{action.yml,.github}: add support for windows

WIP on adding windows support

Author: mpminardi

.github/workflows/tailscale.yml

@@ -4,14 +4,17 @@ on:
   workflow_dispatch:
   push:
     branches:
-      - main
+      - 'mpminardi/windows-support'
   pull_request:
     branches:
       - '*'
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
     steps:
       - name: Check out code
         uses: actions/checkout@v2
@@ -24,5 +27,6 @@ jobs:
           tags: tag:ci
 
       - name: check for hello.ts.net in netmap
+        shell: bash
         run:
           tailscale status | grep -q hello

action.yml

@@ -52,20 +52,20 @@ runs:
     using: 'composite'
     steps:
       - name: Check Runner OS
-        if: ${{ runner.os != 'Linux' }}
+        if: ${{ runner.os != 'Linux' && runner.os != 'Windows' }}
         shell: bash
         run: |
-          echo "::error title=⛔ error hint::Support Linux Only"
+          echo "::error title=⛔ error hint::Support Linux or Windows Only"
           exit 1
       - name: Check Auth Info Empty
         if: ${{ inputs.authkey == '' && (inputs['oauth-secret'] == '' || inputs.tags == '') }}
         shell: bash
         run: |
           echo "::error title=⛔ error hint::OAuth identity empty, Maybe you need to populate it in the Secrets for your workflow, see more in https://docs.github.com/en/actions/security-guides/encrypted-secrets and https://tailscale.com/s/oauth-clients"
           exit 1
-      - name: Download Tailscale
+      - name: Download Tailscale - Linux
+        if: ${{ runner.os == 'Linux' }}
         shell: bash
-        id: download
         env:
           VERSION: ${{ inputs.version }}
           SHA256SUM: ${{ inputs.sha256sum }}
@@ -103,7 +103,49 @@ runs:
           rm tailscale.tgz
           TSPATH=/tmp/tailscale_${VERSION}_${TS_ARCH}
           sudo mv "${TSPATH}/tailscale" "${TSPATH}/tailscaled" /usr/bin
-      - name: Start Tailscale Daemon
+      - name: Download Tailscale - Windows
+        if: ${{ runner.os == 'Windows' }}
+        shell: bash
+        env:
+          VERSION: ${{ inputs.version }}
+          SHA256SUM: ${{ inputs.sha256sum }}
+        run: |
+          if [ "$VERSION" = "latest" ]; then
+            VERSION=$(curl -s "https://pkgs.tailscale.com/stable/?mode=json" | jq -r .Version)
+            echo "Latest Tailscale version: $VERSION"
+          fi
+          if [ X64 = "ARM64" ]; then
+            TS_ARCH="arm64"
+          elif [ X64 = "X86" ]; then
+            TS_ARCH="x86"
+          elif [ X64 = "X64" ]; then
+            TS_ARCH="amd64"
+          else
+            TS_ARCH="amd64"
+          fi
+          MINOR=$(echo "$VERSION" | awk -F '.' {'print $2'})
+          if [ $((MINOR % 2)) -eq 0 ]; then
+            URL="https://pkgs.tailscale.com/stable/tailscale-setup-${VERSION}-${TS_ARCH}.msi"
+          else
+            URL="https://pkgs.tailscale.com/unstable/tailscale-setup-${VERSION}-${TS_ARCH}.msi"
+          fi
+          echo "Downloading $URL"
+          curl -H user-agent:tailscale-github-action -L "$URL" -o tailscale.msi --max-time 300 --fail
+          if ! [[ "$SHA256SUM" ]] ; then
+            SHA256SUM="$(curl -H user-agent:tailscale-github-action -L "${URL}.sha256" --fail)"
+          fi
+          echo "Expected sha256: $SHA256SUM"
+          echo "Actual sha256: $(sha256sum tailscale.msi)"
+          echo "$SHA256SUM  tailscale.msi" | sha256sum -c
+      - name: Install Tailscale - Windows
+        if: ${{ runner.os == 'Windows' }}
+        shell: pwsh
+        run: |
+          Start-Process "C:\Windows\System32\msiexec.exe" -Wait -ArgumentList @('/quiet', '/l*v tailscale.log', '/i', 'tailscale.msi')
+          Add-Content $env:GITHUB_PATH "C:\Program Files\Tailscale\"
+          Remove-Item tailscale.msi -Force;
+      - name: Start Tailscale Daemon - Linux
+        if: ${{ runner.os == 'Linux' }}
         shell: bash
         env:
           ADDITIONAL_DAEMON_ARGS: ${{ inputs.tailscaled-args }}
@@ -120,7 +162,8 @@ runs:
           # for it. And --json will make it exit with status 0 even if we're logged
           # out (as we will be). Without --json it returns an error if we're not up.
           sudo -E tailscale status --json >/dev/null
-      - name: Connect to Tailscale
+      - name: Connect to Tailscale - Linux
+        if: ${{ runner.os == 'Linux' }}
         shell: bash
         env:
           ADDITIONAL_ARGS: ${{ inputs.args }}
@@ -137,3 +180,21 @@ runs:
             TAGS_ARG="--advertise-tags=${{ inputs.tags }}"
           fi
           timeout --verbose --kill-after=1s ${TIMEOUT} sudo -E tailscale up ${TAGS_ARG} --authkey=${TAILSCALE_AUTHKEY} --hostname=${HOSTNAME} --accept-routes ${ADDITIONAL_ARGS}
+      - name: Connect to Tailscale - Windows
+        if: ${{ runner.os == 'Windows' }}
+        shell: bash
+        env:
+          ADDITIONAL_ARGS: ${{ inputs.args }}
+          HOSTNAME: ${{ inputs.hostname }}
+          TAILSCALE_AUTHKEY: ${{ inputs.authkey }}
+          TIMEOUT: ${{ inputs.timeout }}
+          TS_EXPERIMENT_OAUTH_AUTHKEY: true
+        run: |
+          if [ -z "${HOSTNAME}" ]; then
+            HOSTNAME="github-$(cat /etc/hostname)"
+          fi
+          if [ -n "${{ inputs['oauth-secret'] }}" ]; then
+            TAILSCALE_AUTHKEY="${{ inputs['oauth-secret'] }}?preauthorized=true&ephemeral=true"
+            TAGS_ARG="--advertise-tags=${{ inputs.tags }}"
+          fi
+          timeout --verbose --kill-after=1s ${TIMEOUT} tailscale up ${TAGS_ARG} --authkey=${TAILSCALE_AUTHKEY} --hostname=${HOSTNAME} --accept-routes ${ADDITIONAL_ARGS}