sanderknape / github-runner Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
When a container exits, Kubernetes replaces it with a fresh copy of the container image. So this runner enters a restart loop when Github uploads a new worker version.
...
√ Connected to GitHub
2020-11-17 14:27:57Z: Listening for Jobs
Runner update in progress, do not shutdown runner.
Downloading 2.274.2 runner
Waiting for current job finish running.
Generate and execute update script.
Runner will exit shortly for update, should back online within 10 seconds.
This happens over and over (CrashLoopBackOff) until a newer docker image is built/deployed.
To fix this, the runner needs to be run in a loop so it can be restarted in-place by the entrypoint when it wants to do an upgrade.
The exit code 3 means the agent wants to upgrade.
This comment references a script that knows how to do the restart: actions/runner#246 (comment)
Getting the following error when deploying on openshift, strill trying to track it down. replaced the env variables with their variable names.
Requesting token at 'https://api.github.com/repos/GITHUB_OWNER/GITHUB_REPOSITORY/actions/runners/registration-token'
touch: cannot touch '.env': Permission denied
./env.sh: line 36: .path: Permission denied
Unhandled exception. System.UnauthorizedAccessException: Access to the path '/home/github/_diag' is denied.
---> System.IO.IOException: Permission denied
--- End of inner exception stack trace ---
at System.IO.FileSystem.CreateDirectory(String fullPath)
at System.IO.Directory.CreateDirectory(String path)
at GitHub.Runner.Common.HostTraceListener..ctor(String logFileDirectory, String logFilePrefix, Int32 pageSizeLimit, Int32 retentionDays)
at GitHub.Runner.Common.HostContext..ctor(String hostType, String logFile)
at GitHub.Runner.Listener.Program.Main(String[] args)
./config.sh: line 81: 46 Aborted (core dumped) ./bin/Runner.Listener configure "$@"
/home/github/entrypoint.sh: 38: /home/github/entrypoint.sh: ./runsvc.sh: Permission denied
Hi! This looks cool. Can it build Docker images or do I need to change the dockerfile somehow? Thanks!
When I use this Docker image, I'm getting an error during registration
Requesting token at 'https://api.github.com/repos/<myorg>/<myrepo>/actions/runners/registration-token'
Unrecognized command-line input arguments: 'token, labels'. For usage refer to: .\config.cmd --help or ./config.sh --help
--------------------------------------------------------------------------------
| ____ _ _ _ _ _ _ _ _ |
| / ___(_) |_| | | |_ _| |__ / \ ___| |_(_) ___ _ __ ___ |
| | | _| | __| |_| | | | | '_ \ / _ \ / __| __| |/ _ \| '_ \/ __| |
| | |_| | | |_| _ | |_| | |_) | / ___ \ (__| |_| | (_) | | | \__ \ |
| \____|_|\__|_| |_|\__,_|_.__/ /_/ \_\___|\__|_|\___/|_| |_|___/ |
| |
| Self-hosted runner registration |
| |
--------------------------------------------------------------------------------
# Authentication
Invalid configuration provided for token. Terminating unattended configuration.
An error occurred: Not configured
According to your blog post and docker, it should be GITHUB_PAT
rather than RUNNER_TOKEN
.
Line 25 in ebccbbe
Hello.,
We are using licensed version of github enterprise and running in our data center, we want to enable github runner using this script, however, when we run the ./config using this below
./config.sh \
--name "github-runner-768944b598-jbsxd" \
--token "AAAAVL63KSSB6Q2BHVPLZ33APVKX2" \
--url "https://github.example.com/dev" \
--work "_work" \
--labels "test" \
--unattended \
--replace
And i am getting this below error :
# Authentication
Http response code: NotFound from 'POST https://github.example.com/api/v3/actions/runner-registration'
{"message":"Not Found","documentation_url":"https://docs.github.com/enterprise/2.22/rest"}
Response status code does not indicate success: 404 (Not Found).
Can any one please confirm the example for passing "--url" ?
Thanks for writing this article https://sanderknape.com/2020/03/self-hosted-github-actions-runner-kubernetes/
In that article, it creates the registration token for a repository using this API https://developer.github.com/v3/actions/self-hosted-runners/#create-a-registration-token-for-a-repository.
But this API is outdated and the new API documentation doesn't seem to have any API for creating the registration token for the repo anymore. It has one for the organization https://docs.github.com/en/free-pro-team@latest/rest/reference/actions#create-a-registration-token-for-an-organization.
I am getting this error when I run the docker with my personal token. Is it still possible to add the self-hosted runner to the repo? I also read somewhere that we can't use PAT for adding the self-hosted runner. So what do we need to pass?
{"message":"Not Found","documentation_url":"https://docs.github.com/rest"}
Response status code does not indicate success: 404 (Not Found).
An error occurred: Not configured
Thanks.
When running the runner with
$ docker run --rm \
--name github-runner \
-e GITHUB_OWNER=5nafu \
-e GITHUB_REPOSITORY=sanderKnape_github-runner_env_exposure
-e GITHUB_PAT=<TOKEN> \
-e RUNNER_LABELS=comma,separated,labels \
-e ARBITRARY_ENV=value \
sanderknape/github-runner
all environment variables supplied to the runner are exposed to the github actions. This includes (but is not limited) to the personal access token used to register a runner:
An attacker could use a malicious action to leak the tokens and thus gain access to the code.
name: Go
on:
- push
jobs:
debug:
name: Output Debug
runs-on: self-hosted
steps:
- name: Output simple environment
run: >
echo GITHUB_PAT: $GITHUB_PAT
2021-05-12T13:41:32.5870992Z ##[group]Run echo GITHUB_OWNER: $GITHUB_OWNER echo GITHUB_REPOSITORY: $GITHUB_REPOSITORY echo GITHUB_PAT: $GITHUB_PAT echo RUNNER_LABELS: $RUNNER_LABELS echo ARBITRARY_ENV: $ARBITRARY_ENV
2021-05-12T13:41:32.5872899Z �[36;1mecho GITHUB_OWNER: $GITHUB_OWNER echo GITHUB_REPOSITORY: $GITHUB_REPOSITORY echo GITHUB_PAT: $GITHUB_PAT echo RUNNER_LABELS: $RUNNER_LABELS echo ARBITRARY_ENV: $ARBITRARY_ENV�[0m
2021-05-12T13:41:32.5884176Z shell: /bin/bash -e {0}
2021-05-12T13:41:32.5884735Z ##[endgroup]
2021-05-12T13:41:32.5941776Z GITHUB_OWNER: 5nafu echo GITHUB_REPOSITORY: 5nafu/sanderKnape_github-runner_env_exposure echo GITHUB_PAT: *** echo RUNNER_LABELS: comma,separated,labels echo ARBITRARY_ENV: value
You can check the action in 5nafu/sanderKnape_github-runner_env_exposure:.github/workflows/debug.yml and the output in /5nafu/sanderKnape_github-runner_env_exposure/actions/runs/835647428
I have made some changes to your Dockerfile and the bash file so I can use it to register the self-hosted docker runner at the organization level.
The problem is that I need the Personal Access Token of the Github organization admin. I am not sure if it's a good practice. I looked the Github app or Oauth app with device flow but it still needs some manual things like entering the code and etc..
What is the best way to authenticate for registering the runner?
There is no license to use this code - I would love to use this in other projects, can one be defined?
I've been using this image in Kubernetes, not sure if relevant, but I noticed when I deleted the Pods, the runners were failing to cleanup.
I'm able to reproduce this manually
github@github-runner-6647c669fb-8ntbt:~$ registration_url="https://github.com/${GITHUB_OWNER}"
github@github-runner-6647c669fb-8ntbt:~$ token_url="https://api.github.com/orgs/${GITHUB_OWNER}/actions/runners/registration-token"
github@github-runner-6647c669fb-8ntbt:~$ payload=$(curl -sX POST -H "Authorization: token ${GITHUB_PAT}" "${token_url%/registration-token}/remove-token")
github@github-runner-6647c669fb-8ntbt:~$ REMOVE_TOKEN=$(echo "$payload" | jq .token --raw-output)
github@github-runner-6647c669fb-8ntbt:~$ ./config.sh remove --unattended --token "${REMOVE_TOKEN}"
# Runner removal
Does not exist. Skipping Removing runner from the server
√ Removed .credentials
√ Removed .runner
github@github-runner-6647c669fb-8ntbt:~$
I'm not sure why I'm getting the "Does not exist" error.
Otherwise the image is working well.
When using the repository-connected runner in a organization or team setup, using a PAT for getting the authorization token might result in the team/organization loosing access to the runner.
Unfortunately this might not happen immediately after the person loses access to the repository, but will happen when the runner pod is restarted.
To remediate it would be great if there would be a possibility to set the RUNNER_TOKEN
via environment (See line entrypoint.sh#L13 ) and skip lines 2-12 in the same file
This would make the runner independent from the user setting it up.
I would be very happy to supply a pull request for this issue.
I have followed the instructions at: https://vitobotta.com/2020/09/29/self-hosted-github-actions-runners-in-kubernetes/ and the pod starts up with CrashLoopBackoff. That is typically an error with the entry point. I was able to get a log (see below):
I am using vitobotta/github-actions-runner:0.0.5
From the error below it looks like the config.sh argument labels is incorrect??
k logs github-runner-6b8db49996-mrtfb -n github-actions
Requesting token at 'https://api.github.com/repos/darnone/Foobar/k8s_helm_charts_lamp_feature_DEVOP-667-ansible/actions/runners/registration-token'
Unrecognized command-line input arguments: 'labels'. For usage refer to: .\config.cmd --help or ./config.sh --help
--------------------------------------------------------------------------------
| ____ _ _ _ _ _ _ _ _ |
| / ___(_) |_| | | |_ _| |__ / \ ___| |_(_) ___ _ __ ___ |
| | | _| | __| |_| | | | | '_ \ / _ \ / __| __| |/ _ \| '_ \/ __| |
| | |_| | | |_| _ | |_| | |_) | / ___ \ (__| |_| | (_) | | | \__ \ |
| \____|_|\__|_| |_|\__,_|_.__/ /_/ \_\___|\__|_|\___/|_| |_|___/ |
| |
| Self-hosted runner registration |
| |
--------------------------------------------------------------------------------
# Authentication
Http response code: NotFound from 'POST https://api.github.com/actions/runner-registration'
{"message":"Not Found","documentation_url":"https://docs.github.com/rest"}
Response status code does not indicate success: 404 (Not Found).
An error occurred: Not configured
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.