Developer Tools●Mid
Gcrunner – Run GitHub Actions on Google Cloud VMs
Yet another self-hosted runner wrapper—GitHub already supports this natively.
Solve My Problem
memothon
102mo ago
Back to browse
GitHub Repository
A GitHub Action that creates a secure, temporary bridge to your private network via Tailscale to deploy or update stacks on a Portainer instance. No public ports, no VPN juggling—just secure CI/CD.
4 starsTypeScript
GitHub Action to deploy to Portainer over Tailscale (no open ports)
by sankalpnarula·Feb 20, 2026·1 point·0 comments
AI Analysis
●●SolidSolve My ProblemDark Horse
Ephemeral Tailscale OAuth + Portainer API eliminates port exposure for home server CD.
Strengths
- •Ephemeral OAuth nodes (no long-lived keys) + auto-cleanup even on failure eliminates credential sprawl
- •MagicDNS + auto-endpoint detection means zero manual Tailscale config for single-endpoint setups
- •Covers full stack lifecycle (create/update/delete) plus private registry auth in one action
Weaknesses
- •Solves niche pain (home servers + Portainer); enterprise uses reverse proxy or managed container services
- •Requires Tailscale subscription and Portainer access—not applicable to teams without existing infrastructure
Category
Target Audience
Self-hosted Portainer users, home lab/edge deployment teams, security-conscious DevOps engineers
Similar To
ArgoCD (GitOps, but public clusters) · Portainer Community Edition (local, no remote CD) · Ansible + Tailscale (manual orchestration)
Post Description
I built a GitHub Action that lets you deploy Docker stacks to a Portainer instance sitting behind a private network — without opening any ports to the internet.
The action spins up an ephemeral Tailscale node during the CI run using OAuth (so it never needs a long-lived auth key), reaches your Portainer API over the tailnet, deploys or updates your stack, then immediately logs the node out on cleanup — even if the job fails.
The problem I was trying to solve: I run Portainer on a home server and didn't want to expose port 9443 publicly or set up a reverse proxy just to enable CD from GitHub Actions. Tailscale already handled my VPN — I just needed the CI runner to join the tailnet temporarily.
It supports stack create/update/delete, private registry auth (GHCR, Docker Hub, etc.), env var injection, MagicDNS hostnames, and auto-detects your Portainer endpoint if you only have one.
Marketplace: https://github.com/marketplace/actions/portainer-tailscale-d... Happy to answer questions — feedback welcome, especially if you use Portainer + Tailscale differently.
Similar Projects
Developer Tools●●Solid
CodeRocket Deploy – AI generates GitHub Actions workflows in 60 seconds
Claude-powered GitHub Actions scaffolding when Vercel, Railway, and native GH Actions already solve this.
Solve My ProblemShip It
mlgraham
103mo ago
Security●Mid
Proving sdocs.dev is running the public code
SHA-256 hash verification via CI, but reproducible builds already solve this.
Niche Gem
FailMore
201mo ago
Infrastructure●●Solid
Spawn – Deploy and Self-Heal Any GitHub Repo
It uses an LLM not just for scaffolding but as an active repair agent: Claude generates Dockerfiles, diagnoses crashes (diagnoseCrash) and can trigger redeploys or memory scaling. The architecture ties BullMQ, Fly Machines and a 30s health loop into a real feedback loop — clever and ambitious, but it also leans heavily on Claude + Fly/Supabase so expect nontrivial setup and vendor/LLM dependency.
WizardryBold Bet
gauravguitara
103mo ago
Security●●●Banger
Abom – Actions Bill of Materials for GitHub Actions Supply Chains
SBOMs for CI/CD pipelines catch transitive action deps that grep misses entirely.
Solve My ProblemDark Horse
julietsecurity
212mo ago
Infrastructure●●Solid
ClawRun – Deploy AI agents into secure sandboxes with one command
Firecracker sandboxes with snapshot hibernation solve the always-on cost problem for agents.
Ship ItSolve My Problem
afshinmeh
302mo ago