.github/workflow-templates/debugging-runner.yaml at master · nextstrain/.github · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
name: Debugging runner

on:
  workflow_dispatch:
    inputs:
      tailscale-auth-key:
        description: >-
          Tailscale auth key to override any TAILSCALE_AUTH_KEY secret; good
          for single-use, ephemeral auth keys.

          As a non-secret input, this key is vulnerable to a timing attack!
          Someone who can observe the dispatched workflow run's inputs and use
          the auth key before the workflow can will be able to join your
          tailnet.  As such, it's recommended that you only use this workflow
          in private repos where all users are trusted.
        type: string
        required: false
        default: ""

      allowed-users:
        description: >-
          Comma-separated list of GitHub usernames who are allowed access via their
          public SSH keys.  Defaults to the user who triggers the workflow run.
        type: string
        required: false
        default: ""

jobs:
  ssh:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - uses: nextstrain/.github/actions/setup-ssh@master
        with:
          tailscale-auth-key: ${{ inputs.tailscale-auth-key || secrets.TAILSCALE_AUTH_KEY }}
          allowed-users: ${{ inputs.allowed-users || github.triggering_actor }}
          wait-for-continue: true