diff --git a/README.md b/README.md index 12e6ea6..eb67a46 100644 --- a/README.md +++ b/README.md @@ -48,3 +48,16 @@ It then uses the supplied `auth_token` to authorize the runner onto the network. After the workflow has completed, a `post` step automatically cleans up by removing the runner from the network. + +---- + +If your network uses SSO authentication, set `sso_exempt` to `true` to allow the GitHub runner to bypass SSO requirements and connect automatically. + +```yaml +- name: ZeroTier + uses: zerotier/github-action@v1.0.1 + with: + network_id: ${{ secrets.ZEROTIER_NETWORK_ID }} + auth_token: ${{ secrets.ZEROTIER_CENTRAL_TOKEN }} + sso_exempt: true +``` diff --git a/action.yml b/action.yml index 823bf63..96f2c27 100644 --- a/action.yml +++ b/action.yml @@ -18,6 +18,9 @@ inputs: description: "ZeroTier Central API URL" required: false default: "https://my.zerotier.com/api/v1" + sso_exempt: + description: "Exclude from SSO" + required: false runs: using: "composite" @@ -28,6 +31,7 @@ runs: API_URL: ${{ inputs.api_url }} AUTH_TOKEN: ${{ inputs.auth_token }} NETWORK_ID: ${{ inputs.network_id }} + SSO_EXEMPT: ${{ inputs.sso_exempt }} with: main: $GITHUB_ACTION_PATH/main.sh post: $GITHUB_ACTION_PATH/post.sh diff --git a/main.sh b/main.sh index 2814a64..a6b1683 100755 --- a/main.sh +++ b/main.sh @@ -21,10 +21,16 @@ echo "⏁ Authorizing Runner to ZeroTier network" MAX_RETRIES=10 RETRY_COUNT=0 +if [ "$SSO_EXEMPT" = "true" ]; then + MEMBER_CONFIG='{"authorized":true, "ssoExempt":true}' +else + MEMBER_CONFIG='{"authorized":true}' +fi + while ! curl -s -X POST \ -H "Authorization: token $AUTH_TOKEN" \ -H "Content-Type: application/json" \ - -d '{"name":"Zerotier GitHub Member '"${GITHUB_SHA::7}"'", "description": "Member created by '"${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"'", "config":{"authorized":true}}' \ + -d '{"name":"Zerotier GitHub Member '"${GITHUB_SHA::7}"'", "description": "Member created by '"${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"'", "config":'${MEMBER_CONFIG}'}' \ "$API_URL/network/$NETWORK_ID/member/${member_id}" | grep '"authorized":true'; do RETRY_COUNT=$((RETRY_COUNT + 1)) @@ -36,8 +42,8 @@ while ! curl -s -X POST \ echo "Authorization failed. Retrying in 2 seconds... (Attempt $RETRY_COUNT of $MAX_RETRIES)" sleep 2 done - echo "Member authorized successfully." + echo "⏁ Joining ZeroTier Network ID: $NETWORK_ID" case $(uname -s) in MINGW64_NT?*) @@ -49,4 +55,4 @@ MINGW64_NT?*) while ! sudo zerotier-cli listnetworks | grep $NETWORK_ID | grep OK; do sleep 0.5; done ;; esac - +echo "Connection is ready."