tailscale-code-tunnel #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tailscale-code-tunnel | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| code-test: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Remove unwanted stuff | |
| uses: gbraad-devenv/remove-unwanted@v1 | |
| - name: Run system container with `podman` | |
| run: | | |
| podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/debian/code-cli:bookworm | |
| - name: Tailscale setup (root) | |
| run: | | |
| until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY} --ssh | |
| do | |
| sleep 0.1 | |
| done | |
| env: | |
| TAILSCALE_AUTHKEY: ${{ secrets.TAILSCALE_AUTHKEY}} | |
| - name: Start `code tunnel` as `gbraad` | |
| run: | | |
| podman exec code su - gbraad -c "code tunnel user login --provider github" | |
| podman exec code systemctl enable --now code-tunnel@gbraad | |
| - name: Hang around | |
| run: | | |
| until podman exec code systemctl is-active --quiet code-tunnel@gbraad | |
| do | |
| sleep 1 | |
| done | |
| echo "Connect to tunnel: code-${HOSTNAME}" | |
| sleep infinity |