tailscale

Commit Graph

Author	SHA1	Message	Date
dependabot[bot]	866714a894	.github: Bump github/codeql-action from 3.26.9 to 3.26.11 (#13710 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.9 to 3.26.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`461ef6c76d...6db8d6351f`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 weeks ago
dependabot[bot]	266c14d6ca	.github: Bump actions/cache from 4.0.2 to 4.1.0 (#13711 ) Bumps [actions/cache](https://github.com/actions/cache) from 4.0.2 to 4.1.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](`0c45773b62...2cdf405574`) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 weeks ago
dependabot[bot]	992ee6dd0b	.github: Bump github/codeql-action from 3.26.8 to 3.26.9 (#13625 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.8 to 3.26.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`294a9d9291...461ef6c76d`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 weeks ago
dependabot[bot]	dd6b808acf	.github: Bump peter-evans/create-pull-request from 7.0.1 to 7.0.5 (#13626 ) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.1 to 7.0.5. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](`8867c4aba1...5e914681df`) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	3 weeks ago
dependabot[bot]	a98f75b783	.github: Bump tibdex/github-app-token from 1.8.0 to 2.1.0 (#9529 ) Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token) from 1.8.0 to 2.1.0. - [Release notes](https://github.com/tibdex/github-app-token/releases) - [Commits](`b62528385c...3beb63f4bd`) --- updated-dependencies: - dependency-name: tibdex/github-app-token dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Mario Minardi <mario@tailscale.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 month ago
Mario Minardi	05d82fb0d8	.github: pin re-actors/alls-green to latest 1.x (#13558 ) Pin re-actors/alls-green usage to latest 1.x. This was previously pointing to `@release/v2` which pulls in the latest changes from this branch as they are released, with the potential to break our workflows if a breaking change or malicious version on this stream is ever pushed. Changing this to a pinned version also means that dependabot will keep this in the pinned version format (e.g., referencing a SHA) when it opens a PR to bump the dependency. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>	1 month ago
Mario Minardi	04bbef0e8b	.github: update and pin actions/upload-artifact to latest 4.x (#13556 ) Update and pin actions/upload-artifact usage to latest 4.x. These were previously pointing to @3 which pulls in the latest v3 as they are released, with the potential to break our workflows if a breaking change or malicious version on the @3 stream is ever pushed. Changing this to a pinned version also means that dependabot will keep this in the pinned version format (e.g., referencing a SHA) when it opens a PR to bump the dependency. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>	1 month ago
Mario Minardi	a8bd0cb9c2	.github: update and pin actions/cache to latest 4.x (#13555 ) Update and pin actions/cache usage to latest 4.x. These were previously pointing to `@3` which pulls in the latest v3 as they are released, with the potential to break our workflows if a breaking change or malicious version on the `@3` stream is ever pushed. Changing this to a pinned version also means that dependabot will keep this in the pinned version format (e.g., referencing a SHA) when it opens a PR to bump the dependency. The breaking change between v3 and v4 is that v4 requires Node 20 which should be a non-issue where this is run. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>	1 month ago
Mario Minardi	a3f7e72321	.github: use and pin slackapi/slack-github-action to latest 1.x (#13554 ) Use slackapi/slack-github-action across the board and pin to latest 1.x. Previously we were referencing the 1.27.0 tag directly which is vulnerable to someone replacing that version tag with malicious code. Replace usage of ruby/action-slack with slackapi/slack-github-action as the latter is the officially supported action from slack. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>	1 month ago
Mario Minardi	22e98cf95e	.github: pin codeql actions to latest 3.x (#13552 ) Pin codeql actions usage to latest 3.x. These were previously pointing to `@2` which pulls in the latest v2 as they are released, with the potential to break our workflows if a breaking change or malicious version on the `@2` stream is ever pushed. Changing this to a pinned version also means that dependabot will keep this in the pinend version format (e.g., referencing a SHA) when it opens a PR to bump the dependency. The breaking change between v2 and v3 is that v3 requires Node 20 which is a non-issue as we are running this on ubuntu latest. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>	1 month ago
Mario Minardi	2c1bbfb902	.github: pin actions/setup-go usage to latest 5.x (#13553 ) Pin actions/checkout usage to latest 5.x. These were previously pointing to `@4` which pulls in the latest v4 as they are released, with the potential to break our workflows if a breaking change or malicious version on the `@4` stream is ever pushed. Changing this to a pinned version also means that dependabot will keep this in the pinend version format (e.g., referencing a SHA) when it opens a PR to bump the dependency. The breaking change between v4 and v5 is that v5 requires Node 20 which should be a non-issue where it is used. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>	1 month ago
Mario Minardi	07991dec83	.github: pin actions/checkout to latest v3 or v4 as appropriate (#13551 ) Pin actions/checkout usage to latest 3.x or 4.x as appropriate. These were previously pointing to `@4` or `@3` which pull in the latest versions at these tags as they are released, with the potential to break our workflows if a breaking change or malicious version for either of these streams are released. Changing this to a pinned version also means that dependabot will keep this in the pinend version format (e.g., referencing a SHA) when it opens a PR to bump the dependency. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>	1 month ago
Maisem Ali	f2713b663e	.github: enable fuzz testing again (go1.23) Updates #12912 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 month ago
dependabot[bot]	71b550c73c	.github: Bump peter-evans/create-pull-request from 5.0.1 to 7.0.1 (#13419 ) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5.0.1 to 7.0.1. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](`284f54f989...8867c4aba1`) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 month ago
Brad Fitzpatrick	696711cc17	all: switch to and require Go 1.23 Updates #12912 Change-Id: Ib4ae26eb5fb68ad2216cab4913811b94f7eed5b6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
Chris Palmer	59936e6d4a	scripts: don't refresh the pacman repository on Arch (#12194 ) Fixes #12186 Signed-off-by: Chris Palmer <cpalmer@tailscale.com> Co-authored-by: Chris Palmer <cpalmer@tailscale.com>	4 months ago
Andrew Dunham	0323dd01b2	ci: enable checklocks workflow for specific packages This turns the checklocks workflow into a real check, and adds annotations to a few basic packages as a starting point. Updates #12625 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I2b0185bae05a843b5257980fc6bde732b1bdd93f	4 months ago
Percy Wegmann	730f0368d0	ssh/tailssh: replace incubator process with su instead of running su as child This allows the SSH_AUTH_SOCK environment variable to work inside of su and agent forwarding to succeed. Fixes #12467 Signed-off-by: Percy Wegmann <percy@tailscale.com>	4 months ago
Jordan Whited	65888d95c9	derp/xdp,cmd/xdpderper: initial skeleton (#12390 ) This commit introduces a userspace program for managing an experimental eBPF XDP STUN server program. derp/xdp contains the eBPF pseudo-C along with a Go pkg for loading it and exporting its metrics. cmd/xdpderper is a package main user of derp/xdp. Updates tailscale/corp#20689 Signed-off-by: Jordan Whited <jordan@tailscale.com>	4 months ago
Andrew Lytvynov	13e1355546	scripts/installer.sh: remove unnecessary escaping in grep (#11950 ) Updates #11263 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	6 months ago
Brad Fitzpatrick	b9adbe2002	net/{interfaces,netmon}, all: merge net/interfaces package into net/netmon In prep for most of the package funcs in net/interfaces to become methods in a long-lived netmon.Monitor that can cache things. (Many of the funcs are very heavy to call regularly, whereas the long-lived netmon.Monitor can subscribe to things from the OS and remember answers to questions it's asked regularly later) Updates tailscale/corp#10910 Updates tailscale/corp#18960 Updates #7967 Updates #3299 Change-Id: Ie4e8dedb70136af2d611b990b865a822cd1797e5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	6 months ago
Will Norris	14c8b674ea	Revert "licenses: add gliderlabs/ssh license" The gliderlabs/ssh license is actually already included in the standard package listing. I'm not sure why I thought it wasn't. Updates tailscale/corp#5780 This reverts commit `11dca08e93`. Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Brad Fitzpatrick	a1abd12f35	cmd/tailscaled, net/tstun: build for aix/ppc64 At least in userspace-networking mode. Fixes #11361 Change-Id: I78d33f0f7e05fe9e9ee95b97c99b593f8fe498f2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	6 months ago
Will Norris	11dca08e93	licenses: add gliderlabs/ssh license This package is included in the tempfork directory, rather than as a go module dependency, so is not included in the normal package list. Updates tailscale/corp#5780 Signed-off-by: Will Norris <will@tailscale.com>	7 months ago
Will Norris	1d2af801fa	.github/workflows: remove go-licenses action This is now handled by an action running in corp. Updates tailscale/corp#18803 Signed-off-by: Will Norris <will@tailscale.com>	7 months ago
Irbe Krumina	06e22a96b1	.github/workflows: fix path filter for 'Kubernetes manifests' test job (#11520 ) Updates#cleanup Signed-off-by: Irbe Krumina <irbe@tailscale.com>	7 months ago
James Tucker	7e17aeb36b	.github/workflows: fix regular breakage of go toolchains This server recently had a common ansible applied, which added a periodic /tmp cleaner, as is needed on other CI machines to deal with test tempfile leakage. The setting of $HOME to /tmp means that the go toolchain in there was regularly getting pruned by the tmp cleaner, but often incompletely, because it was also in use. Move HOME to a runner owned directory. Updates #11248 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
James Tucker	c9b6d19fc9	.github/workflows: fix typo in XDG_CACHE_HOME This appears to be one of the contributors to this CI target regularly entering a bad state with a partially written toolchain. Updates #self Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Andrew Dunham	6f6383f69e	.github: fuzzing is now unbroken Updates #cleanup Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I10dca601c79411b412180a46b3f82136e40544b0	9 months ago
Brad Fitzpatrick	c424e192c0	.github/workflows: temporarily disable broken oss-fuzz action Updates #11064 Updates #11058 Change-Id: I63acc13dece3379a0b2df573afecfd245b7cd6c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	9612001cf4	.github/workflows: update golangci-lint for Go 1.22 Updates #11058 Change-Id: I3785c1f1bea4a4663e7e5fb6d209d3caedae436d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
James Tucker	0b16620b80	.github/workflows: add privileged tests workflow We had missed regressions from privileged tests not running, now they can run. Updates #cleanup Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
James Tucker	7e3bcd297e	go.mod,wgengine/netstack: bump gvisor Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
James Tucker	457102d070	go.mod: bump most deps for start of cycle Plan9 CI is disabled. 3p dependencies do not build for the target. Contributor enthusiasm appears to have ceased again, and no usage has been made. Skipped gvisor, nfpm, and k8s. Updates #5794 Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
Irbe Krumina	2aec4f2c43	./github/workflows/kubemanifests.yaml: fix the paths whose changes should trigger test runs (#10885 ) Updates#cleanup Signed-off-by: Irbe Krumina <irbe@tailscale.com>	9 months ago
Andrew Lytvynov	7df9af2f5c	.github/workflows/govulncheck: migrate to a Github App (#10793 ) Send failures to a new channel using a github app token instead of webhook URL. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
Irbe Krumina	1a08ea5990	cmd/k8s-operator: operator can create subnetrouter (#9505 ) * k8s-operator,cmd/k8s-operator,Makefile,scripts,.github/workflows: add Connector kube CRD. Connector CRD allows users to configure the Tailscale Kubernetes operator to deploy a subnet router to expose cluster CIDRs or other CIDRs available from within the cluster to their tailnet. Also adds various CRD related machinery to generate CRD YAML, deep copy implementations etc. Engineers will now have to run 'make kube-generate-all` after changing kube files to ensure that all generated files are up to date. * cmd/k8s-operator,k8s-operator: reconcile Connector resources Reconcile Connector resources, create/delete subnetrouter resources in response to changes to Connector(s). Connector reconciler will not be started unless ENABLE_CONNECTOR env var is set to true. This means that users who don't want to use the alpha Connector custom resource don't have to install the Connector CRD to their cluster. For users who do want to use it the flow is: - install the CRD - install the operator (via Helm chart or using static manifests). For Helm users set .values.enableConnector to true, for static manifest users, set ENABLE_CONNECTOR to true in the static manifest. Updates tailscale/tailscale#502 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	11 months ago
Sonia Appasamy	cc6729a0bc	.github/workflows: add webclient workflow Add workflow to run yarn lint/test/format-check against the web client on pull requests. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	11 months ago
Irbe Krumina	49fd0a62c9	cmd/k8s-operator: generate static kube manifests from the Helm chart. (#10436 ) * cmd/k8s-operator: generate static manifests from Helm charts This is done to ensure that there is a single source of truth for the operator kube manifests. Also adds linux node selector to the static manifests as this was added as a default to the Helm chart. Static manifests can now be generated by running `go generate tailscale.com/cmd/k8s-operator`. Updates tailscale/tailscale#9222 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	11 months ago
Percy Wegmann	17501ea31a	ci: report test coverage to coveralls.io This records test coverage for the amd64 no race tests and uploads the results to coveralls.io. Updates #cleanup Signed-off-by: Ox Cart <ox.to.a.cart@gmail.com>	11 months ago
Will Norris	33147c4591	.github: build gocross using regular GOPROXY settings This `go get` action has been running very slowly, and I'm pretty sure it's because we're building gocross on the first `./tool/go` run, and because we've set `GOPROXY=direct`, it's going directly to GitHub to fetch all of the gocross dependencies. Updates #cleanup Signed-off-by: Will Norris <will@tailscale.com>	11 months ago
Will Norris	7399e56acd	.github: add action for updating web-client-prebuilt module Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	11 months ago
dependabot[bot]	b1a0caf056	.github: Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	12 months ago
Irbe Krumina	c2b87fcb46	cmd/k8s-operator/deploy/chart,.github/workflows: use helm chart API v2 (#10055 ) API v1 is compatible with helm v2 and v2 is not. However, helm v2 (the Tiller deployment mechanism) was deprecated in 2020 and no-one should be using it anymore. This PR also adds a CI lint test for helm chart Updates tailscale/tailscale#9222 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	12 months ago
Will Norris	42abf13843	.github: run tests on all PRs, regardless of branch name The branch name selector "*" doesn't match branches with a "/" in their name. The vast majority of our PRs are against the main (or previously, master) branch anyway, so this will have minimal impact. But in the rare cases that we want to open a PR against a branch with a "/" in the name, tests should still run. ``` gh pr list --limit 9999 --state all --json baseRefName \| \ jq -cs '.[] \| group_by(.baseRefName) \| map({ base: .[0].baseRefName, count: map(.baseRefName) \| length}) \| sort_by(-.count) \| .[]' {"base":"main","count":4593} {"base":"master","count":226} {"base":"release-branch/1.48","count":4} {"base":"josh-and-adrian-io_uring","count":3} {"base":"release-branch/1.30","count":3} {"base":"release-branch/1.32","count":3} {"base":"release-branch/1.20","count":2} {"base":"release-branch/1.26","count":2} {"base":"release-branch/1.34","count":2} {"base":"release-branch/1.38","count":2} {"base":"Aadi/speedtest-tailscaled","count":1} {"base":"josh/io_uring","count":1} {"base":"maisem/hi","count":1} {"base":"rel-144","count":1} {"base":"release-branch/1.18","count":1} {"base":"release-branch/1.2","count":1} {"base":"release-branch/1.22","count":1} {"base":"release-branch/1.24","count":1} {"base":"release-branch/1.4","count":1} {"base":"release-branch/1.46","count":1} {"base":"release-branch/1.8","count":1} {"base":"web-client-main","count":1} ``` Updates #cleanup Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
James Tucker	237b4b5a2a	.github/workflows: add checklocks Currently the checklocks step is not configured to fail, as we do not yet have the appropriate annotations. Updates tailscale/corp#14381 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
James Tucker	afb72ecd73	.github/workflows: update golangci-lint Updates #cleanup Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Brad Fitzpatrick	1fc3573446	ipn/{conffile,ipnlocal}: start booting tailscaled from a config file w/ auth key Updates #1412 Change-Id: Icd880035a31df59797b8379f4af19da5c4c453e2 Co-authored-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	4dec0c6eb9	tstest, tstest/integration, github/workflows: shard integration tests Over four jobs for now. Updates #cleanup Change-Id: Ic2b1a739a454916893945a3f9efc480d6fcbd70b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	e6ab7d3c14	cmd/testwrapper: parse args better Previously we were just smushing together args and not trying to parse the values at all. This resulted in the args to testwrapper being limited and confusing. This makes it so that testwrapper parses flags in the exact format as `go test` command and passes them down in the provided order. It uses tesing.Init to register flags that `go test` understands, however those are not the only flags understood by `go test` (such as `-exec`) so we register these separately. Updates tailscale/corp#14975 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago

1 2 3 4 5

222 Commits (72587ab03cd5b4dc751d007c7c5c060b96b39ec3)