tailscale.yml

name: Tailscale
concurrency: Tailscale

on:
  push:
    branches:
      - main
    paths:
      - .github/workflows/tailscale.yml
      - tailscale/**

jobs:
  acl:
    name: ACL (Access Control)
    runs-on: ubuntu-latest
    environment: Tailscale
    steps:
      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
      - name: 1Password 에서 secrets 불러오기
        uses: 1Password/load-secrets-action@581a835fb51b8e7ec56b71cf2ffddd7e68bb25e0 # v2
        with:
          export-env: true
        env:
          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
          TS_TAILNET: "op://prod/TailscaleAccessToken_IaC/organization"
          TS_API_KEY: "op://prod/TailscaleAccessToken_IaC/credential"
          TS_USERNAME: "op://prod/TailscaleAccessToken_IaC/username"
      - name: policy.hujson 내 환경변수 대체
        uses: franzbischoff/replace_envs@0da5ee21fbce88ae5609431dfea99dc62230d4af # v2
        with:
          commit: false
          from_file: './tailscale/policy.hujson'
          to_file: './tailscale/policy.hujson'
      - name: Tailscale ACL 동기화
        uses: tailscale/gitops-acl-action@90d41601ba36b946cf4946ef5a72bf6e16bae14b # v1.3.1
        with:
          tailnet: ${{ env.TS_TAILNET }}
          api-key: ${{ env.TS_API_KEY }}
          action: apply
          policy-file: './tailscale/policy.hujson'