search

cygwin / cygwin-install-action

GitHub action to install Cygwin
GNU General Public License v3.0
21 stars 10 forks source link

Invoke-WebRequest to "https://cygwin.com/setup-$platform.exe" failing sporadically #9

Open Edward-Knight opened 1 year ago

Edward-Knight commented 1 year ago

This Action is used in indygreg/python-build-standalone, and I'm seeing some sporadic failures on the line:

Invoke-WebRequest https://cygwin.com/setup-$platform.exe -OutFile C:\setup.exe

https://github.com/cygwin/cygwin-install-action/blob/006ad0b0946ca6d0a3ea2d4437677fa767392401/action.yml#L45C9-L45C87

Usage here:

- name: Install Cygwin Environment
  uses: cygwin/cygwin-install-action@49f298a7ebb00d4b3ddf58000c3e78eff5fbd6b9
  with:
    packages: autoconf automake libtool

https://github.com/indygreg/python-build-standalone/blob/85923ca3911784e6978b85d56e06e9ae75cb2dc4/.github/workflows/windows.yml#L61-L64

Failures look like:

Invoke-WebRequest https://cygwin.com/setup-$platform.exe -OutFile C:\setup.exe
  shell: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -command ". '{0}'"
Invoke-WebRequest : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

example 1, example 2

This looks like a sporadic network failure, but I'm unclear where exactly the problem is. I'm thinking this could potentially be made reliable with a retry mechanism. Would you be open to a patch that implements this?

jon-turney commented 1 year ago

There was a configuration error on cygwin.com (apache wasn't restarted after the certifcate was updated, so some connections were still being presented with an old certificate which expired on the 18-Jun-2023) . This was resolved around 18:00 UTC 20-Jun-2023.

I did see this error a couple of times in that time window, and assumed it was caused by that misconfiguration. If this problem still persists, then I guess the cause must be something different.

Independent of that, yes, a patch to retry, improving robustness against transient failures of any kind, sounds like a good idea.

Edward-Knight commented 1 year ago

Excellent, that matches up with the failures I was seeing. I had originally discounted that it was actually a certificate issue based on the small window of time I was looking at and the random nature of the issue.

I'm happy that this is resolved, thank you for confirming the issue and communicating it here!

beutlich commented 5 months ago

Seems to happen again:

https://github.com/modelica/ModelicaStandardLibrary/actions/runs/8635712755/job/23674455815#step:4:393

jon-turney commented 5 months ago

There is some sort of incident with sourceware connectivity presently: https://fosstodon.org/@sourceware/112247941377987967

jon-turney commented 5 months ago

Independent of that, yes, a patch to retry, improving robustness against transient failures of any kind, sounds like a good idea.

This still needs doing. (and there are also other things we could do to improve the availability of the resource we're trying to fetch here)