Remove Tailscale + K3s deploy from GitHub Actions #12

New issue

Open

opened 2026-05-28 00:03:32 +00:00 by coilysiren · 0 comments

coilysiren commented

2026-05-28 00:03:32 +00:00

Owner

Problem

.github/workflows/build-and-publish.yml runs a deploy job that joins the tailnet via Tailscale OIDC and shells k3s ctr / kubectl into kai-server. GitHub Actions should no longer touch K3s or the tailnet in any circumstance — pull-side update already covers redeploys.

Proposal

Delete the deploy job entirely (Tailscale join, image sideload, kubectl rollout).
Keep the test job.
After merge, Kai unsets the repo's TS_CLIENT_ID / TS_AUDIENCE / SENTRY_DSN secrets if no longer needed, and removes the federated identity entry from coilysiren/infrastructure/terraform/tailscale-oidc/.

Acceptance

Workflow has no Tailscale or K3s steps.
test job still runs on push to main.

**Problem** `.github/workflows/build-and-publish.yml` runs a `deploy` job that joins the tailnet via Tailscale OIDC and shells `k3s ctr` / `kubectl` into kai-server. GitHub Actions should no longer touch K3s or the tailnet in any circumstance — pull-side update already covers redeploys. **Proposal** - Delete the `deploy` job entirely (Tailscale join, image sideload, kubectl rollout). - Keep the `test` job. - After merge, Kai unsets the repo's `TS_CLIENT_ID` / `TS_AUDIENCE` / `SENTRY_DSN` secrets if no longer needed, and removes the federated identity entry from `coilysiren/infrastructure/terraform/tailscale-oidc/`. **Acceptance** - Workflow has no Tailscale or K3s steps. - `test` job still runs on push to `main`.

coilysiren referenced this issue from coilyco-flight-deck/infrastructure

2026-05-28 00:17:55 +00:00

Revoke GH Actions tailnet credentials after rip-out sweep #160

coilysiren referenced this issue from a commit

2026-05-28 04:45:51 +00:00

chore(catalog): migrate dependsOn to scheme-less URLs, drop providesApis

coilysiren added the

label

2026-05-31 01:54:26 +00:00

coilysiren added

and removed

labels