📝 docs: Add README info about Gitlab

rdbisme · rdbisme · commit 3aa296cf424f · 2022-12-11T00:10:10.000+01:00
diff --git a/.gitlab/tailscale-acls-gitops.yml b/.gitlab/tailscale-acls-gitops.yml
@@ -6,7 +6,7 @@ validate tailscale acls:
   script:
     - gitops-pusher --policy-file=${TAILSCALE_POLICY_FILE:-policy.hujson} test
 
-push:
+push tailscale policy:
   needs:
     - validate tailscale acls
   script:
diff --git a/README.md b/README.md
@@ -1,40 +1,42 @@
-# GitHub Action to Sync Tailscale ACLs
+# CI/CD config files to Sync Tailscale ACLs
 
-This GitHub action lets you manage your [tailnet policy file](https://tailscale.com/kb/1018/acls/) using a
+These configuration files let you manage your [tailnet policy file](https://tailscale.com/kb/1018/acls/) using a
 [GitOps](https://about.gitlab.com/topics/gitops/) workflow. With this GitHub
 action you can automatically manage your tailnet policy file using a git repository
-as your source of truth. 
+as your source of truth.
 
-## Inputs
+## Github Action
 
-### `tailnet`
+### Inputs
+
+#### `tailnet`
 
 **Required** The name of your tailnet. You can find it by opening [the admin
 panel](https://login.tailscale.com/admin) and copying down the name next to the
 Tailscale logo in the upper left hand corner of the page.
 
-### `api-key`
+#### `api-key`
 
 **Required** An API key authorized for your tailnet. You can get one [in the
 admin panel](https://login.tailscale.com/admin/settings/keys).
 
 Please note that API keys will expire in 90 days. Set up a monthly event to
 rotate your Tailscale API key.
 
-### `policy-file`
+#### `policy-file`
 
 **Optional** The path to your policy file in the repository. If not set this
 defaults to `policy.hujson` in the root of your repository.
 
-### `action`
+#### `action`
 
 **Required** One of `test` or `apply`. If you set `test`, the action will run
 ACL tests and not update the ACLs in Tailscale. If you set `apply`, the action
 will run ACL tests and then update the ACLs in Tailscale. This enables you to
 use pull requests to make changes with CI stopping you from pushing a bad change
 out to production.
 
-## Getting Started
+### Getting Started
 
 Set up a new GitHub repository that will contain your tailnet policy file. Open the [Access Controls page of the admin console](https://login.tailscale.com/admin/acls) and copy your policy file to
 a file in that repo called `policy.hujson`.
@@ -49,9 +51,9 @@ name: Sync Tailscale ACLs
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
 
 jobs:
   acls:
@@ -87,6 +89,21 @@ jobs:
           action: test
 ```
 
+## Gitlab CI
+
+You can include the YAML file contained in this repository:
+
+```yaml
+include:
+  - remote: "https://raw.githubusercontent.com/rdbisme/gitops-acl-action/gitlab/.gitlab/tailscale-acls-gitops.yml"
+```
+
+This will generate two jobs. The first one (`validate tailscale acls`) tests the validity of the ACLs policy file (by default `policy.hujson`, but can be overridden by the env variable `TAILSCALE_POLICY_FILE`). It does it for every push. The next one (`push tailscale policy`) pushes the policies upstream.
+
+You can check this example project for future information: [tailscale-gitops-gitlab-example](https://gitlab.com/rdb-is/devops/tailscale-gitops-gitlab-example)
+
+## Generate the required API keys
+
 Generate a new API key [here](https://login.tailscale.com/admin/settings/keys).
 
 Set a monthly calendar reminder to renew this key because Tailscale does not
@@ -95,8 +112,8 @@ that feature is implemented).
 
 Then open the secrets settings for your repo and add two secrets:
 
-* `TS_API_KEY`: Your Tailscale API key from the earlier step
-* `TS_TAILNET`: Your tailnet's name (it's next to the logo on the upper
+- `TS_API_KEY`: Your Tailscale API key from the earlier step
+- `TS_TAILNET`: Your tailnet's name (it's next to the logo on the upper
   left-hand corner of the [admin
   panel](https://login.tailscale.com/admin/machines))
 
