Update releaseVersion

2.296.2 Release notes (#2107 )
* fix issue with env's overwriting environment * add release notes * handle value escaping * compile regex for runtime perf improvements
2025-12-10 12:36:23 +00:00 · 2022-09-08 13:38:20 -04:00 · 2022-09-08 13:36:38 -04:00 · 2022-08-31 13:40:17 -04:00 · 2022-08-31 13:39:32 -04:00 · 2022-08-23 10:52:30 -04:00
9 changed files with 50 additions and 190 deletions
--- a/releaseNote.md
+++ b/releaseNote.md
@@ -1,9 +1,6 @@
 ## Bugs
- Avoid key based command injection via Docker command arguments (#2062)
+- Fixed an issue where self hosted environments had their docker env's overwritten (#2107)
 ## Misc
- Added step context name and start/finish time in step telemetry (#2069)
- Improved error logs when there is a missing 'using' token configuration in the metadata file  (#2052)
- Added full job name and nested workflow details in log (#2049)

 ## Windows x64
 We recommend configuring the runner in a root folder of the Windows drive (e.g. "C:\actions-runner"). This will help avoid issues related to service identity folder permissions and long file path restrictions on Windows.
--- a/2
+++ b/2
@@ -1 +1 @@
-<Update to ./src/runnerversion when creating release>
+2.296.2
--- a/src/Runner.Worker/ActionCommandManager.cs
+++ b/src/Runner.Worker/ActionCommandManager.cs
@@ -585,8 +585,6 @@ namespace GitHub.Runner.Worker

        public void ProcessCommand(IExecutionContext context, string inputLine, ActionCommand command, ContainerInfo container)
        {
-            ValidateLinesAndColumns(command, context);
-        
            command.Properties.TryGetValue(IssueCommandProperties.File, out string file);
            command.Properties.TryGetValue(IssueCommandProperties.Line, out string line);
            command.Properties.TryGetValue(IssueCommandProperties.Column, out string column);
--- a/src/Runner.Worker/Container/ContainerInfo.cs
+++ b/src/Runner.Worker/Container/ContainerInfo.cs
@@ -92,8 +92,6 @@ namespace GitHub.Runner.Worker.Container
        public bool IsJobContainer { get; set; }
        public bool IsAlpine { get; set; }

-        public bool FailedInitialization { get; set; }
-
        public IDictionary<string, string> ContainerEnvironmentVariables
        {
            get
--- a/src/Runner.Worker/Container/DockerUtil.cs
+++ b/src/Runner.Worker/Container/DockerUtil.cs
@@ -6,6 +6,9 @@ namespace GitHub.Runner.Worker.Container
 {
    public class DockerUtil
    {
+        private static readonly Regex QuoteEscape = new Regex(@"(\\*)" + "\"", RegexOptions.Compiled);
+        private static readonly Regex EndOfStringEscape = new Regex(@"(\\+)$", RegexOptions.Compiled);
+
        public static List<PortMapping> ParseDockerPort(IList<string> portMappingLines)
        {
            const string targetPort = "targetPort";
@@ -68,7 +71,7 @@ namespace GitHub.Runner.Worker.Container
            {
                return "";
            }
-            return $"{flag} \"{EscapeString(key)}\"";
+            return $"{flag} {EscapeString(key)}";
        }

        public static string CreateEscapedOption(string flag, string key, string value)
@@ -77,12 +80,28 @@ namespace GitHub.Runner.Worker.Container
            {
                return "";
            }
-            return $"{flag} \"{EscapeString(key)}={EscapeString(value)}\"";
+            var escapedString = EscapeString($"{key}={value}");
+            return $"{flag} {escapedString}";
        }

        private static string EscapeString(string value)
        {
-            return value.Replace("\\", "\\\\").Replace("\"", "\\\"");
+            if (String.IsNullOrEmpty(value))
+            {
+                return "";
+            }
+            // Dotnet escaping rules are weird here, we can only escape \ if it precedes a "
+            // If a double quotation mark follows two or an even number of backslashes, each proceeding backslash pair is replaced with one backslash and the double quotation mark is removed.
+            // If a double quotation mark follows an odd number of backslashes, including just one, each preceding pair is replaced with one backslash and the remaining backslash is removed; however, in this case the double quotation mark is not removed.
+            // https://docs.microsoft.com/en-us/dotnet/api/system.environment.getcommandlineargs?redirectedfrom=MSDN&view=net-6.0#remarks
+
+            // First, find any \ followed by a " and double the number of \ + 1.
+             value = QuoteEscape.Replace(value, @"$1$1\" + "\"");
+            // Next, what if it ends in `\`, it would escape the end quote. So, we need to detect that at the end of the string and perform the same escape
+            // Luckily, we can just use the $ character with detects the end of string in regex
+            value = EndOfStringEscape.Replace(value, @"$1$1");
+            // Finally, wrap it in quotes
+            return $"\"{value}\"";
        }
    }
 }
--- a/src/Runner.Worker/ContainerOperationProvider.cs
+++ b/src/Runner.Worker/ContainerOperationProvider.cs
@@ -98,41 +98,12 @@ namespace GitHub.Runner.Worker
                await StartContainerAsync(executionContext, container);
            }

-            await RunContainersHealthcheck(executionContext, containers);
-        }
-
-        public async Task RunContainersHealthcheck(IExecutionContext executionContext, List<ContainerInfo> containers)
-        {
            executionContext.Output("##[group]Waiting for all services to be ready");
-
-            var unhealthyContainers = new List<ContainerInfo>();
            foreach (var container in containers.Where(c => !c.IsJobContainer))
            {
-                var healthcheck = await ContainerHealthcheck(executionContext, container);
-
-                if (!(string.Equals(healthcheck, "healthy", StringComparison.OrdinalIgnoreCase) || string.IsNullOrEmpty(healthcheck)))
-                {
-                    unhealthyContainers.Add(container);
-                }
-                else
-                {
-                    executionContext.Output($"{container.ContainerNetworkAlias} service is healthy.");
-                }
+                await ContainerHealthcheck(executionContext, container);
            }
            executionContext.Output("##[endgroup]");
-
-            if (unhealthyContainers.Count > 0)
-            {
-                foreach (var container in unhealthyContainers)
-                {
-                    executionContext.Output($"##[group]Service container {container.ContainerNetworkAlias} failed.");
-                    await _dockerManager.DockerLogs(context: executionContext, containerId: container.ContainerId);
-                    executionContext.Error($"Failed to initialize container {container.ContainerImage}");
-                    container.FailedInitialization = true;
-                    executionContext.Output("##[endgroup]");
-                }
-                throw new InvalidOperationException("One or more containers failed to start.");
-            }
        }

        public async Task StopContainersAsync(IExecutionContext executionContext, object data)
@@ -328,8 +299,9 @@ namespace GitHub.Runner.Worker

            if (!string.IsNullOrEmpty(container.ContainerId))
            {
-                if (!container.IsJobContainer && !container.FailedInitialization)
+                if (!container.IsJobContainer)
                {
+                    // Print logs for service container jobs (not the "action" job itself b/c that's already logged).
                    executionContext.Output($"Print service container logs: {container.ContainerDisplayName}");

                    int logsExitCode = await _dockerManager.DockerLogs(executionContext, container.ContainerId);
@@ -423,14 +395,14 @@ namespace GitHub.Runner.Worker
            }
        }

-        private async Task<string> ContainerHealthcheck(IExecutionContext executionContext, ContainerInfo container)
+        private async Task ContainerHealthcheck(IExecutionContext executionContext, ContainerInfo container)
        {
            string healthCheck = "--format=\"{{if .Config.Healthcheck}}{{print .State.Health.Status}}{{end}}\"";
            string serviceHealth = (await _dockerManager.DockerInspect(context: executionContext, dockerObject: container.ContainerId, options: healthCheck)).FirstOrDefault();
            if (string.IsNullOrEmpty(serviceHealth))
            {
                // Container has no HEALTHCHECK
-                return String.Empty;
+                return;
            }
            var retryCount = 0;
            while (string.Equals(serviceHealth, "starting", StringComparison.OrdinalIgnoreCase))
@@ -441,7 +413,14 @@ namespace GitHub.Runner.Worker
                serviceHealth = (await _dockerManager.DockerInspect(context: executionContext, dockerObject: container.ContainerId, options: healthCheck)).FirstOrDefault();
                retryCount++;
            }
-            return serviceHealth;
+            if (string.Equals(serviceHealth, "healthy", StringComparison.OrdinalIgnoreCase))
+            {
+                executionContext.Output($"{container.ContainerNetworkAlias} service is healthy.");
+            }
+            else
+            {
+                throw new InvalidOperationException($"Failed to initialize, {container.ContainerNetworkAlias} service is {serviceHealth}.");
+            }
        }

        private async Task<string> ContainerRegistryLogin(IExecutionContext executionContext, ContainerInfo container)
--- a/src/Test/L0/Container/DockerUtilL0.cs
+++ b/src/Test/L0/Container/DockerUtilL0.cs
@@ -149,13 +149,12 @@ namespace GitHub.Runner.Common.Tests.Worker.Container
        [Trait("Level", "L0")]
        [Trait("Category", "Worker")]
        [InlineData("", "")]
-        [InlineData("HOME alpine:3.8 sh -c id #", "HOME alpine:3.8 sh -c id #")]
-        [InlineData("HOME \"alpine:3.8 sh -c id #", "HOME \\\"alpine:3.8 sh -c id #")]
-        [InlineData("HOME \\\"alpine:3.8 sh -c id #", "HOME \\\\\\\"alpine:3.8 sh -c id #")]
-        [InlineData("HOME \\\\\"alpine:3.8 sh -c id #", "HOME \\\\\\\\\\\"alpine:3.8 sh -c id #")]
-        [InlineData("HOME \"\"alpine:3.8 sh -c id #", "HOME \\\"\\\"alpine:3.8 sh -c id #")]
-        [InlineData("HOME \\\"\"alpine:3.8 sh -c id #", "HOME \\\\\\\"\\\"alpine:3.8 sh -c id #")]
-        [InlineData("HOME \"\\\"alpine:3.8 sh -c id #", "HOME \\\"\\\\\\\"alpine:3.8 sh -c id #")]
+        [InlineData("foo", "foo")]
+        [InlineData("foo \\ bar", "foo \\ bar")]
+        [InlineData("foo \\", "foo \\\\")]
+        [InlineData("foo \\\\", "foo \\\\\\\\")]
+        [InlineData("foo \\\" bar", "foo \\\\\\\" bar")]
+        [InlineData("foo \\\\\" bar", "foo \\\\\\\\\\\" bar")]
        public void CreateEscapedOption_keyOnly(string input, string escaped)
        {
            var flag = "--example";
@@ -175,15 +174,11 @@ namespace GitHub.Runner.Common.Tests.Worker.Container
        [Theory]
        [Trait("Level", "L0")]
        [Trait("Category", "Worker")]
-        [InlineData("HOME", "", "HOME", "")]
-        [InlineData("HOME alpine:3.8 sh -c id #", "HOME alpine:3.8 sh -c id #", "HOME alpine:3.8 sh -c id #", "HOME alpine:3.8 sh -c id #")]
-        [InlineData("HOME \"alpine:3.8 sh -c id #", "HOME \"alpine:3.8 sh -c id #", "HOME \\\"alpine:3.8 sh -c id #", "HOME \\\"alpine:3.8 sh -c id #")]
-        [InlineData("HOME \\\"alpine:3.8 sh -c id #", "HOME \\\"alpine:3.8 sh -c id #", "HOME \\\\\\\"alpine:3.8 sh -c id #", "HOME \\\\\\\"alpine:3.8 sh -c id #")]
-        [InlineData("HOME \\\\\"alpine:3.8 sh -c id #", "HOME \\\\\"alpine:3.8 sh -c id #", "HOME \\\\\\\\\\\"alpine:3.8 sh -c id #", "HOME \\\\\\\\\\\"alpine:3.8 sh -c id #")]
-        [InlineData("HOME \"\"alpine:3.8 sh -c id #", "HOME \"\"alpine:3.8 sh -c id #", "HOME \\\"\\\"alpine:3.8 sh -c id #", "HOME \\\"\\\"alpine:3.8 sh -c id #")]
-        [InlineData("HOME \\\"\"alpine:3.8 sh -c id #", "HOME \\\"\"alpine:3.8 sh -c id #", "HOME \\\\\\\"\\\"alpine:3.8 sh -c id #", "HOME \\\\\\\"\\\"alpine:3.8 sh -c id #")]
-        [InlineData("HOME \"\\\"alpine:3.8 sh -c id #", "HOME \"\\\"alpine:3.8 sh -c id #", "HOME \\\"\\\\\\\"alpine:3.8 sh -c id #", "HOME \\\"\\\\\\\"alpine:3.8 sh -c id #")]
-        public void CreateEscapedOption_keyValue(string keyInput, string valueInput, string escapedKey, string escapedValue)
+        [InlineData("foo", "bar", "foo=bar")]
+        [InlineData("foo\\", "bar", "foo\\=bar")]
+        [InlineData("foo\\", "bar\\", "foo\\=bar\\\\")]
+        [InlineData("foo \\","bar \\", "foo \\=bar \\\\")]
+        public void CreateEscapedOption_keyValue(string keyInput, string valueInput, string escapedString)
        {
            var flag = "--example";
            var actual = DockerUtil.CreateEscapedOption(flag, keyInput, valueInput);
@@ -194,7 +189,7 @@ namespace GitHub.Runner.Common.Tests.Worker.Container
            }
            else
            {
-                expected = $"{flag} \"{escapedKey}={escapedValue}\"";
+                expected = $"{flag} \"{escapedString}\"";
            }
            Assert.Equal(expected, actual);
        }
--- a/src/Test/L0/Worker/ContainerOperationProviderL0.cs
+++ b/src/Test/L0/Worker/ContainerOperationProviderL0.cs
@@ -1,126 +0,0 @@
-using GitHub.Runner.Worker;
-using GitHub.Runner.Worker.Container;
-using Xunit;
-using Moq;
-using GitHub.Runner.Worker.Container.ContainerHooks;
-using System.Threading.Tasks;
-using System.Collections.Generic;
-using System.Runtime.CompilerServices;
-using GitHub.DistributedTask.WebApi;
-using System;
-
-namespace GitHub.Runner.Common.Tests.Worker
-{
-
-    public sealed class ContainerOperationProviderL0
-    {
-
-        private TestHostContext _hc;
-        private Mock<IExecutionContext> _ec;
-        private Mock<IDockerCommandManager> _dockerManager;
-        private Mock<IContainerHookManager> _containerHookManager;
-        private ContainerOperationProvider containerOperationProvider;
-        private Mock<IJobServerQueue> serverQueue;
-        private Mock<IPagingLogger> pagingLogger;
-        private List<string> healthyDockerStatus = new List<string> { "healthy" };
-        private List<string> emptyDockerStatus = new List<string> { string.Empty };
-        private List<string> unhealthyDockerStatus = new List<string> { "unhealthy" };
-        private List<string> dockerLogs = new List<string> { "log1", "log2", "log3" };
-
-        List<ContainerInfo> containers = new List<ContainerInfo>();
-
-        [Fact]
-        [Trait("Level", "L0")]
-        [Trait("Category", "Worker")]
-        public async void RunServiceContainersHealthcheck_UnhealthyServiceContainer_AssertFailedTask()
-        {
-            //Arrange
-            Setup();
-            _dockerManager.Setup(x => x.DockerInspect(_ec.Object, It.IsAny<string>(), It.IsAny<string>())).Returns(Task.FromResult(unhealthyDockerStatus));
-
-            //Act
-            try
-            {
-                await containerOperationProvider.RunContainersHealthcheck(_ec.Object, containers);
-            }
-            catch (InvalidOperationException)
-            {
-
-                //Assert
-                Assert.Equal(TaskResult.Failed, _ec.Object.Result ?? TaskResult.Failed);
-            }
-        }
-
-        [Fact]
-        [Trait("Level", "L0")]
-        [Trait("Category", "Worker")]
-        public async void RunServiceContainersHealthcheck_UnhealthyServiceContainer_AssertExceptionThrown()
-        {
-            //Arrange
-            Setup();
-            _dockerManager.Setup(x => x.DockerInspect(_ec.Object, It.IsAny<string>(), It.IsAny<string>())).Returns(Task.FromResult(unhealthyDockerStatus));
-
-            //Act and Assert
-            await Assert.ThrowsAsync<InvalidOperationException>(() => containerOperationProvider.RunContainersHealthcheck(_ec.Object, containers));
-
-        }
-
-        [Fact]
-        [Trait("Level", "L0")]
-        [Trait("Category", "Worker")]
-        public async void RunServiceContainersHealthcheck_healthyServiceContainer_AssertSucceededTask()
-        {
-            //Arrange
-            Setup();
-            _dockerManager.Setup(x => x.DockerInspect(_ec.Object, It.IsAny<string>(), It.IsAny<string>())).Returns(Task.FromResult(healthyDockerStatus));
-
-            //Act
-            await containerOperationProvider.RunContainersHealthcheck(_ec.Object, containers);
-
-            //Assert
-            Assert.Equal(TaskResult.Succeeded, _ec.Object.Result ?? TaskResult.Succeeded);
-
-        }
-
-        [Fact]
-        [Trait("Level", "L0")]
-        [Trait("Category", "Worker")]
-        public async void RunServiceContainersHealthcheck_healthyServiceContainerWithoutHealthcheck_AssertSucceededTask()
-        {
-            //Arrange
-            Setup();
-            _dockerManager.Setup(x => x.DockerInspect(_ec.Object, It.IsAny<string>(), It.IsAny<string>())).Returns(Task.FromResult(emptyDockerStatus));
-
-            //Act
-            await containerOperationProvider.RunContainersHealthcheck(_ec.Object, containers);
-
-            //Assert
-            Assert.Equal(TaskResult.Succeeded, _ec.Object.Result ?? TaskResult.Succeeded);
-
-        }
-
-        private void Setup([CallerMemberName] string testName = "")
-        {
-            containers.Add(new ContainerInfo() { ContainerImage = "ubuntu:16.04" });
-            _hc = new TestHostContext(this, testName);
-            _ec = new Mock<IExecutionContext>();
-            serverQueue = new Mock<IJobServerQueue>();
-            pagingLogger = new Mock<IPagingLogger>();
-
-            _dockerManager = new Mock<IDockerCommandManager>();
-            _containerHookManager = new Mock<IContainerHookManager>();
-            containerOperationProvider = new ContainerOperationProvider();
-
-            _hc.SetSingleton<IDockerCommandManager>(_dockerManager.Object);
-            _hc.SetSingleton<IJobServerQueue>(serverQueue.Object);
-            _hc.SetSingleton<IPagingLogger>(pagingLogger.Object);
-
-            _hc.SetSingleton<IDockerCommandManager>(_dockerManager.Object);
-            _hc.SetSingleton<IContainerHookManager>(_containerHookManager.Object);
-
-            _ec.Setup(x => x.Global).Returns(new GlobalContext());
-
-            containerOperationProvider.Initialize(_hc);
-        }
-    }
-}
--- a/src/runnerversion
+++ b/src/runnerversion
@@ -1 +1 @@
-2.296.0
+2.296.2
Author	SHA1	Message	Date
Thomas Boop	21c30edf1e	Update releaseVersion	2022-09-08 13:38:20 -04:00
Thomas Boop	96f4f5e76e	2.296.2 Release notes (#2107 ) * fix issue with env's overwriting environment * add release notes * handle value escaping * compile regex for runtime perf improvements	2022-09-08 13:36:38 -04:00
Thomas Boop	219852abcb	Update releaseVersion	2022-08-31 13:40:17 -04:00
Thomas Boop	8dc5ca2208	2.296.1 Release (#2092 ) * docker: escape key-value pair as -e KEY and VALUE being environment var * removed code duplication, removed unused method and test * add release notes Co-authored-by: Nikola Jokic <nikola-jokic@github.com>	2022-08-31 13:39:32 -04:00
Thomas Boop	0f4622653b	Update releaseVersion	2022-08-23 10:52:30 -04:00
@@ -1 +1 @@
 .296.0
 .296.2