From c6d29b2b04ab4c4606031700cde8a223eb44ec31 Mon Sep 17 00:00:00 2001 From: Ed Geraghty Date: Sat, 23 Aug 2025 18:15:06 +0100 Subject: [PATCH 1/4] Fix DNS records config diff errors This is deliberate movement from defaults --- templates/headscale.template.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/headscale.template.yaml b/templates/headscale.template.yaml index 4be1ee9..29e957c 100644 --- a/templates/headscale.template.yaml +++ b/templates/headscale.template.yaml @@ -305,7 +305,7 @@ dns: # Extra DNS records # so far only A and AAAA records are supported (on the tailscale side) # See: docs/ref/dns.md - #extra_records: [] + #extra_records: [] # DIFF_IGNORE # - name: "grafana.myvpn.example.com" # type: "A" # value: "100.64.0.3" @@ -315,7 +315,7 @@ dns: # # Alternatively, extra DNS records can be loaded from a JSON file. # Headscale processes this file on each change. - extra_records_path: $HEADSCALE_EXTRA_RECORDS_PATH + extra_records_path: $HEADSCALE_EXTRA_RECORDS_PATH # DIFF_IGNORE # Unix socket used for the CLI to connect without authentication # Note: for production you will want to set this to something like: From f01fce1610ec17648c3f0e7ca3ca5bb886e09c76 Mon Sep 17 00:00:00 2001 From: Ed Geraghty Date: Sat, 23 Aug 2025 18:26:16 +0100 Subject: [PATCH 2/4] Fix permissions issues --- .github/workflows/headscale-config-checker.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/headscale-config-checker.yml b/.github/workflows/headscale-config-checker.yml index b9d9935..31dc9d4 100644 --- a/.github/workflows/headscale-config-checker.yml +++ b/.github/workflows/headscale-config-checker.yml @@ -11,7 +11,9 @@ jobs: runs-on: ubuntu-latest permissions: pull-requests: write - + issues: write + contents: read + steps: - uses: actions/checkout@v4 From edbad7926102f8fd05598fd10f7b93c820208fd4 Mon Sep 17 00:00:00 2001 From: Ed Geraghty Date: Sat, 23 Aug 2025 18:26:34 +0100 Subject: [PATCH 3/4] Sort the filtered tags --- .github/workflows/headscale-config-checker.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/headscale-config-checker.yml b/.github/workflows/headscale-config-checker.yml index 31dc9d4..7810901 100644 --- a/.github/workflows/headscale-config-checker.yml +++ b/.github/workflows/headscale-config-checker.yml @@ -65,6 +65,9 @@ jobs: fi done < ignored_keys.txt + # Ensure upstream filtered file is sorted/unique for comm + sort -u upstream_filtered_keys.txt -o upstream_filtered_keys.txt + # Find missing keys comm -23 upstream_filtered_keys.txt local_all_keys.txt > new-options.txt From cd0792150463798876adbbb44886807f2e62f13c Mon Sep 17 00:00:00 2001 From: Ed Geraghty Date: Sat, 23 Aug 2025 18:44:04 +0100 Subject: [PATCH 4/4] Normalise the keys for checking new options --- .../workflows/headscale-config-checker.yml | 32 +++++++++++-------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/.github/workflows/headscale-config-checker.yml b/.github/workflows/headscale-config-checker.yml index 7810901..887853a 100644 --- a/.github/workflows/headscale-config-checker.yml +++ b/.github/workflows/headscale-config-checker.yml @@ -37,7 +37,7 @@ jobs: sed 's/^[[:space:]]*//' | \ sort -u } - + # Get list of keys to ignore from DIFF_IGNORE comments (including commented lines) get_ignored_keys() { grep "# DIFF_IGNORE" "$1" | \ @@ -45,36 +45,40 @@ jobs: sed -E 's/:.*# DIFF_IGNORE.*$//' | \ sort -u } - + echo "=== Getting ignored keys ===" get_ignored_keys "templates/headscale.template.yaml" > ignored_keys.txt echo "Keys to ignore:" cat ignored_keys.txt echo "=== End ignored keys ===" - + # Extract all keys extract_keys "templates/headscale.template.yaml" > local_all_keys.txt extract_keys "upstream-config.yaml" > upstream_all_keys.txt - - # Remove ignored keys from upstream - cp upstream_all_keys.txt upstream_filtered_keys.txt + + # Normalize keys (strip optional leading '#' and surrounding spaces) and sort-unique + sed -E 's/^[[:space:]]*#?[[:space:]]*//' upstream_all_keys.txt | sed 's/[[:space:]]*$//' | sort -u > upstream_all_keys_norm.txt + sed -E 's/^[[:space:]]*#?[[:space:]]*//' local_all_keys.txt | sed 's/[[:space:]]*$//' | sort -u > local_all_keys_norm.txt + + # Remove ignored keys from upstream (operate on normalized list) + cp upstream_all_keys_norm.txt upstream_filtered_keys.txt while IFS= read -r ignore_key; do if [ -n "$ignore_key" ]; then grep -v "^${ignore_key}$" upstream_filtered_keys.txt > temp_filtered.txt mv temp_filtered.txt upstream_filtered_keys.txt fi done < ignored_keys.txt - + # Ensure upstream filtered file is sorted/unique for comm sort -u upstream_filtered_keys.txt -o upstream_filtered_keys.txt - # Find missing keys - comm -23 upstream_filtered_keys.txt local_all_keys.txt > new-options.txt - + # Find missing keys using normalized local list + comm -23 upstream_filtered_keys.txt local_all_keys_norm.txt > new-options.txt + echo "Final comparison:" - echo "Local keys: $(wc -l < local_all_keys.txt)" + echo "Local keys: $(wc -l < local_all_keys_norm.txt)" echo "Upstream filtered keys: $(wc -l < upstream_filtered_keys.txt)" - + if [ -s new-options.txt ]; then echo "has_missing=true" >> $GITHUB_OUTPUT echo "🆕 New configuration keys found:" @@ -83,9 +87,9 @@ jobs: echo "has_missing=false" >> $GITHUB_OUTPUT echo "✅ No new configuration keys found" fi - + # Cleanup - rm -f ignored_keys.txt local_all_keys.txt upstream_all_keys.txt upstream_filtered_keys.txt temp_filtered.txt + rm -f ignored_keys.txt local_all_keys.txt upstream_all_keys.txt upstream_filtered_keys.txt temp_filtered.txt upstream_all_keys_norm.txt local_all_keys_norm.txt - name: Comment on PR if: github.event_name == 'pull_request' && steps.check.outputs.has_missing == 'true'