* Print immutable action package details in set up job logs
* "Source commit SHA" instead of "Commit SHA" for immutable actions logs
---------
Co-authored-by: Thomas Boop <52323235+thboop@users.noreply.github.com>
* fix: add `git` and `curl` to default packages installed
Hi 👋🏼
These packages are used in a ton of actions on the marketplace. It would be nice if they were installed and ready for use instead of having to install them with `apt-get` on every single Github workflow.
* Update Dockerfile
* Update images/Dockerfile
Co-authored-by: Guillermo Caracuel <633810+gcaracuel@users.noreply.github.com>
* Update images/Dockerfile
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
---------
Co-authored-by: Guillermo Caracuel <633810+gcaracuel@users.noreply.github.com>
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Upgrade node20: 20.8.1 → 20.13.1
* Call out the release process for `alpine_nodejs` in a comment
* move the comment to the end of the line so it's more obvious which variable it's talking about
* backoff if we retried polling for more than 50 times in less than 30minutes
* run dotnet format
* move delay to after no message trace
* run dotnet format
* Add new SessionConflict return code
* formatting
* Change return type of CreateSessionAsync to new enum
* Update entry scripts to handle new exit code
* Move enum
* consume pipelines service url if present
updates how the `ACTIONS_RUNTIME_URL` variable is set to utilize a new value, `PipelinesServiceUrl` if present in the endpoint. if this value is not present then the existing system connection endpoint is used to retain backward compatibility.
* consume pipelines url
updates how the `ACTIONS_RUNTIME_URL` variable is set to utilize a new value, `PipelinesServiceUrl` if present in the endpoint. if this value is not present then the existing system connection endpoint is used to retain backward compatibility.
While there's an existing retry mechanism for the `docker pull` command
[^1], it's missing for `docker login`.
Similar to the `docker pull` scenario, the container registry could
potentially be briefly unavailable or inaccessible, leading to failed
`docker login` attempt and subsequent workflow run failures.
Since it's container based workflow, there is not way to retry on
customer side. The runner should retry itself.
It also aligns with community feedback [^2].
[^1]: 8e0cd36cd8/src/Runner.Worker/ContainerOperationProvider.cs (L201)
[^2]: https://github.com/orgs/community/discussions/73069
Co-authored-by: Thomas Boop <52323235+thboop@users.noreply.github.com>
This is required in order to ssh into a codespace for the repo:
> error getting ssh server details: failed to start SSH server:
Please check if an SSH server is installed in the container.
If the docker image being used for the codespace does not have an SSH server,
install it in your Dockerfile or, for codespaces that use Debian-based images,
you can add the following to your devcontainer.json:
>
> "features": {
> "ghcr.io/devcontainers/features/sshd:1": {
> "version": "latest"
> }
> }
* add content-type to block blob upload
* Add content-type for sdk path
* fix spacing
* merge headers and only when file extension is .txt
* add conditions
* tweak conditions and path matching
* pass in headers
* add content-type for appendblob
* Set an explicit timeout on ResultsHttpClient
* Hook up retry and standard message handler to ResultsHttpClient
* Remove explicit timeout constructor
* Fix linter
* Bump directly dotnet vulnerable packages
* Use just single file sdk upgrade for vulnerable dependencies
* Save with UTF8-BOM
* Trim down sdk to only Sdk.csproj upgrade
---------
Co-authored-by: Ferenc Hammerl <fhammerl@github.com>
* Add in workflow to automatically generate dotnet SDK patches
* Update workflow to move the creation of the PR until all the hashes have been compiled and added to the path
* Update upgrade to run not in parallel to prevent git command overlaps
* Update for tings feedback and do better user error handling
* JSON spec doesn't have comments
* Has to use the outputs to proxy variables between the runs
* Wrong output variable
* Be more explicit on the branch check
* Fix comments and json output
* Missed variable name in rename
* Fix race condition on jq write
* Update for comments and more optimized hash updates
* Need to forcibly exit for state to be detected
* Fixed the failure to use a variable instead
* hash files translation works with host context translated
* Change file encoding to utf8 for PipelineTemplateConstants.cs
* infer the feature flag on hash files based on the existence of the context
* encoded utf8 with bom
* rename host-workspace to host-work-directory and feature flag the new context var
* Added comment to explain ignore host work directory resolution
Co-authored-by: fhammerl <fhammerl@github.com>
* trigger pipeline
* Move to the github host-workspace context instead of the runner host-work-directory
* remove unused imports
---------
Co-authored-by: fhammerl <fhammerl@github.com>
* Add 'http://' to http(s)_proxy if there is no protocol
Before this commit, these URIs used to be ignored (nullproxy).
The new behaviour aligns with go style http(s)_proxy
* Update src/Runner.Sdk/RunnerWebProxy.cs
Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>
* Assert that original protocol is preserved
* Use startsWith for testing protocol
* Only modify proxy if useful
---------
Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>
* Fix `uses: docker://image:tag` steps when container hook is used
* Update src/Runner.Worker/ActionManager.cs
---------
Co-authored-by: Ferenc Hammerl <31069338+fhammerl@users.noreply.github.com>
* Set runner environment in runner context and env
Extract runner_environment from the global context and expose in the
`github.runner` context and env as `RUNNER_ENVIRONMENT`.
Signed-off-by: Philip Harrison <philip@mailharrison.com>
* encoding.
---------
Signed-off-by: Philip Harrison <philip@mailharrison.com>
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* [1742] Ensure multiple composite annoations are correctly written.
This implementation uses a collector pattern to allow embedded ExecutionContexts to stash Issue objects for later processing by a non-embedded ancestor ExecutionContext.
Also:
- Provide explicit constructor implementations for ExecutionContext
- Leverage explicit constructors to solidify immutability of several ExecutionContext class members.
- Fixed erroneous call to ExecutionContext.Complete in CompositeActionHandler.cs
- Use a consistent timestamp for FinishTime in ExecutionContext::Complete
* Ensure collected issues are processed only by a non-embedded ExecutionContext.
This was already implicit. Now, just making it explicit.
* Provide a clear mechanism that allows callers to opt-in/opt-out of ExecutionContext::AddIssue's logging behavior.
* Addressed deserialization inconsistencies in TimelineRecord.cs
* Added TimelineRecord unit tests.
* Refined unit tests related to TimelineRecord::Variables case-insensitivity
* Add a unit test that verifies ExecutionContextLogOptions::LogMessageOverride has the desired effect.
* Responded to PR feedback.
* Don't allow embedded ExecutionContexts to add Issues to a TimelineRecord
* Only upload to Results with new job message type
* No need to have separate websocketFeedServer
* Linting fix
* Update src/Runner.Common/JobServerQueue.cs
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* add connection timeout
* Consolidate initializing webclient to result client
* Retry websocket delivery for console logs
* Linter fix
* Do not give up for good, reconnect again in 10 minutes
* Has to reset delivered
* Only first time retry 3 times to connect to websocket
---------
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Rename AcquireJobRequest::StreamID to AcquireJobRequest::JobMessageID to match corresponding server-side update.
* appeased the linter
* Added unit tests to prove AcquireJobRequest serialization/deserialization is as-expected.
* Distinguish unit test variations.
* Incorporated PR Feedback.
* which handles broken symlink & unit test added (#2150)
* Update src/Runner.Sdk/Util/WhichUtil.cs
Co-authored-by: Ferenc Hammerl <31069338+fhammerl@users.noreply.github.com>
* fix pr comments
* trace log added, in case we find a symlink that is broken
* add check in case the target of the symlink is a relative path; added test that check symlink that targets a full path; added test that check symlink that targets a relative path;
* fix tests
* fix tests for linux
---------
Co-authored-by: Eli Entelis <eli.entelis@hexagon.com>
Co-authored-by: Eli Entelis <42981948+Eliminator1999@users.noreply.github.com>
Co-authored-by: Ferenc Hammerl <31069338+fhammerl@users.noreply.github.com>
* Also send Steps update to Results service
* Refactor to separate results server from current job server
* If hit any error while uploading to Results, skip Results upload
* Add proxy authentication and buffer request for WinHttpHandler
* Remove unnecessary null guard
* Also send Results telemetry when step update fails
* IResultsServer is not disposable
* Guard against NullReference while creating HostContext
* Throw on IOUtil loading object if content is empty or object is null
* removed unused dependency
* Changed exceptions to ArgumentNullException and ArgumentException
* fixed my mistake on LoadObject
* fixed tests
* trigger workflows
* trigger workflows
* encode files using utf8
* terminate the runner on deprication message
* added TaskAgentVersion exception to catch deprication
* AccessDenied exception with inner exception InvalidTaskAgent
* Access denied exception in program and in message listener
* Fixed copy
* remove trace message from message listener
* Bypass top level domain even if no_proxy specified it with leading '.'
E.g. no_proxy='.github.com' will now bypass github.com.
* Bypass proxy on all hosts when no_proxy is * (wildcard)
* Undo '.' stripping
* Simplify unit tests
* Respect wildcard even if it's one of many no_proxy items
* Runner service exit after consecutive re-try exits
* Rename failure counts and include reset count on runner listening for jobs
* Changed from graceful shutdown to stopping=true
* Revert "Revert "Uploading step logs to Results as well (#2422)" (#2437)"
This reverts commit 8c096baf49.
* Properly guard the upload to results feature
* Delete skipped file if deletesource is true
* Update lint.yml
Don't ignore the formatting errors
* Add formatting made by @cory-miller
* Use dotnet format
* Format only modified files
* Add instruction to contribute.md
* Use git status instead of git diff
* Rename queue to results queue
* Add results contracts
* Add Results logging handling
* Adding calls to create and finalize append blob
* Modifications for azurite upload
* Only call upload complete on final section and remove size
* Make method specific to step log so we can support job log later
* Change contract for results
* Add totalline count to the result log upload file
* Actually pass lineCount to Results Service
* Fix typos
* Code cleanup
* Fixing typos
* Apply suggestions from code review
Co-authored-by: Konrad Pabjan <konradpabjan@github.com>
---------
Co-authored-by: Brittany Ellich <brittanyellich@github.com>
Co-authored-by: Konrad Pabjan <konradpabjan@github.com>
* Sanitize OS Desc for UserAgents
* Only drop brackets if needed, refactoring
* Add missing ')'
* Readd missing brackets around '(header)'
* Add comments
* Use bracket solution from SDK
* Rename tests
* send more stuff as part of job completed
* feedback
* set only once
* feedback
* feedback
* fix test
* feedback
* nit: spacing
* nit: line
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
---------
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Defer evaluation of a step's DisplayName until its condition is evaluated.
* Formalize TryUpdateDisplayName and EvaluateDisplayName as members of interface `IStep` (#2374)
* Remove unnecessary timelineId and timelineRecordId and use Guid stepId
* Log upload error to kusto
* Remove try-catch
* Using a well known telmetry record to avoid replacing issues
* fix Guid format
* Use results service for uploading step summaries
* Use results summary over generic results naming convention
* Apply suggestions from code review
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Addressing feedback
* Fix merge issue
* Remove empty line
* Update Results json objects to use snake case
* Adding the reference
Co-authored-by: Yang Cao <yacaovsnc@github.com>
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Added env variable to control wether the terminal is silent
* Log to stdout if PrintLogToStdout is enabled
* Extracted console logging to stdouttracelistener
* Remove useless usings
* Rewrite TraceListener as superclass
* Only print to stdout if env is set
* Add comment for Console.Out
* Format Listener
* Revert var name in terminal
* Check env in hostcontext instead of Tracing constructor
* Remove superclass & dupe logging code
* Log hostType
* Readonly '_' prefix 'hostType'
* Fix test
* Revert Terminal change
Co-authored-by: Ferenc Hammerl <31069338+fhammerl@users.noreply.github.com>
* Workflow
* add back github-token to id:image
* added handle to image name
* removed core require
* multi line added :latest
* added label
* added repository_owner in IMAGE_NAME
* with the release
* release
* markdown label description
* Remove markdown desciprion
* Remove double quotes in labels
* Reverted back releaseVersion
* run.sh installs SIGINT and SIGTERM traps to gracefully stop runner
* replaced trap to force wait for child processes and to send kill to run-helper instead of Runner.Listener
* run with signal handling if RUNNER_MANUALLY_TRAP_SIG is set
* Update src/Misc/layoutroot/run.sh
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Allow container.image to be null/empty
* Remove unnecessary workflow type
* Update src/Sdk/DTPipelines/Pipelines/ObjectTemplating/PipelineTemplateConverter.cs
Co-authored-by: Ferenc Hammerl <31069338+fhammerl@users.noreply.github.com>
* Rename ConvertToJobContainer to ConvertToContainer
It converts serviceContainers too
* Remove unused parameter
AllowExpressions was always false
* Allow service in yaml with empty string for value
* Don't attempt to start services without an image
* Improve error messages
* Revert "Remove unused parameter"
This reverts commit f4ab2d50d0.
* Revert "Rename ConvertToJobContainer to ConvertToContainer"
This reverts commit ffc62f8343.
* Fix revert merge conflict
* Removed info logs
* Added info log for services without container images
Co-authored-by: moonblade <moonblade168@gmail.com>
Co-authored-by: Ferenc Hammerl <31069338+fhammerl@users.noreply.github.com>
Co-authored-by: Ava Stancu <avastancu@github.com>
For runners that are already configured but need to add systemd services after the fact, a new command option is added to generate the file only. Once generated, ./svc.sh install and other commands will be available.
This also adds support for falling back to the tenant name in the Actions URL in cases when the GitHub URL is not provided, such as for our hosted larger runners.
* Avastancu/joannaakl/service container error log (#2110)
* adding support for a service container docker logs
* Adding Unit test to ContainerOperationProvider
* Adding another test to ContainerOperationProvider
* placed the docker logs output in dedicated ##group section
* Removed the exception thrown if the service container was not healthy
* Removed duplicated logging to the executionContext
* Updated the container logs sub-section message
* Print service containers only if they were healthy
Unhealthy service logs are printed in ContainerHealthCheckLogs called prior to this step.
* Removed recently added method to inspect docker logs
The method was doing the same thing as the existing DockerLogs method.
* Added execution context error
This will make a failed health check more visible in the UI without disrupting the execution of the program.
* Removing the section 'Waiting for all services to be ready'
Since nested subsections are not being displayed properly and we already need one subsection per service error.
* Update src/Runner.Worker/Container/DockerCommandManager.cs
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Update src/Test/L0/TestHostContext.cs
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Change the logic for printing Service Containers logs
Service container logs will be printed in the 'Start containers' section only if there is an error.
Healthy services will have their logs printed in the 'Stop Containers' section.
* Removed unused import
* Added back section group.
* Moved service containers error logs to separate group sections
* Removed the test testing the old logic flow.
* Remove unnecessary 'IsAnyUnhealthy' flag
* Remove printHello() function
* Add newline to TestHostContext
* Remove unnecessary field 'UnhealthyContainers'
* Rename boolean flag indicating service container failure
* Refactor healthcheck logic to separate method to enable unit testing.
* Remove the default value for bool variable
* Update src/Runner.Worker/ContainerOperationProvider.cs
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Update src/Runner.Worker/ContainerOperationProvider.cs
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Rename Healthcheck back to ContainerHealthcheck
* Make test sequential
* Unextract the container error logs method
* remove test asserting thrown exception
* Add configure await
* Update src/Test/L0/Worker/ContainerOperationProviderL0.cs
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Update src/Test/L0/Worker/ContainerOperationProviderL0.cs
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Update src/Test/L0/Worker/ContainerOperationProviderL0.cs
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Update src/Test/L0/Worker/ContainerOperationProviderL0.cs
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Update src/Test/L0/Worker/ContainerOperationProviderL0.cs
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Add back test asserting exception
* Check service exit code if there is no healtcheck configured
* Remove unnecessary healthcheck for healthy service container
* Revert "Check service exit code if there is no healtcheck configured"
This reverts commit fec24e8341.
Co-authored-by: Ava S <avastancu@github.com>
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
* Do not fail service containers without the healthcheck
Co-authored-by: JoannaaKL <joannaakl@github.com>
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
about:If you have feedback or suggestions about GitHub Actions, please open a discussion (or add to an existing one) in the GitHub Actions Feedback. GitHub Actions Product Managers and Engineers monitor the feedback forum.
name: 🛑 Request a feature in the runner application
about: If you have feature requests for GitHub Actions, please use the "feedback and suggestions for GitHub Actions" link below.
title: ''
labels: enhancement
assignees: ''
---
<!--
👋 You're opening a request for an enhancement in the GitHub Actions **runner application**.
🛑 Please stop if you're not certain that the feature you want is in the runner application - if you have a suggestion for improving GitHub Actions, please see the [GitHub Actions Feedback](https://github.com/github/feedback/discussions/categories/actions-and-packages-feedback) discussion forum which is actively monitored. Using the forum ensures that we route your problem to the correct team. 😃
Some additional useful links:
* If you have found a security issue [please submit it here](https://hackerone.com/github)
* If you have questions or issues with the service, writing workflows or actions, then please [visit the GitHub Community Forum's Actions Board](https://github.community/t5/GitHub-Actions/bd-p/actions)
* If you are having an issue or have a question about GitHub Actions then please [contact customer support](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-github-actions#contacting-support)
If you have a feature request that is relevant to this repository, the runner, then please include the information below:
-->
**Describe the enhancement**
A clear and concise description of what the features or enhancement you need.
**Code Snippet**
If applicable, add a code snippet.
**Additional information**
Add any other context about the feature here.
NOTE: if the feature request has been agreed upon then the assignee will create an ADR. See docs/adrs/README.md
close-issue-message:"This issue does not seem to be a problem with the runner application, it concerns the GitHub actions platform more generally. Could you please post your feedback on the [GitHub Community Support Forum](https://github.com/orgs/community/discussions/categories/actions) which is actively monitored. Using the forum ensures that we route your problem to the correct team. 😃"
close-issue-message:"Thank you for your interest in the runner application and taking the time to provide your valuable feedback. We kindly ask you to redirect this feedback to the [GitHub Community Support Forum](https://github.com/orgs/community/discussions/categories/actions-and-packages) which our team actively monitors and would be a better place to start a discussion for new feature requests in GitHub Actions. For more information on this policy please [read our contribution guidelines](https://github.com/actions/runner#contribute). 😃"
run:echo "::error links::feature/dotnet-sdk-upgrade${{ steps.fetch_latest_version.outputs.DOTNET_LATEST_MAJOR_MINOR_PATCH_VERSION }} https://github.com/actions/runner/tree/feature/dotnet-sdk-upgrade${{ steps.fetch_latest_version.outputs.DOTNET_LATEST_MAJOR_MINOR_PATCH_VERSION }}::Branch feature/dotnetsdk-upgrade/${{ steps.fetch_latest_version.outputs.DOTNET_LATEST_MAJOR_MINOR_PATCH_VERSION }} already exists. Please take a look and delete that branch if you wish to recreate"
- name:Create a warning annotation if no need to update
run:echo "::warning ::Latest DotNet SDK patch is ${{ steps.fetch_latest_version.outputs.DOTNET_LATEST_MAJOR_MINOR_PATCH_VERSION }}, and we are on ${{ steps.fetch_current_version.outputs.DOTNET_CURRENT_MAJOR_MINOR_PATCH_VERSION }}. No need to update"
stale-issue-message:"This issue is stale because it has been open 365 days with no activity. Remove stale label or comment or this will be closed in 15 days."
close-issue-message:"This issue was closed because it has been stalled for 15 days with no activity."
We accept contributions in the form of issues and pull requests. [Read more here](docs/contribute.md) before contributing.
We accept contributions in the form of issues and pull requests. The runner typically requires changes across the entire system and we aim for issues in the runner to be entirely self contained and fixable here. Therefore, we will primarily handle bug issues opened in this repo and we kindly request you to create all feature and enhancement requests on the [GitHub Feedback](https://github.com/community/community/discussions/categories/actions-and-packages) page. [Read more about our guidelines here](docs/contribute.md) before contributing.
Following the [adoption of actions-runner-controller by GitHub](https://github.com/actions/actions-runner-controller/discussions/2072) and the introduction of the new runner scale set autoscaling mode, we needed to provide a basic runner image that could be used off the shelf without much friction.
The [current runner image](https://github.com/actions/runner/pkgs/container/actions-runner) is published to GHCR. Each release of this image is tagged with the runner version and the most recent release is also tagged with `latest`.
While the use of `latest` is common practice, we recommend that users pin a specific version of the runner image for a predictable runtime and improved security posture. However, we still notice that a large number of end users are relying on the `latest` tag & raising issues when they encounter problems.
Add to that, the community actions-runner-controller maintainers have issued a [deprecation notice](https://github.com/actions/actions-runner-controller/issues/2056) of the `latest` tag for the existing runner images (https://github.com/orgs/actions-runner-controller/packages).
## Decision
Proceed with Option 2, keeping the `latest` tag and adding the `NOTES.txt` file to our helm charts with the notice.
### Option 1: Remove the `latest` tag
By removing the `latest` tag, we have to proceed with either of these options:
1. Remove the runner image reference in the `values.yaml` provided with the `gha-runner-scale-set` helm chart and mark these fields as required so that users have to explicitly specify a runner image and a specific tag. This will obviously introduce more friction for users who want to start using actions-runner-controller for the first time.
```yaml
spec:
containers:
- name:runner
image:""
tag:""
command:["/home/runner/run.sh"]
```
1. Pin a specific runner image tag in the `values.yaml` provided with the `gha-runner-scale-set` helm chart. This will reduce friction for users who want to start using actions-runner-controller for the first time but will require us to update the `values.yaml` with every new runner release.
```yaml
spec:
containers:
- name:runner
image:"ghcr.io/actions/actions-runner"
tag:"v2.300.0"
command:["/home/runner/run.sh"]
```
### Option 2: Keep the `latest` tag
Keeping the `latest` tag is also a reasonable option especially if we don't expect to make any breaking changes to the runner image. We could enhance this by adding a [NOTES.txt](https://helm.sh/docs/chart_template_guide/notes_files/) to the helm chart which will be displayed to the user after a successful helm install/upgrade. This will help users understand the implications of using the `latest` tag and how to pin a specific version of the runner image.
The runner image release workflow will need to be updated so that the image is pushed to GHCR and tagged only when the runner rollout has reached all scale units.
## Consequences
Proceeding with **option 1** means:
1. We will enhance the runtime predictability and security posture of our end users
1. We will have to update the `values.yaml` with every new runner release (that can be automated)
1. We will introduce friction for users who want to start using actions-runner-controller for the first time
Proceeding with **option 2** means:
1. We will have to continue to maintain the `latest` tag
1. We will assume that end users will be able to handle the implications of using the `latest` tag
1. Runner image release workflow needs to be updated
@@ -7,19 +7,26 @@ Make sure the runner has access to actions service for GitHub.com or GitHub Ente
- For GitHub.com
- The runner needs to access `https://api.github.com` for downloading actions.
- The runner needs to access `https://codeload.github.com` for downloading actions tar.gz/zip.
- The runner needs to access `https://vstoken.actions.githubusercontent.com/_apis/.../` for requesting an access token.
- The runner needs to access `https://pipelines.actions.githubusercontent.com/_apis/.../` for receiving workflow jobs.
- The runner needs to access `https://results-receiver.actions.githubusercontent.com/.../` for reporting progress and uploading logs during a workflow job execution.
---
**NOTE:** for the full list of domains that are required to be in the firewall allow list refer to the [GitHub self-hosted runners requirements documentation](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github).
These can by tested by running the following `curl` commands from your self-hosted runner machine:
@@ -42,6 +50,10 @@ Make sure the runner has access to actions service for GitHub.com or GitHub Ente
- Ping api.github.com or myGHES.com using dotnet
- Make HTTP GET to https://api.github.com or https://myGHES.com/api/v3 using dotnet, check response headers contains `X-GitHub-Request-Id`
---
- DNS lookup for codeload.github.com or codeload.myGHES.com using dotnet
- Ping codeload.github.com or codeload.myGHES.com using dotnet
- Make HTTP GET to https://codeload.github.com/_ping or https://codeload.myGHES.com/_ping using dotnet, check response headers contains `X-GitHub-Request-Id`
---
- DNS lookup for vstoken.actions.githubusercontent.com using dotnet
- Ping vstoken.actions.githubusercontent.com using dotnet
- Make HTTP GET to https://vstoken.actions.githubusercontent.com/_apis/health or https://myGHES.com/_services/vstoken/_apis/health using dotnet, check response headers contains `x-vss-e2eid`
@@ -50,6 +62,10 @@ Make sure the runner has access to actions service for GitHub.com or GitHub Ente
- Ping pipelines.actions.githubusercontent.com using dotnet
- Make HTTP GET to https://pipelines.actions.githubusercontent.com/_apis/health or https://myGHES.com/_services/pipelines/_apis/health using dotnet, check response headers contains `x-vss-e2eid`
- Make HTTP POST to https://pipelines.actions.githubusercontent.com/_apis/health or https://myGHES.com/_services/pipelines/_apis/health using dotnet, check response headers contains `x-vss-e2eid`
---
- DNS lookup for results-receiver.actions.githubusercontent.com using dotnet
- Ping results-receiver.actions.githubusercontent.com using dotnet
- Make HTTP GET to https://results-receiver.actions.githubusercontent.com/health using dotnet, check response headers contains `X-GitHub-Request-Id`
## How to fix the issue?
@@ -64,4 +80,4 @@ Make sure the runner has access to actions service for GitHub.com or GitHub Ente
## Still not working?
Contact [GitHub Support](https://support.github.com] if you have further questuons, or log an issue at https://github.com/actions/runner if you think it's a runner issue.
Contact [GitHub Support](https://support.github.com) if you have further questuons, or log an issue at https://github.com/actions/runner if you think it's a runner issue.
- A Proxy may try to modify the HTTPS request (like add or change some http headers) and causes the request become incompatible with the Actions Service (ASP.NetCore), Ex: [Nginx](https://github.com/dotnet/aspnetcore/issues/17081)
- Firewall rules that block action runner from accessing certain hosts, ex: `*.github.com`, `*.actions.githubusercontent.com`, etc
- Firewall rules that block action runner from accessing [certain hosts](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github), ex: `*.github.com`, `*.actions.githubusercontent.com`, etc
### Identify and solve these problems
@@ -42,6 +42,7 @@ If you are having trouble connecting, try these steps:
We welcome contributions in the form of issues and pull requests. We view the contributions and the process as the same for github and external contributors.
We welcome contributions in the form of issues and pull requests. We view the contributions and the process as the same for github and external contributors. Please note the runner typically requires changes across the entire system and we aim for issues in the runner to be entirely self contained and fixable here. Therefore, we will primarily handle bug issues opened in this repo and we kindly request you to create all feature and enhancement requests on the [GitHub Feedback](https://github.com/community/community/discussions/categories/actions-and-packages) page.
> IMPORTANT: Building your own runner is critical for the dev inner loop process when contributing changes. However, only runners built and distributed by GitHub (releases) are supported in production. Be aware that workflows and orchestrations run service side with the runner being a remote process to run steps. For that reason, the service can pull the runner forward so customizations can be lost.
Please see "[Supported architectures and operating systems for self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#linux)."
Please see "[Supported architectures and operating systems for self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#macos)."
Please see "[Supported architectures and operating systems for self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#windows)."
_Note: Actions Runner follows a progressive release policy, so the latest release might not be available to your enterprise, organization, or repository yet.
To confirm which version of the Actions Runner you should expect, please view the download instructions for your enterprise, organization, or repository.
See https://docs.github.com/en/enterprise-cloud@latest/actions/hosting-your-own-runners/adding-self-hosted-runners_
## Windows x64
We recommend configuring the runner in a root folder of the Windows drive (e.g. "C:\actions-runner"). This will help avoid issues related to service identity folder permissions and long file path restrictions on Windows.
The following snipped needs to be run on `powershell`:
**Warning:** Windows arm64 runners are currently in preview status and use [unofficial versions of nodejs](https://unofficial-builds.nodejs.org/). They are not intended for production workflows.
## Windows arm64
We recommend configuring the runner in a root folder of the Windows drive (e.g. "C:\actions-runner"). This will help avoid issues related to service identity folder permissions and long file path restrictions on Windows.
The following snipped needs to be run on `powershell`:
@@ -50,7 +81,7 @@ tar xzf ./actions-runner-osx-x64-<RUNNER_VERSION>.tar.gz
## OSX arm64 (Apple silicon)
``` bash
```bash
# Create a folder
mkdir actions-runner &&cd actions-runner
# Download the latest runner package
@@ -61,7 +92,7 @@ tar xzf ./actions-runner-osx-arm64-<RUNNER_VERSION>.tar.gz
## Linux x64
``` bash
```bash
# Create a folder
mkdir actions-runner &&cd actions-runner
# Download the latest runner package
@@ -72,7 +103,7 @@ tar xzf ./actions-runner-linux-x64-<RUNNER_VERSION>.tar.gz
## Linux arm64
``` bash
```bash
# Create a folder
mkdir actions-runner &&cd actions-runner
# Download the latest runner package
@@ -83,7 +114,7 @@ tar xzf ./actions-runner-linux-arm64-<RUNNER_VERSION>.tar.gz
## Linux arm
``` bash
```bash
# Create a folder
mkdir actions-runner &&cd actions-runner
# Download the latest runner package
@@ -93,6 +124,7 @@ tar xzf ./actions-runner-linux-arm-<RUNNER_VERSION>.tar.gz
```
## Using your self hosted runner
For additional details about configuring, running, or shutting down the runner please check out our [product docs.](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/adding-self-hosted-runners)
## SHA-256 Checksums
@@ -106,27 +138,3 @@ The SHA-256 checksums for the packages included in this build are shown below:
- actions-runner-linux-x64-<RUNNER_VERSION>.tar.gz <!-- BEGIN SHA linux-x64 --><LINUX_X64_SHA><!-- END SHA linux-x64 -->
- actions-runner-linux-arm64-<RUNNER_VERSION>.tar.gz <!-- BEGIN SHA linux-arm64 --><LINUX_ARM64_SHA><!-- END SHA linux-arm64 -->
- actions-runner-linux-arm-<RUNNER_VERSION>.tar.gz <!-- BEGIN SHA linux-arm --><LINUX_ARM_SHA><!-- END SHA linux-arm -->
- actions-runner-win-x64-<RUNNER_VERSION>-noexternals.zip <!-- BEGIN SHA win-x64_noexternals --><WIN_X64_SHA_NOEXTERNALS><!-- END SHA win-x64_noexternals -->
- actions-runner-win-arm64-<RUNNER_VERSION>-noexternals.zip <!-- BEGIN SHA win-arm64_noexternals --><WIN_ARM64_SHA_NOEXTERNALS><!-- END SHA win-arm64_noexternals -->
- actions-runner-osx-x64-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA osx-x64_noexternals --><OSX_X64_SHA_NOEXTERNALS><!-- END SHA osx-x64_noexternals -->
- actions-runner-osx-arm64-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA osx-arm64_noexternals --><OSX_ARM64_SHA_NOEXTERNALS><!-- END SHA osx-arm64_noexternals -->
- actions-runner-linux-x64-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA linux-x64_noexternals --><LINUX_X64_SHA_NOEXTERNALS><!-- END SHA linux-x64_noexternals -->
- actions-runner-linux-arm64-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA linux-arm64_noexternals --><LINUX_ARM64_SHA_NOEXTERNALS><!-- END SHA linux-arm64_noexternals -->
- actions-runner-linux-arm-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA linux-arm_noexternals --><LINUX_ARM_SHA_NOEXTERNALS><!-- END SHA linux-arm_noexternals -->
- actions-runner-win-x64-<RUNNER_VERSION>-noruntime.zip <!-- BEGIN SHA win-x64_noruntime --><WIN_X64_SHA_NORUNTIME><!-- END SHA win-x64_noruntime -->
- actions-runner-win-arm64-<RUNNER_VERSION>-noruntime.zip <!-- BEGIN SHA win-arm64_noruntime --><WIN_ARM64_SHA_NORUNTIME><!-- END SHA win-arm64_noruntime -->
- actions-runner-osx-x64-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA osx-x64_noruntime --><OSX_X64_SHA_NORUNTIME><!-- END SHA osx-x64_noruntime -->
- actions-runner-osx-arm64-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA osx-arm64_noruntime --><OSX_ARM64_SHA_NORUNTIME><!-- END SHA osx-arm64_noruntime -->
- actions-runner-linux-x64-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA linux-x64_noruntime --><LINUX_X64_SHA_NORUNTIME><!-- END SHA linux-x64_noruntime -->
- actions-runner-linux-arm64-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA linux-arm64_noruntime --><LINUX_ARM64_SHA_NORUNTIME><!-- END SHA linux-arm64_noruntime -->
- actions-runner-linux-arm-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA linux-arm_noruntime --><LINUX_ARM_SHA_NORUNTIME><!-- END SHA linux-arm_noruntime -->
- actions-runner-win-x64-<RUNNER_VERSION>-noruntime-noexternals.zip <!-- BEGIN SHA win-x64_noruntime_noexternals --><WIN_X64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA win-x64_noruntime_noexternals -->
- actions-runner-win-arm64-<RUNNER_VERSION>-noruntime-noexternals.zip <!-- BEGIN SHA win-arm64_noruntime_noexternals --><WIN_ARM64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA win-arm64_noruntime_noexternals -->
- actions-runner-osx-x64-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA osx-x64_noruntime_noexternals --><OSX_X64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA osx-x64_noruntime_noexternals -->
- actions-runner-osx-arm64-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA osx-arm64_noruntime_noexternals --><OSX_ARM64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA osx-arm64_noruntime_noexternals -->
- actions-runner-linux-x64-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA linux-x64_noruntime_noexternals --><LINUX_X64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA linux-x64_noruntime_noexternals -->
- actions-runner-linux-arm64-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA linux-arm64_noruntime_noexternals --><LINUX_ARM64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA linux-arm64_noruntime_noexternals -->
- actions-runner-linux-arm-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA linux-arm_noruntime_noexternals --><LINUX_ARM_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA linux-arm_noruntime_noexternals -->