search

actions / runner-container-hooks

Runner Container Hooks for GitHub Actions
MIT License
73 stars 44 forks source link

Execution problem if proxy environment variables are set #141

Open Cuc83 opened 7 months ago

Cuc83 commented 7 months ago

We installed ARC using the instruction provided by the official guide but we're facing with some issues about proxy server usage.

To better explain, please consider the following simple workflow definition:

name: CI
on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]
  workflow_dispatch:
jobs:
  Echo:
    runs-on: [ kubernetes-test ]
    container:
      image: nexus.my-domain.eu:50003/ubuntu:latest
    steps:  
      - name: Echo
        run: echo hello

where kubernetes-test is our Actions Runner Controller installed in our kubernetes cluster.

The result of this job execution is OK ("hello" is printed out).

We added another step after "Echo" that make use of an Action available on GitHub.com marketplace developed by a Verified Publisher (as our policy allows to do).

      - name: ActionFromGitHubComMarketPlace
        uses: sonarsource/sonarqube-quality-gate-action@master
        with:
          scanMetadataReportFile: target/sonar/report-task.txt

At this point, the job is not able to download the action package from internet with the following error message:

Warning: Failed to download action 'https://api.github.com/repos/SonarSource/sonarqube-quality-gate-action/tarball/f9fe214a5be5769c40619de2fff2726c36d2d5eb'. Error: The request was canceled due to the configured HttpClient.Timeout of 100 seconds elapsing.
Warning: Back off 16.289 seconds before retry.
Warning: Failed to download action 'https://api.github.com/repos/SonarSource/sonarqube-quality-gate-action/tarball/f9fe214a5be5769c40619de2fff2726c36d2d5eb'. Error: The request was canceled due to the configured HttpClient.Timeout of 100 seconds elapsing.
Warning: Back off 20.598 seconds before retry.
Error: Action 'https://api.github.com/repos/SonarSource/sonarqube-quality-gate-action/tarball/f9fe214a5be5769c40619de2fff2726c36d2d5eb' download has timed out. Error: The request was canceled due to the configured HttpClient.Timeout of 100 seconds elapsing.
##[debug]System.TimeoutException: Action 'https://api.github.com/repos/SonarSource/sonarqube-quality-gate-action/tarball/f9fe214a5be5769c40619de2fff2726c36d2d5eb' download has timed out. Error: The request was canceled due to the configured HttpClient.Timeout of 100 seconds elapsing.
##[debug]   at GitHub.Runner.Worker.ActionManager.DownloadRepositoryArchive(IExecutionContext executionContext, String downloadUrl, String downloadAuthToken, String archiveFile)
##[debug]   at GitHub.Runner.Worker.ActionManager.DownloadRepositoryActionAsync(IExecutionContext executionContext, ActionDownloadInfo downloadInfo)
##[debug]   at GitHub.Runner.Worker.ActionManager.PrepareActionsRecursiveAsync(IExecutionContext executionContext, PrepareActionsState state, IEnumerable`1 actions, Int32 depth, Guid parentStepId)
##[debug]   at GitHub.Runner.Worker.ActionManager.PrepareActionsAsync(IExecutionContext executionContext, IEnumerable`1 steps, Guid rootStepId)
##[debug]   at GitHub.Runner.Worker.JobExtension.InitializeJob(IExecutionContext jobContext, AgentJobRequestMessage message)
##[debug]Finishing: Set up job

To solve this problem letting the runner reach internet through our company proxy server, we set the following variables at Runner level:

http_proxy=http://applicationproxy.my-domain.eu:8080
https_proxy=http://applicationproxy.my-domain.eu:8080
no_proxy=.my-domain.eu

No authentication is required by the proxy server.

At this point the proxy is correctly set and, therefore, the action is correctly downloaded as you can see there:

Current runner version: '2.313.0'
Runner name: 'kubernetes-test-n9klp-runner-tnm8t'
Runner group name: 'Default'
Machine name: 'kubernetes-test-n9klp-runner-tnm8t'
GITHUB_TOKEN Permissions
Secret source: Actions
Runner is running behind proxy server 'http://applicationproxy.my-domain.eu:8080' for all HTTP requests.
Runner is running behind proxy server 'http://applicationproxy.my-domain.eu:8080' for all HTTPS requests.
Prepare workflow directory
Prepare all required actions
Getting action download info
Download action repository 'sonarsource/sonarqube-quality-gate-action@master' (SHA:f9fe214a5be5769c40619de2fff2726c36d2d5eb)
Complete job name: Echo
The problem is that if we set the proxy variables, the working "Echo" step described at the beginning doesn't work anymore.
This is the error message:

##[debug]Evaluating condition for step: 'Initialize containers'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: Initialize containers
##[debug]Register post job cleanup for stopping/deleting containers.
Run '/home/runner/k8s/index.js'
##[debug]/home/runner/externals/node16/bin/node /home/runner/k8s/index.js
(node:1050) [DEP0123] DeprecationWarning: Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version.
(Use `node --trace-deprecation ...` to show where the warning was created)
Error: Error: Client network socket disconnected before secure TLS connection was established
Error: Process completed with exit code 1.
Error: Executing the custom container implementation failed. Please contact your self hosted runner administrator.
##[debug]System.Exception: Executing the custom container implementation failed. Please contact your self hosted runner administrator.
##[debug] ---> System.Exception: The hook script at '/home/runner/k8s/index.js' running command 'PrepareJob' did not execute successfully
##[debug]   at GitHub.Runner.Worker.Container.ContainerHooks.ContainerHookManager.ExecuteHookScript[T](IExecutionContext context, HookInput input, ActionRunStage stage, String prependPath)
##[debug]   --- End of inner exception stack trace ---
##[debug]   at GitHub.Runner.Worker.Container.ContainerHooks.ContainerHookManager.ExecuteHookScript[T](IExecutionContext context, HookInput input, ActionRunStage stage, String prependPath)
##[debug]   at GitHub.Runner.Worker.Container.ContainerHooks.ContainerHookManager.PrepareJobAsync(IExecutionContext context, List`1 containers)
##[debug]   at GitHub.Runner.Worker.ContainerOperationProvider.StartContainersAsync(IExecutionContext executionContext, Object data)
##[debug]   at GitHub.Runner.Worker.JobExtensionRunner.RunAsync()
##[debug]   at GitHub.Runner.Worker.StepsRunner.RunStepAsync(IStep step, CancellationToken jobCancellationToken)
##[debug]Finishing: Initialize containers

At this point we tried to remove the step "ActionFromGitHubComMarketPlace" that refeers to marketplace action leaving the proxy variables setted but the above error remains.

So we're in a situation in which if we do not set the proxy variables, the pipeline runs but only with GHES bundled actions (no marketplace access) and if we set them nothing works, also the steps that doen't refeer to remote actions.

How can we set the proxy without breaking the pipeline execution?

nikola-jokic commented 6 months ago

Hey @Cuc83,

I think you need to set no_proxy for k8s in order to make it work. I assume the IP is in 10.x.x.x range so you can try 10.0.0.1/8 or 10.0.0.1

Cuc83 commented 6 months ago

I tried using no_proxy=10.0.0.0/8,.mycompany.domain but did not solve the problem.