Sign inRequest DemoTry for free
managing twingate
additional resources

CI/CD Configuration

To help you incorporate the Twingate Services and Clients in headless mode into your CI/CD pipelines, we’ve included some sample configurations in a public Github repository, which are included in our automated testing.

Marketplace: Github Action

→ “Connect to Twingate” Action on Github Marketplace

We’ve published a simple Github Action to connect to Twingate that you can incorporate into any Github workflow.

The action will:

  • Install the Twingate headless Client
  • Configure it using the Twingate Service Key that you supply
  • Start the Twingate headless Client

At the end of this process, your workflow will be connected to Twingate and be able to access the Resources assigned to the Service.

Example github-actions-demo.yaml file:

name: Twingate on GitHub Actions Demo
on: [push]
jobs:
  Twingate-GitHub-Actions:
    runs-on: ubuntu-latest
    steps:
      - name: Install Twingate
        run: |
          echo "deb [trusted=yes] https://packages.twingate.com/apt/ /" | sudo tee /etc/apt/sources.list.d/twingate.list
          sudo apt update -yq
          sudo apt install -yq twingate


      - name: Setup and start Twingate
        env:
          TWINGATE_SERVICE_KEY: ${{ secrets.SERVICE_KEY }}
        run: |
          echo $TWINGATE_SERVICE_KEY | sudo twingate setup --headless=-
          sudo twingate start


      - name: (optional) Twingate status
        run: twingate status


      - name: (optional) Twingate logs
        run: journalctl -u twingate


      - name: Access a secure resource
        env:
          TEST_URL: http://business.prod.beamreachinc.int/
        run: |
          echo Calling $TEST_URL 🚀
          curl -v $TEST_URL


      - name: Access a public resource
        env:
          TEST_URL: https://www.twingate.com/
        run: |
          echo Calling $TEST_URL 🚀
          curl -v $TEST_URL


      - run: echo "SUCCESS!!! 🤩 This job's status is ${{ job.status }}."


      - name: Stop Twingate
        run: sudo twingate stop

Example: CircleCI

We’ve included three steps to install & start, test, and then stop the Twingate Client in headless mode.

  • The $SERVICE_KEY is base64 encoded due to a CircleCI requirement around variable storage and requires decoding before being passed to twingate setup.
  • $TEST_URL is configured as a Resource only accessible while Twingate is connected.
  • The base operating system is Ubuntu. If you are unable to use Ubuntu as your base OS, note that the Linux Client may not be compatible with other distributions.

Example config.yaml file:

version: 2.1


jobs:
  headless_client:
    machine:
      image: ubuntu-2004:202107-02
    steps:
      - run:
          name: Start Twingate
          command: |
            # install
            sudo apt update -yq
            sudo apt install -yq ca-certificates
            echo "deb [trusted=yes] https://packages.twingate.com/apt/ /" | sudo tee /etc/apt/sources.list.d/twingate.list
            sudo apt update -yq
            sudo apt install -yq twingate
            # setup and start
            echo "$SERVICE_KEY" | base64 --decode | sudo twingate setup --headless=-
            sudo twingate start
            # collect logs
            sudo journalctl -u twingate --no-pager | tail -n 20
      - run:
          name: Test Access
          command: |
            # test protected resource
            curl -v -m 10 "$TEST_URL" > /dev/null
            # test public resource
            curl -v -m 10 http://twingate.com > /dev/null
      - run:
          name: Stop Twingate
          command: |
            # stop
            sudo twingate stop
            # test public resource after stop
            curl -v -m 10 http://twingate.com > /dev/null
workflows:
  test:
    jobs:
      - headless_client

Last updated 2 months ago