Connection is not torn down at the end of a calling workflow #57
Comments
|
Actually, I'm seeing the GitHub-hosted runners in my dashboard days after a job run. The action should delete the connection completely when it's finished during its cleanup step. |
Is the Authkey an ephemeral authkey? https://tailscale.com/kb/1111/ephemeral-nodes/ The github-action doesn't delete itself, it expects the ephemeral node to be cleaned up automatically by the control server shortly after it drops out of contact. |
Actions may define teardown action for the worker: https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runspost and https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runspost-entrypoint |
This is not a problem when using GitHub-hosted runners which will be destroyed at the end of the job, but in case of self-hosted runner, a runner will stay running after a job has completed.
As this action does nothing to kill the tailscale daemon nor manually disconnect, I would say that in such cases, the machine, even though intended to be connected only during the runtime ob the job, stays connected to the tailnet.
I don't think this is currently possible using composite actions (actions/runner#1478), so you might have to migrate to a TS/JS based action or at least put up a warning in the README that this action is not to be used with self-hosted runners, at least not without some further manual intervention of the user.
The text was updated successfully, but these errors were encountered: