Skip to content

SSO exempt #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
s1owjke wants to merge 2 commits into
base: main
Choose a base branch
from
Open

SSO exempt #33

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
381bc4f
Make it work with single sign-on (SSO) authentication
s1owjke Sep 13, 2025
9973640
Fix member config
s1owjke Sep 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,3 +48,16 @@ It then uses the supplied `auth_token` to authorize the runner onto the network.

After the workflow has completed, a `post` step automatically cleans
up by removing the runner from the network.

----

If your network uses SSO authentication, set `sso_exempt` to `true` to allow the GitHub runner to bypass SSO requirements and connect automatically.

```yaml
- name: ZeroTier
uses: zerotier/github-action@v1.0.1
with:
network_id: ${{ secrets.ZEROTIER_NETWORK_ID }}
auth_token: ${{ secrets.ZEROTIER_CENTRAL_TOKEN }}
sso_exempt: true
```
4 changes: 4 additions & 0 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ inputs:
description: "ZeroTier Central API URL"
required: false
default: "https://my.zerotier.com/api/v1"
sso_exempt:
description: "Exclude from SSO"
required: false

runs:
using: "composite"
Expand All @@ -28,6 +31,7 @@ runs:
API_URL: ${{ inputs.api_url }}
AUTH_TOKEN: ${{ inputs.auth_token }}
NETWORK_ID: ${{ inputs.network_id }}
SSO_EXEMPT: ${{ inputs.sso_exempt }}
with:
main: $GITHUB_ACTION_PATH/main.sh
post: $GITHUB_ACTION_PATH/post.sh
12 changes: 9 additions & 3 deletions main.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,16 @@ echo "⏁ Authorizing Runner to ZeroTier network"
MAX_RETRIES=10
RETRY_COUNT=0

if [ "$SSO_EXEMPT" = "true" ]; then
MEMBER_CONFIG='{"authorized":true, "ssoExempt":true}'
else
MEMBER_CONFIG='{"authorized":true}'
fi

while ! curl -s -X POST \
-H "Authorization: token $AUTH_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name":"Zerotier GitHub Member '"${GITHUB_SHA::7}"'", "description": "Member created by '"${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"'", "config":{"authorized":true}}' \
-d '{"name":"Zerotier GitHub Member '"${GITHUB_SHA::7}"'", "description": "Member created by '"${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"'", "config":'${MEMBER_CONFIG}'}' \
"$API_URL/network/$NETWORK_ID/member/${member_id}" | grep '"authorized":true'; do
RETRY_COUNT=$((RETRY_COUNT + 1))

Expand All @@ -36,8 +42,8 @@ while ! curl -s -X POST \
echo "Authorization failed. Retrying in 2 seconds... (Attempt $RETRY_COUNT of $MAX_RETRIES)"
sleep 2
done

echo "Member authorized successfully."

echo "⏁ Joining ZeroTier Network ID: $NETWORK_ID"
case $(uname -s) in
MINGW64_NT?*)
Expand All @@ -49,4 +55,4 @@ MINGW64_NT?*)
while ! sudo zerotier-cli listnetworks | grep $NETWORK_ID | grep OK; do sleep 0.5; done
;;
esac

echo "Connection is ready."