Simplify and just focus on fedora to mimimze scope of changes for this PR

.github/workflows/build.yml

@@ -14,9 +14,6 @@ on:
     paths-ignore:
     - '**.md'
 
-permissions:
-  contents: read
-
 jobs:
   build:
     strategy:
@@ -83,48 +80,3 @@ jobs:
         name: runner-package-${{ matrix.runtime }}
         path: |
           _package
-
-  docker:
-    strategy:
-      matrix:
-        os: [ ubuntu-latest, ubuntu-24.04-arm ]
-        include:
-          - os: ubuntu-latest
-            docker_platform: linux/amd64
-          - os: ubuntu-24.04-arm
-            docker_platform: linux/arm64
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v5
-
-    - name: Get latest runner version
-      id: latest_runner
-      uses: actions/github-script@v7
-      with:
-        github-token: ${{secrets.GITHUB_TOKEN}}
-        script: |
-          const release = await github.rest.repos.getLatestRelease({
-            owner: 'actions',
-            repo: 'runner',
-          });
-          const version = release.data.tag_name.replace(/^v/, '');
-          core.setOutput('version', version);
-
-    - name: Setup Docker buildx
-      uses: docker/setup-buildx-action@v3
-
-    - name: Build Docker image
-      uses: docker/build-push-action@v6
-      with:
-        context: ./images
-        load: true
-        platforms: ${{ matrix.docker_platform }}
-        tags: |
-          ${{ github.sha }}:latest
-        build-args: |
-          RUNNER_VERSION=${{ steps.latest_runner.outputs.version }}
-
-    - name: Test Docker image
-      run: |
-        docker run --rm ${{ github.sha }}:latest ./run.sh --version
-  

.github/workflows/release.yml

@@ -334,9 +334,8 @@ jobs:
           push: true
           labels: |
             org.opencontainers.image.source=${{github.server_url}}/${{github.repository}}
-            org.opencontainers.image.licenses=MIT
-          annotations: |
             org.opencontainers.image.description=https://github.com/actions/runner/releases/tag/v${{ steps.image.outputs.version }}
+            org.opencontainers.image.licenses=MIT
 
       - name: Generate attestation
         uses: actions/attest-build-provenance@v3

.husky/pre-commit

@@ -1 +1,6 @@
-cd src/Misc/expressionFunc/hashFiles && npx lint-staged
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+cd src/Misc/expressionFunc/hashFiles
+
+npx lint-staged

images/Dockerfile

@@ -1,5 +1,5 @@
 # Source: https://github.com/dotnet/dotnet-docker
-FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-noble AS build
+FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-jammy AS build
 
 ARG TARGETOS
 ARG TARGETARCH
@@ -32,12 +32,12 @@ RUN export RUNNER_ARCH=${TARGETARCH} \
         "https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-${TARGETARCH}" \
     && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx
 
-FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-noble
+FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-jammy
 
 ENV DEBIAN_FRONTEND=noninteractive
 ENV RUNNER_MANUALLY_TRAP_SIG=1
 ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1
-ENV ImageOS=ubuntu24
+ENV ImageOS=ubuntu22
 
 # 'gpg-agent' and 'software-properties-common' are needed for the 'add-apt-repository' command that follows
 RUN apt update -y \

src/Misc/expressionFunc/hashFiles/package-lock.json

@@ -22,7 +22,7 @@
         "husky": "^9.1.7",
         "lint-staged": "^15.5.0",
         "prettier": "^3.0.3",
-        "typescript": "^5.9.2"
+        "typescript": "^5.2.2"
       }
     },
     "node_modules/@aashutoshrathi/word-wrap": {
@@ -4481,9 +4481,9 @@
       }
     },
     "node_modules/typescript": {
-      "version": "5.9.2",
+      "version": "5.2.2",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.2.tgz",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.2.2.tgz",
-      "integrity": "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A==",
+      "integrity": "sha512-mI4WrpHsbCIcwT9cF4FZvr80QUeKvsUsUvKDoR+X/7XHQH98xYD8YHZg7ANtz2GtZt/CBq2QJ0thkGJMHfqc1w==",
       "dev": true,
       "bin": {
         "tsc": "bin/tsc",
@@ -7715,9 +7715,9 @@
       }
     },
     "typescript": {
-      "version": "5.9.2",
+      "version": "5.2.2",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.2.tgz",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.2.2.tgz",
-      "integrity": "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A==",
+      "integrity": "sha512-mI4WrpHsbCIcwT9cF4FZvr80QUeKvsUsUvKDoR+X/7XHQH98xYD8YHZg7ANtz2GtZt/CBq2QJ0thkGJMHfqc1w==",
       "dev": true
     },
     "unbox-primitive": {

src/Misc/expressionFunc/hashFiles/package.json

@@ -10,7 +10,7 @@
     "lint": "eslint src/**/*.ts",
     "pack": "ncc build -o ../../layoutbin/hashFiles",
     "all": "npm run format && npm run lint && npm run build && npm run pack",
-    "prepare": "cd ../../../../ && husky"
+    "prepare": "cd ../../../../ && husky install"
   },
   "repository": {
     "type": "git",
@@ -45,6 +45,6 @@
     "husky": "^9.1.7",
     "lint-staged": "^15.5.0",
     "prettier": "^3.0.3",
-    "typescript": "^5.9.2"
+    "typescript": "^5.2.2"
   }
 }

src/Misc/layoutbin/installdependencies.sh

@@ -131,7 +131,32 @@ then
             command -v dnf
             if [ $? -eq 0 ]
             then
-                dnf install -y lttng-ust openssl-libs krb5-libs zlib libicu
+                dnf_with_fallbacks() {
+                    dnf install -y $1
+                    fail=$?
+                    if [ $fail -eq 0 ]
+                    then
+                        return 0
+                    fi
+                    if [ $fail -ne 0 ]
+                    then
+                        shift
+                        if [ -n "$1" ]
+                        then
+                            dnf_with_fallbacks "$@"
+                        fi
+                    fi
+                }
+
+                dnf_with_fallbacks lttng-ust1 lttng-ust0
+                if [ $? -ne 0 ]
+                then
+                    echo "'dnf' failed with exit code '$?'"
+                    print_errormessage
+                    exit 1
+                fi
+
+                dnf install -y openssl-libs krb5-libs zlib libicu
                 if [ $? -ne 0 ]
                 then
                     echo "'dnf' failed with exit code '$?'"

src/Runner.Common/ConfigurationStore.cs

@@ -53,9 +53,6 @@ namespace GitHub.Runner.Common
         [DataMember(EmitDefaultValue = false)]
         public bool UseV2Flow { get; set; }
 
-        [DataMember(EmitDefaultValue = false)]
-        public bool UseRunnerAdminFlow { get; set; }
-
         [DataMember(EmitDefaultValue = false)]
         public string ServerUrlV2 { get; set; }
 

src/Runner.Common/Constants.cs

@@ -169,7 +169,6 @@ namespace GitHub.Runner.Common
                 public static readonly string AllowRunnerContainerHooks = "DistributedTask.AllowRunnerContainerHooks";
                 public static readonly string AddCheckRunIdToJobContext = "actions_add_check_run_id_to_job_context";
                 public static readonly string DisplayHelpfulActionsDownloadErrors = "actions_display_helpful_actions_download_errors";
-                public static readonly string ContainerActionRunnerTemp = "actions_container_action_runner_temp";
             }
             
             // Node version migration related constants

src/Runner.Listener/Configuration/ConfigurationManager.cs

@@ -153,8 +153,8 @@ namespace GitHub.Runner.Listener.Configuration
                     registerToken = await GetRunnerTokenAsync(command, inputUrl, "registration");
                     GitHubAuthResult authResult = await GetTenantCredential(inputUrl, registerToken, Constants.RunnerEvent.Register);
                     runnerSettings.ServerUrl = authResult.TenantUrl;
-                    runnerSettings.UseRunnerAdminFlow = authResult.UseRunnerAdminFlow;
+                    runnerSettings.UseV2Flow = authResult.UseV2Flow;
-                    Trace.Info($"Using runner-admin flow: {runnerSettings.UseRunnerAdminFlow}");
+                    Trace.Info($"Using V2 flow: {runnerSettings.UseV2Flow}");
                     creds = authResult.ToVssCredentials();
                     Trace.Info("cred retrieved via GitHub auth");
                 }
@@ -211,7 +211,7 @@ namespace GitHub.Runner.Listener.Configuration
             string poolName = null;
             TaskAgentPool agentPool = null;
             List<TaskAgentPool> agentPools;
-            if (runnerSettings.UseRunnerAdminFlow)
+            if (runnerSettings.UseV2Flow)
             {
                 agentPools = await _dotcomServer.GetRunnerGroupsAsync(runnerSettings.GitHubUrl, registerToken);
             }
@@ -259,7 +259,7 @@ namespace GitHub.Runner.Listener.Configuration
                 var userLabels = command.GetLabels();
                 _term.WriteLine();
                 List<TaskAgent> agents;
-                if (runnerSettings.UseRunnerAdminFlow)
+                if (runnerSettings.UseV2Flow)
                 {
                     agents = await _dotcomServer.GetRunnerByNameAsync(runnerSettings.GitHubUrl, registerToken, runnerSettings.AgentName);
                 }
@@ -280,7 +280,7 @@ namespace GitHub.Runner.Listener.Configuration
 
                         try
                         {
-                            if (runnerSettings.UseRunnerAdminFlow)
+                            if (runnerSettings.UseV2Flow)
                             {
                                 var runner = await _dotcomServer.ReplaceRunnerAsync(runnerSettings.PoolId, agent, runnerSettings.GitHubUrl, registerToken, publicKeyXML);
                                 runnerSettings.ServerUrlV2 = runner.RunnerAuthorization.ServerUrl;
@@ -330,7 +330,7 @@ namespace GitHub.Runner.Listener.Configuration
 
                     try
                     {
-                        if (runnerSettings.UseRunnerAdminFlow)
+                        if (runnerSettings.UseV2Flow)
                         {
                             var runner = await _dotcomServer.AddRunnerAsync(runnerSettings.PoolId, agent, runnerSettings.GitHubUrl, registerToken, publicKeyXML);
                             runnerSettings.ServerUrlV2 = runner.RunnerAuthorization.ServerUrl;
@@ -400,26 +400,13 @@ namespace GitHub.Runner.Listener.Configuration
             }
             else
             {
+
                 throw new NotSupportedException("Message queue listen OAuth token.");
             }
 
-            // allow the server to override the serverUrlV2 and useV2Flow
-            if (agent.Properties.TryGetValue("ServerUrlV2", out string serverUrlV2) &&
-                !string.IsNullOrEmpty(serverUrlV2))
-            {
-                Trace.Info($"Service enforced serverUrlV2: {serverUrlV2}");
-                runnerSettings.ServerUrlV2 = serverUrlV2;
-            }
-
-            if (agent.Properties.TryGetValue("UseV2Flow", out bool useV2Flow) && useV2Flow)
-            {
-                Trace.Info($"Service enforced useV2Flow: {useV2Flow}");
-                runnerSettings.UseV2Flow = useV2Flow;
-            }
-
             // Testing agent connection, detect any potential connection issue, like local clock skew that cause OAuth token expired.
 
-            if (!runnerSettings.UseV2Flow && !runnerSettings.UseRunnerAdminFlow)
+            if (!runnerSettings.UseV2Flow)
             {
                 var credMgr = HostContext.GetService<ICredentialManager>();
                 VssCredentials credential = credMgr.LoadCredentials(allowAuthUrlV2: false);
@@ -442,6 +429,20 @@ namespace GitHub.Runner.Listener.Configuration
                 }
             }
 
+            // allow the server to override the serverUrlV2 and useV2Flow
+            if (agent.Properties.TryGetValue("ServerUrlV2", out string serverUrlV2) &&
+                !string.IsNullOrEmpty(serverUrlV2))
+            {
+                Trace.Info($"Service enforced serverUrlV2: {serverUrlV2}");
+                runnerSettings.ServerUrlV2 = serverUrlV2;
+            }
+
+            if (agent.Properties.TryGetValue("UseV2Flow", out bool useV2Flow) && useV2Flow)
+            {
+                Trace.Info($"Service enforced useV2Flow: {useV2Flow}");
+                runnerSettings.UseV2Flow = useV2Flow;
+            }
+
             _term.WriteSection("Runner settings");
 
             // We will Combine() what's stored with root.  Defaults to string a relative path
@@ -537,7 +538,7 @@ namespace GitHub.Runner.Listener.Configuration
                 {
                     RunnerSettings settings = _store.GetSettings();
 
-                    if (settings.UseRunnerAdminFlow)
+                    if (settings.UseV2Flow)
                     {
                         var deletionToken = await GetRunnerTokenAsync(command, settings.GitHubUrl, "remove");
                         await _dotcomServer.DeleteRunnerAsync(settings.GitHubUrl, deletionToken, settings.AgentId);

src/Runner.Listener/Configuration/CredentialManager.cs

@@ -89,7 +89,7 @@ namespace GitHub.Runner.Listener.Configuration
         public string Token { get; set; }
 
         [DataMember(Name = "use_v2_flow")]
-        public bool UseRunnerAdminFlow { get; set; }
+        public bool UseV2Flow { get; set; }
 
         public VssCredentials ToVssCredentials()
         {

src/Runner.Worker/FeatureManager.cs

@@ -11,10 +11,5 @@ namespace GitHub.Runner.Worker
             var isContainerHooksPathSet = !string.IsNullOrEmpty(Environment.GetEnvironmentVariable(Constants.Hooks.ContainerHooksPath));
             return isContainerHookFeatureFlagSet && isContainerHooksPathSet;
         }
-
-        public static bool IsContainerActionRunnerTempEnabled(Variables variables)
-        {
-            return variables?.GetBoolean(Constants.Runner.Features.ContainerActionRunnerTemp) ?? false;
-        }
     }
 }

src/Runner.Worker/Handlers/ContainerActionHandler.cs

@@ -191,19 +191,11 @@ namespace GitHub.Runner.Worker.Handlers
             ArgUtil.Directory(tempWorkflowDirectory, nameof(tempWorkflowDirectory));
 
             container.MountVolumes.Add(new MountVolume("/var/run/docker.sock", "/var/run/docker.sock"));
-            if (FeatureManager.IsContainerActionRunnerTempEnabled(ExecutionContext.Global.Variables))
-            {
-                container.MountVolumes.Add(new MountVolume(tempDirectory, "/github/runner_temp"));
-            }
             container.MountVolumes.Add(new MountVolume(tempHomeDirectory, "/github/home"));
             container.MountVolumes.Add(new MountVolume(tempWorkflowDirectory, "/github/workflow"));
             container.MountVolumes.Add(new MountVolume(tempFileCommandDirectory, "/github/file_commands"));
             container.MountVolumes.Add(new MountVolume(defaultWorkingDirectory, "/github/workspace"));
 
-            if (FeatureManager.IsContainerActionRunnerTempEnabled(ExecutionContext.Global.Variables))
-            {
-                container.AddPathTranslateMapping(tempDirectory, "/github/runner_temp");
-            }
             container.AddPathTranslateMapping(tempHomeDirectory, "/github/home");
             container.AddPathTranslateMapping(tempWorkflowDirectory, "/github/workflow");
             container.AddPathTranslateMapping(tempFileCommandDirectory, "/github/file_commands");