Using Tailscale in a Github Action

My aim is to use Tailscale in a workflow to be able to deploy changes to infrastructure which is only accessible over Tailscale. I’m aware of this blog article, but it’s not ideal for using in a ci/cd pipeline because the keys expire - I may not make any changes for 6 months and then the pipeline will fail because it can’t deploy the changes.

Is there any way I can go about this in a way which isn’t going to require periodic manual intervention?

This is an interesting problem. I am interested in what others have to say as well. One could get away with using reusable keys but that also irks me a bit.

Perhaps, this can be done using API access (with a small shim in Go/Python etc…) to generate a new one-off key and then use it but I am not sure how that would fit in with GH actions.

I had considered it, but even that’s an issue - the API key itself will expire too :frowning_face: