mirror of
https://github.com/actions/runner.git
synced 2025-12-11 12:57:05 +00:00
Compare commits
4 Commits
avastancu/
...
thboop/fix
| Author | SHA1 | Date | |
|---|---|---|---|
|
e0508abb77 | ||
|
|
75786756bb | ||
|
|
5e0c2ef816 | ||
|
|
95459dea5f |
@@ -16,7 +16,7 @@ We should give them that option, and publish examples how how they can create th
|
||||
- For example, the current runner overrides `HOME`, we can do that in the hook, but we shouldn't pass that hook as an ENV with the other env's the user has set, as that is not user input, it is how the runner invokes containers
|
||||
|
||||
## Interface
|
||||
- You will set the variable `ACTIONS_RUNNER_CONTAINER_HOOK=/Users/foo/runner/hooks.js` which is the entrypoint to your hook handler.
|
||||
- You will set the variable `ACTIONS_RUNNER_CONTAINER_HOOKS=/Users/foo/runner/hooks.js` which is the entrypoint to your hook handler.
|
||||
- There is no partial opt in, you must handle every hook
|
||||
- We will pass a command and some args via `stdin`
|
||||
- An exit code of 0 is a success, every other exit code is a failure
|
||||
|
||||
@@ -1,9 +1,6 @@
|
||||
## Bugs
|
||||
- Avoid key based command injection via Docker command arguments (#2062)
|
||||
- Fixed an issue where job and service container envs were corrupted (#2091)
|
||||
## Misc
|
||||
- Added step context name and start/finish time in step telemetry (#2069)
|
||||
- Improved error logs when there is a missing 'using' token configuration in the metadata file (#2052)
|
||||
- Added full job name and nested workflow details in log (#2049)
|
||||
|
||||
## Windows x64
|
||||
We recommend configuring the runner in a root folder of the Windows drive (e.g. "C:\actions-runner"). This will help avoid issues related to service identity folder permissions and long file path restrictions on Windows.
|
||||
|
||||
@@ -92,8 +92,6 @@ namespace GitHub.Runner.Worker.Container
|
||||
public bool IsJobContainer { get; set; }
|
||||
public bool IsAlpine { get; set; }
|
||||
|
||||
public bool FailedInitialization { get; set; }
|
||||
|
||||
public IDictionary<string, string> ContainerEnvironmentVariables
|
||||
{
|
||||
get
|
||||
|
||||
@@ -107,6 +107,7 @@ namespace GitHub.Runner.Worker.Container
|
||||
public async Task<string> DockerCreate(IExecutionContext context, ContainerInfo container)
|
||||
{
|
||||
IList<string> dockerOptions = new List<string>();
|
||||
IDictionary<string, string> environment = new Dictionary<string, string>();
|
||||
// OPTIONS
|
||||
dockerOptions.Add($"--name {container.ContainerDisplayName}");
|
||||
dockerOptions.Add($"--label {DockerInstanceLabel}");
|
||||
@@ -135,7 +136,8 @@ namespace GitHub.Runner.Worker.Container
|
||||
}
|
||||
else
|
||||
{
|
||||
dockerOptions.Add(DockerUtil.CreateEscapedOption("-e", env.Key, env.Value));
|
||||
environment.Add(env.Key, env.Value);
|
||||
dockerOptions.Add(DockerUtil.CreateEscapedOption("-e", env.Key));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -183,7 +185,7 @@ namespace GitHub.Runner.Worker.Container
|
||||
dockerOptions.Add($"{container.ContainerEntryPointArgs}");
|
||||
|
||||
var optionsString = string.Join(" ", dockerOptions);
|
||||
List<string> outputStrings = await ExecuteDockerCommandAsync(context, "create", optionsString);
|
||||
List<string> outputStrings = await ExecuteDockerCommandAsync(context, "create", optionsString, environment);
|
||||
|
||||
return outputStrings.FirstOrDefault();
|
||||
}
|
||||
@@ -443,6 +445,11 @@ namespace GitHub.Runner.Worker.Container
|
||||
}
|
||||
|
||||
private async Task<List<string>> ExecuteDockerCommandAsync(IExecutionContext context, string command, string options)
|
||||
{
|
||||
return await ExecuteDockerCommandAsync(context, command, options, null);
|
||||
}
|
||||
|
||||
private async Task<List<string>> ExecuteDockerCommandAsync(IExecutionContext context, string command, string options, IDictionary<string, string> environment)
|
||||
{
|
||||
string arg = $"{command} {options}".Trim();
|
||||
context.Command($"{DockerPath} {arg}");
|
||||
@@ -470,7 +477,7 @@ namespace GitHub.Runner.Worker.Container
|
||||
workingDirectory: context.GetGitHubContext("workspace"),
|
||||
fileName: DockerPath,
|
||||
arguments: arg,
|
||||
environment: null,
|
||||
environment: environment,
|
||||
requireExitCodeZero: true,
|
||||
outputEncoding: null,
|
||||
cancellationToken: CancellationToken.None);
|
||||
|
||||
@@ -71,15 +71,6 @@ namespace GitHub.Runner.Worker.Container
|
||||
return $"{flag} \"{EscapeString(key)}\"";
|
||||
}
|
||||
|
||||
public static string CreateEscapedOption(string flag, string key, string value)
|
||||
{
|
||||
if (String.IsNullOrEmpty(key))
|
||||
{
|
||||
return "";
|
||||
}
|
||||
return $"{flag} \"{EscapeString(key)}={EscapeString(value)}\"";
|
||||
}
|
||||
|
||||
private static string EscapeString(string value)
|
||||
{
|
||||
return value.Replace("\\", "\\\\").Replace("\"", "\\\"");
|
||||
|
||||
@@ -98,41 +98,12 @@ namespace GitHub.Runner.Worker
|
||||
await StartContainerAsync(executionContext, container);
|
||||
}
|
||||
|
||||
await RunContainersHealthcheck(executionContext, containers);
|
||||
}
|
||||
|
||||
public async Task RunContainersHealthcheck(IExecutionContext executionContext, List<ContainerInfo> containers)
|
||||
{
|
||||
executionContext.Output("##[group]Waiting for all services to be ready");
|
||||
|
||||
var unhealthyContainers = new List<ContainerInfo>();
|
||||
foreach (var container in containers.Where(c => !c.IsJobContainer))
|
||||
{
|
||||
var healthcheck = await ContainerHealthcheck(executionContext, container);
|
||||
|
||||
if (!(string.Equals(healthcheck, "healthy", StringComparison.OrdinalIgnoreCase) || string.IsNullOrEmpty(healthcheck)))
|
||||
{
|
||||
unhealthyContainers.Add(container);
|
||||
}
|
||||
else
|
||||
{
|
||||
executionContext.Output($"{container.ContainerNetworkAlias} service is healthy.");
|
||||
}
|
||||
await ContainerHealthcheck(executionContext, container);
|
||||
}
|
||||
executionContext.Output("##[endgroup]");
|
||||
|
||||
if (unhealthyContainers.Count > 0)
|
||||
{
|
||||
foreach (var container in unhealthyContainers)
|
||||
{
|
||||
executionContext.Output($"##[group]Service container {container.ContainerNetworkAlias} failed.");
|
||||
await _dockerManager.DockerLogs(context: executionContext, containerId: container.ContainerId);
|
||||
executionContext.Error($"Failed to initialize container {container.ContainerImage}");
|
||||
container.FailedInitialization = true;
|
||||
executionContext.Output("##[endgroup]");
|
||||
}
|
||||
throw new InvalidOperationException("One or more containers failed to start.");
|
||||
}
|
||||
}
|
||||
|
||||
public async Task StopContainersAsync(IExecutionContext executionContext, object data)
|
||||
@@ -328,8 +299,9 @@ namespace GitHub.Runner.Worker
|
||||
|
||||
if (!string.IsNullOrEmpty(container.ContainerId))
|
||||
{
|
||||
if (!container.IsJobContainer && !container.FailedInitialization)
|
||||
if (!container.IsJobContainer)
|
||||
{
|
||||
// Print logs for service container jobs (not the "action" job itself b/c that's already logged).
|
||||
executionContext.Output($"Print service container logs: {container.ContainerDisplayName}");
|
||||
|
||||
int logsExitCode = await _dockerManager.DockerLogs(executionContext, container.ContainerId);
|
||||
@@ -423,14 +395,14 @@ namespace GitHub.Runner.Worker
|
||||
}
|
||||
}
|
||||
|
||||
private async Task<string> ContainerHealthcheck(IExecutionContext executionContext, ContainerInfo container)
|
||||
private async Task ContainerHealthcheck(IExecutionContext executionContext, ContainerInfo container)
|
||||
{
|
||||
string healthCheck = "--format=\"{{if .Config.Healthcheck}}{{print .State.Health.Status}}{{end}}\"";
|
||||
string serviceHealth = (await _dockerManager.DockerInspect(context: executionContext, dockerObject: container.ContainerId, options: healthCheck)).FirstOrDefault();
|
||||
if (string.IsNullOrEmpty(serviceHealth))
|
||||
{
|
||||
// Container has no HEALTHCHECK
|
||||
return String.Empty;
|
||||
return;
|
||||
}
|
||||
var retryCount = 0;
|
||||
while (string.Equals(serviceHealth, "starting", StringComparison.OrdinalIgnoreCase))
|
||||
@@ -441,7 +413,14 @@ namespace GitHub.Runner.Worker
|
||||
serviceHealth = (await _dockerManager.DockerInspect(context: executionContext, dockerObject: container.ContainerId, options: healthCheck)).FirstOrDefault();
|
||||
retryCount++;
|
||||
}
|
||||
return serviceHealth;
|
||||
if (string.Equals(serviceHealth, "healthy", StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
executionContext.Output($"{container.ContainerNetworkAlias} service is healthy.");
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new InvalidOperationException($"Failed to initialize, {container.ContainerNetworkAlias} service is {serviceHealth}.");
|
||||
}
|
||||
}
|
||||
|
||||
private async Task<string> ContainerRegistryLogin(IExecutionContext executionContext, ContainerInfo container)
|
||||
|
||||
@@ -63,6 +63,8 @@ namespace GitHub.Runner.Worker
|
||||
// Keep track of embedded steps states
|
||||
Dictionary<Guid, Dictionary<string, string>> EmbeddedIntraActionState { get; }
|
||||
|
||||
IList<Issue> EmbeddedIssues { get; }
|
||||
|
||||
bool EchoOnActionCommand { get; set; }
|
||||
|
||||
bool IsEmbedded { get; }
|
||||
@@ -91,6 +93,7 @@ namespace GitHub.Runner.Worker
|
||||
void SetOutput(string name, string value, out string reference);
|
||||
void SetTimeout(TimeSpan? timeout);
|
||||
void AddIssue(Issue issue, string message = null);
|
||||
void AddIssueToTimelineRecord(Issue issue);
|
||||
void Progress(int percentage, string currentOperation = null);
|
||||
void UpdateDetailTimelineRecord(TimelineRecord record);
|
||||
|
||||
@@ -180,6 +183,8 @@ namespace GitHub.Runner.Worker
|
||||
|
||||
public Dictionary<Guid, Dictionary<string, string>> EmbeddedIntraActionState { get; private set; }
|
||||
|
||||
public IList<Issue> EmbeddedIssues { get; } = new List<Issue>();
|
||||
|
||||
public bool EchoOnActionCommand { get; set; }
|
||||
|
||||
// An embedded execution context shares the same record ID, record name, and logger
|
||||
@@ -575,7 +580,31 @@ namespace GitHub.Runner.Worker
|
||||
long logLineNumber = Write(WellKnownTags.Error, logMessage);
|
||||
issue.Data["logFileLineNumber"] = logLineNumber.ToString();
|
||||
}
|
||||
}
|
||||
else if (issue.Type == IssueType.Warning)
|
||||
{
|
||||
if (!string.IsNullOrEmpty(logMessage))
|
||||
{
|
||||
long logLineNumber = Write(WellKnownTags.Warning, logMessage);
|
||||
issue.Data["logFileLineNumber"] = logLineNumber.ToString();
|
||||
}
|
||||
}
|
||||
else if (issue.Type == IssueType.Notice)
|
||||
{
|
||||
if (!string.IsNullOrEmpty(logMessage))
|
||||
{
|
||||
long logLineNumber = Write(WellKnownTags.Notice, logMessage);
|
||||
issue.Data["logFileLineNumber"] = logLineNumber.ToString();
|
||||
}
|
||||
}
|
||||
AddIssueToTimelineRecord(issue);
|
||||
}
|
||||
|
||||
public void AddIssueToTimelineRecord(Issue issue)
|
||||
{
|
||||
ArgUtil.NotNull(issue, nameof(issue));
|
||||
if (issue.Type == IssueType.Error)
|
||||
{
|
||||
if (_record.ErrorCount < _maxIssueCount)
|
||||
{
|
||||
_record.Issues.Add(issue);
|
||||
@@ -585,12 +614,6 @@ namespace GitHub.Runner.Worker
|
||||
}
|
||||
else if (issue.Type == IssueType.Warning)
|
||||
{
|
||||
if (!string.IsNullOrEmpty(logMessage))
|
||||
{
|
||||
long logLineNumber = Write(WellKnownTags.Warning, logMessage);
|
||||
issue.Data["logFileLineNumber"] = logLineNumber.ToString();
|
||||
}
|
||||
|
||||
if (_record.WarningCount < _maxIssueCount)
|
||||
{
|
||||
_record.Issues.Add(issue);
|
||||
@@ -600,12 +623,6 @@ namespace GitHub.Runner.Worker
|
||||
}
|
||||
else if (issue.Type == IssueType.Notice)
|
||||
{
|
||||
if (!string.IsNullOrEmpty(logMessage))
|
||||
{
|
||||
long logLineNumber = Write(WellKnownTags.Notice, logMessage);
|
||||
issue.Data["logFileLineNumber"] = logLineNumber.ToString();
|
||||
}
|
||||
|
||||
if (_record.NoticeCount < _maxIssueCount)
|
||||
{
|
||||
_record.Issues.Add(issue);
|
||||
@@ -613,8 +630,17 @@ namespace GitHub.Runner.Worker
|
||||
|
||||
_record.NoticeCount++;
|
||||
}
|
||||
// Composite actions should never upload a timeline record to the server
|
||||
// We add these to a list and let composite action handler bubble it up recursively
|
||||
if (this.IsEmbedded)
|
||||
{
|
||||
EmbeddedIssues.Add(issue);
|
||||
}
|
||||
else
|
||||
{
|
||||
_jobServerQueue.QueueTimelineRecordUpdate(_mainTimelineId, _record);
|
||||
}
|
||||
|
||||
_jobServerQueue.QueueTimelineRecordUpdate(_mainTimelineId, _record);
|
||||
}
|
||||
|
||||
public void UpdateDetailTimelineRecord(TimelineRecord record)
|
||||
|
||||
@@ -413,6 +413,12 @@ namespace GitHub.Runner.Worker.Handlers
|
||||
|
||||
// Update context
|
||||
step.ExecutionContext.UpdateGlobalStepsContext();
|
||||
|
||||
// Update annotations
|
||||
foreach (var issue in step.ExecutionContext.EmbeddedIssues)
|
||||
{
|
||||
ExecutionContext.AddIssueToTimelineRecord(issue);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -171,32 +171,5 @@ namespace GitHub.Runner.Common.Tests.Worker.Container
|
||||
}
|
||||
Assert.Equal(expected, actual);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[Trait("Level", "L0")]
|
||||
[Trait("Category", "Worker")]
|
||||
[InlineData("HOME", "", "HOME", "")]
|
||||
[InlineData("HOME alpine:3.8 sh -c id #", "HOME alpine:3.8 sh -c id #", "HOME alpine:3.8 sh -c id #", "HOME alpine:3.8 sh -c id #")]
|
||||
[InlineData("HOME \"alpine:3.8 sh -c id #", "HOME \"alpine:3.8 sh -c id #", "HOME \\\"alpine:3.8 sh -c id #", "HOME \\\"alpine:3.8 sh -c id #")]
|
||||
[InlineData("HOME \\\"alpine:3.8 sh -c id #", "HOME \\\"alpine:3.8 sh -c id #", "HOME \\\\\\\"alpine:3.8 sh -c id #", "HOME \\\\\\\"alpine:3.8 sh -c id #")]
|
||||
[InlineData("HOME \\\\\"alpine:3.8 sh -c id #", "HOME \\\\\"alpine:3.8 sh -c id #", "HOME \\\\\\\\\\\"alpine:3.8 sh -c id #", "HOME \\\\\\\\\\\"alpine:3.8 sh -c id #")]
|
||||
[InlineData("HOME \"\"alpine:3.8 sh -c id #", "HOME \"\"alpine:3.8 sh -c id #", "HOME \\\"\\\"alpine:3.8 sh -c id #", "HOME \\\"\\\"alpine:3.8 sh -c id #")]
|
||||
[InlineData("HOME \\\"\"alpine:3.8 sh -c id #", "HOME \\\"\"alpine:3.8 sh -c id #", "HOME \\\\\\\"\\\"alpine:3.8 sh -c id #", "HOME \\\\\\\"\\\"alpine:3.8 sh -c id #")]
|
||||
[InlineData("HOME \"\\\"alpine:3.8 sh -c id #", "HOME \"\\\"alpine:3.8 sh -c id #", "HOME \\\"\\\\\\\"alpine:3.8 sh -c id #", "HOME \\\"\\\\\\\"alpine:3.8 sh -c id #")]
|
||||
public void CreateEscapedOption_keyValue(string keyInput, string valueInput, string escapedKey, string escapedValue)
|
||||
{
|
||||
var flag = "--example";
|
||||
var actual = DockerUtil.CreateEscapedOption(flag, keyInput, valueInput);
|
||||
string expected;
|
||||
if (String.IsNullOrEmpty(keyInput))
|
||||
{
|
||||
expected = "";
|
||||
}
|
||||
else
|
||||
{
|
||||
expected = $"{flag} \"{escapedKey}={escapedValue}\"";
|
||||
}
|
||||
Assert.Equal(expected, actual);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,126 +0,0 @@
|
||||
using GitHub.Runner.Worker;
|
||||
using GitHub.Runner.Worker.Container;
|
||||
using Xunit;
|
||||
using Moq;
|
||||
using GitHub.Runner.Worker.Container.ContainerHooks;
|
||||
using System.Threading.Tasks;
|
||||
using System.Collections.Generic;
|
||||
using System.Runtime.CompilerServices;
|
||||
using GitHub.DistributedTask.WebApi;
|
||||
using System;
|
||||
|
||||
namespace GitHub.Runner.Common.Tests.Worker
|
||||
{
|
||||
|
||||
public sealed class ContainerOperationProviderL0
|
||||
{
|
||||
|
||||
private TestHostContext _hc;
|
||||
private Mock<IExecutionContext> _ec;
|
||||
private Mock<IDockerCommandManager> _dockerManager;
|
||||
private Mock<IContainerHookManager> _containerHookManager;
|
||||
private ContainerOperationProvider containerOperationProvider;
|
||||
private Mock<IJobServerQueue> serverQueue;
|
||||
private Mock<IPagingLogger> pagingLogger;
|
||||
private List<string> healthyDockerStatus = new List<string> { "healthy" };
|
||||
private List<string> emptyDockerStatus = new List<string> { string.Empty };
|
||||
private List<string> unhealthyDockerStatus = new List<string> { "unhealthy" };
|
||||
private List<string> dockerLogs = new List<string> { "log1", "log2", "log3" };
|
||||
|
||||
List<ContainerInfo> containers = new List<ContainerInfo>();
|
||||
|
||||
[Fact]
|
||||
[Trait("Level", "L0")]
|
||||
[Trait("Category", "Worker")]
|
||||
public async void RunServiceContainersHealthcheck_UnhealthyServiceContainer_AssertFailedTask()
|
||||
{
|
||||
//Arrange
|
||||
Setup();
|
||||
_dockerManager.Setup(x => x.DockerInspect(_ec.Object, It.IsAny<string>(), It.IsAny<string>())).Returns(Task.FromResult(unhealthyDockerStatus));
|
||||
|
||||
//Act
|
||||
try
|
||||
{
|
||||
await containerOperationProvider.RunContainersHealthcheck(_ec.Object, containers);
|
||||
}
|
||||
catch (InvalidOperationException)
|
||||
{
|
||||
|
||||
//Assert
|
||||
Assert.Equal(TaskResult.Failed, _ec.Object.Result ?? TaskResult.Failed);
|
||||
}
|
||||
}
|
||||
|
||||
[Fact]
|
||||
[Trait("Level", "L0")]
|
||||
[Trait("Category", "Worker")]
|
||||
public async void RunServiceContainersHealthcheck_UnhealthyServiceContainer_AssertExceptionThrown()
|
||||
{
|
||||
//Arrange
|
||||
Setup();
|
||||
_dockerManager.Setup(x => x.DockerInspect(_ec.Object, It.IsAny<string>(), It.IsAny<string>())).Returns(Task.FromResult(unhealthyDockerStatus));
|
||||
|
||||
//Act and Assert
|
||||
await Assert.ThrowsAsync<InvalidOperationException>(() => containerOperationProvider.RunContainersHealthcheck(_ec.Object, containers));
|
||||
|
||||
}
|
||||
|
||||
[Fact]
|
||||
[Trait("Level", "L0")]
|
||||
[Trait("Category", "Worker")]
|
||||
public async void RunServiceContainersHealthcheck_healthyServiceContainer_AssertSucceededTask()
|
||||
{
|
||||
//Arrange
|
||||
Setup();
|
||||
_dockerManager.Setup(x => x.DockerInspect(_ec.Object, It.IsAny<string>(), It.IsAny<string>())).Returns(Task.FromResult(healthyDockerStatus));
|
||||
|
||||
//Act
|
||||
await containerOperationProvider.RunContainersHealthcheck(_ec.Object, containers);
|
||||
|
||||
//Assert
|
||||
Assert.Equal(TaskResult.Succeeded, _ec.Object.Result ?? TaskResult.Succeeded);
|
||||
|
||||
}
|
||||
|
||||
[Fact]
|
||||
[Trait("Level", "L0")]
|
||||
[Trait("Category", "Worker")]
|
||||
public async void RunServiceContainersHealthcheck_healthyServiceContainerWithoutHealthcheck_AssertSucceededTask()
|
||||
{
|
||||
//Arrange
|
||||
Setup();
|
||||
_dockerManager.Setup(x => x.DockerInspect(_ec.Object, It.IsAny<string>(), It.IsAny<string>())).Returns(Task.FromResult(emptyDockerStatus));
|
||||
|
||||
//Act
|
||||
await containerOperationProvider.RunContainersHealthcheck(_ec.Object, containers);
|
||||
|
||||
//Assert
|
||||
Assert.Equal(TaskResult.Succeeded, _ec.Object.Result ?? TaskResult.Succeeded);
|
||||
|
||||
}
|
||||
|
||||
private void Setup([CallerMemberName] string testName = "")
|
||||
{
|
||||
containers.Add(new ContainerInfo() { ContainerImage = "ubuntu:16.04" });
|
||||
_hc = new TestHostContext(this, testName);
|
||||
_ec = new Mock<IExecutionContext>();
|
||||
serverQueue = new Mock<IJobServerQueue>();
|
||||
pagingLogger = new Mock<IPagingLogger>();
|
||||
|
||||
_dockerManager = new Mock<IDockerCommandManager>();
|
||||
_containerHookManager = new Mock<IContainerHookManager>();
|
||||
containerOperationProvider = new ContainerOperationProvider();
|
||||
|
||||
_hc.SetSingleton<IDockerCommandManager>(_dockerManager.Object);
|
||||
_hc.SetSingleton<IJobServerQueue>(serverQueue.Object);
|
||||
_hc.SetSingleton<IPagingLogger>(pagingLogger.Object);
|
||||
|
||||
_hc.SetSingleton<IDockerCommandManager>(_dockerManager.Object);
|
||||
_hc.SetSingleton<IContainerHookManager>(_containerHookManager.Object);
|
||||
|
||||
_ec.Setup(x => x.Global).Returns(new GlobalContext());
|
||||
|
||||
containerOperationProvider.Initialize(_hc);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1 +1 @@
|
||||
2.296.0
|
||||
2.296.1
|
||||
|
||||
Reference in New Issue
Block a user