init

Author: armstrongl

.github/scripts/check-tailscale.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+set -e
+
+echo "======================================"
+echo "🔍 Tailscale Connection Check"
+echo "======================================"
+echo ""
+
+echo "📊 Tailscale Status:"
+echo "-------------------"
+tailscale status --json | jq -r '
+  "✓ Backend State: \(.BackendState)",
+  "✓ Tailnet: \(.CurrentTailnet.Name // "Not connected")",
+  "✓ Self Hostname: \(.Self.HostName // "Unknown")",
+  "✓ Online: \(.Self.Online)",
+  ""
+' 2>/dev/null || {
+  tailscale status
+  echo ""
+}
+
+echo "🌐 Network Information:"
+echo "----------------------"
+IP=$(tailscale ip -4 2>/dev/null || echo "Not available")
+echo "✓ Tailscale IPv4: $IP"
+
+IP6=$(tailscale ip -6 2>/dev/null || echo "Not available")
+echo "✓ Tailscale IPv6: $IP6"
+echo ""
+
+echo "👥 Connected Peers:"
+echo "------------------"
+PEER_COUNT=$(tailscale status --json 2>/dev/null | jq '.Peer | length' 2>/dev/null || echo "0")
+echo "✓ Number of peers: $PEER_COUNT"
+
+if [ "$PEER_COUNT" != "0" ] && command -v jq >/dev/null 2>&1; then
+  tailscale status --json | jq -r '.Peer | to_entries[:3] | .[] | "  - \(.value.HostName) (\(.value.TailscaleIPs[0]))"' 2>/dev/null
+fi
+echo ""
+
+echo "✅ Tailscale connectivity check complete!"
+echo "======================================"

.github/workflows/test.yml

@@ -0,0 +1,48 @@
+name: Test tshello with Tailscale
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: '1.23'
+
+    - name: Connect to Tailscale
+      uses: tailscale/github-action@v3
+      with:
+        oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
+        oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
+        tags: tag:ci
+        version: latest
+
+    - name: Build tshello
+      run: |
+        cd tshello
+        go mod download
+        go build -v ./...
+
+    - name: Run tests
+      run: |
+        cd tshello
+        go test -v -timeout 30s ./...
+
+    - name: Test connectivity
+      run: |
+        # Test that we can reach the Tailscale network
+        tailscale status
+
+        # Show our IP address
+        tailscale ip -4

.gitignore

@@ -0,0 +1,85 @@
+# macOS
+.DS_Store
+.AppleDouble
+.LSOverride
+Icon
+._*
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# Go
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+*.test
+*.out
+*.prof
+*.pprof
+*.cov
+*.coverage
+*.coverprofile
+go.work
+go.work.sum
+vendor/
+bin/
+dist/
+
+# Build directories
+build/
+_build/
+_output/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.project
+.classpath
+.c9/
+*.launch
+.settings/
+*.sublime-workspace
+*.sublime-project
+
+# Logs
+*.log
+logs/
+log/
+
+# Environment variables
+.env
+.env.local
+.env.*.local
+
+# Debug
+debug
+__debug_bin
+*.pdb
+
+# Temporary files
+tmp/
+temp/
+*.tmp
+*.bak
+*.backup
+*.orig
+
+# Test results
+test-results/
+coverage/
+*.test
+*.coverprofile

README.md

@@ -0,0 +1,5 @@
+# Connect GitHub CI/CD workflows to private infrastructure without public exposure
+
+This repository showcases a GitHub Action that enables secure connections from GitHub CI/CD workflows to private infrastructure without exposing it to the public internet. It leverages a self-hosted runner and SSH tunneling to create a secure communication channel.
+
+For more information, including step-by-step instructions, refer to the [documentation](https://tailscale.com/kb/1586/secure-github-runners).

tshello/go.mod

@@ -0,0 +1,76 @@
+module tshello
+
+go 1.25.1
+
+require (
+	filippo.io/edwards25519 v1.1.0 // indirect
+	github.com/akutz/memconn v0.1.0 // indirect
+	github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa // indirect
+	github.com/aws/aws-sdk-go-v2 v1.36.0 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.29.5 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.58 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.27 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.31 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.31 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssm v1.44.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.13 // indirect
+	github.com/aws/smithy-go v1.22.2 // indirect
+	github.com/coder/websocket v1.8.12 // indirect
+	github.com/coreos/go-iptables v0.7.1-0.20240112124308-65c67c9f46e6 // indirect
+	github.com/dblohm7/wingoes v0.0.0-20240119213807-a09d6be7affa // indirect
+	github.com/digitalocean/go-smbios v0.0.0-20180907143718-390a4f403a8e // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/gaissmai/bart v0.18.0 // indirect
+	github.com/go-json-experiment/json v0.0.0-20250223041408-d3c622f1b874 // indirect
+	github.com/go-ole/go-ole v1.3.0 // indirect
+	github.com/godbus/dbus/v5 v5.1.1-0.20230522191255-76236955d466 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/google/btree v1.1.2 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/nftables v0.2.1-0.20240414091927-5e242ec57806 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/hdevalence/ed25519consensus v0.2.0 // indirect
+	github.com/illarion/gonotify/v3 v3.0.2 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/jsimonetti/rtnetlink v1.4.0 // indirect
+	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/mdlayher/genetlink v1.3.2 // indirect
+	github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42 // indirect
+	github.com/mdlayher/sdnotify v1.0.0 // indirect
+	github.com/mdlayher/socket v0.5.0 // indirect
+	github.com/miekg/dns v1.1.58 // indirect
+	github.com/mitchellh/go-ps v1.0.0 // indirect
+	github.com/prometheus-community/pro-bing v0.4.0 // indirect
+	github.com/safchain/ethtool v0.3.0 // indirect
+	github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e // indirect
+	github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55 // indirect
+	github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 // indirect
+	github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a // indirect
+	github.com/tailscale/netlink v1.1.1-0.20240822203006-4d49adab4de7 // indirect
+	github.com/tailscale/peercred v0.0.0-20250107143737-35a0c7bd7edc // indirect
+	github.com/tailscale/web-client-prebuilt v0.0.0-20250124233751-d4cd19a26976 // indirect
+	github.com/tailscale/wireguard-go v0.0.0-20250716170648-1d0488a3d7da // indirect
+	github.com/vishvananda/netns v0.0.4 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	go4.org/mem v0.0.0-20240501181205-ae6ca9944745 // indirect
+	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
+	golang.org/x/crypto v0.38.0 // indirect
+	golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac // indirect
+	golang.org/x/mod v0.24.0 // indirect
+	golang.org/x/net v0.40.0 // indirect
+	golang.org/x/sync v0.14.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/term v0.32.0 // indirect
+	golang.org/x/text v0.25.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
+	golang.org/x/tools v0.33.0 // indirect
+	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
+	golang.zx2c4.com/wireguard/windows v0.5.3 // indirect
+	gvisor.dev/gvisor v0.0.0-20250205023644-9414b50a5633 // indirect
+	tailscale.com v1.86.5 // indirect
+)