Tree:
08eae9affd
13685-low-memory-mode-in-logtail-may-no-longer-be-needed
13765-taildrive-server-unexpectedly-starts-on-apple-tv
22332-macos-sequoia-hostname
Aadi/speedtest-tailscaled
Xe/TS-envvar-name
Xe/debug-nixos-build
Xe/derphttp-panic-fix
Xe/disallow-local-ip-for-exit-node
Xe/do-windows-logserver-better
Xe/envvar-name-TS
Xe/gitops-pusher-acl-test-error-output
Xe/gitops-pusher-ffcli
Xe/gitops-pusher-three-version-problem
Xe/hello-vr
Xe/log-target-flag
Xe/log-target-registry-key
Xe/private-logcatcher-in-process
Xe/rel-144-fix-ipv6-broken-in-tests
Xe/reset-logid-on-logout-login
Xe/synology-does-actually-work-with-subnet-routes-til
Xe/tailtlsproxy
Xe/test-install-script-libvirtd
Xe/testcontrol-v6
Xe/tsnet-funnel
Xe/winui-bugreport-without-tailscaled
aaron/dnsapc
aaron/go-ole-ref
aaron/gocross
aaron/gocross_ps1_redir
aaron/loglog
aaron/migrate_windows
aaron/oss_17111
aaron/win_process_mitigations
adding-address-ips-totestcontrolnode
adrian/fix-vet-failures
adrian/stricter-labels
adrian/vip
agottardo-patch-1
alexbrainman/use_wg_dns_code
alexc/better-localbackend-logging
alexc/better-tailnet-lock-cli-errors
alexc/mark-break-watcher-conn-recv-flaky
alexc/more-testing-for-tailscale-up
alexc/share-tka-tests
alexc/tka-dont-fetch-unneeded-bootstrap
alexc/upgrade-jsonv2
andrew/bump-esbuild
andrew/captive-portal-package
andrew/captive-use-atomic
andrew/cloudenv-location
andrew/context-dedup-errors
andrew/control-key-store
andrew/controlclient-dial
andrew/controlclient-use-last-addr
andrew/current-time
andrew/debug-integration-tests
andrew/debug-subnet-router
andrew/derp-bound-latency
andrew/disco-af-packet-refactor
andrew/dns-fallback
andrew/dns-more-logging
andrew/dns-wrap-errors
andrew/dnscache-debugging-1.22.2
andrew/dnscache-hard-code-localhost
andrew/doctor-conntrack
andrew/doctor-scutil
andrew/execqueue-metrics
andrew/fastjson
andrew/health-state
andrew/hostinfo-HavePortMap
andrew/ipn-debug-1.42.0
andrew/keyfallback
andrew/linux-router-v4-disabled
andrew/metrics-distribution
andrew/monitor-link-change
andrew/net-dns-systemd-no-stub
andrew/net-tsaddr-mapviaaddr
andrew/netns-macos-route
andrew/netns-more-logging
andrew/netstack-forwarder-debug
andrew/nixos-vm-tests
andrew/noise-conn-test
andrew/peer-ipv6-addrs
andrew/peer-status-KeyExpiry
andrew/peercap-ipv6-aaaa
andrew/pr-17281-test
andrew/prom-omit-metrics
andrew/router-drop-ula
andrew/slicesx-deduplicate
andrew/syncs-tsync
andrew/topk-no-duplicates
andrew/tstest-goroutine-ignore
andrew/upnp-unfork
andrew/util-dnsconfig
andrew/wgengine-filter-split
andrew/wgengine-router-debug
andrew/workgraph
angott/23782
angott/26146-define
angott/allow-thunderbolt-bridge
angott/captive-exit-node-disablement
angott/corp-18441
angott/dns-cli-stream
angott/dns-warnables
angott/doh-clients-sleep-mode
angott/ignore-some-warnings-startup
angott/sleep-debug-apis
angott/tvos-23087
angott/userdefaults-reader
annotations
apenwarr/check184
apenwarr/faketun
apenwarr/fixes
apenwarr/ioslogin
apenwarr/relogin
apenwarr/statefix
apenwarr/statetest
awly/appconnector-debug-logs
awly/go_124
awly/ipnlocal-watchnotifications-clientversion
awly/linux-sudoers-local-admin-poc
awly/tpm-command-caps
awly/tpm-seal-timing
awly/version-override
azure
bcreane/validate-subnet-route-accepts
bm/4via6
bm/tsoidc
bradfitz/1.14
bradfitz/1.18.1
bradfitz/1_16_stress_netmap
bradfitz/acl_tags_in_tailscale_status
bradfitz/acme
bradfitz/allsrc
bradfitz/api_docs
bradfitz/appendf
bradfitz/autocert_force
bradfitz/avoid_initial
bradfitz/bench
bradfitz/browser_ext
bradfitz/bumptoolchain
bradfitz/calc_state
bradfitz/call_me_maybe_eps
bradfitz/cgnat_disable_v4
bradfitz/cherry-pick-iptables
bradfitz/cli_admin
bradfitz/cli_pretty
bradfitz/cli_ts2021_hang_test
bradfitz/cmd_printmetric
bradfitz/compontent_logs
bradfitz/controll
bradfitz/countrycode
bradfitz/darwin_creds
bradfitz/darwin_gw
bradfitz/dataplane_logs_no_logs_no_support
bradfitz/debug_tstest
bradfitz/deephash_early_exit
bradfitz/deephash_methods
bradfitz/demo_client_hijack
bradfitz/demo_pinger
bradfitz/derp_flow
bradfitz/derp_flow_track
bradfitz/derp_mesh
bradfitz/derp_steer
bradfitz/derper_gcp
bradfitz/derpy_cast
bradfitz/devdrive
bradfitz/disco_change_remove_sync
bradfitz/distro_ubuntu
bradfitz/dot
bradfitz/dropped_by_filter_logspam
bradfitz/dup_add
bradfitz/eventbus_too_slow
bradfitz/evsub
bradfitz/exit_node_forward_dns
bradfitz/expiry_spin
bradfitz/explicit_empty_test_3808
bradfitz/feature_appconnectors
bradfitz/fix_ipn_cloner
bradfitz/foo
bradfitz/getstatus
bradfitz/go_vet
bradfitz/gocross_cgo_packages_test
bradfitz/gocross_wantver
bradfitz/gok_test
bradfitz/gokrazy_dns
bradfitz/grafana_auth_proxy
bradfitz/gui_netmap
bradfitz/gvisor_netstack
bradfitz/hello
bradfitz/hostinfo_basically_equal
bradfitz/hostinfo_ingress_bit
bradfitz/ignore_ula
bradfitz/integration_more_tun
bradfitz/integration_tests
bradfitz/ios_ish
bradfitz/ip_of
bradfitz/ipn_empty
bradfitz/ipv6_link_local_strip
bradfitz/ipx_set_contains
bradfitz/issue_1840_rebased_tree
bradfitz/issue_1849_rebased_tree
bradfitz/json2
bradfitz/key_rotation_prep
bradfitz/keyboard-interactive
bradfitz/kmod
bradfitz/lanscaping
bradfitz/lazy_wg_pushdown2
bradfitz/linux_default_route_interface
bradfitz/linux_v6_off
bradfitz/linuxfw_nil_table
bradfitz/lite-on-restart
bradfitz/lite_endpoint_update
bradfitz/log_rate_test
bradfitz/login_retry
bradfitz/machine_key
bradfitz/macos_progress
bradfitz/magicsock_relayserver
bradfitz/matrix
bradfitz/mcp
bradfitz/mesh_vpc
bradfitz/mutex_debug
bradfitz/negdep
bradfitz/netstack_drop_silent
bradfitz/netstack_fwd_close
bradfitz/netstack_port_map
bradfitz/nm_cache
bradfitz/nm_cache_disk
bradfitz/nodectx_ctx
bradfitz/nodepublic_uniq
bradfitz/noise_debug_more
bradfitz/notify_delta
bradfitz/percy/unforked-ssh-try-gomod
bradfitz/ping
bradfitz/ping_notes
bradfitz/plan9
bradfitz/port_intercept
bradfitz/portmap_gh_actions
bradfitz/portmap_test
bradfitz/porttrack
bradfitz/proposed-1.4.5
bradfitz/proposed_1.4.6
bradfitz/ptr_new
bradfitz/quic_dns
bradfitz/recursive_controlknob
bradfitz/release-branch-1.0
bradfitz/resume
bradfitz/rm_usermetrics_66KB
bradfitz/sassy
bradfitz/sessionactivetimeout
bradfitz/set_prefs_locked
bradfitz/shared_split_dns
bradfitz/silentdisco_knob
bradfitz/sleep
bradfitz/ssh_auth_none_demo
bradfitz/ssh_banner
bradfitz/ssh_config_from_env
bradfitz/ssh_policy_earlier
bradfitz/syspolicy_key
bradfitz/tailpipe
bradfitz/tailssh_crash
bradfitz/tbug
bradfitz/tcp_flows
bradfitz/test
bradfitz/tidy
bradfitz/tinyderpclient
bradfitz/tkasig_type
bradfitz/u32
bradfitz/umaskless_permissions
bradfitz/updates
bradfitz/use_126
bradfitz/use_netstack_upstream
bradfitz/vizerrinternal2
bradfitz/vizinternal
bradfitz/vnet2
bradfitz/wait_unpause
bradfitz/wasm_play
bradfitz/wgengine_monitor_windows_take2
bradfitz/win_default_route
bradfitz/win_delete_retry
bradfitz/win_firewall_async
bradfitz/win_unattended_warning
bradfitz/win_wpad_pac
bradfitz/windns
bradfitz/ws_arg_test
brafitz/remote-config
brendan/convert-mdx-release-notes-to-goreleaser-chlog
brianp/controlclient-timings
buildjet
buildjet-vs-github
c22wen/api-docs
c22wen/magicsock.go
c22wen/route-addr
c761d10
catzkorn/addrsend
catzkorn/derp-benchmark
catzkorn/jira
catzkorn/netcheckuout
catzkorn/otel-derp
catzkorn/otel-init
chaosinthecrd/adding-server-url-multi-tailnet
chaosinthecrd/authkey-reissue
chaosinthecrd/configure-proxyclass-via-annotation
chaosinthecrd/k8s-operator-ha-ingress-readiness
chaosinthecrd/k8s-operator-network-proxy-ha-mode
chaosinthecrd/k8s-operator-proxygroup-event-filter
chaosinthecrd/k8s-operator-tailscale-service-ports
chaosinthecrd/map-error-response
chaosinthecrd/node-not-found-warnable
chaosinthecrd/query-dns-resolve-containerboot
chaosinthecrd/query-dns-resolve-for-containerboot
chaosinthecrd/userspace-tsnet-proxy
chart/k8s-operator
clairew/add-disco-pong-padding
clairew/add-latitude-longitude
clairew/client-suggest-node-poc
clairew/handle-auto-exit-node-value
clairew/log-dst-exit-node
clairew/mdm-interface
clairew/peer-node-capability-documentation
clairew/receive-icmp-errors
clairew/refactor-new-timer
clairew/revert-storing-last-suggested
clairew/suggest-non-mullvad-exit-node
clairew/test-wrapper-file
clairew/test-wrapper-write-file
clairew/tsnet_get_own_ip
clairew/tstime-net
clairew/tstime-wgengine
clairew/use-tstime-etc
clone
cloner
cmol/add_upnp_release_timeout
cmol/avoid-overwrite-new-disco
cmol/debug-write-netmap-to-disk
cmol/decouple_magicsock_ipnlocal
cmol/delay-disco-key-exchange
cmol/gokrazy-switch-to-official-kernel-builds
cmol/natlab-experiments
cmol/portupdate_eventbus_direct
cmol/run_portmapper_in_exec_queue
containerboot-exit-code
crawshaw/accumulatorcfg
crawshaw/activesum
crawshaw/art-table
crawshaw/br1
crawshaw/cgi
crawshaw/cloner
crawshaw/deephash
crawshaw/derp-nokeepalives
crawshaw/derpdial
crawshaw/derpdial2
crawshaw/derptimeout
crawshaw/dnsguid
crawshaw/dnswslhackery
crawshaw/e2e_test
crawshaw/e2etest
crawshaw/envtype
crawshaw/filchsync
crawshaw/hostinfo
crawshaw/httpconnect
crawshaw/ipn
crawshaw/ipn2
crawshaw/ipuint
crawshaw/jsonhandler
crawshaw/lnclose
crawshaw/loadtest
crawshaw/localapi404
crawshaw/magicdnsalways
crawshaw/magicsock
crawshaw/magicsock-infping
crawshaw/movefiles
crawshaw/newbackendserver
crawshaw/ondemanddomains
crawshaw/peerdoh
crawshaw/pidlisten
crawshaw/pinger2
crawshaw/preservenetinfo
crawshaw/rebind
crawshaw/restartlimit
crawshaw/socket
crawshaw/spray
crawshaw/stunchild
crawshaw/stunname
crawshaw/syno
crawshaw/tailcfg
crawshaw/tailscalestatus
crawshaw/tsnet1
crawshaw/tswebextra
crawshaw/updatefallback
crawshaw/upjson
crawshaw/wslresolvconf
crawshaw/xdp
cross-android
danderson/backport
danderson/bootstrap
danderson/debug-garden
danderson/ebpf
danderson/helm
danderson/k8s
danderson/kernel-tailscale
danderson/lru-rollback
danderson/magicsock-discokey
danderson/magicsock-node-key
danderson/mkversion
danderson/nodekey-cleanup
danderson/nodekey-delete-old
danderson/nodekey-move
danderson/tsburrito
danderson/tsweb-server
danderson/version-private3
davidb/containerboot-disconnect-control
davidb/k8s-multi-tailnet-services
debug-testwrapper
dependabot/github_actions/actions/download-artifact-8.0.0
dependabot/github_actions/actions/upload-artifact-7.0.0
dependabot/go_modules/github.com/docker/cli-29.2.0incompatible
dependabot/npm_and_yarn/client/web/rollup-4.59.0
dgentry-authkey
dgentry-b10911
dgentry-coverage
dgentry-istoreos
dgentry-nix-flake
dgentry/atomicfile
dgentry/sniproxy-dns
dns-proxygroup
docker_state
dshynkev/dns-autoset
dshynkev/dns-name
dshynkev/dns-refactor
dsnet/admin-cli
dsnet/httpio
dsnet/jsonimports-ci
dsnet/jsonv1in2
dsnet/logpolicy-metrics
dsnet/logtail-iopipe
dsnet/logtail-zstd-single-segment
dsnet/migrate-omitzero
dsnet/netlog-tailcfg
dsnet/slices-collect
dsnet/statestore
dsnet/syncs-lock
dsnet/tsnet-logging
dsnet/tsweb-499s
dsnet/tunstats-v2
dsnet/update-jsonv2
dsnet/viewer-jsonv2
dylan/debug-peer-relay-sessions
dylan/derp-hosting-provider
enable-exit-node-dst-logs
enable-exit-node-dst-logs-2
exclude_int
flyingsquirrel_bak
fran/appc-domain-delte-prototype
fran/appc-ensmallen-gh-preset
fran/appc-store-routes-by-source
fran/conn25-client-send-addrs-to-connector
fran/conn25-dns
fran/conn25-rewrite-dns
fran/conn25-send-ips-to-connector-2
fran/fix-appc-routes
fran/fix-appc-write-new-domain
fran/franwip2
fran/franwip3
fran/natc-consensus-prototype
fran/natc-raft
fserb/natlab-flaky
gesa/device-ui-bug
gesa/ssh-client-session-monitoring
gesa/ssh-crash-local-user
gesa/ssh-id-fallback-freebsd
gesa/userprofile-groups
go126
hwh33/add-unix-sockets-to-serve
hwh33/tsnet-service-listener-cleanup
icio/go1.24-testwrapper
icio/opt-nojsonv2
icio/public-key-short
icio/testwrapper2
ip6tables
ipv6-nameserver
irbekrm/accept_routes
irbekrm/byocerts
irbekrm/cert_share
irbekrm/cert_share_kubestore
irbekrm/certsharev2
irbekrm/chartandcli
irbekrm/cherry_fix_panic
irbekrm/cigocacher_tmp
irbekrm/clustermagicdns
irbekrm/conf
irbekrm/connector_multireplica
irbekrm/containerboot_healthz
irbekrm/containerbootdeclarativeconf
irbekrm/debug
irbekrm/dnat
irbekrm/dnstest
irbekrm/doc_tags
irbekrm/egress
irbekrm/egress-dns
irbekrm/egressc
irbekrm/egressconfig
irbekrm/egressha
irbekrm/egresshapm
irbekrm/eks
irbekrm/external_services
irbekrm/extsvcnftableslb
irbekrm/fix
irbekrm/fix_logout_loop
irbekrm/fixsubnets
irbekrm/funnel_on
irbekrm/improve_logout
irbekrm/ingress_services
irbekrm/k8s-autopilot
irbekrm/k8s-nftables
irbekrm/k8sipnft
irbekrm/k8sipnftheuristics
irbekrm/kube_build_tags
irbekrm/kubeipnft
irbekrm/kubetestsetup
irbekrm/lcdeprecated
irbekrm/le
irbekrm/log_invalid_order
irbekrm/manifests_crd
irbekrm/maybe_fix_v6
irbekrm/operator_linux_only
irbekrm/operatorversion
irbekrm/os
irbekrm/pc_pretendpoints
irbekrm/pretendpoints
irbekrm/proxycidrs
irbekrm/proxyclass
irbekrm/proxyclass2
irbekrm/pull_in_certs
irbekrm/reload_config
irbekrm/serve_log
irbekrm/set_args
irbekrm/splitkeys
irbekrm/static_crd
irbekrm/svc_conditions
irbekrm/tunmssg
irbekrm/udp_fwd
irbekrm/vip_svcs_api
irbekrm/websocket
jamesbrad/controlhttp-race-dial
jaxxstorm/ssm_kms
jaxxstorm/static_endpoints
jknodt/bw_rep2
jknodt/derp_flow
jknodt/integ_test
jknodt/io-uring
jknodt/logging
jknodt/periodic_probe
jknodt/portmap_test
jknodt/upnp
jknodt/upnp_reuse
jknodt/userderp
jknodt/vms_ref
jonathan/darwin-netmon-thrashing
jonathan/derp-health-spam
jonathan/dns_loopback
jonathan/missing_resolvers
jonathan/netns_probe
josh/IPWithPort
josh/NewIPPort
josh/coarsetime
josh/de-select-tstun-wrapper
josh/debug-TestLikelyHomeRouterIPSyscallExec
josh/debug-flake
josh/deflake-pipe-again
josh/fast-time
josh/immutable-views
josh/io_uring
josh/longblock
josh/no-goroutine-per-udp-read-2
josh/opt-dp-wip
josh/opt-getstatus
josh/peermap
josh/remove-ipcgetfilter
josh/simplify-filch
josh/tswebflags
josh/udp-alloc-less
josh/wip/create-endpoint-no-public-key
josh/wip/endpoint-serialize
jwhited/android-packet-vectors
jwhited/derp-cmm-timestamp
jwhited/derp-https-tcp-connect
jwhited/disable-peer-relay-if-cryptorouting-disabled
jwhited/ep-relay-capable
jwhited/gVisor-gso-gro
jwhited/gvisor-revert-gro
jwhited/lazy-endpoint-control-knobs
jwhited/peer-relay-pathological-intervals
jwhited/peer-verify-every-packet-batch
jwhited/qd-slice
jwhited/relay-handshake
jwhited/relay-manager-alloc-req-no-keepalives
jwhited/relay-manager-logs
jwhited/relay-peerapi
jwhited/relay-set-flags-config
jwhited/test-local-forwarder
jwhited/testing-mod-capver-checks
jwhited/udprelay-metrics-per-batch
jwhited/udprelay-xdp
jwhited/unsafe-exp
jwhited/verify-peer-periodically
jwhited/wireguard-go-vectorized-bind
k8s-idp
k8s-proxy-l4-tcpforward
k8s_priority_class
kari/bindsock
kari/nilbus
kari/saftaildrop
kari/taildropsaf
kari/taildropsaf2
kevin/Split_Remove_advertised_routes_from_pref
kevin/add_services_flag_to_tailscale_serve_and_enrich_output
kevin/add_services_to_status_subcommand_for_serve
kevin/allow_serve_remote_destination
kevin/allow_service_host_access_hosted_service_test
kevin/packet_to_vipService_by_ip_instead_of_host
kevin/test_for_applyCheckoutAddr
knyar/derpmesh
knyar/dnstest
knyar/install
knyar/install2
knyar/installmore
knyar/lp
knyar/metricshelp
knyar/metrictype
knyar/morebuntu
knyar/netmapdiff2
knyar/posturemac
knyar/renew
knyar/restartmap
knyar/serve-grants-headers
knyar/sshcap
knyar/tnlocktest
knyar/userfacing-metrics
knyar/usermetrics-wgengine
knyar/worklifeposture
kradalby-keys-db-interface
kradalby/chaos
kradalby/chaos-oss
kradalby/keys-db-interface
kradalby/nix-dont-overlap-tool
kradalby/nixos-module
kradalby/userfacing-metrics-moar
kradalby/usermetrics-wgengine-errors
kradalby/view-only-type
kristoffer/editable-tailnet-displayname
kristoffer/enable-mips-pkgs
kube_exp
licenses/android
licenses/cli
licenses/corp
lp
lzjluzijie/227_http_proxy
lzjluzijie/all_proxy
macsys-update
main
maisem/doc
maisem/exp-k8s
maisem/fix-deadlock
maisem/flake-3
maisem/hi
maisem/k8s-cache
maisem/ni
maisem/proxy-1
maisem/tsnet-forward
marwan/altmem_stash
marwan/displayname
marwan/noconstructor
marwan/noconstructor2
marwan/offunc
marwan/polleropts
marwan/portlistrefactor
marwan/postmem
marwan/scmem
marwan/servedev
marwan/tmp
merge-tag
mihaip/delete-all-profiles
mihaip/fas
mihaip/js-cli
mihaip/logout-async-start
mihaip/wasm-taildrop
mikeodr/add-nixos-modules
mikeodr/prober-updates
miriah-3808-reset-operator
mjf/no-ws-on-ios
mkramlich/macos-brew
mkramlich/macos-brew2
mpminardi/bump-go-patch
mpminardi/deadlock-test
mpminardi/derp-experiments
mpminardi/derp-ideal-reconnect
mpminardi/dsm-7-2-builds-fix
mpminardi/flaky-test-ssh
mpminardi/policy-debugging
mpminardi/temp
mpminardi/test-cache-experiments
mpminardi/tsnet-test
mzb/corp-30906/direct-dnstype
mzb/corp-35989/conn25-filters
mzb/corp-37146/wg-extra-allowed-ips
mzb/dnat-exp
naman/ephem-expand-range
naman/netstack-bump-version
naman/netstack-incoming
naman/netstack-outgoing-udp-test
naman/netstack-request-logging
naman/netstack-subnet-routing
naman/netstack-use-tailscale-ip
naman/serveconf-endpointinfo-tests
naman/web-client-update-fixes
net-audit-log/1.32
netstat-unsafe
nickkhyl/appendmatchingpeers
nickkhyl/authreconfig-defer-unlock
nickkhyl/authreconfig-once
nickkhyl/authurl-notify-backport
nickkhyl/context-with-lock
nickkhyl/ctxlock-generics
nickkhyl/fix-dialplan-resets
nickkhyl/healthnotify-on-release
nickkhyl/http2-for-win-safesocket
nickkhyl/ipn-user-identity
nickkhyl/lb-statemachine2
nickkhyl/locksmith
nickkhyl/nodecontext-lifecycle
nickkhyl/posture-sn-override
nickkhyl/rioconn
nickkhyl/syspolicy-new
nickkhyl/tailscaled-deferredinit
nickkhyl/tsvnic-experiment
nickkhyl/viewer-improvements
nix-shell
nocross
noerror-not-notimp
noncombatant/add-hello-systemd
noncombatant/large-int-string
noncombatant/safeweb-cleanup
nyghtowl/fix-resolved
nyghtowl/tailnet-name2
onebinary
operator_direct_connections
ox/11854
ox/11854-3-sftp
ox/11954-3
ox/corp-19592
oxtoacart/automount
oxtoacart/dsnet_codereview_fixes
oxtoacart/golden_memory
oxtoacart/immediately_access_shares
oxtoacart/no_indent_status
patrickod/backport-csrf-fix
patrickod/bradtfitz-flow-rebased
patrickod/bump-circl
patrickod/hardware-attestation-key
patrickod/reverse-web-handler-order-csrf
patrickod/safeweb-sec-fetch-site
patrickod/swtpm-integration-test
patrickod/webui-sec-fetch-site
percy/cherry-pick-2648d475d751b47755958f47a366e300b6b6de0a
percy/corp27066-vizerror-wrapf
percy/corp35008
percy/derp-jwt
percy/derp-track-drop-distribution
percy/derp-track-queue-depth
percy/derp_sequence_diagram
percy/derpopt
percy/drive-verbose
percy/issue14393
percy/issue16983
percy/issue24522-1-continuous-bandwidth
percy/issue24522-2-region-restrict-yaml
percy/issue8593
percy/issue8593-prep
percy/movelocalapi
percy/oss14025
percy/oss14025-2
percy/unforked-ssh-try
peske/elnotfound
peske/ifacewatcher
proxyclass/sa
ptruby/initial-tailscale-ui-components-integration
push-otwrlsqunmon
push-tyyxlsmpmlvz
push-wmvmtoxuoumt
push-ykxypyzonmux
raggi/accept-routes-filter
raggi/atomiccloseonce
raggi/bump-goreleaserv2
raggi/callmebaby
raggi/derp-204-cache-control
raggi/derp-intern-key
raggi/derp-probe-stun-loss
raggi/derp-route-optimization
raggi/disco-key-rotate-graceful
raggi/disco-key-tsmp
raggi/disco-key-tsmp2
raggi/dnsfallback
raggi/document-deprecated-approach
raggi/envknobs-gso-gro
raggi/eperm-health
raggi/experiment-queues
raggi/gocross-empty-goos-goarch
raggi/gofuzz
raggi/gotoolchain
raggi/gvisor-hostarch-deptest
raggi/heartbeat-timebomb
raggi/hello-temp
raggi/icmplistener
raggi/iptables-kernel-bug-message
raggi/latencyqueue
raggi/linux6644
raggi/mkversion-pre
raggi/natc-6
raggi/natc-upstream-keepalive
raggi/netfilter-add-modes
raggi/netfilter-runtime
raggi/netmon-darwin-route-restart
raggi/netstack_fwd_close
raggi/rand
raggi/restore-extra-records-dns
raggi/rsh-prototype
raggi/ssh-shutdown
raggi/stun-reply-source
raggi/stun-subprocess
raggi/stunc
raggi/stunc2
raggi/tsdebugger
raggi/tsnet-ippacket
raggi/tsnet-listenservice-alongsidetun
raggi/tsweb-compression
raggi/v6masq
raggi/web-zst-precompress
rajsingh/36126-stdin-recording
rajsingh/fix-apiserver-pg-ownership-reclaim
rajsinghtech/cmd/k8s-operator/enphemeral-proxy
rajsinghtech/k8s-operator-ingress-ha-externalname
rajsinghtech/k8s-operator/enphemeral
rajsinghtech/peer-connection-metrics
rajsinghtech/peercaps-service-vips
rajsinghtech/serve-h2c-all-http2
rajsinghtech/tsidp-kubestore
rate-limiting
rec_in_use_after_5_sec
releaase
release-branch/1.0
release-branch/1.10
release-branch/1.12
release-branch/1.14
release-branch/1.16
release-branch/1.18
release-branch/1.2
release-branch/1.20
release-branch/1.22
release-branch/1.24
release-branch/1.26
release-branch/1.28
release-branch/1.30
release-branch/1.32
release-branch/1.34
release-branch/1.36
release-branch/1.38
release-branch/1.4
release-branch/1.40
release-branch/1.42
release-branch/1.44
release-branch/1.46
release-branch/1.48
release-branch/1.50
release-branch/1.52
release-branch/1.54
release-branch/1.56
release-branch/1.58
release-branch/1.6
release-branch/1.60
release-branch/1.62
release-branch/1.64
release-branch/1.64.0
release-branch/1.66
release-branch/1.68
release-branch/1.70
release-branch/1.72
release-branch/1.74
release-branch/1.76
release-branch/1.78
release-branch/1.8
release-branch/1.80
release-branch/1.82
release-branch/1.84
release-branch/1.86
release-branch/1.88
release-branch/1.90
release-branch/1.90.0
release-branch/1.92
release-branch/1.94
release-branch/1.96
revert-11590-catzkorn/penguin
revert-15839-zofrex/refactor-control-health
rhea/apple-test
rhea/egress
rhea/taildrop-resume
richard/15037
richard/15037-2
richard/15372
rosszurowski/cli-fix-typo
s/eq
s/pmtud
s/tsnetd
sam/tailscale-up-with-jwt
scottjab/add-sparsefile-punching
sfllaw/tailscale-ping-for-client-side-reachability
sfllaw/traffic-steering/debug-set-location
sfllaw/traffic-steering/suggest-exit-node-steering
shayne/funnel_cmd
shayne/k8s-serve
shayne/serve_empty_text_handler
simeng-pingtest
simenghe/add-httphandlers-ping
simenghe/add-ping-route-testcontrol-mux
simenghe/add-tsmpping-call
simenghe/admin-ping-test
simenghe/flakeresolve
simenghe/isoping
simenghe/isoping-experiment
simenghe/pingresult-work
simenghe/tcpnodeping
skriptble/ssh-recording-persist
soniaappasamy/fix-test-flake
soniaappasamy/fix-web-client-lock
soniaappasamy/serve-funnel-ui
soniaappasamy/use-swr
soniaappasamy/web-auth-restructure
tim/installer-id_like
tom/derp
tom/disco
tom/integration
tom/iptables
tom/tka2
tom/tka4
tom/tka6
tomhjp/authkey-reissue
tomhjp/cigocacher-cache
tomhjp/cigocacher-token-from-env
tomhjp/cigocacher-tool
tomhjp/cigocacher-with-ci
tomhjp/comparable-struct-as-key
tomhjp/consistent-state-test
tomhjp/dns-01-test-env
tomhjp/handle-multiple-messages-per-ws-frame
tomhjp/ingress-preshutdown
tomhjp/k8s-proxy-2
tomhjp/k8s-proxy-3
tomhjp/magicsock-endpoints
tomhjp/mock-acme-server
tomhjp/poc-peer-relay-proxygroup
tomhjp/tailscaled-kube-conf
tomhjp/tsnet-auth-loop
tps/tailscaled
tsweb/client-ui
tyler/serve-status
unraid-web
upnpdebug
valscale/ptb
vm
walterp-api
walterp/docs-863-update-docker-run-command-on-docker-hub-page-for
will-systray
will/containerboot-webui
will/enforce-hostname
will/sonia/web-tailscaled
will/status-tailnet
will/tsnet-udp
will/webclient-csrf
will/webclient-mobile
willh/rc-updates
zach/temporary-cert-testing
zofrex/auto-login-comments
zofrex/fix-test-wg-engine-status-race
zofrex/poc-health-v2
zofrex/set-url-wg-status-race-2
zofrex/testwrapper-json-output
zofrex/x-poc-e2e-netmap-packetfilter-test
v1.97.0-pre
v1.96.0
v1.94.2
v1.94.1
v1.95.0-pre
v1.94.0
v1.92.5
v1.92.4
v1.92.3
cmd/cigocacher/d0d993f5d6576b5d97d0242c64bbe2de049d6486
v1.92.2
v1.92.1
v1.93.0-pre
v1.92.0
v1.90.9
v1.90.8
v1.90.7
v1.90.6
v1.90.5
v1.90.4
v1.90.3
v1.90.2
v1.90.1
v1.91.0-pre
v1.90.0
v1.88.4
v1.88.3
v1.88.2
v1.88.1
v1.89.0-pre
v1.88.0
v1.86.5
v1.86.4
v1.86.3
v1.86.2
v1.86.1
v1.87.0-pre
v1.86.0
v1.84.3
v1.84.2
v1.84.1
v1.84.0
v1.85.0-pre
v1.82.5
v1.82.4
v1.82.3
v1.82.2
v1.82.0
v1.83.0-pre
v1.80.3
v1.80.2
v1.80.1
v1.81.0-pre
v1.80.0
v1.78.3
v1.78.2
v1.79.0-pre
v1.78.1
v1.78.0
v1.77.0-pre
v1.76.6
v1.76.3
v1.76.1
v1.76.0
v1.74.1
v1.75.0-pre
v1.74.0
v1.72.1
v1.73.0-pre
v1.72.0
v1.71.0-pre
v1.70.0
v1.68.2
v1.68.1
v1.69.0-pre
v1.68.0
v1.66.4
v1.66.3
v1.66.2
v1.66.1
v1.67.0-pre
v1.66.0
v1.64.2
v1.64.1
v1.65.0-pre
v1.64.0
v1.62.1
v1.63.0-pre
v1.62.0
v1.60.1
v1.61.0-pre
v1.60.0
gitops-1.58.2
v1.58.2
v1.58.1
v1.58.0
v1.44.3
v1.56.1
v1.56.0
v1.54.1
v1.54.0
v1.52.1
v1.52.0
v1.50.1
v1.50.0
v1.48.2
v1.48.1
v1.48.0
v1.46.1
v1.46.0
v1.44.2
v1.44.0
v1.42.1
v1.42.0
v1.40.1
v1.40.0
v1.38.4
v1.38.3
v1.38.2
v1.38.1
v1.38.0
v1.36.2
v1.36.1
v1.36.0
coral-gitops
v1.34.2
v1.34.1
v1.34.0
v1.32.3
v1.32.2
nginx-auth-0.1.2
v1.32.1
v1.32.0
v1.30.2
v1.30.1
gitops-1.30.0
v1.30.0
v1.28.0
v1.26.2
v1.26.1
v1.26.0
v1.24.2
v1.24.1
v1.24.0
v1.22.2
v1.22.1
v1.22.0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.18.2
v1.18.1
v1.18.0
v1.16.2
v1.16.1
v1.16.0
v1.14.6
v1.14.5
v1.14.4
v1.14.3
v1.14.0
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.12.0
v1.10.2
v1.10.1
v1.10.0
v1.8.8
v1.8.7
v1.8.6
v1.8.5
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.6.0
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.2.10
v1.2.9
v1.2.8
v1.2.7
v1.2.6
v1.2.5
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.1.0
v1.0.0
v0.100.0-153
v0.100.0-107
v0.100.0
v0.99.1
v0.99.0
v0.98.1
v0.98
v0.98.0
v0.97
v0.96.1
v0.96
Brad Fitzpatrick
259bab9bff
scripts/check_license_headers.sh: delete, rewrite as a Go test
|
8 months ago | |
|---|---|---|
| .. | ||
| .gitignore | 898695e312 cmd/gitops-pusher: add etag cache file for the three version problem (#5124) | 3 years ago |
| README.md | 3280c81c95 .github,cmd/gitops-pusher: update to checkout@v4 | 2 years ago |
| cache.go | 71029cea2d all: update copyright and license headers | 3 years ago |
| gitops-pusher.go | 9c731b848b cmd/gitops-pusher: log error details when unable to fetch ACL ETag | 1 year ago |
| gitops-pusher_test.go | 259bab9bff scripts/check_license_headers.sh: delete, rewrite as a Go test | 8 months ago |
README.md
gitops-pusher
This is a small tool to help people achieve a GitOps workflow with Tailscale ACL changes. This tool is intended to be used in a CI flow that looks like this:
name: Tailscale ACL syncing
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
acls:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Go environment
uses: actions/[email protected]
- name: Install gitops-pusher
run: go install tailscale.com/cmd/gitops-pusher@latest
- name: Deploy ACL
if: github.event_name == 'push'
env:
TS_API_KEY: ${{ secrets.TS_API_KEY }}
TS_TAILNET: ${{ secrets.TS_TAILNET }}
run: |
~/go/bin/gitops-pusher --policy-file ./policy.hujson apply
- name: ACL tests
if: github.event_name == 'pull_request'
env:
TS_API_KEY: ${{ secrets.TS_API_KEY }}
TS_TAILNET: ${{ secrets.TS_TAILNET }}
run: |
~/go/bin/gitops-pusher --policy-file ./policy.hujson test
Change the value of the --policy-file flag to point to the policy file on
disk. Policy files should be in HuJSON
format.