search

myoung34 / docker-github-actions-runner

This will run the new self-hosted github actions runners with docker-in-docker
GNU General Public License v3.0
1.59k stars 379 forks source link

The user 'System:PublicAccess;aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' is not authorized to access this resource. #375

Closed hm537 closed 1 month ago

hm537 commented 1 month ago

hi, First of all, thanks for your great works! I have deployed runner with ephemeral mode on three build servers for months and they've been working normally until today, one of the runners suddenly unable to register on github and I found the error: "The user 'System:PublicAccess;aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' is not authorized to access this resource." in docker logs. Is there any method to get more logs for troubleshooting?

ephemeral-github-actions-runner.env:

RUNNER_SCOPE=org
ORG_NAME=XXX
RUNNER_GROUP=Docker
GITHUB_HOST=github.xxxxxx.com
LABELS=ephemeral-docker,kas
ACCESS_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxxxx
RUNNER_WORKDIR=/work
DISABLE_AUTO_UPDATE=1
EPHEMERAL=1

ephemeral-github-actions-runner@.service:

[Unit]
Description=Ephemeral GitHub Actions Runner %I Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
Environment="RUNNER_NAME=%H-%I"
ExecStartPre=-/usr/bin/docker stop ${RUNNER_NAME}
ExecStartPre=-/usr/bin/docker rm ${RUNNER_NAME}
#ExecStartPre=-/usr/bin/docker pull myoung34/github-runner:latest
ExecStartPre=-/usr/bin/docker volume rm workspace-${RUNNER_NAME}
ExecStart=/usr/bin/docker run --env-file /etc/ephemeral-github-actions-runner.env \
                              -e RUNNER_NAME=${RUNNER_NAME} \
                              -v workspace-${RUNNER_NAME}:/work \
                              -v /var/run/docker.sock:/var/run/docker.sock \
                              --name ${RUNNER_NAME} \
                             myoung34/github-runner:latest
[Install]
WantedBy=multi-user.target

docker logs:

7月 18 16:30:24 systemd[1]: Started Ephemeral GitHub Actions Runner 1 Container.
7月 18 16:30:24 docker[72313]: Runner reusage is disabled
7月 18 16:30:24 docker[72313]: Obtaining the token of the runner
7月 18 16:30:25 docker[72313]: Ephemeral option is enabled
7月 18 16:30:25 docker[72313]: Disable auto update option is enabled
7月 18 16:30:25 docker[72313]: Configuring
7月 18 16:30:26 docker[72313]: --------------------------------------------------------------------------------
7月 18 16:30:26 docker[72313]: |        ____ _ _   _   _       _          _        _   _                      |
7月 18 16:30:26 docker[72313]: |       / ___(_) |_| | | |_   _| |__      / \   ___| |_(_) ___  _ __  ___      |
7月 18 16:30:26 docker[72313]: |      | |  _| | __| |_| | | | | '_ \    / _ \ / __| __| |/ _ \| '_ \/ __|     |
7月 18 16:30:26 docker[72313]: |      | |_| | | |_|  _  | |_| | |_) |  / ___ \ (__| |_| | (_) | | | \__ \     |
7月 18 16:30:26 docker[72313]: |       \____|_|\__|_| |_|\__,_|_.__/  /_/   \_\___|\__|_|\___/|_| |_|___/     |
7月 18 16:30:26 docker[72313]: |                                                                              |
7月 18 16:30:26 docker[72313]: |                       Self-hosted runner registration                        |
7月 18 16:30:26 docker[72313]: |                                                                              |
7月 18 16:30:26 docker[72313]: --------------------------------------------------------------------------------
7月 18 16:30:26 docker[72313]: # Authentication
7月 18 16:30:29 docker[72313]: √ Connected to GitHub
7月 18 16:30:29 docker[72313]: # Runner Registration
7月 18 16:30:29 docker[72313]: A runner exists with the same name
7月 18 16:30:30 docker[72313]: √ Successfully replaced the runner
7月 18 16:30:35 docker[72313]: The user 'System:PublicAccess;aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' is not authorized to access this resource.
7月 18 16:30:37 systemd[1]: ephemeral-github-actions-runner@1.service: Main process exited, code=exited, status=137/n/a
7月 18 16:30:37 systemd[1]: ephemeral-github-actions-runner@1.service: Failed with result 'exit-code'.
myoung34 commented 1 month ago

This seems more a question for upstream. That's definitely not configured here, so I'm unsure where it's coming from

myoung34 commented 1 month ago

Closing in favor of upstream tickets such as https://github.com/actions/runner/issues/2840 and https://github.com/actions/runner/issues/3380