From 4510f69c735e2fb21c79753b32f7b53d58754d2b Mon Sep 17 00:00:00 2001 From: David Kale Date: Thu, 17 Sep 2020 18:19:42 +0000 Subject: [PATCH 1/4] Prepare 273.4 release --- src/runnerversion | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runnerversion b/src/runnerversion index 11a7464ec..23f99f7a6 100644 --- a/src/runnerversion +++ b/src/runnerversion @@ -1 +1 @@ -2.273.3 +2.273.4 From 8bb588bb691290fc818840a6e0515a9de9b52b53 Mon Sep 17 00:00:00 2001 From: Yang Cao Date: Thu, 17 Sep 2020 15:11:12 -0400 Subject: [PATCH 2/4] Expose retention days in env for toolkit/artifacts package (#714) --- src/Runner.Worker/GitHubContext.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Runner.Worker/GitHubContext.cs b/src/Runner.Worker/GitHubContext.cs index 5079206cf..741545c89 100644 --- a/src/Runner.Worker/GitHubContext.cs +++ b/src/Runner.Worker/GitHubContext.cs @@ -23,6 +23,7 @@ namespace GitHub.Runner.Worker "ref", "repository", "repository_owner", + "retention_days", "run_id", "run_number", "server_url", From 6332a52d7652acd7603d276e0c097c86be8e02c7 Mon Sep 17 00:00:00 2001 From: Thomas Boop <52323235+thboop@users.noreply.github.com> Date: Fri, 2 Oct 2020 11:34:37 -0400 Subject: [PATCH 3/4] Notify on unsecure commands (#731) * notify on unsecure commands --- src/Runner.Common/Constants.cs | 4 ++ src/Runner.Worker/ActionCommandManager.cs | 69 +++++++++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/src/Runner.Common/Constants.cs b/src/Runner.Common/Constants.cs index 4f8694d53..a5074b7e0 100644 --- a/src/Runner.Common/Constants.cs +++ b/src/Runner.Common/Constants.cs @@ -140,6 +140,9 @@ namespace GitHub.Runner.Common public static readonly string InternalTelemetryIssueDataKey = "_internal_telemetry"; public static readonly string WorkerCrash = "WORKER_CRASH"; + public static readonly string UnsupportedCommand = "UNSUPPORTED_COMMAND"; + public static readonly string UnsupportedCommandMessage = "The `{0}` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/"; + public static readonly string UnsupportedCommandMessageDisabled = "The `{0}` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/"; } public static class RunnerEvent @@ -198,6 +201,7 @@ namespace GitHub.Runner.Common // // Keep alphabetical // + public static readonly string AllowUnsupportedCommands = "ACTIONS_ALLOW_UNSECURE_COMMANDS"; public static readonly string RunnerDebug = "ACTIONS_RUNNER_DEBUG"; public static readonly string StepDebug = "ACTIONS_STEP_DEBUG"; } diff --git a/src/Runner.Worker/ActionCommandManager.cs b/src/Runner.Worker/ActionCommandManager.cs index be96a4514..0cd99e57b 100644 --- a/src/Runner.Worker/ActionCommandManager.cs +++ b/src/Runner.Worker/ActionCommandManager.cs @@ -1,4 +1,5 @@ using GitHub.DistributedTask.Pipelines; +using GitHub.DistributedTask.Pipelines.ContextData; using GitHub.DistributedTask.WebApi; using GitHub.Runner.Common.Util; using GitHub.Runner.Worker.Container; @@ -183,6 +184,40 @@ namespace GitHub.Runner.Worker public void ProcessCommand(IExecutionContext context, string line, ActionCommand command, ContainerInfo container) { + var configurationStore = HostContext.GetService(); + var isHostedServer = configurationStore.GetSettings().IsHostedServer; + + var allowUnsecureCommands = false; + bool.TryParse(Environment.GetEnvironmentVariable(Constants.Variables.Actions.AllowUnsupportedCommands), out allowUnsecureCommands); + + // Apply environment from env context, env context contains job level env and action's env block +#if OS_WINDOWS + var envContext = context.ExpressionValues["env"] as DictionaryContextData; +#else + var envContext = context.ExpressionValues["env"] as CaseSensitiveDictionaryContextData; +#endif + if (!allowUnsecureCommands && envContext.ContainsKey(Constants.Variables.Actions.AllowUnsupportedCommands)) + { + bool.TryParse(envContext[Constants.Variables.Actions.AllowUnsupportedCommands].ToString(), out allowUnsecureCommands); + } + + // TODO: Eventually remove isHostedServer and apply this to dotcom customers as well + if (!isHostedServer && !allowUnsecureCommands) + { + throw new Exception(String.Format(Constants.Runner.UnsupportedCommandMessageDisabled, this.Command)); + } + else if (!allowUnsecureCommands) + { + // Log Telemetry and let user know they shouldn't do this + var issue = new Issue() + { + Type = IssueType.Warning, + Message = String.Format(Constants.Runner.UnsupportedCommandMessage, this.Command) + }; + issue.Data[Constants.Runner.InternalTelemetryIssueDataKey] = Constants.Runner.UnsupportedCommand; + context.AddIssue(issue); + } + if (!command.Properties.TryGetValue(SetEnvCommandProperties.Name, out string envName) || string.IsNullOrEmpty(envName)) { throw new Exception("Required field 'name' is missing in ##[set-env] command."); @@ -282,6 +317,40 @@ namespace GitHub.Runner.Worker public void ProcessCommand(IExecutionContext context, string line, ActionCommand command, ContainerInfo container) { + var configurationStore = HostContext.GetService(); + var isHostedServer = configurationStore.GetSettings().IsHostedServer; + + var allowUnsecureCommands = false; + bool.TryParse(Environment.GetEnvironmentVariable(Constants.Variables.Actions.AllowUnsupportedCommands), out allowUnsecureCommands); + + // Apply environment from env context, env context contains job level env and action's env block +#if OS_WINDOWS + var envContext = context.ExpressionValues["env"] as DictionaryContextData; +#else + var envContext = context.ExpressionValues["env"] as CaseSensitiveDictionaryContextData; +#endif + if (!allowUnsecureCommands && envContext.ContainsKey(Constants.Variables.Actions.AllowUnsupportedCommands)) + { + bool.TryParse(envContext[Constants.Variables.Actions.AllowUnsupportedCommands].ToString(), out allowUnsecureCommands); + } + + // TODO: Eventually remove isHostedServer and apply this to dotcom customers as well + if (!isHostedServer && !allowUnsecureCommands) + { + throw new Exception(String.Format(Constants.Runner.UnsupportedCommandMessageDisabled, this.Command)); + } + else if (!allowUnsecureCommands) + { + // Log Telemetry and let user know they shouldn't do this + var issue = new Issue() + { + Type = IssueType.Warning, + Message = String.Format(Constants.Runner.UnsupportedCommandMessage, this.Command) + }; + issue.Data[Constants.Runner.InternalTelemetryIssueDataKey] = Constants.Runner.UnsupportedCommand; + context.AddIssue(issue); + } + ArgUtil.NotNullOrEmpty(command.Data, "path"); context.Global.PrependPath.RemoveAll(x => string.Equals(x, command.Data, StringComparison.CurrentCulture)); context.Global.PrependPath.Add(command.Data); From c18c8746db0b7662a13da5596412c05c1ffb07dd Mon Sep 17 00:00:00 2001 From: Thomas Boop <52323235+thboop@users.noreply.github.com> Date: Fri, 2 Oct 2020 11:49:49 -0400 Subject: [PATCH 4/4] Release notes for 2.273.5 (#734) --- releaseNote.md | 3 ++- src/runnerversion | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/releaseNote.md b/releaseNote.md index 1ccb8c934..fe6d66d9e 100644 --- a/releaseNote.md +++ b/releaseNote.md @@ -1,5 +1,6 @@ ## Features - - Allow registry credentials for job/service containers (#694) + - Expose retention days in env for toolkit/artifacts package (#714) + - Notify on unsecure commands (#731) ## Bugs - N/A diff --git a/src/runnerversion b/src/runnerversion index 23f99f7a6..d077bb84f 100644 --- a/src/runnerversion +++ b/src/runnerversion @@ -1 +1 @@ -2.273.4 +2.273.5