Cache tailscale binary file

action.yml

@@ -48,6 +48,10 @@ inputs:
     description: 'Timeout for `tailscale up`'
     required: false
     default: '2m'
+  use-cache:
+    description: 'Whether to cache the Tailscale binaries (Linux/macOS) or installer (Windows)'
+    required: false
+    default: 'false'
 runs:
     using: 'composite'
     steps:
@@ -63,6 +67,7 @@ runs:
         run: |
           echo "::error title=⛔ error hint::OAuth identity empty, Maybe you need to populate it in the Secrets for your workflow, see more in https://docs.github.com/en/actions/security-guides/encrypted-secrets and https://tailscale.com/s/oauth-clients"
           exit 1
+
       - name: Set Resolved Version
         shell: bash
         run: |
@@ -74,11 +79,9 @@ runs:
           fi
           echo "RESOLVED_VERSION=$RESOLVED_VERSION" >> $GITHUB_ENV
           echo "Resolved Tailscale version: $RESOLVED_VERSION"
-      - name: Download Tailscale - Linux
+      - name: Set Tailscale Architecture - Linux
         if: ${{ runner.os == 'Linux' }}
         shell: bash
-        env:
-          SHA256SUM: ${{ inputs.sha256sum }}
         run: |
           if [ ${{ runner.arch }} = "ARM64" ]; then
             TS_ARCH="arm64"
@@ -89,6 +92,51 @@ runs:
           else
             TS_ARCH="amd64"
           fi
+          echo "TS_ARCH=$TS_ARCH" >> $GITHUB_ENV
+
+      - name: Set Tailscale Architecture - Windows
+        if: ${{ runner.os == 'Windows' }}
+        shell: bash
+        run: |
+          if [ ${{ runner.arch }} = "ARM64" ]; then
+            TS_ARCH="arm64"
+          elif [ ${{ runner.arch }} = "X86" ]; then
+            TS_ARCH="x86"
+          else
+            TS_ARCH="amd64"
+          fi
+          echo "TS_ARCH=$TS_ARCH" >> $GITHUB_ENV
+
+      - name: Set SHA256 - Linux
+        if: ${{ runner.os == 'Linux' }}
+        shell: bash
+        run: |
+          MINOR=$(echo "$RESOLVED_VERSION" | awk -F '.' {'print $2'})
+          if [ $((MINOR % 2)) -eq 0 ]; then
+            URL="https://pkgs.tailscale.com/stable/tailscale_${RESOLVED_VERSION}_${TS_ARCH}.tgz.sha256"
+          else
+            URL="https://pkgs.tailscale.com/unstable/tailscale_${RESOLVED_VERSION}_${TS_ARCH}.tgz.sha256"
+          fi
+
+          if [[ "${{ inputs.sha256sum }}" ]]; then
+            SHA256SUM="${{ inputs.sha256sum }}"
+          else
+            SHA256SUM="$(curl -H user-agent:tailscale-github-action -L "${URL}" --fail)"
+          fi
+          echo "SHA256SUM=$SHA256SUM" >> $GITHUB_ENV
+
+      - name: Cache Tailscale Binary - Linux
+        if: ${{ inputs.use-cache == 'true' && runner.os == 'Linux' }}
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        id: cache-tailscale-linux
+        with:
+          path: tailscale.tgz
+          key: ${{ runner.os }}-tailscale-${{ env.RESOLVED_VERSION }}-${{ env.TS_ARCH }}-${{ env.SHA256SUM }}
+
+      - name: Download Tailscale - Linux
+        if: ${{ runner.os == 'Linux' && (inputs.use-cache != 'true' || steps.cache-tailscale-linux.outputs.cache-hit != 'true') }}
+        shell: bash
+        run: |
           MINOR=$(echo "$RESOLVED_VERSION" | awk -F '.' {'print $2'})
           if [ $((MINOR % 2)) -eq 0 ]; then
             URL="https://pkgs.tailscale.com/stable/tailscale_${RESOLVED_VERSION}_${TS_ARCH}.tgz"
@@ -97,29 +145,48 @@ runs:
           fi
           echo "Downloading $URL"
           curl -H user-agent:tailscale-github-action -L "$URL" -o tailscale.tgz --max-time 300 --fail
-          if ! [[ "$SHA256SUM" ]] ; then
-            SHA256SUM="$(curl -H user-agent:tailscale-github-action -L "${URL}.sha256" --fail)"
-          fi
           echo "Expected sha256: $SHA256SUM"
           echo "Actual sha256: $(sha256sum tailscale.tgz)"
           echo "$SHA256SUM  tailscale.tgz" | sha256sum -c
+
+      - name: Install Tailscale - Linux
+        if: ${{ runner.os == 'Linux' }}
+        shell: bash
+        run: |
           tar -C /tmp -xzf tailscale.tgz
-          rm tailscale.tgz
           TSPATH=/tmp/tailscale_${RESOLVED_VERSION}_${TS_ARCH}
           sudo mv "${TSPATH}/tailscale" "${TSPATH}/tailscaled" /usr/bin
-      - name: Download Tailscale - Windows
+
+      - name: Set SHA256 - Windows
         if: ${{ runner.os == 'Windows' }}
         shell: bash
-        env:
-          SHA256SUM: ${{ inputs.sha256sum }}
         run: |
-          if [ ${{ runner.arch }} = "ARM64" ]; then
-            TS_ARCH="arm64"
-          elif [ ${{ runner.arch }} = "X86" ]; then
-            TS_ARCH="x86"
+          MINOR=$(echo "$RESOLVED_VERSION" | awk -F '.' {'print $2'})
+          if [ $((MINOR % 2)) -eq 0 ]; then
+            URL="https://pkgs.tailscale.com/stable/tailscale-setup-${RESOLVED_VERSION}-${TS_ARCH}.msi.sha256"
           else
-            TS_ARCH="amd64"
+            URL="https://pkgs.tailscale.com/unstable/tailscale-setup-${RESOLVED_VERSION}-${TS_ARCH}.msi.sha256"
           fi
+
+          if [[ "${{ inputs.sha256sum }}" ]]; then
+            SHA256SUM="${{ inputs.sha256sum }}"
+          else
+            SHA256SUM="$(curl -H user-agent:tailscale-github-action -L "${URL}" --fail)"
+          fi
+          echo "SHA256SUM=$SHA256SUM" >> $GITHUB_ENV
+
+      - name: Cache Tailscale Binary - Windows
+        if: ${{ inputs.use-cache == 'true' && runner.os == 'Windows' }}
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        id: cache-tailscale-windows
+        with:
+          path: tailscale.msi
+          key: ${{ runner.os }}-tailscale-${{ env.RESOLVED_VERSION }}-${{ env.TS_ARCH }}-${{ env.SHA256SUM }}
+
+      - name: Download Tailscale - Windows
+        if: ${{ runner.os == 'Windows' && (inputs.use-cache != 'true' || steps.cache-tailscale-windows.outputs.cache-hit != 'true') }}
+        shell: bash
+        run: |
           MINOR=$(echo "$RESOLVED_VERSION" | awk -F '.' {'print $2'})
           if [ $((MINOR % 2)) -eq 0 ]; then
             URL="https://pkgs.tailscale.com/stable/tailscale-setup-${RESOLVED_VERSION}-${TS_ARCH}.msi"
@@ -128,9 +195,6 @@ runs:
           fi
           echo "Downloading $URL"
           curl -H user-agent:tailscale-github-action -L "$URL" -o tailscale.msi --max-time 300 --fail
-          if ! [[ "$SHA256SUM" ]] ; then
-            SHA256SUM="$(curl -H user-agent:tailscale-github-action -L "${URL}.sha256" --fail)"
-          fi
           echo "Expected sha256: $SHA256SUM"
           echo "Actual sha256: $(sha256sum tailscale.msi)"
           echo "$SHA256SUM  tailscale.msi" | sha256sum -c
@@ -140,16 +204,25 @@ runs:
         run: |
           Start-Process "C:\Windows\System32\msiexec.exe" -Wait -ArgumentList @('/quiet', '/l*v tailscale.log', '/i', 'tailscale.msi')
           Add-Content $env:GITHUB_PATH "C:\Program Files\Tailscale\"
-          Remove-Item tailscale.msi -Force;
       - name: Checkout Tailscale repo - macOS
+        id: checkout-tailscale-macos
         if: ${{ runner.os == 'macOS' }}
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           repository: tailscale/tailscale
           path: ${{ github.workspace }}/tailscale
           ref: v${{ env.RESOLVED_VERSION }}
+      - name: Cache Tailscale - macOS
+        if: ${{ inputs.use-cache == 'true' && runner.os == 'macOS' }}
+        id: cache-tailscale-macos
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        with:
+          path: |
+            /usr/local/bin/tailscale
+            /usr/local/bin/tailscaled
+          key: ${{ runner.os }}-tailscale-${{ env.RESOLVED_VERSION }}-${{ runner.arch }}-${{ steps.checkout-tailscale-macos.outputs.commit }}
       - name: Build Tailscale binaries - macOS
-        if: ${{ runner.os == 'macOS' }}
+        if: ${{ runner.os == 'macOS' && (inputs.use-cache != 'true' || steps.cache-tailscale-macos.outputs.cache-hit != 'true') }}
         shell: bash
         run: |
           cd tailscale