d95c5f0bfc96586e5 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Thu, 25 Sep 2025 09:54:17 +0200 Subject: [PATCH 11/21] CORE-895 --- .github/workflows/nomad-pack.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 9db5bf4..18c1f2d 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -143,6 +143,7 @@ jobs: # oauth-secret: ${{ env.TS_OAUTH_SECRET }} authkey: ${{ env.TS_OAUTH_KEY }} use-cache: "true" + tags: "tag:tailscale" - name: Setup SSH uses: webfactory/ssh-agent@v0.9.0 with: @@ -157,9 +158,8 @@ jobs: - name: Add Nomad pack registry run: | nomad-pack registry add remerge-pack ${{ inputs.registry }} - - run: | - tailscale status + tailscale status -json ping -c 2 10.32.32.103 # - name: Validate Nomad Configurations From 7dd14028c71545b634e7e654c9bb3805c580e0fc Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Thu, 25 Sep 2025 11:09:08 +0200 Subject: [PATCH 12/21] CORE-895 --- .github/workflows/nomad-pack.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 18c1f2d..6a9b88b 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -132,16 +132,16 @@ jobs: env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.op_service_account_token }} NOMAD_TOKEN: ${{ format('op://secrets/{0}/password', inputs.op_secret_name) }} - # TS_OAUTH_CLIENT_ID: ${{ format('op://secrets/{0}/password', inputs.ts_client_id_secret_name) }} - # TS_OAUTH_SECRET: ${{ format('op://secrets/{0}/password', inputs.ts_client_secret_secret_name) }} - TS_OAUTH_KEY: ${{ format('op://secrets/{0}/password', inputs.ts_authkey_secret_name) }} + TS_OAUTH_CLIENT_ID: ${{ format('op://secrets/{0}/username', inputs.ts_client_secret_secret_name) }} + TS_OAUTH_SECRET: ${{ format('op://secrets/{0}/password', inputs.ts_client_secret_secret_name) }} + # TS_OAUTH_KEY: ${{ format('op://secrets/{0}/password', inputs.ts_authkey_secret_name) }} - name: Tailscale uses: tailscale/github-action@v3 with: - # oauth-client-id: ${{ env.TS_OAUTH_CLIENT_ID }} - # oauth-secret: ${{ env.TS_OAUTH_SECRET }} - authkey: ${{ env.TS_OAUTH_KEY }} + oauth-client-id: ${{ env.TS_OAUTH_CLIENT_ID }} + oauth-secret: ${{ env.TS_OAUTH_SECRET }} + # authkey: ${{ env.TS_OAUTH_KEY }} use-cache: "true" tags: "tag:tailscale" - name: Setup SSH From 9917e64df71fc1faad25d0981bfec7ae3d091bf6 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Thu, 25 Sep 2025 11:14:40 +0200 Subject: [PATCH 13/21] CORE-895 --- .github/workflows/nomad-pack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 6a9b88b..2a06df0 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -143,7 +143,7 @@ jobs: oauth-secret: ${{ env.TS_OAUTH_SECRET }} # authkey: ${{ env.TS_OAUTH_KEY }} use-cache: "true" - tags: "tag:tailscale" + # tags: "tag:tailscale" - name: Setup SSH uses: webfactory/ssh-agent@v0.9.0 with: From 6a3782c48843d633b96b29ca8c896d0a0ee52705 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Thu, 25 Sep 2025 11:24:57 +0200 Subject: [PATCH 14/21] CORE-895 --- .github/workflows/nomad-pack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 2a06df0..6a9b88b 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -143,7 +143,7 @@ jobs: oauth-secret: ${{ env.TS_OAUTH_SECRET }} # authkey: ${{ env.TS_OAUTH_KEY }} use-cache: "true" - # tags: "tag:tailscale" + tags: "tag:tailscale" - name: Setup SSH uses: webfactory/ssh-agent@v0.9.0 with: From 369d2d294ab1d8bd9e3967a2440caeacffa10d6c Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Thu, 25 Sep 2025 11:24:57 +0200 Subject: [PATCH 15/21] CORE-895 --- .github/workflows/nomad-pack.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 6a9b88b..7ec29c9 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -50,13 +50,13 @@ on: ts_client_id_secret_name: required: false type: string - default: github_actions_tailscale_client_id + default: gnetwork.tailscale_oauth_github_client_id description: The item name in one password "secrets" vault for the tailscale client id. ts_client_secret_secret_name: required: false type: string - default: github_actions_tailscale_client_id + default: network.tailscale_oauth_github_secret description: The item name in one password "secrets" vault for the tailscale client secret. ts_authkey_secret_name: @@ -132,7 +132,7 @@ jobs: env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.op_service_account_token }} NOMAD_TOKEN: ${{ format('op://secrets/{0}/password', inputs.op_secret_name) }} - TS_OAUTH_CLIENT_ID: ${{ format('op://secrets/{0}/username', inputs.ts_client_secret_secret_name) }} + TS_OAUTH_CLIENT_ID: ${{ format('op://secrets/{0}/password', inputs.ts_client_id_secret_name) }} TS_OAUTH_SECRET: ${{ format('op://secrets/{0}/password', inputs.ts_client_secret_secret_name) }} # TS_OAUTH_KEY: ${{ format('op://secrets/{0}/password', inputs.ts_authkey_secret_name) }} @@ -143,7 +143,7 @@ jobs: oauth-secret: ${{ env.TS_OAUTH_SECRET }} # authkey: ${{ env.TS_OAUTH_KEY }} use-cache: "true" - tags: "tag:tailscale" + tags: "tag:github" - name: Setup SSH uses: webfactory/ssh-agent@v0.9.0 with: From 8836bb3d5add12517dd8b8e121c7c7cd1c00f135 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Thu, 25 Sep 2025 15:36:04 +0200 Subject: [PATCH 16/21] CORE-895 --- .github/workflows/nomad-pack.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 7ec29c9..a78178e 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -50,7 +50,7 @@ on: ts_client_id_secret_name: required: false type: string - default: gnetwork.tailscale_oauth_github_client_id + default: network.tailscale_oauth_github_client_id description: The item name in one password "secrets" vault for the tailscale client id. ts_client_secret_secret_name: @@ -134,7 +134,6 @@ jobs: NOMAD_TOKEN: ${{ format('op://secrets/{0}/password', inputs.op_secret_name) }} TS_OAUTH_CLIENT_ID: ${{ format('op://secrets/{0}/password', inputs.ts_client_id_secret_name) }} TS_OAUTH_SECRET: ${{ format('op://secrets/{0}/password', inputs.ts_client_secret_secret_name) }} - # TS_OAUTH_KEY: ${{ format('op://secrets/{0}/password', inputs.ts_authkey_secret_name) }} - name: Tailscale uses: tailscale/github-action@v3 From 2b1aa3a85a692454cbaf87a62610598212ea0a1c Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Thu, 25 Sep 2025 15:39:02 +0200 Subject: [PATCH 17/21] CORE-895 --- .github/workflows/nomad-pack.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index a78178e..ae37ebd 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -158,8 +158,7 @@ jobs: run: | nomad-pack registry add remerge-pack ${{ inputs.registry }} - run: | - tailscale status -json - ping -c 2 10.32.32.103 + curl http://grafana.rmge.net/ # - name: Validate Nomad Configurations # id: nomad_validate From 5f8c5f6ac7ca1d240bb6612765749d65662d5bac Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Thu, 25 Sep 2025 15:44:14 +0200 Subject: [PATCH 18/21] CORE-895 --- .github/workflows/nomad-pack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index ae37ebd..5e2ae85 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -158,7 +158,7 @@ jobs: run: | nomad-pack registry add remerge-pack ${{ inputs.registry }} - run: | - curl http://grafana.rmge.net/ + curl -vvv http://grafana.rmge.net/ # - name: Validate Nomad Configurations # id: nomad_validate From 7c167a78d3841d936380e558bed545e9e5a51963 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Thu, 25 Sep 2025 16:20:20 +0200 Subject: [PATCH 19/21] CORE-895 --- .github/workflows/nomad-pack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 5e2ae85..e51b795 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -158,7 +158,7 @@ jobs: run: | nomad-pack registry add remerge-pack ${{ inputs.registry }} - run: | - curl -vvv http://grafana.rmge.net/ + curl -vvv http://grafana.rmge.net:4646/ # - name: Validate Nomad Configurations # id: nomad_validate From 1590b98d40f0c63d41be51df4bdc3a0b84a545a0 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Thu, 25 Sep 2025 16:29:47 +0200 Subject: [PATCH 20/21] CORE-895 --- .github/workflows/nomad-pack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index e51b795..0dbb6be 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -158,7 +158,7 @@ jobs: run: | nomad-pack registry add remerge-pack ${{ inputs.registry }} - run: | - curl -vvv http://grafana.rmge.net:4646/ + curl -vvv http://nomad.eu5.rmge.net:4646 # - name: Validate Nomad Configurations # id: nomad_validate From 17d6eddd6befd088d8f20b3e5fba83d4d1c43a64 Mon Sep 17 00:00:00 2001 From: Olatunde Alex-Oni Date: Thu, 25 Sep 2025 16:31:07 +0200 Subject: [PATCH 21/21] CORE-895 --- .github/workflows/nomad-pack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nomad-pack.yml b/.github/workflows/nomad-pack.yml index 0dbb6be..19afbd0 100644 --- a/.github/workflows/nomad-pack.yml +++ b/.github/workflows/nomad-pack.yml @@ -158,7 +158,7 @@ jobs: run: | nomad-pack registry add remerge-pack ${{ inputs.registry }} - run: | - curl -vvv http://nomad.eu5.rmge.net:4646 + curl -vvv http://grafana.rmge.net:4646 # - name: Validate Nomad Configurations # id: nomad_validate