Add support for Gitlab CI

.github/workflows/docker.yml

@@ -0,0 +1,23 @@
+name: ci
+
+on:
+  push:
+    branches:
+      - "main"
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: tailscale/gitops-pusher:latest

.gitlab/tailscale-acls-gitops.yml

@@ -0,0 +1,15 @@
+image:
+  name: rdb91/gitops-pusher:latest
+  entrypoint: [""]
+
+validate tailscale acls:
+  script:
+    - gitops-pusher --policy-file=${TAILSCALE_POLICY_FILE:-policy.hujson} test
+
+push tailscale policy:
+  needs:
+    - validate tailscale acls
+  script:
+    - gitops-pusher --policy-file=${TAILSCALE_POLICY_FILE:-policy.hujson} apply
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

README.md

@@ -1,40 +1,42 @@
-# GitHub Action to Sync Tailscale ACLs
+# CI/CD config files to Sync Tailscale ACLs
 
-This GitHub action lets you manage your [tailnet policy file](https://tailscale.com/kb/1018/acls/) using a
+These configuration files let you manage your [tailnet policy file](https://tailscale.com/kb/1018/acls/) using a
 [GitOps](https://about.gitlab.com/topics/gitops/) workflow. With this GitHub
 action you can automatically manage your tailnet policy file using a git repository
-as your source of truth. 
+as your source of truth.
 
-## Inputs
+## Github Action
 
-### `tailnet`
+### Inputs
+
+#### `tailnet`
 
 **Required** The name of your tailnet. You can find it by opening [the admin
 panel](https://login.tailscale.com/admin) and copying down the name next to the
 Tailscale logo in the upper left hand corner of the page.
 
-### `api-key`
+#### `api-key`
 
 **Required** An API key authorized for your tailnet. You can get one [in the
 admin panel](https://login.tailscale.com/admin/settings/keys).
 
 Please note that API keys will expire in 90 days. Set up a monthly event to
 rotate your Tailscale API key.
 
-### `policy-file`
+#### `policy-file`
 
 **Optional** The path to your policy file in the repository. If not set this
 defaults to `policy.hujson` in the root of your repository.
 
-### `action`
+#### `action`
 
 **Required** One of `test` or `apply`. If you set `test`, the action will run
 ACL tests and not update the ACLs in Tailscale. If you set `apply`, the action
 will run ACL tests and then update the ACLs in Tailscale. This enables you to
 use pull requests to make changes with CI stopping you from pushing a bad change
 out to production.
 
-## Getting Started
+### Getting Started
 
 Set up a new GitHub repository that will contain your tailnet policy file. Open the [Access Controls page of the admin console](https://login.tailscale.com/admin/acls) and copy your policy file to
 a file in that repo called `policy.hujson`.
@@ -49,9 +51,9 @@ name: Sync Tailscale ACLs
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
 
 jobs:
   acls:
@@ -87,6 +89,23 @@ jobs:
           action: test
 ```
 
+## Gitlab CI
+
+You can include the YAML file contained in this repository:
+
+```yaml
+include:
+  - remote: "https://raw.githubusercontent.com/tailscale/gitops-acl-action/gitlab/.gitlab/tailscale-acls-gitops.yml"
+```
+
+This will generate two jobs. The first one (`validate tailscale acls`) tests the validity of the ACLs policy file (by default `policy.hujson`, but can be overridden by the env variable `TAILSCALE_POLICY_FILE`). It does it for every push. The next one (`push tailscale policy`) pushes the policies upstream.
+
+You can check this example project for future information: [tailscale-gitops-gitlab-example](https://gitlab.com/rdb-is/devops/tailscale-gitops-gitlab-example).
+
+You'll need to set the [CI/CD variables](https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-project) `TS_TAILNET` and `TS_API_KEY`.
+
+## Generate the required API keys
+
 Generate a new API key [here](https://login.tailscale.com/admin/settings/keys).
 
 Set a monthly calendar reminder to renew this key because Tailscale does not
@@ -95,8 +114,8 @@ that feature is implemented).
 
 Then open the secrets settings for your repo and add two secrets:
 
-* `TS_API_KEY`: Your Tailscale API key from the earlier step
-* `TS_TAILNET`: Your tailnet's name (it's next to the logo on the upper
+- `TS_API_KEY`: Your Tailscale API key from the earlier step
+- `TS_TAILNET`: Your tailnet's name (it's next to the logo on the upper
   left-hand corner of the [admin
   panel](https://login.tailscale.com/admin/machines))