Add support for proxy (#2286)

Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> Co-authored-by: Tingluo Huang <tingluohuang@github.com> Co-authored-by: Ferenc Hammerl <fhammerl@github.com>
2025-12-10 11:41:27 +00:00 · 2023-02-21 17:33:48 +00:00
parent ced88228fc
commit 6b4250ca90
33 changed files with 1795 additions and 98 deletions
--- a/github/actions/client.go
+++ b/github/actions/client.go
@@ -76,8 +76,12 @@ type Client struct {

 	rootCAs               *x509.CertPool
 	tlsInsecureSkipVerify bool
+
+	proxyFunc ProxyFunc
 }

+type ProxyFunc func(req *http.Request) (*url.URL, error)
+
 type ClientOption func(*Client)

 func WithUserAgent(userAgent string) ClientOption {
@@ -116,6 +120,12 @@ func WithoutTLSVerify() ClientOption {
 	}
 }

+func WithProxy(proxyFunc ProxyFunc) ClientOption {
+	return func(c *Client) {
+		c.proxyFunc = proxyFunc
+	}
+}
+
 func NewClient(githubConfigURL string, creds *ActionsAuth, options ...ClientOption) (*Client, error) {
 	config, err := ParseGitHubConfigFromURL(githubConfigURL)
 	if err != nil {
@@ -160,6 +170,8 @@ func NewClient(githubConfigURL string, creds *ActionsAuth, options ...ClientOpti
 		transport.TLSClientConfig.InsecureSkipVerify = true
 	}

+	transport.Proxy = ac.proxyFunc
+
 	retryClient.HTTPClient.Transport = transport
 	ac.Client = retryClient.StandardClient()

--- a/github/actions/client_proxy_test.go
+++ b/github/actions/client_proxy_test.go
@@ -0,0 +1,39 @@
+package actions_test
+
+import (
+	"net/http"
+	"net/url"
+	"testing"
+
+	"github.com/actions/actions-runner-controller/github/actions"
+	"github.com/actions/actions-runner-controller/github/actions/testserver"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"golang.org/x/net/http/httpproxy"
+)
+
+func TestClientProxy(t *testing.T) {
+	serverCalled := false
+
+	proxy := testserver.New(t, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		serverCalled = true
+	}))
+
+	proxyConfig := &httpproxy.Config{
+		HTTPProxy: proxy.URL,
+	}
+	proxyFunc := func(req *http.Request) (*url.URL, error) {
+		return proxyConfig.ProxyFunc()(req.URL)
+	}
+
+	c, err := actions.NewClient("http://github.com/org/repo", nil, actions.WithProxy(proxyFunc))
+	require.NoError(t, err)
+
+	req, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
+	require.NoError(t, err)
+
+	_, err = c.Do(req)
+	require.NoError(t, err)
+
+	assert.True(t, serverCalled)
+}
--- a/github/actions/multi_client.go
+++ b/github/actions/multi_client.go
@@ -125,7 +125,7 @@ func (m *multiClient) GetClientFromSecret(ctx context.Context, githubConfigURL,

 	if hasToken {
 		auth.Token = token
-		return m.GetClientFor(ctx, githubConfigURL, auth, namespace)
+		return m.GetClientFor(ctx, githubConfigURL, auth, namespace, options...)
 	}

 	parsedAppID, err := strconv.ParseInt(appID, 10, 64)
@@ -139,7 +139,7 @@ func (m *multiClient) GetClientFromSecret(ctx context.Context, githubConfigURL,
 	}

 	auth.AppCreds = &GitHubAppAuth{AppID: parsedAppID, AppInstallationID: parsedAppInstallationID, AppPrivateKey: appPrivateKey}
-	return m.GetClientFor(ctx, githubConfigURL, auth, namespace)
+	return m.GetClientFor(ctx, githubConfigURL, auth, namespace, options...)
 }

 func RootCAsFromConfigMap(configMapData map[string][]byte) (*x509.CertPool, error) {
--- a/github/actions/multi_client_test.go
+++ b/github/actions/multi_client_test.go
@@ -55,24 +55,48 @@ func TestMultiClientOptions(t *testing.T) {

 	defaultNamespace := "default"
 	defaultConfigURL := "https://github.com/org/repo"
-	defaultCreds := &ActionsAuth{
-		Token: "token",
-	}

-	multiClient := NewMultiClient("test-user-agent", logger)
-	service, err := multiClient.GetClientFor(
-		ctx,
-		defaultConfigURL,
-		*defaultCreds,
-		defaultNamespace,
-		WithUserAgent("test-option"),
-	)
-	require.NoError(t, err)
+	t.Run("GetClientFor", func(t *testing.T) {
+		defaultCreds := &ActionsAuth{
+			Token: "token",
+		}

-	client := service.(*Client)
-	req, err := client.NewGitHubAPIRequest(ctx, "GET", "/test", nil)
-	require.NoError(t, err)
-	assert.Equal(t, "test-option", req.Header.Get("User-Agent"))
+		multiClient := NewMultiClient("test-user-agent", logger)
+		service, err := multiClient.GetClientFor(
+			ctx,
+			defaultConfigURL,
+			*defaultCreds,
+			defaultNamespace,
+			WithUserAgent("test-option"),
+		)
+		require.NoError(t, err)
+
+		client := service.(*Client)
+		req, err := client.NewGitHubAPIRequest(ctx, "GET", "/test", nil)
+		require.NoError(t, err)
+		assert.Equal(t, "test-option", req.Header.Get("User-Agent"))
+	})
+
+	t.Run("GetClientFromSecret", func(t *testing.T) {
+		secret := map[string][]byte{
+			"github_token": []byte("token"),
+		}
+
+		multiClient := NewMultiClient("test-user-agent", logger)
+		service, err := multiClient.GetClientFromSecret(
+			ctx,
+			defaultConfigURL,
+			defaultNamespace,
+			secret,
+			WithUserAgent("test-option"),
+		)
+		require.NoError(t, err)
+
+		client := service.(*Client)
+		req, err := client.NewGitHubAPIRequest(ctx, "GET", "/test", nil)
+		require.NoError(t, err)
+		assert.Equal(t, "test-option", req.Header.Get("User-Agent"))
+	})
 }

 func TestCreateJWT(t *testing.T) {