prototype support for step retries

mask secrets with double-quotes when passed to docker command line (#1002 )
Delete script files before replacing during update (#984 )
2025-12-12 15:13:30 +00:00 · 2021-03-08 12:00:44 -06:00 · 2021-03-05 15:17:55 -06:00 · 2021-02-22 23:38:15 -05:00 · 2021-02-18 21:55:58 -05:00 · 2021-02-09 14:45:33 -05:00
13 changed files with 106 additions and 87 deletions
--- a/releaseNote.md
+++ b/releaseNote.md
@@ -1,16 +1,11 @@
 ## Features
-  - Verify the Runner Hash during auto-upgrade before installing the new runner version (#967)
-  - Support download of runners from authenticated endpoints (#920)
-  - Enabled tty output in Docker Actions (#916)
-  - Added '--check' command to verify runner connectivity (#949)
+

 ## Bugs
-  - Fix usage of /dev/null and ping in run.sh (#968)
+  - Fixed an issue where docker containers failed to initialize (#977)

 ## Misc
-  - Updated the copy for various runner messages (#972)
-  - Added the runner's OS to telemetry (#939)
-  - Various other telemetry improvements (#935)
+

 ## Windows x64
 We recommend configuring the runner in a root folder of the Windows drive (e.g. "C:\actions-runner"). This will help avoid issues related to service identity folder permissions and long file path restrictions on Windows.
--- a/2
+++ b/2
@@ -1 +1 @@
-2.277.0
+<Update to ./src/runnerversion when creating release>
--- a/src/Runner.Common/HostContext.cs
+++ b/src/Runner.Common/HostContext.cs
@@ -84,6 +84,7 @@ namespace GitHub.Runner.Common
            this.SecretMasker.AddValueEncoder(ValueEncoders.Base64StringEscape);
            this.SecretMasker.AddValueEncoder(ValueEncoders.Base64StringEscapeShift1);
            this.SecretMasker.AddValueEncoder(ValueEncoders.Base64StringEscapeShift2);
+            this.SecretMasker.AddValueEncoder(ValueEncoders.CommandLineArgumentEscape);
            this.SecretMasker.AddValueEncoder(ValueEncoders.ExpressionStringEscape);
            this.SecretMasker.AddValueEncoder(ValueEncoders.JsonStringEscape);
            this.SecretMasker.AddValueEncoder(ValueEncoders.UriDataEscape);
--- a/src/Runner.Listener/SelfUpdater.cs
+++ b/src/Runner.Listener/SelfUpdater.cs
@@ -357,8 +357,13 @@ namespace GitHub.Runner.Listener
            Trace.Info($"Copy any remaining .sh/.cmd files into runner root.");
            foreach (FileInfo file in new DirectoryInfo(latestRunnerDirectory).GetFiles() ?? new FileInfo[0])
            {
-                // Copy and replace the file.
-                file.CopyTo(Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), file.Name), true);
+                string destination = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), file.Name);
+
+                // Removing the file instead of just trying to overwrite it works around permissions issues on linux.
+                // https://github.com/actions/runner/issues/981
+                Trace.Info($"Copy {file.FullName} to {destination}");
+                IOUtil.DeleteFile(destination);
+                file.CopyTo(destination, true);
            }
        }

--- a/src/Runner.Worker/ActionRunner.cs
+++ b/src/Runner.Worker/ActionRunner.cs
@@ -64,6 +64,8 @@ namespace GitHub.Runner.Worker

        public Pipelines.ActionStep Action { get; set; }

+        public Int32 Retries => Action?.Retries ?? 0;
+
        public TemplateToken Timeout => Action?.TimeoutInMinutes;

        public async Task RunAsync()
--- a/src/Runner.Worker/Container/DockerCommandManager.cs
+++ b/src/Runner.Worker/Container/DockerCommandManager.cs
@@ -197,7 +197,6 @@ namespace GitHub.Runner.Worker.Container

            dockerOptions.Add($"--workdir {container.ContainerWorkDirectory}");
            dockerOptions.Add($"--rm");
-            dockerOptions.Add($"-t");

            foreach (var env in container.ContainerEnvironmentVariables)
            {
--- a/src/Runner.Worker/ContainerOperationProvider.cs
+++ b/src/Runner.Worker/ContainerOperationProvider.cs
@@ -198,8 +198,7 @@ namespace GitHub.Runner.Worker
                }
            }

-            // TODO: Add at a later date. This currently no local package registry to test with
-            // UpdateRegistryAuthForGitHubToken(executionContext, container);
+            UpdateRegistryAuthForGitHubToken(executionContext, container);

            // Before pulling, generate client authentication if required
            var configLocation = await ContainerRegistryLogin(executionContext, container);
@@ -494,31 +493,14 @@ namespace GitHub.Runner.Worker

        private void UpdateRegistryAuthForGitHubToken(IExecutionContext executionContext, ContainerInfo container)
        {
-            var registryIsTokenCompatible = container.RegistryServer.Equals("docker.pkg.github.com", StringComparison.OrdinalIgnoreCase);
+            var registryIsTokenCompatible = container.RegistryServer.Equals("ghcr.io", StringComparison.OrdinalIgnoreCase) || container.RegistryServer.Equals("containers.pkg.github.com", StringComparison.OrdinalIgnoreCase);
            if (!registryIsTokenCompatible)
            {
                return;
            }

-            var registryMatchesWorkflow = false;
-
-            // REGISTRY/OWNER/REPO/IMAGE[:TAG]
-            var imageParts = container.ContainerImage.Split('/');
-            if (imageParts.Length != 4)
-            {
-                executionContext.Warning($"Could not identify owner and repo for container image {container.ContainerImage}. Skipping automatic token auth");
-                return;
-            }
-            var owner = imageParts[1];
-            var repo = imageParts[2];
-            var nwo = $"{owner}/{repo}";
-            if (nwo.Equals(executionContext.GetGitHubContext("repository"), StringComparison.OrdinalIgnoreCase))
-            {
-                registryMatchesWorkflow = true;
-            }
-
            var registryCredentialsNotSupplied = string.IsNullOrEmpty(container.RegistryAuthUsername) && string.IsNullOrEmpty(container.RegistryAuthPassword);
-            if (registryCredentialsNotSupplied && registryMatchesWorkflow)
+            if (registryCredentialsNotSupplied)
            {
                container.RegistryAuthUsername = executionContext.GetGitHubContext("actor");
                container.RegistryAuthPassword = executionContext.GetGitHubContext("token");
--- a/src/Runner.Worker/Handlers/StepHost.cs
+++ b/src/Runner.Worker/Handlers/StepHost.cs
@@ -182,7 +182,7 @@ namespace GitHub.Runner.Worker.Handlers
            dockerCommandArgs.Add($"exec");

            // [OPTIONS]
-            dockerCommandArgs.Add($"-it");
+            dockerCommandArgs.Add($"-i");
            dockerCommandArgs.Add($"--workdir {workingDirectory}");
            foreach (var env in environment)
            {
--- a/src/Runner.Worker/JobExtensionRunner.cs
+++ b/src/Runner.Worker/JobExtensionRunner.cs
@@ -26,6 +26,7 @@ namespace GitHub.Runner.Worker
        public TemplateToken ContinueOnError => new BooleanToken(null, null, null, false);
        public string DisplayName { get; set; }
        public IExecutionContext ExecutionContext { get; set; }
+        public Int32 Retries => 0;
        public TemplateToken Timeout => new NumberToken(null, null, null, 0);
        public object Data => _data;

--- a/src/Runner.Worker/StepsRunner.cs
+++ b/src/Runner.Worker/StepsRunner.cs
@@ -24,6 +24,7 @@ namespace GitHub.Runner.Worker
        TemplateToken ContinueOnError { get; }
        string DisplayName { get; set; }
        IExecutionContext ExecutionContext { get; set; }
+        Int32 Retries { get; }
        TemplateToken Timeout { get; }
        Task RunAsync();
    }
@@ -280,6 +281,10 @@ namespace GitHub.Runner.Worker
                step.ExecutionContext.Error("An error occurred when attempting to determine the step timeout.");
                step.ExecutionContext.Error(ex);
            }
+
+            int attempt = 1;
+            while (true)
+            {
                if (timeoutMinutes > 0)
                {
                    var timeout = TimeSpan.FromMinutes(timeoutMinutes);
@@ -348,6 +353,25 @@ namespace GitHub.Runner.Worker
                }
                Trace.Info($"Step result: {step.ExecutionContext.Result}");

+                if (step.ExecutionContext.Result == TaskResult.Failed && attempt <= step.Retries)
+                {
+                    attempt++;
+                    step.ExecutionContext.Result = null;
+                    step.ExecutionContext.ResultCode = null;
+                    // todo: replace the step cancellation token source
+                    // todo: reset the step.ExecutionContext.CommandResult
+                    // todo: create a new timeline record, e.g. "My display name (#2)"
+                    // todo: clear outputs? What will we do on a job? probably clear outputs since merging from separate timeline attempts would otherwise be complex
+                    // todo: consider intrastate - i guess it makes sense this doesn't get cleared
+                    // todo: reconcile all of the above wrt composite steps
+                    // todo: reconcile all of the above wrt pre/post
+                    // todo: distinguish retryable vs non-retryable failures? e.g. if an exception bubbles from the handler
+                    continue;
+                }
+
+                break;
+            }
+
            // Complete the step context.
            step.ExecutionContext.Debug($"Finishing: {step.DisplayName}");
        }
--- a/src/Sdk/DTLogging/Logging/ValueEncoders.cs
+++ b/src/Sdk/DTLogging/Logging/ValueEncoders.cs
@@ -37,6 +37,12 @@ namespace GitHub.DistributedTask.Logging
            return Base64StringEscapeShift(value, 2);
        }

+        // Used when we pass environment variables to docker to escape " with \"
+        public static String CommandLineArgumentEscape(String value)
+        {
+            return value.Replace("\"", "\\\"");
+        }
+
        public static String ExpressionStringEscape(String value)
        {
            return Expressions2.Sdk.ExpressionUtility.StringEscape(value);
--- a/src/Sdk/DTPipelines/Pipelines/ActionStep.cs
+++ b/src/Sdk/DTPipelines/Pipelines/ActionStep.cs
@@ -22,6 +22,7 @@ namespace GitHub.DistributedTask.Pipelines
            this.Reference = actionToClone.Reference?.Clone();

            Environment = actionToClone.Environment?.Clone();
+            Retries = actionToClone.Retries;
            Inputs = actionToClone.Inputs?.Clone();
            ContextName = actionToClone?.ContextName;
            DisplayNameToken = actionToClone.DisplayNameToken?.Clone();
@@ -46,6 +47,9 @@ namespace GitHub.DistributedTask.Pipelines
        [DataMember(EmitDefaultValue = false)]
        public TemplateToken Environment { get; set; }

+        [DataMember(EmitDefaultValue = false)]
+        public Int32 Retries { get; set; }
+
        [DataMember(EmitDefaultValue = false)]
        public TemplateToken Inputs { get; set; }

--- a/src/runnerversion
+++ b/src/runnerversion
@@ -1 +1 @@
-2.277.0
+2.277.1
Author	SHA1	Message	Date
eric sciple	523d7f9454	prototype support for step retries	2021-03-08 12:00:44 -06:00
eric sciple	8109c962f0	mask secrets with double-quotes when passed to docker command line (#1002 )	2021-03-05 15:17:55 -06:00
Tim Etchells	af198237ca	Delete script files before replacing during update (#984 ) * Delete script files before replacing during update Signed-off-by: Tim Etchells <tetchel@gmail.com> * Use IOUtil.DelteFile() Co-authored-by: Tingluo Huang <tingluohuang@github.com>	2021-02-22 23:38:15 -05:00
Alberto Gimeno	1559ff15ec	Use GITHUB_TOKEN for ghcr.io containers if credentials are not provided (#990 ) * Use GITHUB_TOKEN for ghcr.io containers if credentials are not provided * Use GITHUB_TOKEN also for containers in containers.pkg.github.com	2021-02-18 21:55:58 -05:00
Thomas Boop	67ff8d3460	Release 2.277.1 runner (#977 ) * Revert "Enable tty output from Docker Actions (#916)" `5972bd0060` * Release notes * add pr	2021-02-09 14:45:33 -05:00
@@ -1 +1 @@
 .277.0
 .277.1