-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathdebugging-runner.yaml
38 lines (33 loc) · 1.27 KB
/
debugging-runner.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
name: Debugging runner
on:
workflow_dispatch:
inputs:
tailscale-auth-key:
description: >-
Tailscale auth key to override any TAILSCALE_AUTH_KEY secret; good
for single-use, ephemeral auth keys.
As a non-secret input, this key is vulnerable to a timing attack!
Someone who can observe the dispatched workflow run's inputs and use
the auth key before the workflow can will be able to join your
tailnet. As such, it's recommended that you only use this workflow
in private repos where all users are trusted.
type: string
required: false
default: ""
allowed-users:
description: >-
Comma-separated list of GitHub usernames who are allowed access via their
public SSH keys. Defaults to the user who triggers the workflow run.
type: string
required: false
default: ""
jobs:
ssh:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: nextstrain/.github/actions/setup-ssh@master
with:
tailscale-auth-key: ${{ inputs.tailscale-auth-key || secrets.TAILSCALE_AUTH_KEY }}
allowed-users: ${{ inputs.allowed-users || github.triggering_actor }}
wait-for-continue: true