Release 2.274.1

* add `workflow_dispatch`

* Add an environment variable to indicate which repository the currently running Action came from.

* Expose the Action ref as well.

* Move setting `github.action_repository` and `github.action_ref` to `ActionRunner.cs`.

* Don't set `action_repository` and `action_ref` for local Actions.

Co-authored-by: Tingluo Huang <tingluohuang@github.com>

.github/workflows/build.yml

@@ -1,9 +1,10 @@
 name: Runner CI
 
 on:
+  workflow_dispatch:
   push:
     branches:
-    - master
+    - main
     - releases/*
     paths-ignore:
     - '**.md'    

.github/workflows/codeql.yml

@@ -0,0 +1,35 @@
+name: "Code Scanning - Action"
+
+on:
+  push:
+  schedule:
+    - cron: '0 0 * * 0'
+
+jobs:
+  CodeQL-Build:
+
+    strategy:
+      fail-fast: false
+
+
+    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      # Override language selection by uncommenting this and choosing your languages
+      # with:
+      #   languages: go, javascript, csharp, python, cpp, java
+
+    - name: Manual build
+      run : | 
+        ./dev.sh layout Release linux-x64
+      working-directory: src
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/release.yml

@@ -1,13 +1,14 @@
 name: Runner CD
 
 on:
+  workflow_dispatch:
   push:
     paths:
     - releaseVersion
   
 jobs:
   check:
-    if: startsWith(github.ref, 'refs/heads/releases/') || github.ref == 'refs/heads/master'
+    if: startsWith(github.ref, 'refs/heads/releases/') || github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2

README.md

@@ -6,7 +6,7 @@
 
 [![Actions Status](https://github.com/actions/runner/workflows/Runner%20CI/badge.svg)](https://github.com/actions/runner/actions)
 
-The runner is the application that runs a job from a GitHub Actions workflow.  The runner can run on the [hosted machine pools](https://github.com/actions/virtual-environments) or run on [self-hosted environments](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-self-hosted-runners).
+The runner is the application that runs a job from a GitHub Actions workflow. It is used by GitHub Actions in the [hosted virtual environments](https://github.com/actions/virtual-environments), or you can [self-host the runner](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-self-hosted-runners) in your own environment.
 
 ## Get Started
 

docs/adrs/0263-proxy-support.md

@@ -22,7 +22,7 @@ These are described in detail below:
   - http://proxy.com
   - http://127.0.0.1:8080
   - http://user:password@proxy.com
-- `no_proxy` a comma seperated list of hosts that should not use the proxy. An optional port may be specified
+- `no_proxy` a comma separated list of hosts that should not use the proxy. An optional port may be specified
   - `google.com`
   - `yahoo.com:443`
   - `google.com,bing.com`
@@ -31,9 +31,9 @@ We won't use `http_proxy` for https traffic when `https_proxy` is not set, this
 Otherwise action authors and workflow users need to adjust to differences between the runner proxy convention, and tools used by their actions and scripts.  
 
 Example:  
-  Customer set `http_proxy=http://127.0.0.1:8888` and configure the runner against `https://github.com/owner/repo`, with the `https_proxy` -> `http_proxy` fallback, the runner will connect to server without any problem. However, if user runs `git push` to `https://github.com/owner/repo`, `git` won't use the proxy since it require `https_proxy` to be set for any https traffic.
+  Customer set `http_proxy=http://127.0.0.1:8888` and configure the runner against `https://github.com/owner/repo`, with the `https_proxy` -> `http_proxy` fallback, the runner will connect to the server without any problem. However, if a user runs `git push` to `https://github.com/owner/repo`, `git` won't use the proxy since it requires `https_proxy` to be set for any https traffic.
 
-> `golang`, `node.js` and other dev tools from the linux community use `http_proxy` for both http and https traffic base on my research.
+> `golang`, `node.js` and other dev tools from the linux community use `http_proxy` for both http and https traffic based on my research.
 
 A majority of our users are using Linux where these variables are commonly required to be set by various programs. By reading these values, we simplify the process for self hosted runners to set up proxy, and expose it in a way users are already familiar with.
 
@@ -43,7 +43,7 @@ We will support the lowercase and uppercase variants, with lowercase taking prio
 
 ### No Proxy Format
 
-While exact implementations are different per application on handle `no_proxy` env, most applications accept a comma separated list of hosts. Some accept wildcard characters (*). We are going to do exact case-insentive matches, and not support wildcards at this time.
+While exact implementations are different per application on handle `no_proxy` env, most applications accept a comma separated list of hosts. Some accept wildcard characters (*). We are going to do exact case-insensitive matches, and not support wildcards at this time.
 For example:
 - example.com will match example.com, foo.example.com, foo.bar.example.com
 - foo.example.com will match bar.foo.example.com and foo.example.com
@@ -57,5 +57,5 @@ We will not support IP addresses for `no_proxy`, only hostnames.
 3. The runner will read from the environmental variables during config and runtime and use the provided proxy if it exists
 4. Users may need to pass these environmental variables into other applications if they do not natively take these variables
 5. Action authors may need to update their workflows to react to the these environment variables
-6. We will document the way of setting environmental variables for runners using the environmental variables and how the runner uses them
+6. We will document the way of setting environmental variables for runners using the environment variables and how the runner uses them
 7. Like all other secrets, users will be able to relatively easily figure out proxy password if they can modify a workflow file running on a self hosted machine

docs/adrs/0276-problem-matchers.md

@@ -34,7 +34,7 @@ A way out for rare cases where scoping is a problem.
 
 `##[remove-matcher]owner`
 
-For the this to be usable, the `owner` needs to be discoverable. Therefore, debug print the owner on registration.
+For this to be usable, the `owner` needs to be discoverable. Therefore, debug print the owner on registration.
 
 ### Single line matcher
 
@@ -184,7 +184,7 @@ Solving this problem means:
   - Use the `github.workspace` (where the repo is cloned on disk)
 - Match against a repository to determine the relative path within the repo
 
-This is a place where we diverge from VSCode. VSCode task configuration are specific to the local workspace (workspace root is known or can be specified). We're solving a more generic problem, so we need more information - specifically the `fromPath` property - in order to accurately root the path.
+This is a place where we diverge from VSCode. VSCode task configurations are specific to the local workspace (workspace root is known or can be specified). We're solving a more generic problem, so we need more information - specifically the `fromPath` property - in order to accurately root the path.
 
 In order to avoid creating inaccurate hyperlinks on the error issues, the agent will verify the file exists and is in the main repository. Otherwise omit the file property from the error issue and debug trace what happened.
 
@@ -203,7 +203,7 @@ Problem matchers are unable to interpret severity strings other than `warning` a
 
 However some tools indicate error/warning in different ways. For example `flake8` uses codes like `E100`, `W200`, and `F300` (error, warning, fatal, respectively).
 
-Therefore, allow a property `severity`, sibling to `owner`, which identifies the default severity for the problem matcher. This allows two problem matchers are registered - one for warnings and one for errors.
+Therefore, allow a property `severity`, sibling to `owner`, which identifies the default severity for the problem matcher. This allows two problem matchers to be registered - one for warnings and one for errors.
 
 For example, given the following `flake8` output:
 

docs/adrs/0277-run-action-shell-options.md

@@ -84,7 +84,7 @@ powershell/pwsh
 - Users can always opt out by not using the builtins, and providing a shell option like: `pwsh -File {0}`, or `powershell -Command "& '{0}'"`, depending on need
 
 cmd
-- There doesnt seem to be a way to fully opt in to fail-fast behavior other than writing your script to check each error code and respond accordingly, so we cant actually provide that behavior by default, it will be completely up to the user to write this behavior into their script
+- There doesn't seem to be a way to fully opt in to fail-fast behavior other than writing your script to check each error code and respond accordingly, so we can't actually provide that behavior by default, it will be completely up to the user to write this behavior into their script
 - cmd.exe will exit (return the error code to the runner) with the errorlevel of the last program it executed. This is internally consistent with the previous default behavior (sh, pwsh) and is the cmd.exe default, so we keep that behavior
 
 ## Consequences

docs/adrs/0549-composite-run-steps.md

@@ -0,0 +1,378 @@
+# ADR 0549: Composite Run Steps
+
+**Date**: 2020-06-17
+
+**Status**: Accepted
+
+## Context
+
+Customers want to be able to compose actions from actions (ex: https://github.com/actions/runner/issues/438)
+
+An important step towards meeting this goal is to build in functionality for actions where users can simply execute any number of steps. 
+
+### Guiding Principles
+
+We don't want the workflow author to need to know how the internal workings of the action work. Users shouldn't know the internal workings of the composite action (for example, `default.shell` and `default.workingDir` should not be inherited from the workflow file to the action file). When deciding how to design certain parts of composite run steps, we want to think one logical step from the consumer.
+
+A composite action is treated as **one** individual job step (this is known as encapsulation).
+
+## Decision
+
+**In this ADR, we only support running multiple run steps in an Action.** In doing so, we build in support for mapping and flowing the inputs, outputs, and env variables (ex: All nested steps should have access to its parents' input variables and nested steps can overwrite the input variables).
+
+### Composite Run Steps Features
+This feature supports at the top action level:
+- name
+- description
+- inputs
+- runs
+- outputs
+
+This feature supports at the run step level:
+- name
+- id
+- run
+- env
+- shell
+- working-directory
+
+This feature **does not support** at the run step level:
+- timeout-minutes
+- secrets
+- conditionals (needs, if, etc.)
+- continue-on-error
+
+### Steps
+
+Example `workflow.yml`
+
+```yaml
+jobs:
+  build:
+    runs-on: self-hosted
+    steps:
+    - id: step1
+      uses: actions/setup-python@v1
+    - id: step2
+      uses: actions/setup-node@v2
+    - uses: actions/checkout@v2
+    - uses: user/composite@v1
+    - name: workflow step 1
+      run: echo hello world 3
+    - name: workflow step 2
+      run: echo hello world 4
+```
+
+Example `user/composite/action.yml`
+
+```yaml
+runs:
+  using: "composite"
+  steps:
+    - run: pip install -r requirements.txt
+      shell: bash
+    - run: npm install
+      shell: bash
+```
+
+Example Output
+
+```yaml
+[npm installation output]
+[pip requirements output]
+echo hello world 3
+echo hello world 4
+```
+
+We add a token called "composite" which allows our Runner code to process composite actions. By invoking "using: composite", our Runner code then processes the "steps" attribute, converts this template code to a list of steps, and finally runs each run step sequentially. If any step fails and there are no `if` conditions defined, the whole composite action job fails. 
+
+### Defaults
+
+We will not support "defaults" in a composite action. 
+
+### Shell and Working-directory
+
+For each run step in a composite action, the action author can set the `shell` and `working-directory` attributes for that step. The shell attribute is **required** for each run step because the action author does not know what the workflow author is using for the operating system so we need to explicitly prevent unknown behavior by making sure that each run step has an explicit shell **set by the action author.** On the other hand, `working-directory` is optional. Moreover, the composite action author can map in values from the `inputs` for it's `shell` and `working-directory` attributes at the step level for an action. 
+
+For example,
+
+`action.yml`
+
+
+```yaml
+inputs:
+  shell_1:
+    description: 'Your name'
+    default: 'pwsh'
+steps:
+  - run: echo 1
+    shell: ${{ inputs.shell_1 }}
+```
+
+Note, the workflow file and action file are treated as separate entities. **So, the workflow `defaults` will never change the `shell` and `working-directory` value in the run steps in a composite action.** Note, `defaults` in a workflow only apply to run steps not "uses" steps (steps that use an action).
+
+### Running Local Scripts
+
+Example 'workflow.yml':
+```yaml
+jobs:
+  build:
+    runs-on: self-hosted
+    steps:
+    - uses: user/composite@v1
+```
+
+Example `user/composite/action.yml`:
+
+```yaml
+runs:
+  using: "composite"
+  steps: 
+    - run: chmod +x ${{ github.action_path }}/test/script2.sh
+      shell: bash
+    - run: chmod +x $GITHUB_ACTION_PATH/script.sh
+      shell: bash
+    - run: ${{ github.action_path }}/test/script2.sh
+      shell: bash
+    - run: $GITHUB_ACTION_PATH/script.sh
+      shell: bash
+```
+Where `user/composite` has the file structure:
+```
+.
++-- action.yml
++-- script.sh
++-- test
+|   +-- script2.sh
+```
+
+
+Users will be able to run scripts located in their action folder by first prepending the relative path and script name with `$GITHUB_ACTION_PATH` or `github.action_path` which contains the path in which the composite action is downloaded to and where those "files" live. Note, you'll have to use `chmod` before running each script if you do not git check in your script files into your github repo with the executable bit turned on.
+
+### Inputs
+
+Example `workflow.yml`:
+
+```yaml
+steps: 
+  - id: foo
+    uses: user/composite@v1
+    with:
+      your_name: "Octocat"
+```
+
+Example `user/composite/action.yml`:
+
+```yaml
+inputs:
+  your_name:
+    description: 'Your name'
+    default: 'Ethan'
+runs:
+  using: "composite"
+  steps: 
+    - run: echo hello ${{ inputs.your_name }}
+      shell: bash
+```
+
+Example Output:
+
+```
+hello Octocat
+```
+
+Each input variable in the composite action is only viewable in its own scope.
+
+### Outputs
+
+Example `workflow.yml`:
+
+```yaml
+...
+steps: 
+  - id: foo
+    uses: user/composite@v1
+  - run: echo random-number ${{ steps.foo.outputs.random-number }} 
+    shell: bash
+```
+
+Example `user/composite/action.yml`:
+
+```yaml
+outputs:
+  random-number: 
+    description: "Random number"
+    value: ${{ steps.random-number-generator.outputs.random-id }}
+runs:
+  using: "composite"
+  steps: 
+    - id: random-number-generator
+      run: echo "::set-output name=random-id::$(echo $RANDOM)"
+      shell: bash
+```
+
+Example Output:
+
+```
+::set-output name=my-output::43243
+random-number 43243
+```
+
+Each of the output variables from the composite action is viewable from the workflow file that uses the composite action. In other words, every child action output(s) is viewable only by its parent using dot notation (ex `steps.foo.outputs.random-number`).
+
+Moreover, the output ids are only accessible within the scope where it was defined. Note that in the example above, in our `workflow.yml` file, it should not have access to output id (i.e. `random-id`). The reason why we are doing this is because we don't want to require the workflow author to know the internal workings of the composite action.
+
+### Context
+
+Similar to the workflow file, the composite action has access to the [same context objects](https://help.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions#contexts) (ex: `github`, `env`, `strategy`). 
+
+### Environment
+
+In the Composite Action, you'll only be able to use `::set-env::` to set environment variables just like you could with other actions.
+
+### Secrets
+
+**We will not support "Secrets" in a composite action for now. This functionality will be focused on in a future ADR.**
+
+We'll pass the secrets from the composite action's parents (ex: the workflow file) to the composite action. Secrets can be created in the composite action with the secrets context. In the actions yaml, we'll automatically mask the secret. 
+
+
+### If Condition
+
+** If and needs conditions will not be supported in the composite run steps feature. It will be supported later on in a new feature. **
+
+Old reasoning:
+
+Example `workflow.yml`:
+
+```yaml
+steps:
+  - run: exit 1
+  - uses: user/composite@v1  # <--- this will run, as it's marked as always runing
+    if: always()
+```
+
+Example `user/composite/action.yml`:
+
+```yaml
+runs:
+  using: "composite"
+  steps:
+    - run: echo "just succeeding"
+      shell: bash
+    - run: echo "I will run, as my current scope is succeeding"
+      shell: bash
+      if: success()
+    - run: exit 1
+      shell: bash
+    - run: echo "I will not run, as my current scope is now failing"
+      shell: bash
+```
+
+**We will not support "if Condition" in a composite action for now. This functionality will be focused on in a future ADR.**
+
+See the paragraph below for a rudimentary approach (thank you to @cybojenix for the idea, example, and explanation for this approach):
+
+The `if` statement in the parent (in the example above, this is the `workflow.yml`) shows whether or not we should run the composite action. So, our composite action will run since the `if` condition for running the composite action is `always()`.
+
+**Note that the if condition on the parent does not propagate to the rest of its children though.**
+
+In the child action (in this example, this is the `action.yml`), it starts with a clean slate (in other words, no imposing if conditions). Similar to the logic in the paragraph above, `echo "I will run, as my current scope is succeeding"` will run since the `if` condition checks if the previous steps **within this composite action** has not failed. `run: echo "I will not run, as my current scope is now failing"` will not run since the previous step resulted in an error and by default, the if expression is set to `success()` if the if condition is not set for a step.
+
+
+What if a step has `cancelled()`? We do the opposite of our approach above if `cancelled()` is used for any of our composite run steps. We will cancel any step that has this condition if the workflow is cancelled at all.
+    
+### Timeout-minutes
+
+Example `workflow.yml`:
+
+```yaml
+steps: 
+  - id: bar
+    uses: user/test@v1
+    timeout-minutes: 50
+```
+
+Example `user/composite/action.yml`:
+
+```yaml
+runs:
+  using: "composite"
+  steps: 
+    - id: foo1
+      run: echo test 1
+      timeout-minutes: 10
+      shell: bash
+    - id: foo2
+      run: echo test 2
+      shell: bash
+    - id: foo3
+      run: echo test 3
+      timeout-minutes: 10
+      shell: bash
+```
+
+**We will not support "timeout-minutes" in a composite action for now. This functionality will be focused on in a future ADR.**
+
+A composite action in its entirety is a job. You can set both timeout-minutes for the whole composite action or its steps as long as the the sum of the `timeout-minutes` for each composite action step that has the attribute `timeout-minutes` is less than or equals to `timeout-minutes` for the composite action. There is no default timeout-minutes for each composite action step. 
+
+If the time taken for any of the steps in combination or individually exceed the whole composite action `timeout-minutes` attribute, the whole job will fail (1). If an individual step exceeds its own `timeout-minutes` attribute but the total time that has been used including this step is below the overall composite action `timeout-minutes`, the individual step will fail but the rest of the steps will run based on their own `timeout-minutes` attribute (they will still abide by condition (1) though).
+
+For reference, in the example above, if the composite step `foo1` takes 11 minutes to run, that step will fail but the rest of the steps, `foo1` and `foo2`, will proceed as long as their total runtime with the previous failed `foo1` action is less than the composite action's `timeout-minutes` (50 minutes). If the composite step `foo2` takes 51 minutes to run, it will cause the whole composite action job to fail. I
+
+The rationale behind this is that users can configure their steps with the `if` condition to conditionally set how steps rely on each other. Due to the additional capabilities that are offered with combining `timeout-minutes` and/or `if`, we wanted the `timeout-minutes` condition to be as dumb as possible and not effect other steps. 
+
+[Usage limits still apply](https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions?query=if%28%29#usage-limits)
+
+
+### Continue-on-error
+
+Example `workflow.yml`:
+
+```yaml
+steps: 
+  - run: exit 1
+  - id: bar
+    uses: user/test@v1
+    continue-on-error: false
+  - id: foo
+    run: echo "Hello World" <------- This step will not run
+```
+
+Example `user/composite/action.yml`:
+
+```yaml
+runs:
+  using: "composite"
+  steps: 
+    - run: exit 1
+      continue-on-error: true
+      shell: bash
+    - run: echo "Hello World 2" <----- This step will run
+      shell: bash
+```
+
+**We will not support "continue-on-error" in a composite action for now. This functionality will be focused on in a future ADR.**
+
+If any of the steps fail in the composite action and the `continue-on-error` is set to `false` for the whole composite action step in the workflow file, then the steps below it will run. On the flip side, if `continue-on-error` is set to `true` for the whole composite action step in the workflow file, the next job step will run.
+
+For the composite action steps, it follows the same logic as above. In this example, `"Hello World 2"` will be outputted because the previous step has `continue-on-error` set to `true` although that previous step errored. 
+
+### Visualizing Composite Action in the GitHub Actions UI
+We want all the composite action's steps to be condensed into the original composite action node. 
+
+Here is a visual represenation of the [first example](#Steps)
+
+```yaml
+| composite_action_node |
+    | echo hello world 1 | 
+    | echo hello world 2 |
+| echo hello world 3 | 
+| echo hello world 4 |
+
+```
+
+
+## Consequences
+
+This ADR lays the framework for eventually supporting nested Composite Actions within Composite Actions. This ADR allows for users to run multiple run steps within a GitHub Composite Action with the support of inputs, outputs, environment, and context for use in any steps as well as the if, timeout-minutes, and the continue-on-error attributes for each Composite Action step. 

docs/automate.md

@@ -0,0 +1,57 @@
+# Automate Configuring Self-Hosted Runners
+
+
+## Export PAT
+
+Before running any of these sample scripts, create a GitHub PAT and export it before running the script
+
+```bash
+export RUNNER_CFG_PAT=yourPAT
+```
+
+## Create running as a service
+
+**Scenario**: Run on a machine or VM (not container) which automates:
+
+ - Resolving latest released runner
+ - Download and extract latest
+ - Acquire a registration token
+ - Configure the runner
+ - Run as a systemd (linux) or Launchd (osx) service
+
+:point_right: [Sample script here](../scripts/create-latest-svc.sh) :point_left:
+
+Run as a one-liner. NOTE: replace with yourorg/yourrepo (repo level) or just yourorg (org level) 
+```bash
+curl -s https://raw.githubusercontent.com/actions/runner/automate/scripts/create-latest-svc.sh | bash -s yourorg/yourrepo
+```
+
+## Uninstall running as service 
+
+**Scenario**: Run on a machine or VM (not container) which automates:
+
+ - Stops and uninstalls the systemd (linux) or Launchd (osx) service
+ - Acquires a removal token
+ - Removes the runner
+
+:point_right: [Sample script here](../scripts/remove-svc.sh) :point_left:
+
+Repo level one liner.  NOTE: replace with yourorg/yourrepo (repo level) or just yourorg (org level) 
+```bash
+curl -s https://raw.githubusercontent.com/actions/runner/automate/scripts/remove-svc.sh | bash -s yourorg/yourrepo
+```
+
+### Delete an offline runner
+
+**Scenario**: Deletes a registered runner that is offline:
+
+ - Ensures the runner is offline
+ - Resolves id from name
+ - Deletes the runner
+
+:point_right: [Sample script here](../scripts/delete.sh) :point_left:
+
+Repo level one-liner.  NOTE: replace with yourorg/yourrepo (repo level) or just yourorg (org level) and replace runnername
+```bash
+curl -s https://raw.githubusercontent.com/actions/runner/automate/scripts/delete.sh | bash -s yourorg/yourrepo runnername
+```

docs/contribute.md

@@ -14,7 +14,7 @@ Issues in this repository should be for the runner application.  Note that the V
 
 We ask that before significant effort is put into code changes, that we have agreement on taking the change before time is invested in code changes. 
 
-1. Create a feature request.  Once agreed we will take the enhancment
+1. Create a feature request.  Once agreed we will take the enhancement
 2. Create an ADR to agree on the details of the change.
 
 An ADR is an Architectural Decision Record.  This allows consensus on the direction forward and also serves as a record of the change and motivation.  [Read more here](adrs/README.md)
@@ -23,7 +23,7 @@ An ADR is an Architectural Decision Record.  This allows consensus on the direct
 
 ### Required Dev Dependencies
 
-![Win](res/win_sm.png) Git for Windows [Install Here](https://git-scm.com/downloads) (needed for dev sh script)
+![Win](res/win_sm.png) ![*nix](res/linux_sm.png)  Git for Windows and Linux [Install Here](https://git-scm.com/downloads) (needed for dev sh script)
 
 ### To Build, Test, Layout 
 
@@ -43,6 +43,7 @@ Sample developer flow:
 
 ```bash
 git clone https://github.com/actions/runner
+cd runner
 cd ./src
 ./dev.(sh/cmd) layout # the runner that built from source is in {root}/_layout
 <make code changes>
@@ -50,10 +51,23 @@ cd ./src
 ./dev.(sh/cmd) test # run all unit tests before git commit/push
 ```
 
+View logs:
+```bash
+cd runner/_layout/_diag
+ls
+cat (Runner/Worker)_TIMESTAMP.log # view your log file
+```
+
+Run Runner:
+```bash
+cd runner/_layout
+./run.sh # run your custom runner
+```
+
 ### Editors
 
 [Using Visual Studio Code](https://code.visualstudio.com/)
-[Using Visual Studio 2019](https://www.visualstudio.com/vs/)  
+[Using Visual Studio](https://code.visualstudio.com/docs)  
 
 ### Styling
 

docs/start/envlinux.md

@@ -40,7 +40,7 @@ Debian based OS (Debian, Ubuntu, Linux Mint)
 - libssl1.1, libssl1.0.2 or libssl1.0.0
 - libicu63, libicu60, libicu57 or libicu55
 
-Fedora based OS (Fedora, Redhat, Centos, Oracle Linux 7)
+Fedora based OS (Fedora, Red Hat Enterprise Linux, CentOS, Oracle Linux 7)
 
 - lttng-ust 
 - openssl-libs 

releaseNote.md

@@ -1,20 +1,22 @@
 ## Features
-  - Runner support for GHES Alpha (#381 #386 #390 #393 $401) 
-  - Allow secrets context in Container.env (#388)
-## Bugs
-  - Raise warning when volume mount root. (#413)
-  - Fix typo (#394)
-## Misc
   - N/A
 
+## Bugs
+  - N/A
+
+## Misc
+  - Add deprecation date to add-path and set-env runner commands (#796)
+
 ## Windows x64
-We recommend configuring the runner in a root folder of the Windows drive (e.g. "C:\actions-runner"). This will help avoid issues related to service identity folder permissions and long file path restrictions on Windows
-``` 
-// Create a folder under the drive root
+We recommend configuring the runner in a root folder of the Windows drive (e.g. "C:\actions-runner"). This will help avoid issues related to service identity folder permissions and long file path restrictions on Windows.
+
+The following snipped needs to be run on `powershell`:
+``` powershell
+# Create a folder under the drive root
 mkdir \actions-runner ; cd \actions-runner
-// Download the latest runner package
+# Download the latest runner package
 Invoke-WebRequest -Uri https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-win-x64-<RUNNER_VERSION>.zip -OutFile actions-runner-win-x64-<RUNNER_VERSION>.zip
-// Extract the installer
+# Extract the installer
 Add-Type -AssemblyName System.IO.Compression.FileSystem ; 
 [System.IO.Compression.ZipFile]::ExtractToDirectory("$PWD\actions-runner-win-x64-<RUNNER_VERSION>.zip", "$PWD")
 ```
@@ -22,44 +24,44 @@ Add-Type -AssemblyName System.IO.Compression.FileSystem ;
 ## OSX
 
 ``` bash
-// Create a folder
+# Create a folder
 mkdir actions-runner && cd actions-runner
-// Download the latest runner package
+# Download the latest runner package
 curl -O -L https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-osx-x64-<RUNNER_VERSION>.tar.gz
-// Extract the installer
+# Extract the installer
 tar xzf ./actions-runner-osx-x64-<RUNNER_VERSION>.tar.gz
 ```
 
 ## Linux x64
 
 ``` bash
-// Create a folder
+# Create a folder
 mkdir actions-runner && cd actions-runner
-// Download the latest runner package
+# Download the latest runner package
 curl -O -L https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-linux-x64-<RUNNER_VERSION>.tar.gz
-// Extract the installer
+# Extract the installer
 tar xzf ./actions-runner-linux-x64-<RUNNER_VERSION>.tar.gz
 ```
 
 ## Linux arm64 (Pre-release)
 
 ``` bash
-// Create a folder
+# Create a folder
 mkdir actions-runner && cd actions-runner
-// Download the latest runner package
+# Download the latest runner package
 curl -O -L https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-linux-arm64-<RUNNER_VERSION>.tar.gz
-// Extract the installer
+# Extract the installer
 tar xzf ./actions-runner-linux-arm64-<RUNNER_VERSION>.tar.gz
 ```
 
 ## Linux arm (Pre-release)
 
 ``` bash
-// Create a folder
+# Create a folder
 mkdir actions-runner && cd actions-runner
-// Download the latest runner package
+# Download the latest runner package
 curl -O -L https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-linux-arm-<RUNNER_VERSION>.tar.gz
-// Extract the installer
+# Extract the installer
 tar xzf ./actions-runner-linux-arm-<RUNNER_VERSION>.tar.gz
 ```
 

releaseVersion

@@ -1 +1 @@
-2.168.0
+2.274.1

scripts/README.md

@@ -0,0 +1,4 @@
+# Sample scripts for self-hosted runners
+
+Here are some examples to work from if you'd like to automate your use of self-hosted runners.
+See the docs [here](../docs/automate.md).

scripts/create-latest-svc.sh

@@ -0,0 +1,147 @@
+#/bin/bash
+
+set -e
+
+#
+# Downloads latest releases (not pre-release) runner
+# Configures as a service
+#
+# Examples:
+# RUNNER_CFG_PAT=<yourPAT> ./create-latest-svc.sh myuser/myrepo my.ghe.deployment.net
+# RUNNER_CFG_PAT=<yourPAT> ./create-latest-svc.sh myorg my.ghe.deployment.net
+#
+# Usage:
+#     export RUNNER_CFG_PAT=<yourPAT>
+#     ./create-latest-svc scope [ghe_domain] [name] [user]
+#
+#      scope       required  repo (:owner/:repo) or org (:organization)
+#      ghe_domain  optional  the fully qualified domain name of your GitHub Enterprise Server deployment
+#      name        optional  defaults to hostname
+#      user        optional  user svc will run as. defaults to current
+#
+# Notes:
+# PATS over envvars are more secure
+# Should be used on VMs and not containers
+# Works on OSX and Linux
+# Assumes x64 arch
+#
+
+runner_scope=${1}
+ghe_hostname=${2}
+runner_name=${3:-$(hostname)}
+svc_user=${4:-$USER}
+
+echo "Configuring runner @ ${runner_scope}"
+sudo echo
+
+#---------------------------------------
+# Validate Environment
+#---------------------------------------
+runner_plat=linux
+[ ! -z "$(which sw_vers)" ] && runner_plat=osx;
+
+function fatal()
+{
+   echo "error: $1" >&2
+   exit 1
+}
+
+if [ -z "${runner_scope}" ]; then fatal "supply scope as argument 1"; fi
+if [ -z "${RUNNER_CFG_PAT}" ]; then fatal "RUNNER_CFG_PAT must be set before calling"; fi
+
+which curl || fatal "curl required.  Please install in PATH with apt-get, brew, etc"
+which jq || fatal "jq required.  Please install in PATH with apt-get, brew, etc"
+
+# bail early if there's already a runner there. also sudo early
+if [ -d ./runner ]; then
+    fatal "Runner already exists.  Use a different directory or delete ./runner"
+fi
+
+sudo -u ${svc_user} mkdir runner
+
+# TODO: validate not in a container
+# TODO: validate systemd or osx svc installer
+
+#--------------------------------------
+# Get a config token
+#--------------------------------------
+echo
+echo "Generating a registration token..."
+
+base_api_url="https://api.github.com"
+if [ -n "${ghe_hostname}" ]; then
+    base_api_url="https://${ghe_hostname}/api/v3"
+fi
+
+# if the scope has a slash, it's a repo runner
+orgs_or_repos="orgs"
+if [[ "$runner_scope" == *\/* ]]; then
+    orgs_or_repos="repos"
+fi
+
+export RUNNER_TOKEN=$(curl -s -X POST ${base_api_url}/${orgs_or_repos}/${runner_scope}/actions/runners/registration-token -H "accept: application/vnd.github.everest-preview+json" -H "authorization: token ${RUNNER_CFG_PAT}" | jq -r '.token')
+
+if [ "null" == "$RUNNER_TOKEN" -o -z "$RUNNER_TOKEN" ]; then fatal "Failed to get a token"; fi
+
+#---------------------------------------
+# Download latest released and extract
+#---------------------------------------
+echo
+echo "Downloading latest runner ..."
+
+# For the GHES Alpha, download the runner from github.com
+latest_version_label=$(curl -s -X GET 'https://api.github.com/repos/actions/runner/releases/latest' | jq -r '.tag_name')
+latest_version=$(echo ${latest_version_label:1})
+runner_file="actions-runner-${runner_plat}-x64-${latest_version}.tar.gz"
+
+if [ -f "${runner_file}" ]; then
+    echo "${runner_file} exists. skipping download."
+else
+    runner_url="https://github.com/actions/runner/releases/download/${latest_version_label}/${runner_file}"
+
+    echo "Downloading ${latest_version_label} for ${runner_plat} ..."
+    echo $runner_url
+
+    curl -O -L ${runner_url}
+fi
+
+ls -la *.tar.gz
+
+#---------------------------------------------------
+# extract to runner directory in this directory
+#---------------------------------------------------
+echo
+echo "Extracting ${runner_file} to ./runner"
+
+tar xzf "./${runner_file}" -C runner
+
+# export of pass
+sudo chown -R $svc_user ./runner
+
+pushd ./runner
+
+#---------------------------------------
+# Unattend config
+#---------------------------------------
+runner_url="https://github.com/${runner_scope}"
+if [ -n "${ghe_hostname}" ]; then
+    runner_url="https://${ghe_hostname}/${runner_scope}"
+fi
+
+echo
+echo "Configuring ${runner_name} @ $runner_url"
+echo "./config.sh --unattended --url $runner_url --token *** --name $runner_name"
+sudo -E -u ${svc_user} ./config.sh --unattended --url $runner_url --token $RUNNER_TOKEN --name $runner_name
+
+#---------------------------------------
+# Configuring as a service
+#---------------------------------------
+echo
+echo "Configuring as a service ..."
+prefix=""
+if [ "${runner_plat}" == "linux" ]; then
+prefix="sudo "
+fi
+
+${prefix}./svc.sh install ${svc_user}
+${prefix}./svc.sh start

scripts/delete.sh

@@ -0,0 +1,83 @@
+#/bin/bash
+
+set -e
+
+#
+# Force deletes a runner from the service
+# The caller should have already ensured the runner is gone and/or stopped
+#
+# Examples:
+# RUNNER_CFG_PAT=<yourPAT> ./delete.sh myuser/myrepo myname
+# RUNNER_CFG_PAT=<yourPAT> ./delete.sh myorg
+#
+# Usage:
+#     export RUNNER_CFG_PAT=<yourPAT>
+#     ./delete.sh scope name
+#
+#      scope required  repo (:owner/:repo) or org (:organization)
+#      name  optional  defaults to hostname.  name to delete
+# 
+# Notes:
+# PATS over envvars are more secure
+# Works on OSX and Linux 
+# Assumes x64 arch
+#
+
+runner_scope=${1}
+runner_name=${2}
+
+echo "Deleting runner ${runner_name} @ ${runner_scope}"
+
+function fatal()
+{
+   echo "error: $1" >&2
+   exit 1
+}
+
+if [ -z "${runner_scope}" ]; then fatal "supply scope as argument 1"; fi
+if [ -z "${runner_name}" ]; then fatal "supply name as argument 2"; fi
+if [ -z "${RUNNER_CFG_PAT}" ]; then fatal "RUNNER_CFG_PAT must be set before calling"; fi
+
+which curl || fatal "curl required.  Please install in PATH with apt-get, brew, etc"
+which jq || fatal "jq required.  Please install in PATH with apt-get, brew, etc"
+
+base_api_url="https://api.github.com/orgs"
+if [[ "$runner_scope" == *\/* ]]; then
+    base_api_url="https://api.github.com/repos"
+fi
+
+
+#--------------------------------------
+# Ensure offline
+#--------------------------------------
+runner_status=$(curl -s -X GET ${base_api_url}/${runner_scope}/actions/runners?per_page=100  -H "accept: application/vnd.github.everest-preview+json" -H "authorization: token ${RUNNER_CFG_PAT}" \
+        | jq -M -j ".runners | .[] | [select(.name == \"${runner_name}\")] | .[0].status")
+
+if [ -z "${runner_status}" ]; then 
+    fatal "Could not find runner with name ${runner_name}"
+fi
+
+echo "Status: ${runner_status}"
+
+if [ "${runner_status}" != "offline" ]; then 
+    fatal "Runner should be offline before removing"
+fi
+
+#--------------------------------------
+# Get id of runner to remove
+#--------------------------------------
+runner_id=$(curl -s -X GET ${base_api_url}/${runner_scope}/actions/runners?per_page=100  -H "accept: application/vnd.github.everest-preview+json" -H "authorization: token ${RUNNER_CFG_PAT}" \
+        | jq -M -j ".runners | .[] | [select(.name == \"${runner_name}\")] | .[0].id")
+
+if [ -z "${runner_id}" ]; then 
+    fatal "Could not find runner with name ${runner_name}"
+fi 
+
+echo "Removing id ${runner_id}"
+
+#--------------------------------------
+# Remove the runner
+#--------------------------------------
+curl -s -X DELETE ${base_api_url}/${runner_scope}/actions/runners/${runner_id} -H "authorization: token ${RUNNER_CFG_PAT}"
+
+echo "Done."

scripts/remove-svc.sh

@@ -0,0 +1,76 @@
+#/bin/bash
+
+set -e
+
+#
+# Removes a runner running as a service
+# Must be run on the machine where the service is run
+#
+# Examples:
+# RUNNER_CFG_PAT=<yourPAT> ./remove-svc.sh myuser/myrepo
+# RUNNER_CFG_PAT=<yourPAT> ./remove-svc.sh myorg
+#
+# Usage:
+#     export RUNNER_CFG_PAT=<yourPAT>
+#     ./remove-svc scope name
+#
+#      scope required  repo (:owner/:repo) or org (:organization)
+#      name  optional  defaults to hostname.  name to uninstall and remove
+# 
+# Notes:
+# PATS over envvars are more secure
+# Should be used on VMs and not containers
+# Works on OSX and Linux 
+# Assumes x64 arch
+#
+
+runner_scope=${1}
+runner_name=${2:-$(hostname)}
+
+echo "Uninstalling runner ${runner_name} @ ${runner_scope}"
+sudo echo
+
+function fatal()
+{
+   echo "error: $1" >&2
+   exit 1
+}
+
+if [ -z "${runner_scope}" ]; then fatal "supply scope as argument 1"; fi
+if [ -z "${RUNNER_CFG_PAT}" ]; then fatal "RUNNER_CFG_PAT must be set before calling"; fi
+
+which curl || fatal "curl required.  Please install in PATH with apt-get, brew, etc"
+which jq || fatal "jq required.  Please install in PATH with apt-get, brew, etc"
+
+runner_plat=linux
+[ ! -z "$(which sw_vers)" ] && runner_plat=osx;
+
+#--------------------------------------
+# Get a remove token
+#--------------------------------------
+echo
+echo "Generating a removal token..."
+
+# if the scope has a slash, it's an repo runner
+base_api_url="https://api.github.com/orgs"
+if [[ "$runner_scope" == *\/* ]]; then
+    base_api_url="https://api.github.com/repos"
+fi
+
+export REMOVE_TOKEN=$(curl -s -X POST ${base_api_url}/${runner_scope}/actions/runners/remove-token -H "accept: application/vnd.github.everest-preview+json" -H "authorization: token ${RUNNER_CFG_PAT}" | jq -r '.token')
+
+if [ -z "$REMOVE_TOKEN" ]; then fatal "Failed to get a token"; fi 
+
+#---------------------------------------
+# Stop and uninstall the service
+#---------------------------------------
+echo
+echo "Uninstall the service ..."
+pushd ./runner
+prefix=""
+if [ "${runner_plat}" == "linux" ]; then 
+    prefix="sudo "
+fi 
+${prefix}./svc.sh stop
+${prefix}./svc.sh uninstall
+${prefix}./config.sh remove --token $REMOVE_TOKEN

src/.editorconfig

@@ -0,0 +1,10 @@
+[*.cs]
+charset = utf-8
+insert_final_newline = true
+
+csharp_new_line_before_else = true
+csharp_new_line_before_catch = true
+csharp_new_line_before_finally = true
+csharp_new_line_before_open_brace = all
+
+csharp_space_after_keywords_in_control_flow_statements = true

src/ActionsRunner.sln

@@ -1,4 +1,4 @@
-
+
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 16
 VisualStudioVersion = 16.0.29411.138
@@ -21,6 +21,11 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Sdk", "Sdk\Sdk.csproj", "{D
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Test", "Test\Test.csproj", "{C932061F-F6A1-4F1E-B854-A6C6B30DC3EF}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{EFB254FC-7927-445E-BA64-6676ADB309E9}"
+	ProjectSection(SolutionItems) = preProject
+		.editorconfig = .editorconfig
+	EndProjectSection
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU

src/Misc/dotnet-install.ps1

@@ -69,6 +69,8 @@
 .PARAMETER ProxyUseDefaultCredentials
     Default: false
     Use default credentials, when using proxy address.
+.PARAMETER ProxyBypassList
+    If set with ProxyAddress, will provide the list of comma separated urls that will bypass the proxy
 .PARAMETER SkipNonVersionedFiles
     Default: false
     Skips installing non-versioned files if they already exist, such as dotnet.exe.
@@ -96,6 +98,7 @@ param(
    [string]$FeedCredential,
    [string]$ProxyAddress,
    [switch]$ProxyUseDefaultCredentials,
+   [string[]]$ProxyBypassList=@(),
    [switch]$SkipNonVersionedFiles,
    [switch]$NoCdn
 )
@@ -119,12 +122,28 @@ $VersionRegEx="/\d+\.\d+[^/]+/"
 $OverrideNonVersionedFiles = !$SkipNonVersionedFiles
 
 function Say($str) {
+    try
+    {
         Write-Host "dotnet-install: $str"
     }
+    catch
+    {
+        # Some platforms cannot utilize Write-Host (Azure Functions, for instance). Fall back to Write-Output
+        Write-Output "dotnet-install: $str"
+    }
+}
 
 function Say-Verbose($str) {
+    try
+    {
         Write-Verbose "dotnet-install: $str"
     }
+    catch
+    {
+        # Some platforms cannot utilize Write-Verbose (Azure Functions, for instance). Fall back to Write-Output
+        Write-Output "dotnet-install: $str"
+    }
+}
 
 function Say-Invocation($Invocation) {
     $command = $Invocation.MyCommand;
@@ -154,7 +173,16 @@ function Invoke-With-Retry([ScriptBlock]$ScriptBlock, [int]$MaxAttempts = 3, [in
 function Get-Machine-Architecture() {
     Say-Invocation $MyInvocation
 
-    # possible values: amd64, x64, x86, arm64, arm
+    # On PS x86, PROCESSOR_ARCHITECTURE reports x86 even on x64 systems.
+    # To get the correct architecture, we need to use PROCESSOR_ARCHITEW6432.
+    # PS x64 doesn't define this, so we fall back to PROCESSOR_ARCHITECTURE.
+    # Possible values: amd64, x64, x86, arm64, arm
+
+    if( $ENV:PROCESSOR_ARCHITEW6432 -ne $null )
+    {    
+        return $ENV:PROCESSOR_ARCHITEW6432
+    }
+
     return $ENV:PROCESSOR_ARCHITECTURE
 }
 
@@ -167,7 +195,7 @@ function Get-CLIArchitecture-From-Architecture([string]$Architecture) {
         { $_ -eq "x86" } { return "x86" }
         { $_ -eq "arm" } { return "arm" }
         { $_ -eq "arm64" } { return "arm64" }
-        default { throw "Architecture not supported. If you think this is a bug, report it at https://github.com/dotnet/sdk/issues" }
+        default { throw "Architecture '$Architecture' not supported. If you think this is a bug, report it at https://github.com/dotnet/install-scripts/issues" }
     }
 }
 
@@ -228,7 +256,11 @@ function GetHTTPResponse([Uri] $Uri)
 
             if($ProxyAddress) {
                 $HttpClientHandler = New-Object System.Net.Http.HttpClientHandler
-                $HttpClientHandler.Proxy =  New-Object System.Net.WebProxy -Property @{Address=$ProxyAddress;UseDefaultCredentials=$ProxyUseDefaultCredentials}
+                $HttpClientHandler.Proxy =  New-Object System.Net.WebProxy -Property @{
+                    Address=$ProxyAddress;
+                    UseDefaultCredentials=$ProxyUseDefaultCredentials;
+                    BypassList = $ProxyBypassList;
+                }
                 $HttpClient = New-Object System.Net.Http.HttpClient -ArgumentList $HttpClientHandler
             }
             else {
@@ -363,17 +395,20 @@ function Get-Specific-Version-From-Version([string]$AzureFeed, [string]$Channel,
 function Get-Download-Link([string]$AzureFeed, [string]$SpecificVersion, [string]$CLIArchitecture) {
     Say-Invocation $MyInvocation
 
+    # If anything fails in this lookup it will default to $SpecificVersion
+    $SpecificProductVersion = Get-Product-Version -AzureFeed $AzureFeed -SpecificVersion $SpecificVersion
+
     if ($Runtime -eq "dotnet") {
-        $PayloadURL = "$AzureFeed/Runtime/$SpecificVersion/dotnet-runtime-$SpecificVersion-win-$CLIArchitecture.zip"
+        $PayloadURL = "$AzureFeed/Runtime/$SpecificVersion/dotnet-runtime-$SpecificProductVersion-win-$CLIArchitecture.zip"
     }
     elseif ($Runtime -eq "aspnetcore") {
-        $PayloadURL = "$AzureFeed/aspnetcore/Runtime/$SpecificVersion/aspnetcore-runtime-$SpecificVersion-win-$CLIArchitecture.zip"
+        $PayloadURL = "$AzureFeed/aspnetcore/Runtime/$SpecificVersion/aspnetcore-runtime-$SpecificProductVersion-win-$CLIArchitecture.zip"
     }
     elseif ($Runtime -eq "windowsdesktop") {
-        $PayloadURL = "$AzureFeed/Runtime/$SpecificVersion/windowsdesktop-runtime-$SpecificVersion-win-$CLIArchitecture.zip"
+        $PayloadURL = "$AzureFeed/Runtime/$SpecificVersion/windowsdesktop-runtime-$SpecificProductVersion-win-$CLIArchitecture.zip"
     }
     elseif (-not $Runtime) {
-        $PayloadURL = "$AzureFeed/Sdk/$SpecificVersion/dotnet-sdk-$SpecificVersion-win-$CLIArchitecture.zip"
+        $PayloadURL = "$AzureFeed/Sdk/$SpecificVersion/dotnet-sdk-$SpecificProductVersion-win-$CLIArchitecture.zip"
     }
     else {
         throw "Invalid value for `$Runtime"
@@ -381,7 +416,7 @@ function Get-Download-Link([string]$AzureFeed, [string]$SpecificVersion, [string
 
     Say-Verbose "Constructed primary named payload URL: $PayloadURL"
 
-    return $PayloadURL
+    return $PayloadURL, $SpecificProductVersion
 }
 
 function Get-LegacyDownload-Link([string]$AzureFeed, [string]$SpecificVersion, [string]$CLIArchitecture) {
@@ -402,6 +437,51 @@ function Get-LegacyDownload-Link([string]$AzureFeed, [string]$SpecificVersion, [
     return $PayloadURL
 }
 
+function Get-Product-Version([string]$AzureFeed, [string]$SpecificVersion) {
+    Say-Invocation $MyInvocation
+
+    if ($Runtime -eq "dotnet") {
+        $ProductVersionTxtURL = "$AzureFeed/Runtime/$SpecificVersion/productVersion.txt"
+    }
+    elseif ($Runtime -eq "aspnetcore") {
+        $ProductVersionTxtURL = "$AzureFeed/aspnetcore/Runtime/$SpecificVersion/productVersion.txt"
+    }
+    elseif ($Runtime -eq "windowsdesktop") {
+        $ProductVersionTxtURL = "$AzureFeed/Runtime/$SpecificVersion/productVersion.txt"
+    }
+    elseif (-not $Runtime) {
+        $ProductVersionTxtURL = "$AzureFeed/Sdk/$SpecificVersion/productVersion.txt"
+    }
+    else {
+        throw "Invalid value '$Runtime' specified for `$Runtime"
+    }
+
+    Say-Verbose "Checking for existence of $ProductVersionTxtURL"
+
+    try {
+        $productVersionResponse = GetHTTPResponse($productVersionTxtUrl)
+
+        if ($productVersionResponse.StatusCode -eq 200) {
+            $productVersion = $productVersionResponse.Content.ReadAsStringAsync().Result.Trim()
+            if ($productVersion -ne $SpecificVersion)
+            {
+                Say "Using alternate version $productVersion found in $ProductVersionTxtURL"
+            }
+
+            return $productVersion
+        }
+        else {
+            Say-Verbose "Got StatusCode $($productVersionResponse.StatusCode) trying to get productVersion.txt at $productVersionTxtUrl, so using default value of $SpecificVersion"
+            $productVersion = $SpecificVersion
+        }
+    } catch {
+        Say-Verbose "Could not read productVersion.txt at $productVersionTxtUrl, so using default value of $SpecificVersion (Exception: '$($_.Exception.Message)' )"
+        $productVersion = $SpecificVersion
+    }
+
+    return $productVersion
+}
+
 function Get-User-Share-Path() {
     Say-Invocation $MyInvocation
 
@@ -557,7 +637,7 @@ function Prepend-Sdk-InstallRoot-To-Path([string]$InstallRoot, [string]$BinFolde
 
 $CLIArchitecture = Get-CLIArchitecture-From-Architecture $Architecture
 $SpecificVersion = Get-Specific-Version-From-Version -AzureFeed $AzureFeed -Channel $Channel -Version $Version -JSonFile $JSonFile
-$DownloadLink = Get-Download-Link -AzureFeed $AzureFeed -SpecificVersion $SpecificVersion -CLIArchitecture $CLIArchitecture
+$DownloadLink, $EffectiveVersion = Get-Download-Link -AzureFeed $AzureFeed -SpecificVersion $SpecificVersion -CLIArchitecture $CLIArchitecture
 $LegacyDownloadLink = Get-LegacyDownload-Link -AzureFeed $AzureFeed -SpecificVersion $SpecificVersion -CLIArchitecture $CLIArchitecture
 
 $InstallRoot = Resolve-Installation-Path $InstallDir
@@ -583,6 +663,11 @@ if ($DryRun) {
         }
     }
     Say "Repeatable invocation: $RepeatableCommand"
+    if ($SpecificVersion -ne $EffectiveVersion)
+    {
+        Say "NOTE: Due to finding a version manifest with this runtime, it would actually install with version '$EffectiveVersion'"
+    }
+
     exit 0
 }
 
@@ -606,6 +691,12 @@ else {
     throw "Invalid value for `$Runtime"
 }
 
+if ($SpecificVersion -ne $EffectiveVersion)
+{
+   Say "Performing installation checks for effective version: $EffectiveVersion"
+   $SpecificVersion = $EffectiveVersion
+}
+
 #  Check if the SDK version is already installed.
 $isAssetInstalled = Is-Dotnet-Package-Installed -InstallRoot $InstallRoot -RelativePathToPackage $dotnetPackageRelativePath -SpecificVersion $SpecificVersion
 if ($isAssetInstalled) {
@@ -684,3 +775,195 @@ Prepend-Sdk-InstallRoot-To-Path -InstallRoot $InstallRoot -BinFolderRelativePath
 
 Say "Installation finished"
 exit 0
+# SIG # Begin signature block
+# MIIjkgYJKoZIhvcNAQcCoIIjgzCCI38CAQExDzANBglghkgBZQMEAgEFADB5Bgor
+# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
+# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAdMJOqDPFy5F1i
+# HBXPyOE4hGkUv5EGyQzmS901lRr+baCCDYEwggX/MIID56ADAgECAhMzAAABh3IX
+# chVZQMcJAAAAAAGHMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD
+# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
+# b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p
+# bmcgUENBIDIwMTEwHhcNMjAwMzA0MTgzOTQ3WhcNMjEwMzAzMTgzOTQ3WjB0MQsw
+# CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u
+# ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy
+# b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+# AQDOt8kLc7P3T7MKIhouYHewMFmnq8Ayu7FOhZCQabVwBp2VS4WyB2Qe4TQBT8aB
+# znANDEPjHKNdPT8Xz5cNali6XHefS8i/WXtF0vSsP8NEv6mBHuA2p1fw2wB/F0dH
+# sJ3GfZ5c0sPJjklsiYqPw59xJ54kM91IOgiO2OUzjNAljPibjCWfH7UzQ1TPHc4d
+# weils8GEIrbBRb7IWwiObL12jWT4Yh71NQgvJ9Fn6+UhD9x2uk3dLj84vwt1NuFQ
+# itKJxIV0fVsRNR3abQVOLqpDugbr0SzNL6o8xzOHL5OXiGGwg6ekiXA1/2XXY7yV
+# Fc39tledDtZjSjNbex1zzwSXAgMBAAGjggF+MIIBejAfBgNVHSUEGDAWBgorBgEE
+# AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUhov4ZyO96axkJdMjpzu2zVXOJcsw
+# UAYDVR0RBEkwR6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1
+# ZXJ0byBSaWNvMRYwFAYDVQQFEw0yMzAwMTIrNDU4Mzg1MB8GA1UdIwQYMBaAFEhu
+# ZOVQBdOCqhc3NyK1bajKdQKVMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly93d3cu
+# bWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY0NvZFNpZ1BDQTIwMTFfMjAxMS0w
+# Ny0wOC5jcmwwYQYIKwYBBQUHAQEEVTBTMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3
+# Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvZFNpZ1BDQTIwMTFfMjAx
+# MS0wNy0wOC5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAixmy
+# S6E6vprWD9KFNIB9G5zyMuIjZAOuUJ1EK/Vlg6Fb3ZHXjjUwATKIcXbFuFC6Wr4K
+# NrU4DY/sBVqmab5AC/je3bpUpjtxpEyqUqtPc30wEg/rO9vmKmqKoLPT37svc2NV
+# BmGNl+85qO4fV/w7Cx7J0Bbqk19KcRNdjt6eKoTnTPHBHlVHQIHZpMxacbFOAkJr
+# qAVkYZdz7ikNXTxV+GRb36tC4ByMNxE2DF7vFdvaiZP0CVZ5ByJ2gAhXMdK9+usx
+# zVk913qKde1OAuWdv+rndqkAIm8fUlRnr4saSCg7cIbUwCCf116wUJ7EuJDg0vHe
+# yhnCeHnBbyH3RZkHEi2ofmfgnFISJZDdMAeVZGVOh20Jp50XBzqokpPzeZ6zc1/g
+# yILNyiVgE+RPkjnUQshd1f1PMgn3tns2Cz7bJiVUaqEO3n9qRFgy5JuLae6UweGf
+# AeOo3dgLZxikKzYs3hDMaEtJq8IP71cX7QXe6lnMmXU/Hdfz2p897Zd+kU+vZvKI
+# 3cwLfuVQgK2RZ2z+Kc3K3dRPz2rXycK5XCuRZmvGab/WbrZiC7wJQapgBodltMI5
+# GMdFrBg9IeF7/rP4EqVQXeKtevTlZXjpuNhhjuR+2DMt/dWufjXpiW91bo3aH6Ea
+# jOALXmoxgltCp1K7hrS6gmsvj94cLRf50QQ4U8Qwggd6MIIFYqADAgECAgphDpDS
+# AAAAAAADMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
+# V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0
+# IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0
+# ZSBBdXRob3JpdHkgMjAxMTAeFw0xMTA3MDgyMDU5MDlaFw0yNjA3MDgyMTA5MDla
+# MH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS
+# ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMT
+# H01pY3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTEwggIiMA0GCSqGSIb3DQEB
+# AQUAA4ICDwAwggIKAoICAQCr8PpyEBwurdhuqoIQTTS68rZYIZ9CGypr6VpQqrgG
+# OBoESbp/wwwe3TdrxhLYC/A4wpkGsMg51QEUMULTiQ15ZId+lGAkbK+eSZzpaF7S
+# 35tTsgosw6/ZqSuuegmv15ZZymAaBelmdugyUiYSL+erCFDPs0S3XdjELgN1q2jz
+# y23zOlyhFvRGuuA4ZKxuZDV4pqBjDy3TQJP4494HDdVceaVJKecNvqATd76UPe/7
+# 4ytaEB9NViiienLgEjq3SV7Y7e1DkYPZe7J7hhvZPrGMXeiJT4Qa8qEvWeSQOy2u
+# M1jFtz7+MtOzAz2xsq+SOH7SnYAs9U5WkSE1JcM5bmR/U7qcD60ZI4TL9LoDho33
+# X/DQUr+MlIe8wCF0JV8YKLbMJyg4JZg5SjbPfLGSrhwjp6lm7GEfauEoSZ1fiOIl
+# XdMhSz5SxLVXPyQD8NF6Wy/VI+NwXQ9RRnez+ADhvKwCgl/bwBWzvRvUVUvnOaEP
+# 6SNJvBi4RHxF5MHDcnrgcuck379GmcXvwhxX24ON7E1JMKerjt/sW5+v/N2wZuLB
+# l4F77dbtS+dJKacTKKanfWeA5opieF+yL4TXV5xcv3coKPHtbcMojyyPQDdPweGF
+# RInECUzF1KVDL3SV9274eCBYLBNdYJWaPk8zhNqwiBfenk70lrC8RqBsmNLg1oiM
+# CwIDAQABo4IB7TCCAekwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFEhuZOVQ
+# BdOCqhc3NyK1bajKdQKVMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1Ud
+# DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFHItOgIxkEO5FAVO
+# 4eqnxzHRI4k0MFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwubWljcm9zb2Z0
+# LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y
+# Mi5jcmwwXgYIKwYBBQUHAQEEUjBQME4GCCsGAQUFBzAChkJodHRwOi8vd3d3Lm1p
+# Y3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y
+# Mi5jcnQwgZ8GA1UdIASBlzCBlDCBkQYJKwYBBAGCNy4DMIGDMD8GCCsGAQUFBwIB
+# FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2RvY3MvcHJpbWFyeWNw
+# cy5odG0wQAYIKwYBBQUHAgIwNB4yIB0ATABlAGcAYQBsAF8AcABvAGwAaQBjAHkA
+# XwBzAHQAYQB0AGUAbQBlAG4AdAAuIB0wDQYJKoZIhvcNAQELBQADggIBAGfyhqWY
+# 4FR5Gi7T2HRnIpsLlhHhY5KZQpZ90nkMkMFlXy4sPvjDctFtg/6+P+gKyju/R6mj
+# 82nbY78iNaWXXWWEkH2LRlBV2AySfNIaSxzzPEKLUtCw/WvjPgcuKZvmPRul1LUd
+# d5Q54ulkyUQ9eHoj8xN9ppB0g430yyYCRirCihC7pKkFDJvtaPpoLpWgKj8qa1hJ
+# Yx8JaW5amJbkg/TAj/NGK978O9C9Ne9uJa7lryft0N3zDq+ZKJeYTQ49C/IIidYf
+# wzIY4vDFLc5bnrRJOQrGCsLGra7lstnbFYhRRVg4MnEnGn+x9Cf43iw6IGmYslmJ
+# aG5vp7d0w0AFBqYBKig+gj8TTWYLwLNN9eGPfxxvFX1Fp3blQCplo8NdUmKGwx1j
+# NpeG39rz+PIWoZon4c2ll9DuXWNB41sHnIc+BncG0QaxdR8UvmFhtfDcxhsEvt9B
+# xw4o7t5lL+yX9qFcltgA1qFGvVnzl6UJS0gQmYAf0AApxbGbpT9Fdx41xtKiop96
+# eiL6SJUfq/tHI4D1nvi/a7dLl+LrdXga7Oo3mXkYS//WsyNodeav+vyL6wuA6mk7
+# r/ww7QRMjt/fdW1jkT3RnVZOT7+AVyKheBEyIXrvQQqxP/uozKRdwaGIm1dxVk5I
+# RcBCyZt2WwqASGv9eZ/BvW1taslScxMNelDNMYIVZzCCFWMCAQEwgZUwfjELMAkG
+# A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
+# HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9z
+# b2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAxMQITMwAAAYdyF3IVWUDHCQAAAAABhzAN
+# BglghkgBZQMEAgEFAKCBrjAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgor
+# BgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgGfshXxhl
+# 7+O9cl90lOU62gZCBmJzcomUxEL8+XyoDYQwQgYKKwYBBAGCNwIBDDE0MDKgFIAS
+# AE0AaQBjAHIAbwBzAG8AZgB0oRqAGGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbTAN
+# BgkqhkiG9w0BAQEFAASCAQCPVhcZxxdIzkFdrv/FCW737QgR8fCO1/oRXwhigOyQ
+# P2MF39fIYsVXuzVnO8pYZZOeW04kMECcWf9420okd4lXP7Xc5m+5UrqPuN1UgNle
+# hhwLBiXuZaAfllBMWMeQi7DZmg7XW8Yay9TAbc2XSTGQ8foDxPllKFbdPvvQ2DRy
+# VRLyNNQQEo3IuHHa0nnVNaL2PUYJf0udMCdGkxIMbApAYcitJLSwMLqMzrMkrvS9
+# ubm7CgigsKRJ3cZtCtFFMUkMsstoVuKLFtu69OvOfgLy1qmKotE6EnF7xudV+qAA
+# a+UxGVT715tK5kgb5eTr1K2NdWRj517oANQNOjR/m6OPoYIS8TCCEu0GCisGAQQB
+# gjcDAwExghLdMIIS2QYJKoZIhvcNAQcCoIISyjCCEsYCAQMxDzANBglghkgBZQME
+# AgEFADCCAVUGCyqGSIb3DQEJEAEEoIIBRASCAUAwggE8AgEBBgorBgEEAYRZCgMB
+# MDEwDQYJYIZIAWUDBAIBBQAEIHYNJoLIl+IWj/Npb6r479Guw3UW/q0/jJhqKgHm
+# xq1NAgZfdIY1B90YEzIwMjAxMDE0MTcxOTIwLjg5NVowBIACAfSggdSkgdEwgc4x
+# CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt
+# b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKTAnBgNVBAsTIE1p
+# Y3Jvc29mdCBPcGVyYXRpb25zIFB1ZXJ0byBSaWNvMSYwJAYDVQQLEx1UaGFsZXMg
+# VFNTIEVTTjo2MEJDLUUzODMtMjYzNTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUt
+# U3RhbXAgU2VydmljZaCCDkQwggT1MIID3aADAgECAhMzAAABJt+6SyK5goIHAAAA
+# AAEmMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo
+# aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y
+# cG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEw
+# MB4XDTE5MTIxOTAxMTQ1OVoXDTIxMDMxNzAxMTQ1OVowgc4xCzAJBgNVBAYTAlVT
+# MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK
+# ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVy
+# YXRpb25zIFB1ZXJ0byBSaWNvMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjo2MEJD
+# LUUzODMtMjYzNTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2Vydmlj
+# ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ4wvoacTvMNlXQTtfF/
+# Cx5Ol3X0fcjUNMvjLgTmO5+WHYJFbp725P3+qvFKDRQHWEI1Sz0gB24urVDIjXjB
+# h5NVNJVMQJI2tltv7M4/4IbhZJb3xzQW7LolEoZYUZanBTUuyly9osCg4o5joViT
+# 2GtmyxK+Fv5kC20l2opeaeptd/E7ceDAFRM87hiNCsK/KHyC+8+swnlg4gTOey6z
+# QqhzgNsG6HrjLBuDtDs9izAMwS2yWT0T52QA9h3Q+B1C9ps2fMKMe+DHpG+0c61D
+# 94Yh6cV2XHib4SBCnwIFZAeZE2UJ4qPANSYozI8PH+E5rCT3SVqYvHou97HsXvP2
+# I3MCAwEAAaOCARswggEXMB0GA1UdDgQWBBRJq6wfF7B+mEKN0VimX8ajNA5hQTAf
+# BgNVHSMEGDAWgBTVYzpcijGQ80N7fEYbxTNoWoVtVTBWBgNVHR8ETzBNMEugSaBH
+# hkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNU
+# aW1TdGFQQ0FfMjAxMC0wNy0wMS5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUF
+# BzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1RpbVN0
+# YVBDQV8yMDEwLTA3LTAxLmNydDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsG
+# AQUFBwMIMA0GCSqGSIb3DQEBCwUAA4IBAQBAlvudaOlv9Cfzv56bnX41czF6tLtH
+# LB46l6XUch+qNN45ZmOTFwLot3JjwSrn4oycQ9qTET1TFDYd1QND0LiXmKz9OqBX
+# ai6S8XdyCQEZvfL82jIAs9pwsAQ6XvV9jNybPStRgF/sOAM/Deyfmej9Tg9FcRwX
+# ank2qgzdZZNb8GoEze7f1orcTF0Q89IUXWIlmwEwQFYF1wjn87N4ZxL9Z/xA2m/R
+# 1zizFylWP/mpamCnVfZZLkafFLNUNVmcvc+9gM7vceJs37d3ydabk4wR6ObR34sW
+# aLppmyPlsI1Qq5Lu6bJCWoXzYuWpkoK6oEep1gML6SRC3HKVS3UscZhtMIIGcTCC
+# BFmgAwIBAgIKYQmBKgAAAAAAAjANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMC
+# VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV
+# BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJv
+# b3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMTAwNzAxMjEzNjU1WhcN
+# MjUwNzAxMjE0NjU1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv
+# bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0
+# aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDCCASIw
+# DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkdDbx3EYo6IOz8E5f1+n9plGt0
+# VBDVpQoAgoX77XxoSyxfxcPlYcJ2tz5mK1vwFVMnBDEfQRsalR3OCROOfGEwWbEw
+# RA/xYIiEVEMM1024OAizQt2TrNZzMFcmgqNFDdDq9UeBzb8kYDJYYEbyWEeGMoQe
+# dGFnkV+BVLHPk0ySwcSmXdFhE24oxhr5hoC732H8RsEnHSRnEnIaIYqvS2SJUGKx
+# Xf13Hz3wV3WsvYpCTUBR0Q+cBj5nf/VmwAOWRH7v0Ev9buWayrGo8noqCjHw2k4G
+# kbaICDXoeByw6ZnNPOcvRLqn9NxkvaQBwSAJk3jN/LzAyURdXhacAQVPIk0CAwEA
+# AaOCAeYwggHiMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBTVYzpcijGQ80N7
+# fEYbxTNoWoVtVTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC
+# AYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvX
+# zpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20v
+# cGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYI
+# KwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5j
+# b20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDCBoAYDVR0g
+# AQH/BIGVMIGSMIGPBgkrBgEEAYI3LgMwgYEwPQYIKwYBBQUHAgEWMWh0dHA6Ly93
+# d3cubWljcm9zb2Z0LmNvbS9QS0kvZG9jcy9DUFMvZGVmYXVsdC5odG0wQAYIKwYB
+# BQUHAgIwNB4yIB0ATABlAGcAYQBsAF8AUABvAGwAaQBjAHkAXwBTAHQAYQB0AGUA
+# bQBlAG4AdAAuIB0wDQYJKoZIhvcNAQELBQADggIBAAfmiFEN4sbgmD+BcQM9naOh
+# IW+z66bM9TG+zwXiqf76V20ZMLPCxWbJat/15/B4vceoniXj+bzta1RXCCtRgkQS
+# +7lTjMz0YBKKdsxAQEGb3FwX/1z5Xhc1mCRWS3TvQhDIr79/xn/yN31aPxzymXlK
+# kVIArzgPF/UveYFl2am1a+THzvbKegBvSzBEJCI8z+0DpZaPWSm8tv0E4XCfMkon
+# /VWvL/625Y4zu2JfmttXQOnxzplmkIz/amJ/3cVKC5Em4jnsGUpxY517IW3DnKOi
+# PPp/fZZqkHimbdLhnPkd/DjYlPTGpQqWhqS9nhquBEKDuLWAmyI4ILUl5WTs9/S/
+# fmNZJQ96LjlXdqJxqgaKD4kWumGnEcua2A5HmoDF0M2n0O99g/DhO3EJ3110mCII
+# YdqwUB5vvfHhAN/nMQekkzr3ZUd46PioSKv33nJ+YWtvd6mBy6cJrDm77MbL2IK0
+# cs0d9LiFAR6A+xuJKlQ5slvayA1VmXqHczsI5pgt6o3gMy4SKfXAL1QnIffIrE7a
+# KLixqduWsqdCosnPGUFN4Ib5KpqjEWYw07t0MkvfY3v1mYovG8chr1m1rtxEPJdQ
+# cdeh0sVV42neV8HR3jDA/czmTfsNv11P6Z0eGTgvvM9YBS7vDaBQNdrvCScc1bN+
+# NR4Iuto229Nfj950iEkSoYIC0jCCAjsCAQEwgfyhgdSkgdEwgc4xCzAJBgNVBAYT
+# AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD
+# VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKTAnBgNVBAsTIE1pY3Jvc29mdCBP
+# cGVyYXRpb25zIFB1ZXJ0byBSaWNvMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjo2
+# MEJDLUUzODMtMjYzNTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2Vy
+# dmljZaIjCgEBMAcGBSsOAwIaAxUACmcyOWmZxErpq06B8dy6oMZ6//yggYMwgYCk
+# fjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
+# UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD
+# Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQUFAAIF
+# AOMxeOgwIhgPMjAyMDEwMTQxNzE3MjhaGA8yMDIwMTAxNTE3MTcyOFowdzA9Bgor
+# BgEEAYRZCgQBMS8wLTAKAgUA4zF46AIBADAKAgEAAgIQPAIB/zAHAgEAAgIRZDAK
+# AgUA4zLKaAIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIB
+# AAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUAA4GBALEDKhtH6no+VBWb
+# KHscN3Q0bphy1tgMhLZ0UBYpPSgcrPnF36tX3nswRAci3gLdgc77hjn2Zc6UyVJk
+# WhFguWv6KoyTunGPejS/fPIGKm1CXQnEV/JUvt1EAf7YRpHImfjZBhNXbVyV61gy
+# fEGA6fNNgbI+57xQJCZqdKBYX3EFMYIDDTCCAwkCAQEwgZMwfDELMAkGA1UEBhMC
+# VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV
+# BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp
+# bWUtU3RhbXAgUENBIDIwMTACEzMAAAEm37pLIrmCggcAAAAAASYwDQYJYIZIAWUD
+# BAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0B
+# CQQxIgQgmfmj5y7wRFTyeI0TaXaljaCJoRQMvGBEAXsAQuY3ZOcwgfoGCyqGSIb3
+# DQEJEAIvMYHqMIHnMIHkMIG9BCA2/c/vnr1ecAzvapOWZ2xGfAkzrkfpGcrvMW07
+# CQl1DzCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
+# MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp
+# b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB
+# Jt+6SyK5goIHAAAAAAEmMCIEIJ7sOcZ9sNFABAvIMRs2kk0cZhB239DZbXCLYMT8
+# frPMMA0GCSqGSIb3DQEBCwUABIIBAEiXebYdQ9DIz74YpfQ9FBaLHiSfD3s+jO7x
+# 1noNe0HIdZaX/Asow0OqsEMzZanOpa3yO8BJskKoDJW9pU//xqCzV1W5FzoOT4Qs
+# ZJpG0R5f/eHqMMeRBVUPn1FfT4pQVcHfRHOW/I3hWC0G4SeVwU/L9d8JLSQKzl39
+# 8bMFbtLJWxUJMM4Vp8Tf+cR7ShZdsK9w88QokR9xbuQgn6jsqhOuyw+dUGrwEI7h
+# GCdUmsT614oSgdnuUBf/g1aew0e3ulmZYYQ2QLKqnDXuqUIFnPtWFB90h++mdlFg
+# fvIEusNgYkb2kl5xQfxm3wynbxtP249vWF4GACZtqqSj3tcQ+xQ=
+# SIG # End signature block

src/Misc/dotnet-install.sh

@@ -270,7 +270,7 @@ check_pre_reqs() {
         [ -z "$($LDCONFIG_COMMAND 2>/dev/null | grep zlib)" ] && say_warning "Unable to locate zlib. Probable prerequisite missing; install zlib."
         [ -z "$($LDCONFIG_COMMAND 2>/dev/null | grep ssl)" ] && say_warning "Unable to locate libssl. Probable prerequisite missing; install libssl."
         [ -z "$($LDCONFIG_COMMAND 2>/dev/null | grep libicu)" ] && say_warning "Unable to locate libicu. Probable prerequisite missing; install libicu."
-        [ -z "$($LDCONFIG_COMMAND 2>/dev/null | grep lttng)" ] && say_warning "Unable to locate liblttng. Probable prerequisite missing; install libcurl."
+        [ -z "$($LDCONFIG_COMMAND 2>/dev/null | grep lttng)" ] && say_warning "Unable to locate liblttng. Probable prerequisite missing; install liblttng."
         [ -z "$($LDCONFIG_COMMAND 2>/dev/null | grep libcurl)" ] && say_warning "Unable to locate libcurl. Probable prerequisite missing; install libcurl."
     fi
 
@@ -373,7 +373,7 @@ get_normalized_architecture_from_architecture() {
             ;;
     esac
 
-    say_err "Architecture \`$architecture\` not supported. If you think this is a bug, report it at https://github.com/dotnet/sdk/issues"
+    say_err "Architecture \`$architecture\` not supported. If you think this is a bug, report it at https://github.com/dotnet/install-scripts/issues"
     return 1
 }
 
@@ -545,17 +545,18 @@ construct_download_link() {
     local channel="$2"
     local normalized_architecture="$3"
     local specific_version="${4//[$'\t\r\n']}"
+    local specific_product_version="$(get_specific_product_version "$1" "$4")"
 
     local osname
     osname="$(get_current_os_name)" || return 1
 
     local download_link=null
     if [[ "$runtime" == "dotnet" ]]; then
-        download_link="$azure_feed/Runtime/$specific_version/dotnet-runtime-$specific_version-$osname-$normalized_architecture.tar.gz"
+        download_link="$azure_feed/Runtime/$specific_version/dotnet-runtime-$specific_product_version-$osname-$normalized_architecture.tar.gz"
     elif [[ "$runtime" == "aspnetcore" ]]; then
-        download_link="$azure_feed/aspnetcore/Runtime/$specific_version/aspnetcore-runtime-$specific_version-$osname-$normalized_architecture.tar.gz"
+        download_link="$azure_feed/aspnetcore/Runtime/$specific_version/aspnetcore-runtime-$specific_product_version-$osname-$normalized_architecture.tar.gz"
     elif [ -z "$runtime" ]; then
-        download_link="$azure_feed/Sdk/$specific_version/dotnet-sdk-$specific_version-$osname-$normalized_architecture.tar.gz"
+        download_link="$azure_feed/Sdk/$specific_version/dotnet-sdk-$specific_product_version-$osname-$normalized_architecture.tar.gz"
     else
         return 1
     fi
@@ -564,6 +565,44 @@ construct_download_link() {
     return 0
 }
 
+# args:
+# azure_feed - $1
+# specific_version - $2
+get_specific_product_version() {
+    # If we find a 'productVersion.txt' at the root of any folder, we'll use its contents 
+    # to resolve the version of what's in the folder, superseding the specified version.
+    eval $invocation
+
+    local azure_feed="$1"
+    local specific_version="${2//[$'\t\r\n']}"
+    local specific_product_version=$specific_version
+
+    local download_link=null
+    if [[ "$runtime" == "dotnet" ]]; then
+        download_link="$azure_feed/Runtime/$specific_version/productVersion.txt${feed_credential}"
+    elif [[ "$runtime" == "aspnetcore" ]]; then
+        download_link="$azure_feed/aspnetcore/Runtime/$specific_version/productVersion.txt${feed_credential}"
+    elif [ -z "$runtime" ]; then
+        download_link="$azure_feed/Sdk/$specific_version/productVersion.txt${feed_credential}"
+    else
+        return 1
+    fi
+
+    specific_product_version=$(curl -s --fail "$download_link")
+    if [ $? -ne 0 ]
+    then
+      specific_product_version=$(wget -qO- "$download_link")
+      if [ $? -ne 0 ]
+      then
+        specific_product_version=$specific_version
+      fi
+    fi
+    specific_product_version="${specific_product_version//[$'\t\r\n']}"
+
+    echo "$specific_product_version"
+    return 0
+}
+
 # args:
 # azure_feed - $1
 # channel - $2
@@ -771,6 +810,7 @@ calculate_vars() {
     say_verbose "normalized_architecture=$normalized_architecture"
 
     specific_version="$(get_specific_version_from_version "$azure_feed" "$channel" "$normalized_architecture" "$version" "$json_file")"
+    specific_product_version="$(get_specific_product_version "$azure_feed" "$specific_version")"
     say_verbose "specific_version=$specific_version"
     if [ -z "$specific_version" ]; then
         say_err "Could not resolve version information."
@@ -869,12 +909,12 @@ install_dotnet() {
     fi
 
     #  Check if the standard SDK version is installed.
-    say_verbose "Checking installation: version = $specific_version"
-    if is_dotnet_package_installed "$install_root" "$asset_relative_path" "$specific_version"; then
+    say_verbose "Checking installation: version = $specific_product_version"
+    if is_dotnet_package_installed "$install_root" "$asset_relative_path" "$specific_product_version"; then
         return 0
     fi
 
-    say_err "\`$asset_name\` with version = $specific_version failed to install with an unknown error."
+    say_err "\`$asset_name\` with version = $specific_product_version failed to install with an unknown error."
     return 1
 }
 

src/Misc/expressionFunc/hashFiles/package-lock.json

@@ -5,9 +5,9 @@
   "requires": true,
   "dependencies": {
     "@actions/core": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.0.tgz",
-      "integrity": "sha512-ZKdyhlSlyz38S6YFfPnyNgCDZuAF2T0Qv5eHflNWytPS8Qjvz39bZFMry9Bb/dpSnqWcNeav5yM2CTYpJeY+Dw=="
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz",
+      "integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA=="
     },
     "@actions/glob": {
       "version": "0.1.0",
@@ -1683,9 +1683,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.15",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
+      "version": "4.17.19",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
+      "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==",
       "dev": true
     },
     "lodash.unescape": {

src/Misc/layoutbin/actions.runner.plist.template

@@ -23,5 +23,7 @@
       <key>ACTIONS_RUNNER_SVC</key>
       <string>1</string>
     </dict>
+    <key>ProcessType</key>
+    <string>Interactive</string>
   </dict>
 </plist>

src/Misc/layoutbin/darwin.svc.sh.template

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 SVC_NAME="{{SvcNameVar}}"
+SVC_NAME=${SVC_NAME// /_}
 SVC_DESCRIPTION="{{SvcDescription}}"
 
 user_id=`id -u`

src/Misc/layoutbin/installdependencies.sh

@@ -9,7 +9,7 @@ fi
 
 # Determine OS type 
 # Debian based OS (Debian, Ubuntu, Linux Mint) has /etc/debian_version
-# Fedora based OS (Fedora, Redhat, Centos, Oracle Linux 7) has /etc/redhat-release
+# Fedora based OS (Fedora, Red Hat Enterprise Linux, CentOS, Oracle Linux 7) has /etc/redhat-release
 # SUSE based OS (OpenSUSE, SUSE Enterprise) has ID_LIKE=suse in /etc/os-release
 
 function print_errormessage() 
@@ -49,79 +49,77 @@ then
         cat /etc/debian_version
         echo "------------------------------"
         
-        # prefer apt over apt-get        
-        command -v apt
-        if [ $? -eq 0 ]
-        then
-            apt update && apt install -y liblttng-ust0 libkrb5-3 zlib1g
-            if [ $? -ne 0 ]
-            then
-                echo "'apt' failed with exit code '$?'"
-                print_errormessage
-                exit 1
-            fi
-
-            # libissl version prefer: libssl1.1 -> libssl1.0.2 -> libssl1.0.0
-            apt install -y libssl1.1$ || apt install -y libssl1.0.2$ || apt install -y libssl1.0.0$
-            if [ $? -ne 0 ]
-            then
-                echo "'apt' failed with exit code '$?'"
-                print_errormessage
-                exit 1
-            fi
-
-            # libicu version prefer: libicu63 -> libicu60 -> libicu57 -> libicu55 -> libicu52
-            apt install -y libicu63 || apt install -y libicu60 || apt install -y libicu57 || apt install -y libicu55 || apt install -y libicu52
-            if [ $? -ne 0 ]
-            then
-                echo "'apt' failed with exit code '$?'"
-                print_errormessage
-                exit 1
-            fi
-        else
+        # prefer apt-get over apt
         command -v apt-get
         if [ $? -eq 0 ]
         then
-                apt-get update && apt-get install -y liblttng-ust0 libkrb5-3 zlib1g
-                if [ $? -ne 0 ]
-                then
-                    echo "'apt-get' failed with exit code '$?'"
-                    print_errormessage
-                    exit 1
-                fi
-                
-                # libissl version prefer: libssl1.1 -> libssl1.0.2 -> libssl1.0.0
-                apt-get install -y libssl1.1$ || apt-get install -y libssl1.0.2$ || apt install -y libssl1.0.0$
-                if [ $? -ne 0 ]
-                then
-                    echo "'apt-get' failed with exit code '$?'"
-                    print_errormessage
-                    exit 1
-                fi
-
-                # libicu version prefer: libicu63 -> libicu60 -> libicu57 -> libicu55 -> libicu52
-                apt-get install -y libicu63 || apt-get install -y libicu60 || apt install -y libicu57 || apt install -y libicu55 || apt install -y libicu52
-                if [ $? -ne 0 ]
-                then
-                    echo "'apt-get' failed with exit code '$?'"
-                    print_errormessage
-                    exit 1
-                fi
+            apt_get=apt-get
         else
-                echo "Can not find 'apt' or 'apt-get'"
+            command -v apt
+            if [ $? -eq 0 ]
+            then
+                apt_get=apt
+            else
+                echo "Found neither 'apt-get' nor 'apt'"
                 print_errormessage
                 exit 1
             fi
         fi
+
+        $apt_get update && $apt_get install -y liblttng-ust0 libkrb5-3 zlib1g
+        if [ $? -ne 0 ]
+        then
+            echo "'$apt_get' failed with exit code '$?'"
+            print_errormessage
+            exit 1
+        fi
+
+        apt_get_with_fallbacks() {
+            $apt_get install -y $1
+            fail=$?
+            if [ $fail -eq 0 ]
+            then
+                if [ "${1#"${1%?}"}" = '$' ]; then
+                    dpkg -l "${1%?}" > /dev/null 2> /dev/null
+                    fail=$?
+                fi
+            fi
+            if [ $fail -ne 0 ]
+            then
+                shift
+                if [ -n "$1" ]
+                then
+                    apt_get_with_fallbacks "$@"
+                fi
+            fi
+        }
+
+        # libssl version prefer: libssl1.1 -> libssl1.0.2 -> libssl1.0.0
+        apt_get_with_fallbacks libssl1.1$ libssl1.0.2$ libssl1.0.0$
+        if [ $? -ne 0 ]
+        then
+            echo "'$apt_get' failed with exit code '$?'"
+            print_errormessage
+            exit 1
+        fi
+
+        # libicu version prefer: libicu66 -> libicu63 -> libicu60 -> libicu57 -> libicu55 -> libicu52
+        apt_get_with_fallbacks libicu66 libicu63 libicu60 libicu57 libicu55 libicu52
+        if [ $? -ne 0 ]
+        then
+            echo "'$apt_get' failed with exit code '$?'"
+            print_errormessage
+            exit 1
+        fi
     elif [ -e /etc/redhat-release ]
     then
         echo "The current OS is Fedora based"
-        echo "--------Redhat Version--------"
+        echo "--Fedora/RHEL/CentOS Version--"
         cat /etc/redhat-release
         echo "------------------------------"
 
         # use dnf on fedora
-        # use yum on centos and redhat
+        # use yum on centos and rhel
         if [ -e /etc/fedora-release ]
         then
             command -v dnf
@@ -191,7 +189,7 @@ then
     redhatRelease=$(</etc/redhat-release)
     if [[ $redhatRelease == "CentOS release 6."* || $redhatRelease == "Red Hat Enterprise Linux Server release 6."* ]]
     then
-        echo "The current OS is Red Hat Enterprise Linux 6 or Centos 6"
+        echo "The current OS is Red Hat Enterprise Linux 6 or CentOS 6"
 
         # Install known dependencies, as a best effort.
         # The remaining dependencies are covered by the GitHub doc that will be shown by `print_rhel6message`

src/Misc/layoutbin/systemd.svc.sh.template

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 SVC_NAME="{{SvcNameVar}}"
+SVC_NAME=${SVC_NAME// /_}
 SVC_DESCRIPTION="{{SvcDescription}}"
 
 SVC_CMD=$1
@@ -63,8 +64,21 @@ function install()
     sed "s/{{User}}/${run_as_user}/g; s/{{Description}}/$(echo ${SVC_DESCRIPTION} | sed -e 's/[\/&]/\\&/g')/g; s/{{RunnerRoot}}/$(echo ${RUNNER_ROOT} | sed -e 's/[\/&]/\\&/g')/g;" "${TEMPLATE_PATH}" > "${TEMP_PATH}" || failed "failed to create replacement temp file"
     mv "${TEMP_PATH}" "${UNIT_PATH}" || failed "failed to copy unit file"
 
+    # Recent Fedora based Linux (CentOS/Redhat) has SELinux enabled by default
+    # We need to restore security context on the unit file we added otherwise SystemD have no access to it.
+    command -v getenforce > /dev/null
+    if [ $? -eq 0 ]
+    then
+        selinuxEnabled=$(getenforce)
+        if [[ $selinuxEnabled == "Enforcing" ]]
+        then
+            # SELinux is enabled, we will need to Restore SELinux Context for the service file
+            restorecon -r -v "${UNIT_PATH}" || failed "failed to restore SELinux context on ${UNIT_PATH}"
+        fi
+    fi
+    
     # unit file should not be executable and world writable
-    chmod 664 ${UNIT_PATH} || failed "failed to set permissions on ${UNIT_PATH}"
+    chmod 664 "${UNIT_PATH}" || failed "failed to set permissions on ${UNIT_PATH}"
     systemctl daemon-reload || failed "failed to reload daemons"
     
     # Since we started with sudo, runsvc.sh will be owned by root. Change this to current login user.    

src/Misc/layoutbin/update.sh.template

@@ -28,13 +28,13 @@ date "+[%F %T-%4N] Waiting for $runnerprocessname ($runnerpid) to complete" >> "
 while [ -e /proc/$runnerpid ]
 do
     date "+[%F %T-%4N] Process $runnerpid still running" >> "$logfile" 2>&1
-    ping -c 2 127.0.0.1 >nul
+    sleep 2
 done
 date "+[%F %T-%4N] Process $runnerpid finished running" >> "$logfile" 2>&1
 
 # start re-organize folders
 date "+[%F %T-%4N] Sleep 1 more second to make sure process exited" >> "$logfile" 2>&1
-ping -c 2 127.0.0.1 >nul
+sleep 1
 
 # the folder structure under runner root will be
 # ./bin -> bin.2.100.0 (junction folder)

src/Misc/layoutroot/config.sh

@@ -18,24 +18,26 @@ then
         exit 1
     fi
 
+    message="Execute sudo ./bin/installdependencies.sh to install any missing Dotnet Core 3.0 dependencies."
+
     ldd ./bin/libcoreclr.so | grep 'not found'
     if [ $? -eq 0 ]; then
         echo "Dependencies is missing for Dotnet Core 3.0"
-        echo "Execute ./bin/installdependencies.sh to install any missing Dotnet Core 3.0 dependencies."
+        echo $message
         exit 1
     fi
 
     ldd ./bin/System.Security.Cryptography.Native.OpenSsl.so | grep 'not found'
     if [ $? -eq 0 ]; then
         echo "Dependencies is missing for Dotnet Core 3.0"
-        echo "Execute ./bin/installdependencies.sh to install any missing Dotnet Core 3.0 dependencies."
+        echo $message
         exit 1
     fi
 
     ldd ./bin/System.IO.Compression.Native.so | grep 'not found'
     if [ $? -eq 0 ]; then
         echo "Dependencies is missing for Dotnet Core 3.0"
-        echo "Execute ./bin/installdependencies.sh to install any missing Dotnet Core 3.0 dependencies."
+        echo $message
         exit 1
     fi
 
@@ -53,7 +55,7 @@ then
     $LDCONFIG_COMMAND -NXv ${libpath//:/ } 2>&1 | grep libicu >/dev/null 2>&1
     if [ $? -ne 0 ]; then
         echo "Libicu's dependencies is missing for Dotnet Core 3.0"
-        echo "Execute ./bin/installdependencies.sh to install any missing Dotnet Core 3.0 dependencies."
+        echo $message
         exit 1
     fi
 fi
@@ -67,7 +69,7 @@ while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symli
   [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
 done
 DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
-cd $DIR
+cd "$DIR"
 
 source ./env.sh
 

src/Runner.Common/ConfigurationStore.cs

@@ -108,9 +108,9 @@ namespace GitHub.Runner.Common
         CredentialData GetMigratedCredentials();
         RunnerSettings GetSettings();
         void SaveCredential(CredentialData credential);
-        void SaveMigratedCredential(CredentialData credential);
         void SaveSettings(RunnerSettings settings);
         void DeleteCredential();
+        void DeleteMigratedCredential();
         void DeleteSettings();
     }
 
@@ -232,21 +232,6 @@ namespace GitHub.Runner.Common
             File.SetAttributes(_credFilePath, File.GetAttributes(_credFilePath) | FileAttributes.Hidden);
         }
 
-        public void SaveMigratedCredential(CredentialData credential)
-        {
-            Trace.Info("Saving {0} migrated credential @ {1}", credential.Scheme, _migratedCredFilePath);
-            if (File.Exists(_migratedCredFilePath))
-            {
-                // Delete existing credential file first, since the file is hidden and not able to overwrite.
-                Trace.Info("Delete exist runner migrated credential file.");
-                IOUtil.DeleteFile(_migratedCredFilePath);
-            }
-
-            IOUtil.SaveObject(credential, _migratedCredFilePath);
-            Trace.Info("Migrated Credentials Saved.");
-            File.SetAttributes(_migratedCredFilePath, File.GetAttributes(_migratedCredFilePath) | FileAttributes.Hidden);
-        }
-
         public void SaveSettings(RunnerSettings settings)
         {
             Trace.Info("Saving runner settings.");
@@ -268,6 +253,11 @@ namespace GitHub.Runner.Common
             IOUtil.Delete(_migratedCredFilePath, default(CancellationToken));
         }
 
+        public void DeleteMigratedCredential()
+        {
+            IOUtil.Delete(_migratedCredFilePath, default(CancellationToken));
+        }
+
         public void DeleteSettings()
         {
             IOUtil.Delete(_configFilePath, default(CancellationToken));

src/Runner.Common/Constants.cs

@@ -90,7 +90,7 @@ namespace GitHub.Runner.Common
                     public static readonly string Labels = "labels";
                     public static readonly string MonitorSocketAddress = "monitorsocketaddress";
                     public static readonly string Name = "name";
-                    public static readonly string Pool = "pool";
+                    public static readonly string RunnerGroup = "runnergroup";
                     public static readonly string StartupType = "startuptype";
                     public static readonly string Url = "url";
                     public static readonly string UserName = "username";
@@ -137,6 +137,12 @@ namespace GitHub.Runner.Common
                 public const int RunnerUpdating = 3;
                 public const int RunOnceRunnerUpdating = 4;
             }
+
+            public static readonly string InternalTelemetryIssueDataKey = "_internal_telemetry";
+            public static readonly string WorkerCrash = "WORKER_CRASH";
+            public static readonly string UnsupportedCommand = "UNSUPPORTED_COMMAND";
+            public static readonly string UnsupportedCommandMessage = "The `{0}` command is deprecated and will be disabled on November 16th. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/";
+            public static readonly string UnsupportedCommandMessageDisabled = "The `{0}` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/";
         }
 
         public static class RunnerEvent
@@ -195,6 +201,7 @@ namespace GitHub.Runner.Common
                 //
                 // Keep alphabetical
                 //
+                public static readonly string AllowUnsupportedCommands = "ACTIONS_ALLOW_UNSECURE_COMMANDS";
                 public static readonly string RunnerDebug = "ACTIONS_RUNNER_DEBUG";
                 public static readonly string StepDebug = "ACTIONS_STEP_DEBUG";
             }

src/Runner.Common/ExtensionManager.cs

@@ -56,6 +56,10 @@ namespace GitHub.Runner.Common
                     Add<T>(extensions, "GitHub.Runner.Worker.EndGroupCommandExtension, Runner.Worker");
                     Add<T>(extensions, "GitHub.Runner.Worker.EchoCommandExtension, Runner.Worker");
                     break;
+                case "GitHub.Runner.Worker.IFileCommandExtension":
+                    Add<T>(extensions, "GitHub.Runner.Worker.AddPathFileCommand, Runner.Worker");
+                    Add<T>(extensions, "GitHub.Runner.Worker.SetEnvFileCommand, Runner.Worker");
+                    break;
                 default:
                     // This should never happen.
                     throw new NotSupportedException($"Unexpected extension type: '{typeof(T).FullName}'");

src/Runner.Common/HostContext.cs

@@ -1,19 +1,18 @@
-using GitHub.Runner.Common.Util;
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
+using System.Diagnostics;
+using System.Diagnostics.Tracing;
 using System.Globalization;
 using System.IO;
 using System.Linq;
+using System.Net.Http;
+using System.Net.Http.Headers;
 using System.Reflection;
 using System.Runtime.Loader;
 using System.Threading;
 using System.Threading.Tasks;
-using System.Diagnostics;
-using System.Net.Http;
-using System.Diagnostics.Tracing;
 using GitHub.DistributedTask.Logging;
-using System.Net.Http.Headers;
 using GitHub.Runner.Sdk;
 
 namespace GitHub.Runner.Common
@@ -89,6 +88,7 @@ namespace GitHub.Runner.Common
             this.SecretMasker.AddValueEncoder(ValueEncoders.JsonStringEscape);
             this.SecretMasker.AddValueEncoder(ValueEncoders.UriDataEscape);
             this.SecretMasker.AddValueEncoder(ValueEncoders.XmlDataEscape);
+            this.SecretMasker.AddValueEncoder(ValueEncoders.TrimDoubleQuotes);
 
             // Create the trace manager.
             if (string.IsNullOrEmpty(logFile))
@@ -614,9 +614,8 @@ namespace GitHub.Runner.Common
     {
         public static HttpClientHandler CreateHttpClientHandler(this IHostContext context)
         {
-            HttpClientHandler clientHandler = new HttpClientHandler();
-            clientHandler.Proxy = context.WebProxy;
-            return clientHandler;
+            var handlerFactory = context.GetService<IHttpClientHandlerFactory>();
+            return handlerFactory.CreateClientHandler(context.WebProxy);
         }
     }
 

src/Runner.Common/HttpClientHandlerFactory.cs

@@ -0,0 +1,19 @@
+using System.Net.Http;
+using GitHub.Runner.Sdk;
+
+namespace GitHub.Runner.Common
+{
+    [ServiceLocator(Default = typeof(HttpClientHandlerFactory))]
+    public interface IHttpClientHandlerFactory : IRunnerService
+    {
+        HttpClientHandler CreateClientHandler(RunnerWebProxy webProxy);
+    }
+
+    public class HttpClientHandlerFactory : RunnerService, IHttpClientHandlerFactory
+    {
+        public HttpClientHandler CreateClientHandler(RunnerWebProxy webProxy)
+        {
+            return new HttpClientHandler() { Proxy = webProxy };
+        }
+    }
+}

src/Runner.Common/JobServer.cs

@@ -16,12 +16,14 @@ namespace GitHub.Runner.Common
         // logging and console
         Task<TaskLog> AppendLogContentAsync(Guid scopeIdentifier, string hubName, Guid planId, int logId, Stream uploadStream, CancellationToken cancellationToken);
         Task AppendTimelineRecordFeedAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, Guid stepId, IList<string> lines, CancellationToken cancellationToken);
+        Task AppendTimelineRecordFeedAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, Guid stepId, IList<string> lines, long startLine, CancellationToken cancellationToken);
         Task<TaskAttachment> CreateAttachmentAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, String type, String name, Stream uploadStream, CancellationToken cancellationToken);
         Task<TaskLog> CreateLogAsync(Guid scopeIdentifier, string hubName, Guid planId, TaskLog log, CancellationToken cancellationToken);
         Task<Timeline> CreateTimelineAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, CancellationToken cancellationToken);
         Task<List<TimelineRecord>> UpdateTimelineRecordsAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, IEnumerable<TimelineRecord> records, CancellationToken cancellationToken);
         Task RaisePlanEventAsync<T>(Guid scopeIdentifier, string hubName, Guid planId, T eventData, CancellationToken cancellationToken) where T : JobEvent;
         Task<Timeline> GetTimelineAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, CancellationToken cancellationToken);
+        Task<ActionDownloadInfoCollection> ResolveActionDownloadInfoAsync(Guid scopeIdentifier, string hubName, Guid planId, ActionReferenceList actions, CancellationToken cancellationToken);
     }
 
     public sealed class JobServer : RunnerService, IJobServer
@@ -78,6 +80,12 @@ namespace GitHub.Runner.Common
             return _taskClient.AppendTimelineRecordFeedAsync(scopeIdentifier, hubName, planId, timelineId, timelineRecordId, stepId, lines, cancellationToken: cancellationToken);
         }
 
+        public Task AppendTimelineRecordFeedAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, Guid stepId, IList<string> lines, long startLine, CancellationToken cancellationToken)
+        {
+            CheckConnection();
+            return _taskClient.AppendTimelineRecordFeedAsync(scopeIdentifier, hubName, planId, timelineId, timelineRecordId, stepId, lines, startLine, cancellationToken: cancellationToken);
+        }
+
         public Task<TaskAttachment> CreateAttachmentAsync(Guid scopeIdentifier, string hubName, Guid planId, Guid timelineId, Guid timelineRecordId, string type, string name, Stream uploadStream, CancellationToken cancellationToken)
         {
             CheckConnection();
@@ -113,5 +121,14 @@ namespace GitHub.Runner.Common
             CheckConnection();
             return _taskClient.GetTimelineAsync(scopeIdentifier, hubName, planId, timelineId, includeRecords: true, cancellationToken: cancellationToken);
         }
+
+        //-----------------------------------------------------------------
+        // Action download info
+        //-----------------------------------------------------------------
+        public Task<ActionDownloadInfoCollection> ResolveActionDownloadInfoAsync(Guid scopeIdentifier, string hubName, Guid planId, ActionReferenceList actions, CancellationToken cancellationToken)
+        {
+            CheckConnection();
+            return _taskClient.ResolveActionDownloadInfoAsync(scopeIdentifier, hubName, planId, actions, cancellationToken: cancellationToken);
+        }
     }
 }

src/Runner.Common/JobServerQueue.cs

@@ -18,7 +18,7 @@ namespace GitHub.Runner.Common
         event EventHandler<ThrottlingEventArgs> JobServerQueueThrottling;
         Task ShutdownAsync();
         void Start(Pipelines.AgentJobRequestMessage jobRequest);
-        void QueueWebConsoleLine(Guid stepRecordId, string line);
+        void QueueWebConsoleLine(Guid stepRecordId, string line, long? lineNumber = null);
         void QueueFileUpload(Guid timelineId, Guid timelineRecordId, string type, string name, string path, bool deleteSource);
         void QueueTimelineRecordUpdate(Guid timelineId, TimelineRecord timelineRecord);
     }
@@ -155,10 +155,10 @@ namespace GitHub.Runner.Common
             Trace.Info("All queue process tasks have been stopped, and all queues are drained.");
         }
 
-        public void QueueWebConsoleLine(Guid stepRecordId, string line)
+        public void QueueWebConsoleLine(Guid stepRecordId, string line, long? lineNumber)
         {
             Trace.Verbose("Enqueue web console line queue: {0}", line);
-            _webConsoleLineQueue.Enqueue(new ConsoleLineInfo(stepRecordId, line));
+            _webConsoleLineQueue.Enqueue(new ConsoleLineInfo(stepRecordId, line, lineNumber));
         }
 
         public void QueueFileUpload(Guid timelineId, Guid timelineRecordId, string type, string name, string path, bool deleteSource)
@@ -214,7 +214,7 @@ namespace GitHub.Runner.Common
                 }
 
                 // Group consolelines by timeline record of each step
-                Dictionary<Guid, List<string>> stepsConsoleLines = new Dictionary<Guid, List<string>>();
+                Dictionary<Guid, List<TimelineRecordLogLine>> stepsConsoleLines = new Dictionary<Guid, List<TimelineRecordLogLine>>();
                 List<Guid> stepRecordIds = new List<Guid>(); // We need to keep lines in order
                 int linesCounter = 0;
                 ConsoleLineInfo lineInfo;
@@ -222,7 +222,7 @@ namespace GitHub.Runner.Common
                 {
                     if (!stepsConsoleLines.ContainsKey(lineInfo.StepRecordId))
                     {
-                        stepsConsoleLines[lineInfo.StepRecordId] = new List<string>();
+                        stepsConsoleLines[lineInfo.StepRecordId] = new List<TimelineRecordLogLine>();
                         stepRecordIds.Add(lineInfo.StepRecordId);
                     }
 
@@ -232,7 +232,7 @@ namespace GitHub.Runner.Common
                         lineInfo.Line = $"{lineInfo.Line.Substring(0, 1024)}...";
                     }
 
-                    stepsConsoleLines[lineInfo.StepRecordId].Add(lineInfo.Line);
+                    stepsConsoleLines[lineInfo.StepRecordId].Add(new TimelineRecordLogLine(lineInfo.Line, lineInfo.LineNumber));
                     linesCounter++;
 
                     // process at most about 500 lines of web console line during regular timer dequeue task.
@@ -247,13 +247,13 @@ namespace GitHub.Runner.Common
                 {
                     // Split consolelines into batch, each batch will container at most 100 lines.
                     int batchCounter = 0;
-                    List<List<string>> batchedLines = new List<List<string>>();
+                    List<List<TimelineRecordLogLine>> batchedLines = new List<List<TimelineRecordLogLine>>();
                     foreach (var line in stepsConsoleLines[stepRecordId])
                     {
                         var currentBatch = batchedLines.ElementAtOrDefault(batchCounter);
                         if (currentBatch == null)
                         {
-                            batchedLines.Add(new List<string>());
+                            batchedLines.Add(new List<TimelineRecordLogLine>());
                             currentBatch = batchedLines.ElementAt(batchCounter);
                         }
 
@@ -275,7 +275,6 @@ namespace GitHub.Runner.Common
                         {
                             Trace.Info($"Skip {batchedLines.Count - 2} batches web console lines for last run");
                             batchedLines = batchedLines.TakeLast(2).ToList();
-                            batchedLines[0].Insert(0, "...");
                         }
 
                         int errorCount = 0;
@@ -284,7 +283,15 @@ namespace GitHub.Runner.Common
                             try
                             {
                                 // we will not requeue failed batch, since the web console lines are time sensitive.
-                                await _jobServer.AppendTimelineRecordFeedAsync(_scopeIdentifier, _hubName, _planId, _jobTimelineId, _jobTimelineRecordId, stepRecordId, batch, default(CancellationToken));
+                                if (batch[0].LineNumber.HasValue)
+                                {
+                                    await _jobServer.AppendTimelineRecordFeedAsync(_scopeIdentifier, _hubName, _planId, _jobTimelineId, _jobTimelineRecordId, stepRecordId, batch.Select(logLine => logLine.Line).ToList(), batch[0].LineNumber.Value, default(CancellationToken));
+                                }
+                                else 
+                                {
+                                    await _jobServer.AppendTimelineRecordFeedAsync(_scopeIdentifier, _hubName, _planId, _jobTimelineId, _jobTimelineRecordId, stepRecordId, batch.Select(logLine => logLine.Line).ToList(), default(CancellationToken));
+                                }
+                                
                                 if (_firstConsoleOutputs)
                                 {
                                     HostContext.WritePerfCounter($"WorkerJobServerQueueAppendFirstConsoleOutput_{_planId.ToString()}");
@@ -653,13 +660,15 @@ namespace GitHub.Runner.Common
 
     internal class ConsoleLineInfo
     {
-        public ConsoleLineInfo(Guid recordId, string line)
+        public ConsoleLineInfo(Guid recordId, string line, long? lineNumber)
         {
             this.StepRecordId = recordId;
             this.Line = line;
+            this.LineNumber = lineNumber;
         }
 
         public Guid StepRecordId { get; set; }
         public string Line { get; set; }
+        public long? LineNumber { get; set; }
     }
 }

src/Runner.Common/RunnerServer.cs

@@ -50,10 +50,6 @@ namespace GitHub.Runner.Common
 
         // agent update
         Task<TaskAgent> UpdateAgentUpdateStateAsync(int agentPoolId, int agentId, string currentState);
-
-        // runner authorization url
-        Task<string> GetRunnerAuthUrlAsync(int runnerPoolId, int runnerId);
-        Task ReportRunnerAuthUrlErrorAsync(int runnerPoolId, int runnerId, string error);
     }
 
     public sealed class RunnerServer : RunnerService, IRunnerServer

src/Runner.Common/Terminal.cs

@@ -102,7 +102,8 @@ namespace GitHub.Runner.Common
                     Console.Write(message);
                     Console.ResetColor();
                 }
-                else {
+                else
+                {
                     Console.Write(message);
                 }
             }
@@ -126,7 +127,8 @@ namespace GitHub.Runner.Common
                     Console.WriteLine(line);
                     Console.ResetColor();
                 }
-                else {
+                else
+                {
                     Console.WriteLine(line);
                 }
             }

src/Runner.Common/Util/EncodingUtil.cs

@@ -0,0 +1,51 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using GitHub.Runner.Sdk;
+using GitHub.Runner.Common;
+
+namespace GitHub.Runner.Common.Util
+{
+    public static class EncodingUtil
+    {
+        public static async Task SetEncoding(IHostContext hostContext, Tracing trace, CancellationToken cancellationToken)
+        {
+#if OS_WINDOWS
+            try
+            {
+                if (Console.InputEncoding.CodePage != 65001)
+                {
+                    using (var p = hostContext.CreateService<IProcessInvoker>())
+                    {
+                        // Use UTF8 code page
+                        int exitCode = await p.ExecuteAsync(workingDirectory: hostContext.GetDirectory(WellKnownDirectory.Work),
+                                                fileName: WhichUtil.Which("chcp", true, trace),
+                                                arguments: "65001",
+                                                environment: null,
+                                                requireExitCodeZero: false,
+                                                outputEncoding: null,
+                                                killProcessOnCancel: false,
+                                                redirectStandardIn: null,
+                                                inheritConsoleHandler: true,
+                                                cancellationToken: cancellationToken);
+                        if (exitCode == 0)
+                        {
+                            trace.Info("Successfully returned to code page 65001 (UTF8)");
+                        }
+                        else
+                        {
+                            trace.Warning($"'chcp 65001' failed with exit code {exitCode}");
+                        }
+                    }
+                }
+            }
+            catch (Exception ex)
+            {
+                trace.Warning($"'chcp 65001' failed with exception {ex.Message}");
+            }
+#endif
+            // Dummy variable to prevent compiler error CS1998: "This async method lacks 'await' operators and will run synchronously..."
+            await Task.CompletedTask;
+        }
+    }
+}

src/Runner.Listener/CommandSettings.cs

@@ -42,7 +42,7 @@ namespace GitHub.Runner.Listener
             Constants.Runner.CommandLine.Args.Labels,
             Constants.Runner.CommandLine.Args.MonitorSocketAddress,
             Constants.Runner.CommandLine.Args.Name,
-            Constants.Runner.CommandLine.Args.Pool,
+            Constants.Runner.CommandLine.Args.RunnerGroup,
             Constants.Runner.CommandLine.Args.StartupType,
             Constants.Runner.CommandLine.Args.Token,
             Constants.Runner.CommandLine.Args.Url,
@@ -169,6 +169,15 @@ namespace GitHub.Runner.Listener
                 validator: Validators.NonEmptyValidator);
         }
 
+        public string GetRunnerGroupName(string defaultPoolName = null)
+        {
+            return GetArgOrPrompt(
+                name: Constants.Runner.CommandLine.Args.RunnerGroup,
+                description: "Enter the name of the runner group to add this runner to:",
+                defaultValue: defaultPoolName ?? "default",
+                validator: Validators.NonEmptyValidator);
+        }
+
         public string GetToken()
         {
             return GetArgOrPrompt(

src/Runner.Listener/Configuration/ConfigurationManager.cs

@@ -92,9 +92,11 @@ namespace GitHub.Runner.Listener.Configuration
             _term.WriteSection("Authentication");
             while (true)
             {
-                // Get the URL
+                // When testing against a dev deployment of Actions Service, set this environment variable
+                var useDevActionsServiceUrl = Environment.GetEnvironmentVariable("USE_DEV_ACTIONS_SERVICE_URL");
                 var inputUrl = command.GetUrl();
-                if (inputUrl.Contains("codedev.ms", StringComparison.OrdinalIgnoreCase))
+                if (inputUrl.Contains("codedev.ms", StringComparison.OrdinalIgnoreCase)
+                    || useDevActionsServiceUrl != null)
                 {
                     runnerSettings.ServerUrl = inputUrl;
                     // Get the credentials
@@ -117,6 +119,19 @@ namespace GitHub.Runner.Listener.Configuration
                     // Determine the service deployment type based on connection data. (Hosted/OnPremises)
                     runnerSettings.IsHostedServer = runnerSettings.GitHubUrl == null || IsHostedServer(new UriBuilder(runnerSettings.GitHubUrl));
 
+                    // Warn if the Actions server url and GHES server url has different Host
+                    if (!runnerSettings.IsHostedServer)
+                    {
+                        // Example actionsServerUrl is https://my-ghes/_services/pipelines/[...]
+                        // Example githubServerUrl is https://my-ghes
+                        var actionsServerUrl = new Uri(runnerSettings.ServerUrl);
+                        var githubServerUrl = new Uri(runnerSettings.GitHubUrl);
+                        if (!string.Equals(actionsServerUrl.Authority, githubServerUrl.Authority, StringComparison.OrdinalIgnoreCase))
+                        {
+                            throw new InvalidOperationException($"GitHub Actions is not properly configured in GHES. GHES url: {runnerSettings.GitHubUrl}, Actions url: {runnerSettings.ServerUrl}.");
+                        }
+                    }
+
                     // Validate can connect.
                     await _runnerServer.ConnectAsync(new Uri(runnerSettings.ServerUrl), creds);
 
@@ -144,17 +159,34 @@ namespace GitHub.Runner.Listener.Configuration
 
             _term.WriteSection("Runner Registration");
 
-            //Get all the agent pools, and select the first private pool
+            // If we have more than one runner group available, allow the user to specify which one to be added into
+            string poolName = null;
+            TaskAgentPool agentPool = null;
             List<TaskAgentPool> agentPools = await _runnerServer.GetAgentPoolsAsync();
-            TaskAgentPool agentPool = agentPools?.Where(x => x.IsHosted == false).FirstOrDefault();
+            TaskAgentPool defaultPool = agentPools?.Where(x => x.IsInternal).FirstOrDefault();
 
-            if (agentPool == null)
+            if (agentPools?.Where(x => !x.IsHosted).Count() > 1)
             {
-                throw new TaskAgentPoolNotFoundException($"Could not find any private pool. Contact support.");
+                poolName = command.GetRunnerGroupName(defaultPool?.Name);
+                _term.WriteLine();
+                agentPool = agentPools.Where(x => string.Equals(poolName, x.Name, StringComparison.OrdinalIgnoreCase) && !x.IsHosted).FirstOrDefault();
             }
             else
             {
-                Trace.Info("Found a private pool with id {1} and name {2}", agentPool.Id, agentPool.Name);
+                agentPool = defaultPool;
+            }
+
+            if (agentPool == null && poolName == null)
+            {
+                throw new TaskAgentPoolNotFoundException($"Could not find any self-hosted runner groups. Contact support.");
+            }
+            else if (agentPool == null && poolName != null)
+            {
+                throw new TaskAgentPoolNotFoundException($"Could not find any self-hosted runner group named \"{poolName}\".");
+            }
+            else
+            {
+                Trace.Info("Found a self-hosted runner group with id {1} and name {2}", agentPool.Id, agentPool.Name);
                 runnerSettings.PoolId = agentPool.Id;
                 runnerSettings.PoolName = agentPool.Name;
             }
@@ -195,7 +227,7 @@ namespace GitHub.Runner.Listener.Configuration
                     else if (command.Unattended)
                     {
                         // if not replace and it is unattended config.
-                        throw new TaskAgentExistsException($"Pool {runnerSettings.PoolId} already contains a runner with name {runnerSettings.AgentName}.");
+                        throw new TaskAgentExistsException($"A runner exists with the same name {runnerSettings.AgentName}.");
                     }
                 }
                 else
@@ -219,36 +251,11 @@ namespace GitHub.Runner.Listener.Configuration
             // Add Agent Id to settings
             runnerSettings.AgentId = agent.Id;
 
-            // respect the serverUrl resolve by server.
-            // in case of agent configured using collection url instead of account url.
-            string agentServerUrl;
-            if (agent.Properties.TryGetValidatedValue<string>("ServerUrl", out agentServerUrl) &&
-                !string.IsNullOrEmpty(agentServerUrl))
-            {
-                Trace.Info($"Agent server url resolve by server: '{agentServerUrl}'.");
-
-                // we need make sure the Schema/Host/Port component of the url remain the same.
-                UriBuilder inputServerUrl = new UriBuilder(runnerSettings.ServerUrl);
-                UriBuilder serverReturnedServerUrl = new UriBuilder(agentServerUrl);
-                if (Uri.Compare(inputServerUrl.Uri, serverReturnedServerUrl.Uri, UriComponents.SchemeAndServer, UriFormat.Unescaped, StringComparison.OrdinalIgnoreCase) != 0)
-                {
-                    inputServerUrl.Path = serverReturnedServerUrl.Path;
-                    Trace.Info($"Replace server returned url's scheme://host:port component with user input server url's scheme://host:port: '{inputServerUrl.Uri.AbsoluteUri}'.");
-                    runnerSettings.ServerUrl = inputServerUrl.Uri.AbsoluteUri;
-                }
-                else
-                {
-                    runnerSettings.ServerUrl = agentServerUrl;
-                }
-            }
-
             // See if the server supports our OAuth key exchange for credentials
             if (agent.Authorization != null &&
                 agent.Authorization.ClientId != Guid.Empty &&
                 agent.Authorization.AuthorizationUrl != null)
             {
-                UriBuilder configServerUrl = new UriBuilder(runnerSettings.ServerUrl);
-                UriBuilder oauthEndpointUrlBuilder = new UriBuilder(agent.Authorization.AuthorizationUrl);
                 var credentialData = new CredentialData
                 {
                     Scheme = Constants.Configuration.OAuth,
@@ -256,7 +263,6 @@ namespace GitHub.Runner.Listener.Configuration
                     {
                         { "clientId", agent.Authorization.ClientId.ToString("D") },
                         { "authorizationUrl", agent.Authorization.AuthorizationUrl.AbsoluteUri },
-                        { "oauthEndpointUrl", oauthEndpointUrlBuilder.Uri.AbsoluteUri },
                     },
                 };
 

src/Runner.Listener/Configuration/CredentialManager.cs

@@ -13,7 +13,7 @@ namespace GitHub.Runner.Listener.Configuration
     public interface ICredentialManager : IRunnerService
     {
         ICredentialProvider GetCredentialProvider(string credType);
-        VssCredentials LoadCredentials(bool preferMigrated = true);
+        VssCredentials LoadCredentials();
     }
 
     public class CredentialManager : RunnerService, ICredentialManager
@@ -40,7 +40,7 @@ namespace GitHub.Runner.Listener.Configuration
             return creds;
         }
 
-        public VssCredentials LoadCredentials(bool preferMigrated = true)
+        public VssCredentials LoadCredentials()
         {
             IConfigurationStore store = HostContext.GetService<IConfigurationStore>();
 
@@ -50,14 +50,16 @@ namespace GitHub.Runner.Listener.Configuration
             }
 
             CredentialData credData = store.GetCredentials();
-
-            if (preferMigrated)
-            {
             var migratedCred = store.GetMigratedCredentials();
             if (migratedCred != null)
             {
                 credData = migratedCred;
-                }
+
+                // Re-write .credentials with Token URL
+                store.SaveCredential(credData);
+
+                // Delete .credentials_migrated
+                store.DeleteMigratedCredential();
             }
 
             ICredentialProvider credProv = GetCredentialProvider(credData.Scheme);

src/Runner.Listener/JobDispatcher.cs

@@ -858,7 +858,6 @@ namespace GitHub.Runner.Listener
             }
         }
 
-        // TODO: We need send detailInfo back to DT in order to add an issue for the job
         private async Task CompleteJobRequestAsync(int poolId, Pipelines.AgentJobRequestMessage message, Guid lockToken, TaskResult result, string detailInfo = null)
         {
             Trace.Entering();
@@ -952,8 +951,10 @@ namespace GitHub.Runner.Listener
                 ArgUtil.NotNull(timeline, nameof(timeline));
                 TimelineRecord jobRecord = timeline.Records.FirstOrDefault(x => x.Id == message.JobId && x.RecordType == "Job");
                 ArgUtil.NotNull(jobRecord, nameof(jobRecord));
+                var unhandledExceptionIssue = new Issue() { Type = IssueType.Error, Message = errorMessage };
+                unhandledExceptionIssue.Data[Constants.Runner.InternalTelemetryIssueDataKey] = Constants.Runner.WorkerCrash;
                 jobRecord.ErrorCount++;
-                jobRecord.Issues.Add(new Issue() { Type = IssueType.Error, Message = errorMessage });
+                jobRecord.Issues.Add(unhandledExceptionIssue);
                 await jobServer.UpdateTimelineRecordsAsync(message.Plan.ScopeIdentifier, message.Plan.PlanType, message.Plan.PlanId, message.Timeline.Id, new TimelineRecord[] { jobRecord }, CancellationToken.None);
             }
             catch (Exception ex)

src/Runner.Listener/MessageListener.cs

@@ -13,10 +13,7 @@ using System.Diagnostics;
 using System.Runtime.InteropServices;
 using GitHub.Runner.Common;
 using GitHub.Runner.Sdk;
-using GitHub.Services.WebApi;
-using System.Runtime.CompilerServices;
 
-[assembly: InternalsVisibleTo("Test")]
 namespace GitHub.Runner.Listener
 {
     [ServiceLocator(Default = typeof(MessageListener))]
@@ -35,30 +32,18 @@ namespace GitHub.Runner.Listener
         private ITerminal _term;
         private IRunnerServer _runnerServer;
         private TaskAgentSession _session;
-        private ICredentialManager _credMgr;
-        private IConfigurationStore _configStore;
         private TimeSpan _getNextMessageRetryInterval;
         private readonly TimeSpan _sessionCreationRetryInterval = TimeSpan.FromSeconds(30);
         private readonly TimeSpan _sessionConflictRetryLimit = TimeSpan.FromMinutes(4);
         private readonly TimeSpan _clockSkewRetryLimit = TimeSpan.FromMinutes(30);
         private readonly Dictionary<string, int> _sessionCreationExceptionTracker = new Dictionary<string, int>();
 
-        // Whether load credentials from .credentials_migrated file
-        internal bool _useMigratedCredentials;
-
-        // need to check auth url if there is only .credentials and auth schema is OAuth
-        internal bool _needToCheckAuthorizationUrlUpdate;
-        internal Task<VssCredentials> _authorizationUrlMigrationBackgroundTask;
-        internal Task _authorizationUrlRollbackReattemptDelayBackgroundTask;
-
         public override void Initialize(IHostContext hostContext)
         {
             base.Initialize(hostContext);
 
             _term = HostContext.GetService<ITerminal>();
             _runnerServer = HostContext.GetService<IRunnerServer>();
-            _credMgr = HostContext.GetService<ICredentialManager>();
-            _configStore = HostContext.GetService<IConfigurationStore>();
         }
 
         public async Task<Boolean> CreateSessionAsync(CancellationToken token)
@@ -73,8 +58,8 @@ namespace GitHub.Runner.Listener
 
             // Create connection.
             Trace.Info("Loading Credentials");
-            _useMigratedCredentials = !StringUtil.ConvertToBoolean(Environment.GetEnvironmentVariable("GITHUB_ACTIONS_RUNNER_SPSAUTHURL"));
-            VssCredentials creds = _credMgr.LoadCredentials(_useMigratedCredentials);
+            var credMgr = HostContext.GetService<ICredentialManager>();
+            VssCredentials creds = credMgr.LoadCredentials();
 
             var agent = new TaskAgentReference
             {
@@ -89,17 +74,6 @@ namespace GitHub.Runner.Listener
             string errorMessage = string.Empty;
             bool encounteringError = false;
 
-            var originalCreds = _configStore.GetCredentials();
-            var migratedCreds = _configStore.GetMigratedCredentials();
-            if (migratedCreds == null)
-            {
-                _useMigratedCredentials = false;
-                if (originalCreds.Scheme == Constants.Configuration.OAuth)
-                {
-                    _needToCheckAuthorizationUrlUpdate = true;
-                }
-            }
-
             while (true)
             {
                 token.ThrowIfCancellationRequested();
@@ -127,12 +101,6 @@ namespace GitHub.Runner.Listener
                         encounteringError = false;
                     }
 
-                    if (_needToCheckAuthorizationUrlUpdate)
-                    {
-                        // start background task try to get new authorization url
-                        _authorizationUrlMigrationBackgroundTask = GetNewOAuthAuthorizationSetting(token);
-                    }
-
                     return true;
                 }
                 catch (OperationCanceledException) when (token.IsCancellationRequested)
@@ -150,24 +118,25 @@ namespace GitHub.Runner.Listener
                     Trace.Error("Catch exception during create session.");
                     Trace.Error(ex);
 
-                    if (!IsSessionCreationExceptionRetriable(ex))
+                    if (ex is VssOAuthTokenRequestException && creds.Federated is VssOAuthCredential vssOAuthCred)
                     {
-                        if (_useMigratedCredentials)
+                        // Check whether we get 401 because the runner registration already removed by the service.
+                        // If the runner registration get deleted, we can't exchange oauth token.
+                        Trace.Error("Test oauth app registration.");
+                        var oauthTokenProvider = new VssOAuthTokenProvider(vssOAuthCred, new Uri(serverUrl));
+                        var authError = await oauthTokenProvider.ValidateCredentialAsync(token);
+                        if (string.Equals(authError, "invalid_client", StringComparison.OrdinalIgnoreCase))
                         {
-                            // migrated credentials might cause lose permission during permission check,
-                            // we will force to use original credential and try again
-                            _useMigratedCredentials = false;
-                            var reattemptBackoff = BackoffTimerHelper.GetRandomBackoff(TimeSpan.FromHours(24), TimeSpan.FromHours(36));
-                            _authorizationUrlRollbackReattemptDelayBackgroundTask = HostContext.Delay(reattemptBackoff, token); // retry migrated creds in 24-36 hours.
-                            creds = _credMgr.LoadCredentials(false);
-                            Trace.Error("Fallback to original credentials and try again.");
+                            _term.WriteError("Failed to create a session. The runner registration has been deleted from the server, please re-configure.");
+                            return false;
                         }
-                        else
+                    }
+
+                    if (!IsSessionCreationExceptionRetriable(ex))
                     {
                         _term.WriteError($"Failed to create session. {ex.Message}");
                         return false;
                     }
-                    }
 
                     if (!encounteringError) //print the message only on the first error
                     {
@@ -227,51 +196,6 @@ namespace GitHub.Runner.Listener
                         encounteringError = false;
                         continuousError = 0;
                     }
-
-                    if (_needToCheckAuthorizationUrlUpdate &&
-                        _authorizationUrlMigrationBackgroundTask?.IsCompleted == true)
-                    {
-                        if (HostContext.GetService<IJobDispatcher>().Busy ||
-                            HostContext.GetService<ISelfUpdater>().Busy)
-                        {
-                            Trace.Info("Job or runner updates in progress, update credentials next time.");
-                        }
-                        else
-                        {
-                            try
-                            {
-                                var newCred = await _authorizationUrlMigrationBackgroundTask;
-                                await _runnerServer.ConnectAsync(new Uri(_settings.ServerUrl), newCred);
-                                Trace.Info("Updated connection to use migrated credential for next GetMessage call.");
-                                _useMigratedCredentials = true;
-                                _authorizationUrlMigrationBackgroundTask = null;
-                                _needToCheckAuthorizationUrlUpdate = false;
-                            }
-                            catch (Exception ex)
-                            {
-                                Trace.Error("Fail to refresh connection with new authorization url.");
-                                Trace.Error(ex);
-                            }
-                        }
-                    }
-
-                    if (_authorizationUrlRollbackReattemptDelayBackgroundTask?.IsCompleted == true)
-                    {
-                        try
-                        {
-                            // we rolled back to use original creds about 2 days before, now it's a good time to try migrated creds again.
-                            Trace.Info("Re-attempt to use migrated credential");
-                            var migratedCreds = _credMgr.LoadCredentials();
-                            await _runnerServer.ConnectAsync(new Uri(_settings.ServerUrl), migratedCreds);
-                            _useMigratedCredentials = true;
-                            _authorizationUrlRollbackReattemptDelayBackgroundTask = null;
-                        }
-                        catch (Exception ex)
-                        {
-                            Trace.Error("Fail to refresh connection with new authorization url on rollback reattempt.");
-                            Trace.Error(ex);
-                        }
-                    }
                 }
                 catch (OperationCanceledException) when (token.IsCancellationRequested)
                 {
@@ -294,23 +218,9 @@ namespace GitHub.Runner.Listener
                         Trace.Info($"{nameof(TaskAgentSessionExpiredException)} received, recovered by recreate session.");
                     }
                     else if (!IsGetNextMessageExceptionRetriable(ex))
-                    {
-                        if (_useMigratedCredentials)
-                        {
-                            // migrated credentials might cause lose permission during permission check,
-                            // we will force to use original credential and try again
-                            _useMigratedCredentials = false;
-                            var reattemptBackoff = BackoffTimerHelper.GetRandomBackoff(TimeSpan.FromHours(24), TimeSpan.FromHours(36));
-                            _authorizationUrlRollbackReattemptDelayBackgroundTask = HostContext.Delay(reattemptBackoff, token); // retry migrated creds in 24-36 hours.
-                            var originalCreds = _credMgr.LoadCredentials(false);
-                            await _runnerServer.ConnectAsync(new Uri(_settings.ServerUrl), originalCreds);
-                            Trace.Error("Fallback to original credentials and try again.");
-                        }
-                        else
                     {
                         throw;
                     }
-                    }
                     else
                     {
                         continuousError++;
@@ -501,80 +411,5 @@ namespace GitHub.Runner.Listener
                 return true;
             }
         }
-
-        private async Task<VssCredentials> GetNewOAuthAuthorizationSetting(CancellationToken token)
-        {
-            Trace.Info("Start checking oauth authorization url update.");
-            while (true)
-            {
-                var backoff = BackoffTimerHelper.GetRandomBackoff(TimeSpan.FromMinutes(30), TimeSpan.FromMinutes(45));
-                await HostContext.Delay(backoff, token);
-
-                try
-                {
-                    var migratedAuthorizationUrl = await _runnerServer.GetRunnerAuthUrlAsync(_settings.PoolId, _settings.AgentId);
-                    if (!string.IsNullOrEmpty(migratedAuthorizationUrl))
-                    {
-                        var credData = _configStore.GetCredentials();
-                        var clientId = credData.Data.GetValueOrDefault("clientId", null);
-                        var currentAuthorizationUrl = credData.Data.GetValueOrDefault("authorizationUrl", null);
-                        Trace.Info($"Current authorization url: {currentAuthorizationUrl}, new authorization url: {migratedAuthorizationUrl}");
-
-                        if (string.Equals(currentAuthorizationUrl, migratedAuthorizationUrl, StringComparison.OrdinalIgnoreCase))
-                        {
-                            // We don't need to update credentials.
-                            Trace.Info("No needs to update authorization url");
-                            await Task.Delay(TimeSpan.FromMilliseconds(-1), token);
-                        }
-
-                        var keyManager = HostContext.GetService<IRSAKeyManager>();
-                        var signingCredentials = VssSigningCredentials.Create(() => keyManager.GetKey());
-
-                        var migratedClientCredential = new VssOAuthJwtBearerClientCredential(clientId, migratedAuthorizationUrl, signingCredentials);
-                        var migratedRunnerCredential = new VssOAuthCredential(new Uri(migratedAuthorizationUrl, UriKind.Absolute), VssOAuthGrant.ClientCredentials, migratedClientCredential);
-
-                        Trace.Info("Try connect service with Token Service OAuth endpoint.");
-                        var runnerServer = HostContext.CreateService<IRunnerServer>();
-                        await runnerServer.ConnectAsync(new Uri(_settings.ServerUrl), migratedRunnerCredential);
-                        await runnerServer.GetAgentPoolsAsync();
-                        Trace.Info($"Successfully connected service with new authorization url.");
-
-                        var migratedCredData = new CredentialData
-                        {
-                            Scheme = Constants.Configuration.OAuth,
-                            Data =
-                            {
-                                { "clientId", clientId },
-                                { "authorizationUrl", migratedAuthorizationUrl },
-                                { "oauthEndpointUrl", migratedAuthorizationUrl },
-                            },
-                        };
-
-                        _configStore.SaveMigratedCredential(migratedCredData);
-                        return migratedRunnerCredential;
-                    }
-                    else
-                    {
-                        Trace.Verbose("No authorization url updates");
-                    }
-                }
-                catch (Exception ex)
-                {
-                    Trace.Error("Fail to get/test new authorization url.");
-                    Trace.Error(ex);
-
-                    try
-                    {
-                        await _runnerServer.ReportRunnerAuthUrlErrorAsync(_settings.PoolId, _settings.AgentId, ex.ToString());
-                    }
-                    catch (Exception e)
-                    {
-                        // best effort
-                        Trace.Error("Fail to report the migration error");
-                        Trace.Error(e);
-                    }
-                }
-            }
-        }
     }
 }

src/Runner.Listener/Program.cs

@@ -102,7 +102,9 @@ namespace GitHub.Runner.Listener
                 IRunner runner = context.GetService<IRunner>();
                 try
                 {
-                    return await runner.ExecuteCommand(command);
+                    var returnCode = await runner.ExecuteCommand(command);
+                    trace.Info($"Runner execution has finished with return code {returnCode}");
+                    return returnCode;
                 }
                 catch (OperationCanceledException) when (context.RunnerShutdownToken.IsCancellationRequested)
                 {

src/Runner.Listener/Runner.cs

@@ -466,6 +466,8 @@ Config Options:
  --url string           Repository to add the runner to. Required if unattended
  --token string         Registration token. Required if unattended
  --name string          Name of the runner to configure (default {Environment.MachineName ?? "myrunner"})
+ --runnergroup string   Name of the runner group to add this runner to (defaults to the default runner group)
+ --labels string        Extra labels in addition to the default: 'self-hosted,{Constants.Runner.Platform},{Constants.Runner.PlatformArchitecture}'
  --work string          Relative runner work directory (default {Constants.Path.WorkDirectory})
  --replace              Replace any existing runner with the same name (default false)");
 #if OS_WINDOWS
@@ -478,7 +480,9 @@ Examples:
  Configure a runner non-interactively:
   .{separator}config.{ext} --unattended --url <url> --token <token>
  Configure a runner non-interactively, replacing any existing runner with the same name:
-  .{separator}config.{ext} --unattended --url <url> --token <token> --replace [--name <name>]");
+  .{separator}config.{ext} --unattended --url <url> --token <token> --replace [--name <name>]
+ Configure a runner non-interactively with three extra labels:
+  .{separator}config.{ext} --unattended --url <url> --token <token> --labels L1,L2,L3");
 #if OS_WINDOWS
     _term.WriteLine($@" Configure a runner to run as a service:");
     _term.WriteLine($@"  .{separator}config.{ext} --url <url> --token <token> --runasservice");

src/Runner.Plugins/Repository/v1.0/GitSourceProvider.cs

@@ -80,7 +80,12 @@ namespace GitHub.Runner.Plugins.Repository.v1_0
             // Validate args.
             ArgUtil.NotNull(executionContext, nameof(executionContext));
             executionContext.Output($"Syncing repository: {repoFullName}");
-            Uri repositoryUrl = new Uri($"https://github.com/{repoFullName}");
+
+            // Repository URL
+            var githubUrl = executionContext.GetGitHubContext("server_url");
+            var githubUri = new Uri(!string.IsNullOrEmpty(githubUrl) ? githubUrl : "https://github.com");
+            var portInfo = githubUri.IsDefaultPort ? string.Empty : $":{githubUri.Port}";
+            Uri repositoryUrl = new Uri($"{githubUri.Scheme}://{githubUri.Host}{portInfo}/{repoFullName}");
             if (!repositoryUrl.IsAbsoluteUri)
             {
                 throw new InvalidOperationException("Repository url need to be an absolute uri.");

src/Runner.Sdk/ProcessInvoker.cs

@@ -318,7 +318,12 @@ namespace GitHub.Runner.Sdk
                 }
             }
 
-            using (var registration = cancellationToken.Register(async () => await CancelAndKillProcessTree(killProcessOnCancel)))
+            var cancellationFinished = new TaskCompletionSource<bool>();
+            using (var registration = cancellationToken.Register(async () =>
+            {
+                await CancelAndKillProcessTree(killProcessOnCancel);
+                cancellationFinished.TrySetResult(true);
+            }))
             {
                 Trace.Info($"Process started with process id {_proc.Id}, waiting for process exit.");
                 while (true)
@@ -341,6 +346,13 @@ namespace GitHub.Runner.Sdk
                 // data buffers one last time before returning
                 ProcessOutput();
 
+                if (cancellationToken.IsCancellationRequested)
+                {
+                    // Ensure cancellation also finish on the cancellationToken.Register thread.
+                    await cancellationFinished.Task;
+                    Trace.Info($"Process Cancellation finished.");
+                }
+
                 Trace.Info($"Finished process {_proc.Id} with exit code {_proc.ExitCode}, and elapsed time {_stopWatch.Elapsed}.");
             }
 

src/Runner.Sdk/RunnerWebProxy.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Net;
 using System.Text.RegularExpressions;
@@ -71,7 +71,7 @@ namespace GitHub.Runner.Sdk
 
             if (!string.IsNullOrEmpty(httpProxyAddress) && Uri.TryCreate(httpProxyAddress, UriKind.Absolute, out var proxyHttpUri))
             {
-                _httpProxyAddress = proxyHttpUri.AbsoluteUri;
+                _httpProxyAddress = proxyHttpUri.OriginalString;
 
                 // Set both environment variables since there are tools support both casing (curl, wget) and tools support only one casing (docker)
                 Environment.SetEnvironmentVariable("HTTP_PROXY", _httpProxyAddress);
@@ -101,7 +101,7 @@ namespace GitHub.Runner.Sdk
 
             if (!string.IsNullOrEmpty(httpsProxyAddress) && Uri.TryCreate(httpsProxyAddress, UriKind.Absolute, out var proxyHttpsUri))
             {
-                _httpsProxyAddress = proxyHttpsUri.AbsoluteUri;
+                _httpsProxyAddress = proxyHttpsUri.OriginalString;
 
                 // Set both environment variables since there are tools support both casing (curl, wget) and tools support only one casing (docker)
                 Environment.SetEnvironmentVariable("HTTPS_PROXY", _httpsProxyAddress);

src/Runner.Sdk/Util/StringUtil.cs

@@ -30,7 +30,7 @@ namespace GitHub.Runner.Sdk
             //
             // For example, on an en-US box, this is required for loading the encoding for the
             // default console output code page '437'. Without loading the correct encoding for
-            // code page IBM437, some characters cannot be translated correctly, e.g. write 'ç'
+            // code page IBM437, some characters cannot be translated correctly, e.g. write 'ç'
             // from powershell.exe.
             Encoding.RegisterProvider(CodePagesEncodingProvider.Instance);
 #endif

src/Runner.Sdk/Util/WhichUtil.cs

@@ -11,6 +11,11 @@ namespace GitHub.Runner.Sdk
         {
             ArgUtil.NotNullOrEmpty(command, nameof(command));
             trace?.Info($"Which: '{command}'");
+            if (Path.IsPathFullyQualified(command) && File.Exists(command))
+            {
+                trace?.Info($"Fully qualified path: '{command}'");
+                return command;
+            }
             string path = Environment.GetEnvironmentVariable(PathUtil.PathVariable);
             if (string.IsNullOrEmpty(path))
             {

src/Runner.Worker/ActionCommandManager.cs

@@ -1,4 +1,5 @@
 using GitHub.DistributedTask.Pipelines;
+using GitHub.DistributedTask.Pipelines.ContextData;
 using GitHub.DistributedTask.WebApi;
 using GitHub.Runner.Common.Util;
 using GitHub.Runner.Worker.Container;
@@ -183,12 +184,64 @@ namespace GitHub.Runner.Worker
 
         public void ProcessCommand(IExecutionContext context, string line, ActionCommand command, ContainerInfo container)
         {
+            var configurationStore = HostContext.GetService<IConfigurationStore>();
+            var isHostedServer = configurationStore.GetSettings().IsHostedServer;
+
+            var allowUnsecureCommands = false;
+            bool.TryParse(Environment.GetEnvironmentVariable(Constants.Variables.Actions.AllowUnsupportedCommands), out allowUnsecureCommands);
+
+            // Apply environment from env context, env context contains job level env and action's env block
+#if OS_WINDOWS
+            var envContext = context.ExpressionValues["env"] as DictionaryContextData;
+#else
+            var envContext = context.ExpressionValues["env"] as CaseSensitiveDictionaryContextData;
+#endif
+            if (!allowUnsecureCommands && envContext.ContainsKey(Constants.Variables.Actions.AllowUnsupportedCommands))
+            {
+                bool.TryParse(envContext[Constants.Variables.Actions.AllowUnsupportedCommands].ToString(), out allowUnsecureCommands);
+            }
+
+            // TODO: Eventually remove isHostedServer and apply this to dotcom customers as well
+            if (!isHostedServer && !allowUnsecureCommands)
+            {
+                throw new Exception(String.Format(Constants.Runner.UnsupportedCommandMessageDisabled, this.Command));
+            }
+            else if (!allowUnsecureCommands)
+            {
+                // Log Telemetry and let user know they shouldn't do this
+                var issue = new Issue()
+                {
+                    Type = IssueType.Error,
+                    Message = String.Format(Constants.Runner.UnsupportedCommandMessage, this.Command)
+                };
+                issue.Data[Constants.Runner.InternalTelemetryIssueDataKey] = Constants.Runner.UnsupportedCommand;
+                context.AddIssue(issue);
+            }
+
             if (!command.Properties.TryGetValue(SetEnvCommandProperties.Name, out string envName) || string.IsNullOrEmpty(envName))
             {
                 throw new Exception("Required field 'name' is missing in ##[set-env] command.");
             }
 
-            context.EnvironmentVariables[envName] = command.Data;
+
+            foreach (var blocked in _setEnvBlockList)
+            {
+                if (string.Equals(blocked, envName, StringComparison.OrdinalIgnoreCase))
+                {
+                    // Log Telemetry and let user know they shouldn't do this
+                    var issue = new Issue()
+                    {
+                        Type = IssueType.Error,
+                        Message = $"Can't update {blocked} environment variable using ::set-env:: command."
+                    };
+                    issue.Data[Constants.Runner.InternalTelemetryIssueDataKey] = $"{Constants.Runner.UnsupportedCommand}_{envName}";
+                    context.AddIssue(issue);
+
+                    return;
+                }
+            }
+
+            context.Global.EnvironmentVariables[envName] = command.Data;
             context.SetEnvContext(envName, command.Data);
             context.Debug($"{envName}='{command.Data}'");
         }
@@ -197,6 +250,11 @@ namespace GitHub.Runner.Worker
         {
             public const String Name = "name";
         }
+
+        private string[] _setEnvBlockList = 
+        {
+            "NODE_OPTIONS"
+        };
     }
 
     public sealed class SetOutputCommandExtension : RunnerService, IActionCommandExtension
@@ -282,9 +340,43 @@ namespace GitHub.Runner.Worker
 
         public void ProcessCommand(IExecutionContext context, string line, ActionCommand command, ContainerInfo container)
         {
+            var configurationStore = HostContext.GetService<IConfigurationStore>();
+            var isHostedServer = configurationStore.GetSettings().IsHostedServer;
+
+            var allowUnsecureCommands = false;
+            bool.TryParse(Environment.GetEnvironmentVariable(Constants.Variables.Actions.AllowUnsupportedCommands), out allowUnsecureCommands);
+
+            // Apply environment from env context, env context contains job level env and action's env block
+#if OS_WINDOWS
+            var envContext = context.ExpressionValues["env"] as DictionaryContextData;
+#else
+            var envContext = context.ExpressionValues["env"] as CaseSensitiveDictionaryContextData;
+#endif
+            if (!allowUnsecureCommands && envContext.ContainsKey(Constants.Variables.Actions.AllowUnsupportedCommands))
+            {
+                bool.TryParse(envContext[Constants.Variables.Actions.AllowUnsupportedCommands].ToString(), out allowUnsecureCommands);
+            }
+
+            // TODO: Eventually remove isHostedServer and apply this to dotcom customers as well
+            if (!isHostedServer && !allowUnsecureCommands)
+            {
+                throw new Exception(String.Format(Constants.Runner.UnsupportedCommandMessageDisabled, this.Command));
+            }
+            else if (!allowUnsecureCommands)
+            {
+                // Log Telemetry and let user know they shouldn't do this
+                var issue = new Issue()
+                {
+                    Type = IssueType.Error,
+                    Message = String.Format(Constants.Runner.UnsupportedCommandMessage, this.Command)
+                };
+                issue.Data[Constants.Runner.InternalTelemetryIssueDataKey] = Constants.Runner.UnsupportedCommand;
+                context.AddIssue(issue);
+            }
+
             ArgUtil.NotNullOrEmpty(command.Data, "path");
-            context.PrependPath.RemoveAll(x => string.Equals(x, command.Data, StringComparison.CurrentCulture));
-            context.PrependPath.Add(command.Data);
+            context.Global.PrependPath.RemoveAll(x => string.Equals(x, command.Data, StringComparison.CurrentCulture));
+            context.Global.PrependPath.Add(command.Data);
         }
     }
 
@@ -485,9 +577,12 @@ namespace GitHub.Runner.Worker
             }
 
             foreach (var property in command.Properties)
+            {
+                if (!string.Equals(property.Key, Constants.Runner.InternalTelemetryIssueDataKey, StringComparison.OrdinalIgnoreCase))
                 {
                     issue.Data[property.Key] = property.Value;
                 }
+            }
 
             context.AddIssue(issue);
         }

src/Runner.Worker/ActionManager.cs

@@ -1,21 +1,20 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.IO.Compression;
 using System.Linq;
-using System.Threading;
-using System.Threading.Tasks;
+using System.Net;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
 using GitHub.DistributedTask.ObjectTemplating.Tokens;
-using GitHub.DistributedTask.WebApi;
 using GitHub.Runner.Common;
-using GitHub.Runner.Common.Util;
 using GitHub.Runner.Sdk;
 using GitHub.Runner.Worker.Container;
 using GitHub.Services.Common;
-using Newtonsoft.Json;
+using WebApi = GitHub.DistributedTask.WebApi;
 using Pipelines = GitHub.DistributedTask.Pipelines;
 using PipelineTemplateConstants = GitHub.DistributedTask.Pipelines.ObjectTemplating.PipelineTemplateConstants;
 
@@ -48,7 +47,7 @@ namespace GitHub.Runner.Worker
 
         //81920 is the default used by System.IO.Stream.CopyTo and is under the large object heap threshold (85k).
         private const int _defaultCopyBufferSize = 81920;
-
+        private const string _dotcomApiUrl = "https://api.github.com";
         private readonly Dictionary<Guid, ContainerInfo> _cachedActionContainers = new Dictionary<Guid, ContainerInfo>();
 
         public Dictionary<Guid, ContainerInfo> CachedActionContainers => _cachedActionContainers;
@@ -67,19 +66,18 @@ namespace GitHub.Runner.Worker
 
             // TODO: Deprecate the PREVIEW_ACTION_TOKEN
             // Log even if we aren't using it to ensure users know.
-            if (!string.IsNullOrEmpty(executionContext.Variables.Get("PREVIEW_ACTION_TOKEN")))
+            if (!string.IsNullOrEmpty(executionContext.Global.Variables.Get("PREVIEW_ACTION_TOKEN")))
             {
                 executionContext.Warning("The 'PREVIEW_ACTION_TOKEN' secret is deprecated. Please remove it from the repository's secrets");
             }
 
             // Clear the cache (for self-hosted runners)
-            // Note, temporarily avoid this step for the on-premises product, to avoid rate limiting.
-            var configurationStore = HostContext.GetService<IConfigurationStore>();
-            var isHostedServer = configurationStore.GetSettings().IsHostedServer;
-            if (isHostedServer)
-            {
             IOUtil.DeleteDirectory(HostContext.GetDirectory(WellKnownDirectory.Actions), executionContext.CancellationToken);
-            }
+
+            // todo: Remove when feature flag DistributedTask.NewActionMetadata is removed
+            var newActionMetadata = executionContext.Global.Variables.GetBoolean("DistributedTask.NewActionMetadata") ?? false;
+
+            var repositoryActions = new List<Pipelines.ActionStep>();
 
             foreach (var action in actions)
             {
@@ -98,7 +96,8 @@ namespace GitHub.Runner.Worker
                     Trace.Info($"Action {action.Name} ({action.Id}) needs to pull image '{containerReference.Image}'");
                     imagesToPull[containerReference.Image].Add(action.Id);
                 }
-                else if (action.Reference.Type == Pipelines.ActionSourceType.Repository)
+                // todo: Remove when feature flag DistributedTask.NewActionMetadata is removed
+                else if (action.Reference.Type == Pipelines.ActionSourceType.Repository && !newActionMetadata)
                 {
                     // only download the repository archive
                     await DownloadRepositoryActionAsync(executionContext, action);
@@ -132,6 +131,81 @@ namespace GitHub.Runner.Worker
                         }
                     }
 
+                    var repoAction = action.Reference as Pipelines.RepositoryPathReference;
+                    if (repoAction.RepositoryType != Pipelines.PipelineConstants.SelfAlias)
+                    {
+                        var definition = LoadAction(executionContext, action);
+                        if (definition.Data.Execution.HasPre)
+                        {
+                            var actionRunner = HostContext.CreateService<IActionRunner>();
+                            actionRunner.Action = action;
+                            actionRunner.Stage = ActionRunStage.Pre;
+                            actionRunner.Condition = definition.Data.Execution.InitCondition;
+
+                            Trace.Info($"Add 'pre' execution for {action.Id}");
+                            preStepTracker[action.Id] = actionRunner;
+                        }
+                    }
+                }
+                else if (action.Reference.Type == Pipelines.ActionSourceType.Repository && newActionMetadata)
+                {
+                    repositoryActions.Add(action);
+                }
+            }
+
+            if (repositoryActions.Count > 0)
+            {
+                // Get the download info
+                var downloadInfos = await GetDownloadInfoAsync(executionContext, repositoryActions);
+
+                // Download each action
+                foreach (var action in repositoryActions)
+                {
+                    var lookupKey = GetDownloadInfoLookupKey(action);
+                    if (string.IsNullOrEmpty(lookupKey))
+                    {
+                        continue;
+                    }
+
+                    if (!downloadInfos.TryGetValue(lookupKey, out var downloadInfo))
+                    {
+                        throw new Exception($"Missing download info for {lookupKey}");
+                    }
+
+                    await DownloadRepositoryActionAsync(executionContext, downloadInfo);
+                }
+
+                // More preparation based on content in the repository (action.yml)
+                foreach (var action in repositoryActions)
+                {
+                    var setupInfo = PrepareRepositoryActionAsync(executionContext, action);
+                    if (setupInfo != null)
+                    {
+                        if (!string.IsNullOrEmpty(setupInfo.Image))
+                        {
+                            if (!imagesToPull.ContainsKey(setupInfo.Image))
+                            {
+                                imagesToPull[setupInfo.Image] = new List<Guid>();
+                            }
+
+                            Trace.Info($"Action {action.Name} ({action.Id}) from repository '{setupInfo.ActionRepository}' needs to pull image '{setupInfo.Image}'");
+                            imagesToPull[setupInfo.Image].Add(action.Id);
+                        }
+                        else
+                        {
+                            ArgUtil.NotNullOrEmpty(setupInfo.ActionRepository, nameof(setupInfo.ActionRepository));
+
+                            if (!imagesToBuild.ContainsKey(setupInfo.ActionRepository))
+                            {
+                                imagesToBuild[setupInfo.ActionRepository] = new List<Guid>();
+                            }
+
+                            Trace.Info($"Action {action.Name} ({action.Id}) from repository '{setupInfo.ActionRepository}' needs to build image '{setupInfo.Dockerfile}'");
+                            imagesToBuild[setupInfo.ActionRepository].Add(action.Id);
+                            imagesToBuildInfo[setupInfo.ActionRepository] = setupInfo;
+                        }
+                    }
+
                     var repoAction = action.Reference as Pipelines.RepositoryPathReference;
                     if (repoAction.RepositoryType != Pipelines.PipelineConstants.SelfAlias)
                     {
@@ -321,6 +395,14 @@ namespace GitHub.Runner.Worker
                             Trace.Info($"Action cleanup plugin: {plugin.PluginTypeName}.");
                         }
                     }
+                    else if (definition.Data.Execution.ExecutionType == ActionExecutionType.Composite)
+                    {
+                        var compositeAction = definition.Data.Execution as CompositeActionExecutionData;
+                        Trace.Info($"Load {compositeAction.Steps?.Count ?? 0} action steps.");
+                        Trace.Verbose($"Details: {StringUtil.ConvertToJson(compositeAction?.Steps)}");
+                        Trace.Info($"Load: {compositeAction.Outputs?.Count ?? 0} number of outputs");
+                        Trace.Info($"Details: {StringUtil.ConvertToJson(compositeAction?.Outputs)}");
+                    }
                     else
                     {
                         throw new NotSupportedException(definition.Data.Execution.ExecutionType.ToString());
@@ -386,7 +468,7 @@ namespace GitHub.Runner.Worker
             ArgUtil.NotNull(setupInfo, nameof(setupInfo));
             ArgUtil.NotNullOrEmpty(setupInfo.Container.Image, nameof(setupInfo.Container.Image));
 
-            executionContext.Output($"Pull down action image '{setupInfo.Container.Image}'");
+            executionContext.Output($"##[group]Pull down action image '{setupInfo.Container.Image}'");
 
             // Pull down docker image with retry up to 3 times
             var dockerManger = HostContext.GetService<IDockerCommandManager>();
@@ -410,6 +492,7 @@ namespace GitHub.Runner.Worker
                     }
                 }
             }
+            executionContext.Output("##[endgroup]");
 
             if (retryCount == 3 && pullExitCode != 0)
             {
@@ -429,7 +512,7 @@ namespace GitHub.Runner.Worker
             ArgUtil.NotNull(setupInfo, nameof(setupInfo));
             ArgUtil.NotNullOrEmpty(setupInfo.Container.Dockerfile, nameof(setupInfo.Container.Dockerfile));
 
-            executionContext.Output($"Build container for action use: '{setupInfo.Container.Dockerfile}'.");
+            executionContext.Output($"##[group]Build container for action use: '{setupInfo.Container.Dockerfile}'.");
 
             // Build docker image with retry up to 3 times
             var dockerManger = HostContext.GetService<IDockerCommandManager>();
@@ -438,7 +521,12 @@ namespace GitHub.Runner.Worker
             var imageName = $"{dockerManger.DockerInstanceLabel}:{Guid.NewGuid().ToString("N")}";
             while (retryCount < 3)
             {
-                buildExitCode = await dockerManger.DockerBuild(executionContext, setupInfo.Container.WorkingDirectory, Directory.GetParent(setupInfo.Container.Dockerfile).FullName, imageName);
+                buildExitCode = await dockerManger.DockerBuild(
+                    executionContext,
+                    setupInfo.Container.WorkingDirectory,
+                    setupInfo.Container.Dockerfile,
+                    Directory.GetParent(setupInfo.Container.Dockerfile).FullName,
+                    imageName);
                 if (buildExitCode == 0)
                 {
                     break;
@@ -454,6 +542,7 @@ namespace GitHub.Runner.Worker
                     }
                 }
             }
+            executionContext.Output("##[endgroup]");
 
             if (retryCount == 3 && buildExitCode != 0)
             {
@@ -467,6 +556,80 @@ namespace GitHub.Runner.Worker
             }
         }
 
+        // This implementation is temporary and will be replaced with a REST API call to the service to resolve
+        private async Task<IDictionary<string, WebApi.ActionDownloadInfo>> GetDownloadInfoAsync(IExecutionContext executionContext, List<Pipelines.ActionStep> actions)
+        {
+            executionContext.Output("Getting action download info");
+
+            // Convert to action reference
+            var actionReferences = actions
+                .GroupBy(x => GetDownloadInfoLookupKey(x))
+                .Where(x => !string.IsNullOrEmpty(x.Key))
+                .Select(x =>
+                {
+                    var action = x.First();
+                    var repositoryReference = action.Reference as Pipelines.RepositoryPathReference;
+                    ArgUtil.NotNull(repositoryReference, nameof(repositoryReference));
+                    return new WebApi.ActionReference
+                    {
+                        NameWithOwner = repositoryReference.Name,
+                        Ref = repositoryReference.Ref,
+                    };
+                })
+                .ToList();
+
+            // Nothing to resolve?
+            if (actionReferences.Count == 0)
+            {
+                return new Dictionary<string, WebApi.ActionDownloadInfo>();
+            }
+
+            // Resolve download info
+            var jobServer = HostContext.GetService<IJobServer>();
+            var actionDownloadInfos = default(WebApi.ActionDownloadInfoCollection);
+            for (var attempt = 1; attempt <= 3; attempt++)
+            {
+                try
+                {
+                    actionDownloadInfos = await jobServer.ResolveActionDownloadInfoAsync(executionContext.Global.Plan.ScopeIdentifier, executionContext.Global.Plan.PlanType, executionContext.Global.Plan.PlanId, new WebApi.ActionReferenceList { Actions = actionReferences }, executionContext.CancellationToken);
+                    break;
+                }
+                catch (Exception ex) when (attempt < 3)
+                {
+                    executionContext.Output($"Failed to resolve action download info. Error: {ex.Message}");
+                    executionContext.Debug(ex.ToString());
+                    if (String.IsNullOrEmpty(Environment.GetEnvironmentVariable("_GITHUB_ACTION_DOWNLOAD_NO_BACKOFF")))
+                    {
+                        var backoff = BackoffTimerHelper.GetRandomBackoff(TimeSpan.FromSeconds(10), TimeSpan.FromSeconds(30));
+                        executionContext.Output($"Retrying in {backoff.TotalSeconds} seconds");
+                        await Task.Delay(backoff);
+                    }
+                }
+            }
+
+            ArgUtil.NotNull(actionDownloadInfos, nameof(actionDownloadInfos));
+            ArgUtil.NotNull(actionDownloadInfos.Actions, nameof(actionDownloadInfos.Actions));
+            var apiUrl = GetApiUrl(executionContext);
+            var defaultAccessToken = executionContext.GetGitHubContext("token");
+            var configurationStore = HostContext.GetService<IConfigurationStore>();
+            var runnerSettings = configurationStore.GetSettings();
+
+            foreach (var actionDownloadInfo in actionDownloadInfos.Actions.Values)
+            {
+                // Add secret
+                HostContext.SecretMasker.AddValue(actionDownloadInfo.Authentication?.Token);
+
+                // Default auth token
+                if (string.IsNullOrEmpty(actionDownloadInfo.Authentication?.Token))
+                {
+                    actionDownloadInfo.Authentication = new WebApi.ActionDownloadAuthentication { Token = defaultAccessToken };
+                }
+            }
+
+            return actionDownloadInfos.Actions;
+        }
+
+        // todo: Remove when feature flag DistributedTask.NewActionMetadata is removed
         private async Task DownloadRepositoryActionAsync(IExecutionContext executionContext, Pipelines.ActionStep repositoryAction)
         {
             Trace.Entering();
@@ -490,7 +653,7 @@ namespace GitHub.Runner.Worker
             ArgUtil.NotNullOrEmpty(repositoryReference.Ref, nameof(repositoryReference.Ref));
 
             string destDirectory = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Actions), repositoryReference.Name.Replace(Path.AltDirectorySeparatorChar, Path.DirectorySeparatorChar), repositoryReference.Ref);
-            string watermarkFile = destDirectory + ".completed";
+            string watermarkFile = GetWatermarkFilePath(destDirectory);
             if (File.Exists(watermarkFile))
             {
                 executionContext.Debug($"Action '{repositoryReference.Name}@{repositoryReference.Ref}' already downloaded at '{destDirectory}'.");
@@ -504,27 +667,116 @@ namespace GitHub.Runner.Worker
                 executionContext.Output($"Download action repository '{repositoryReference.Name}@{repositoryReference.Ref}'");
             }
 
-#if OS_WINDOWS
-            string archiveLink = $"https://api.github.com/repos/{repositoryReference.Name}/zipball/{repositoryReference.Ref}";
-#else
-            string archiveLink = $"https://api.github.com/repos/{repositoryReference.Name}/tarball/{repositoryReference.Ref}";
-#endif
-            Trace.Info($"Download archive '{archiveLink}' to '{destDirectory}'.");
+            var configurationStore = HostContext.GetService<IConfigurationStore>();
+            var isHostedServer = configurationStore.GetSettings().IsHostedServer;
+            if (isHostedServer)
+            {
+                string apiUrl = GetApiUrl(executionContext);
+                string archiveLink = BuildLinkToActionArchive(apiUrl, repositoryReference.Name, repositoryReference.Ref);
+                var downloadDetails = new ActionDownloadDetails(archiveLink, ConfigureAuthorizationFromContext);
+                await DownloadRepositoryActionAsync(executionContext, downloadDetails, null, destDirectory);
+                return;
+            }
+            else
+            {
+                string apiUrl = GetApiUrl(executionContext);
 
+                // URLs to try:
+                var downloadAttempts = new List<ActionDownloadDetails> {
+                    // A built-in action or an action the user has created, on their GHES instance
+                    // Example:  https://my-ghes/api/v3/repos/my-org/my-action/tarball/v1
+                    new ActionDownloadDetails(
+                        BuildLinkToActionArchive(apiUrl, repositoryReference.Name, repositoryReference.Ref),
+                        ConfigureAuthorizationFromContext),
+
+                    // The same action, on GitHub.com
+                    // Example:  https://api.github.com/repos/my-org/my-action/tarball/v1
+                    new ActionDownloadDetails(
+                        BuildLinkToActionArchive(_dotcomApiUrl, repositoryReference.Name, repositoryReference.Ref),
+                        configureAuthorization: (e,h) => { /* no authorization for dotcom */ })
+                };
+
+                foreach (var downloadAttempt in downloadAttempts)
+                {
+                    try
+                    {
+                        await DownloadRepositoryActionAsync(executionContext, downloadAttempt, null, destDirectory);
+                        return;
+                    }
+                    catch (ActionNotFoundException)
+                    {
+                        Trace.Info($"Failed to find the action '{repositoryReference.Name}' at ref '{repositoryReference.Ref}' at {downloadAttempt.ArchiveLink}");
+                        continue;
+                    }
+                }
+                throw new ActionNotFoundException($"Failed to find the action '{repositoryReference.Name}' at ref '{repositoryReference.Ref}'.  Paths attempted: {string.Join(", ", downloadAttempts.Select(d => d.ArchiveLink))}");
+            }
+        }
+
+        private async Task DownloadRepositoryActionAsync(IExecutionContext executionContext, WebApi.ActionDownloadInfo downloadInfo)
+        {
+            Trace.Entering();
+            ArgUtil.NotNull(executionContext, nameof(executionContext));
+            ArgUtil.NotNull(downloadInfo, nameof(downloadInfo));
+            ArgUtil.NotNullOrEmpty(downloadInfo.NameWithOwner, nameof(downloadInfo.NameWithOwner));
+            ArgUtil.NotNullOrEmpty(downloadInfo.Ref, nameof(downloadInfo.Ref));
+
+            string destDirectory = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Actions), downloadInfo.NameWithOwner.Replace(Path.AltDirectorySeparatorChar, Path.DirectorySeparatorChar), downloadInfo.Ref);
+            string watermarkFile = GetWatermarkFilePath(destDirectory);
+            if (File.Exists(watermarkFile))
+            {
+                executionContext.Debug($"Action '{downloadInfo.NameWithOwner}@{downloadInfo.Ref}' already downloaded at '{destDirectory}'.");
+                return;
+            }
+            else
+            {
+                // make sure we get a clean folder ready to use.
+                IOUtil.DeleteDirectory(destDirectory, executionContext.CancellationToken);
+                Directory.CreateDirectory(destDirectory);
+                executionContext.Output($"Download action repository '{downloadInfo.NameWithOwner}@{downloadInfo.Ref}'");
+            }
+
+            await DownloadRepositoryActionAsync(executionContext, null, downloadInfo, destDirectory);
+        }
+
+        private string GetApiUrl(IExecutionContext executionContext)
+        {
+            string apiUrl = executionContext.GetGitHubContext("api_url");
+            if (!string.IsNullOrEmpty(apiUrl))
+            {
+                return apiUrl;
+            }
+            // Once the api_url is set for hosted, we can remove this fallback (it doesn't make sense for GHES)
+            return _dotcomApiUrl;
+        }
+
+        private static string BuildLinkToActionArchive(string apiUrl, string repository, string @ref)
+        {
+#if OS_WINDOWS
+            return $"{apiUrl}/repos/{repository}/zipball/{@ref}";
+#else
+            return $"{apiUrl}/repos/{repository}/tarball/{@ref}";
+#endif
+        }
+
+        // todo: Remove the parameter "actionDownloadDetails" when feature flag DistributedTask.NewActionMetadata is removed
+        private async Task DownloadRepositoryActionAsync(IExecutionContext executionContext, ActionDownloadDetails actionDownloadDetails, WebApi.ActionDownloadInfo downloadInfo, string destDirectory)
+        {
             //download and extract action in a temp folder and rename it on success
             string tempDirectory = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Actions), "_temp_" + Guid.NewGuid());
             Directory.CreateDirectory(tempDirectory);
 
-
 #if OS_WINDOWS
             string archiveFile = Path.Combine(tempDirectory, $"{Guid.NewGuid()}.zip");
+            string link = downloadInfo?.ZipballUrl ?? actionDownloadDetails.ArchiveLink;
 #else
             string archiveFile = Path.Combine(tempDirectory, $"{Guid.NewGuid()}.tar.gz");
+            string link = downloadInfo?.TarballUrl ?? actionDownloadDetails.ArchiveLink;
 #endif
-            Trace.Info($"Save archive '{archiveLink}' into {archiveFile}.");
+
+            Trace.Info($"Save archive '{link}' into {archiveFile}.");
             try
             {
-
                 int retryCount = 0;
 
                 // Allow up to 20 * 60s for any action to be downloaded from github graph.
@@ -541,37 +793,23 @@ namespace GitHub.Runner.Worker
                             using (var httpClientHandler = HostContext.CreateHttpClientHandler())
                             using (var httpClient = new HttpClient(httpClientHandler))
                             {
-                                var configurationStore = HostContext.GetService<IConfigurationStore>();
-                                var isHostedServer = configurationStore.GetSettings().IsHostedServer;
-                                if (isHostedServer)
+                                // Legacy
+                                if (downloadInfo == null)
                                 {
-                                    var authToken = Environment.GetEnvironmentVariable("_GITHUB_ACTION_TOKEN");
-                                    if (string.IsNullOrEmpty(authToken))
-                                    {
-                                        // TODO: Deprecate the PREVIEW_ACTION_TOKEN
-                                        authToken = executionContext.Variables.Get("PREVIEW_ACTION_TOKEN");
-                                    }
-
-                                    if (!string.IsNullOrEmpty(authToken))
-                                    {
-                                        HostContext.SecretMasker.AddValue(authToken);
-                                        var base64EncodingToken = Convert.ToBase64String(Encoding.UTF8.GetBytes($"PAT:{authToken}"));
-                                        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", base64EncodingToken);
+                                    actionDownloadDetails.ConfigureAuthorization(executionContext, httpClient);
                                 }
+                                // FF DistributedTask.NewActionMetadata
                                 else
                                 {
-                                        var accessToken = executionContext.GetGitHubContext("token");
-                                        var base64EncodingToken = Convert.ToBase64String(Encoding.UTF8.GetBytes($"x-access-token:{accessToken}"));
-                                        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", base64EncodingToken);
-                                    }
-                                }
-                                else
-                                {
-                                    // Intentionally empty. Temporary for GHES alpha release, download from dotcom unauthenticated.
+                                    httpClient.DefaultRequestHeaders.Authorization = CreateAuthHeader(downloadInfo.Authentication?.Token);
                                 }
 
                                 httpClient.DefaultRequestHeaders.UserAgent.AddRange(HostContext.UserAgents);
-                                using (var result = await httpClient.GetStreamAsync(archiveLink))
+                                using (var response = await httpClient.GetAsync(link))
+                                {
+                                    if (response.IsSuccessStatusCode)
+                                    {
+                                        using (var result = await response.Content.ReadAsStreamAsync())
                                         {
                                             await result.CopyToAsync(fs, _defaultCopyBufferSize, actionDownloadCancellation.Token);
                                             await fs.FlushAsync(actionDownloadCancellation.Token);
@@ -580,25 +818,42 @@ namespace GitHub.Runner.Worker
                                             break;
                                         }
                                     }
+                                    else if (response.StatusCode == HttpStatusCode.NotFound)
+                                    {
+                                        // It doesn't make sense to retry in this case, so just stop
+                                        throw new ActionNotFoundException(new Uri(link));
+                                    }
+                                    else
+                                    {
+                                        // Something else bad happened, let's go to our retry logic
+                                        response.EnsureSuccessStatusCode();
+                                    }
+                                }
+                            }
                         }
                         catch (OperationCanceledException) when (executionContext.CancellationToken.IsCancellationRequested)
                         {
-                            Trace.Info($"Action download has been cancelled.");
+                            Trace.Info("Action download has been cancelled.");
+                            throw;
+                        }
+                        catch (ActionNotFoundException)
+                        {
+                            Trace.Info($"The action at '{link}' does not exist");
                             throw;
                         }
                         catch (Exception ex) when (retryCount < 2)
                         {
                             retryCount++;
-                            Trace.Error($"Fail to download archive '{archiveLink}' -- Attempt: {retryCount}");
+                            Trace.Error($"Fail to download archive '{link}' -- Attempt: {retryCount}");
                             Trace.Error(ex);
                             if (actionDownloadTimeout.Token.IsCancellationRequested)
                             {
                                 // action download didn't finish within timeout
-                                executionContext.Warning($"Action '{archiveLink}' didn't finish download within {timeoutSeconds} seconds.");
+                                executionContext.Warning($"Action '{link}' didn't finish download within {timeoutSeconds} seconds.");
                             }
                             else
                             {
-                                executionContext.Warning($"Failed to download action '{archiveLink}'. Error {ex.Message}");
+                                executionContext.Warning($"Failed to download action '{link}'. Error: {ex.Message}");
                             }
                         }
                     }
@@ -612,7 +867,7 @@ namespace GitHub.Runner.Worker
                 }
 
                 ArgUtil.NotNullOrEmpty(archiveFile, nameof(archiveFile));
-                executionContext.Debug($"Download '{archiveLink}' to '{archiveFile}'");
+                executionContext.Debug($"Download '{link}' to '{archiveFile}'");
 
                 var stagingDirectory = Path.Combine(tempDirectory, "_staging");
                 Directory.CreateDirectory(stagingDirectory);
@@ -662,6 +917,7 @@ namespace GitHub.Runner.Worker
                 }
 
                 Trace.Verbose("Create watermark file indicate action download succeed.");
+                string watermarkFile = GetWatermarkFilePath(destDirectory);
                 File.WriteAllText(watermarkFile, DateTime.UtcNow.ToString());
 
                 executionContext.Debug($"Archive '{archiveFile}' has been unzipped into '{destDirectory}'.");
@@ -686,6 +942,32 @@ namespace GitHub.Runner.Worker
             }
         }
 
+        // todo: Remove when feature flag DistributedTask.NewActionMetadata is removed
+        private void ConfigureAuthorizationFromContext(IExecutionContext executionContext, HttpClient httpClient)
+        {
+            var authToken = Environment.GetEnvironmentVariable("_GITHUB_ACTION_TOKEN");
+            if (string.IsNullOrEmpty(authToken))
+            {
+                // TODO: Deprecate the PREVIEW_ACTION_TOKEN
+                authToken = executionContext.Global.Variables.Get("PREVIEW_ACTION_TOKEN");
+            }
+
+            if (!string.IsNullOrEmpty(authToken))
+            {
+                HostContext.SecretMasker.AddValue(authToken);
+                var base64EncodingToken = Convert.ToBase64String(Encoding.UTF8.GetBytes($"PAT:{authToken}"));
+                httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", base64EncodingToken);
+            }
+            else
+            {
+                var accessToken = executionContext.GetGitHubContext("token");
+                var base64EncodingToken = Convert.ToBase64String(Encoding.UTF8.GetBytes($"x-access-token:{accessToken}"));
+                httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", base64EncodingToken);
+            }
+        }
+
+        private string GetWatermarkFilePath(string directory) => directory + ".completed";
+
         private ActionContainer PrepareRepositoryActionAsync(IExecutionContext executionContext, Pipelines.ActionStep repositoryAction)
         {
             var repositoryReference = repositoryAction.Reference as Pipelines.RepositoryPathReference;
@@ -766,6 +1048,11 @@ namespace GitHub.Runner.Worker
                     Trace.Info($"Action plugin: {(actionDefinitionData.Execution as PluginActionExecutionData).Plugin}, no more preparation.");
                     return null;
                 }
+                else if (actionDefinitionData.Execution.ExecutionType == ActionExecutionType.Composite)
+                {
+                    Trace.Info($"Action composite: {(actionDefinitionData.Execution as CompositeActionExecutionData).Steps}, no more preparation.");
+                    return null;
+                }
                 else
                 {
                     throw new NotSupportedException(actionDefinitionData.Execution.ExecutionType.ToString());
@@ -791,6 +1078,64 @@ namespace GitHub.Runner.Worker
                 throw new InvalidOperationException($"Can't find 'action.yml', 'action.yaml' or 'Dockerfile' under '{fullPath}'. Did you forget to run actions/checkout before running your local action?");
             }
         }
+
+        private static string GetDownloadInfoLookupKey(Pipelines.ActionStep action)
+        {
+            if (action.Reference.Type != Pipelines.ActionSourceType.Repository)
+            {
+                return null;
+            }
+
+            var repositoryReference = action.Reference as Pipelines.RepositoryPathReference;
+            ArgUtil.NotNull(repositoryReference, nameof(repositoryReference));
+
+            if (string.Equals(repositoryReference.RepositoryType, Pipelines.PipelineConstants.SelfAlias, StringComparison.OrdinalIgnoreCase))
+            {
+                return null;
+            }
+
+            if (!string.Equals(repositoryReference.RepositoryType, Pipelines.RepositoryTypes.GitHub, StringComparison.OrdinalIgnoreCase))
+            {
+                throw new NotSupportedException(repositoryReference.RepositoryType);
+            }
+
+            ArgUtil.NotNullOrEmpty(repositoryReference.Name, nameof(repositoryReference.Name));
+            ArgUtil.NotNullOrEmpty(repositoryReference.Ref, nameof(repositoryReference.Ref));
+            return $"{repositoryReference.Name}@{repositoryReference.Ref}";
+        }
+
+        private static string GetDownloadInfoLookupKey(WebApi.ActionDownloadInfo info)
+        {
+            ArgUtil.NotNullOrEmpty(info.NameWithOwner, nameof(info.NameWithOwner));
+            ArgUtil.NotNullOrEmpty(info.Ref, nameof(info.Ref));
+            return $"{info.NameWithOwner}@{info.Ref}";
+        }
+
+        private AuthenticationHeaderValue CreateAuthHeader(string token)
+        {
+            if (string.IsNullOrEmpty(token))
+            {
+                return null;
+            }
+
+            var base64EncodingToken = Convert.ToBase64String(Encoding.UTF8.GetBytes($"x-access-token:{token}"));
+            HostContext.SecretMasker.AddValue(base64EncodingToken);
+            return new AuthenticationHeaderValue("Basic", base64EncodingToken);
+        }
+
+        // todo: Remove when feature flag DistributedTask.NewActionMetadata is removed
+        private class ActionDownloadDetails
+        {
+            public string ArchiveLink { get; }
+
+            public Action<IExecutionContext, HttpClient> ConfigureAuthorization { get; }
+
+            public ActionDownloadDetails(string archiveLink, Action<IExecutionContext, HttpClient> configureAuthorization)
+            {
+                ArchiveLink = archiveLink;
+                ConfigureAuthorization = configureAuthorization;
+            }
+        }
     }
 
     public sealed class Definition
@@ -818,6 +1163,7 @@ namespace GitHub.Runner.Worker
         NodeJS,
         Plugin,
         Script,
+        Composite,
     }
 
     public sealed class ContainerActionExecutionData : ActionExecutionData
@@ -874,6 +1220,15 @@ namespace GitHub.Runner.Worker
         public override bool HasPost => false;
     }
 
+    public sealed class CompositeActionExecutionData : ActionExecutionData
+    {
+        public override ActionExecutionType ExecutionType => ActionExecutionType.Composite;
+        public override bool HasPre => false;
+        public override bool HasPost => false;
+        public List<Pipelines.ActionStep> Steps { get; set; }
+        public MappingToken Outputs { get; set; }
+    }
+
     public abstract class ActionExecutionData
     {
         private string _initCondition = $"{Constants.Expressions.Always}()";
@@ -931,4 +1286,3 @@ namespace GitHub.Runner.Worker
         public string ActionRepository { get; set; }
     }
 }
-

src/Runner.Worker/ActionManifestManager.cs

@@ -14,6 +14,7 @@ using YamlDotNet.Core;
 using YamlDotNet.Core.Events;
 using System.Globalization;
 using System.Linq;
+using Pipelines = GitHub.DistributedTask.Pipelines;
 
 namespace GitHub.Runner.Worker
 {
@@ -22,6 +23,8 @@ namespace GitHub.Runner.Worker
     {
         ActionDefinitionData Load(IExecutionContext executionContext, string manifestFile);
 
+        DictionaryContextData EvaluateCompositeOutputs(IExecutionContext executionContext, TemplateToken token, IDictionary<string, PipelineContextData> extraExpressionValues);
+
         List<string> EvaluateContainerArguments(IExecutionContext executionContext, SequenceToken token, IDictionary<string, PipelineContextData> extraExpressionValues);
 
         Dictionary<string, string> EvaluateContainerEnvironment(IExecutionContext executionContext, MappingToken token, IDictionary<string, PipelineContextData> extraExpressionValues);
@@ -32,8 +35,6 @@ namespace GitHub.Runner.Worker
     public sealed class ActionManifestManager : RunnerService, IActionManifestManager
     {
         private TemplateSchema _actionManifestSchema;
-        private IReadOnlyList<String> _fileTable;
-
         public override void Initialize(IHostContext hostContext)
         {
             base.Initialize(hostContext);
@@ -54,25 +55,45 @@ namespace GitHub.Runner.Worker
 
         public ActionDefinitionData Load(IExecutionContext executionContext, string manifestFile)
         {
-            var context = CreateContext(executionContext);
+            var templateContext = CreateTemplateContext(executionContext);
             ActionDefinitionData actionDefinition = new ActionDefinitionData();
+
+            // Clean up file name real quick
+            // Instead of using Regex which can be computationally expensive, 
+            // we can just remove the # of characters from the fileName according to the length of the basePath
+            string basePath = HostContext.GetDirectory(WellKnownDirectory.Actions);
+            string fileRelativePath = manifestFile;
+            if (manifestFile.Contains(basePath))
+            {
+                fileRelativePath = manifestFile.Remove(0, basePath.Length + 1);
+            }
+
             try
             {
                 var token = default(TemplateToken);
 
                 // Get the file ID
-                var fileId = context.GetFileId(manifestFile);
-                _fileTable = context.GetFileTable();
+                var fileId = templateContext.GetFileId(fileRelativePath);
+
+                // Add this file to the FileTable in executionContext if it hasn't been added already
+                // we use > since fileID is 1 indexed
+                if (fileId > executionContext.Global.FileTable.Count)
+                {
+                    executionContext.Global.FileTable.Add(fileRelativePath);
+                }
 
                 // Read the file
                 var fileContent = File.ReadAllText(manifestFile);
                 using (var stringReader = new StringReader(fileContent))
                 {
-                    var yamlObjectReader = new YamlObjectReader(null, stringReader);
-                    token = TemplateReader.Read(context, "action-root", yamlObjectReader, fileId, out _);
+                    var yamlObjectReader = new YamlObjectReader(fileId, stringReader);
+                    token = TemplateReader.Read(templateContext, "action-root", yamlObjectReader, fileId, out _);
                 }
 
                 var actionMapping = token.AssertMapping("action manifest root");
+                var actionOutputs = default(MappingToken);
+                var actionRunValueToken = default(TemplateToken);
+
                 foreach (var actionPair in actionMapping)
                 {
                     var propertyName = actionPair.Key.AssertString($"action.yml property key");
@@ -83,44 +104,56 @@ namespace GitHub.Runner.Worker
                             actionDefinition.Name = actionPair.Value.AssertString("name").Value;
                             break;
 
+                        case "outputs":
+                            actionOutputs = actionPair.Value.AssertMapping("outputs");
+                            break;
+
                         case "description":
                             actionDefinition.Description = actionPair.Value.AssertString("description").Value;
                             break;
 
                         case "inputs":
-                            ConvertInputs(context, actionPair.Value, actionDefinition);
+                            ConvertInputs(actionPair.Value, actionDefinition);
                             break;
 
                         case "runs":
-                            actionDefinition.Execution = ConvertRuns(context, actionPair.Value);
+                            // Defer runs token evaluation to after for loop to ensure that order of outputs doesn't matter.
+                            actionRunValueToken = actionPair.Value;
                             break;
+
                         default:
                             Trace.Info($"Ignore action property {propertyName}.");
                             break;
                     }
                 }
+
+                // Evaluate Runs Last
+                if (actionRunValueToken != null)
+                {
+                    actionDefinition.Execution = ConvertRuns(executionContext, templateContext, actionRunValueToken, fileRelativePath, actionOutputs);
+                }
             }
             catch (Exception ex)
             {
                 Trace.Error(ex);
-                context.Errors.Add(ex);
+                templateContext.Errors.Add(ex);
             }
 
-            if (context.Errors.Count > 0)
+            if (templateContext.Errors.Count > 0)
             {
-                foreach (var error in context.Errors)
+                foreach (var error in templateContext.Errors)
                 {
                     Trace.Error($"Action.yml load error: {error.Message}");
                     executionContext.Error(error.Message);
                 }
 
-                throw new ArgumentException($"Fail to load {manifestFile}");
+                throw new ArgumentException($"Fail to load {fileRelativePath}");
             }
 
             if (actionDefinition.Execution == null)
             {
                 executionContext.Debug($"Loaded action.yml file: {StringUtil.ConvertToJson(actionDefinition)}");
-                throw new ArgumentException($"Top level 'runs:' section is required for {manifestFile}");
+                throw new ArgumentException($"Top level 'runs:' section is required for {fileRelativePath}");
             }
             else
             {
@@ -130,6 +163,33 @@ namespace GitHub.Runner.Worker
             return actionDefinition;
         }
 
+        public DictionaryContextData EvaluateCompositeOutputs(
+            IExecutionContext executionContext,
+            TemplateToken token,
+            IDictionary<string, PipelineContextData> extraExpressionValues)
+        {
+            var result = default(DictionaryContextData);
+
+            if (token != null)
+            {
+                var templateContext = CreateTemplateContext(executionContext, extraExpressionValues);
+                try
+                {
+                    token = TemplateEvaluator.Evaluate(templateContext, "outputs", token, 0, null, omitHeader: true);
+                    templateContext.Errors.Check();
+                    result = token.ToContextData().AssertDictionary("composite outputs");
+                }
+                catch (Exception ex) when (!(ex is TemplateValidationException))
+                {
+                    templateContext.Errors.Add(ex);
+                }
+
+                templateContext.Errors.Check();
+            }
+
+            return result ?? new DictionaryContextData();
+        }
+
         public List<string> EvaluateContainerArguments(
             IExecutionContext executionContext,
             SequenceToken token,
@@ -139,11 +199,11 @@ namespace GitHub.Runner.Worker
 
             if (token != null)
             {
-                var context = CreateContext(executionContext, extraExpressionValues);
+                var templateContext = CreateTemplateContext(executionContext, extraExpressionValues);
                 try
                 {
-                    var evaluateResult = TemplateEvaluator.Evaluate(context, "container-runs-args", token, 0, null, omitHeader: true);
-                    context.Errors.Check();
+                    var evaluateResult = TemplateEvaluator.Evaluate(templateContext, "container-runs-args", token, 0, null, omitHeader: true);
+                    templateContext.Errors.Check();
 
                     Trace.Info($"Arguments evaluate result: {StringUtil.ConvertToJson(evaluateResult)}");
 
@@ -160,10 +220,10 @@ namespace GitHub.Runner.Worker
                 catch (Exception ex) when (!(ex is TemplateValidationException))
                 {
                     Trace.Error(ex);
-                    context.Errors.Add(ex);
+                    templateContext.Errors.Add(ex);
                 }
 
-                context.Errors.Check();
+                templateContext.Errors.Check();
             }
 
             return result;
@@ -178,11 +238,11 @@ namespace GitHub.Runner.Worker
 
             if (token != null)
             {
-                var context = CreateContext(executionContext, extraExpressionValues);
+                var templateContext = CreateTemplateContext(executionContext, extraExpressionValues);
                 try
                 {
-                    var evaluateResult = TemplateEvaluator.Evaluate(context, "container-runs-env", token, 0, null, omitHeader: true);
-                    context.Errors.Check();
+                    var evaluateResult = TemplateEvaluator.Evaluate(templateContext, "container-runs-env", token, 0, null, omitHeader: true);
+                    templateContext.Errors.Check();
 
                     Trace.Info($"Environments evaluate result: {StringUtil.ConvertToJson(evaluateResult)}");
 
@@ -204,10 +264,10 @@ namespace GitHub.Runner.Worker
                 catch (Exception ex) when (!(ex is TemplateValidationException))
                 {
                     Trace.Error(ex);
-                    context.Errors.Add(ex);
+                    templateContext.Errors.Add(ex);
                 }
 
-                context.Errors.Check();
+                templateContext.Errors.Check();
             }
 
             return result;
@@ -221,11 +281,11 @@ namespace GitHub.Runner.Worker
             string result = "";
             if (token != null)
             {
-                var context = CreateContext(executionContext);
+                var templateContext = CreateTemplateContext(executionContext);
                 try
                 {
-                    var evaluateResult = TemplateEvaluator.Evaluate(context, "input-default-context", token, 0, null, omitHeader: true);
-                    context.Errors.Check();
+                    var evaluateResult = TemplateEvaluator.Evaluate(templateContext, "input-default-context", token, 0, null, omitHeader: true);
+                    templateContext.Errors.Check();
 
                     Trace.Info($"Input '{inputName}': default value evaluate result: {StringUtil.ConvertToJson(evaluateResult)}");
 
@@ -235,16 +295,16 @@ namespace GitHub.Runner.Worker
                 catch (Exception ex) when (!(ex is TemplateValidationException))
                 {
                     Trace.Error(ex);
-                    context.Errors.Add(ex);
+                    templateContext.Errors.Add(ex);
                 }
 
-                context.Errors.Check();
+                templateContext.Errors.Check();
             }
 
             return result;
         }
 
-        private TemplateContext CreateContext(
+        private TemplateContext CreateTemplateContext(
             IExecutionContext executionContext,
             IDictionary<string, PipelineContextData> extraExpressionValues = null)
         {
@@ -281,21 +341,21 @@ namespace GitHub.Runner.Worker
                 result.ExpressionFunctions.Add(item);
             }
 
-            // Add the file table
-            if (_fileTable?.Count > 0)
+            // Add the file table from the Execution Context
+            for (var i = 0; i < executionContext.Global.FileTable.Count; i++)
             {
-                for (var i = 0 ; i < _fileTable.Count ; i++)
-                {
-                    result.GetFileId(_fileTable[i]);
-                }
+                result.GetFileId(executionContext.Global.FileTable[i]);
             }
 
             return result;
         }
 
         private ActionExecutionData ConvertRuns(
-            TemplateContext context,
-            TemplateToken inputsToken)
+            IExecutionContext executionContext,
+            TemplateContext templateContext,
+            TemplateToken inputsToken,
+            String fileRelativePath,
+            MappingToken outputs = null)
         {
             var runsMapping = inputsToken.AssertMapping("runs");
             var usingToken = default(StringToken);
@@ -311,6 +371,8 @@ namespace GitHub.Runner.Worker
             var postToken = default(StringToken);
             var postEntrypointToken = default(StringToken);
             var postIfToken = default(StringToken);
+            var steps = default(List<Pipelines.Step>);
+
             foreach (var run in runsMapping)
             {
                 var runsKey = run.Key.AssertString("runs key").Value;
@@ -355,6 +417,11 @@ namespace GitHub.Runner.Worker
                     case "pre-if":
                         preIfToken = run.Value.AssertString("pre-if");
                         break;
+                    case "steps":
+                        var stepsToken = run.Value.AssertSequence("steps");
+                        steps = PipelineTemplateConverter.ConvertToSteps(templateContext, stepsToken);
+                        templateContext.Errors.Check();
+                        break;
                     default:
                         Trace.Info($"Ignore run property {runsKey}.");
                         break;
@@ -367,7 +434,7 @@ namespace GitHub.Runner.Worker
                 {
                     if (string.IsNullOrEmpty(imageToken?.Value))
                     {
-                        throw new ArgumentNullException($"Image is not provided.");
+                        throw new ArgumentNullException($"You are using a Container Action but an image is not provided in {fileRelativePath}.");
                     }
                     else
                     {
@@ -388,7 +455,7 @@ namespace GitHub.Runner.Worker
                 {
                     if (string.IsNullOrEmpty(mainToken?.Value))
                     {
-                        throw new ArgumentNullException($"Entry javascript file is not provided.");
+                        throw new ArgumentNullException($"You are using a JavaScript Action but there is not an entry JavaScript file provided in {fileRelativePath}.");
                     }
                     else
                     {
@@ -402,6 +469,21 @@ namespace GitHub.Runner.Worker
                         };
                     }
                 }
+                else if (string.Equals(usingToken.Value, "composite", StringComparison.OrdinalIgnoreCase))
+                {
+                    if (steps == null)
+                    {
+                        throw new ArgumentNullException($"You are using a composite action but there are no steps provided in {fileRelativePath}.");
+                    }
+                    else
+                    {
+                        return new CompositeActionExecutionData()
+                        {
+                            Steps = steps.Cast<Pipelines.ActionStep>().ToList(),
+                            Outputs = outputs
+                        };
+                    }
+                }
                 else
                 {
                     throw new ArgumentOutOfRangeException($"'using: {usingToken.Value}' is not supported, use 'docker' or 'node12' instead.");
@@ -419,7 +501,6 @@ namespace GitHub.Runner.Worker
         }
 
         private void ConvertInputs(
-            TemplateContext context,
             TemplateToken inputsToken,
             ActionDefinitionData actionDefinition)
         {

src/Runner.Worker/ActionNotFoundException.cs

@@ -0,0 +1,33 @@
+using System;
+using System.Runtime.Serialization;
+
+namespace GitHub.Runner.Worker
+{
+    public class ActionNotFoundException : Exception
+    {
+        public ActionNotFoundException(Uri actionUri)
+            : base(FormatMessage(actionUri))
+        {
+        }
+
+        public ActionNotFoundException(string message)
+            : base(message)
+        {
+        }
+
+        public ActionNotFoundException(string message, System.Exception inner)
+            : base(message, inner)
+        {
+        }
+
+        protected ActionNotFoundException(SerializationInfo info, StreamingContext context)
+                : base(info, context)
+        {
+        }
+
+        private static string FormatMessage(Uri actionUri)
+        {
+            return $"An action could not be found at the URI '{actionUri}'";
+        }
+    }
+}

src/Runner.Worker/ActionRunner.cs

@@ -94,6 +94,13 @@ namespace GitHub.Runner.Worker
             if (handlerData.HasPost && (Stage == ActionRunStage.Pre || Stage == ActionRunStage.Main))
             {
                 string postDisplayName = $"Post {this.DisplayName}";
+                if (Stage == ActionRunStage.Pre &&
+                    this.DisplayName.StartsWith("Pre ", StringComparison.OrdinalIgnoreCase))
+                {
+                    // Trim the leading `Pre ` from the display name.
+                    // Otherwise, we will get `Post Pre xxx` as DisplayName for the Post step.
+                    postDisplayName = $"Post {this.DisplayName.Substring("Pre ".Length)}";
+                }
                 var repositoryReference = Action.Reference as RepositoryPathReference;
                 var pathString = string.IsNullOrEmpty(repositoryReference.Path) ? string.Empty : $"/{repositoryReference.Path}";
                 var repoString = string.IsNullOrEmpty(repositoryReference.Ref) ? $"{repositoryReference.Name}{pathString}" :
@@ -128,23 +135,37 @@ namespace GitHub.Runner.Worker
                 ExecutionContext.SetGitHubContext("event_path", workflowFile);
             }
 
+            // Set GITHUB_ACTION_REPOSITORY if this Action is from a repository
+            if (Action.Reference is Pipelines.RepositoryPathReference repoPathReferenceAction &&
+                !string.Equals(repoPathReferenceAction.RepositoryType, Pipelines.PipelineConstants.SelfAlias, StringComparison.OrdinalIgnoreCase))
+            {
+                ExecutionContext.SetGitHubContext("action_repository", repoPathReferenceAction.Name);
+                ExecutionContext.SetGitHubContext("action_ref", repoPathReferenceAction.Ref);
+            }
+
             // Setup container stephost for running inside the container.
-            if (ExecutionContext.Container != null)
+            if (ExecutionContext.Global.Container != null)
             {
                 // Make sure required container is already created.
-                ArgUtil.NotNullOrEmpty(ExecutionContext.Container.ContainerId, nameof(ExecutionContext.Container.ContainerId));
+                ArgUtil.NotNullOrEmpty(ExecutionContext.Global.Container.ContainerId, nameof(ExecutionContext.Global.Container.ContainerId));
                 var containerStepHost = HostContext.CreateService<IContainerStepHost>();
-                containerStepHost.Container = ExecutionContext.Container;
+                containerStepHost.Container = ExecutionContext.Global.Container;
                 stepHost = containerStepHost;
             }
 
+            // Setup File Command Manager
+            var fileCommandManager = HostContext.CreateService<IFileCommandManager>();
+            fileCommandManager.InitializeFiles(ExecutionContext, null);
+
             // Load the inputs.
             ExecutionContext.Debug("Loading inputs");
             var templateEvaluator = ExecutionContext.ToPipelineTemplateEvaluator();
             var inputs = templateEvaluator.EvaluateStepInputs(Action.Inputs, ExecutionContext.ExpressionValues, ExecutionContext.ExpressionFunctions);
 
+            var userInputs = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
             foreach (KeyValuePair<string, string> input in inputs)
             {
+                userInputs.Add(input.Key);
                 string message = "";
                 if (definition.Data?.Deprecated?.TryGetValue(input.Key, out message) == true)
                 {
@@ -152,13 +173,22 @@ namespace GitHub.Runner.Worker
                 }
             }
 
+            var validInputs = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+            if (handlerData.ExecutionType == ActionExecutionType.Container)
+            {
+                // container action always accept 'entryPoint' and 'args' as inputs
+                // https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepswithargs
+                validInputs.Add("entryPoint");
+                validInputs.Add("args");
+            }
             // Merge the default inputs from the definition
             if (definition.Data?.Inputs != null)
             {
                 var manifestManager = HostContext.GetService<IActionManifestManager>();
-                foreach (var input in (definition.Data?.Inputs))
+                foreach (var input in definition.Data.Inputs)
                 {
                     string key = input.Key.AssertString("action input name").Value;
+                    validInputs.Add(key);
                     if (!inputs.ContainsKey(key))
                     {
                         inputs[key] = manifestManager.EvaluateDefaultInput(ExecutionContext, key, input.Value);
@@ -166,6 +196,24 @@ namespace GitHub.Runner.Worker
                 }
             }
 
+            // Validate inputs only for actions with action.yml
+            if (Action.Reference.Type == Pipelines.ActionSourceType.Repository)
+            {
+                var unexpectedInputs = new List<string>();
+                foreach (var input in userInputs)
+                {
+                    if (!validInputs.Contains(input))
+                    {
+                        unexpectedInputs.Add(input);
+                    }
+                }
+
+                if (unexpectedInputs.Count > 0)
+                {
+                    ExecutionContext.Warning($"Unexpected input(s) '{string.Join("', '", unexpectedInputs)}', valid inputs are ['{string.Join("', '", validInputs)}']");
+                }
+            }
+
             // Load the action environment.
             ExecutionContext.Debug("Loading env");
             var environment = new Dictionary<String, String>(VarUtil.EnvironmentVariableKeyComparer);
@@ -195,15 +243,23 @@ namespace GitHub.Runner.Worker
                             handlerData,
                             inputs,
                             environment,
-                            ExecutionContext.Variables,
+                            ExecutionContext.Global.Variables,
                             actionDirectory: definition.Directory);
 
             // Print out action details
             handler.PrintActionDetails(Stage);
 
             // Run the task.
+            try 
+            {
                 await handler.RunAsync(Stage);
             }
+            finally 
+            {
+                fileCommandManager.ProcessFiles(ExecutionContext, ExecutionContext.Global.Container);
+            }
+
+        }
 
         public bool TryEvaluateDisplayName(DictionaryContextData contextData, IExecutionContext context)
         {

src/Runner.Worker/Container/ContainerInfo.cs

@@ -34,6 +34,9 @@ namespace GitHub.Runner.Worker.Container
             _environmentVariables = container.Environment;
             this.IsJobContainer = isJobContainer;
             this.ContainerNetworkAlias = networkAlias;
+            this.RegistryAuthUsername = container.Credentials?.Username;
+            this.RegistryAuthPassword = container.Credentials?.Password;
+            this.RegistryServer = DockerUtil.ParseRegistryHostnameFromImageName(this.ContainerImage);
 
 #if OS_WINDOWS
             _pathMappings.Add(new PathMapping(hostContext.GetDirectory(WellKnownDirectory.Work), "C:\\__w"));
@@ -79,6 +82,9 @@ namespace GitHub.Runner.Worker.Container
         public string ContainerWorkDirectory { get; set; }
         public string ContainerCreateOptions { get; private set; }
         public string ContainerRuntimePath { get; set; }
+        public string RegistryServer { get; set; }
+        public string RegistryAuthUsername { get; set; }
+        public string RegistryAuthPassword { get; set; }
         public bool IsJobContainer { get; set; }
 
         public IDictionary<string, string> ContainerEnvironmentVariables

src/Runner.Worker/Container/DockerCommandManager.cs

@@ -4,6 +4,7 @@ using System.IO;
 using System.Linq;
 using System.Text.RegularExpressions;
 using System.Threading;
+using System.Threading.Channels;
 using System.Threading.Tasks;
 using GitHub.Runner.Common;
 using GitHub.Runner.Sdk;
@@ -17,7 +18,8 @@ namespace GitHub.Runner.Worker.Container
         string DockerInstanceLabel { get; }
         Task<DockerVersion> DockerVersion(IExecutionContext context);
         Task<int> DockerPull(IExecutionContext context, string image);
-        Task<int> DockerBuild(IExecutionContext context, string workingDirectory, string dockerFile, string tag);
+        Task<int> DockerPull(IExecutionContext context, string image, string configFileDirectory);
+        Task<int> DockerBuild(IExecutionContext context, string workingDirectory, string dockerFile, string dockerContext, string tag);
         Task<string> DockerCreate(IExecutionContext context, ContainerInfo container);
         Task<int> DockerRun(IExecutionContext context, ContainerInfo container, EventHandler<ProcessDataReceivedEventArgs> stdoutDataReceived, EventHandler<ProcessDataReceivedEventArgs> stderrDataReceived);
         Task<int> DockerStart(IExecutionContext context, string containerId);
@@ -31,6 +33,7 @@ namespace GitHub.Runner.Worker.Container
         Task<int> DockerExec(IExecutionContext context, string containerId, string options, string command, List<string> outputs);
         Task<List<string>> DockerInspect(IExecutionContext context, string dockerObject, string options);
         Task<List<PortMapping>> DockerPort(IExecutionContext context, string containerId);
+        Task<int> DockerLogin(IExecutionContext context, string configFileDirectory, string registry, string username, string password);
     }
 
     public class DockerCommandManager : RunnerService, IDockerCommandManager
@@ -82,14 +85,23 @@ namespace GitHub.Runner.Worker.Container
             return new DockerVersion(serverVersion, clientVersion);
         }
 
-        public async Task<int> DockerPull(IExecutionContext context, string image)
+        public Task<int> DockerPull(IExecutionContext context, string image)
         {
-            return await ExecuteDockerCommandAsync(context, "pull", image, context.CancellationToken);
+            return DockerPull(context, image, null);
         }
 
-        public async Task<int> DockerBuild(IExecutionContext context, string workingDirectory, string dockerFile, string tag)
+        public async Task<int> DockerPull(IExecutionContext context, string image, string configFileDirectory)
         {
-            return await ExecuteDockerCommandAsync(context, "build", $"-t {tag} \"{dockerFile}\"", workingDirectory, context.CancellationToken);
+            if (string.IsNullOrEmpty(configFileDirectory))
+            {
+                return await ExecuteDockerCommandAsync(context, $"pull", image, context.CancellationToken);
+            }
+            return await ExecuteDockerCommandAsync(context, $"--config {configFileDirectory} pull", image, context.CancellationToken);
+        }
+
+        public async Task<int> DockerBuild(IExecutionContext context, string workingDirectory, string dockerFile, string dockerContext, string tag)
+        {
+            return await ExecuteDockerCommandAsync(context, "build", $"-t {tag} -f \"{dockerFile}\" \"{dockerContext}\"", workingDirectory, context.CancellationToken);
         }
 
         public async Task<string> DockerCreate(IExecutionContext context, ContainerInfo container)
@@ -346,6 +358,28 @@ namespace GitHub.Runner.Worker.Container
             return DockerUtil.ParseDockerPort(portMappingLines);
         }
 
+        public Task<int> DockerLogin(IExecutionContext context, string configFileDirectory, string registry, string username, string password)
+        {
+            string args = $"--config {configFileDirectory} login {registry} -u {username} --password-stdin";
+            context.Command($"{DockerPath} {args}");
+
+            var input = Channel.CreateBounded<string>(new BoundedChannelOptions(1) { SingleReader = true, SingleWriter = true });
+            input.Writer.TryWrite(password);
+
+            var processInvoker = HostContext.CreateService<IProcessInvoker>();
+
+            return processInvoker.ExecuteAsync(
+                workingDirectory: context.GetGitHubContext("workspace"),
+                fileName: DockerPath,
+                arguments: args,
+                environment: null,
+                requireExitCodeZero: false,
+                outputEncoding: null,
+                killProcessOnCancel: false,
+                redirectStandardIn: input,
+                cancellationToken: context.CancellationToken);
+        }
+
         private Task<int> ExecuteDockerCommandAsync(IExecutionContext context, string command, string options, CancellationToken cancellationToken = default(CancellationToken))
         {
             return ExecuteDockerCommandAsync(context, command, options, null, cancellationToken);

src/Runner.Worker/Container/DockerUtil.cs

@@ -45,5 +45,21 @@ namespace GitHub.Runner.Worker.Container
             }
             return "";
         }
+
+        public static string ParseRegistryHostnameFromImageName(string name)
+        {
+            var nameSplit = name.Split('/');
+            // Single slash is implictly from Dockerhub, unless first part has .tld or :port
+            if (nameSplit.Length == 2 && (nameSplit[0].Contains(":") || nameSplit[0].Contains(".")))
+            {
+                return nameSplit[0];
+            }
+            // All other non Dockerhub registries
+            else if (nameSplit.Length > 2)
+            {
+                return nameSplit[0];
+            }
+            return "";
+        }
     }
 }

src/Runner.Worker/ContainerOperationProvider.cs

@@ -91,7 +91,10 @@ namespace GitHub.Runner.Worker
 #endif
 
             // Check docker client/server version
+            executionContext.Output("##[group]Checking docker version");
             DockerVersion dockerVersion = await _dockerManger.DockerVersion(executionContext);
+            executionContext.Output("##[endgroup]");
+
             ArgUtil.NotNull(dockerVersion.ServerVersion, nameof(dockerVersion.ServerVersion));
             ArgUtil.NotNull(dockerVersion.ClientVersion, nameof(dockerVersion.ClientVersion));
 
@@ -111,7 +114,7 @@ namespace GitHub.Runner.Worker
             }
 
             // Clean up containers left by previous runs
-            executionContext.Debug($"Delete stale containers from previous jobs");
+            executionContext.Output("##[group]Clean up resources from previous jobs");
             var staleContainers = await _dockerManger.DockerPS(executionContext, $"--all --quiet --no-trunc --filter \"label={_dockerManger.DockerInstanceLabel}\"");
             foreach (var staleContainer in staleContainers)
             {
@@ -122,18 +125,20 @@ namespace GitHub.Runner.Worker
                 }
             }
 
-            executionContext.Debug($"Delete stale container networks from previous jobs");
             int networkPruneExitCode = await _dockerManger.DockerNetworkPrune(executionContext);
             if (networkPruneExitCode != 0)
             {
                 executionContext.Warning($"Delete stale container networks failed, docker network prune fail with exit code {networkPruneExitCode}");
             }
+            executionContext.Output("##[endgroup]");
 
             // Create local docker network for this job to avoid port conflict when multiple runners run on same machine.
             // All containers within a job join the same network
+            executionContext.Output("##[group]Create local container network");
             var containerNetwork = $"github_network_{Guid.NewGuid().ToString("N")}";
             await CreateContainerNetworkAsync(executionContext, containerNetwork);
             executionContext.JobContext.Container["network"] = new StringContextData(containerNetwork);
+            executionContext.Output("##[endgroup]");
 
             foreach (var container in containers)
             {
@@ -141,10 +146,12 @@ namespace GitHub.Runner.Worker
                 await StartContainerAsync(executionContext, container);
             }
 
+            executionContext.Output("##[group]Waiting for all services to be ready");
             foreach (var container in containers.Where(c => !c.IsJobContainer))
             {
                 await ContainerHealthcheck(executionContext, container);
             }
+            executionContext.Output("##[endgroup]");
         }
 
         public async Task StopContainersAsync(IExecutionContext executionContext, object data)
@@ -173,6 +180,10 @@ namespace GitHub.Runner.Worker
             Trace.Info($"Container name: {container.ContainerName}");
             Trace.Info($"Container image: {container.ContainerImage}");
             Trace.Info($"Container options: {container.ContainerCreateOptions}");
+
+            var groupName = container.IsJobContainer ? "Starting job container" : $"Starting {container.ContainerNetworkAlias} service container";
+            executionContext.Output($"##[group]{groupName}");
+
             foreach (var port in container.UserPortMappings)
             {
                 Trace.Info($"User provided port: {port.Value}");
@@ -187,12 +198,18 @@ namespace GitHub.Runner.Worker
                 }
             }
 
+            // TODO: Add at a later date. This currently no local package registry to test with
+            // UpdateRegistryAuthForGitHubToken(executionContext, container);
+
+            // Before pulling, generate client authentication if required
+            var configLocation = await ContainerRegistryLogin(executionContext, container);
+
             // Pull down docker image with retry up to 3 times
             int retryCount = 0;
             int pullExitCode = 0;
             while (retryCount < 3)
             {
-                pullExitCode = await _dockerManger.DockerPull(executionContext, container.ContainerImage);
+                pullExitCode = await _dockerManger.DockerPull(executionContext, container.ContainerImage, configLocation);
                 if (pullExitCode == 0)
                 {
                     break;
@@ -209,6 +226,9 @@ namespace GitHub.Runner.Worker
                 }
             }
 
+            // Remove credentials after pulling
+            ContainerRegistryLogout(configLocation);
+
             if (retryCount == 3 && pullExitCode != 0)
             {
                 throw new InvalidOperationException($"Docker pull failed with exit code {pullExitCode}");
@@ -304,6 +324,7 @@ namespace GitHub.Runner.Worker
                 container.ContainerRuntimePath = DockerUtil.ParsePathFromConfigEnv(containerEnv);
                 executionContext.JobContext.Container["id"] = new StringContextData(container.ContainerId);
             }
+            executionContext.Output("##[endgroup]");
         }
 
         private async Task StopContainerAsync(IExecutionContext executionContext, ContainerInfo container)
@@ -425,5 +446,83 @@ namespace GitHub.Runner.Worker
                 throw new InvalidOperationException($"Failed to initialize, {container.ContainerNetworkAlias} service is {serviceHealth}.");
             }
         }
+
+        private async Task<string> ContainerRegistryLogin(IExecutionContext executionContext, ContainerInfo container)
+        {
+            if (string.IsNullOrEmpty(container.RegistryAuthUsername) || string.IsNullOrEmpty(container.RegistryAuthPassword))
+            {
+                // No valid client config can be generated
+                return "";
+            }
+            var configLocation = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Temp), $".docker_{Guid.NewGuid()}");
+            try
+            {
+                var dirInfo = Directory.CreateDirectory(configLocation);
+            }
+            catch (Exception e)
+            {
+                throw new InvalidOperationException($"Failed to create directory to store registry client credentials: {e.Message}");
+            }
+            var loginExitCode = await _dockerManger.DockerLogin(
+                executionContext,
+                configLocation,
+                container.RegistryServer,
+                container.RegistryAuthUsername,
+                container.RegistryAuthPassword);
+
+            if (loginExitCode != 0)
+            {
+                throw new InvalidOperationException($"Docker login for '{container.RegistryServer}' failed with exit code {loginExitCode}");
+            }
+            return configLocation;
+        }
+
+        private void ContainerRegistryLogout(string configLocation)
+        {
+            try
+            {
+                if (!string.IsNullOrEmpty(configLocation) && Directory.Exists(configLocation))
+                {
+                    Directory.Delete(configLocation, recursive: true);
+                }
+            }
+            catch (Exception e)
+            {
+                throw new InvalidOperationException($"Failed to remove directory containing Docker client credentials: {e.Message}");
+            }
+        }
+
+        private void UpdateRegistryAuthForGitHubToken(IExecutionContext executionContext, ContainerInfo container)
+        {
+            var registryIsTokenCompatible = container.RegistryServer.Equals("docker.pkg.github.com", StringComparison.OrdinalIgnoreCase);
+            if (!registryIsTokenCompatible)
+            {
+                return;
+            }
+
+            var registryMatchesWorkflow = false;
+
+            // REGISTRY/OWNER/REPO/IMAGE[:TAG]
+            var imageParts = container.ContainerImage.Split('/');
+            if (imageParts.Length != 4)
+            {
+                executionContext.Warning($"Could not identify owner and repo for container image {container.ContainerImage}. Skipping automatic token auth");
+                return;
+            }
+            var owner = imageParts[1];
+            var repo = imageParts[2];
+            var nwo = $"{owner}/{repo}";
+            if (nwo.Equals(executionContext.GetGitHubContext("repository"), StringComparison.OrdinalIgnoreCase))
+            {
+                registryMatchesWorkflow = true;
+            }
+
+            var registryCredentialsNotSupplied = string.IsNullOrEmpty(container.RegistryAuthUsername) && string.IsNullOrEmpty(container.RegistryAuthPassword);
+            if (registryCredentialsNotSupplied && registryMatchesWorkflow)
+            {
+                container.RegistryAuthUsername = executionContext.GetGitHubContext("actor");
+                container.RegistryAuthPassword = executionContext.GetGitHubContext("token");
+            }
+        }
     }
 }

src/Runner.Worker/DiagnosticLogManager.cs

@@ -86,9 +86,9 @@ namespace GitHub.Runner.Worker
 
             executionContext.Debug("Zipping diagnostic files.");
 
-            string buildNumber = executionContext.Variables.Build_Number ?? "UnknownBuildNumber";
+            string buildNumber = executionContext.Global.Variables.Build_Number ?? "UnknownBuildNumber";
             string buildName = $"Build {buildNumber}";
-            string phaseName = executionContext.Variables.System_PhaseDisplayName ?? "UnknownPhaseName";
+            string phaseName = executionContext.Global.Variables.System_PhaseDisplayName ?? "UnknownPhaseName";
 
             // zip the files
             string diagnosticsZipFileName = $"{buildName}-{phaseName}.zip";

src/Runner.Worker/ExecutionContext.cs

@@ -6,6 +6,7 @@ using System.Globalization;
 using System.IO;
 using System.Linq;
 using System.Text;
+using System.Text.RegularExpressions;
 using System.Threading;
 using System.Threading.Tasks;
 using System.Web;
@@ -43,22 +44,13 @@ namespace GitHub.Runner.Worker
         string ResultCode { get; set; }
         TaskResult? CommandResult { get; set; }
         CancellationToken CancellationToken { get; }
-        List<ServiceEndpoint> Endpoints { get; }
+        GlobalContext Global { get; }
 
-        PlanFeatures Features { get; }
-        Variables Variables { get; }
         Dictionary<string, string> IntraActionState { get; }
-        IDictionary<String, IDictionary<String, String>> JobDefaults { get; }
         Dictionary<string, VariableValue> JobOutputs { get; }
-        IDictionary<String, String> EnvironmentVariables { get; }
-        IDictionary<String, ContextScope> Scopes { get; }
-        IList<String> FileTable { get; }
-        StepsContext StepsContext { get; }
+        ActionsEnvironmentReference ActionsEnvironment { get; }
         DictionaryContextData ExpressionValues { get; }
         IList<IFunctionInfo> ExpressionFunctions { get; }
-        List<string> PrependPath { get; }
-        ContainerInfo Container { get; set; }
-        List<ContainerInfo> ServiceContainers { get; }
         JobContext JobContext { get; }
 
         // Only job level ExecutionContext has JobSteps
@@ -69,13 +61,16 @@ namespace GitHub.Runner.Worker
 
         bool EchoOnActionCommand { get; set; }
 
+        bool InsideComposite { get; }
+
+        ExecutionContext Root { get; }
+
         // Initialize
         void InitializeJob(Pipelines.AgentJobRequestMessage message, CancellationToken token);
         void CancelToken();
-        IExecutionContext CreateChild(Guid recordId, string displayName, string refName, string scopeName, string contextName, Dictionary<string, string> intraActionState = null, int? recordOrder = null);
+        IExecutionContext CreateChild(Guid recordId, string displayName, string refName, string scopeName, string contextName, Dictionary<string, string> intraActionState = null, int? recordOrder = null, IPagingLogger logger = null, bool insideComposite = false, CancellationTokenSource cancellationTokenSource = null);
 
         // logging
-        bool WriteDebug { get; }
         long Write(string tag, string message);
         void QueueAttachFile(string type, string name, string filePath);
 
@@ -104,11 +99,13 @@ namespace GitHub.Runner.Worker
         // others
         void ForceTaskComplete();
         void RegisterPostJobStep(IStep step);
+        IStep CreateCompositeStep(string scopeName, IActionRunner step, DictionaryContextData inputsData, Dictionary<string, string> envData);
     }
 
     public sealed class ExecutionContext : RunnerService, IExecutionContext
     {
         private const int _maxIssueCount = 10;
+        private const int _throttlingDelayReportThreshold = 10 * 1000; // Don't report throttling with less than 10 seconds delay
 
         private readonly TimelineRecord _record = new TimelineRecord();
         private readonly Dictionary<Guid, TimelineRecord> _detailRecords = new Dictionary<Guid, TimelineRecord>();
@@ -139,21 +136,15 @@ namespace GitHub.Runner.Worker
         public string ContextName { get; private set; }
         public Task ForceCompleted => _forceCompleted.Task;
         public CancellationToken CancellationToken => _cancellationTokenSource.Token;
-        public List<ServiceEndpoint> Endpoints { get; private set; }
-        public Variables Variables { get; private set; }
         public Dictionary<string, string> IntraActionState { get; private set; }
-        public IDictionary<String, IDictionary<String, String>> JobDefaults { get; private set; }
         public Dictionary<string, VariableValue> JobOutputs { get; private set; }
-        public IDictionary<String, String> EnvironmentVariables { get; private set; }
-        public IDictionary<String, ContextScope> Scopes { get; private set; }
-        public IList<String> FileTable { get; private set; }
-        public StepsContext StepsContext { get; private set; }
+
+        public ActionsEnvironmentReference ActionsEnvironment { get; private set; }
         public DictionaryContextData ExpressionValues { get; } = new DictionaryContextData();
         public IList<IFunctionInfo> ExpressionFunctions { get; } = new List<IFunctionInfo>();
-        public bool WriteDebug { get; private set; }
-        public List<string> PrependPath { get; private set; }
-        public ContainerInfo Container { get; set; }
-        public List<ContainerInfo> ServiceContainers { get; private set; }
+
+        // Shared pointer across job-level execution context and step-level execution contexts
+        public GlobalContext Global { get; private set; }
 
         // Only job level ExecutionContext has JobSteps
         public Queue<IStep> JobSteps { get; private set; }
@@ -166,6 +157,7 @@ namespace GitHub.Runner.Worker
 
         public bool EchoOnActionCommand { get; set; }
 
+        public bool InsideComposite { get; private set; }
 
         public TaskResult? Result
         {
@@ -197,9 +189,7 @@ namespace GitHub.Runner.Worker
             }
         }
 
-        public PlanFeatures Features { get; private set; }
-
-        private ExecutionContext Root
+        public ExecutionContext Root
         {
             get
             {
@@ -263,17 +253,44 @@ namespace GitHub.Runner.Worker
             Root.PostJobSteps.Push(step);
         }
 
-        public IExecutionContext CreateChild(Guid recordId, string displayName, string refName, string scopeName, string contextName, Dictionary<string, string> intraActionState = null, int? recordOrder = null)
+        /// <summary>
+        /// Helper function used in CompositeActionHandler::RunAsync to
+        /// add a child node, aka a step, to the current job to the Root.JobSteps based on the location.
+        /// </summary>
+        public IStep CreateCompositeStep(
+            string scopeName,
+            IActionRunner step,
+            DictionaryContextData inputsData,
+            Dictionary<string, string> envData)
+        {
+            step.ExecutionContext = Root.CreateChild(_record.Id, _record.Name, _record.Id.ToString("N"), scopeName, step.Action.ContextName, logger: _logger, insideComposite: true, cancellationTokenSource: CancellationTokenSource.CreateLinkedTokenSource(_cancellationTokenSource.Token));
+            step.ExecutionContext.ExpressionValues["inputs"] = inputsData;
+            step.ExecutionContext.ExpressionValues["steps"] = Global.StepsContext.GetScope(step.ExecutionContext.GetFullyQualifiedContextName());
+
+            // Add the composite action environment variables to each step.
+#if OS_WINDOWS
+            var envContext = new DictionaryContextData();
+#else
+            var envContext = new CaseSensitiveDictionaryContextData();
+#endif
+            foreach (var pair in envData)
+            {
+                envContext[pair.Key] = new StringContextData(pair.Value ?? string.Empty);
+            }
+            step.ExecutionContext.ExpressionValues["env"] = envContext;
+
+            return step;
+        }
+
+        public IExecutionContext CreateChild(Guid recordId, string displayName, string refName, string scopeName, string contextName, Dictionary<string, string> intraActionState = null, int? recordOrder = null, IPagingLogger logger = null, bool insideComposite = false, CancellationTokenSource cancellationTokenSource = null)
         {
             Trace.Entering();
 
             var child = new ExecutionContext();
             child.Initialize(HostContext);
+            child.Global = Global;
             child.ScopeName = scopeName;
             child.ContextName = contextName;
-            child.Features = Features;
-            child.Variables = Variables;
-            child.Endpoints = Endpoints;
             if (intraActionState == null)
             {
                 child.IntraActionState = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
@@ -282,11 +299,6 @@ namespace GitHub.Runner.Worker
             {
                 child.IntraActionState = intraActionState;
             }
-            child.EnvironmentVariables = EnvironmentVariables;
-            child.JobDefaults = JobDefaults;
-            child.Scopes = Scopes;
-            child.FileTable = FileTable;
-            child.StepsContext = StepsContext;
             foreach (var pair in ExpressionValues)
             {
                 child.ExpressionValues[pair.Key] = pair.Value;
@@ -295,12 +307,8 @@ namespace GitHub.Runner.Worker
             {
                 child.ExpressionFunctions.Add(item);
             }
-            child._cancellationTokenSource = new CancellationTokenSource();
-            child.WriteDebug = WriteDebug;
+            child._cancellationTokenSource = cancellationTokenSource ?? new CancellationTokenSource();
             child._parentExecutionContext = this;
-            child.PrependPath = PrependPath;
-            child.Container = Container;
-            child.ServiceContainers = ServiceContainers;
             child.EchoOnActionCommand = EchoOnActionCommand;
 
             if (recordOrder != null)
@@ -311,9 +319,17 @@ namespace GitHub.Runner.Worker
             {
                 child.InitializeTimelineRecord(_mainTimelineId, recordId, _record.Id, ExecutionContextType.Task, displayName, refName, ++_childTimelineRecordOrder);
             }
-
+            if (logger != null)
+            {
+                child._logger = logger;
+            }
+            else
+            {
                 child._logger = HostContext.CreateService<IPagingLogger>();
                 child._logger.Setup(_mainTimelineId, recordId);
+            }
+
+            child.InsideComposite = insideComposite;
 
             return child;
         }
@@ -335,7 +351,7 @@ namespace GitHub.Runner.Worker
             }
 
             // report total delay caused by server throttling.
-            if (_totalThrottlingDelayInMilliseconds > 0)
+            if (_totalThrottlingDelayInMilliseconds > _throttlingDelayReportThreshold)
             {
                 this.Warning($"The job has experienced {TimeSpan.FromMilliseconds(_totalThrottlingDelayInMilliseconds).TotalSeconds} seconds total delay caused by server throttling.");
             }
@@ -363,14 +379,19 @@ namespace GitHub.Runner.Worker
                 }
             }
 
+            if (Root != this)
+            {
+                // only dispose TokenSource for step level ExecutionContext
                 _cancellationTokenSource?.Dispose();
+            }
 
             _logger.End();
 
-            if (!string.IsNullOrEmpty(ContextName))
+            // Skip if generated context name. Generated context names start with "__". After M271-ish the server will never send an empty context name.
+            if (!string.IsNullOrEmpty(ContextName) && !ContextName.StartsWith("__", StringComparison.Ordinal))
             {
-                StepsContext.SetOutcome(ScopeName, ContextName, (Outcome ?? Result ?? TaskResult.Succeeded).ToActionResult().ToString());
-                StepsContext.SetConclusion(ScopeName, ContextName, (Result ?? TaskResult.Succeeded).ToActionResult().ToString());
+                Global.StepsContext.SetOutcome(ScopeName, ContextName, (Outcome ?? Result ?? TaskResult.Succeeded).ToActionResult());
+                Global.StepsContext.SetConclusion(ScopeName, ContextName, (Result ?? TaskResult.Succeeded).ToActionResult());
             }
 
             return Result.Value;
@@ -429,7 +450,8 @@ namespace GitHub.Runner.Worker
         {
             ArgUtil.NotNullOrEmpty(name, nameof(name));
 
-            if (String.IsNullOrEmpty(ContextName))
+            // Skip if generated context name. Generated context names start with "__". After M271-ish the server will never send an empty context name.
+            if (string.IsNullOrEmpty(ContextName) || ContextName.StartsWith("__", StringComparison.Ordinal))
             {
                 reference = null;
                 return;
@@ -437,7 +459,7 @@ namespace GitHub.Runner.Worker
 
             // todo: restrict multiline?
 
-            StepsContext.SetOutput(ScopeName, ContextName, name, value, out reference);
+            Global.StepsContext.SetOutput(ScopeName, ContextName, name, value, out reference);
         }
 
         public void SetTimeout(TimeSpan? timeout)
@@ -571,42 +593,38 @@ namespace GitHub.Runner.Worker
 
             _cancellationTokenSource = CancellationTokenSource.CreateLinkedTokenSource(token);
 
-            // Features
-            Features = PlanUtil.GetFeatures(message.Plan);
+            Global = new GlobalContext();
+
+            // Plan
+            Global.Plan = message.Plan;
+            Global.Features = PlanUtil.GetFeatures(message.Plan);
 
             // Endpoints
-            Endpoints = message.Resources.Endpoints;
+            Global.Endpoints = message.Resources.Endpoints;
 
             // Variables
-            Variables = new Variables(HostContext, message.Variables);
+            Global.Variables = new Variables(HostContext, message.Variables);
 
             // Environment variables shared across all actions
-            EnvironmentVariables = new Dictionary<string, string>(VarUtil.EnvironmentVariableKeyComparer);
+            Global.EnvironmentVariables = new Dictionary<string, string>(VarUtil.EnvironmentVariableKeyComparer);
 
             // Job defaults shared across all actions
-            JobDefaults = new Dictionary<string, IDictionary<string, string>>(StringComparer.OrdinalIgnoreCase);
+            Global.JobDefaults = new Dictionary<string, IDictionary<string, string>>(StringComparer.OrdinalIgnoreCase);
 
             // Job Outputs
             JobOutputs = new Dictionary<string, VariableValue>(StringComparer.OrdinalIgnoreCase);
 
+            // Actions environment
+            ActionsEnvironment = message.ActionsEnvironment;
+
             // Service container info
-            ServiceContainers = new List<ContainerInfo>();
+            Global.ServiceContainers = new List<ContainerInfo>();
 
             // Steps context (StepsRunner manages adding the scoped steps context)
-            StepsContext = new StepsContext();
-
-            // Scopes
-            Scopes = new Dictionary<String, ContextScope>(StringComparer.OrdinalIgnoreCase);
-            if (message.Scopes?.Count > 0)
-            {
-                foreach (var scope in message.Scopes)
-                {
-                    Scopes[scope.Name] = scope;
-                }
-            }
+            Global.StepsContext = new StepsContext();
 
             // File table
-            FileTable = new List<String>(message.FileTable ?? new string[0]);
+            Global.FileTable = new List<String>(message.FileTable ?? new string[0]);
 
             // Expression values
             if (message.ContextData?.Count > 0)
@@ -617,15 +635,15 @@ namespace GitHub.Runner.Worker
                 }
             }
 
-            ExpressionValues["secrets"] = Variables.ToSecretsContext();
+            ExpressionValues["secrets"] = Global.Variables.ToSecretsContext();
             ExpressionValues["runner"] = new RunnerContext();
             ExpressionValues["job"] = new JobContext();
 
             Trace.Info("Initialize GitHub context");
-            var githubAccessToken = new StringContextData(Variables.Get("system.github.token"));
+            var githubAccessToken = new StringContextData(Global.Variables.Get("system.github.token"));
             var base64EncodedToken = Convert.ToBase64String(Encoding.UTF8.GetBytes($"x-access-token:{githubAccessToken}"));
             HostContext.SecretMasker.AddValue(base64EncodedToken);
-            var githubJob = Variables.Get("system.github.job");
+            var githubJob = Global.Variables.Get("system.github.job");
             var githubContext = new GitHubContext();
             githubContext["token"] = githubAccessToken;
             if (!string.IsNullOrEmpty(githubJob))
@@ -648,7 +666,7 @@ namespace GitHub.Runner.Worker
 #endif
 
             // Prepend Path
-            PrependPath = new List<string>();
+            Global.PrependPath = new List<string>();
 
             // JobSteps for job ExecutionContext
             JobSteps = new Queue<IStep>();
@@ -674,10 +692,10 @@ namespace GitHub.Runner.Worker
             _logger.Setup(_mainTimelineId, _record.Id);
 
             // Initialize 'echo on action command success' property, default to false, unless Step_Debug is set
-            EchoOnActionCommand = Variables.Step_Debug ?? false;
+            EchoOnActionCommand = Global.Variables.Step_Debug ?? false;
 
             // Verbosity (from GitHub.Step_Debug).
-            WriteDebug = Variables.Step_Debug ?? false;
+            Global.WriteDebug = Global.Variables.Step_Debug ?? false;
 
             // Hook up JobServerQueueThrottling event, we will log warning on server tarpit.
             _jobServerQueue.JobServerQueueThrottling += JobServerQueueThrottling_EventReceived;
@@ -705,7 +723,7 @@ namespace GitHub.Runner.Worker
                 }
             }
 
-            _jobServerQueue.QueueWebConsoleLine(_record.Id, msg);
+            _jobServerQueue.QueueWebConsoleLine(_record.Id, msg, totalLines);
             return totalLines;
         }
 
@@ -851,7 +869,8 @@ namespace GitHub.Runner.Worker
         {
             Interlocked.Add(ref _totalThrottlingDelayInMilliseconds, Convert.ToInt64(data.Delay.TotalMilliseconds));
 
-            if (!_throttlingReported)
+            if (!_throttlingReported &&
+                _totalThrottlingDelayInMilliseconds > _throttlingDelayReportThreshold)
             {
                 this.Warning(string.Format("The job is currently being throttled by the server. You may experience delays in console line output, job status reporting, and action log uploads."));
 
@@ -877,6 +896,16 @@ namespace GitHub.Runner.Worker
     // Otherwise individual overloads would need to be implemented (depending on the unit test).
     public static class ExecutionContextExtension
     {
+        public static string GetFullyQualifiedContextName(this IExecutionContext context)
+        {
+            if (!string.IsNullOrEmpty(context.ScopeName))
+            {
+                return $"{context.ScopeName}.{context.ContextName}";
+            }
+
+            return context.ContextName;
+        }
+
         public static void Error(this IExecutionContext context, Exception ex)
         {
             context.Error(ex.Message);
@@ -915,7 +944,7 @@ namespace GitHub.Runner.Worker
         // Do not add a format string overload. See comment on ExecutionContext.Write().
         public static void Debug(this IExecutionContext context, string message)
         {
-            if (context.WriteDebug)
+            if (context.Global.WriteDebug)
             {
                 var multilines = message?.Replace("\r\n", "\n")?.Split("\n");
                 if (multilines != null)
@@ -940,7 +969,7 @@ namespace GitHub.Runner.Worker
                 traceWriter = context.ToTemplateTraceWriter();
             }
             var schema = PipelineTemplateSchemaFactory.GetSchema();
-            return new PipelineTemplateEvaluator(traceWriter, schema, context.FileTable);
+            return new PipelineTemplateEvaluator(traceWriter, schema, context.Global.FileTable);
         }
 
         public static ObjectTemplating.ITraceWriter ToTemplateTraceWriter(this IExecutionContext context)

src/Runner.Worker/Expressions/HashFilesFunction.cs

@@ -12,6 +12,8 @@ namespace GitHub.Runner.Worker.Expressions
 {
     public sealed class HashFilesFunction : Function
     {
+        private const int _hashFileTimeoutSeconds = 120;
+
         protected sealed override Object EvaluateCore(
             EvaluationContext context,
             out ResultMemory resultMemory)
@@ -89,20 +91,30 @@ namespace GitHub.Runner.Worker.Expressions
             }
             env["patterns"] = string.Join(Environment.NewLine, patterns);
 
+            using (var tokenSource = new CancellationTokenSource(TimeSpan.FromSeconds(_hashFileTimeoutSeconds)))
+            {
+                try
+                {
                     int exitCode = p.ExecuteAsync(workingDirectory: githubWorkspace,
                                                   fileName: node,
                                                   arguments: $"\"{hashFilesScript.Replace("\"", "\\\"")}\"",
                                                   environment: env,
                                                   requireExitCodeZero: false,
-                                          cancellationToken: new CancellationTokenSource(TimeSpan.FromSeconds(120)).Token).GetAwaiter().GetResult();
+                                                  cancellationToken: tokenSource.Token).GetAwaiter().GetResult();
 
                     if (exitCode != 0)
                     {
                         throw new InvalidOperationException($"hashFiles('{ExpressionUtility.StringEscape(string.Join(", ", patterns))}') failed. Fail to hash files under directory '{githubWorkspace}'");
                     }
+                }
+                catch (OperationCanceledException) when (tokenSource.IsCancellationRequested)
+                {
+                    throw new TimeoutException($"hashFiles('{ExpressionUtility.StringEscape(string.Join(", ", patterns))}') couldn't finish within {_hashFileTimeoutSeconds} seconds.");
+                }
 
                 return hashResult;
             }
+        }
 
         private sealed class HashFilesTrace : ITraceWriter
         {

src/Runner.Worker/FileCommandManager.cs

@@ -0,0 +1,262 @@
+using GitHub.DistributedTask.WebApi;
+using GitHub.Runner.Worker.Container;
+using GitHub.Runner.Common;
+using GitHub.Runner.Sdk;
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Text;
+
+namespace GitHub.Runner.Worker
+{
+    [ServiceLocator(Default = typeof(FileCommandManager))]
+    public interface IFileCommandManager : IRunnerService
+    {
+        void InitializeFiles(IExecutionContext context, ContainerInfo container);
+        void ProcessFiles(IExecutionContext context, ContainerInfo container);
+    
+    }
+
+    public sealed class FileCommandManager : RunnerService, IFileCommandManager
+    {
+        private const string _folderName = "_runner_file_commands";
+        private List<IFileCommandExtension> _commandExtensions;
+        private string _fileSuffix = String.Empty;
+        private string _fileCommandDirectory;
+        private Tracing _trace;
+
+        public override void Initialize(IHostContext hostContext)
+        {
+            base.Initialize(hostContext);
+            _trace = HostContext.GetTrace(nameof(FileCommandManager));
+
+            _fileCommandDirectory = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Temp), _folderName);
+            if (!Directory.Exists(_fileCommandDirectory))
+            {
+                Directory.CreateDirectory(_fileCommandDirectory);
+            }
+
+            var extensionManager = hostContext.GetService<IExtensionManager>();
+            _commandExtensions = extensionManager.GetExtensions<IFileCommandExtension>() ?? new List<IFileCommandExtension>();
+        }
+
+        public void InitializeFiles(IExecutionContext context, ContainerInfo container)
+        {
+            var oldSuffix = _fileSuffix;
+            _fileSuffix = Guid.NewGuid().ToString();
+            foreach (var fileCommand in _commandExtensions)
+            {
+                var oldPath = Path.Combine(_fileCommandDirectory, fileCommand.FilePrefix + oldSuffix);
+                if (oldSuffix != String.Empty && File.Exists(oldPath))
+                {
+                    TryDeleteFile(oldPath);
+                }
+
+                var newPath = Path.Combine(_fileCommandDirectory, fileCommand.FilePrefix + _fileSuffix);
+                TryDeleteFile(newPath);
+                File.Create(newPath).Dispose();
+
+                var pathToSet = container != null ? container.TranslateToContainerPath(newPath) : newPath; 
+                context.SetGitHubContext(fileCommand.ContextName, pathToSet);
+            }
+        }
+
+        public void ProcessFiles(IExecutionContext context, ContainerInfo container)
+        {
+            foreach (var fileCommand in _commandExtensions)
+            {
+                try 
+                {
+                    fileCommand.ProcessCommand(context, Path.Combine(_fileCommandDirectory, fileCommand.FilePrefix + _fileSuffix),container);
+                }
+                catch (Exception ex)
+                {
+                    context.Error($"Unable to process file command '{fileCommand.ContextName}' successfully.");
+                    context.Error(ex);
+                    context.CommandResult = TaskResult.Failed;
+                }
+            }
+        }
+
+        private bool TryDeleteFile(string path)
+        {
+            if (!File.Exists(path))
+            {
+                return true;
+            }
+            try
+            {
+                File.Delete(path);
+            }
+            catch (Exception e)
+            {
+                _trace.Warning($"Unable to delete file {path} for reason: {e.ToString()}");
+                return false;
+            }
+            return true;
+        }
+    }
+
+    public interface IFileCommandExtension : IExtension
+    {
+        string ContextName { get; }
+        string FilePrefix { get; }
+
+        void ProcessCommand(IExecutionContext context, string filePath, ContainerInfo container);
+    }
+
+    public sealed class AddPathFileCommand : RunnerService, IFileCommandExtension
+    {
+        public string ContextName => "path";
+        public string FilePrefix => "add_path_";
+
+        public Type ExtensionType => typeof(IFileCommandExtension);
+
+        public void ProcessCommand(IExecutionContext context, string filePath, ContainerInfo container)
+        {
+            if (File.Exists(filePath))
+            {
+                var lines = File.ReadAllLines(filePath, Encoding.UTF8);
+                foreach(var line in lines)
+                {
+                    if (line == string.Empty)
+                    {
+                        continue;
+                    }
+                    context.Global.PrependPath.RemoveAll(x => string.Equals(x, line, StringComparison.CurrentCulture));
+                    context.Global.PrependPath.Add(line);
+                }
+            }
+        }
+    }
+
+    public sealed class SetEnvFileCommand : RunnerService, IFileCommandExtension
+    {
+        public string ContextName => "env";
+        public string FilePrefix => "set_env_";
+
+        public Type ExtensionType => typeof(IFileCommandExtension);
+
+        public void ProcessCommand(IExecutionContext context, string filePath, ContainerInfo container)
+        {
+            try
+            {
+                var text = File.ReadAllText(filePath) ?? string.Empty;
+                var index = 0;
+                var line = ReadLine(text, ref index);
+                while (line != null)
+                {
+                    if (!string.IsNullOrEmpty(line))
+                    {
+                        var equalsIndex = line.IndexOf("=", StringComparison.Ordinal);
+                        var heredocIndex = line.IndexOf("<<", StringComparison.Ordinal);
+
+                        // Normal style NAME=VALUE
+                        if (equalsIndex >= 0 && (heredocIndex < 0 || equalsIndex < heredocIndex))
+                        {
+                            var split = line.Split(new[] { '=' }, 2, StringSplitOptions.None);
+                            if (string.IsNullOrEmpty(line))
+                            {
+                                throw new Exception($"Invalid environment variable format '{line}'. Environment variable name must not be empty");
+                            }
+                            SetEnvironmentVariable(context, split[0], split[1]);
+                        }
+                        // Heredoc style NAME<<EOF
+                        else if (heredocIndex >= 0 && (equalsIndex < 0 || heredocIndex < equalsIndex))
+                        {
+                            var split = line.Split(new[] { "<<" }, 2, StringSplitOptions.None);
+                            if (string.IsNullOrEmpty(split[0]) || string.IsNullOrEmpty(split[1]))
+                            {
+                                throw new Exception($"Invalid environment variable format '{line}'. Environment variable name must not be empty and delimiter must not be empty");
+                            }
+                            var name = split[0];
+                            var delimiter = split[1];
+                            var startIndex = index; // Start index of the value (inclusive)
+                            var endIndex = index;   // End index of the value (exclusive)
+                            var tempLine = ReadLine(text, ref index, out var newline);
+                            while (!string.Equals(tempLine, delimiter, StringComparison.Ordinal))
+                            {
+                                if (tempLine == null)
+                                {
+                                    throw new Exception($"Invalid environment variable value. Matching delimiter not found '{delimiter}'");
+                                }
+                                endIndex = index - newline.Length;
+                                tempLine = ReadLine(text, ref index, out newline);
+                            }
+
+                            var value = endIndex > startIndex ? text.Substring(startIndex, endIndex - startIndex) : string.Empty;
+                            SetEnvironmentVariable(context, name, value);
+                        }
+                        else
+                        {
+                            throw new Exception($"Invalid environment variable format '{line}'");
+                        }
+                    }
+
+                    line = ReadLine(text, ref index);
+                }
+            }
+            catch (DirectoryNotFoundException)
+            {
+                context.Debug($"Environment variables file does not exist '{filePath}'");
+            }
+            catch (FileNotFoundException)
+            {
+                context.Debug($"Environment variables file does not exist '{filePath}'");
+            }
+        }
+
+        private static void SetEnvironmentVariable(
+            IExecutionContext context,
+            string name,
+            string value)
+        {
+            context.Global.EnvironmentVariables[name] = value;
+            context.SetEnvContext(name, value);
+            context.Debug($"{name}='{value}'");
+        }
+
+        private static string ReadLine(
+            string text,
+            ref int index)
+        {
+            return ReadLine(text, ref index, out _);
+        }
+
+        private static string ReadLine(
+            string text,
+            ref int index,
+            out string newline)
+        {
+            if (index >= text.Length)
+            {
+                newline = null;
+                return null;
+            }
+
+            var originalIndex = index;
+            var lfIndex = text.IndexOf("\n", index, StringComparison.Ordinal);
+            if (lfIndex < 0)
+            {
+                index = text.Length;
+                newline = null;
+                return text.Substring(originalIndex);
+            }
+
+#if OS_WINDOWS
+            var crLFIndex = text.IndexOf("\r\n", index, StringComparison.Ordinal);
+            if (crLFIndex >= 0 && crLFIndex < lfIndex)
+            {
+                index = crLFIndex + 2; // Skip over CRLF
+                newline = "\r\n";
+                return text.Substring(originalIndex, crLFIndex - originalIndex);
+            }
+#endif
+
+            index = lfIndex + 1; // Skip over LF
+            newline = "\n";
+            return text.Substring(originalIndex, lfIndex - originalIndex);
+        }
+    }
+}

src/Runner.Worker/GitHubContext.cs

@@ -6,23 +6,30 @@ namespace GitHub.Runner.Worker
 {
     public sealed class GitHubContext : DictionaryContextData, IEnvironmentContextData
     {
-        private readonly HashSet<string> _contextEnvWhitelist = new HashSet<string>(StringComparer.OrdinalIgnoreCase)
+        private readonly HashSet<string> _contextEnvAllowlist = new HashSet<string>(StringComparer.OrdinalIgnoreCase)
         {
             "action",
+            "action_path",
+            "action_ref",
+            "action_repository",
             "actor",
-            "api_url", // temp for GHES alpha release
+            "api_url",
             "base_ref",
+            "env",
             "event_name",
             "event_path",
+            "graphql_url",
             "head_ref",
             "job",
+            "path",
             "ref",
             "repository",
             "repository_owner",
+            "retention_days",
             "run_id",
             "run_number",
+            "server_url",
             "sha",
-            "url", // temp for GHES alpha release
             "workflow",
             "workspace",
         };
@@ -31,11 +38,23 @@ namespace GitHub.Runner.Worker
         {
             foreach (var data in this)
             {
-                if (_contextEnvWhitelist.Contains(data.Key) && data.Value is StringContextData value)
+                if (_contextEnvAllowlist.Contains(data.Key) && data.Value is StringContextData value)
                 {
                     yield return new KeyValuePair<string, string>($"GITHUB_{data.Key.ToUpperInvariant()}", value);
                 }
             }
         }
+
+        public GitHubContext ShallowCopy()
+        {
+            var copy = new GitHubContext();
+
+            foreach (var pair in this)
+            {
+                copy[pair.Key] = pair.Value;
+            }
+
+            return copy;
+        }
     }
 }

src/Runner.Worker/GlobalContext.cs

@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+using GitHub.DistributedTask.WebApi;
+using GitHub.Runner.Common.Util;
+using GitHub.Runner.Worker.Container;
+
+namespace GitHub.Runner.Worker
+{
+    public sealed class GlobalContext
+    {
+        public ContainerInfo Container { get; set; }
+        public List<ServiceEndpoint> Endpoints { get; set; }
+        public IDictionary<String, String> EnvironmentVariables { get; set; }
+        public PlanFeatures Features { get; set; }
+        public IList<String> FileTable { get; set; }
+        public IDictionary<String, IDictionary<String, String>> JobDefaults { get; set; }
+        public TaskOrchestrationPlanReference Plan { get; set; }
+        public List<string> PrependPath { get; set; }
+        public List<ContainerInfo> ServiceContainers { get; set; }
+        public StepsContext StepsContext { get; set; }
+        public Variables Variables { get; set; }
+        public bool WriteDebug { get; set; }
+    }
+}

src/Runner.Worker/Handlers/CompositeActionHandler.cs

@@ -0,0 +1,282 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using GitHub.DistributedTask.ObjectTemplating.Tokens;
+using GitHub.DistributedTask.Pipelines.ContextData;
+using GitHub.DistributedTask.WebApi;
+using GitHub.Runner.Common;
+using GitHub.Runner.Sdk;
+using Pipelines = GitHub.DistributedTask.Pipelines;
+
+
+namespace GitHub.Runner.Worker.Handlers
+{
+    [ServiceLocator(Default = typeof(CompositeActionHandler))]
+    public interface ICompositeActionHandler : IHandler
+    {
+        CompositeActionExecutionData Data { get; set; }
+    }
+    public sealed class CompositeActionHandler : Handler, ICompositeActionHandler
+    {
+        public CompositeActionExecutionData Data { get; set; }
+
+        public async Task RunAsync(ActionRunStage stage)
+        {
+            // Validate args.
+            Trace.Entering();
+            ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext));
+            ArgUtil.NotNull(Inputs, nameof(Inputs));
+            ArgUtil.NotNull(Data.Steps, nameof(Data.Steps));
+
+            // Resolve action steps
+            var actionSteps = Data.Steps;
+
+            // Create Context Data to reuse for each composite action step
+            var inputsData = new DictionaryContextData();
+            foreach (var i in Inputs)
+            {
+                inputsData[i.Key] = new StringContextData(i.Value);
+            }
+
+            // Initialize Composite Steps List of Steps
+            var compositeSteps = new List<IStep>();
+
+            // Temporary hack until after M271-ish. After M271-ish the server will never send an empty
+            // context name. Generated context names start with "__"
+            var childScopeName = ExecutionContext.GetFullyQualifiedContextName();
+            if (string.IsNullOrEmpty(childScopeName))
+            {
+                childScopeName = $"__{Guid.NewGuid()}";
+            }
+
+            foreach (Pipelines.ActionStep actionStep in actionSteps)
+            {
+                var actionRunner = HostContext.CreateService<IActionRunner>();
+                actionRunner.Action = actionStep;
+                actionRunner.Stage = stage;
+                actionRunner.Condition = actionStep.Condition;
+
+                var step = ExecutionContext.CreateCompositeStep(childScopeName, actionRunner, inputsData, Environment);
+
+                // Shallow copy github context
+                var gitHubContext = step.ExecutionContext.ExpressionValues["github"] as GitHubContext;
+                ArgUtil.NotNull(gitHubContext, nameof(gitHubContext));
+                gitHubContext = gitHubContext.ShallowCopy();
+                step.ExecutionContext.ExpressionValues["github"] = gitHubContext;
+
+                // Set GITHUB_ACTION_PATH
+                step.ExecutionContext.SetGitHubContext("action_path", ActionDirectory);
+
+                compositeSteps.Add(step);
+            }
+
+            try
+            {
+                // This is where we run each step.
+                await RunStepsAsync(compositeSteps);
+
+                // Get the pointer of the correct "steps" object and pass it to the ExecutionContext so that we can process the outputs correctly
+                ExecutionContext.ExpressionValues["inputs"] = inputsData;
+                ExecutionContext.ExpressionValues["steps"] = ExecutionContext.Global.StepsContext.GetScope(ExecutionContext.GetFullyQualifiedContextName());
+
+                ProcessCompositeActionOutputs();
+
+                ExecutionContext.Global.StepsContext.ClearScope(childScopeName);
+            }
+            catch (Exception ex)
+            {
+                // Composite StepRunner should never throw exception out.
+                Trace.Error($"Caught exception from composite steps {nameof(CompositeActionHandler)}: {ex}");
+                ExecutionContext.Error(ex);
+                ExecutionContext.Result = TaskResult.Failed;
+            }
+        }
+
+        private void ProcessCompositeActionOutputs()
+        {
+            ArgUtil.NotNull(ExecutionContext, nameof(ExecutionContext));
+
+            // Evaluate the mapped outputs value
+            if (Data.Outputs != null)
+            {
+                // Evaluate the outputs in the steps context to easily retrieve the values
+                var actionManifestManager = HostContext.GetService<IActionManifestManager>();
+
+                // Format ExpressionValues to Dictionary<string, PipelineContextData>
+                var evaluateContext = new Dictionary<string, PipelineContextData>(StringComparer.OrdinalIgnoreCase);
+                foreach (var pair in ExecutionContext.ExpressionValues)
+                {
+                    evaluateContext[pair.Key] = pair.Value;
+                }
+
+                // Get the evluated composite outputs' values mapped to the outputs named
+                DictionaryContextData actionOutputs = actionManifestManager.EvaluateCompositeOutputs(ExecutionContext, Data.Outputs, evaluateContext);
+
+                // Set the outputs for the outputs object in the whole composite action
+                // Each pair is structured like this
+                // We ignore "description" for now
+                // {
+                //   "the-output-name": {
+                //     "description": "",
+                //     "value": "the value"
+                //   },
+                //   ...
+                // }
+                foreach (var pair in actionOutputs)
+                {
+                    var outputsName = pair.Key;
+                    var outputsAttributes = pair.Value as DictionaryContextData;
+                    outputsAttributes.TryGetValue("value", out var val);
+
+                    if (val != null)
+                    {
+                        var outputsValue = val as StringContextData;
+                        // Set output in the whole composite scope. 
+                        if (!String.IsNullOrEmpty(outputsValue))
+                        {
+                            ExecutionContext.SetOutput(outputsName, outputsValue, out _);
+                        }
+                        else
+                        {
+                            ExecutionContext.SetOutput(outputsName, "", out _);
+                        }
+                    }
+                }
+            }
+        }
+
+        private async Task RunStepsAsync(List<IStep> compositeSteps)
+        {
+            ArgUtil.NotNull(compositeSteps, nameof(compositeSteps));
+
+            // The parent StepsRunner of the whole Composite Action Step handles the cancellation stuff already. 
+            foreach (IStep step in compositeSteps)
+            {
+                Trace.Info($"Processing composite step: DisplayName='{step.DisplayName}'");
+
+                step.ExecutionContext.ExpressionValues["steps"] = ExecutionContext.Global.StepsContext.GetScope(step.ExecutionContext.ScopeName);
+
+                // Populate env context for each step
+                Trace.Info("Initialize Env context for step");
+#if OS_WINDOWS
+                var envContext = new DictionaryContextData();
+#else
+                var envContext = new CaseSensitiveDictionaryContextData();
+#endif
+
+                // Global env
+                foreach (var pair in ExecutionContext.Global.EnvironmentVariables)
+                {
+                    envContext[pair.Key] = new StringContextData(pair.Value ?? string.Empty);
+                }
+
+                // Stomps over with outside step env
+                if (step.ExecutionContext.ExpressionValues.TryGetValue("env", out var envContextData))
+                {
+#if OS_WINDOWS
+                    var dict = envContextData as DictionaryContextData;
+#else
+                    var dict = envContextData as CaseSensitiveDictionaryContextData;
+#endif
+                    foreach (var pair in dict)
+                    {
+                        envContext[pair.Key] = pair.Value;
+                    }
+                }
+
+                step.ExecutionContext.ExpressionValues["env"] = envContext;
+
+                var actionStep = step as IActionRunner;
+
+                try
+                {
+                    // Evaluate and merge action's env block to env context
+                    var templateEvaluator = step.ExecutionContext.ToPipelineTemplateEvaluator();
+                    var actionEnvironment = templateEvaluator.EvaluateStepEnvironment(actionStep.Action.Environment, step.ExecutionContext.ExpressionValues, step.ExecutionContext.ExpressionFunctions, Common.Util.VarUtil.EnvironmentVariableKeyComparer);
+                    foreach (var env in actionEnvironment)
+                    {
+                        envContext[env.Key] = new StringContextData(env.Value ?? string.Empty);
+                    }
+                }
+                catch (Exception ex)
+                {
+                    // fail the step since there is an evaluate error.
+                    Trace.Info("Caught exception in Composite Steps Runner from expression for step.env");
+                    // evaluateStepEnvFailed = true;
+                    step.ExecutionContext.Error(ex);
+                    step.ExecutionContext.Complete(TaskResult.Failed);
+                }
+
+                await RunStepAsync(step);
+
+                // Directly after the step, check if the step has failed or cancelled
+                // If so, return that to the output
+                if (step.ExecutionContext.Result == TaskResult.Failed || step.ExecutionContext.Result == TaskResult.Canceled)
+                {
+                    ExecutionContext.Result = step.ExecutionContext.Result;
+                    break;
+                }
+
+                // TODO: Add compat for other types of steps.
+            }
+            // Completion Status handled by StepsRunner for the whole Composite Action Step
+        }
+
+        private async Task RunStepAsync(IStep step)
+        {
+            // Start the step.
+            Trace.Info("Starting the step.");
+            step.ExecutionContext.Debug($"Starting: {step.DisplayName}");
+
+            // TODO: Fix for Step Level Timeout Attributes for an individual Composite Run Step
+            // For now, we are not going to support this for an individual composite run step
+
+            var templateEvaluator = step.ExecutionContext.ToPipelineTemplateEvaluator();
+
+            await Common.Util.EncodingUtil.SetEncoding(HostContext, Trace, step.ExecutionContext.CancellationToken);
+
+            try
+            {
+                await step.RunAsync();
+            }
+            catch (OperationCanceledException ex)
+            {
+                if (step.ExecutionContext.CancellationToken.IsCancellationRequested &&
+                    !ExecutionContext.Root.CancellationToken.IsCancellationRequested)
+                {
+                    Trace.Error($"Caught timeout exception from step: {ex.Message}");
+                    step.ExecutionContext.Error("The action has timed out.");
+                    step.ExecutionContext.Result = TaskResult.Failed;
+                }
+                else
+                {
+                    Trace.Error($"Caught cancellation exception from step: {ex}");
+                    step.ExecutionContext.Error(ex);
+                    step.ExecutionContext.Result = TaskResult.Canceled;
+                }
+            }
+            catch (Exception ex)
+            {
+                // Log the error and fail the step.
+                Trace.Error($"Caught exception from step: {ex}");
+                step.ExecutionContext.Error(ex);
+                step.ExecutionContext.Result = TaskResult.Failed;
+            }
+
+            // Merge execution context result with command result
+            if (step.ExecutionContext.CommandResult != null)
+            {
+                step.ExecutionContext.Result = Common.Util.TaskResultUtil.MergeTaskResults(step.ExecutionContext.Result, step.ExecutionContext.CommandResult.Value);
+            }
+
+            Trace.Info($"Step result: {step.ExecutionContext.Result}");
+
+            // Complete the step context.
+            step.ExecutionContext.Debug($"Finishing: {step.DisplayName}");
+        }
+    }
+}

src/Runner.Worker/Handlers/ContainerActionHandler.cs

@@ -49,10 +49,18 @@ namespace GitHub.Runner.Worker.Handlers
                 // ensure docker file exist
                 var dockerFile = Path.Combine(ActionDirectory, Data.Image);
                 ArgUtil.File(dockerFile, nameof(Data.Image));
-                ExecutionContext.Output($"Dockerfile for action: '{dockerFile}'.");
 
+                ExecutionContext.Output($"##[group]Building docker image");
+                ExecutionContext.Output($"Dockerfile for action: '{dockerFile}'.");
                 var imageName = $"{dockerManger.DockerInstanceLabel}:{ExecutionContext.Id.ToString("N")}";
-                var buildExitCode = await dockerManger.DockerBuild(ExecutionContext, ExecutionContext.GetGitHubContext("workspace"), Directory.GetParent(dockerFile).FullName, imageName);
+                var buildExitCode = await dockerManger.DockerBuild(
+                    ExecutionContext,
+                    ExecutionContext.GetGitHubContext("workspace"),
+                    dockerFile,
+                    Directory.GetParent(dockerFile).FullName,
+                    imageName);
+                ExecutionContext.Output("##[endgroup]");
+
                 if (buildExitCode != 0)
                 {
                     throw new InvalidOperationException($"Docker build failed with exit code {buildExitCode}");
@@ -153,16 +161,21 @@ namespace GitHub.Runner.Worker.Handlers
             Directory.CreateDirectory(tempHomeDirectory);
             this.Environment["HOME"] = tempHomeDirectory;
 
+            var tempFileCommandDirectory = Path.Combine(tempDirectory, "_runner_file_commands");
+            ArgUtil.Directory(tempFileCommandDirectory, nameof(tempFileCommandDirectory));
+
             var tempWorkflowDirectory = Path.Combine(tempDirectory, "_github_workflow");
             ArgUtil.Directory(tempWorkflowDirectory, nameof(tempWorkflowDirectory));
 
             container.MountVolumes.Add(new MountVolume("/var/run/docker.sock", "/var/run/docker.sock"));
             container.MountVolumes.Add(new MountVolume(tempHomeDirectory, "/github/home"));
             container.MountVolumes.Add(new MountVolume(tempWorkflowDirectory, "/github/workflow"));
+            container.MountVolumes.Add(new MountVolume(tempFileCommandDirectory, "/github/file_commands"));
             container.MountVolumes.Add(new MountVolume(defaultWorkingDirectory, "/github/workspace"));
 
             container.AddPathTranslateMapping(tempHomeDirectory, "/github/home");
             container.AddPathTranslateMapping(tempWorkflowDirectory, "/github/workflow");
+            container.AddPathTranslateMapping(tempFileCommandDirectory, "/github/file_commands");
             container.AddPathTranslateMapping(defaultWorkingDirectory, "/github/workspace");
 
             container.ContainerWorkDirectory = "/github/workspace";
@@ -180,7 +193,7 @@ namespace GitHub.Runner.Worker.Handlers
             }
 
             // Add Actions Runtime server info
-            var systemConnection = ExecutionContext.Endpoints.Single(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase));
+            var systemConnection = ExecutionContext.Global.Endpoints.Single(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase));
             Environment["ACTIONS_RUNTIME_URL"] = systemConnection.Url.AbsoluteUri;
             Environment["ACTIONS_RUNTIME_TOKEN"] = systemConnection.Authorization.Parameters[EndpointAuthorizationParameters.AccessToken];
             if (systemConnection.Data.TryGetValue("CacheServerUrl", out var cacheUrl) && !string.IsNullOrEmpty(cacheUrl))

src/Runner.Worker/Handlers/Handler.cs

@@ -148,14 +148,14 @@ namespace GitHub.Runner.Worker.Handlers
         {
             // Validate args.
             Trace.Entering();
-            ArgUtil.NotNull(ExecutionContext.PrependPath, nameof(ExecutionContext.PrependPath));
-            if (ExecutionContext.PrependPath.Count == 0)
+            ArgUtil.NotNull(ExecutionContext.Global.PrependPath, nameof(ExecutionContext.Global.PrependPath));
+            if (ExecutionContext.Global.PrependPath.Count == 0)
             {
                 return;
             }
 
             // Prepend path.
-            string prepend = string.Join(Path.PathSeparator.ToString(), ExecutionContext.PrependPath.Reverse<string>());
+            string prepend = string.Join(Path.PathSeparator.ToString(), ExecutionContext.Global.PrependPath.Reverse<string>());
             var containerStepHost = StepHost as ContainerStepHost;
             if (containerStepHost != null)
             {

src/Runner.Worker/Handlers/HandlerFactory.cs

@@ -66,6 +66,11 @@ namespace GitHub.Runner.Worker.Handlers
                 handler = HostContext.CreateService<IRunnerPluginHandler>();
                 (handler as IRunnerPluginHandler).Data = data as PluginActionExecutionData;
             }
+            else if (data.ExecutionType == ActionExecutionType.Composite)
+            {
+                handler = HostContext.CreateService<ICompositeActionHandler>();
+                (handler as ICompositeActionHandler).Data = data as CompositeActionExecutionData;
+            }
             else
             {
                 // This should never happen.

src/Runner.Worker/Handlers/NodeScriptActionHandler.cs

@@ -46,7 +46,7 @@ namespace GitHub.Runner.Worker.Handlers
             }
 
             // Add Actions Runtime server info
-            var systemConnection = ExecutionContext.Endpoints.Single(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase));
+            var systemConnection = ExecutionContext.Global.Endpoints.Single(x => string.Equals(x.Name, WellKnownServiceEndpointNames.SystemVssConnection, StringComparison.OrdinalIgnoreCase));
             Environment["ACTIONS_RUNTIME_URL"] = systemConnection.Url.AbsoluteUri;
             Environment["ACTIONS_RUNTIME_TOKEN"] = systemConnection.Authorization.Parameters[EndpointAuthorizationParameters.AccessToken];
             if (systemConnection.Data.TryGetValue("CacheServerUrl", out var cacheUrl) && !string.IsNullOrEmpty(cacheUrl))
@@ -113,7 +113,7 @@ namespace GitHub.Runner.Worker.Handlers
                                                 requireExitCodeZero: false,
                                                 outputEncoding: outputEncoding,
                                                 killProcessOnCancel: false,
-                                                inheritConsoleHandler: !ExecutionContext.Variables.Retain_Default_Encoding,
+                                                inheritConsoleHandler: !ExecutionContext.Global.Variables.Retain_Default_Encoding,
                                                 cancellationToken: ExecutionContext.CancellationToken);
 
                 // Wait for either the node exit or force finish through ##vso command

src/Runner.Worker/Handlers/OutputManager.cs

@@ -31,7 +31,7 @@ namespace GitHub.Runner.Worker.Handlers
         {
             _executionContext = executionContext;
             _commandManager = commandManager;
-            _container = container ?? executionContext.Container;
+            _container = container ?? executionContext.Global.Container;
 
             // Recursion failsafe (test override)
             var failsafeString = Environment.GetEnvironmentVariable("RUNNER_TEST_GET_REPOSITORY_PATH_FAILSAFE");
@@ -41,7 +41,7 @@ namespace GitHub.Runner.Worker.Handlers
             }
 
             // Determine the timeout
-            var timeoutStr = _executionContext.Variables.Get(_timeoutKey);
+            var timeoutStr = _executionContext.Global.Variables.Get(_timeoutKey);
             if (string.IsNullOrEmpty(timeoutStr) ||
                 !TimeSpan.TryParse(timeoutStr, CultureInfo.InvariantCulture, out _timeout) ||
                 _timeout <= TimeSpan.Zero)
@@ -352,18 +352,27 @@ namespace GitHub.Runner.Worker.Handlers
                 if (File.Exists(gitConfigPath))
                 {
                     // Check if the config contains the workflow repository url
-                    var qualifiedRepository = _executionContext.GetGitHubContext("repository");
-                    var configMatch = $"url = https://github.com/{qualifiedRepository}";
+                    var serverUrl = _executionContext.GetGitHubContext("server_url");
+                    serverUrl = !string.IsNullOrEmpty(serverUrl) ? serverUrl : "https://github.com";
+                    var host = new Uri(serverUrl, UriKind.Absolute).Host;
+                    var nameWithOwner = _executionContext.GetGitHubContext("repository");
+                    var patterns = new[] {
+                        $"url = {serverUrl}/{nameWithOwner}",
+                        $"url = git@{host}:{nameWithOwner}.git",
+                    };
                     var content = File.ReadAllText(gitConfigPath);
                     foreach (var line in content.Split("\n").Select(x => x.Trim()))
                     {
-                        if (String.Equals(line, configMatch, StringComparison.OrdinalIgnoreCase))
+                        foreach (var pattern in patterns)
+                        {
+                            if (String.Equals(line, pattern, StringComparison.OrdinalIgnoreCase))
                             {
                                 repositoryPath = directoryPath;
                                 break;
                             }
                         }
                     }
+                }
                 else
                 {
                     // Recursive call

src/Runner.Worker/Handlers/ScriptHandler.cs

@@ -23,6 +23,19 @@ namespace GitHub.Runner.Worker.Handlers
 
         public override void PrintActionDetails(ActionRunStage stage)
         {
+            // We don't want to display the internal workings if composite (similar/equivalent information can be found in debug)
+            void writeDetails(string message)
+            {
+                if (ExecutionContext.InsideComposite)
+                {
+                    ExecutionContext.Debug(message);
+                }
+                else
+                {
+                    ExecutionContext.Output(message);
+                }
+            }
+
             if (stage == ActionRunStage.Post)
             {
                 throw new NotSupportedException("Script action should not have 'Post' job action.");
@@ -39,7 +52,7 @@ namespace GitHub.Runner.Worker.Handlers
                     firstLine = firstLine.Substring(0, firstNewLine);
                 }
 
-                ExecutionContext.Output($"##[group]Run {firstLine}");
+                writeDetails(ExecutionContext.InsideComposite ? $"Run {firstLine}" : $"##[group]Run {firstLine}");
             }
             else
             {
@@ -50,20 +63,20 @@ namespace GitHub.Runner.Worker.Handlers
             foreach (var line in multiLines)
             {
                 // Bright Cyan color
-                ExecutionContext.Output($"\x1b[36;1m{line}\x1b[0m");
+                writeDetails($"\x1b[36;1m{line}\x1b[0m");
             }
 
             string argFormat;
             string shellCommand;
             string shellCommandPath = null;
             bool validateShellOnHost = !(StepHost is ContainerStepHost);
-            string prependPath = string.Join(Path.PathSeparator.ToString(), ExecutionContext.PrependPath.Reverse<string>());
+            string prependPath = string.Join(Path.PathSeparator.ToString(), ExecutionContext.Global.PrependPath.Reverse<string>());
             string shell = null;
             if (!Inputs.TryGetValue("shell", out shell) || string.IsNullOrEmpty(shell))
             {
                 // TODO: figure out how defaults interact with template later
                 // for now, we won't check job.defaults if we are inside a template.
-                if (string.IsNullOrEmpty(ExecutionContext.ScopeName) && ExecutionContext.JobDefaults.TryGetValue("run", out var runDefaults))
+                if (string.IsNullOrEmpty(ExecutionContext.ScopeName) && ExecutionContext.Global.JobDefaults.TryGetValue("run", out var runDefaults))
                 {
                     runDefaults.TryGetValue("shell", out shell);
                 }
@@ -109,23 +122,23 @@ namespace GitHub.Runner.Worker.Handlers
 
             if (!string.IsNullOrEmpty(shellCommandPath))
             {
-                ExecutionContext.Output($"shell: {shellCommandPath} {argFormat}");
+                writeDetails($"shell: {shellCommandPath} {argFormat}");
             }
             else
             {
-                ExecutionContext.Output($"shell: {shellCommand} {argFormat}");
+                writeDetails($"shell: {shellCommand} {argFormat}");
             }
 
             if (this.Environment?.Count > 0)
             {
-                ExecutionContext.Output("env:");
+                writeDetails("env:");
                 foreach (var env in this.Environment)
                 {
-                    ExecutionContext.Output($"  {env.Key}: {env.Value}");
+                    writeDetails($"  {env.Key}: {env.Value}");
                 }
             }
 
-            ExecutionContext.Output("##[endgroup]");
+            writeDetails(ExecutionContext.InsideComposite ? "" : "##[endgroup]");
         }
 
         public async Task RunAsync(ActionRunStage stage)
@@ -151,9 +164,7 @@ namespace GitHub.Runner.Worker.Handlers
             string workingDirectory = null;
             if (!Inputs.TryGetValue("workingDirectory", out workingDirectory))
             {
-                // TODO: figure out how defaults interact with template later
-                // for now, we won't check job.defaults if we are inside a template.
-                if (string.IsNullOrEmpty(ExecutionContext.ScopeName) && ExecutionContext.JobDefaults.TryGetValue("run", out var runDefaults))
+                if (string.IsNullOrEmpty(ExecutionContext.ScopeName) && ExecutionContext.Global.JobDefaults.TryGetValue("run", out var runDefaults))
                 {
                     if (runDefaults.TryGetValue("working-directory", out workingDirectory))
                     {
@@ -167,9 +178,7 @@ namespace GitHub.Runner.Worker.Handlers
             string shell = null;
             if (!Inputs.TryGetValue("shell", out shell) || string.IsNullOrEmpty(shell))
             {
-                // TODO: figure out how defaults interact with template later
-                // for now, we won't check job.defaults if we are inside a template.
-                if (string.IsNullOrEmpty(ExecutionContext.ScopeName) && ExecutionContext.JobDefaults.TryGetValue("run", out var runDefaults))
+                if (string.IsNullOrEmpty(ExecutionContext.ScopeName) && ExecutionContext.Global.JobDefaults.TryGetValue("run", out var runDefaults))
                 {
                     if (runDefaults.TryGetValue("shell", out shell))
                     {
@@ -180,7 +189,7 @@ namespace GitHub.Runner.Worker.Handlers
 
             var isContainerStepHost = StepHost is ContainerStepHost;
 
-            string prependPath = string.Join(Path.PathSeparator.ToString(), ExecutionContext.PrependPath.Reverse<string>());
+            string prependPath = string.Join(Path.PathSeparator.ToString(), ExecutionContext.Global.PrependPath.Reverse<string>());
             string commandPath, argFormat, shellCommand;
             // Set up default command and arguments
             if (string.IsNullOrEmpty(shell))
@@ -232,7 +241,7 @@ namespace GitHub.Runner.Worker.Handlers
 #if OS_WINDOWS
             // Normalize Windows line endings
             contents = contents.Replace("\r\n", "\n").Replace("\n", "\r\n");
-            var encoding = ExecutionContext.Variables.Retain_Default_Encoding && Console.InputEncoding.CodePage != 65001
+            var encoding = ExecutionContext.Global.Variables.Retain_Default_Encoding && Console.InputEncoding.CodePage != 65001
                 ? Console.InputEncoding
                 : new UTF8Encoding(false);
 #else
@@ -285,7 +294,7 @@ namespace GitHub.Runner.Worker.Handlers
                                             requireExitCodeZero: false,
                                             outputEncoding: null,
                                             killProcessOnCancel: false,
-                                            inheritConsoleHandler: !ExecutionContext.Variables.Retain_Default_Encoding,
+                                            inheritConsoleHandler: !ExecutionContext.Global.Variables.Retain_Default_Encoding,
                                             cancellationToken: ExecutionContext.CancellationToken);
 
                 // Error

src/Runner.Worker/Handlers/StepHost.cs

@@ -149,14 +149,14 @@ namespace GitHub.Runner.Worker.Handlers
                             throw new NotSupportedException(msg);
                         }
                         nodeExternal = "node12_alpine";
-                        executionContext.Output($"Container distribution is alpine. Running JavaScript Action with external tool: {nodeExternal}");
+                        executionContext.Debug($"Container distribution is alpine. Running JavaScript Action with external tool: {nodeExternal}");
                         return nodeExternal;
                     }
                 }
             }
             // Optimistically use the default
             nodeExternal = "node12";
-            executionContext.Output($"Running JavaScript Action with default external tool: {nodeExternal}");
+            executionContext.Debug($"Running JavaScript Action with default external tool: {nodeExternal}");
             return nodeExternal;
         }
 

src/Runner.Worker/JobContext.cs

@@ -21,7 +21,7 @@ namespace GitHub.Runner.Worker
             }
             set
             {
-                this["status"] = new StringContextData(value.ToString());
+                this["status"] = new StringContextData(value.ToString().ToLowerInvariant());
             }
         }
 

src/Runner.Worker/JobExtension.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Globalization;
@@ -64,6 +64,24 @@ namespace GitHub.Runner.Worker
                     context.Debug($"Starting: Set up job");
                     context.Output($"Current runner version: '{BuildConstants.RunnerPackage.Version}'");
 
+                    var setting = HostContext.GetService<IConfigurationStore>().GetSettings();
+                    var credFile = HostContext.GetConfigFile(WellKnownConfigFile.Credentials);
+                    if (File.Exists(credFile))
+                    {
+                        var credData = IOUtil.LoadObject<CredentialData>(credFile);
+                        if (credData != null &&
+                            credData.Data.TryGetValue("clientId", out var clientId))
+                        {
+                            // print out HostName for self-hosted runner
+                            context.Output($"Runner name: '{setting.AgentName}'");
+                            if (message.Variables.TryGetValue("system.runnerGroupName", out VariableValue runnerGroupName))
+                            {
+                                context.Output($"Runner group name: '{runnerGroupName.Value}'");
+                            }
+                            context.Output($"Machine name: '{Environment.MachineName}'");
+                        }
+                    }
+
                     var setupInfoFile = HostContext.GetConfigFile(WellKnownConfigFile.SetupInfo);
                     if (File.Exists(setupInfoFile))
                     {
@@ -131,12 +149,13 @@ namespace GitHub.Runner.Worker
                     // Temporary hack for GHES alpha
                     var configurationStore = HostContext.GetService<IConfigurationStore>();
                     var runnerSettings = configurationStore.GetSettings();
-                    if (!runnerSettings.IsHostedServer && !string.IsNullOrEmpty(runnerSettings.GitHubUrl))
+                    if (string.IsNullOrEmpty(context.GetGitHubContext("server_url")) && !runnerSettings.IsHostedServer && !string.IsNullOrEmpty(runnerSettings.GitHubUrl))
                     {
                         var url = new Uri(runnerSettings.GitHubUrl);
                         var portInfo = url.IsDefaultPort ? string.Empty : $":{url.Port.ToString(CultureInfo.InvariantCulture)}";
-                        context.SetGitHubContext("url", $"{url.Scheme}://{url.Host}{portInfo}");
+                        context.SetGitHubContext("server_url", $"{url.Scheme}://{url.Host}{portInfo}");
                         context.SetGitHubContext("api_url", $"{url.Scheme}://{url.Host}{portInfo}/api/v3");
+                        context.SetGitHubContext("graphql_url", $"{url.Scheme}://{url.Host}{portInfo}/api/graphql");
                     }
 
                     // Evaluate the job-level environment variables
@@ -147,7 +166,7 @@ namespace GitHub.Runner.Worker
                         var environmentVariables = templateEvaluator.EvaluateStepEnvironment(token, jobContext.ExpressionValues, jobContext.ExpressionFunctions, VarUtil.EnvironmentVariableKeyComparer);
                         foreach (var pair in environmentVariables)
                         {
-                            context.EnvironmentVariables[pair.Key] = pair.Value ?? string.Empty;
+                            context.Global.EnvironmentVariables[pair.Key] = pair.Value ?? string.Empty;
                             context.SetEnvContext(pair.Key, pair.Value ?? string.Empty);
                         }
                     }
@@ -157,7 +176,7 @@ namespace GitHub.Runner.Worker
                     var container = templateEvaluator.EvaluateJobContainer(message.JobContainer, jobContext.ExpressionValues, jobContext.ExpressionFunctions);
                     if (container != null)
                     {
-                        jobContext.Container = new Container.ContainerInfo(HostContext, container);
+                        jobContext.Global.Container = new Container.ContainerInfo(HostContext, container);
                     }
 
                     // Evaluate the job service containers
@@ -169,7 +188,7 @@ namespace GitHub.Runner.Worker
                         {
                             var networkAlias = pair.Key;
                             var serviceContainer = pair.Value;
-                            jobContext.ServiceContainers.Add(new Container.ContainerInfo(HostContext, serviceContainer, false, networkAlias));
+                            jobContext.Global.ServiceContainers.Add(new Container.ContainerInfo(HostContext, serviceContainer, false, networkAlias));
                         }
                     }
 
@@ -180,14 +199,14 @@ namespace GitHub.Runner.Worker
                         var defaults = token.AssertMapping("defaults");
                         if (defaults.Any(x => string.Equals(x.Key.AssertString("defaults key").Value, "run", StringComparison.OrdinalIgnoreCase)))
                         {
-                            context.JobDefaults["run"] = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+                            context.Global.JobDefaults["run"] = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
                             var defaultsRun = defaults.First(x => string.Equals(x.Key.AssertString("defaults key").Value, "run", StringComparison.OrdinalIgnoreCase));
                             var jobDefaults = templateEvaluator.EvaluateJobDefaultsRun(defaultsRun.Value, jobContext.ExpressionValues, jobContext.ExpressionFunctions);
                             foreach (var pair in jobDefaults)
                             {
                                 if (!string.IsNullOrEmpty(pair.Value))
                                 {
-                                    context.JobDefaults["run"][pair.Key] = pair.Value;
+                                    context.Global.JobDefaults["run"][pair.Key] = pair.Value;
                                 }
                             }
                         }
@@ -201,15 +220,15 @@ namespace GitHub.Runner.Worker
                     preJobSteps.AddRange(prepareResult.ContainerSetupSteps);
 
                     // Add start-container steps, record and stop-container steps
-                    if (jobContext.Container != null || jobContext.ServiceContainers.Count > 0)
+                    if (jobContext.Global.Container != null || jobContext.Global.ServiceContainers.Count > 0)
                     {
                         var containerProvider = HostContext.GetService<IContainerOperationProvider>();
                         var containers = new List<Container.ContainerInfo>();
-                        if (jobContext.Container != null)
+                        if (jobContext.Global.Container != null)
                         {
-                            containers.Add(jobContext.Container);
+                            containers.Add(jobContext.Global.Container);
                         }
-                        containers.AddRange(jobContext.ServiceContainers);
+                        containers.AddRange(jobContext.Global.ServiceContainers);
 
                         preJobSteps.Add(new JobExtensionRunner(runAsync: containerProvider.StartContainersAsync,
                                                                           condition: $"{PipelineTemplateConstants.Success}()",
@@ -281,7 +300,7 @@ namespace GitHub.Runner.Worker
                         {
                             ArgUtil.NotNull(actionStep, step.DisplayName);
                             intraActionStates.TryGetValue(actionStep.Action.Id, out var intraActionState);
-                            actionStep.ExecutionContext = jobContext.CreateChild(actionStep.Action.Id, actionStep.DisplayName, actionStep.Action.Name, actionStep.Action.ScopeName, actionStep.Action.ContextName, intraActionState);
+                            actionStep.ExecutionContext = jobContext.CreateChild(actionStep.Action.Id, actionStep.DisplayName, actionStep.Action.Name, null, actionStep.Action.ContextName, intraActionState);
                         }
                     }
 
@@ -290,7 +309,7 @@ namespace GitHub.Runner.Worker
                     steps.AddRange(jobSteps);
 
                     // Prepare for orphan process cleanup
-                    _processCleanup = jobContext.Variables.GetBoolean("process.clean") ?? true;
+                    _processCleanup = jobContext.Global.Variables.GetBoolean("process.clean") ?? true;
                     if (_processCleanup)
                     {
                         // Set the RUNNER_TRACKING_ID env variable.
@@ -346,6 +365,24 @@ namespace GitHub.Runner.Worker
                     context.Start();
                     context.Debug("Starting: Complete job");
 
+                    Trace.Info("Initialize Env context");
+
+#if OS_WINDOWS
+                    var envContext = new DictionaryContextData();
+#else
+                    var envContext = new CaseSensitiveDictionaryContextData();
+#endif
+                    context.ExpressionValues["env"] = envContext;
+                    foreach (var pair in context.Global.EnvironmentVariables)
+                    {
+                        envContext[pair.Key] = new StringContextData(pair.Value ?? string.Empty);
+                    }
+
+                    // Populate env context for each step
+                    Trace.Info("Initialize steps context");
+                    context.ExpressionValues["steps"] = context.Global.StepsContext.GetScope(context.ScopeName);
+
+                    var templateEvaluator = context.ToPipelineTemplateEvaluator();
                     // Evaluate job outputs
                     if (message.JobOutputs != null && message.JobOutputs.Type != TokenType.Null)
                     {
@@ -355,21 +392,7 @@ namespace GitHub.Runner.Worker
 
                             // Populate env context for each step
                             Trace.Info("Initialize Env context for evaluating job outputs");
-#if OS_WINDOWS
-                            var envContext = new DictionaryContextData();
-#else
-                            var envContext = new CaseSensitiveDictionaryContextData();
-#endif
-                            context.ExpressionValues["env"] = envContext;
-                            foreach (var pair in context.EnvironmentVariables)
-                            {
-                                envContext[pair.Key] = new StringContextData(pair.Value ?? string.Empty);
-                            }
 
-                            Trace.Info("Initialize steps context for evaluating job outputs");
-                            context.ExpressionValues["steps"] = context.StepsContext.GetScope(context.ScopeName);
-
-                            var templateEvaluator = context.ToPipelineTemplateEvaluator();
                             var outputs = templateEvaluator.EvaluateJobOutput(message.JobOutputs, context.ExpressionValues, context.ExpressionFunctions);
                             foreach (var output in outputs)
                             {
@@ -398,7 +421,35 @@ namespace GitHub.Runner.Worker
                         }
                     }
 
-                    if (context.Variables.GetBoolean(Constants.Variables.Actions.RunnerDebug) ?? false)
+                    // Evaluate environment data
+                    if (jobContext.ActionsEnvironment?.Url != null && jobContext.ActionsEnvironment?.Url.Type != TokenType.Null)
+                    {
+                        try
+                        {
+                            context.Output($"Evaluate and set environment url");
+
+                            var environmentUrlToken = templateEvaluator.EvaluateEnvironmentUrl(jobContext.ActionsEnvironment.Url, context.ExpressionValues, context.ExpressionFunctions);
+                            var environmentUrl = environmentUrlToken.AssertString("environment.url");
+                            if (!string.Equals(environmentUrl.Value, HostContext.SecretMasker.MaskSecrets(environmentUrl.Value)))
+                            {
+                                context.Warning($"Skip setting environment url as environment '{jobContext.ActionsEnvironment.Name}' may contain secret.");
+                            }
+                            else
+                            {
+                                context.Output($"Evaluated environment url: {environmentUrl}");
+                                jobContext.ActionsEnvironment.Url = environmentUrlToken;
+                            }
+                        }
+                        catch (Exception ex)
+                        {
+                            context.Result = TaskResult.Failed;
+                            context.Error($"Failed to evaluate environment url");
+                            context.Error(ex);
+                            jobContext.Result = TaskResultUtil.MergeTaskResults(jobContext.Result, TaskResult.Failed);
+                        }
+                    }
+
+                    if (context.Global.Variables.GetBoolean(Constants.Variables.Actions.RunnerDebug) ?? false)
                     {
                         Trace.Info("Support log upload starting.");
                         context.Output("Uploading runner diagnostic logs");

src/Runner.Worker/JobRunner.cs

@@ -5,21 +5,13 @@ using GitHub.Services.Common;
 using GitHub.Services.WebApi;
 using System;
 using System.Collections.Generic;
-using System.Globalization;
 using System.IO;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
 using System.Net.Http;
-using System.Text;
-using System.IO.Compression;
-using System.Diagnostics;
-using Newtonsoft.Json.Linq;
-using GitHub.DistributedTask.ObjectTemplating.Tokens;
 using GitHub.Runner.Common;
 using GitHub.Runner.Sdk;
-using GitHub.DistributedTask.Pipelines.ContextData;
-using GitHub.DistributedTask.ObjectTemplating;
 
 namespace GitHub.Runner.Worker
 {
@@ -107,7 +99,7 @@ namespace GitHub.Runner.Worker
                     return await CompleteJobAsync(jobServer, jobContext, message, TaskResult.Failed);
                 }
 
-                if (jobContext.WriteDebug)
+                if (jobContext.Global.WriteDebug)
                 {
                     jobContext.SetRunnerContext("debug", "1");
                 }
@@ -122,13 +114,6 @@ namespace GitHub.Runner.Worker
                 _tempDirectoryManager = HostContext.GetService<ITempDirectoryManager>();
                 _tempDirectoryManager.InitializeTempDirectory(jobContext);
 
-                // // Expand container properties
-                // jobContext.Container?.ExpandProperties(jobContext.Variables);
-                // foreach (var sidecar in jobContext.SidecarContainers)
-                // {
-                //     sidecar.ExpandProperties(jobContext.Variables);
-                // }
-
                 // Get the job extension.
                 Trace.Info("Getting job extension.");
                 IJobExtension jobExtension = HostContext.CreateService<IJobExtension>();
@@ -224,14 +209,14 @@ namespace GitHub.Runner.Worker
             // Clean TEMP after finish process jobserverqueue, since there might be a pending fileupload still use the TEMP dir.
             _tempDirectoryManager?.CleanupTempDirectory();
 
-            if (!jobContext.Features.HasFlag(PlanFeatures.JobCompletedPlanEvent))
+            if (!jobContext.Global.Features.HasFlag(PlanFeatures.JobCompletedPlanEvent))
             {
                 Trace.Info($"Skip raise job completed event call from worker because Plan version is {message.Plan.Version}");
                 return result;
             }
 
             Trace.Info("Raising job completed event.");
-            var jobCompletedEvent = new JobCompletedEvent(message.RequestId, message.JobId, result, jobContext.JobOutputs);
+            var jobCompletedEvent = new JobCompletedEvent(message.RequestId, message.JobId, result, jobContext.JobOutputs, jobContext.ActionsEnvironment);
 
             var completeJobRetryLimit = 5;
             var exceptions = new List<Exception>();
@@ -254,6 +239,12 @@ namespace GitHub.Runner.Worker
                     Trace.Error(ex);
                     return TaskResult.Failed;
                 }
+                catch (TaskOrchestrationPlanTerminatedException ex)
+                {
+                    Trace.Error($"TaskOrchestrationPlanTerminatedException received, while attempting to raise JobCompletedEvent for job {message.JobId}.");
+                    Trace.Error(ex);
+                    return TaskResult.Failed;
+                }
                 catch (Exception ex)
                 {
                     Trace.Error($"Catch exception while attempting to raise JobCompletedEvent for job {message.JobId}, job request {message.RequestId}.");

src/Runner.Worker/RunnerPluginManager.cs

@@ -100,12 +100,12 @@ namespace GitHub.Runner.Worker
             RunnerActionPluginExecutionContext pluginContext = new RunnerActionPluginExecutionContext
             {
                 Inputs = inputs,
-                Endpoints = context.Endpoints,
+                Endpoints = context.Global.Endpoints,
                 Context = context.ExpressionValues
             };
 
             // variables
-            foreach (var variable in context.Variables.AllVariables)
+            foreach (var variable in context.Global.Variables.AllVariables)
             {
                 pluginContext.Variables[variable.Name] = new VariableValue(variable.Value, variable.Secret);
             }

src/Runner.Worker/StepsContext.cs

@@ -15,6 +15,14 @@ namespace GitHub.Runner.Worker
         private static readonly Regex _propertyRegex = new Regex("^[a-zA-Z_][a-zA-Z0-9_]*$", RegexOptions.Compiled);
         private readonly DictionaryContextData _contextData = new DictionaryContextData();
 
+        public void ClearScope(string scopeName)
+        {
+            if (_contextData.TryGetValue(scopeName, out _))
+            {
+                _contextData[scopeName] = new DictionaryContextData();
+            } 
+        }
+
         public DictionaryContextData GetScope(string scopeName)
         {
             if (scopeName == null)
@@ -59,19 +67,19 @@ namespace GitHub.Runner.Worker
         public void SetConclusion(
             string scopeName,
             string stepName,
-            string conclusion)
+            ActionResult conclusion)
         {
             var step = GetStep(scopeName, stepName);
-            step["conclusion"] = new StringContextData(conclusion);
+            step["conclusion"] = new StringContextData(conclusion.ToString().ToLowerInvariant());
         }
 
         public void SetOutcome(
             string scopeName,
             string stepName,
-            string outcome)
+            ActionResult outcome)
         {
             var step = GetStep(scopeName, stepName);
-            step["outcome"] = new StringContextData(outcome);
+            step["outcome"] = new StringContextData(outcome.ToString().ToLowerInvariant());
         }
 
         private DictionaryContextData GetStep(string scopeName, string stepName)

src/Runner.Worker/StepsRunner.cs

@@ -66,11 +66,11 @@ namespace GitHub.Runner.Worker
                 }
 
                 var step = jobContext.JobSteps.Dequeue();
-                var nextStep = jobContext.JobSteps.Count > 0 ? jobContext.JobSteps.Peek() : null;
 
                 Trace.Info($"Processing step: DisplayName='{step.DisplayName}'");
                 ArgUtil.NotNull(step.ExecutionContext, nameof(step.ExecutionContext));
-                ArgUtil.NotNull(step.ExecutionContext.Variables, nameof(step.ExecutionContext.Variables));
+                ArgUtil.NotNull(step.ExecutionContext.Global, nameof(step.ExecutionContext.Global));
+                ArgUtil.NotNull(step.ExecutionContext.Global.Variables, nameof(step.ExecutionContext.Global.Variables));
 
                 // Start
                 step.ExecutionContext.Start();
@@ -82,9 +82,8 @@ namespace GitHub.Runner.Worker
                 step.ExecutionContext.ExpressionFunctions.Add(new FunctionInfo<SuccessFunction>(PipelineTemplateConstants.Success, 0, 0));
                 step.ExecutionContext.ExpressionFunctions.Add(new FunctionInfo<HashFilesFunction>(PipelineTemplateConstants.HashFiles, 1, byte.MaxValue));
 
-                // Initialize scope
-                if (InitializeScope(step, scopeInputs))
-                {
+                step.ExecutionContext.ExpressionValues["steps"] = step.ExecutionContext.Global.StepsContext.GetScope(step.ExecutionContext.ScopeName);
+
                 // Populate env context for each step
                 Trace.Info("Initialize Env context for step");
 #if OS_WINDOWS
@@ -92,17 +91,23 @@ namespace GitHub.Runner.Worker
 #else
                 var envContext = new CaseSensitiveDictionaryContextData();
 #endif
-                    step.ExecutionContext.ExpressionValues["env"] = envContext;
-                    foreach (var pair in step.ExecutionContext.EnvironmentVariables)
+
+                // Global env
+                foreach (var pair in step.ExecutionContext.Global.EnvironmentVariables)
                 {
                     envContext[pair.Key] = new StringContextData(pair.Value ?? string.Empty);
                 }
 
+                step.ExecutionContext.ExpressionValues["env"] = envContext;
+
+                bool evaluateStepEnvFailed = false;
                 if (step is IActionRunner actionStep)
                 {
                     // Set GITHUB_ACTION
                     step.ExecutionContext.SetGitHubContext("action", actionStep.Action.Name);
 
+                    try
+                    {
                         // Evaluate and merge action's env block to env context
                         var templateEvaluator = step.ExecutionContext.ToPipelineTemplateEvaluator();
                         var actionEnvironment = templateEvaluator.EvaluateStepEnvironment(actionStep.Action.Environment, step.ExecutionContext.ExpressionValues, step.ExecutionContext.ExpressionFunctions, VarUtil.EnvironmentVariableKeyComparer);
@@ -111,7 +116,18 @@ namespace GitHub.Runner.Worker
                             envContext[env.Key] = new StringContextData(env.Value ?? string.Empty);
                         }
                     }
+                    catch (Exception ex)
+                    {
+                        // fail the step since there is an evaluate error.
+                        Trace.Info("Caught exception from expression for step.env");
+                        evaluateStepEnvFailed = true;
+                        step.ExecutionContext.Error(ex);
+                        CompleteStep(step, TaskResult.Failed);
+                    }
+                }
 
+                if (!evaluateStepEnvFailed)
+                {
                     try
                     {
                         // Register job cancellation call back only if job cancellation token not been fire before each step run
@@ -195,19 +211,19 @@ namespace GitHub.Runner.Worker
                         {
                             // Condition == false
                             Trace.Info("Skipping step due to condition evaluation.");
-                            CompleteStep(step, nextStep, TaskResult.Skipped, resultCode: conditionTraceWriter.Trace);
+                            CompleteStep(step, TaskResult.Skipped, resultCode: conditionTraceWriter.Trace);
                         }
                         else if (conditionEvaluateError != null)
                         {
                             // fail the step since there is an evaluate error.
                             step.ExecutionContext.Error(conditionEvaluateError);
-                            CompleteStep(step, nextStep, TaskResult.Failed);
+                            CompleteStep(step, TaskResult.Failed);
                         }
                         else
                         {
                             // Run the step.
                             await RunStepAsync(step, jobContext.CancellationToken);
-                            CompleteStep(step, nextStep);
+                            CompleteStep(step);
                         }
                     }
                     finally
@@ -270,40 +286,7 @@ namespace GitHub.Runner.Worker
                 step.ExecutionContext.SetTimeout(timeout);
             }
 
-#if OS_WINDOWS
-            try
-            {
-                if (Console.InputEncoding.CodePage != 65001)
-                {
-                    using (var p = HostContext.CreateService<IProcessInvoker>())
-                    {
-                        // Use UTF8 code page
-                        int exitCode = await p.ExecuteAsync(workingDirectory: HostContext.GetDirectory(WellKnownDirectory.Work),
-                                                fileName: WhichUtil.Which("chcp", true, Trace),
-                                                arguments: "65001",
-                                                environment: null,
-                                                requireExitCodeZero: false,
-                                                outputEncoding: null,
-                                                killProcessOnCancel: false,
-                                                redirectStandardIn: null,
-                                                inheritConsoleHandler: true,
-                                                cancellationToken: step.ExecutionContext.CancellationToken);
-                        if (exitCode == 0)
-                        {
-                            Trace.Info("Successfully returned to code page 65001 (UTF8)");
-                        }
-                        else
-                        {
-                            Trace.Warning($"'chcp 65001' failed with exit code {exitCode}");
-                        }
-                    }
-                }
-            }
-            catch (Exception ex)
-            {
-                Trace.Warning($"'chcp 65001' failed with exception {ex.Message}");
-            }
-#endif
+            await EncodingUtil.SetEncoding(HostContext, Trace, step.ExecutionContext.CancellationToken);
 
             try
             {
@@ -369,117 +352,9 @@ namespace GitHub.Runner.Worker
             step.ExecutionContext.Debug($"Finishing: {step.DisplayName}");
         }
 
-        private bool InitializeScope(IStep step, Dictionary<string, PipelineContextData> scopeInputs)
+        private void CompleteStep(IStep step, TaskResult? result = null, string resultCode = null)
         {
             var executionContext = step.ExecutionContext;
-            var stepsContext = executionContext.StepsContext;
-            if (!string.IsNullOrEmpty(executionContext.ScopeName))
-            {
-                // Gather uninitialized current and ancestor scopes
-                var scope = executionContext.Scopes[executionContext.ScopeName];
-                var scopesToInitialize = default(Stack<ContextScope>);
-                while (scope != null && !scopeInputs.ContainsKey(scope.Name))
-                {
-                    if (scopesToInitialize == null)
-                    {
-                        scopesToInitialize = new Stack<ContextScope>();
-                    }
-                    scopesToInitialize.Push(scope);
-                    scope = string.IsNullOrEmpty(scope.ParentName) ? null : executionContext.Scopes[scope.ParentName];
-                }
-
-                // Initialize current and ancestor scopes
-                while (scopesToInitialize?.Count > 0)
-                {
-                    scope = scopesToInitialize.Pop();
-                    executionContext.Debug($"Initializing scope '{scope.Name}'");
-                    executionContext.ExpressionValues["steps"] = stepsContext.GetScope(scope.ParentName);
-                    executionContext.ExpressionValues["inputs"] = !String.IsNullOrEmpty(scope.ParentName) ? scopeInputs[scope.ParentName] : null;
-                    var templateEvaluator = executionContext.ToPipelineTemplateEvaluator();
-                    var inputs = default(DictionaryContextData);
-                    try
-                    {
-                        inputs = templateEvaluator.EvaluateStepScopeInputs(scope.Inputs, executionContext.ExpressionValues, executionContext.ExpressionFunctions);
-                    }
-                    catch (Exception ex)
-                    {
-                        Trace.Info($"Caught exception from initialize scope '{scope.Name}'");
-                        Trace.Error(ex);
-                        executionContext.Error(ex);
-                        executionContext.Complete(TaskResult.Failed);
-                        return false;
-                    }
-
-                    scopeInputs[scope.Name] = inputs;
-                }
-            }
-
-            // Setup expression values
-            var scopeName = executionContext.ScopeName;
-            executionContext.ExpressionValues["steps"] = stepsContext.GetScope(scopeName);
-            executionContext.ExpressionValues["inputs"] = string.IsNullOrEmpty(scopeName) ? null : scopeInputs[scopeName];
-
-            return true;
-        }
-
-        private void CompleteStep(IStep step, IStep nextStep, TaskResult? result = null, string resultCode = null)
-        {
-            var executionContext = step.ExecutionContext;
-            if (!string.IsNullOrEmpty(executionContext.ScopeName))
-            {
-                // Gather current and ancestor scopes to finalize
-                var scope = executionContext.Scopes[executionContext.ScopeName];
-                var scopesToFinalize = default(Queue<ContextScope>);
-                var nextStepScopeName = nextStep?.ExecutionContext.ScopeName;
-                while (scope != null &&
-                    !string.Equals(nextStepScopeName, scope.Name, StringComparison.OrdinalIgnoreCase) &&
-                    !(nextStepScopeName ?? string.Empty).StartsWith($"{scope.Name}.", StringComparison.OrdinalIgnoreCase))
-                {
-                    if (scopesToFinalize == null)
-                    {
-                        scopesToFinalize = new Queue<ContextScope>();
-                    }
-                    scopesToFinalize.Enqueue(scope);
-                    scope = string.IsNullOrEmpty(scope.ParentName) ? null : executionContext.Scopes[scope.ParentName];
-                }
-
-                // Finalize current and ancestor scopes
-                var stepsContext = step.ExecutionContext.StepsContext;
-                while (scopesToFinalize?.Count > 0)
-                {
-                    scope = scopesToFinalize.Dequeue();
-                    executionContext.Debug($"Finalizing scope '{scope.Name}'");
-                    executionContext.ExpressionValues["steps"] = stepsContext.GetScope(scope.Name);
-                    executionContext.ExpressionValues["inputs"] = null;
-                    var templateEvaluator = executionContext.ToPipelineTemplateEvaluator();
-                    var outputs = default(DictionaryContextData);
-                    try
-                    {
-                        outputs = templateEvaluator.EvaluateStepScopeOutputs(scope.Outputs, executionContext.ExpressionValues, executionContext.ExpressionFunctions);
-                    }
-                    catch (Exception ex)
-                    {
-                        Trace.Info($"Caught exception from finalize scope '{scope.Name}'");
-                        Trace.Error(ex);
-                        executionContext.Error(ex);
-                        executionContext.Complete(TaskResult.Failed);
-                        return;
-                    }
-
-                    if (outputs?.Count > 0)
-                    {
-                        var parentScopeName = scope.ParentName;
-                        var contextName = scope.ContextName;
-                        foreach (var pair in outputs)
-                        {
-                            var outputName = pair.Key;
-                            var outputValue = pair.Value.ToString();
-                            stepsContext.SetOutput(parentScopeName, contextName, outputName, outputValue, out var reference);
-                            executionContext.Debug($"{reference}='{outputValue}'");
-                        }
-                    }
-                }
-            }
 
             executionContext.Complete(result, resultCode: resultCode);
         }

src/Runner.Worker/action_yaml.json

@@ -7,7 +7,8 @@
                     "name": "string",
                     "description": "string",
                     "inputs": "inputs",
-                    "runs": "runs"
+                    "runs": "runs",
+                    "outputs": "outputs"
                 },
                 "loose-key-type": "non-empty-string",
                 "loose-value-type": "any"
@@ -28,11 +29,26 @@
                 "loose-value-type": "any"
             }
         },
+        "outputs": {
+            "mapping": {
+                "loose-key-type": "non-empty-string",
+                "loose-value-type": "outputs-attributes"
+            }
+        },
+        "outputs-attributes": {
+            "mapping": {
+                "properties": {
+                    "description": "string",
+                    "value": "output-value"
+                }
+            }
+        },
         "runs": {
             "one-of": [
                 "container-runs",
                 "node12-runs",
-                "plugin-runs"
+                "plugin-runs",
+                "composite-runs"
             ]
         },
         "container-runs": {
@@ -83,12 +99,56 @@
                 }
             }
         },
+        "composite-runs": {
+            "mapping": {
+                "properties": {
+                    "using": "non-empty-string",
+                    "steps": "composite-steps"
+                }
+            }
+        },
+        "composite-steps": {
+            "sequence": {
+                "item-type": "composite-step"
+            }
+        },
+        "composite-step": {
+            "mapping": {
+                "properties": {
+                    "name": "string-steps-context",
+                    "id": "non-empty-string",
+                    "run": {
+                        "type": "string-steps-context",
+                        "required": true
+                    },
+                    "env": "step-env",
+                    "working-directory": "string-steps-context",
+                    "shell": {
+                        "type": "non-empty-string",
+                        "required": true
+                    }
+                }
+            }
+        },
         "container-runs-context": {
             "context": [
                 "inputs"
             ],
             "string": {}
         },
+        "output-value": {
+            "context": [
+                "github",
+                "strategy",
+                "matrix",
+                "steps",
+                "inputs",
+                "job",
+                "runner",
+                "env"
+            ],
+            "string": {}
+        },
         "input-default-context": {
             "context": [
                 "github",
@@ -104,6 +164,37 @@
             "string": {
                 "require-non-empty": true
             }
+        },
+        "string-steps-context": {
+            "context": [
+                "github",
+                "inputs",
+                "strategy",
+                "matrix",
+                "steps",
+                "job",
+                "runner",
+                "env",
+                "hashFiles(1,255)"
+            ],
+            "string": {}
+        },
+        "step-env": {
+            "context": [
+                "github",
+                "inputs",
+                "strategy",
+                "matrix",
+                "steps",
+                "job",
+                "runner",
+                "env",
+                "hashFiles(1,255)"
+            ],
+            "mapping": {
+                "loose-key-type": "non-empty-string",
+                "loose-value-type": "string"
+            }
         }
     }
 }

src/Sdk/DTGenerated/Generated/TaskHttpClientBase.cs

@@ -317,5 +317,37 @@ namespace GitHub.DistributedTask.WebApi
                 userState: userState,
                 cancellationToken: cancellationToken);
         }
+
+        /// <summary>
+        /// [Preview API] Resolves information required to download actions (URL, token) defined in an orchestration.
+        /// </summary>
+        /// <param name="scopeIdentifier">The project GUID to scope the request</param>
+        /// <param name="hubName">The name of the server hub: "build" for the Build server or "rm" for the Release Management server</param>
+        /// <param name="planId"></param>
+        /// <param name="actionReferenceList"></param>
+        /// <param name="userState"></param>
+        /// <param name="cancellationToken">The cancellation token to cancel operation.</param>
+        public virtual Task<ActionDownloadInfoCollection> ResolveActionDownloadInfoAsync(
+            Guid scopeIdentifier,
+            string hubName,
+            Guid planId,
+            ActionReferenceList actionReferenceList,
+            object userState = null,
+            CancellationToken cancellationToken = default)
+        {
+            HttpMethod httpMethod = new HttpMethod("POST");
+            Guid locationId = new Guid("27d7f831-88c1-4719-8ca1-6a061dad90eb");
+            object routeValues = new { scopeIdentifier = scopeIdentifier, hubName = hubName, planId = planId };
+            HttpContent content = new ObjectContent<ActionReferenceList>(actionReferenceList, new VssJsonMediaTypeFormatter(true));
+
+            return SendAsync<ActionDownloadInfoCollection>(
+                httpMethod,
+                locationId,
+                routeValues: routeValues,
+                version: new ApiResourceVersion(6.0, 1),
+                userState: userState,
+                cancellationToken: cancellationToken,
+                content: content);
+        }
     }
 }

src/Sdk/DTLogging/Logging/ValueEncoders.cs

@@ -60,6 +60,20 @@ namespace GitHub.DistributedTask.Logging
             return SecurityElement.Escape(value);
         }
 
+        public static String TrimDoubleQuotes(String value)
+        {
+            var trimmed = string.Empty;
+            if (!string.IsNullOrEmpty(value) &&
+                value.Length > 8 &&
+                value.StartsWith('"') &&
+                value.EndsWith('"'))
+            {
+                trimmed = value.Substring(1, value.Length - 2);
+            }
+
+            return trimmed;
+        }
+
         private static string Base64StringEscapeShift(String value, int shift)
         {
             var bytes = Encoding.UTF8.GetBytes(value);

src/Sdk/DTObjectTemplating/ObjectTemplating/TemplateConstants.cs

@@ -52,6 +52,7 @@ namespace GitHub.DistributedTask.ObjectTemplating
         internal const String String = "string";
         internal const String StringDefinition = "string-definition";
         internal const String StringDefinitionProperties = "string-definition-properties";
+        internal const String StringRunnerContextNoSecrets = "string-runner-context-no-secrets";
         internal const String Structure = "structure";
         internal const String TemplateSchema = "template-schema";
         internal const String True = "true";

src/Sdk/DTPipelines/Pipelines/ActionStep.cs

@@ -24,7 +24,6 @@ namespace GitHub.DistributedTask.Pipelines
             Environment = actionToClone.Environment?.Clone();
             Inputs = actionToClone.Inputs?.Clone();
             ContextName = actionToClone?.ContextName;
-            ScopeName = actionToClone?.ScopeName;
             DisplayNameToken = actionToClone.DisplayNameToken?.Clone();
         }
 
@@ -41,9 +40,6 @@ namespace GitHub.DistributedTask.Pipelines
         [DataMember(EmitDefaultValue = false)]
         public TemplateToken DisplayNameToken { get; set; }
 
-        [DataMember(EmitDefaultValue = false)]
-        public String ScopeName { get; set; }
-
         [DataMember(EmitDefaultValue = false)]
         public String ContextName { get; set; }
 

src/Sdk/DTPipelines/Pipelines/AgentJobRequestMessage.cs

@@ -39,10 +39,10 @@ namespace GitHub.DistributedTask.Pipelines
             DictionaryContextData contextData,
             WorkspaceOptions workspaceOptions,
             IEnumerable<JobStep> steps,
-            IEnumerable<ContextScope> scopes,
             IList<String> fileTable,
             TemplateToken jobOutputs,
-            IList<TemplateToken> defaults)
+            IList<TemplateToken> defaults,
+            ActionsEnvironmentReference actionsEnvironment)
         {
             this.MessageType = JobRequestMessageTypes.PipelineAgentJobRequest;
             this.Plan = plan;
@@ -55,16 +55,11 @@ namespace GitHub.DistributedTask.Pipelines
             this.Resources = jobResources;
             this.Workspace = workspaceOptions;
             this.JobOutputs = jobOutputs;
-
+            this.ActionsEnvironment = actionsEnvironment;
             m_variables = new Dictionary<String, VariableValue>(variables, StringComparer.OrdinalIgnoreCase);
             m_maskHints = new List<MaskHint>(maskHints);
             m_steps = new List<JobStep>(steps);
 
-            if (scopes != null)
-            {
-                m_scopes = new List<ContextScope>(scopes);
-            }
-
             if (environmentVariables?.Count > 0)
             {
                 m_environmentVariables = new List<TemplateToken>(environmentVariables);
@@ -234,6 +229,13 @@ namespace GitHub.DistributedTask.Pipelines
             }
         }
 
+        [DataMember(EmitDefaultValue = false)]
+        public ActionsEnvironmentReference ActionsEnvironment
+        {
+            get;
+            set;
+        }
+
         /// <summary>
         /// Gets the collection of variables associated with the current context.
         /// </summary>
@@ -261,18 +263,6 @@ namespace GitHub.DistributedTask.Pipelines
             }
         }
 
-        public IList<ContextScope> Scopes
-        {
-            get
-            {
-                if (m_scopes == null)
-                {
-                    m_scopes = new List<ContextScope>();
-                }
-                return m_scopes;
-            }
-        }
-
         /// <summary>
         /// Gets the table of files used when parsing the pipeline (e.g. yaml files)
         /// </summary>
@@ -415,11 +405,6 @@ namespace GitHub.DistributedTask.Pipelines
                 m_maskHints = new List<MaskHint>(this.m_maskHints.Distinct());
             }
 
-            if (m_scopes?.Count == 0)
-            {
-                m_scopes = null;
-            }
-
             if (m_variables?.Count == 0)
             {
                 m_variables = null;
@@ -447,9 +432,6 @@ namespace GitHub.DistributedTask.Pipelines
         [DataMember(Name = "Steps", EmitDefaultValue = false)]
         private List<JobStep> m_steps;
 
-        [DataMember(Name = "Scopes", EmitDefaultValue = false)]
-        private List<ContextScope> m_scopes;
-
         [DataMember(Name = "Variables", EmitDefaultValue = false)]
         private IDictionary<String, VariableValue> m_variables;
 

src/Sdk/DTPipelines/Pipelines/ContextData/NumberContextData.cs

@@ -42,7 +42,12 @@ namespace GitHub.DistributedTask.Pipelines.ContextData
             var floored = Math.Floor(m_value);
             if (m_value == floored && m_value <= (Double)Int32.MaxValue && m_value >= (Double)Int32.MinValue)
             {
-                Int32 flooredInt = (Int32)floored;
+                var flooredInt = (Int32)floored;
+                return (JToken)flooredInt;
+            }
+            else if (m_value == floored && m_value <= (Double)Int64.MaxValue && m_value >= (Double)Int64.MinValue)
+            {
+                var flooredInt = (Int64)floored;
                 return (JToken)flooredInt;
             }
             else

src/Sdk/DTPipelines/Pipelines/ContextScope.cs

@@ -1,53 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.ComponentModel;
-using System.Runtime.Serialization;
-using GitHub.DistributedTask.ObjectTemplating.Tokens;
-using Newtonsoft.Json;
-
-namespace GitHub.DistributedTask.Pipelines
-{
-    [DataContract]
-    [EditorBrowsable(EditorBrowsableState.Never)]
-    public sealed class ContextScope
-    {
-        [DataMember(EmitDefaultValue = false)]
-        public String Name { get; set; }
-
-        [IgnoreDataMember]
-        public String ContextName
-        {
-            get
-            {
-                var index = Name.LastIndexOf('.');
-                if (index >= 0)
-                {
-                    return Name.Substring(index + 1);
-                }
-
-                return Name;
-            }
-        }
-
-        [IgnoreDataMember]
-        public String ParentName
-        {
-            get
-            {
-                var index = Name.LastIndexOf('.');
-                if (index >= 0)
-                {
-                    return Name.Substring(0, index);
-                }
-
-                return String.Empty;
-            }
-        }
-
-        [DataMember(EmitDefaultValue = false)]
-        public TemplateToken Inputs { get; set; }
-
-        [DataMember(EmitDefaultValue = false)]
-        public TemplateToken Outputs { get; set; }
-    }
-}

src/Sdk/DTPipelines/Pipelines/JobContainer.cs

@@ -56,5 +56,36 @@ namespace GitHub.DistributedTask.Pipelines
             get;
             set;
         }
+
+        /// <summary>
+        /// Gets or sets the credentials used for pulling the container iamge.
+        /// </summary>
+        public ContainerRegistryCredentials Credentials
+        {
+            get;
+            set;
+        }
+    }
+
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    public sealed class ContainerRegistryCredentials
+    {
+        /// <summary>
+        /// Gets or sets the user to authenticate to a registry with
+        /// </summary>
+        public String Username
+        {
+            get;
+            set;
+        }
+
+        /// <summary>
+        /// Gets or sets the password to authenticate to a registry with
+        /// </summary>
+        public String Password
+        {
+            get;
+            set;
+        }
     }
 }

src/Sdk/DTPipelines/Pipelines/ObjectTemplating/PipelineTemplateConstants.cs

@@ -11,19 +11,19 @@ namespace GitHub.DistributedTask.Pipelines.ObjectTemplating
         public const String BooleanStrategyContext = "boolean-strategy-context";
         public const String CancelTimeoutMinutes = "cancel-timeout-minutes";
         public const String Cancelled = "cancelled";
-        public const String Checkout = "checkout";
         public const String Clean= "clean";
         public const String Container = "container";
         public const String ContinueOnError = "continue-on-error";
+        public const String Credentials = "credentials";
         public const String Defaults = "defaults";
         public const String Env = "env";
+        public const String Environment = "environment";
         public const String Event = "event";
         public const String EventPattern = "github.event";
         public const String Exclude = "exclude";
         public const String FailFast = "fail-fast";
         public const String Failure = "failure";
         public const String FetchDepth = "fetch-depth";
-        public const String GeneratedId = "generated-id";
         public const String GitHub = "github";
         public const String HashFiles = "hashFiles";
         public const String Id = "id";
@@ -36,7 +36,6 @@ namespace GitHub.DistributedTask.Pipelines.ObjectTemplating
         public const String JobIfResult = "job-if-result";
         public const String JobOutputs = "job-outputs";
         public const String Jobs = "jobs";
-        public const String Labels = "labels";
         public const String Lfs = "lfs";
         public const String Matrix = "matrix";
         public const String MaxParallel = "max-parallel";
@@ -48,27 +47,23 @@ namespace GitHub.DistributedTask.Pipelines.ObjectTemplating
         public const String Options = "options";
         public const String Outputs = "outputs";
         public const String OutputsPattern = "needs.*.outputs";
+        public const String Password = "password";
         public const String Path = "path";
         public const String Pool = "pool";
         public const String Ports = "ports";
         public const String Result = "result";
-        public const String RunDisplayPrefix = "Run ";
         public const String Run = "run";
+        public const String RunDisplayPrefix = "Run ";
         public const String Runner = "runner";
         public const String RunsOn = "runs-on";
-        public const String Scope = "scope";
-        public const String Scopes = "scopes";
         public const String Secrets = "secrets";
         public const String Services = "services";
         public const String Shell = "shell";
         public const String Skipped = "skipped";
         public const String StepEnv = "step-env";
         public const String StepIfResult = "step-if-result";
-        public const String Steps = "steps";
-        public const String StepsScopeInputs = "steps-scope-inputs";
-        public const String StepsScopeOutputs = "steps-scope-outputs";
-        public const String StepsTemplateRoot = "steps-template-root";
         public const String StepWith = "step-with";
+        public const String Steps = "steps";
         public const String Strategy = "strategy";
         public const String StringStepsContext = "string-steps-context";
         public const String StringStrategyContext = "string-strategy-context";
@@ -76,7 +71,7 @@ namespace GitHub.DistributedTask.Pipelines.ObjectTemplating
         public const String Success = "success";
         public const String Template = "template";
         public const String TimeoutMinutes = "timeout-minutes";
-        public const String Token = "token";
+        public const String Username = "username";
         public const String Uses = "uses";
         public const String VmImage = "vmImage";
         public const String Volumes = "volumes";

src/Sdk/DTPipelines/Pipelines/ObjectTemplating/PipelineTemplateConverter.cs

@@ -1,6 +1,6 @@
 using System;
 using System.Collections.Generic;
-using System.Globalization;
+using System.ComponentModel;
 using System.Linq;
 using GitHub.DistributedTask.Expressions2;
 using GitHub.DistributedTask.Expressions2.Sdk;
@@ -14,8 +14,62 @@ using Newtonsoft.Json.Linq;
 
 namespace GitHub.DistributedTask.Pipelines.ObjectTemplating
 {
-    internal static class PipelineTemplateConverter
+    [EditorBrowsable(EditorBrowsableState.Never)]
+    public static class PipelineTemplateConverter
     {
+        public static List<Step> ConvertToSteps(
+            TemplateContext context,
+            TemplateToken steps)
+        {
+            var stepsSequence = steps.AssertSequence($"job {PipelineTemplateConstants.Steps}");
+
+            var result = new List<Step>();
+            var nameBuilder = new ReferenceNameBuilder();
+            foreach (var stepsItem in stepsSequence)
+            {
+                var step = ConvertToStep(context, stepsItem, nameBuilder);
+                if (step != null) // step = null means we are hitting error during step conversion, there should be an error in context.errors
+                {
+                    if (step.Enabled)
+                    {
+                        result.Add(step);
+                    }
+                }
+            }
+
+            // Generate context name if empty
+            foreach (ActionStep step in result)
+            {
+                if (!String.IsNullOrEmpty(step.ContextName))
+                {
+                    continue;
+                }
+
+                var name = default(string);
+                switch (step.Reference.Type)
+                {
+                    case ActionSourceType.ContainerRegistry:
+                        var containerReference = step.Reference as ContainerRegistryReference;
+                        name = containerReference.Image;
+                        break;
+                    case ActionSourceType.Repository:
+                        var repositoryReference = step.Reference as RepositoryPathReference;
+                        name = !String.IsNullOrEmpty(repositoryReference.Name) ? repositoryReference.Name : PipelineConstants.SelfAlias;
+                        break;
+                }
+
+                if (String.IsNullOrEmpty(name))
+                {
+                    name = "run";
+                }
+
+                nameBuilder.AppendSegment($"__{name}");
+                step.ContextName = nameBuilder.Build();
+            }
+
+            return result;
+        }
+
         internal static Boolean ConvertToIfResult(
             TemplateContext context,
             TemplateToken ifResult)
@@ -155,6 +209,30 @@ namespace GitHub.DistributedTask.Pipelines.ObjectTemplating
             return (Int32)numberToken.Value;
         }
 
+        internal static ContainerRegistryCredentials ConvertToContainerCredentials(TemplateToken token)
+        {
+            var credentials = token.AssertMapping(PipelineTemplateConstants.Credentials);
+            var result = new ContainerRegistryCredentials();
+            foreach (var credentialProperty in credentials)
+            {
+                var propertyName = credentialProperty.Key.AssertString($"{PipelineTemplateConstants.Credentials} key");
+                switch (propertyName.Value)
+                {
+                    case PipelineTemplateConstants.Username:
+                        result.Username = credentialProperty.Value.AssertString(PipelineTemplateConstants.Username).Value;
+                        break;
+                    case PipelineTemplateConstants.Password:
+                        result.Password = credentialProperty.Value.AssertString(PipelineTemplateConstants.Password).Value;
+                        break;
+                    default:
+                        propertyName.AssertUnexpectedValue($"{PipelineTemplateConstants.Credentials} key {propertyName}");
+                        break;
+                }
+            }
+
+            return result;
+        }
+
         internal static JobContainer ConvertToJobContainer(
             TemplateContext context,
             TemplateToken value,
@@ -221,6 +299,9 @@ namespace GitHub.DistributedTask.Pipelines.ObjectTemplating
                             }
                             result.Volumes = volumeList;
                             break;
+                        case PipelineTemplateConstants.Credentials:
+                            result.Credentials = ConvertToContainerCredentials(containerPropertyPair.Value);
+                            break;
                         default:
                             propertyName.AssertUnexpectedValue($"{PipelineTemplateConstants.Container} key");
                             break;
@@ -264,5 +345,311 @@ namespace GitHub.DistributedTask.Pipelines.ObjectTemplating
 
             return result;
         }
+
+        private static ActionStep ConvertToStep(
+            TemplateContext context,
+            TemplateToken stepsItem,
+            ReferenceNameBuilder nameBuilder)
+        {
+            var step = stepsItem.AssertMapping($"{PipelineTemplateConstants.Steps} item");
+            var continueOnError = default(ScalarToken);
+            var env = default(TemplateToken);
+            var id = default(StringToken);
+            var ifCondition = default(String);
+            var ifToken = default(ScalarToken);
+            var name = default(ScalarToken);
+            var run = default(ScalarToken);
+            var timeoutMinutes = default(ScalarToken);
+            var uses = default(StringToken);
+            var with = default(TemplateToken);
+            var workingDir = default(ScalarToken);
+            var path = default(ScalarToken);
+            var clean = default(ScalarToken);
+            var fetchDepth = default(ScalarToken);
+            var lfs = default(ScalarToken);
+            var submodules = default(ScalarToken);
+            var shell = default(ScalarToken);
+
+            foreach (var stepProperty in step)
+            {
+                var propertyName = stepProperty.Key.AssertString($"{PipelineTemplateConstants.Steps} item key");
+
+                switch (propertyName.Value)
+                {
+                    case PipelineTemplateConstants.Clean:
+                        clean = stepProperty.Value.AssertScalar($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.Clean}");
+                        break;
+
+                    case PipelineTemplateConstants.ContinueOnError:
+                        ConvertToStepContinueOnError(context, stepProperty.Value, allowExpressions: true); // Validate early if possible
+                        continueOnError = stepProperty.Value.AssertScalar($"{PipelineTemplateConstants.Steps} {PipelineTemplateConstants.ContinueOnError}");
+                        break;
+
+                    case PipelineTemplateConstants.Env:
+                        ConvertToStepEnvironment(context, stepProperty.Value, StringComparer.Ordinal, allowExpressions: true); // Validate early if possible
+                        env = stepProperty.Value;
+                        break;
+
+                    case PipelineTemplateConstants.FetchDepth:
+                        fetchDepth = stepProperty.Value.AssertScalar($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.FetchDepth}");
+                        break;
+
+                    case PipelineTemplateConstants.Id:
+                        id = stepProperty.Value.AssertString($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.Id}");
+                        if (!String.IsNullOrEmpty(id.Value))
+                        {
+                            if (!nameBuilder.TryAddKnownName(id.Value, out var error))
+                            {
+                                context.Error(id, error);
+                            }
+                        }
+                        break;
+
+                    case PipelineTemplateConstants.If:
+                        ifToken = stepProperty.Value.AssertScalar($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.If}");
+                        break;
+
+                    case PipelineTemplateConstants.Lfs:
+                        lfs = stepProperty.Value.AssertScalar($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.Lfs}");
+                        break;
+
+                    case PipelineTemplateConstants.Name:
+                        name = stepProperty.Value.AssertScalar($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.Name}");
+                        break;
+
+                    case PipelineTemplateConstants.Path:
+                        path = stepProperty.Value.AssertScalar($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.Path}");
+                        break;
+
+                    case PipelineTemplateConstants.Run:
+                        run = stepProperty.Value.AssertScalar($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.Run}");
+                        break;
+
+                    case PipelineTemplateConstants.Shell:
+                        shell = stepProperty.Value.AssertScalar($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.Shell}");
+                        break;
+
+                    case PipelineTemplateConstants.Submodules:
+                        submodules = stepProperty.Value.AssertScalar($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.Submodules}");
+                        break;
+
+                    case PipelineTemplateConstants.TimeoutMinutes:
+                        ConvertToStepTimeout(context, stepProperty.Value, allowExpressions: true); // Validate early if possible
+                        timeoutMinutes = stepProperty.Value.AssertScalar($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.TimeoutMinutes}");
+                        break;
+
+                    case PipelineTemplateConstants.Uses:
+                        uses = stepProperty.Value.AssertString($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.Uses}");
+                        break;
+
+                    case PipelineTemplateConstants.With:
+                        ConvertToStepInputs(context, stepProperty.Value, allowExpressions: true); // Validate early if possible
+                        with = stepProperty.Value;
+                        break;
+
+                    case PipelineTemplateConstants.WorkingDirectory:
+                        workingDir = stepProperty.Value.AssertScalar($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.WorkingDirectory}");
+                        break;
+
+                    default:
+                        propertyName.AssertUnexpectedValue($"{PipelineTemplateConstants.Steps} item key"); // throws
+                        break;
+                }
+            }
+
+            // Fixup the if-condition
+            ifCondition = ConvertToIfCondition(context, ifToken, false);
+
+            if (run != null)
+            {
+                var result = new ActionStep
+                {
+                    ContextName = id?.Value,
+                    ContinueOnError = continueOnError,
+                    DisplayNameToken = name,
+                    Condition = ifCondition,
+                    TimeoutInMinutes = timeoutMinutes,
+                    Environment = env,
+                    Reference = new ScriptReference(),
+                };
+
+                var inputs = new MappingToken(null, null, null);
+                inputs.Add(new StringToken(null, null, null, PipelineConstants.ScriptStepInputs.Script), run);
+
+                if (workingDir != null)
+                {
+                    inputs.Add(new StringToken(null, null, null, PipelineConstants.ScriptStepInputs.WorkingDirectory), workingDir);
+                }
+
+                if (shell != null)
+                {
+                    inputs.Add(new StringToken(null, null, null, PipelineConstants.ScriptStepInputs.Shell), shell);
+                }
+
+                result.Inputs = inputs;
+
+                return result;
+            }
+            else
+            {
+                uses.AssertString($"{PipelineTemplateConstants.Steps} item {PipelineTemplateConstants.Uses}");
+                var result = new ActionStep
+                {
+                    ContextName = id?.Value,
+                    ContinueOnError = continueOnError,
+                    DisplayNameToken = name,
+                    Condition = ifCondition,
+                    TimeoutInMinutes = timeoutMinutes,
+                    Inputs = with,
+                    Environment = env,
+                };
+
+                if (uses.Value.StartsWith("docker://", StringComparison.Ordinal))
+                {
+                    var image = uses.Value.Substring("docker://".Length);
+                    result.Reference = new ContainerRegistryReference { Image = image };
+                }
+                else if (uses.Value.StartsWith("./") || uses.Value.StartsWith(".\\"))
+                {
+                    result.Reference = new RepositoryPathReference
+                    {
+                        RepositoryType = PipelineConstants.SelfAlias,
+                        Path = uses.Value
+                    };
+                }
+                else
+                {
+                    var usesSegments = uses.Value.Split('@');
+                    var pathSegments = usesSegments[0].Split(new[] { '/', '\\' }, StringSplitOptions.RemoveEmptyEntries);
+                    var gitRef = usesSegments.Length == 2 ? usesSegments[1] : String.Empty;
+
+                    if (usesSegments.Length != 2 ||
+                        pathSegments.Length < 2 ||
+                        String.IsNullOrEmpty(pathSegments[0]) ||
+                        String.IsNullOrEmpty(pathSegments[1]) ||
+                        String.IsNullOrEmpty(gitRef))
+                    {
+                        // todo: loc
+                        context.Error(uses, $"Expected format {{org}}/{{repo}}[/path]@ref. Actual '{uses.Value}'");
+                    }
+                    else
+                    {
+                        var repositoryName = $"{pathSegments[0]}/{pathSegments[1]}";
+                        var directoryPath = pathSegments.Length > 2 ? String.Join("/", pathSegments.Skip(2)) : String.Empty;
+
+                        result.Reference = new RepositoryPathReference
+                        {
+                            RepositoryType = RepositoryTypes.GitHub,
+                            Name = repositoryName,
+                            Ref = gitRef,
+                            Path = directoryPath,
+                        };
+                    }
+                }
+
+                return result;
+            }
+        }
+
+        /// <summary>
+        /// When empty, default to "success()".
+        /// When a status function is not referenced, format as "success() &amp;&amp; &lt;CONDITION&gt;".
+        /// </summary>
+        private static String ConvertToIfCondition(
+            TemplateContext context,
+            TemplateToken token,
+            Boolean isJob)
+        {
+            String condition;
+            if (token is null)
+            {
+                condition = null;
+            }
+            else if (token is BasicExpressionToken expressionToken)
+            {
+                condition = expressionToken.Expression;
+            }
+            else
+            {
+                var stringToken = token.AssertString($"{(isJob ? "job" : "step")} {PipelineTemplateConstants.If}");
+                condition = stringToken.Value;
+            }
+
+            if (String.IsNullOrWhiteSpace(condition))
+            {
+                return $"{PipelineTemplateConstants.Success}()";
+            }
+
+            var expressionParser = new ExpressionParser();
+            var functions = default(IFunctionInfo[]);
+            var namedValues = default(INamedValueInfo[]);
+            if (isJob)
+            {
+                namedValues = s_jobIfNamedValues;
+                // TODO: refactor into seperate functions
+                // functions = PhaseCondition.FunctionInfo;
+            }
+            else
+            {
+                namedValues = s_stepNamedValues;
+                functions = s_stepConditionFunctions;
+            }
+
+            var node = default(ExpressionNode);
+            try
+            {
+                node = expressionParser.CreateTree(condition, null, namedValues, functions) as ExpressionNode;
+            }
+            catch (Exception ex)
+            {
+                context.Error(token, ex);
+                return null;
+            }
+
+            if (node == null)
+            {
+                return $"{PipelineTemplateConstants.Success}()";
+            }
+
+            var hasStatusFunction = node.Traverse().Any(x =>
+            {
+                if (x is Function function)
+                {
+                    return String.Equals(function.Name, PipelineTemplateConstants.Always, StringComparison.OrdinalIgnoreCase) ||
+                        String.Equals(function.Name, PipelineTemplateConstants.Cancelled, StringComparison.OrdinalIgnoreCase) ||
+                        String.Equals(function.Name, PipelineTemplateConstants.Failure, StringComparison.OrdinalIgnoreCase) ||
+                        String.Equals(function.Name, PipelineTemplateConstants.Success, StringComparison.OrdinalIgnoreCase);
+                }
+
+                return false;
+            });
+
+            return hasStatusFunction ? condition : $"{PipelineTemplateConstants.Success}() && ({condition})";
+        }
+
+        private static readonly INamedValueInfo[] s_jobIfNamedValues = new INamedValueInfo[]
+        {
+            new NamedValueInfo<NoOperationNamedValue>(PipelineTemplateConstants.GitHub),
+            new NamedValueInfo<NoOperationNamedValue>(PipelineTemplateConstants.Needs),
+        };
+        private static readonly INamedValueInfo[] s_stepNamedValues = new INamedValueInfo[]
+        {
+            new NamedValueInfo<NoOperationNamedValue>(PipelineTemplateConstants.Strategy),
+            new NamedValueInfo<NoOperationNamedValue>(PipelineTemplateConstants.Matrix),
+            new NamedValueInfo<NoOperationNamedValue>(PipelineTemplateConstants.Steps),
+            new NamedValueInfo<NoOperationNamedValue>(PipelineTemplateConstants.GitHub),
+            new NamedValueInfo<NoOperationNamedValue>(PipelineTemplateConstants.Job),
+            new NamedValueInfo<NoOperationNamedValue>(PipelineTemplateConstants.Runner),
+            new NamedValueInfo<NoOperationNamedValue>(PipelineTemplateConstants.Env),
+            new NamedValueInfo<NoOperationNamedValue>(PipelineTemplateConstants.Needs),
+        };
+        private static readonly IFunctionInfo[] s_stepConditionFunctions = new IFunctionInfo[]
+        {
+            new FunctionInfo<NoOperation>(PipelineTemplateConstants.Always, 0, 0),
+            new FunctionInfo<NoOperation>(PipelineTemplateConstants.Cancelled, 0, 0),
+            new FunctionInfo<NoOperation>(PipelineTemplateConstants.Failure, 0, 0),
+            new FunctionInfo<NoOperation>(PipelineTemplateConstants.Success, 0, 0),
+            new FunctionInfo<NoOperation>(PipelineTemplateConstants.HashFiles, 1, Byte.MaxValue),
+        };
     }
 }

src/Sdk/DTPipelines/Pipelines/ObjectTemplating/PipelineTemplateEvaluator.cs

@@ -51,60 +51,6 @@ namespace GitHub.DistributedTask.Pipelines.ObjectTemplating
 
         public Int32 MaxResultSize { get; set; } = 10 * 1024 * 1024; // 10 mb
 
-        public DictionaryContextData EvaluateStepScopeInputs(
-            TemplateToken token,
-            DictionaryContextData contextData,
-            IList<IFunctionInfo> expressionFunctions)
-        {
-            var result = default(DictionaryContextData);
-
-            if (token != null && token.Type != TokenType.Null)
-            {
-                var context = CreateContext(contextData, expressionFunctions);
-                try
-                {
-                    token = TemplateEvaluator.Evaluate(context, PipelineTemplateConstants.StepsScopeInputs, token, 0, null, omitHeader: true);
-                    context.Errors.Check();
-                    result = token.ToContextData().AssertDictionary("steps scope inputs");
-                }
-                catch (Exception ex) when (!(ex is TemplateValidationException))
-                {
-                    context.Errors.Add(ex);
-                }
-
-                context.Errors.Check();
-            }
-
-            return result ?? new DictionaryContextData();
-        }
-
-        public DictionaryContextData EvaluateStepScopeOutputs(
-            TemplateToken token,
-            DictionaryContextData contextData,
-            IList<IFunctionInfo> expressionFunctions)
-        {
-            var result = default(DictionaryContextData);
-
-            if (token != null && token.Type != TokenType.Null)
-            {
-                var context = CreateContext(contextData, expressionFunctions);
-                try
-                {
-                    token = TemplateEvaluator.Evaluate(context, PipelineTemplateConstants.StepsScopeOutputs, token, 0, null, omitHeader: true);
-                    context.Errors.Check();
-                    result = token.ToContextData().AssertDictionary("steps scope outputs");
-                }
-                catch (Exception ex) when (!(ex is TemplateValidationException))
-                {
-                    context.Errors.Add(ex);
-                }
-
-                context.Errors.Check();
-            }
-
-            return result ?? new DictionaryContextData();
-        }
-
         public Boolean EvaluateStepContinueOnError(
             TemplateToken token,
             DictionaryContextData contextData,
@@ -333,6 +279,33 @@ namespace GitHub.DistributedTask.Pipelines.ObjectTemplating
             return result;
         }
 
+        public TemplateToken EvaluateEnvironmentUrl(
+            TemplateToken token,
+            DictionaryContextData contextData,
+            IList<IFunctionInfo> expressionFunctions)
+        {
+            var result = default(TemplateToken);
+            if (token != null && token.Type != TokenType.Null)
+            {
+                var context = CreateContext(contextData, expressionFunctions);
+                try
+                {
+                    token = TemplateEvaluator.Evaluate(context, TemplateConstants.StringRunnerContextNoSecrets, token, 0, null, omitHeader: true);
+                    context.Errors.Check();
+                    result = token.AssertString("environment.url");
+                }
+                catch (Exception ex) when (!(ex is TemplateValidationException))
+                {
+                    context.Errors.Add(ex);
+                }
+
+                context.Errors.Check();
+            }
+
+            return result;
+        }
+
+
         public Dictionary<String, String> EvaluateJobDefaultsRun(
             TemplateToken token,
             DictionaryContextData contextData,

src/Sdk/DTPipelines/Pipelines/ObjectTemplating/ReferenceNameBuilder.cs

@@ -0,0 +1,121 @@
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Text;
+using GitHub.DistributedTask.Pipelines.Validation;
+
+namespace GitHub.DistributedTask.Pipelines.ObjectTemplating
+{
+    internal sealed class ReferenceNameBuilder
+    {
+        internal void AppendSegment(String value)
+        {
+            if (String.IsNullOrEmpty(value))
+            {
+                return;
+            }
+
+            if (m_name.Length == 0)
+            {
+                var first = value[0];
+                if ((first >= 'a' && first <= 'z') ||
+                    (first >= 'A' && first <= 'Z') ||
+                    first == '_')
+                {
+                    // Legal first char
+                }
+                else if ((first >= '0' && first <= '9') || first == '-')
+                {
+                    // Illegal first char, but legal char.
+                    // Prepend "_".
+                    m_name.Append("_");
+                }
+                else
+                {
+                    // Illegal char
+                }
+            }
+            else
+            {
+                // Separator
+                m_name.Append(c_separator);
+            }
+
+            foreach (var c in value)
+            {
+                if ((c >= 'a' && c <= 'z') ||
+                    (c >= 'A' && c <= 'Z') ||
+                    (c >= '0' && c <= '9') ||
+                    c == '_' ||
+                    c == '-')
+                {
+                    // Legal
+                    m_name.Append(c);
+                }
+                else
+                {
+                    // Illegal
+                    m_name.Append("_");
+                }
+            }
+        }
+
+        internal String Build()
+        {
+            var original = m_name.Length > 0 ? m_name.ToString() : "job";
+
+            var attempt = 1;
+            var suffix = default(String);
+            while (true)
+            {
+                if (attempt == 1)
+                {
+                    suffix = String.Empty;
+                }
+                else if (attempt < 1000)
+                {
+                    suffix = String.Format(CultureInfo.InvariantCulture, "_{0}", attempt);
+                }
+                else
+                {
+                    throw new InvalidOperationException("Unable to create a unique name");
+                }
+
+                var candidate = original.Substring(0, Math.Min(original.Length, PipelineConstants.MaxNodeNameLength - suffix.Length)) + suffix;
+
+                if (m_distinctNames.Add(candidate))
+                {
+                    m_name.Clear();
+                    return candidate;
+                }
+
+                attempt++;
+            }
+        }
+
+        internal Boolean TryAddKnownName(
+            String value,
+            out String error)
+        {
+            if (!NameValidation.IsValid(value, allowHyphens: true) && value.Length < PipelineConstants.MaxNodeNameLength)
+            {
+                error = $"The identifier '{value}' is invalid. IDs may only contain alphanumeric characters, '_', and '-'. IDs must start with a letter or '_' and and must be less than {PipelineConstants.MaxNodeNameLength} characters.";
+                return false;
+            }
+            else if (!m_distinctNames.Add(value))
+            {
+                error = $"The identifier '{value}' may not be used more than once within the same scope.";
+                return false;
+            }
+            else
+            {
+                error = null;
+                return true;
+            }
+        }
+
+        private const String c_separator = "_";
+        private readonly HashSet<String> m_distinctNames = new HashSet<String>(StringComparer.OrdinalIgnoreCase);
+        private readonly StringBuilder m_name = new StringBuilder();
+    }
+}

src/Sdk/DTPipelines/Pipelines/PipelineConstants.cs

@@ -94,5 +94,12 @@ namespace GitHub.DistributedTask.Pipelines
             public static readonly String Resources = "resources";
             public static readonly String All = "all";
         }
+
+        public static class ScriptStepInputs
+        {
+            public static readonly String Script = "script";
+            public static readonly String WorkingDirectory = "workingDirectory";
+            public static readonly String Shell = "shell";
+        }
     }
 }

src/Sdk/DTPipelines/workflow-v1.0.json

@@ -16,116 +16,6 @@
       }
     },
 
-    "steps-template-root": {
-      "description": "Steps template file",
-      "mapping": {
-        "properties": {
-          "inputs": "steps-template-inputs",
-          "outputs": "steps-template-outputs",
-          "steps": "steps-in-template"
-        }
-      }
-    },
-
-    "steps-scope-inputs": {
-      "description": "Used when evaluating steps scope inputs",
-      "mapping": {
-        "loose-key-type": "non-empty-string",
-        "loose-value-type": "steps-scope-input-value"
-      }
-    },
-
-    "steps-scope-input-value": {
-      "context": [
-        "github",
-        "needs",
-        "strategy",
-        "matrix",
-        "secrets",
-        "steps",
-        "inputs",
-        "job",
-        "runner",
-        "env"
-      ],
-      "one-of": [
-        "string",
-        "sequence",
-        "mapping"
-      ]
-    },
-
-    "steps-scope-outputs": {
-      "description": "Used when evaluating steps scope outputs",
-      "mapping": {
-        "loose-key-type": "non-empty-string",
-        "loose-value-type": "steps-scope-output-value"
-      }
-    },
-
-    "steps-scope-output-value": {
-      "context": [
-        "github",
-        "needs",
-        "strategy",
-        "matrix",
-        "secrets",
-        "steps",
-        "inputs",
-        "job",
-        "runner",
-        "env"
-      ],
-      "string": {}
-    },
-
-    "steps-template-inputs": {
-      "description": "Allowed inputs in a steps template",
-      "mapping": {
-        "loose-key-type": "non-empty-string",
-        "loose-value-type": "steps-template-input-value"
-      }
-    },
-
-    "steps-template-input-value": {
-      "description": "Default input values for a steps template",
-      "context": [
-        "github",
-        "needs",
-        "strategy",
-        "matrix"
-      ],
-      "one-of": [
-        "string",
-        "sequence",
-        "mapping"
-      ]
-    },
-
-    "steps-template-outputs": {
-      "description": "Output mapping for a steps template",
-      "mapping": {
-        "loose-key-type": "non-empty-string",
-        "loose-value-type": "steps-template-output-value"
-      }
-    },
-
-    "steps-template-output-value": {
-      "description": "Output values for a steps template",
-      "context": [
-        "github",
-        "needs",
-        "strategy",
-        "matrix",
-        "secrets",
-        "steps",
-        "job",
-        "runner",
-        "env"
-      ],
-      "string": {}
-    },
-
     "workflow-defaults": {
       "mapping": {
         "properties": {
@@ -240,54 +130,27 @@
     "matrix": {
       "mapping": {
         "properties": {
-          "include": "matrix-include",
-          "exclude": "matrix-exclude"
+          "include": "matrix-filter",
+          "exclude": "matrix-filter"
         },
         "loose-key-type": "non-empty-string",
         "loose-value-type": "sequence"
       }
     },
 
-    "matrix-include": {
+    "matrix-filter": {
       "sequence": {
-        "item-type": "matrix-include-item"
+        "item-type": "matrix-filter-item"
       }
     },
 
-    "matrix-include-item": {
+    "matrix-filter-item": {
       "mapping": {
         "loose-key-type": "non-empty-string",
         "loose-value-type": "any"
       }
     },
 
-    "matrix-exclude": {
-      "sequence": {
-        "item-type": "matrix-exclude-item"
-      }
-    },
-
-    "matrix-exclude-item": {
-      "mapping": {
-        "loose-key-type": "non-empty-string",
-        "loose-value-type": "matrix-exclude-filter-item"
-      }
-    },
-
-    "matrix-exclude-filter-item": {
-      "one-of": [
-        "string",
-        "matrix-exclude-mapping-filter"
-      ]
-    },
-
-    "matrix-exclude-mapping-filter": {
-      "mapping": {
-        "loose-key-type": "non-empty-string",
-        "loose-value-type": "matrix-exclude-filter-item"
-      }
-    },
-
     "runs-on": {
       "context": [
         "github",
@@ -364,25 +227,10 @@
       }
     },
 
-    "steps-in-template": {
-      "sequence": {
-        "item-type": "steps-item-in-template"
-      }
-    },
-
     "steps-item": {
       "one-of": [
         "run-step",
-        "regular-step",
-        "steps-template-reference"
-      ]
-    },
-
-    "steps-item-in-template": {
-      "one-of": [
-        "run-step-in-template",
-        "regular-step-in-template",
-        "steps-template-reference-in-template"
+        "regular-step"
       ]
     },
 
@@ -405,25 +253,6 @@
       }
     },
 
-    "run-step-in-template": {
-      "mapping": {
-        "properties": {
-          "name": "string-steps-context-in-template",
-          "id": "non-empty-string",
-          "if": "step-if-in-template",
-          "timeout-minutes": "number-steps-context-in-template",
-          "run": {
-            "type": "string-steps-context-in-template",
-            "required": true
-          },
-          "continue-on-error": "boolean-steps-context-in-template",
-          "env": "step-env-in-template",
-          "working-directory": "string-steps-context-in-template",
-          "shell": "non-empty-string"
-        }
-      }
-    },
-
     "regular-step": {
       "mapping": {
         "properties": {
@@ -442,24 +271,6 @@
       }
     },
 
-    "regular-step-in-template": {
-      "mapping": {
-        "properties": {
-          "name": "string-steps-context-in-template",
-          "id": "non-empty-string",
-          "if": "step-if-in-template",
-          "continue-on-error": "boolean-steps-context-in-template",
-          "timeout-minutes": "number-steps-context-in-template",
-          "uses": {
-            "type": "non-empty-string",
-            "required": true
-          },
-          "with": "step-with-in-template",
-          "env": "step-env-in-template"
-        }
-      }
-    },
-
     "step-if": {
       "context": [
         "github",
@@ -479,26 +290,6 @@
       "string": {}
     },
 
-    "step-if-in-template": {
-      "context": [
-        "github",
-        "needs",
-        "strategy",
-        "matrix",
-        "steps",
-        "inputs",
-        "job",
-        "runner",
-        "env",
-        "always(0,0)",
-        "failure(0,0)",
-        "cancelled(0,0)",
-        "success(0,0)",
-        "hashFiles(1,255)"
-      ],
-      "string": {}
-    },
-
     "step-if-result": {
       "context": [
         "github",
@@ -524,89 +315,6 @@
       ]
     },
 
-    "step-if-result-in-template": {
-      "context": [
-        "github",
-        "strategy",
-        "matrix",
-        "steps",
-        "inputs",
-        "job",
-        "runner",
-        "env",
-        "always(0,0)",
-        "failure(0,0)",
-        "cancelled(0,0)",
-        "success(0,0)",
-        "hashFiles(1,255)"
-      ],
-      "one-of": [
-        "null",
-        "boolean",
-        "number",
-        "string",
-        "sequence",
-        "mapping"
-      ]
-    },
-
-    "steps-template-reference": {
-      "mapping": {
-        "properties": {
-          "template": "non-empty-string",
-          "id": "non-empty-string",
-          "inputs": "steps-template-reference-inputs"
-        }
-      }
-    },
-
-    "steps-template-reference-in-template": {
-      "mapping": {
-        "properties": {
-          "template": "non-empty-string",
-          "id": "non-empty-string",
-          "inputs": "steps-template-reference-inputs-in-template"
-        }
-      }
-    },
-
-    "steps-template-reference-inputs": {
-      "context": [
-        "github",
-        "needs",
-        "strategy",
-        "matrix",
-        "secrets",
-        "steps",
-        "job",
-        "runner",
-        "env"
-      ],
-      "mapping": {
-        "loose-key-type": "non-empty-string",
-        "loose-value-type": "string"
-      }
-    },
-
-    "steps-template-reference-inputs-in-template": {
-      "context": [
-        "github",
-        "needs",
-        "strategy",
-        "matrix",
-        "secrets",
-        "steps",
-        "inputs",
-        "job",
-        "runner",
-        "env"
-      ],
-      "mapping": {
-        "loose-key-type": "non-empty-string",
-        "loose-value-type": "string"
-      }
-    },
-
     "step-env": {
       "context": [
         "github",
@@ -626,26 +334,6 @@
       }
     },
 
-    "step-env-in-template": {
-      "context": [
-        "github",
-        "needs",
-        "strategy",
-        "matrix",
-        "secrets",
-        "steps",
-        "inputs",
-        "job",
-        "runner",
-        "env",
-        "hashFiles(1,255)"
-      ],
-      "mapping": {
-        "loose-key-type": "non-empty-string",
-        "loose-value-type": "string"
-      }
-    },
-
     "step-with": {
       "context": [
         "github",
@@ -665,26 +353,6 @@
       }
     },
 
-    "step-with-in-template": {
-      "context": [
-        "github",
-        "needs",
-        "strategy",
-        "matrix",
-        "secrets",
-        "steps",
-        "inputs",
-        "job",
-        "runner",
-        "env",
-        "hashFiles(1,255)"
-      ],
-      "mapping": {
-        "loose-key-type": "non-empty-string",
-        "loose-value-type": "string"
-      }
-    },
-
     "container": {
       "context": [
         "github",
@@ -705,7 +373,8 @@
           "options": "non-empty-string",
           "env": "container-env",
           "ports": "sequence-of-non-empty-string",
-          "volumes": "sequence-of-non-empty-string"
+          "volumes": "sequence-of-non-empty-string",
+          "credentials": "container-registry-credentials"
         }
       }
     },
@@ -736,6 +405,20 @@
       ]
     },
 
+    "container-registry-credentials": {
+      "context": [
+        "secrets",
+        "env",
+        "github"
+      ],
+      "mapping": {
+        "properties": {
+          "username": "non-empty-string",
+          "password": "non-empty-string"
+        }
+      }
+    },
+
     "container-env": {
       "mapping": {
         "loose-key-type": "non-empty-string",
@@ -801,23 +484,6 @@
       "boolean": {}
     },
 
-    "boolean-steps-context-in-template": {
-      "context": [
-        "github",
-        "needs",
-        "strategy",
-        "matrix",
-        "secrets",
-        "steps",
-        "inputs",
-        "job",
-        "runner",
-        "env",
-        "hashFiles(1,255)"
-      ],
-      "boolean": {}
-    },
-
     "number-steps-context": {
       "context": [
         "github",
@@ -834,23 +500,6 @@
       "number": {}
     },
 
-    "number-steps-context-in-template": {
-      "context": [
-        "github",
-        "needs",
-        "strategy",
-        "matrix",
-        "secrets",
-        "steps",
-        "inputs",
-        "job",
-        "runner",
-        "env",
-        "hashFiles(1,255)"
-      ],
-      "number": {}
-    },
-
     "string-runner-context": {
       "context": [
         "github",
@@ -866,6 +515,20 @@
       "string": {}
     },
 
+    "string-runner-context-no-secrets": {
+      "context": [
+        "github",
+        "needs",
+        "strategy",
+        "matrix",
+        "steps",
+        "job",
+        "runner",
+        "env"
+      ],
+      "string": {}
+    },
+
     "string-steps-context": {
       "context": [
         "github",
@@ -880,23 +543,6 @@
         "hashFiles(1,255)"
       ],
       "string": {}
-    },
-
-    "string-steps-context-in-template": {
-      "context": [
-        "github",
-        "needs",
-        "strategy",
-        "matrix",
-        "secrets",
-        "steps",
-        "inputs",
-        "job",
-        "runner",
-        "env",
-        "hashFiles(1,255)"
-      ],
-      "string": {}
     }
   }
 }

src/Sdk/DTWebApi/WebApi/ActionDownloadInfo.cs

@@ -0,0 +1,40 @@
+using System;
+using System.Runtime.Serialization;
+
+namespace GitHub.DistributedTask.WebApi
+{
+    [DataContract]
+    public class ActionDownloadInfo
+    {
+        [DataMember(EmitDefaultValue = false)]
+        public ActionDownloadAuthentication Authentication { get; set; }
+
+        [DataMember(EmitDefaultValue = false)]
+        public string NameWithOwner { get; set; }
+
+        [DataMember(EmitDefaultValue = false)]
+        public string ResolvedNameWithOwner { get; set; }
+
+        [DataMember(EmitDefaultValue = false)]
+        public string ResolvedSha { get; set; }
+
+        [DataMember(EmitDefaultValue = false)]
+        public string TarballUrl { get; set; }
+
+        [DataMember(EmitDefaultValue = false)]
+        public string Ref { get; set; }
+
+        [DataMember(EmitDefaultValue = false)]
+        public string ZipballUrl { get; set; }
+    }
+
+    [DataContract]
+    public class ActionDownloadAuthentication
+    {
+        [DataMember(EmitDefaultValue = false)]
+        public DateTime ExpiresAt { get; set; }
+
+        [DataMember(EmitDefaultValue = false)]
+        public string Token { get; set; }
+    }
+}

src/Sdk/DTWebApi/WebApi/ActionDownloadInfoCollection.cs

@@ -0,0 +1,16 @@
+using System.Collections.Generic;
+using System.Runtime.Serialization;
+
+namespace GitHub.DistributedTask.WebApi
+{
+    [DataContract]
+    public class ActionDownloadInfoCollection
+    {
+        [DataMember]
+        public IDictionary<string, ActionDownloadInfo> Actions
+        {
+            get;
+            set;
+        }
+    }
+}

src/Sdk/DTWebApi/WebApi/ActionReference.cs

@@ -0,0 +1,22 @@
+using System.Runtime.Serialization;
+
+namespace GitHub.DistributedTask.WebApi
+{
+    [DataContract]
+    public class ActionReference
+    {
+        [DataMember]
+        public string NameWithOwner
+        {
+            get;
+            set;
+        }
+
+        [DataMember]
+        public string Ref
+        {
+            get;
+            set;
+        }
+    }
+}

src/Sdk/DTWebApi/WebApi/ActionReferenceList.cs

@@ -0,0 +1,16 @@
+using System.Collections.Generic;
+using System.Runtime.Serialization;
+
+namespace GitHub.DistributedTask.WebApi
+{
+    [DataContract]
+    public class ActionReferenceList
+    {
+        [DataMember]
+        public IList<ActionReference> Actions
+        {
+            get;
+            set;
+        }
+    }
+}

src/Sdk/DTWebApi/WebApi/ActionsEnvironmentReference.cs

@@ -0,0 +1,23 @@
+using System.Runtime.Serialization;
+using GitHub.DistributedTask.ObjectTemplating.Tokens;
+
+namespace GitHub.DistributedTask.WebApi
+{
+    /// <summary>
+    /// Information about an environment parsed from YML with evaluated name, URL will be evaluated on runner
+    /// </summary>
+    [DataContract]
+    public class ActionsEnvironmentReference
+    {
+        public ActionsEnvironmentReference(string name)
+        {
+            Name = name;
+        }
+
+        [DataMember(EmitDefaultValue = false)]
+        public string Name { get; set; }
+
+        [DataMember(EmitDefaultValue = false)]
+        public TemplateToken Url { get; set; }
+    }
+}

src/Sdk/DTWebApi/WebApi/JobEvent.cs

@@ -131,6 +131,17 @@ namespace GitHub.DistributedTask.WebApi
             this.Outputs = outputs;
         }
 
+        public JobCompletedEvent(
+            Int64 requestId,
+            Guid jobId,
+            TaskResult result,
+            Dictionary<String, VariableValue> outputs,
+            ActionsEnvironmentReference actionsEnvironment)
+            : this(requestId, jobId, result, outputs)
+        {
+            this.ActionsEnvironment = actionsEnvironment;
+        }
+
         [DataMember(EmitDefaultValue = false)]
         public Int64 RequestId
         {
@@ -151,6 +162,13 @@ namespace GitHub.DistributedTask.WebApi
             get;
             set;
         }
+
+        [DataMember(EmitDefaultValue = false)]
+        public ActionsEnvironmentReference ActionsEnvironment
+        {
+            get;
+            set;
+        }
     }
 
     [DataContract]