Update releaseVersion

* set env in ProcessInvoker sanitized (#2280)

* set env in ProcessInvoker sanitized

* Update runnerversion and rel notes and make it prerelase

---------

Co-authored-by: Stefan Ruvceski <96768603+ruvceskistefan@users.noreply.github.com>

.devcontainer/devcontainer.json

@@ -0,0 +1,24 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
+{
+	"name": "Actions Runner Devcontainer",
+	"image": "mcr.microsoft.com/devcontainers/base:focal",
+	"features": {
+		"ghcr.io/devcontainers/features/docker-in-docker:1": {},
+		"ghcr.io/devcontainers/features/dotnet": {
+			"version": "6.0.300"
+		}
+	},
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"ms-azuretools.vscode-docker",
+				"ms-dotnettools.csharp",
+				"eamodio.gitlens"
+			]
+		}
+	},
+	// dotnet restore to install dependencies so OmniSharp works out of the box
+	// src/Test restores all other projects it references, src/Runner.PluginHost is not one of them
+	"postCreateCommand": "dotnet restore src/Test && dotnet restore src/Runner.PluginHost",
+	"remoteUser": "vscode"
+}

.editorconfig

@@ -1,6 +1,7 @@
 # https://editorconfig.org/
 
 [*]
+charset = utf-8 # Set default charset to utf-8
 insert_final_newline = true # ensure all files end with a single newline
 trim_trailing_whitespace = true # attempt to remove trailing whitespace on save
 

.github/workflows/build.yml

@@ -10,7 +10,7 @@ on:
     - '**.md'
   pull_request:
     branches:
-    - '*'
+    - '**'
     paths-ignore:
     - '**.md'
 
@@ -18,7 +18,7 @@ jobs:
   build:
     strategy:
       matrix:
-        runtime: [ linux-x64, linux-arm64, linux-arm, win-x64, osx-x64 ]
+        runtime: [ linux-x64, linux-arm64, linux-arm, win-x64, win-arm64, osx-x64, osx-arm64 ]
         include:
         - runtime: linux-x64
           os: ubuntu-latest
@@ -36,13 +36,21 @@ jobs:
           os: macOS-latest
           devScript: ./dev.sh
 
+        - runtime: osx-arm64
+          os: macOS-latest
+          devScript: ./dev.sh
+
         - runtime: win-x64
           os: windows-2019
           devScript: ./dev
 
+        - runtime: win-arm64
+          os: windows-latest
+          devScript: ./dev
+
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     # Build runner layout
     - name: Build & Layout Release
@@ -78,7 +86,7 @@ jobs:
       run: |
         ${{ matrix.devScript }} test
       working-directory: src
-      if: matrix.runtime != 'linux-arm64' && matrix.runtime != 'linux-arm'
+      if: matrix.runtime != 'linux-arm64' && matrix.runtime != 'linux-arm' && matrix.runtime != 'osx-arm64' && matrix.runtime != 'win-arm64'
 
     # Create runner package tar.gz/zip
     - name: Package Release
@@ -93,7 +101,7 @@ jobs:
       uses: actions/upload-artifact@v2
       with:
         name: runner-package-${{ matrix.runtime }}
-        path: | 
+        path: |
           _package
           _package_trims/trim_externals
           _package_trims/trim_runtime

.github/workflows/codeql.yml

@@ -23,7 +23,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/lint.yml

@@ -0,0 +1,25 @@
+name: Lint
+
+on:
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          # Ensure full list of changed files within `super-linter`
+          fetch-depth: 0
+      - name: Run linters
+        uses: github/super-linter@v4
+        env:
+          DEFAULT_BRANCH: ${{ github.base_ref }}
+          DISABLE_ERRORS: true
+          EDITORCONFIG_FILE_NAME: .editorconfig
+          LINTER_RULES_PATH: /src/
+          VALIDATE_ALL_CODEBASE: false
+          VALIDATE_CSHARP: true

.github/workflows/release.yml

@@ -11,7 +11,7 @@ jobs:
     if: startsWith(github.ref, 'refs/heads/releases/') || github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     # Make sure ./releaseVersion match ./src/runnerversion
     # Query GitHub release ensure version is not used
@@ -50,25 +50,33 @@ jobs:
       linux-arm64-sha: ${{ steps.sha.outputs.linux-arm64-sha256 }}
       linux-arm-sha: ${{ steps.sha.outputs.linux-arm-sha256 }}
       win-x64-sha: ${{ steps.sha.outputs.win-x64-sha256 }}
+      win-arm64-sha: ${{ steps.sha.outputs.win-arm64-sha256 }}
       osx-x64-sha: ${{ steps.sha.outputs.osx-x64-sha256 }}
+      osx-arm64-sha: ${{ steps.sha.outputs.osx-arm64-sha256 }}
       linux-x64-sha-noexternals: ${{ steps.sha_noexternals.outputs.linux-x64-sha256 }}
       linux-arm64-sha-noexternals: ${{ steps.sha_noexternals.outputs.linux-arm64-sha256 }}
       linux-arm-sha-noexternals: ${{ steps.sha_noexternals.outputs.linux-arm-sha256 }}
       win-x64-sha-noexternals: ${{ steps.sha_noexternals.outputs.win-x64-sha256 }}
+      win-arm64-sha-noexternals: ${{ steps.sha_noexternals.outputs.win-arm64-sha256 }}
       osx-x64-sha-noexternals: ${{ steps.sha_noexternals.outputs.osx-x64-sha256 }}
+      osx-arm64-sha-noexternals: ${{ steps.sha_noexternals.outputs.osx-arm64-sha256 }}
       linux-x64-sha-noruntime: ${{ steps.sha_noruntime.outputs.linux-x64-sha256 }}
       linux-arm64-sha-noruntime: ${{ steps.sha_noruntime.outputs.linux-arm64-sha256 }}
       linux-arm-sha-noruntime: ${{ steps.sha_noruntime.outputs.linux-arm-sha256 }}
       win-x64-sha-noruntime: ${{ steps.sha_noruntime.outputs.win-x64-sha256 }}
+      win-arm64-sha-noruntime: ${{ steps.sha_noruntime.outputs.win-arm64-sha256 }}
       osx-x64-sha-noruntime: ${{ steps.sha_noruntime.outputs.osx-x64-sha256 }}
+      osx-arm64-sha-noruntime: ${{ steps.sha_noruntime.outputs.osx-arm64-sha256 }}
       linux-x64-sha-noruntime-noexternals: ${{ steps.sha_noruntime_noexternals.outputs.linux-x64-sha256 }}
       linux-arm64-sha-noruntime-noexternals: ${{ steps.sha_noruntime_noexternals.outputs.linux-arm64-sha256 }}
       linux-arm-sha-noruntime-noexternals: ${{ steps.sha_noruntime_noexternals.outputs.linux-arm-sha256 }}
       win-x64-sha-noruntime-noexternals: ${{ steps.sha_noruntime_noexternals.outputs.win-x64-sha256 }}
+      win-arm64-sha-noruntime-noexternals: ${{ steps.sha_noruntime_noexternals.outputs.win-arm64-sha256 }}
       osx-x64-sha-noruntime-noexternals: ${{ steps.sha_noruntime_noexternals.outputs.osx-x64-sha256 }}
+      osx-arm64-sha-noruntime-noexternals: ${{ steps.sha_noruntime_noexternals.outputs.osx-arm64-sha256 }}
     strategy:
       matrix:
-        runtime: [ linux-x64, linux-arm64, linux-arm, win-x64, osx-x64 ]
+        runtime: [ linux-x64, linux-arm64, linux-arm, win-x64, osx-x64, osx-arm64, win-arm64 ]
         include:
         - runtime: linux-x64
           os: ubuntu-latest
@@ -86,13 +94,21 @@ jobs:
           os: macOS-latest
           devScript: ./dev.sh
 
+        - runtime: osx-arm64
+          os: macOS-latest
+          devScript: ./dev.sh
+
         - runtime: win-x64
           os: windows-2019
           devScript: ./dev
 
+        - runtime: win-arm64
+          os: windows-latest
+          devScript: ./dev
+
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     # Build runner layout
     - name: Build & Layout Release
@@ -100,13 +116,6 @@ jobs:
         ${{ matrix.devScript }} layout Release ${{ matrix.runtime }}
       working-directory: src
 
-    # Run tests
-    #- name: L0
-    #  run: |
-    #    ${{ matrix.devScript }} test
-    #  working-directory: src
-    #  if: matrix.runtime != 'linux-arm64' && matrix.runtime != 'linux-arm'
-
     # Create runner package tar.gz/zip
     - name: Package Release
       if: github.event_name != 'pull_request'
@@ -157,9 +166,9 @@ jobs:
       id: sha_noruntime_noexternals
       name: Compute SHA256
       working-directory: _package_trims/trim_runtime_externals
-    
+
     - name: Create trimmedpackages.json for ${{ matrix.runtime }}
-      if: matrix.runtime == 'win-x64'
+      if: matrix.runtime == 'win-x64' || matrix.runtime == 'win-arm64'
       uses: actions/github-script@0.3.0
       with:
         github-token: ${{secrets.GITHUB_TOKEN}}
@@ -179,7 +188,7 @@ jobs:
           fs.writeFileSync('${{ matrix.runtime }}-trimmedpackages.json', trimmedPackages)
 
     - name: Create trimmedpackages.json for ${{ matrix.runtime }}
-      if: matrix.runtime != 'win-x64'
+      if: matrix.runtime != 'win-x64' && matrix.runtime != 'win-arm64'
       uses: actions/github-script@0.3.0
       with:
         github-token: ${{secrets.GITHUB_TOKEN}}
@@ -217,7 +226,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     # Download runner package tar.gz/zip produced by 'build' job
     - name: Download Artifact
@@ -238,22 +247,30 @@ jobs:
           const runnerVersion = fs.readFileSync('${{ github.workspace }}/src/runnerversion', 'utf8').replace(/\n$/g, '')
           var releaseNote = fs.readFileSync('${{ github.workspace }}/releaseNote.md', 'utf8').replace(/<RUNNER_VERSION>/g, runnerVersion)
           releaseNote = releaseNote.replace(/<WIN_X64_SHA>/g, '${{needs.build.outputs.win-x64-sha}}')
+          releaseNote = releaseNote.replace(/<WIN_ARM64_SHA>/g, '${{needs.build.outputs.win-arm64-sha}}')
           releaseNote = releaseNote.replace(/<OSX_X64_SHA>/g, '${{needs.build.outputs.osx-x64-sha}}')
+          releaseNote = releaseNote.replace(/<OSX_ARM64_SHA>/g, '${{needs.build.outputs.osx-arm64-sha}}')
           releaseNote = releaseNote.replace(/<LINUX_X64_SHA>/g, '${{needs.build.outputs.linux-x64-sha}}')
           releaseNote = releaseNote.replace(/<LINUX_ARM_SHA>/g, '${{needs.build.outputs.linux-arm-sha}}')
           releaseNote = releaseNote.replace(/<LINUX_ARM64_SHA>/g, '${{needs.build.outputs.linux-arm64-sha}}')
           releaseNote = releaseNote.replace(/<WIN_X64_SHA_NOEXTERNALS>/g, '${{needs.build.outputs.win-x64-sha-noexternals}}')
+          releaseNote = releaseNote.replace(/<WIN_ARM64_SHA_NOEXTERNALS>/g, '${{needs.build.outputs.win-arm64-sha-noexternals}}')
           releaseNote = releaseNote.replace(/<OSX_X64_SHA_NOEXTERNALS>/g, '${{needs.build.outputs.osx-x64-sha-noexternals}}')
+          releaseNote = releaseNote.replace(/<OSX_ARM64_SHA_NOEXTERNALS>/g, '${{needs.build.outputs.osx-arm64-sha-noexternals}}')
           releaseNote = releaseNote.replace(/<LINUX_X64_SHA_NOEXTERNALS>/g, '${{needs.build.outputs.linux-x64-sha-noexternals}}')
           releaseNote = releaseNote.replace(/<LINUX_ARM_SHA_NOEXTERNALS>/g, '${{needs.build.outputs.linux-arm-sha-noexternals}}')
           releaseNote = releaseNote.replace(/<LINUX_ARM64_SHA_NOEXTERNALS>/g, '${{needs.build.outputs.linux-arm64-sha-noexternals}}')
           releaseNote = releaseNote.replace(/<WIN_X64_SHA_NORUNTIME>/g, '${{needs.build.outputs.win-x64-sha-noruntime}}')
+          releaseNote = releaseNote.replace(/<WIN_ARM64_SHA_NORUNTIME>/g, '${{needs.build.outputs.win-arm64-sha-noruntime}}')
           releaseNote = releaseNote.replace(/<OSX_X64_SHA_NORUNTIME>/g, '${{needs.build.outputs.osx-x64-sha-noruntime}}')
+          releaseNote = releaseNote.replace(/<OSX_ARM64_SHA_NORUNTIME>/g, '${{needs.build.outputs.osx-arm64-sha-noruntime}}')
           releaseNote = releaseNote.replace(/<LINUX_X64_SHA_NORUNTIME>/g, '${{needs.build.outputs.linux-x64-sha-noruntime}}')
           releaseNote = releaseNote.replace(/<LINUX_ARM_SHA_NORUNTIME>/g, '${{needs.build.outputs.linux-arm-sha-noruntime}}')
           releaseNote = releaseNote.replace(/<LINUX_ARM64_SHA_NORUNTIME>/g, '${{needs.build.outputs.linux-arm64-sha-noruntime}}')
           releaseNote = releaseNote.replace(/<WIN_X64_SHA_NORUNTIME_NOEXTERNALS>/g, '${{needs.build.outputs.win-x64-sha-noruntime-noexternals}}')
+          releaseNote = releaseNote.replace(/<WIN_ARM64_SHA_NORUNTIME_NOEXTERNALS>/g, '${{needs.build.outputs.win-arm64-sha-noruntime-noexternals}}')
           releaseNote = releaseNote.replace(/<OSX_X64_SHA_NORUNTIME_NOEXTERNALS>/g, '${{needs.build.outputs.osx-x64-sha-noruntime-noexternals}}')
+          releaseNote = releaseNote.replace(/<OSX_ARM64_SHA_NORUNTIME_NOEXTERNALS>/g, '${{needs.build.outputs.osx-arm64-sha-noruntime-noexternals}}')
           releaseNote = releaseNote.replace(/<LINUX_X64_SHA_NORUNTIME_NOEXTERNALS>/g, '${{needs.build.outputs.linux-x64-sha-noruntime-noexternals}}')
           releaseNote = releaseNote.replace(/<LINUX_ARM_SHA_NORUNTIME_NOEXTERNALS>/g, '${{needs.build.outputs.linux-arm-sha-noruntime-noexternals}}')
           releaseNote = releaseNote.replace(/<LINUX_ARM64_SHA_NORUNTIME_NOEXTERNALS>/g, '${{needs.build.outputs.linux-arm64-sha-noruntime-noexternals}}')
@@ -266,7 +283,9 @@ jobs:
       run: |
         ls -l
         echo "${{needs.build.outputs.win-x64-sha}}  actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}.zip" | shasum -a 256 -c
+        echo "${{needs.build.outputs.win-arm64-sha}}  actions-runner-win-arm64-${{ steps.releaseNote.outputs.version }}.zip" | shasum -a 256 -c
         echo "${{needs.build.outputs.osx-x64-sha}}  actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}.tar.gz" | shasum -a 256 -c
+        echo "${{needs.build.outputs.osx-arm64-sha}}  actions-runner-osx-arm64-${{ steps.releaseNote.outputs.version }}.tar.gz" | shasum -a 256 -c
         echo "${{needs.build.outputs.linux-x64-sha}}  actions-runner-linux-x64-${{ steps.releaseNote.outputs.version }}.tar.gz" | shasum -a 256 -c
         echo "${{needs.build.outputs.linux-arm-sha}}  actions-runner-linux-arm-${{ steps.releaseNote.outputs.version }}.tar.gz" | shasum -a 256 -c
         echo "${{needs.build.outputs.linux-arm64-sha}}  actions-runner-linux-arm64-${{ steps.releaseNote.outputs.version }}.tar.gz" | shasum -a 256 -c
@@ -282,6 +301,7 @@ jobs:
         release_name: "v${{ steps.releaseNote.outputs.version }}"
         body: |
           ${{ steps.releaseNote.outputs.note }}
+        prerelease: true
 
     # Upload release assets (full runner packages)
     - name: Upload Release Asset (win-x64)
@@ -294,6 +314,16 @@ jobs:
         asset_name: actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}.zip
         asset_content_type: application/octet-stream
 
+    - name: Upload Release Asset (win-arm64)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package/actions-runner-win-arm64-${{ steps.releaseNote.outputs.version }}.zip
+        asset_name: actions-runner-win-arm64-${{ steps.releaseNote.outputs.version }}.zip
+        asset_content_type: application/octet-stream
+
     - name: Upload Release Asset (linux-x64)
       uses: actions/upload-release-asset@v1.0.1
       env:
@@ -314,6 +344,16 @@ jobs:
         asset_name: actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}.tar.gz
         asset_content_type: application/octet-stream
 
+    - name: Upload Release Asset (osx-arm64)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package/actions-runner-osx-arm64-${{ steps.releaseNote.outputs.version }}.tar.gz
+        asset_name: actions-runner-osx-arm64-${{ steps.releaseNote.outputs.version }}.tar.gz
+        asset_content_type: application/octet-stream
+
     - name: Upload Release Asset (linux-arm)
       uses: actions/upload-release-asset@v1.0.1
       env:
@@ -345,6 +385,17 @@ jobs:
         asset_name: actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}-noexternals.zip
         asset_content_type: application/octet-stream
 
+    # Upload release assets (trim externals)
+    - name: Upload Release Asset (win-arm64-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_externals/actions-runner-win-arm64-${{ steps.releaseNote.outputs.version }}-noexternals.zip
+        asset_name: actions-runner-win-arm64-${{ steps.releaseNote.outputs.version }}-noexternals.zip
+        asset_content_type: application/octet-stream
+
     - name: Upload Release Asset (linux-x64-noexternals)
       uses: actions/upload-release-asset@v1.0.1
       env:
@@ -365,6 +416,16 @@ jobs:
         asset_name: actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}-noexternals.tar.gz
         asset_content_type: application/octet-stream
 
+    - name: Upload Release Asset (osx-arm64-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_externals/actions-runner-osx-arm64-${{ steps.releaseNote.outputs.version }}-noexternals.tar.gz
+        asset_name: actions-runner-osx-arm64-${{ steps.releaseNote.outputs.version }}-noexternals.tar.gz
+        asset_content_type: application/octet-stream
+
     - name: Upload Release Asset (linux-arm-noexternals)
       uses: actions/upload-release-asset@v1.0.1
       env:
@@ -396,6 +457,17 @@ jobs:
         asset_name: actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}-noruntime.zip
         asset_content_type: application/octet-stream
 
+    # Upload release assets (trim runtime)
+    - name: Upload Release Asset (win-arm64-noruntime)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime/actions-runner-win-arm64-${{ steps.releaseNote.outputs.version }}-noruntime.zip
+        asset_name: actions-runner-win-arm64-${{ steps.releaseNote.outputs.version }}-noruntime.zip
+        asset_content_type: application/octet-stream
+
     - name: Upload Release Asset (linux-x64-noruntime)
       uses: actions/upload-release-asset@v1.0.1
       env:
@@ -416,6 +488,16 @@ jobs:
         asset_name: actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}-noruntime.tar.gz
         asset_content_type: application/octet-stream
 
+    - name: Upload Release Asset (osx-arm64-noruntime)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime/actions-runner-osx-arm64-${{ steps.releaseNote.outputs.version }}-noruntime.tar.gz
+        asset_name: actions-runner-osx-arm64-${{ steps.releaseNote.outputs.version }}-noruntime.tar.gz
+        asset_content_type: application/octet-stream
+
     - name: Upload Release Asset (linux-arm-noruntime)
       uses: actions/upload-release-asset@v1.0.1
       env:
@@ -447,6 +529,17 @@ jobs:
         asset_name: actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.zip
         asset_content_type: application/octet-stream
 
+    # Upload release assets (trim runtime and externals)
+    - name: Upload Release Asset (win-arm64-noruntime-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime_externals/actions-runner-win-arm64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.zip
+        asset_name: actions-runner-win-arm64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.zip
+        asset_content_type: application/octet-stream
+
     - name: Upload Release Asset (linux-x64-noruntime-noexternals)
       uses: actions/upload-release-asset@v1.0.1
       env:
@@ -467,6 +560,16 @@ jobs:
         asset_name: actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.tar.gz
         asset_content_type: application/octet-stream
 
+    - name: Upload Release Asset (osx-arm64-noruntime-noexternals)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/_package_trims/trim_runtime_externals/actions-runner-osx-arm64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.tar.gz
+        asset_name: actions-runner-osx-arm64-${{ steps.releaseNote.outputs.version }}-noruntime-noexternals.tar.gz
+        asset_content_type: application/octet-stream
+
     - name: Upload Release Asset (linux-arm-noruntime-noexternals)
       uses: actions/upload-release-asset@v1.0.1
       env:
@@ -498,6 +601,17 @@ jobs:
         asset_name: actions-runner-win-x64-${{ steps.releaseNote.outputs.version }}-trimmedpackages.json
         asset_content_type: application/octet-stream
 
+    # Upload release assets (trimmedpackages.json)
+    - name: Upload Release Asset (win-arm64-trimmedpackages.json)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/win-arm64-trimmedpackages.json
+        asset_name: actions-runner-win-arm64-${{ steps.releaseNote.outputs.version }}-trimmedpackages.json
+        asset_content_type: application/octet-stream
+
     - name: Upload Release Asset (linux-x64-trimmedpackages.json)
       uses: actions/upload-release-asset@v1.0.1
       env:
@@ -518,6 +632,16 @@ jobs:
         asset_name: actions-runner-osx-x64-${{ steps.releaseNote.outputs.version }}-trimmedpackages.json
         asset_content_type: application/octet-stream
 
+    - name: Upload Release Asset (osx-arm64-trimmedpackages.json)
+      uses: actions/upload-release-asset@v1.0.1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.createRelease.outputs.upload_url }}
+        asset_path: ${{ github.workspace }}/osx-arm64-trimmedpackages.json
+        asset_name: actions-runner-osx-arm64-${{ steps.releaseNote.outputs.version }}-trimmedpackages.json
+        asset_content_type: application/octet-stream
+
     - name: Upload Release Asset (linux-arm-trimmedpackages.json)
       uses: actions/upload-release-asset@v1.0.1
       env:

.vscode/launch.json

@@ -12,8 +12,7 @@
             ],
             "cwd": "${workspaceFolder}/src",
             "console": "integratedTerminal",
-            "requireExactSource": false,
-            "targetArchitecture": "x86_64"
+            "requireExactSource": false
         },
         {
             "name": "Run",
@@ -25,8 +24,7 @@
             ],
             "cwd": "${workspaceFolder}/src",
             "console": "integratedTerminal",
-            "requireExactSource": false,
-            "targetArchitecture": "x86_64"
+            "requireExactSource": false
         },
         {
             "name": "Configure",
@@ -39,24 +37,21 @@
             ],
             "cwd": "${workspaceFolder}/src",
             "console": "integratedTerminal",
-            "requireExactSource": false,
-            "targetArchitecture": "x86_64"
+            "requireExactSource": false
         },
         {
             "name": "Debug Worker",
             "type": "coreclr",
             "request": "attach",
             "processName": "Runner.Worker",
-            "requireExactSource": false,
-            "targetArchitecture": "x86_64"
+            "requireExactSource": false
         },
         {
             "name": "Attach Debugger",
             "type": "coreclr",
             "request": "attach",
             "processId": "${command:pickProcess}",
-            "requireExactSource": false,
-            "targetArchitecture": "x86_64"
+            "requireExactSource": false
         },
     ],
 }

docs/adrs/1751-runner-job-hooks.md

@@ -0,0 +1,83 @@
+# ADR: Notification Hooks for Runners
+
+## Context
+
+This ADR details the design changes for supporting custom configurable hooks for on various runner events. This has been a long requested user feature [here](https://github.com/actions/runner/issues/1543), [here](https://github.com/actions/runner/issues/699) and [here](https://github.com/actions/runner/issues/1116) for users to have more information on runner observability, and for the ability to run cleanup and teardown jobs. 
+
+This feature is mainly intended for self hosted runner administrators.
+
+**What we hope to solve with this feature**
+1. A runner admininstrator is able to add custom scripts to cleanup their runner environment at the start or end of a job
+2. A runner admininstrator is able to add custom scripts to help setup their runner environment at the beginning of a job, for reasons like [caching](https://github.com/actions/runner/issues/1543#issuecomment-1050346279)
+3. A runner administrator is able to grab custom telemetry of jobs running on their self hosted runner
+
+**What we don't think this will solve**
+- Policy features that require certain steps run at the beginning or end of all jobs
+  - This would be better solved to in a central place in settings, rather then decentralized on each runner. 
+  - The Proposed `Notification Hooks for Runners` is limited to self hosted runners, we don't beileve Policy features should be
+- Reuse scenarios between jobs are covered by [composite actions](https://docs.github.com/en/actions/creating-actions/creating-a-composite-action) and [resuable workflows](https://docs.github.com/en/actions/using-workflows/reusing-workflows)
+- Security applications, security should be handled on the policy side on the server, not decentralized on each runner
+
+## Hooks
+- We will expose 2 variables that users can set to enable hooks  
+  - `ACTIONS_RUNNER_HOOK_JOB_STARTED`
+  - `ACTIONS_RUNNER_HOOK_JOB_COMPLETED`
+
+You can set these variables to the **absolute** path of a a `.sh` or `.ps1` file.
+
+We will execute `pwsh` (fallback to `powershell`) or `bash` (fallback to `sh`) as appropriate.
+- `.sh` files will execute with the args `-e {pathtofile}`
+- `.ps1` files will execute with the args `-command \". '{pathtofile}'\"`
+
+We will **not** set the [standard flags we typically set](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell) for `runs` commands. So, if you want to set `pipefail` on `bash` for example, you will need to do that in your script.
+
+### UI
+We want to ensure the experience for users invoking workflows is good, if hooks take too long, you may feel your job is delayed or broken. So, much like `Set Up Job`, we will generate two new steps automatically in your job, one for each configured hook: 
+- `Set up runner`  
+- `Complete runner` 
+
+These steps will contain all of the output from invoking your hook, so you will have visibility into the runtime. We will also provide information on the path to the hook, and what shell we are invoking it as, much like we do for `run: ` steps.
+
+### Contexts
+When running your hooks, some context on your job may be helpful.
+- The scripts will have access to the standard [default environment variables](https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables)
+  - Some of these variables are step specific like `GITHUB_ACTION`, in which case they will not be set
+- You can pull the full webhook event payload from `GITHUB_EVENT_PATH`
+
+### Commands
+Should we expose [Commands](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions) and [Environment Files](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files)
+
+**Yes**. Imagine a scenario where a runner administrator is deprecating a runner pool, and they need to [warn users](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-a-warning-message) to swap to a different pool, we should support them in doing this. However, there are some limitations:
+- [save-state](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions) will **not** be supported, these are not traditional steps with pre and post actions
+- [set-output](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#using-workflow-commands-to-access-toolkit-functions) will **not** be supported, there is no `id` as this is not a traditional step
+
+
+### Environment Files
+We will also enable [Environment Files](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files) to support setup scenarios for the runner environment.
+
+While a self hosted runner admin can [set env variables](https://docs.github.com/en/actions/hosting-your-own-runners/using-a-proxy-server-with-self-hosted-runners#using-a-env-file-to-set-the-proxy-configuration), these apply to all jobs. By enabling the ability to `add a path` and `set an env` we give runner admins the ability to do this dynamically based on the [workflows environment variables](https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables) to empower setup scenarios.
+
+
+### Exit codes
+These are **synchronous** hooks, so they will block job execution while they are being run. Exit code 0 will indicate a successful run of the hook and we will proceed with the job, any other exit code will fail the job with an appropriate annotation.
+- There will be no support for `continue-on-error`
+
+## Key Decisions
+- We will expose 2 variables that users can set to enable hooks  
+  - `ACTIONS_RUNNER_HOOK_JOB_STARTED`
+  - `ACTIONS_RUNNER_HOOK_JOB_COMPLETED`
+- Users can set these variables to the path of a `.sh` or `.ps1` file, which we will execute when Jobs are started or completed.
+  - Output from these will be added to a new step at the start/end of a job named `Set up runner` or `Complete runner`. 
+    - These steps will only be generated on runs with these hooks
+- These hooks `always()` execute if the env variable is set
+- These files will execute as the Runner user, outside of any container specification on the job
+- These are **synchronous** hooks
+  - Runner admins can execute a background process for async hooks if they want
+  - We will fail the job and halt execution on any exit code that is not 0. The Runner admin is responsible for returning the correct exit code and ensuring resilency. 
+    - This includes that the runner user needs access to the file in the env and the file must exist
+    - There will be no `continue-on-error` type option on launch
+    - There will be no `timeout` option on launch
+
+## Consequences
+- Runner admins have the ability to tie into the runner job execution to publish their own telemetry or perform their own cleanup or setup
+- New steps will be added to the UI showcasing the output of these hooks

docs/adrs/1891-container-hooks.md

@@ -0,0 +1,596 @@
+# ADR 0000: Container Hooks
+
+**Date**: 2022-05-12
+
+**Status**: Accepted
+
+# Background
+
+[Job Hooks](https://github.com/actions/runner/blob/main/docs/adrs/1751-runner-job-hooks.md) have given users the ability to customize how their self hosted runners run a job.
+Users also want the ability to customize how they run containers during the scope of the job, rather then being locked into the docker implementation we have in the runner. They may want to use podman, kubernetes, or even change the docker commands we run. 
+We should give them that option, and publish examples how how they can create their own hooks.
+
+# Guiding Principles
+- **Extensibility** is the focus, we need to make sure we are flexible enough to cover current and future scenarios, even at the cost of making it harder to utilize these hooks
+- Args should map **directly** to yaml values provided by the user. 
+  - For example, the current runner overrides `HOME`, we can do that in the hook, but we shouldn't pass that hook as an ENV with the other env's the user has set, as that is not user input, it is how the runner invokes containers
+
+## Interface
+- You will set the variable `ACTIONS_RUNNER_CONTAINER_HOOKS=/Users/foo/runner/hooks.js` which is the entrypoint to your hook handler.
+  - There is no partial opt in, you must handle every hook 
+- We will pass a command and some args via `stdin`
+- An exit code of 0 is a success, every other exit code is a failure
+- We will support the same runner commands we support in [Job Hooks](https://github.com/actions/runner/blob/main/docs/adrs/1751-runner-job-hooks.md)
+- On timeout, we will send a sigint to your process. If you fail to terminate within a reasonable amount of time, we will send a sigkill, and eventually kill the process tree.
+
+An example input looks like
+```json
+{
+  "command": "job_cleanup",
+  "responseFile": "/users/thboop/runner/_work/{guid}.json",
+  "args": {},
+  "state": 
+  {
+      "id": "82e8219701fe096a35941d869cf8d71af1d943b5d3bdd718850fb87ac3042480"
+  }
+}
+```
+
+`command` is the command we expect you to invoke
+`responseFile` is the file you need to write your output to, if the command has output
+`args` are the specific arguments the command needs
+`state` is a json blog you can pass around to maintain your state, this is covered in more details below.
+
+### Writing responses to a file
+All text written to stdout or stderr should appear in the job or step logs. With that in mind, we support a few ways to actually return data:
+1. Wrapping the json in some unique tag and processing it like we do commands
+2. Writing to a file
+
+For 1, users typically view logging information as a safe action, so we worry someone accidentialy logging unsantized information and causing unexpected or un-secure behavior. We eventually plan to move off of stdout/stderr style commands in favor of a runner cli. 
+Investing in this area doesn't make a lot of sense at this time.
+
+While writing to a file to communicate isn't the most ideal pattern, its an existing pattern in the runner and serves us well, so lets reuse it.
+
+### Output
+Your output must be correctly formatted json. An example output looks like:
+
+```
+{
+  "state": {},
+  "context"
+  {
+    "container" : 
+    {
+      "id": "82e8219701fe096a35941d869cf8d71af1d943b5d3bdd718850fb87ac3042480"
+      "network": "github_network_53269bd575974817b43f4733536b200c"
+    }
+    "services": {
+      "redis": {
+        "id": "60972d9aa486605e66b0dad4abb638dc3d9116f566579e418166eedb8abb9105",
+        "ports": {
+          "8080": "8080"
+        },
+      "network": "github_network_53269bd575974817b43f4733536b200c"
+    }
+  }
+  "alpine: true,
+}
+```
+
+`state` is a unique field any command can return. If it is not empty, we will store the state for you and pass it into all future commands. You can overwrite it by having the next hook invoked return a unique state.
+
+Other fields are dependent upon the command being run.
+
+### Versioning
+We will not version these hooks at launch. If needed, we can always major version split these hooks in the future. We will ship in Beta to allow for breaking changes for a few months.
+
+### The Job Context
+The [job context](https://docs.github.com/en/actions/learn-github-actions/contexts#example-contents-of-the-job-context) currently has a variety of fields that correspond to containers. We should consider allowing hooks to populate new fields in the job context. That is out of scope for this original release however.
+
+## Hooks
+Hooks are to be implemented at a very high level, and map to actions the runner does, rather then specific docker actions like `docker build` or `docker create`. By mapping to runner actions, we create a very extensible framework that is flexible enough to solve any user concerns in the future. By providing first party implementations, we give users easy starting points to customize specific hooks (like `docker build`) without having to write full blown solutions.
+
+The other would be to provide hooks that mirror every docker call we make, and expose more hooks to help support k8s users, with the expectation that users may have to no-op on multiple hooks if they don't correspond to our use case.
+
+Why we don't want to go that way
+- It feels clunky, users need to understand which hooks they need to implement and which they can ignore, which isn't a great UX
+- It doesn't scale well, I don't want to build a solution where we may need to add more hooks, by mapping to runner actions, updating hooks is a painful experience for users
+- Its overwhelming, its easier to tell users to build 4 hooks and track data themselves, rather then 16 hooks where the runner needs certain information and then needs to provide that information back into each hook. If we expose `Container Create`, you need to return the container you created, then we do `container run` which uses that container. If we just give you an image and say create and run this container, you don't need to store the container id in the runner, and it maps better to k8s scenarios where we don't really have container ids.
+
+### Prepare_job hook
+The `prepare_job` hook is called when a job is started. We pass in any job or service containers the job has. We expect that you:
+- Prune anything from previous jobs if needed
+- Create a network if needed
+- Pull the job and service containers
+- Start the job container
+- Start the service containers
+- Write to the response file some information we need
+  - Required: if the container is alpine, otherwise x64
+  - Optional: any context fields you want to set on the job context, otherwise they will be unavailable for users to use
+- Return 0 when the health checks have succeeded and the job/service containers are started
+
+This hook will **always** be called if you have container hooks enabled, even if no service or job containers exist in the job. This allows you to fail the job or implement a default job container if you want to and no job container has been provided.
+
+
+<details>
+<summary>Example Input</summary>
+<br>
+  
+```
+{
+  "command": "prepare_job",
+  "responseFile": "/users/thboop/runner/_work/{guid}.json",
+  "state": {},
+  "args": 
+  {
+    "jobContainer": {
+      "image": "node:14.16",
+      "workingDirectory": "/__w/thboop-test2/thboop-test2",
+      "createOptions": "--cpus 1",
+      "environmentVariables": {
+        "NODE_ENV": "development"
+      },
+      "userMountVolumes:[
+        {
+          "sourceVolumePath": "my_docker_volume",
+          "targetVolumePath": "/volume_mount",
+          "readOnly": false
+        },
+      ],
+      "mountVolumes": [
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work",
+          "targetVolumePath": "/__w",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/externals",
+          "targetVolumePath": "/__e",
+          "readOnly": true
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_temp",
+          "targetVolumePath": "/__w/_temp",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_actions",
+          "targetVolumePath": "/__w/_actions",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_tool",
+          "targetVolumePath": "/__w/_tool",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_temp/_github_home",
+          "targetVolumePath": "/github/home",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_temp/_github_workflow",
+          "targetVolumePath": "/github/workflow",
+          "readOnly": false
+        }
+      ],
+      "registry": {
+        "username": "foo",
+        "password": "bar",
+        "serverUrl": "https://index.docker.io/v1"
+      },
+      "portMappings": [ "8080:80/tcp", "8080:80/udp" ]
+    },
+    "services": [
+      {
+        "contextName": "redis",
+        "image": "redis",
+        "createOptions": "--cpus 1",
+        "environmentVariables": {},
+        "mountVolumes": [],
+        "portMappings": [ "8080:80/tcp", "8080:80/udp" ]
+        "registry": {
+          "username": "foo",
+          "password": "bar",
+          "serverUrl": "https://index.docker.io/v1"
+        }
+      }
+    ]
+  }
+}
+```
+
+</details>
+
+<details>
+<summary>Field Descriptions</summary>
+<br>
+
+```
+Arg Fields:
+
+jobContainer: **Optional** An Object containing information about the specified job container
+  "image": **Required** A string containing the docker image
+  "workingDirectory": **Required** A string containing the absolute path of the working directory
+  "createOptions": **Optional** The optional create options specified in the [YAML](https://docs.github.com/en/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)
+  "environmentVariables": **Optional** A map of key value env's to set
+  "userMountVolumes: ** Optional** an array of user mount volumes set in the [YAML](https://docs.github.com/en/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)
+    "sourceVolumePath": **Required** The source path to the volume to be mounted into the docker container
+    "targetVolumePath": **Required** The target path to the volume to be mounted into the docker container
+    "readOnly": false **Required** whether or not the mount should be read only
+  "mountVolumes": **Required** an array of mounts to mount into the container, same fields as above
+    "sourceVolumePath": **Required** The source path to the volume to be mounted into the docker container
+    "targetVolumePath": **Required** The target path to the volume to be mounted into the docker container
+    "readOnly": false **Required** whether or not the mount should be read only
+  "registry" **Optional** docker registry credentials to use when using a private container registry
+    "username": **Optional** the username
+    "password": **Optional** the password
+    "serverUrl": **Optional** the registry url
+  "portMappings": **Optional** an array of source:target ports to map into the container
+ 
+"services": an array of service containers to spin up
+  "contextName": **Required** the name of the service in the Job context
+  "image": **Required** A string containing the docker image
+  "createOptions": **Optional** The optional create options specified in the [YAML](https://docs.github.com/en/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)
+  "environmentVariables": **Optional** A map of key value env's to set
+  "mountVolumes": **Required** an array of mounts to mount into the container, same fields as above
+    "sourceVolumePath": **Required** The source path to the volume to be mounted into the docker container
+    "targetVolumePath": **Required** The target path to the volume to be mounted into the docker container
+    "readOnly": false **Required** whether or not the mount should be read only
+  "registry" **Optional** docker registry credentials to use when using a private container registry
+    "username": **Optional** the username
+    "password": **Optional** the password
+    "serverUrl": **Optional** the registry url
+  "portMappings": **Optional** an array of source:target ports to map into the container
+```
+
+</details>
+
+<details>
+<summary>Example Output</summary>
+<br>
+
+```
+{
+  "state": 
+  {
+    "network": "github_network_53269bd575974817b43f4733536b200c",
+    "jobContainer" : "82e8219701fe096a35941d869cf8d71af1d943b5d3bdd718850fb87ac3042480",
+    "serviceContainers": 
+    {
+      "redis": "60972d9aa486605e66b0dad4abb638dc3d9116f566579e418166eedb8abb9105"
+    }
+  },
+  "context"
+  {
+    "container" : 
+    {
+      "id": "82e8219701fe096a35941d869cf8d71af1d943b5d3bdd718850fb87ac3042480"
+      "network": "github_network_53269bd575974817b43f4733536b200c"
+    }
+    "services": {
+      "redis": {
+        "id": "60972d9aa486605e66b0dad4abb638dc3d9116f566579e418166eedb8abb9105",
+        "ports": {
+          "8080": "8080"
+        },
+      "network": "github_network_53269bd575974817b43f4733536b200c"
+    }
+  }
+  "alpine: true,
+}
+```
+
+</details>
+
+
+### Cleanup Job
+The `cleanup_job` hook is called at the end of a job and expects you to:
+- Stop any running service or job containers (or the equiavalent pod)
+- Stop the network (if one exists)
+- Delete any job or service containers (or the equiavalent pod)
+- Delete the network (if one exists)
+- Cleanup anything else that was created for the run
+
+Its input looks like
+
+<details>
+<summary>Example Input</summary>
+<br>
+
+```
+  "command": "cleanup_job",
+  "responseFile": null,
+  "state":
+  {
+    "network": "github_network_53269bd575974817b43f4733536b200c",
+    "jobContainer" : "82e8219701fe096a35941d869cf8d71af1d943b5d3bdd718850fb87ac3042480",
+    "serviceContainers": 
+    {
+      "redis": "60972d9aa486605e66b0dad4abb638dc3d9116f566579e418166eedb8abb9105"
+    }
+  }
+  "args": {}
+```
+  
+</details>
+
+No args are provided.
+  
+No output is expected.
+
+
+### Run Container Step
+The `run_container_step` is called once per container action in your job and expects you to:
+- Pull or build the required container (or fail if you cannot)
+- Run the container action and return the exit code of the container
+- Stream any step logs output to stdout and stderr
+- Cleanup the container after it executes
+
+<details>
+<summary>Example Input for Image</summary>
+<br>
+
+```
+  "command": "run_container_step",
+  "responseFile": null,
+  "state":
+  {
+    "network": "github_network_53269bd575974817b43f4733536b200c",
+    "jobContainer" : "82e8219701fe096a35941d869cf8d71af1d943b5d3bdd718850fb87ac3042480",
+    "serviceContainers": 
+    {
+      "redis": "60972d9aa486605e66b0dad4abb638dc3d9116f566579e418166eedb8abb9105"
+    }
+  }
+  "args":      
+  {
+      "image": "node:14.16",
+      "dockerfile": null,
+      "entryPointArgs": ["-f", "/dev/null"],
+      "entryPoint": "tail",
+      "workingDirectory": "/__w/thboop-test2/thboop-test2",
+      "createOptions": "--cpus 1",
+      "environmentVariables": {
+        "NODE_ENV": "development"
+      },
+      "prependPath":["/foo/bar", "bar/foo"]
+      "userMountVolumes:[
+        {
+          "sourceVolumePath": "my_docker_volume",
+          "targetVolumePath": "/volume_mount",
+          "readOnly": false
+        },
+      ],
+      "mountVolumes": [
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work",
+          "targetVolumePath": "/__w",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/externals",
+          "targetVolumePath": "/__e",
+          "readOnly": true
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_temp",
+          "targetVolumePath": "/__w/_temp",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_actions",
+          "targetVolumePath": "/__w/_actions",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_tool",
+          "targetVolumePath": "/__w/_tool",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_temp/_github_home",
+          "targetVolumePath": "/github/home",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_temp/_github_workflow",
+          "targetVolumePath": "/github/workflow",
+          "readOnly": false
+        }
+      ],
+      "registry": null,
+      "portMappings": { "80": "801" }
+    },
+```
+  
+</details>
+
+
+<details>
+<summary>Example Input for dockerfile</summary>
+<br>
+
+```
+  "command": "run_container_step",
+  "responseFile": null,
+  "state":
+  {
+    "network": "github_network_53269bd575974817b43f4733536b200c",
+    "jobContainer" : "82e8219701fe096a35941d869cf8d71af1d943b5d3bdd718850fb87ac3042480",
+    "services": 
+    {
+      "redis": "60972d9aa486605e66b0dad4abb638dc3d9116f566579e418166eedb8abb9105"
+    }
+  }
+  "args":      
+  {
+      "image": null,
+      "dockerfile": /__w/_actions/foo/dockerfile,
+      "entryPointArgs": ["hello world"],
+      "entryPoint": "echo",
+      "workingDirectory": "/__w/thboop-test2/thboop-test2",
+      "createOptions": "--cpus 1",
+      "environmentVariables": {
+        "NODE_ENV": "development"
+      },
+      "prependPath":["/foo/bar", "bar/foo"]
+      "userMountVolumes:[
+        {
+          "sourceVolumePath": "my_docker_volume",
+          "targetVolumePath": "/volume_mount",
+          "readOnly": false
+        },
+      ],      
+      "mountVolumes": [
+        {
+          "sourceVolumePath": "my_docker_volume",
+          "targetVolumePath": "/volume_mount",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work",
+          "targetVolumePath": "/__w",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/externals",
+          "targetVolumePath": "/__e",
+          "readOnly": true
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_temp",
+          "targetVolumePath": "/__w/_temp",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_actions",
+          "targetVolumePath": "/__w/_actions",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_tool",
+          "targetVolumePath": "/__w/_tool",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_temp/_github_home",
+          "targetVolumePath": "/github/home",
+          "readOnly": false
+        },
+        {
+          "sourceVolumePath": "/home/thomas/git/runner/_layout/_work/_temp/_github_workflow",
+          "targetVolumePath": "/github/workflow",
+          "readOnly": false
+        }
+      ],
+      "registry": null,
+      "portMappings": [ "8080:80/tcp", "8080:80/udp" ]
+    },
+  }
+```
+  
+</details>
+
+
+<details>
+<summary>Field Descriptions</summary>
+<br>
+
+```
+Arg Fields:
+
+
+"image": **Optional** A string containing the docker image. Otherwise a dockerfile must be provided
+"dockerfile": **Optional** A string containing the path to the dockerfile, otherwise an image must be provided
+"entryPointArgs": **Optional** A list containing the entry point args
+"entryPoint": **Optional** The container entry point to use if the default image entrypoint should be overwritten
+"workingDirectory": **Required** A string containing the absolute path of the working directory
+"createOptions": **Optional** The optional create options specified in the [YAML](https://docs.github.com/en/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)
+"environmentVariables": **Optional** A map of key value env's to set
+"prependPath": **Optional** an array of additional paths to prepend to the $PATH variable
+"userMountVolumes: ** Optional** an array of user mount volumes set in the [YAML](https://docs.github.com/en/actions/using-jobs/running-jobs-in-a-container#example-running-a-job-within-a-container)
+  "sourceVolumePath": **Required** The source path to the volume to be mounted into the docker container
+  "targetVolumePath": **Required** The target path to the volume to be mounted into the docker container
+  "readOnly": false **Required** whether or not the mount should be read only
+"mountVolumes": **Required** an array of mounts to mount into the container, same fields as above
+  "sourceVolumePath": **Required** The source path to the volume to be mounted into the docker container
+  "targetVolumePath": **Required** The target path to the volume to be mounted into the docker container
+  "readOnly": false **Required** whether or not the mount should be read only
+"registry" **Optional** docker registry credentials to use when using a private container registry
+  "username": **Optional** the username
+  "password": **Optional** the password
+  "serverUrl": **Optional** the registry url
+"portMappings": **Optional** an array of source:target ports to map into the container
+```
+  
+</details>
+
+No output is expected
+
+Currently we build all container actions at the start of the job. By doing it during the hook, we move this to just in time building for hooks. We could expose a hook to build/pull a container action, and have those called at the start of a job, but doing so would require hook authors to track the build containers in the state, which could be painful.
+
+### Run Script Step
+The `run_script_step` expects you to:
+- Invoke the provided script inside the job container and return the exit code
+- Stream any step log output to stdout and stderr
+
+<details>
+<summary>Example Input</summary>
+<br>
+
+
+```
+  "command": "run_script_step",
+  "responseFile": null,
+  "state":
+  {
+    "network": "github_network_53269bd575974817b43f4733536b200c",
+    "jobContainer" : "82e8219701fe096a35941d869cf8d71af1d943b5d3bdd718850fb87ac3042480",
+    "serviceContainers": 
+    {
+      "redis": "60972d9aa486605e66b0dad4abb638dc3d9116f566579e418166eedb8abb9105"
+    }
+  }
+  "args": 
+  {
+    "entryPointArgs": ["-e", "/runner/temp/abc123.sh"],
+    "entryPoint": "bash",
+    "environmentVariables": {
+      "NODE_ENV": "development"
+    },
+    "prependPath": ["/foo/bar", "bar/foo"],
+    "workingDirectory": "/__w/thboop-test2/thboop-test2"
+  }
+```
+  
+</details>
+
+<details>
+<summary>Field Descriptions</summary>
+<br>
+
+```
+Arg Fields:
+
+  
+"entryPointArgs": **Optional** A list containing the entry point args
+"entryPoint": **Optional** The container entry point to use if the default image entrypoint should be overwritten
+"prependPath": **Optional** an array of additional paths to prepend to the $PATH variable
+"workingDirectory": **Required** A string containing the absolute path of the working directory
+"environmentVariables": **Optional** A map of key value env's to set
+```
+
+</details>
+
+No output is expected
+
+
+## Limitations
+- We will only support linux on launch
+- Hooks are set by the runner admin, and thus are only supported on self hosted runners 
+
+## Consequences
+- We support non docker scenarios for self hosted runners and allow customers to customize their docker invocations
+- We ship/maintain docs on docker hooks and an open source repo with examples
+- We support these hooks and add enough telemetry to be able to troubleshoot support issues as they come in.

docs/checks/actions.md

@@ -15,7 +15,7 @@ Make sure the runner has access to actions service for GitHub.com or GitHub Ente
     ```
     curl -v https://api.github.com/api/v3/zen
     curl -v https://vstoken.actions.githubusercontent.com/_apis/health
-    curl -v https://pipelines.actions.githubusercontent/_apis/health
+    curl -v https://pipelines.actions.githubusercontent.com/_apis/health
     ```
 
 - For GitHub Enterprise Server
@@ -64,4 +64,4 @@ Make sure the runner has access to actions service for GitHub.com or GitHub Ente
   
 ## Still not working?
 
-Contact [GitHub Support](https://support.github.com] if you have further questuons, or log an issue at https://github.com/actions/runner if you think it's a runner issue.
+Contact [GitHub Support](https://support.github.com) if you have further questuons, or log an issue at https://github.com/actions/runner if you think it's a runner issue.

docs/checks/git.md

@@ -20,11 +20,30 @@ The test also set environment variable `GIT_TRACE=1` and `GIT_CURL_VERBOSE=1` be
 
 ## How to fix the issue?
 
-### 1. Check the common network issue
+### 1. Check global and system git config
+
+If you are having issues connecting to the server, check your global and system git config for any unexpected authentication headers. You might be seeing an error like:
+
+```
+fatal: unable to access 'https://github.com/actions/checkout/': The requested URL returned error: 400
+```
+
+The following commands can be used to check for unexpected authentication headers:
+
+```
+$ git config --global --list | grep extraheader
+http.extraheader=AUTHORIZATION: unexpected_auth_header
+
+$ git config --system --list | grep extraheader
+```
+
+The following command can be used to remove the above value: `git config --global --unset http.extraheader`
+
+### 2. Check the common network issue
   
   > Please check the [network doc](./network.md)
 
-### 2. SSL certificate related issue
+### 3. SSL certificate related issue
 
   If you are seeing `SSL Certificate problem:` in the log, it means the `git` can't connect to the GitHub server due to SSL handshake failure.
   > Please check the [SSL cert doc](./sslcert.md)

docs/contribute.md

@@ -27,6 +27,8 @@ An ADR is an Architectural Decision Record.  This allows consensus on the direct
 
 ![Win](res/win_sm.png) Visual Studio 2017 or newer [Install here](https://visualstudio.microsoft.com) (needed for dev sh script)
 
+![Win-arm](res/win_sm.png) Visual Studio 2022 17.3 Preview or later. [Install here](https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-preview)
+
 ## Quickstart: Run a job from a real repository
 
 If you just want to get from building the sourcecode to using it to execute an action, you will need:

docs/start/envlinux.md

@@ -34,7 +34,7 @@ The `installdependencies.sh` script should install all required dependencies on
 
 Debian based OS (Debian, Ubuntu, Linux Mint)
 
-- liblttng-ust0
+- liblttng-ust1 or liblttng-ust0
 - libkrb5-3
 - zlib1g
 - libssl1.1, libssl1.0.2 or libssl1.0.0

docs/start/envosx.md

@@ -5,12 +5,6 @@
 ## Supported Versions
 
   - macOS High Sierra (10.13) and later versions
-
-## Apple Silicon M1
-
-The runner is currently not supported on devices with an Apple M1 chip.  
-We are waiting for official .NET support. You can read more here about the [current state of support here](https://github.com/orgs/dotnet/projects/18#card-56812463).
-Current .NET project board about M1 support:
-https://github.com/orgs/dotnet/projects/18#card-56812463
+  - x64 and arm64 (Apple Silicon)
 
 ## [More .Net Core Prerequisites Information](https://docs.microsoft.com/en-us/dotnet/core/macos-prerequisites?tabs=netcore30)

releaseNote.md

@@ -1,12 +1,19 @@
 ## Features
-- Relaxed naming requirements for dockerfiles (e.g. `Dockerfile.test` can now be built) (#1738)
+- Displays the error logs in dedicated sub-sections of the Initialize containers section (#2182)
+- Add generateServiceConfig option for configure command (#2226)
+- Setting debug using GitHub Action variables (#2234)
+- run.sh installs SIGINT and SIGTERM traps to gracefully stop runner (#2233, 2240)
+
 
 ## Bugs
-- Fixed a bug where windows path separators were used in generated folders (#1617)
-- Fixed an issue where runner's invoked via `run.sh` or `run.cmd` did not properly restart after update (#1812). This fix applies to all future updates after installing this version
+- Use Global.Variables instead of JobContext and include action path/ref in the message. (#2214)
+- Sanitize Windows ENVs (#2280)
 
 ## Misc
-- Relaxed Actions Summary size limit to 1MiB (#1839)
+- Allow '--disableupdate' in create-latest-svc.sh (#2201)
+- Fix markup for support link (#2114)
+- Add runner devcontainer (#2187)
+- Setup linter for Runner (#2211, #2213, #2216)
 
 ## Windows x64
 We recommend configuring the runner in a root folder of the Windows drive (e.g. "C:\actions-runner"). This will help avoid issues related to service identity folder permissions and long file path restrictions on Windows.
@@ -22,7 +29,23 @@ Add-Type -AssemblyName System.IO.Compression.FileSystem ;
 [System.IO.Compression.ZipFile]::ExtractToDirectory("$PWD\actions-runner-win-x64-<RUNNER_VERSION>.zip", "$PWD")
 ```
 
-## OSX
+## [Pre-release] Windows arm64
+**Warning:** Windows arm64 runners are currently in preview status and use [unofficial versions of nodejs](https://unofficial-builds.nodejs.org/). They are not intended for production workflows.
+
+We recommend configuring the runner in a root folder of the Windows drive (e.g. "C:\actions-runner"). This will help avoid issues related to service identity folder permissions and long file path restrictions on Windows.
+
+The following snipped needs to be run on `powershell`:
+``` powershell
+# Create a folder under the drive root
+mkdir \actions-runner ; cd \actions-runner
+# Download the latest runner package
+Invoke-WebRequest -Uri https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-win-arm64-<RUNNER_VERSION>.zip -OutFile actions-runner-win-arm64-<RUNNER_VERSION>.zip
+# Extract the installer
+Add-Type -AssemblyName System.IO.Compression.FileSystem ;
+[System.IO.Compression.ZipFile]::ExtractToDirectory("$PWD\actions-runner-win-arm64-<RUNNER_VERSION>.zip", "$PWD")
+```
+
+## OSX x64
 
 ``` bash
 # Create a folder
@@ -33,6 +56,17 @@ curl -O -L https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>
 tar xzf ./actions-runner-osx-x64-<RUNNER_VERSION>.tar.gz
 ```
 
+## OSX arm64 (Apple silicon)
+
+``` bash
+# Create a folder
+mkdir actions-runner && cd actions-runner
+# Download the latest runner package
+curl -O -L https://github.com/actions/runner/releases/download/v<RUNNER_VERSION>/actions-runner-osx-arm64-<RUNNER_VERSION>.tar.gz
+# Extract the installer
+tar xzf ./actions-runner-osx-arm64-<RUNNER_VERSION>.tar.gz
+```
+
 ## Linux x64
 
 ``` bash
@@ -74,25 +108,33 @@ For additional details about configuring, running, or shutting down the runner p
 The SHA-256 checksums for the packages included in this build are shown below:
 
 - actions-runner-win-x64-<RUNNER_VERSION>.zip <!-- BEGIN SHA win-x64 --><WIN_X64_SHA><!-- END SHA win-x64 -->
+- actions-runner-win-arm64-<RUNNER_VERSION>.zip <!-- BEGIN SHA win-arm64 --><WIN_ARM64_SHA><!-- END SHA win-arm64 -->
 - actions-runner-osx-x64-<RUNNER_VERSION>.tar.gz <!-- BEGIN SHA osx-x64 --><OSX_X64_SHA><!-- END SHA osx-x64 -->
+- actions-runner-osx-arm64-<RUNNER_VERSION>.tar.gz <!-- BEGIN SHA osx-arm64 --><OSX_ARM64_SHA><!-- END SHA osx-arm64 -->
 - actions-runner-linux-x64-<RUNNER_VERSION>.tar.gz <!-- BEGIN SHA linux-x64 --><LINUX_X64_SHA><!-- END SHA linux-x64 -->
 - actions-runner-linux-arm64-<RUNNER_VERSION>.tar.gz <!-- BEGIN SHA linux-arm64 --><LINUX_ARM64_SHA><!-- END SHA linux-arm64 -->
 - actions-runner-linux-arm-<RUNNER_VERSION>.tar.gz <!-- BEGIN SHA linux-arm --><LINUX_ARM_SHA><!-- END SHA linux-arm -->
 
 - actions-runner-win-x64-<RUNNER_VERSION>-noexternals.zip <!-- BEGIN SHA win-x64_noexternals --><WIN_X64_SHA_NOEXTERNALS><!-- END SHA win-x64_noexternals -->
+- actions-runner-win-arm64-<RUNNER_VERSION>-noexternals.zip <!-- BEGIN SHA win-arm64_noexternals --><WIN_ARM64_SHA_NOEXTERNALS><!-- END SHA win-arm64_noexternals -->
 - actions-runner-osx-x64-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA osx-x64_noexternals --><OSX_X64_SHA_NOEXTERNALS><!-- END SHA osx-x64_noexternals -->
+- actions-runner-osx-arm64-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA osx-arm64_noexternals --><OSX_ARM64_SHA_NOEXTERNALS><!-- END SHA osx-arm64_noexternals -->
 - actions-runner-linux-x64-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA linux-x64_noexternals --><LINUX_X64_SHA_NOEXTERNALS><!-- END SHA linux-x64_noexternals -->
 - actions-runner-linux-arm64-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA linux-arm64_noexternals --><LINUX_ARM64_SHA_NOEXTERNALS><!-- END SHA linux-arm64_noexternals -->
 - actions-runner-linux-arm-<RUNNER_VERSION>-noexternals.tar.gz <!-- BEGIN SHA linux-arm_noexternals --><LINUX_ARM_SHA_NOEXTERNALS><!-- END SHA linux-arm_noexternals -->
 
 - actions-runner-win-x64-<RUNNER_VERSION>-noruntime.zip <!-- BEGIN SHA win-x64_noruntime --><WIN_X64_SHA_NORUNTIME><!-- END SHA win-x64_noruntime -->
+- actions-runner-win-arm64-<RUNNER_VERSION>-noruntime.zip <!-- BEGIN SHA win-arm64_noruntime --><WIN_ARM64_SHA_NORUNTIME><!-- END SHA win-arm64_noruntime -->
 - actions-runner-osx-x64-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA osx-x64_noruntime --><OSX_X64_SHA_NORUNTIME><!-- END SHA osx-x64_noruntime -->
+- actions-runner-osx-arm64-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA osx-arm64_noruntime --><OSX_ARM64_SHA_NORUNTIME><!-- END SHA osx-arm64_noruntime -->
 - actions-runner-linux-x64-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA linux-x64_noruntime --><LINUX_X64_SHA_NORUNTIME><!-- END SHA linux-x64_noruntime -->
 - actions-runner-linux-arm64-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA linux-arm64_noruntime --><LINUX_ARM64_SHA_NORUNTIME><!-- END SHA linux-arm64_noruntime -->
 - actions-runner-linux-arm-<RUNNER_VERSION>-noruntime.tar.gz <!-- BEGIN SHA linux-arm_noruntime --><LINUX_ARM_SHA_NORUNTIME><!-- END SHA linux-arm_noruntime -->
 
 - actions-runner-win-x64-<RUNNER_VERSION>-noruntime-noexternals.zip <!-- BEGIN SHA win-x64_noruntime_noexternals --><WIN_X64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA win-x64_noruntime_noexternals -->
+- actions-runner-win-arm64-<RUNNER_VERSION>-noruntime-noexternals.zip <!-- BEGIN SHA win-arm64_noruntime_noexternals --><WIN_ARM64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA win-arm64_noruntime_noexternals -->
 - actions-runner-osx-x64-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA osx-x64_noruntime_noexternals --><OSX_X64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA osx-x64_noruntime_noexternals -->
+- actions-runner-osx-arm64-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA osx-arm64_noruntime_noexternals --><OSX_ARM64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA osx-arm64_noruntime_noexternals -->
 - actions-runner-linux-x64-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA linux-x64_noruntime_noexternals --><LINUX_X64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA linux-x64_noruntime_noexternals -->
 - actions-runner-linux-arm64-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA linux-arm64_noruntime_noexternals --><LINUX_ARM64_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA linux-arm64_noruntime_noexternals -->
 - actions-runner-linux-arm-<RUNNER_VERSION>-noruntime-noexternals.tar.gz <!-- BEGIN SHA linux-arm_noruntime_noexternals --><LINUX_ARM_SHA_NORUNTIME_NOEXTERNALS><!-- END SHA linux-arm_noruntime_noexternals -->

releaseVersion

@@ -1 +1 @@
-<Update to ./src/runnerversion when creating release>
+2.299.2

scripts/create-latest-svc.sh

@@ -13,7 +13,7 @@ set -e
 
 flags_found=false
 
-while getopts 's:g:n:r:u:l:' opt; do
+while getopts 's:g:n:r:u:l:d' opt; do
     flags_found=true
 
     case $opt in
@@ -35,6 +35,9 @@ while getopts 's:g:n:r:u:l:' opt; do
     l)
         labels=$OPTARG
         ;;
+    d)
+        disableupdate='true'
+        ;;
     *)
         echo "
 Runner Service Installer
@@ -49,7 +52,8 @@ Usage:
     -n          optional  name of the runner, defaults to hostname
     -r          optional  name of the runner group to add the runner to, defaults to the Default group
     -u          optional  user svc will run as, defaults to current
-    -l          optional  list of labels (split by comma) applied on the runner"
+    -l          optional  list of labels (split by comma) applied on the runner
+    -d          optional  allow runner to remain on the current version for one month after the release of a newer version"
         exit 0
         ;;
     esac
@@ -169,8 +173,8 @@ fi
 
 echo
 echo "Configuring ${runner_name} @ $runner_url"
-echo "./config.sh --unattended --url $runner_url --token *** --name $runner_name ${labels:+--labels $labels} ${runner_group:+--runnergroup \"$runner_group\"}"
-sudo -E -u ${svc_user} ./config.sh --unattended --url $runner_url --token $RUNNER_TOKEN --name $runner_name ${labels:+--labels $labels} ${runner_group:+--runnergroup "$runner_group"}
+echo "./config.sh --unattended --url $runner_url --token *** --name $runner_name ${labels:+--labels $labels} ${runner_group:+--runnergroup \"$runner_group\"} ${disableupdate:+--disableupdate}"
+sudo -E -u ${svc_user} ./config.sh --unattended --url $runner_url --token $RUNNER_TOKEN --name $runner_name ${labels:+--labels $labels} ${runner_group:+--runnergroup "$runner_group"} ${disableupdate:+--disableupdate}
 
 #---------------------------------------
 # Configuring as a service

src/Directory.Build.props

@@ -24,10 +24,16 @@
   <PropertyGroup Condition="'$(BUILD_OS)' == 'Windows' AND '$(PackageRuntime)' == 'win-x86'">
     <DefineConstants>$(DefineConstants);X86</DefineConstants>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(BUILD_OS)' == 'Windows' AND '$(PackageRuntime)' == 'win-arm64'">
+    <DefineConstants>$(DefineConstants);ARM64</DefineConstants>
+  </PropertyGroup>
 
-  <PropertyGroup Condition="'$(BUILD_OS)' == 'OSX'">
+  <PropertyGroup Condition="'$(BUILD_OS)' == 'OSX' AND '$(PackageRuntime)' == 'osx-x64'">
     <DefineConstants>$(DefineConstants);X64</DefineConstants>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(BUILD_OS)' == 'OSX' AND '$(PackageRuntime)' == 'osx-arm64'">
+    <DefineConstants>$(DefineConstants);ARM64</DefineConstants>
+  </PropertyGroup>
 
   <PropertyGroup Condition="'$(BUILD_OS)' == 'Linux' AND ('$(PackageRuntime)' == 'linux-x64' OR '$(PackageRuntime)' == '')">
     <DefineConstants>$(DefineConstants);X64</DefineConstants>

src/Misc/contentHash/dotnetRuntime/linux-arm

@@ -1 +1 @@
-de62d296708908cfd1236e58869aebbc2bae8a8c3d629276968542626c508e37
+1d709d93e5d3c6c6c656a61aa6c1781050224788a05b0e6ecc4c3c0408bdf89c

src/Misc/contentHash/dotnetRuntime/linux-arm64

@@ -1 +1 @@
-44fcd0422dd98ed17d2c8e9057ff2260c50165f20674236a4ae7d2645a07df25
+b92a47cfeaad02255b1f7a377060651b73ae5e5db22a188dbbcb4183ab03a03d

src/Misc/contentHash/dotnetRuntime/linux-x64

@@ -1 +1 @@
-e57652cf322ee16ce3af4f9e58f80858746b9e1e60279e991a3b3d9a6baf8d79
+68a9a8ef0843a8bb74241894f6f63fd76241a82295c5337d3cc7a940a314c78e

src/Misc/contentHash/dotnetRuntime/osx-arm64

@@ -0,0 +1 @@
+02c7126ff4d63ee2a0ae390c81434c125630522aadf35903bbeebb1a99d8af99

src/Misc/contentHash/dotnetRuntime/osx-x64

@@ -1 +1 @@
-bdd247b2ff3f51095524412e2ac588e7a87af805e114d6caf2368366ee7be1ea
+c9d5a542f8d765168855a89e83ae0a8970d00869041c4f9a766651c04c72b212

src/Misc/contentHash/dotnetRuntime/win-arm64

@@ -0,0 +1 @@
+39d0683f0f115a211cb10c473e9574c16549a19d4e9a6c637ded3d7022bf809f

src/Misc/contentHash/dotnetRuntime/win-x64

@@ -1 +1 @@
-d23a0cb9f20c0aa1cddb7a39567cd097020cdeb06a1e952940601d1a405c53b8
+d94f2fbaf210297162bc9f3add819d73682c3aa6899e321c3872412b924d5504

src/Misc/contentHash/externals/osx-arm64

@@ -0,0 +1 @@
+cc4708962a80325de0baa5ae8484e0cb9ae976ac6a4178c1c0d448b8c52bd7f7

src/Misc/contentHash/externals/win-arm64

@@ -0,0 +1 @@
+e5dace2d41cc0682d096dcce4970079ad48ec7107e46195970eecfdb3df2acef

src/Misc/expressionFunc/hashFiles/README.md

@@ -1 +1,4 @@
-To update hashFiles under `Misc/layoutbin` run `npm install && npm run all`
+To compile this package (output will be stored in `Misc/layoutbin`) run `npm install && npm run all`.
+
+> Note: this package also needs to be recompiled for dependabot PRs updating one of
+> its dependencies.

src/Misc/expressionFunc/hashFiles/package-lock.json

@@ -22,9 +22,13 @@
       }
     },
     "node_modules/@actions/core": {
-      "version": "1.2.6",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz",
-      "integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA=="
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz",
+      "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==",
+      "dependencies": {
+        "@actions/http-client": "^2.0.1",
+        "uuid": "^8.3.2"
+      }
     },
     "node_modules/@actions/glob": {
       "version": "0.1.0",
@@ -35,6 +39,14 @@
         "minimatch": "^3.0.4"
       }
     },
+    "node_modules/@actions/http-client": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
+      "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
+      "dependencies": {
+        "tunnel": "^0.0.6"
+      }
+    },
     "node_modules/@eslint/eslintrc": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.2.1.tgz",
@@ -2381,6 +2393,14 @@
         "typescript": ">=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta"
       }
     },
+    "node_modules/tunnel": {
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
+      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
+      "engines": {
+        "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
+      }
+    },
     "node_modules/type-check": {
       "version": "0.4.0",
       "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz",
@@ -2442,6 +2462,14 @@
         "punycode": "^2.1.0"
       }
     },
+    "node_modules/uuid": {
+      "version": "8.3.2",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
+      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
+      "bin": {
+        "uuid": "dist/bin/uuid"
+      }
+    },
     "node_modules/v8-compile-cache": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.1.0.tgz",
@@ -2503,9 +2531,13 @@
   },
   "dependencies": {
     "@actions/core": {
-      "version": "1.2.6",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz",
-      "integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA=="
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz",
+      "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==",
+      "requires": {
+        "@actions/http-client": "^2.0.1",
+        "uuid": "^8.3.2"
+      }
     },
     "@actions/glob": {
       "version": "0.1.0",
@@ -2516,6 +2548,14 @@
         "minimatch": "^3.0.4"
       }
     },
+    "@actions/http-client": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
+      "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
+      "requires": {
+        "tunnel": "^0.0.6"
+      }
+    },
     "@eslint/eslintrc": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.2.1.tgz",
@@ -4189,6 +4229,11 @@
         "tslib": "^1.8.1"
       }
     },
+    "tunnel": {
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
+      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
+    },
     "type-check": {
       "version": "0.4.0",
       "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz",
@@ -4231,6 +4276,11 @@
         "punycode": "^2.1.0"
       }
     },
+    "uuid": {
+      "version": "8.3.2",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
+      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg=="
+    },
     "v8-compile-cache": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.1.0.tgz",

src/Misc/externals.sh

@@ -3,6 +3,7 @@ PACKAGERUNTIME=$1
 PRECACHE=$2
 
 NODE_URL=https://nodejs.org/dist
+UNOFFICIAL_NODE_URL=https://unofficial-builds.nodejs.org/download/release
 NODE12_VERSION="12.22.7"
 NODE16_VERSION="16.13.0"
 
@@ -134,12 +135,27 @@ if [[ "$PACKAGERUNTIME" == "win-x64" || "$PACKAGERUNTIME" == "win-x86" ]]; then
     fi
 fi
 
+# Download the external tools only for Windows.
+if [[ "$PACKAGERUNTIME" == "win-arm64" ]]; then
+    # todo: replace these with official release when available
+    acquireExternalTool "$UNOFFICIAL_NODE_URL/v${NODE16_VERSION}/$PACKAGERUNTIME/node.exe" node16/bin
+    acquireExternalTool "$UNOFFICIAL_NODE_URL/v${NODE16_VERSION}/$PACKAGERUNTIME/node.lib" node16/bin
+    if [[ "$PRECACHE" != "" ]]; then
+        acquireExternalTool "https://github.com/microsoft/vswhere/releases/download/2.6.7/vswhere.exe" vswhere
+    fi
+fi
+
 # Download the external tools only for OSX.
 if [[ "$PACKAGERUNTIME" == "osx-x64" ]]; then
     acquireExternalTool "$NODE_URL/v${NODE12_VERSION}/node-v${NODE12_VERSION}-darwin-x64.tar.gz" node12 fix_nested_dir
     acquireExternalTool "$NODE_URL/v${NODE16_VERSION}/node-v${NODE16_VERSION}-darwin-x64.tar.gz" node16 fix_nested_dir
 fi
 
+if [[ "$PACKAGERUNTIME" == "osx-arm64" ]]; then
+    # node.js v12 doesn't support macOS on arm64.
+    acquireExternalTool "$NODE_URL/v${NODE16_VERSION}/node-v${NODE16_VERSION}-darwin-arm64.tar.gz" node16 fix_nested_dir
+fi
+
 # Download the external tools for Linux PACKAGERUNTIMEs.
 if [[ "$PACKAGERUNTIME" == "linux-x64" ]]; then
     acquireExternalTool "$NODE_URL/v${NODE12_VERSION}/node-v${NODE12_VERSION}-linux-x64.tar.gz" node12 fix_nested_dir

src/Misc/layoutbin/installdependencies.sh

@@ -66,7 +66,7 @@ then
             fi
         fi
 
-        $apt_get update && $apt_get install -y liblttng-ust0 libkrb5-3 zlib1g
+        $apt_get update && $apt_get install -y libkrb5-3 zlib1g
         if [ $? -ne 0 ]
         then
             echo "'$apt_get' failed with exit code '$?'"
@@ -94,6 +94,14 @@ then
             fi
         }
 
+        apt_get_with_fallbacks liblttng-ust1 liblttng-ust0
+        if [ $? -ne 0 ]
+        then
+            echo "'$apt_get' failed with exit code '$?'"
+            print_errormessage
+            exit 1
+        fi
+
         apt_get_with_fallbacks libssl1.1$ libssl1.0.2$ libssl1.0.0$
         if [ $? -ne 0 ]
         then

src/Misc/layoutbin/update.cmd.template

@@ -120,6 +120,9 @@ if ERRORLEVEL 1 (
 
 echo [%date% %time%] Update succeed >> "%logfile%" 2>&1
 
+type nul > update.finished
+echo [%date% %time%] update.finished file creation succeed >> "%logfile%" 2>&1
+
 rem rename the update log file with %logfile%.succeed/.failed/succeedneedrestart
 rem runner service host can base on the log file name determin the result of the runner update
 echo [%date% %time%] Rename "%logfile%" to be "%logfile%.succeed" >> "%logfile%" 2>&1

src/Misc/layoutbin/update.sh.template

@@ -180,6 +180,9 @@ fi
 
 date "+[%F %T-%4N] Update succeed" >> "$logfile"
 
+touch update.finished
+date "+[%F %T-%4N] update.finished file creation succeed" >> "$logfile"
+
 # rename the update log file with %logfile%.succeed/.failed/succeedneedrestart
 # runner service host can base on the log file name determin the result of the runner update
 date "+[%F %T-%4N] Rename $logfile to be $logfile.succeed" >> "$logfile" 2>&1

src/Misc/layoutroot/run-helper.cmd.template

@@ -1,5 +1,5 @@
 @echo off
-
+SET UPDATEFILE=update.finished
 "%~dp0\bin\Runner.Listener.exe" run %*
 
 rem using `if %ERRORLEVEL% EQU N` insterad of `if ERRORLEVEL N`
@@ -22,16 +22,30 @@ if %ERRORLEVEL% EQU 2 (
 )
 
 if %ERRORLEVEL% EQU 3 (
-  rem Sleep 5 seconds to wait for the runner update process finish
-  echo "Runner listener exit because of updating, re-launch runner in 5 seconds"
-  ping 127.0.0.1 -n 6 -w 1000 >NUL
+  rem Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish
+  echo "Runner listener exit because of updating, re-launch runner after successful update"
+  FOR /L %%G IN (1,1,30) DO (
+    IF EXIST %UPDATEFILE% (
+      echo "Update finished successfully."
+      del %FILE%
+      exit /b 1
+    )
+    ping 127.0.0.1 -n 2 -w 1000 >NUL
+  )
   exit /b 1
 )
 
 if %ERRORLEVEL% EQU 4 (
-  rem Sleep 5 seconds to wait for the ephemeral runner update process finish
-  echo "Runner listener exit because of updating, re-launch ephemeral runner in 5 seconds"
-  ping 127.0.0.1 -n 6 -w 1000 >NUL
+  rem Wait for 30 seconds or for flag file to exists for the runner update process finish
+  echo "Runner listener exit because of updating, re-launch runner after successful update"
+  FOR /L %%G IN (1,1,30) DO (
+    IF EXIST %UPDATEFILE% (
+      echo "Update finished successfully."
+      del %FILE%
+      exit /b 1
+    )
+    ping 127.0.0.1 -n 2 -w 1000 >NUL
+  )
   exit /b 1
 )
 

src/Misc/layoutroot/run-helper.sh.template

@@ -17,6 +17,8 @@ while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symli
     [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
 done
 DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+updateFile="update.finished"
 "$DIR"/bin/Runner.Listener run $*
 
 returnCode=$?
@@ -31,14 +33,28 @@ elif [[ $returnCode == 2 ]]; then
     "$DIR"/safe_sleep.sh 5
     exit 2
 elif [[ $returnCode == 3 ]]; then
-    # Sleep 5 seconds to wait for the runner update process finish
-    echo "Runner listener exit because of updating, re-launch runner in 5 seconds"
-    "$DIR"/safe_sleep.sh 5
+    # Wait for 30 seconds or for flag file to exists for the runner update process finish
+    echo "Runner listener exit because of updating, re-launch runner after successful update"
+    for i in {0..30}; do
+        if test -f "$updateFile"; then
+            echo "Update finished successfully."
+            rm "$updateFile"
+            break
+        fi
+        "$DIR"/safe_sleep.sh 1
+    done
     exit 2
 elif [[ $returnCode == 4 ]]; then
-    # Sleep 5 seconds to wait for the ephemeral runner update process finish
-    echo "Runner listener exit because of updating, re-launch ephemeral runner in 5 seconds"
-    "$DIR"/safe_sleep.sh 5
+    # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish
+    echo "Runner listener exit because of updating, re-launch runner after successful update"
+    for i in {0..30}; do
+        if test -f "$updateFile"; then
+            echo "Update finished successfully."
+            rm "$updateFile"
+            break
+        fi
+        "$DIR"/safe_sleep.sh 1
+    done
     exit 2
 else
     echo "Exiting with unknown error code: ${returnCode}"

src/Misc/layoutroot/run.sh

@@ -9,16 +9,52 @@ while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symli
     [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
 done
 DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
-cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh
-# run the helper process which keep the listener alive
-while :;
-do
-    "$DIR"/run-helper.sh $*
-    returnCode=$?
-    if [[ $returnCode -eq 2 ]]; then
-        echo "Restarting runner..."
-    else
-        echo "Exiting runner..."
-        exit 0
-    fi
-done
+
+run() {
+    # run the helper process which keep the listener alive
+    while :;
+    do
+        cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh
+        "$DIR"/run-helper.sh $*
+        returnCode=$?
+        if [[ $returnCode -eq 2 ]]; then
+            echo "Restarting runner..."
+        else
+            echo "Exiting runner..."
+            exit 0
+        fi
+    done
+}
+
+runWithManualTrap() {
+    # Set job control
+    set -m
+
+    trap 'kill -INT -$PID' INT TERM
+
+    # run the helper process which keep the listener alive
+    while :;
+    do
+        cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh
+        "$DIR"/run-helper.sh $* &
+        PID=$!
+        wait -f $PID
+        returnCode=$?
+        if [[ $returnCode -eq 2 ]]; then
+            echo "Restarting runner..."
+        else
+            echo "Exiting runner..."
+            # Unregister signal handling before exit
+            trap - INT TERM
+            # wait for last parts to be logged
+            wait $PID
+            exit 0
+        fi
+    done
+}
+
+if [[ -z "$RUNNER_MANUALLY_TRAP_SIG" ]]; then
+    run $*
+else
+    runWithManualTrap $*
+fi

src/Misc/runnerdotnetruntimeassets

@@ -3,6 +3,7 @@ api-ms-win-core-console-l1-2-0.dll
 api-ms-win-core-datetime-l1-1-0.dll
 api-ms-win-core-debug-l1-1-0.dll
 api-ms-win-core-errorhandling-l1-1-0.dll
+api-ms-win-core-fibers-l1-1-0.dll
 api-ms-win-core-file-l1-1-0.dll
 api-ms-win-core-file-l1-2-0.dll
 api-ms-win-core-file-l2-1-0.dll
@@ -65,12 +66,14 @@ libmscordbi.dylib
 libmscordbi.so
 Microsoft.CSharp.dll
 Microsoft.DiaSymReader.Native.amd64.dll
+Microsoft.DiaSymReader.Native.arm64.dll
 Microsoft.VisualBasic.Core.dll
 Microsoft.VisualBasic.dll
 Microsoft.Win32.Primitives.dll
 Microsoft.Win32.Registry.dll
 mscordaccore.dll
-mscordaccore_amd64_amd64_6.0.21.52210.dll
+mscordaccore_amd64_amd64_6.0.522.21309.dll
+mscordaccore_arm64_arm64_6.0.522.21309.dll
 mscordbi.dll
 mscorlib.dll
 mscorrc.debug.dll
@@ -260,4 +263,4 @@ System.Xml.XmlSerializer.dll
 System.Xml.XPath.dll
 System.Xml.XPath.XDocument.dll
 ucrtbase.dll
-WindowsBase.dll
+WindowsBase.dll

src/Runner.Common/ActionCommand.cs

@@ -1,4 +1,3 @@
-using GitHub.Runner.Common.Util;
 using GitHub.Runner.Sdk;
 using System;
 using System.Collections.Generic;
@@ -32,7 +31,7 @@ namespace GitHub.Runner.Common
             new EscapeMapping(token: "%", replacement: "%25"),
         };
 
-        private readonly Dictionary<string, string> _properties = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+        private readonly Dictionary<string, string> _properties = new(StringComparer.OrdinalIgnoreCase);
         public const string Prefix = "##[";
         public const string _commandKey = "::";
 

src/Runner.Common/ActionResult.cs

@@ -1,5 +1,3 @@
-using System;
-
 namespace GitHub.Runner.Common
 {
     public enum ActionResult

src/Runner.Common/ActionsRunServer.cs

@@ -0,0 +1,51 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using GitHub.DistributedTask.Pipelines;
+using GitHub.DistributedTask.WebApi;
+using GitHub.Services.Common;
+using GitHub.Services.WebApi;
+
+namespace GitHub.Runner.Common
+{
+    [ServiceLocator(Default = typeof(ActionsRunServer))]
+    public interface IActionsRunServer : IRunnerService
+    {
+        Task ConnectAsync(Uri serverUrl, VssCredentials credentials);
+
+        Task<AgentJobRequestMessage> GetJobMessageAsync(string id, CancellationToken token);
+    }
+
+    public sealed class ActionsRunServer : RunnerService, IActionsRunServer
+    {
+        private bool _hasConnection;
+        private VssConnection _connection;
+        private TaskAgentHttpClient _taskAgentClient;
+
+        public async Task ConnectAsync(Uri serverUrl, VssCredentials credentials)
+        {
+            _connection = await EstablishVssConnection(serverUrl, credentials, TimeSpan.FromSeconds(100));
+            _taskAgentClient = _connection.GetClient<TaskAgentHttpClient>();
+            _hasConnection = true;
+        }
+
+        private void CheckConnection()
+        {
+            if (!_hasConnection)
+            {
+                throw new InvalidOperationException($"SetConnection");
+            }
+        }
+
+        public Task<AgentJobRequestMessage> GetJobMessageAsync(string id, CancellationToken cancellationToken)
+        {
+            CheckConnection();
+            var jobMessage = RetryRequest<AgentJobRequestMessage>(async () =>
+                                                    {
+                                                        return await _taskAgentClient.GetJobMessageAsync(id, cancellationToken);
+                                                    }, cancellationToken);
+
+            return jobMessage;
+        }
+    }
+}

src/Runner.Common/CommandLineParser.cs

@@ -1,4 +1,3 @@
-using GitHub.Runner.Common.Util;
 using System;
 using System.Collections.Generic;
 using GitHub.DistributedTask.Logging;

src/Runner.Common/ConfigurationStore.cs

@@ -1,4 +1,3 @@
-using GitHub.Runner.Common.Util;
 using GitHub.Runner.Sdk;
 using System;
 using System.IO;
@@ -75,17 +74,18 @@ namespace GitHub.Runner.Common
         {
             get
             {
-                Uri accountUri = new Uri(this.ServerUrl);
+                Uri accountUri = new(this.ServerUrl);
                 string repoOrOrgName = string.Empty;
 
-                if (accountUri.Host.EndsWith(".githubusercontent.com", StringComparison.OrdinalIgnoreCase))
+                if (accountUri.Host.EndsWith(".githubusercontent.com", StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(this.GitHubUrl))
                 {
-                    Uri gitHubUrl = new Uri(this.GitHubUrl);
+                    Uri gitHubUrl = new(this.GitHubUrl);
 
                     // Use the "NWO part" from the GitHub URL path
                     repoOrOrgName = gitHubUrl.AbsolutePath.Trim('/');
                 }
-                else
+
+                if (string.IsNullOrEmpty(repoOrOrgName))
                 {
                     repoOrOrgName = accountUri.AbsolutePath.Split('/', StringSplitOptions.RemoveEmptyEntries).FirstOrDefault();
                 }

src/Runner.Common/Constants.cs

@@ -77,7 +77,7 @@ namespace GitHub.Runner.Common
             public static readonly Architecture PlatformArchitecture = Architecture.X64;
 #elif ARM
             public static readonly Architecture PlatformArchitecture = Architecture.Arm;
-#elif ARM64            
+#elif ARM64
             public static readonly Architecture PlatformArchitecture = Architecture.Arm64;
 #endif
 
@@ -90,6 +90,7 @@ namespace GitHub.Runner.Common
                 public static class Args
                 {
                     public static readonly string Auth = "auth";
+                    public static readonly string JitConfig = "jitconfig";
                     public static readonly string Labels = "labels";
                     public static readonly string MonitorSocketAddress = "monitorsocketaddress";
                     public static readonly string Name = "name";
@@ -127,6 +128,7 @@ namespace GitHub.Runner.Common
                     public static readonly string Check = "check";
                     public static readonly string Commit = "commit";
                     public static readonly string Ephemeral = "ephemeral";
+                    public static readonly string GenerateServiceConfig = "generateServiceConfig";
                     public static readonly string Help = "help";
                     public static readonly string Replace = "replace";
                     public static readonly string DisableUpdate = "disableupdate";
@@ -151,16 +153,18 @@ namespace GitHub.Runner.Common
                 public static readonly string DiskSpaceWarning = "runner.diskspace.warning";
                 public static readonly string Node12Warning = "DistributedTask.AddWarningToNode12Action";
                 public static readonly string UseContainerPathForTemplate = "DistributedTask.UseContainerPathForTemplate";
+                public static readonly string AllowRunnerContainerHooks = "DistributedTask.AllowRunnerContainerHooks";
             }
 
             public static readonly string InternalTelemetryIssueDataKey = "_internal_telemetry";
             public static readonly string WorkerCrash = "WORKER_CRASH";
             public static readonly string LowDiskSpace = "LOW_DISK_SPACE";
             public static readonly string UnsupportedCommand = "UNSUPPORTED_COMMAND";
+            public static readonly string UnsupportedCommandMessage = "The `{0}` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/";
             public static readonly string UnsupportedCommandMessageDisabled = "The `{0}` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/";
             public static readonly string UnsupportedStopCommandTokenDisabled = "You cannot use a endToken that is an empty string, the string 'pause-logging', or another workflow command. For more information see: https://docs.github.com/actions/learn-github-actions/workflow-commands-for-github-actions#example-stopping-and-starting-workflow-commands or opt into insecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_STOPCOMMAND_TOKENS` environment variable to `true`.";
             public static readonly string UnsupportedSummarySize = "$GITHUB_STEP_SUMMARY upload aborted, supports content up to a size of {0}k, got {1}k. For more information see: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-markdown-summary";
-            public static readonly string Node12DetectedAfterEndOfLife = "Node.js 12 actions are deprecated. Please update the following actions to use Node.js 16: {0}";
+            public static readonly string Node12DetectedAfterEndOfLife = "Node.js 12 actions are deprecated. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/. Please update the following actions to use Node.js 16: {0}";
         }
 
         public static class RunnerEvent
@@ -196,6 +200,7 @@ namespace GitHub.Runner.Common
         {
             public static readonly string JobStartedStepName = "Set up runner";
             public static readonly string JobCompletedStepName = "Complete runner";
+            public static readonly string ContainerHooksPath = "ACTIONS_RUNNER_CONTAINER_HOOKS";
         }
 
         public static class Path
@@ -227,6 +232,7 @@ namespace GitHub.Runner.Common
                 //
                 public static readonly string AllowUnsupportedCommands = "ACTIONS_ALLOW_UNSECURE_COMMANDS";
                 public static readonly string AllowUnsupportedStopCommandTokens = "ACTIONS_ALLOW_UNSECURE_STOPCOMMAND_TOKENS";
+                public static readonly string RequireJobContainer = "ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER";
                 public static readonly string RunnerDebug = "ACTIONS_RUNNER_DEBUG";
                 public static readonly string StepDebug = "ACTIONS_STEP_DEBUG";
                 public static readonly string AllowActionsUseUnsecureNodeVersion = "ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION";
@@ -237,7 +243,8 @@ namespace GitHub.Runner.Common
                 public static readonly string ToolsDirectory = "agent.ToolsDirectory";
 
                 // Set this env var to "node12" to downgrade the node version for internal functions (e.g hashfiles). This does NOT affect the version of node actions.
-                public static readonly string ForcedInternalNodeVersion = "ACTIONS_RUNNER_FORCED_INTERNAL_NODE_VERSION"; 
+                public static readonly string ForcedInternalNodeVersion = "ACTIONS_RUNNER_FORCED_INTERNAL_NODE_VERSION";
+                public static readonly string ForcedActionsNodeVersion = "ACTIONS_RUNNER_FORCE_ACTIONS_NODE_VERSION";
             }
 
             public static class System
@@ -250,5 +257,12 @@ namespace GitHub.Runner.Common
                 public static readonly string PhaseDisplayName = "system.phaseDisplayName";
             }
         }
+
+        public static class OperatingSystem
+        {
+            public static readonly int Windows11BuildVersion = 22000;
+            // Both windows 10 and windows 11 share the same Major Version 10, need to use the build version to differentiate
+            public static readonly int Windows11MajorVersion = 10;
+        }
     }
 }

src/Runner.Common/ExtensionManager.cs

@@ -1,4 +1,3 @@
-using GitHub.Runner.Common.Util;
 using GitHub.Runner.Sdk;
 using System;
 using System.Collections.Concurrent;
@@ -15,7 +14,7 @@ namespace GitHub.Runner.Common
 
     public sealed class ExtensionManager : RunnerService, IExtensionManager
     {
-        private readonly ConcurrentDictionary<Type, List<IExtension>> _cache = new ConcurrentDictionary<Type, List<IExtension>>();
+        private readonly ConcurrentDictionary<Type, List<IExtension>> _cache = new();
 
         public List<T> GetExtensions<T>() where T : class, IExtension
         {
@@ -61,6 +60,8 @@ namespace GitHub.Runner.Common
                     Add<T>(extensions, "GitHub.Runner.Worker.AddPathFileCommand, Runner.Worker");
                     Add<T>(extensions, "GitHub.Runner.Worker.SetEnvFileCommand, Runner.Worker");
                     Add<T>(extensions, "GitHub.Runner.Worker.CreateStepSummaryCommand, Runner.Worker");
+                    Add<T>(extensions, "GitHub.Runner.Worker.SaveStateFileCommand, Runner.Worker");
+                    Add<T>(extensions, "GitHub.Runner.Worker.SetOutputFileCommand, Runner.Worker");
                     break;
                 case "GitHub.Runner.Listener.Check.ICheckExtension":
                     Add<T>(extensions, "GitHub.Runner.Listener.Check.InternetCheck, Runner.Listener");

src/Runner.Common/HostContext.cs

@@ -13,6 +13,7 @@ using System.Runtime.Loader;
 using System.Threading;
 using System.Threading.Tasks;
 using GitHub.DistributedTask.Logging;
+using GitHub.Runner.Common.Util;
 using GitHub.Runner.Sdk;
 
 namespace GitHub.Runner.Common
@@ -50,12 +51,12 @@ namespace GitHub.Runner.Common
         private static int _defaultLogRetentionDays = 30;
         private static int[] _vssHttpMethodEventIds = new int[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 24 };
         private static int[] _vssHttpCredentialEventIds = new int[] { 11, 13, 14, 15, 16, 17, 18, 20, 21, 22, 27, 29 };
-        private readonly ConcurrentDictionary<Type, object> _serviceInstances = new ConcurrentDictionary<Type, object>();
-        private readonly ConcurrentDictionary<Type, Type> _serviceTypes = new ConcurrentDictionary<Type, Type>();
+        private readonly ConcurrentDictionary<Type, object> _serviceInstances = new();
+        private readonly ConcurrentDictionary<Type, Type> _serviceTypes = new();
         private readonly ISecretMasker _secretMasker = new SecretMasker();
-        private readonly List<ProductInfoHeaderValue> _userAgents = new List<ProductInfoHeaderValue>() { new ProductInfoHeaderValue($"GitHubActionsRunner-{BuildConstants.RunnerPackage.PackageName}", BuildConstants.RunnerPackage.Version) };
-        private CancellationTokenSource _runnerShutdownTokenSource = new CancellationTokenSource();
-        private object _perfLock = new object();
+        private readonly List<ProductInfoHeaderValue> _userAgents = new() { new ProductInfoHeaderValue($"GitHubActionsRunner-{BuildConstants.RunnerPackage.PackageName}", BuildConstants.RunnerPackage.Version) };
+        private CancellationTokenSource _runnerShutdownTokenSource = new();
+        private object _perfLock = new();
         private Tracing _trace;
         private Tracing _actionsHttpTrace;
         private Tracing _netcoreHttpTrace;
@@ -65,7 +66,7 @@ namespace GitHub.Runner.Common
         private IDisposable _diagListenerSubscription;
         private StartupType _startupType;
         private string _perfFile;
-        private RunnerWebProxy _webProxy = new RunnerWebProxy();
+        private RunnerWebProxy _webProxy = new();
 
         public event EventHandler Unloading;
         public CancellationToken RunnerShutdownToken => _runnerShutdownTokenSource.Token;
@@ -641,6 +642,31 @@ namespace GitHub.Runner.Common
             var handlerFactory = context.GetService<IHttpClientHandlerFactory>();
             return handlerFactory.CreateClientHandler(context.WebProxy);
         }
+
+        public static string GetDefaultShellForScript(this IHostContext hostContext, string path, string prependPath)
+        {
+            var trace = hostContext.GetTrace(nameof(GetDefaultShellForScript));
+            switch (Path.GetExtension(path))
+            {
+                case ".sh":
+                    // use 'sh' args but prefer bash
+                    if (WhichUtil.Which("bash", false, trace, prependPath) != null)
+                    {
+                        return "bash";
+                    }
+                    return "sh";
+                case ".ps1":
+                    if (WhichUtil.Which("pwsh", false, trace, prependPath) != null)
+                    {
+                        return "pwsh";
+                    }
+                    return "powershell";
+                case ".js":
+                    return Path.Combine(hostContext.GetDirectory(WellKnownDirectory.Externals), NodeUtil.GetInternalNodeVersion(), "bin", $"node{IOUtil.ExeExtension}") + " {0}";
+                default:
+                    throw new ArgumentException($"{path} is not a valid path to a script. Make sure it ends in '.sh', '.ps1' or '.js'.");
+            }
+        }
     }
 
     public enum ShutdownReason

src/Runner.Common/HostTraceListener.cs

@@ -1,4 +1,3 @@
-using GitHub.Runner.Common.Util;
 using GitHub.Runner.Sdk;
 using System;
 using System.Diagnostics;
@@ -165,7 +164,7 @@ namespace GitHub.Runner.Common
         {
             if (_enableLogRetention)
             {
-                DirectoryInfo diags = new DirectoryInfo(_logFileDirectory);
+                DirectoryInfo diags = new(_logFileDirectory);
                 var logs = diags.GetFiles($"{_logFilePrefix}*.log");
                 foreach (var log in logs)
                 {

src/Runner.Common/JobNotification.cs

@@ -1,10 +1,7 @@
-using System;
-using System.IO;
-using System.IO.Pipes;
+using System;
 using System.Net;
 using System.Net.Sockets;
 using System.Text;
-using System.Threading;
 using System.Threading.Tasks;
 
 namespace GitHub.Runner.Common

src/Runner.Common/JobServer.cs

@@ -1,4 +1,3 @@
-using GitHub.DistributedTask.WebApi;
 using System;
 using System.Collections.Generic;
 using System.IO;
@@ -9,11 +8,11 @@ using System.Net.WebSockets;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
+using GitHub.DistributedTask.WebApi;
 using GitHub.Runner.Sdk;
 using GitHub.Services.Common;
 using GitHub.Services.WebApi;
 using GitHub.Services.WebApi.Utilities.Internal;
-using Newtonsoft.Json;
 
 namespace GitHub.Runner.Common
 {
@@ -140,8 +139,8 @@ namespace GitHub.Runner.Common
 
         public void InitializeWebsocketClient(ServiceEndpoint serviceEndpoint)
         {
-             this._serviceEndpoint = serviceEndpoint;
-             InitializeWebsocketClient(TimeSpan.Zero);
+            this._serviceEndpoint = serviceEndpoint;
+            InitializeWebsocketClient(TimeSpan.Zero);
         }
 
         public ValueTask DisposeAsync()
@@ -163,9 +162,9 @@ namespace GitHub.Runner.Common
 
         private void InitializeWebsocketClient(TimeSpan delay)
         {
-             if (_serviceEndpoint.Authorization != null &&
-                 _serviceEndpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.AccessToken, out var accessToken) &&
-                 !string.IsNullOrEmpty(accessToken))
+            if (_serviceEndpoint.Authorization != null &&
+                _serviceEndpoint.Authorization.Parameters.TryGetValue(EndpointAuthorizationParameters.AccessToken, out var accessToken) &&
+                !string.IsNullOrEmpty(accessToken))
             {
                 if (_serviceEndpoint.Data.TryGetValue("FeedStreamUrl", out var feedStreamUrl) && !string.IsNullOrEmpty(feedStreamUrl))
                 {
@@ -177,7 +176,7 @@ namespace GitHub.Runner.Common
                     var userAgentValues = new List<ProductInfoHeaderValue>();
                     userAgentValues.AddRange(UserAgentUtility.GetDefaultRestUserAgent());
                     userAgentValues.AddRange(HostContext.UserAgents);
-                    this._websocketClient.Options.SetRequestHeader("User-Agent", string.Join(" ", userAgentValues.Select(x=>x.ToString())));
+                    this._websocketClient.Options.SetRequestHeader("User-Agent", string.Join(" ", userAgentValues.Select(x => x.ToString())));
 
                     this._websocketConnectTask = ConnectWebSocketClient(feedStreamUrl, delay);
                 }
@@ -201,7 +200,7 @@ namespace GitHub.Runner.Common
                 await this._websocketClient.ConnectAsync(new Uri(feedStreamUrl), default(CancellationToken));
                 Trace.Info($"Successfully started websocket client.");
             }
-            catch(Exception ex)
+            catch (Exception ex)
             {
                 Trace.Info("Exception caught during websocket client connect, fallback of HTTP would be used now instead of websocket.");
                 Trace.Error(ex);
@@ -231,7 +230,7 @@ namespace GitHub.Runner.Common
             // ...in other words, if websocket client is null, we will skip sending to websocket and just use rest api calls to send data
             if (_websocketClient != null)
             {
-                var linesWrapper =  startLine.HasValue? new TimelineRecordFeedLinesWrapper(stepId, lines, startLine.Value):  new TimelineRecordFeedLinesWrapper(stepId, lines);
+                var linesWrapper = startLine.HasValue ? new TimelineRecordFeedLinesWrapper(stepId, lines, startLine.Value) : new TimelineRecordFeedLinesWrapper(stepId, lines);
                 var jsonData = StringUtil.ConvertToJson(linesWrapper);
                 try
                 {
@@ -242,7 +241,7 @@ namespace GitHub.Runner.Common
                     {
                         var lastChunk = i + (1 * 1024) >= jsonDataBytes.Length;
                         var chunk = new ArraySegment<byte>(jsonDataBytes, i, Math.Min(1 * 1024, jsonDataBytes.Length - i));
-                        await _websocketClient.SendAsync(chunk, WebSocketMessageType.Text, endOfMessage:lastChunk, cancellationToken);
+                        await _websocketClient.SendAsync(chunk, WebSocketMessageType.Text, endOfMessage: lastChunk, cancellationToken);
                     }
 
                     pushedLinesViaWebsocket = true;
@@ -274,7 +273,7 @@ namespace GitHub.Runner.Common
                 }
             }
 
-            if (!pushedLinesViaWebsocket)
+            if (!pushedLinesViaWebsocket && !cancellationToken.IsCancellationRequested)
             {
                 if (startLine.HasValue)
                 {

src/Runner.Common/JobServerQueue.cs

@@ -39,19 +39,19 @@ namespace GitHub.Runner.Common
         private Guid _jobTimelineRecordId;
 
         // queue for web console line
-        private readonly ConcurrentQueue<ConsoleLineInfo> _webConsoleLineQueue = new ConcurrentQueue<ConsoleLineInfo>();
+        private readonly ConcurrentQueue<ConsoleLineInfo> _webConsoleLineQueue = new();
 
         // queue for file upload (log file or attachment)
-        private readonly ConcurrentQueue<UploadFileInfo> _fileUploadQueue = new ConcurrentQueue<UploadFileInfo>();
+        private readonly ConcurrentQueue<UploadFileInfo> _fileUploadQueue = new();
 
         // queue for timeline or timeline record update (one queue per timeline)
-        private readonly ConcurrentDictionary<Guid, ConcurrentQueue<TimelineRecord>> _timelineUpdateQueue = new ConcurrentDictionary<Guid, ConcurrentQueue<TimelineRecord>>();
+        private readonly ConcurrentDictionary<Guid, ConcurrentQueue<TimelineRecord>> _timelineUpdateQueue = new();
 
         // indicate how many timelines we have, we will process _timelineUpdateQueue base on the order of timeline in this list
-        private readonly List<Guid> _allTimelines = new List<Guid>();
+        private readonly List<Guid> _allTimelines = new();
 
         // bufferd timeline records that fail to update
-        private readonly Dictionary<Guid, List<TimelineRecord>> _bufferedRetryRecords = new Dictionary<Guid, List<TimelineRecord>>();
+        private readonly Dictionary<Guid, List<TimelineRecord>> _bufferedRetryRecords = new();
 
         // Task for each queue's dequeue process
         private Task _webConsoleLineDequeueTask;
@@ -61,8 +61,8 @@ namespace GitHub.Runner.Common
         // common
         private IJobServer _jobServer;
         private Task[] _allDequeueTasks;
-        private readonly TaskCompletionSource<int> _jobCompletionSource = new TaskCompletionSource<int>();
-        private readonly TaskCompletionSource<int> _jobRecordUpdated = new TaskCompletionSource<int>();
+        private readonly TaskCompletionSource<int> _jobCompletionSource = new();
+        private readonly TaskCompletionSource<int> _jobRecordUpdated = new();
         private bool _queueInProcess = false;
 
         public TaskCompletionSource<int> JobRecordUpdated => _jobRecordUpdated;
@@ -237,8 +237,8 @@ namespace GitHub.Runner.Common
                 }
 
                 // Group consolelines by timeline record of each step
-                Dictionary<Guid, List<TimelineRecordLogLine>> stepsConsoleLines = new Dictionary<Guid, List<TimelineRecordLogLine>>();
-                List<Guid> stepRecordIds = new List<Guid>(); // We need to keep lines in order
+                Dictionary<Guid, List<TimelineRecordLogLine>> stepsConsoleLines = new();
+                List<Guid> stepRecordIds = new(); // We need to keep lines in order
                 int linesCounter = 0;
                 ConsoleLineInfo lineInfo;
                 while (_webConsoleLineQueue.TryDequeue(out lineInfo))
@@ -264,7 +264,7 @@ namespace GitHub.Runner.Common
                 {
                     // Split consolelines into batch, each batch will container at most 100 lines.
                     int batchCounter = 0;
-                    List<List<TimelineRecordLogLine>> batchedLines = new List<List<TimelineRecordLogLine>>();
+                    List<List<TimelineRecordLogLine>> batchedLines = new();
                     foreach (var line in stepsConsoleLines[stepRecordId])
                     {
                         var currentBatch = batchedLines.ElementAtOrDefault(batchCounter);
@@ -299,7 +299,11 @@ namespace GitHub.Runner.Common
                         {
                             try
                             {
-                                await _jobServer.AppendTimelineRecordFeedAsync(_scopeIdentifier, _hubName, _planId, _jobTimelineId, _jobTimelineRecordId, stepRecordId, batch.Select(logLine => logLine.Line).ToList(), batch[0].LineNumber, default(CancellationToken));
+                                // Give at most 60s for each request. 
+                                using (var timeoutTokenSource = new CancellationTokenSource(TimeSpan.FromSeconds(60)))
+                                {
+                                    await _jobServer.AppendTimelineRecordFeedAsync(_scopeIdentifier, _hubName, _planId, _jobTimelineId, _jobTimelineRecordId, stepRecordId, batch.Select(logLine => logLine.Line).ToList(), batch[0].LineNumber, timeoutTokenSource.Token);
+                                }
 
                                 if (_firstConsoleOutputs)
                                 {
@@ -334,7 +338,7 @@ namespace GitHub.Runner.Common
         {
             while (!_jobCompletionSource.Task.IsCompleted || runOnce)
             {
-                List<UploadFileInfo> filesToUpload = new List<UploadFileInfo>();
+                List<UploadFileInfo> filesToUpload = new();
                 UploadFileInfo dequeueFile;
                 while (_fileUploadQueue.TryDequeue(out dequeueFile))
                 {
@@ -394,13 +398,13 @@ namespace GitHub.Runner.Common
         {
             while (!_jobCompletionSource.Task.IsCompleted || runOnce)
             {
-                List<PendingTimelineRecord> pendingUpdates = new List<PendingTimelineRecord>();
+                List<PendingTimelineRecord> pendingUpdates = new();
                 foreach (var timeline in _allTimelines)
                 {
                     ConcurrentQueue<TimelineRecord> recordQueue;
                     if (_timelineUpdateQueue.TryGetValue(timeline, out recordQueue))
                     {
-                        List<TimelineRecord> records = new List<TimelineRecord>();
+                        List<TimelineRecord> records = new();
                         TimelineRecord record;
                         while (recordQueue.TryDequeue(out record))
                         {
@@ -422,7 +426,7 @@ namespace GitHub.Runner.Common
                 // we need track whether we have new sub-timeline been created on the last run.
                 // if so, we need continue update timeline record even we on the last run.
                 bool pendingSubtimelineUpdate = false;
-                List<Exception> mainTimelineRecordsUpdateErrors = new List<Exception>();
+                List<Exception> mainTimelineRecordsUpdateErrors = new();
                 if (pendingUpdates.Count > 0)
                 {
                     foreach (var update in pendingUpdates)
@@ -525,7 +529,7 @@ namespace GitHub.Runner.Common
                 return timelineRecords;
             }
 
-            Dictionary<Guid, TimelineRecord> dict = new Dictionary<Guid, TimelineRecord>();
+            Dictionary<Guid, TimelineRecord> dict = new();
             foreach (TimelineRecord rec in timelineRecords)
             {
                 if (rec == null)

src/Runner.Common/JobStatusEventArgs.cs

@@ -0,0 +1,14 @@
+using System;
+using GitHub.DistributedTask.WebApi;
+
+namespace GitHub.Runner.Common
+{
+    public class JobStatusEventArgs : EventArgs
+    {
+        public JobStatusEventArgs(TaskAgentStatus status)
+        {
+            this.Status = status;
+        }
+        public TaskAgentStatus Status { get; private set; }
+    }
+}

src/Runner.Common/Logging.cs

@@ -1,4 +1,3 @@
-using GitHub.Runner.Common.Util;
 using System;
 using System.IO;
 

src/Runner.Common/ProcessChannel.cs

@@ -76,7 +76,7 @@ namespace GitHub.Runner.Common
 
         public async Task<WorkerMessage> ReceiveAsync(CancellationToken cancellationToken)
         {
-            WorkerMessage result = new WorkerMessage(MessageType.NotInitialized, string.Empty);
+            WorkerMessage result = new(MessageType.NotInitialized, string.Empty);
             result.MessageType = (MessageType)await _readStream.ReadInt32Async(cancellationToken);
             result.Body = await _readStream.ReadStringAsync(cancellationToken);
             Trace.Info($"Receiving message of length {result.Body.Length}, with hash '{IOUtil.GetSha256Hash(result.Body)}'");

src/Runner.Common/ProcessExtensions.cs

@@ -291,7 +291,7 @@ namespace GitHub.Runner.Common
         public static string GetEnvironmentVariable(this Process process, IHostContext hostContext, string variable)
         {
             var trace = hostContext.GetTrace(nameof(LinuxProcessExtensions));
-            Dictionary<string, string> env = new Dictionary<string, string>();
+            Dictionary<string, string> env = new();
 
             if (Directory.Exists("/proc"))
             {
@@ -322,8 +322,8 @@ namespace GitHub.Runner.Common
                 // It doesn't escape '=' or ' ', so we can't parse the output into a dictionary of all envs.
                 // So we only look for the env you request, in the format of variable=value. (it won't work if you variable contains = or space)
                 trace.Info($"Read env from output of `ps e -p {process.Id} -o command`");
-                List<string> psOut = new List<string>();
-                object outputLock = new object();
+                List<string> psOut = new();
+                object outputLock = new();
                 using (var p = hostContext.CreateService<IProcessInvoker>())
                 {
                     p.OutputDataReceived += delegate (object sender, ProcessDataReceivedEventArgs stdout)

src/Runner.Common/ProcessInvoker.cs

@@ -1,4 +1,4 @@
-using GitHub.Runner.Common.Util;
+using GitHub.Runner.Common.Util;
 using GitHub.Runner.Sdk;
 using System;
 using System.Collections.Generic;

src/Runner.Common/RunServer.cs

@@ -0,0 +1,59 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using GitHub.DistributedTask.Pipelines;
+using GitHub.DistributedTask.WebApi;
+using GitHub.Runner.Sdk;
+using GitHub.Services.Common;
+using GitHub.Services.WebApi;
+using Sdk.WebApi.WebApi.RawClient;
+
+namespace GitHub.Runner.Common
+{
+    [ServiceLocator(Default = typeof(RunServer))]
+    public interface IRunServer : IRunnerService
+    {
+        Task ConnectAsync(Uri serverUrl, VssCredentials credentials);
+
+        Task<AgentJobRequestMessage> GetJobMessageAsync(string id, CancellationToken token);
+    }
+
+    public sealed class RunServer : RunnerService, IRunServer
+    {
+        private bool _hasConnection;
+        private Uri requestUri;
+        private RawConnection _connection;
+        private RunServiceHttpClient _runServiceHttpClient;
+
+        public async Task ConnectAsync(Uri serverUri, VssCredentials credentials)
+        {
+            requestUri = serverUri;
+
+            _connection = VssUtil.CreateRawConnection(new Uri(serverUri.Authority), credentials);
+            _runServiceHttpClient = await _connection.GetClientAsync<RunServiceHttpClient>();
+            _hasConnection = true;
+        }
+
+        private void CheckConnection()
+        {
+            if (!_hasConnection)
+            {
+                throw new InvalidOperationException($"SetConnection");
+            }
+        }
+
+        public Task<AgentJobRequestMessage> GetJobMessageAsync(string id, CancellationToken cancellationToken)
+        {
+            CheckConnection();
+            var jobMessage = RetryRequest<AgentJobRequestMessage>(
+                async () => await _runServiceHttpClient.GetJobMessageAsync(requestUri, id, cancellationToken), cancellationToken);
+            if (jobMessage == null)
+            {
+                throw new TaskOrchestrationJobNotFoundException(id);
+            }
+
+            return jobMessage;
+        }
+
+    }
+}

src/Runner.Common/Runner.Common.csproj

@@ -3,7 +3,7 @@
   <PropertyGroup>
     <TargetFramework>net6.0</TargetFramework>
     <OutputType>Library</OutputType>
-    <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64</RuntimeIdentifiers>
+    <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64;osx-arm64;win-arm64</RuntimeIdentifiers>
     <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
     <NoWarn>NU1701;NU1603</NoWarn>
     <Version>$(Version)</Version>
@@ -16,7 +16,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Win32.Registry" Version="4.4.0" />
-    <PackageReference Include="Newtonsoft.Json" Version="11.0.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="4.4.0" />
     <PackageReference Include="System.Text.Encoding.CodePages" Version="4.4.0" />
     <PackageReference Include="System.Threading.Channels" Version="4.4.0" />

src/Runner.Common/RunnerServer.cs

@@ -1,9 +1,8 @@
-using GitHub.DistributedTask.WebApi;
+using GitHub.DistributedTask.WebApi;
 using System;
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
-using GitHub.Runner.Common.Util;
 using GitHub.Services.WebApi;
 using GitHub.Services.Common;
 using GitHub.Runner.Sdk;
@@ -39,7 +38,7 @@ namespace GitHub.Runner.Common
         Task<TaskAgentSession> CreateAgentSessionAsync(Int32 poolId, TaskAgentSession session, CancellationToken cancellationToken);
         Task DeleteAgentMessageAsync(Int32 poolId, Int64 messageId, Guid sessionId, CancellationToken cancellationToken);
         Task DeleteAgentSessionAsync(Int32 poolId, Guid sessionId, CancellationToken cancellationToken);
-        Task<TaskAgentMessage> GetAgentMessageAsync(Int32 poolId, Guid sessionId, Int64? lastMessageId, CancellationToken cancellationToken);
+        Task<TaskAgentMessage> GetAgentMessageAsync(Int32 poolId, Guid sessionId, Int64? lastMessageId, TaskAgentStatus status, CancellationToken cancellationToken);
 
         // job request
         Task<TaskAgentJobRequest> GetAgentRequestAsync(int poolId, long requestId, CancellationToken cancellationToken);
@@ -180,31 +179,6 @@ namespace GitHub.Runner.Common
             }
         }
 
-        private async Task<VssConnection> EstablishVssConnection(Uri serverUrl, VssCredentials credentials, TimeSpan timeout)
-        {
-            Trace.Info($"Establish connection with {timeout.TotalSeconds} seconds timeout.");
-            int attemptCount = 5;
-            while (attemptCount-- > 0)
-            {
-                var connection = VssUtil.CreateConnection(serverUrl, credentials, timeout: timeout);
-                try
-                {
-                    await connection.ConnectAsync();
-                    return connection;
-                }
-                catch (Exception ex) when (attemptCount > 0)
-                {
-                    Trace.Info($"Catch exception during connect. {attemptCount} attempt left.");
-                    Trace.Error(ex);
-
-                    await HostContext.Delay(TimeSpan.FromMilliseconds(100), CancellationToken.None);
-                }
-            }
-
-            // should never reach here.
-            throw new InvalidOperationException(nameof(EstablishVssConnection));
-        }
-
         private void CheckConnection(RunnerConnectionType connectionType)
         {
             switch (connectionType)
@@ -298,10 +272,10 @@ namespace GitHub.Runner.Common
             return _messageTaskAgentClient.DeleteAgentSessionAsync(poolId, sessionId, cancellationToken: cancellationToken);
         }
 
-        public Task<TaskAgentMessage> GetAgentMessageAsync(Int32 poolId, Guid sessionId, Int64? lastMessageId, CancellationToken cancellationToken)
+        public Task<TaskAgentMessage> GetAgentMessageAsync(Int32 poolId, Guid sessionId, Int64? lastMessageId, TaskAgentStatus status, CancellationToken cancellationToken)
         {
             CheckConnection(RunnerConnectionType.MessageQueue);
-            return _messageTaskAgentClient.GetMessageAsync(poolId, sessionId, lastMessageId, cancellationToken: cancellationToken);
+            return _messageTaskAgentClient.GetMessageAsync(poolId, sessionId, lastMessageId, status, cancellationToken: cancellationToken);
         }
 
         //-----------------------------------------------------------------

src/Runner.Common/RunnerService.cs

@@ -1,4 +1,10 @@
 using System;
+using System.Threading;
+using System.Threading.Tasks;
+using GitHub.Runner.Sdk;
+using GitHub.Services.Common;
+using GitHub.Services.WebApi;
+using Sdk.WebApi.WebApi.RawClient;
 
 namespace GitHub.Runner.Common
 {
@@ -21,9 +27,9 @@ namespace GitHub.Runner.Common
         protected IHostContext HostContext { get; private set; }
         protected Tracing Trace { get; private set; }
 
-        public string TraceName 
+        public string TraceName
         {
-            get 
+            get
             {
                 return GetType().Name;
             }
@@ -35,5 +41,57 @@ namespace GitHub.Runner.Common
             Trace = HostContext.GetTrace(TraceName);
             Trace.Entering();
         }
+
+        protected async Task<VssConnection> EstablishVssConnection(Uri serverUrl, VssCredentials credentials, TimeSpan timeout)
+        {
+            Trace.Info($"EstablishVssConnection");
+            Trace.Info($"Establish connection with {timeout.TotalSeconds} seconds timeout.");
+            int attemptCount = 5;
+            while (attemptCount-- > 0)
+            {
+                var connection = VssUtil.CreateConnection(serverUrl, credentials, timeout: timeout);
+                try
+                {
+                    await connection.ConnectAsync();
+                    return connection;
+                }
+                catch (Exception ex) when (attemptCount > 0)
+                {
+                    Trace.Info($"Catch exception during connect. {attemptCount} attempt left.");
+                    Trace.Error(ex);
+
+                    await HostContext.Delay(TimeSpan.FromMilliseconds(100), CancellationToken.None);
+                }
+            }
+
+            // should never reach here.
+            throw new InvalidOperationException(nameof(EstablishVssConnection));
+        }
+
+        protected async Task<T> RetryRequest<T>(Func<Task<T>> func,
+            CancellationToken cancellationToken,
+            int maxRetryAttemptsCount = 5
+        )
+        {
+            var retryCount = 0;
+            while (true)
+            {
+                retryCount++;
+                cancellationToken.ThrowIfCancellationRequested();
+                try
+                {
+                    return await func();
+                }
+                // TODO: Add handling of non-retriable exceptions: https://github.com/github/actions-broker/issues/122
+                catch (Exception ex) when (retryCount < maxRetryAttemptsCount)
+                {
+                    Trace.Error("Catch exception during get full job message");
+                    Trace.Error(ex);
+                    var backOff = BackoffTimerHelper.GetRandomBackoff(TimeSpan.FromSeconds(5), TimeSpan.FromSeconds(15));
+                    Trace.Warning($"Back off {backOff.TotalSeconds} seconds before next retry. {maxRetryAttemptsCount - retryCount} attempt left.");
+                    await Task.Delay(backOff, cancellationToken);
+                }
+            }
+        }
     }
 }

src/Runner.Common/Terminal.cs

@@ -81,7 +81,7 @@ namespace GitHub.Runner.Common
             }
 
             // Trace whether a value was entered.
-            string val = new String(chars.ToArray());
+            string val = new(chars.ToArray());
             if (!string.IsNullOrEmpty(val))
             {
                 HostContext.SecretMasker.AddValue(val);

src/Runner.Common/ThrottlingReportHandler.cs

@@ -1,10 +1,9 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http;
 using System.Threading;
 using System.Threading.Tasks;
-using GitHub.Runner.Common.Util;
 using GitHub.Runner.Sdk;
 using GitHub.Services.Common.Internal;
 

src/Runner.Common/TraceManager.cs

@@ -1,4 +1,3 @@
-using GitHub.Runner.Common.Util;
 using System;
 using System.Collections.Concurrent;
 using System.Diagnostics;
@@ -15,7 +14,7 @@ namespace GitHub.Runner.Common
 
     public sealed class TraceManager : ITraceManager
     {
-        private readonly ConcurrentDictionary<string, Tracing> _sources = new ConcurrentDictionary<string, Tracing>(StringComparer.OrdinalIgnoreCase);
+        private readonly ConcurrentDictionary<string, Tracing> _sources = new(StringComparer.OrdinalIgnoreCase);
         private readonly HostTraceListener _hostTraceListener;
         private TraceSetting _traceSetting;
         private ISecretMasker _secretMasker;

src/Runner.Common/Tracing.cs

@@ -1,5 +1,3 @@
-
-using GitHub.Runner.Common.Util;
 using Newtonsoft.Json;
 using System;
 using System.Diagnostics;

src/Runner.Common/Util/NodeUtil.cs

@@ -6,11 +6,23 @@ namespace GitHub.Runner.Common.Util
     public static class NodeUtil
     {
         private const string _defaultNodeVersion = "node16";
-        public static readonly ReadOnlyCollection<string> BuiltInNodeVersions = new(new[] {"node12", "node16"});
+
+#if (OS_OSX || OS_WINDOWS) && ARM64
+        public static readonly ReadOnlyCollection<string> BuiltInNodeVersions = new(new[] { "node16" });
+#else
+        public static readonly ReadOnlyCollection<string> BuiltInNodeVersions = new(new[] { "node12", "node16" });
+#endif
+
         public static string GetInternalNodeVersion()
         {
-            var forcedNodeVersion = Environment.GetEnvironmentVariable(Constants.Variables.Agent.ForcedInternalNodeVersion);
-            return !string.IsNullOrEmpty(forcedNodeVersion) && BuiltInNodeVersions.Contains(forcedNodeVersion) ? forcedNodeVersion : _defaultNodeVersion;
+            var forcedInternalNodeVersion = Environment.GetEnvironmentVariable(Constants.Variables.Agent.ForcedInternalNodeVersion);
+            var isForcedInternalNodeVersion = !string.IsNullOrEmpty(forcedInternalNodeVersion) && BuiltInNodeVersions.Contains(forcedInternalNodeVersion);
+
+            if (isForcedInternalNodeVersion)
+            {
+                return forcedInternalNodeVersion;
+            }
+            return _defaultNodeVersion;
         }
     }
 }

src/Runner.Common/Util/VarUtil.cs

@@ -1,7 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using GitHub.Runner.Sdk;
+using System;
 
 namespace GitHub.Runner.Common.Util
 {

src/Runner.Listener/Checks/CheckUtil.cs

@@ -347,8 +347,8 @@ namespace GitHub.Runner.Listener.Check
     public sealed class HttpEventSourceListener : EventListener
     {
         private readonly List<string> _logs;
-        private readonly object _lock = new object();
-        private readonly Dictionary<string, HashSet<string>> _ignoredEvent = new Dictionary<string, HashSet<string>>
+        private readonly object _lock = new();
+        private readonly Dictionary<string, HashSet<string>> _ignoredEvent = new()
         {
             {
                 "Microsoft-System-Net-Http",

src/Runner.Listener/Checks/GitCheck.cs

@@ -2,7 +2,6 @@ using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
-using System.Net;
 using System.Threading;
 using System.Threading.Tasks;
 using GitHub.Runner.Common;
@@ -168,4 +167,4 @@ namespace GitHub.Runner.Listener.Check
             return result;
         }
     }
-}
+}

src/Runner.Listener/Checks/NodeJsCheck.cs

@@ -2,7 +2,6 @@ using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
-using System.Net;
 using System.Threading;
 using System.Threading.Tasks;
 using GitHub.Runner.Common;
@@ -87,7 +86,7 @@ namespace GitHub.Runner.Listener.Check
                 result.Logs.Add($"{DateTime.UtcNow.ToString("O")} ***************************************************************************************************************");
 
                 // Request to github.com or ghes server
-                Uri requestUrl = new Uri(url);
+                Uri requestUrl = new(url);
                 var env = new Dictionary<string, string>()
                 {
                     { "HOSTNAME", requestUrl.Host },
@@ -179,4 +178,4 @@ namespace GitHub.Runner.Listener.Check
             return result;
         }
     }
-}
+}

src/Runner.Listener/CommandSettings.cs

@@ -4,7 +4,6 @@ using System;
 using System.Collections;
 using System.Collections.Generic;
 using System.Linq;
-using GitHub.DistributedTask.Logging;
 using GitHub.Runner.Common;
 using GitHub.Runner.Sdk;
 
@@ -12,7 +11,7 @@ namespace GitHub.Runner.Listener
 {
     public sealed class CommandSettings
     {
-        private readonly Dictionary<string, string> _envArgs = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+        private readonly Dictionary<string, string> _envArgs = new(StringComparer.OrdinalIgnoreCase);
         private readonly CommandLineParser _parser;
         private readonly IPromptManager _promptManager;
         private readonly Tracing _trace;
@@ -27,7 +26,7 @@ namespace GitHub.Runner.Listener
         };
 
         // Valid flags and args for specific command - key: command, value: array of valid flags and args
-        private readonly Dictionary<string, string[]> validOptions = new Dictionary<string, string[]>
+        private readonly Dictionary<string, string[]> validOptions = new()
         {
             // Valid configure flags and args
             [Constants.Runner.CommandLine.Commands.Configure] = 
@@ -35,6 +34,7 @@ namespace GitHub.Runner.Listener
                 {
                     Constants.Runner.CommandLine.Flags.DisableUpdate,
                     Constants.Runner.CommandLine.Flags.Ephemeral,
+                    Constants.Runner.CommandLine.Flags.GenerateServiceConfig,
                     Constants.Runner.CommandLine.Flags.Replace,
                     Constants.Runner.CommandLine.Flags.RunAsService,
                     Constants.Runner.CommandLine.Flags.Unattended,
@@ -63,6 +63,7 @@ namespace GitHub.Runner.Listener
                 new string[]
                 {
                     Constants.Runner.CommandLine.Flags.Once,
+                    Constants.Runner.CommandLine.Args.JitConfig,
                     Constants.Runner.CommandLine.Args.StartupType
                 },
             // valid warmup flags and args
@@ -79,11 +80,12 @@ namespace GitHub.Runner.Listener
         // Flags.
         public bool Check => TestFlag(Constants.Runner.CommandLine.Flags.Check);
         public bool Commit => TestFlag(Constants.Runner.CommandLine.Flags.Commit);
+        public bool DisableUpdate => TestFlag(Constants.Runner.CommandLine.Flags.DisableUpdate);
+        public bool Ephemeral => TestFlag(Constants.Runner.CommandLine.Flags.Ephemeral);
+        public bool GenerateServiceConfig => TestFlag(Constants.Runner.CommandLine.Flags.GenerateServiceConfig);
         public bool Help => TestFlag(Constants.Runner.CommandLine.Flags.Help);
         public bool Unattended => TestFlag(Constants.Runner.CommandLine.Flags.Unattended);
         public bool Version => TestFlag(Constants.Runner.CommandLine.Flags.Version);
-        public bool Ephemeral => TestFlag(Constants.Runner.CommandLine.Flags.Ephemeral);
-        public bool DisableUpdate => TestFlag(Constants.Runner.CommandLine.Flags.DisableUpdate);
 
         // Keep this around since customers still relies on it
         public bool RunOnce => TestFlag(Constants.Runner.CommandLine.Flags.Once);
@@ -137,7 +139,7 @@ namespace GitHub.Runner.Listener
         // Validate commandline parser result
         public List<string> Validate()
         {
-            List<string> unknowns = new List<string>();
+            List<string> unknowns = new();
 
             // detect unknown commands
             unknowns.AddRange(_parser.Commands.Where(x => !validOptions.Keys.Contains(x, StringComparer.OrdinalIgnoreCase)));
@@ -213,6 +215,12 @@ namespace GitHub.Runner.Listener
                 validator: Validators.AuthSchemeValidator);
         }
 
+        public string GetJitConfig()
+        {
+            return GetArg(
+                name: Constants.Runner.CommandLine.Args.JitConfig);
+        }
+
         public string GetRunnerName()
         {
             return GetArgOrPrompt(

src/Runner.Listener/Configuration/ConfigurationManager.cs

@@ -3,6 +3,7 @@ using GitHub.Runner.Common;
 using GitHub.Runner.Common.Util;
 using GitHub.Runner.Sdk;
 using GitHub.Services.Common;
+using GitHub.Services.Common.Internal;
 using GitHub.Services.OAuth;
 using System;
 using System.Collections.Generic;
@@ -80,12 +81,33 @@ namespace GitHub.Runner.Listener.Configuration
             _term.WriteLine("--------------------------------------------------------------------------------");
 
             Trace.Info(nameof(ConfigureAsync));
+
+            if (command.GenerateServiceConfig)
+            {
+#if OS_LINUX
+                if (!IsConfigured())
+                {
+                    throw new InvalidOperationException("--generateServiceConfig requires that the runner is already configured. For configuring a new runner as a service, run './config.sh'.");
+                }
+
+                RunnerSettings settings = _store.GetSettings();
+
+                Trace.Info($"generate service config for runner: {settings.AgentId}");
+                var controlManager = HostContext.GetService<ILinuxServiceControlManager>();
+                controlManager.GenerateScripts(settings);
+
+                return;
+#else
+                throw new NotSupportedException("--generateServiceConfig is only supported on Linux.");
+#endif
+            }
+
             if (IsConfigured())
             {
                 throw new InvalidOperationException("Cannot configure the runner because it is already configured. To reconfigure the runner, run 'config.cmd remove' or './config.sh remove' first.");
             }
 
-            RunnerSettings runnerSettings = new RunnerSettings();
+            RunnerSettings runnerSettings = new();
 
             // Loop getting url and creds until you can connect
             ICredentialProvider credProvider = null;
@@ -128,7 +150,7 @@ namespace GitHub.Runner.Listener.Configuration
                         // Example githubServerUrl is https://my-ghes
                         var actionsServerUrl = new Uri(runnerSettings.ServerUrl);
                         var githubServerUrl = new Uri(runnerSettings.GitHubUrl);
-                        if (!string.Equals(actionsServerUrl.Authority, githubServerUrl.Authority, StringComparison.OrdinalIgnoreCase))
+                        if (!UriUtility.IsSubdomainOf(actionsServerUrl.Authority, githubServerUrl.Authority))
                         {
                             throw new InvalidOperationException($"GitHub Actions is not properly configured in GHES. GHES url: {runnerSettings.GitHubUrl}, Actions url: {runnerSettings.ServerUrl}.");
                         }
@@ -520,7 +542,7 @@ namespace GitHub.Runner.Listener.Configuration
 
         private TaskAgent CreateNewAgent(string agentName, RSAParameters publicKey, ISet<string> userLabels, bool ephemeral, bool disableUpdate)
         {
-            TaskAgent agent = new TaskAgent(agentName)
+            TaskAgent agent = new(agentName)
             {
                 Authorization = new TaskAgentAuthorization
                 {

src/Runner.Listener/Configuration/CredentialManager.cs

@@ -18,7 +18,7 @@ namespace GitHub.Runner.Listener.Configuration
 
     public class CredentialManager : RunnerService, ICredentialManager
     {
-        public static readonly Dictionary<string, Type> CredentialTypes = new Dictionary<string, Type>(StringComparer.OrdinalIgnoreCase)
+        public static readonly Dictionary<string, Type> CredentialTypes = new(StringComparer.OrdinalIgnoreCase)
         {
             { Constants.Configuration.OAuth, typeof(OAuthCredential)},
             { Constants.Configuration.OAuthAccessToken, typeof(OAuthAccessTokenCredential)},

src/Runner.Listener/Configuration/CredentialProvider.cs

@@ -48,7 +48,7 @@ namespace GitHub.Runner.Listener.Configuration
             ArgUtil.NotNullOrEmpty(token, nameof(token));
 
             trace.Info("token retrieved: {0} chars", token.Length);
-            VssCredentials creds = new VssCredentials(new VssOAuthAccessTokenCredential(token), CredentialPromptType.DoNotPrompt);
+            VssCredentials creds = new(new VssOAuthAccessTokenCredential(token), CredentialPromptType.DoNotPrompt);
             trace.Info("cred created");
 
             return creds;

src/Runner.Listener/Configuration/PromptManager.cs

@@ -1,5 +1,4 @@
 using GitHub.Runner.Common;
-using GitHub.Runner.Common.Util;
 using GitHub.Runner.Sdk;
 using System;
 
@@ -72,7 +71,7 @@ namespace GitHub.Runner.Listener.Configuration
                 {
                     return defaultValue;
                 }
-                else if (isOptional) 
+                else if (isOptional)
                 {
                     return string.Empty;
                 }
@@ -87,11 +86,12 @@ namespace GitHub.Runner.Listener.Configuration
                 // Write the message prompt.
                 _terminal.Write($"{description} ");
 
-                if(!string.IsNullOrEmpty(defaultValue))
+                if (!string.IsNullOrEmpty(defaultValue))
                 {
                     _terminal.Write($"[press Enter for {defaultValue}] ");
                 }
-                else if (isOptional){
+                else if (isOptional)
+                {
                     _terminal.Write($"[press Enter to skip] ");
                 }
 
@@ -112,7 +112,7 @@ namespace GitHub.Runner.Listener.Configuration
                         return string.Empty;
                     }
                 }
-                
+
                 // Return the value if it is not empty and it is valid.
                 // Otherwise try the loop again.
                 if (!string.IsNullOrEmpty(value))

src/Runner.Listener/Configuration/RSAFileKeyManager.cs

@@ -3,7 +3,6 @@ using System;
 using System.IO;
 using System.Security.Cryptography;
 using System.Threading;
-using GitHub.Runner.Common.Util;
 using GitHub.Runner.Common;
 using GitHub.Runner.Sdk;
 

src/Runner.Listener/Configuration/ServiceControlManager.cs

@@ -44,7 +44,7 @@ namespace GitHub.Runner.Listener.Configuration
             }
 
             // For the service name, replace any characters outside of the alpha-numeric set and ".", "_", "-" with "-"
-            Regex regex = new Regex(@"[^0-9a-zA-Z._\-]");
+            Regex regex = new(@"[^0-9a-zA-Z._\-]");
             string repoOrOrgName = regex.Replace(settings.RepoOrOrgName, "-");
 
             serviceName = StringUtil.Format(serviceNamePattern, repoOrOrgName, settings.AgentName);

src/Runner.Listener/Configuration/SystemdControlManager.cs

@@ -1,4 +1,4 @@
-#if OS_LINUX
+#if OS_LINUX
 using System;
 using System.Collections.Generic;
 using System.IO;
@@ -6,7 +6,6 @@ using System.Linq;
 using System.Text;
 using GitHub.Runner.Common.Util;
 using GitHub.Runner.Common;
-using GitHub.Runner.Sdk;
 
 namespace GitHub.Runner.Listener.Configuration
 {

src/Runner.Listener/JobDispatcher.cs

@@ -27,6 +27,7 @@ namespace GitHub.Runner.Listener
         bool Cancel(JobCancelMessage message);
         Task WaitAsync(CancellationToken token);
         Task ShutdownAsync();
+        event EventHandler<JobStatusEventArgs> JobStatus;
     }
 
     // This implementation of IJobDispatcher is not thread safe.
@@ -36,8 +37,8 @@ namespace GitHub.Runner.Listener
     // and the server will not send another job while this one is still running.
     public sealed class JobDispatcher : RunnerService, IJobDispatcher
     {
-        private static Regex _invalidJsonRegex = new Regex(@"invalid\ Json\ at\ position\ '(\d+)':", RegexOptions.Compiled | RegexOptions.IgnoreCase);
-        private readonly Lazy<Dictionary<long, TaskResult>> _localRunJobResult = new Lazy<Dictionary<long, TaskResult>>();
+        private static Regex _invalidJsonRegex = new(@"invalid\ Json\ at\ position\ '(\d+)':", RegexOptions.Compiled | RegexOptions.IgnoreCase);
+        private readonly Lazy<Dictionary<long, TaskResult>> _localRunJobResult = new();
         private int _poolId;
 
         IConfigurationStore _configurationStore;
@@ -46,14 +47,16 @@ namespace GitHub.Runner.Listener
         private static readonly string _workerProcessName = $"Runner.Worker{IOUtil.ExeExtension}";
 
         // this is not thread-safe
-        private readonly Queue<Guid> _jobDispatchedQueue = new Queue<Guid>();
-        private readonly ConcurrentDictionary<Guid, WorkerDispatcher> _jobInfos = new ConcurrentDictionary<Guid, WorkerDispatcher>();
+        private readonly Queue<Guid> _jobDispatchedQueue = new();
+        private readonly ConcurrentDictionary<Guid, WorkerDispatcher> _jobInfos = new();
 
         // allow up to 30sec for any data to be transmitted over the process channel
         // timeout limit can be overwritten by environment GITHUB_ACTIONS_RUNNER_CHANNEL_TIMEOUT
         private TimeSpan _channelTimeout;
 
-        private TaskCompletionSource<bool> _runOnceJobCompleted = new TaskCompletionSource<bool>();
+        private TaskCompletionSource<bool> _runOnceJobCompleted = new();
+
+        public event EventHandler<JobStatusEventArgs> JobStatus;
 
         public override void Initialize(IHostContext hostContext)
         {
@@ -108,7 +111,7 @@ namespace GitHub.Runner.Listener
                 }
             }
 
-            WorkerDispatcher newDispatch = new WorkerDispatcher(jobRequestMessage.JobId, jobRequestMessage.RequestId);
+            WorkerDispatcher newDispatch = new(jobRequestMessage.JobId, jobRequestMessage.RequestId);
             if (runOnce)
             {
                 Trace.Info("Start dispatcher for one time used runner.");
@@ -335,6 +338,11 @@ namespace GitHub.Runner.Listener
             Busy = true;
             try
             {
+                if (JobStatus != null)
+                {
+                    JobStatus(this, new JobStatusEventArgs(TaskAgentStatus.Busy));
+                }
+
                 if (previousJobDispatch != null)
                 {
                     Trace.Verbose($"Make sure the previous job request {previousJobDispatch.JobId} has successfully finished on worker.");
@@ -349,7 +357,7 @@ namespace GitHub.Runner.Listener
                 term.WriteLine($"{DateTime.UtcNow:u}: Running job: {message.JobDisplayName}");
 
                 // first job request renew succeed.
-                TaskCompletionSource<int> firstJobRequestRenewed = new TaskCompletionSource<int>();
+                TaskCompletionSource<int> firstJobRequestRenewed = new();
                 var notification = HostContext.GetService<IJobNotification>();
 
                 // lock renew cancellation token.
@@ -390,8 +398,8 @@ namespace GitHub.Runner.Listener
                     HostContext.WritePerfCounter($"JobRequestRenewed_{requestId.ToString()}");
 
                     Task<int> workerProcessTask = null;
-                    object _outputLock = new object();
-                    List<string> workerOutput = new List<string>();
+                    object _outputLock = new();
+                    List<string> workerOutput = new();
                     using (var processChannel = HostContext.CreateService<IProcessChannel>())
                     using (var processInvoker = HostContext.CreateService<IProcessInvoker>())
                     {
@@ -650,6 +658,11 @@ namespace GitHub.Runner.Listener
             finally
             {
                 Busy = false;
+                
+                if (JobStatus != null)
+                {
+                    JobStatus(this, new JobStatusEventArgs(TaskAgentStatus.Online));
+                }
             }
         }
 
@@ -923,7 +936,7 @@ namespace GitHub.Runner.Listener
 
             var runnerServer = HostContext.GetService<IRunnerServer>();
             int completeJobRequestRetryLimit = 5;
-            List<Exception> exceptions = new List<Exception>();
+            List<Exception> exceptions = new();
             while (completeJobRequestRetryLimit-- > 0)
             {
                 try
@@ -1026,7 +1039,7 @@ namespace GitHub.Runner.Listener
             public Task WorkerDispatch { get; set; }
             public CancellationTokenSource WorkerCancellationTokenSource { get; private set; }
             public CancellationTokenSource WorkerCancelTimeoutKillTokenSource { get; private set; }
-            private readonly object _lock = new object();
+            private readonly object _lock = new();
 
             public WorkerDispatcher(Guid jobId, long requestId)
             {

src/Runner.Listener/MessageListener.cs

@@ -23,6 +23,7 @@ namespace GitHub.Runner.Listener
         Task DeleteSessionAsync();
         Task<TaskAgentMessage> GetNextMessageAsync(CancellationToken token);
         Task DeleteMessageAsync(TaskAgentMessage message);
+        void OnJobStatus(object sender, JobStatusEventArgs e);
     }
 
     public sealed class MessageListener : RunnerService, IMessageListener
@@ -37,7 +38,9 @@ namespace GitHub.Runner.Listener
         private readonly TimeSpan _sessionCreationRetryInterval = TimeSpan.FromSeconds(30);
         private readonly TimeSpan _sessionConflictRetryLimit = TimeSpan.FromMinutes(4);
         private readonly TimeSpan _clockSkewRetryLimit = TimeSpan.FromMinutes(30);
-        private readonly Dictionary<string, int> _sessionCreationExceptionTracker = new Dictionary<string, int>();
+        private readonly Dictionary<string, int> _sessionCreationExceptionTracker = new();
+        private TaskAgentStatus runnerStatus = TaskAgentStatus.Online;
+        private CancellationTokenSource _getMessagesTokenSource;
 
         public override void Initialize(IHostContext hostContext)
         {
@@ -170,6 +173,23 @@ namespace GitHub.Runner.Listener
             }
         }
 
+        public void OnJobStatus(object sender, JobStatusEventArgs e)
+        {
+            if (StringUtil.ConvertToBoolean(Environment.GetEnvironmentVariable("USE_BROKER_FLOW")))
+            {
+                Trace.Info("Received job status event. JobState: {0}", e.Status);
+                runnerStatus = e.Status;
+                try
+                {
+                    _getMessagesTokenSource?.Cancel();
+                } 
+                catch (ObjectDisposedException)
+                {
+                    Trace.Info("_getMessagesTokenSource is already disposed.");
+                }
+            }
+        }
+
         public async Task<TaskAgentMessage> GetNextMessageAsync(CancellationToken token)
         {
             Trace.Entering();
@@ -178,18 +198,20 @@ namespace GitHub.Runner.Listener
             bool encounteringError = false;
             int continuousError = 0;
             string errorMessage = string.Empty;
-            Stopwatch heartbeat = new Stopwatch();
+            Stopwatch heartbeat = new();
             heartbeat.Restart();
             while (true)
             {
                 token.ThrowIfCancellationRequested();
                 TaskAgentMessage message = null;
+                _getMessagesTokenSource = CancellationTokenSource.CreateLinkedTokenSource(token);
                 try
                 {
                     message = await _runnerServer.GetAgentMessageAsync(_settings.PoolId,
                                                                 _session.SessionId,
                                                                 _lastMessageId,
-                                                                token);
+                                                                runnerStatus,
+                                                                _getMessagesTokenSource.Token);
 
                     // Decrypt the message body if the session is using encryption
                     message = DecryptMessage(message);
@@ -206,6 +228,11 @@ namespace GitHub.Runner.Listener
                         continuousError = 0;
                     }
                 }
+                catch (OperationCanceledException) when (_getMessagesTokenSource.Token.IsCancellationRequested && !token.IsCancellationRequested)
+                {
+                    Trace.Info("Get messages has been cancelled using local token source. Continue to get messages with new status.");
+                    continue;
+                }
                 catch (OperationCanceledException) when (token.IsCancellationRequested)
                 {
                     Trace.Info("Get next message has been cancelled.");
@@ -261,6 +288,10 @@ namespace GitHub.Runner.Listener
                         await HostContext.Delay(_getNextMessageRetryInterval, token);
                     }
                 }
+                finally 
+                {
+                    _getMessagesTokenSource.Dispose();
+                }
 
                 if (message == null)
                 {

src/Runner.Listener/Program.cs

@@ -1,12 +1,10 @@
 using GitHub.Runner.Common;
-using GitHub.Runner.Common.Util;
 using GitHub.Runner.Sdk;
 using System;
 using System.Globalization;
 using System.IO;
 using System.Reflection;
 using System.Runtime.InteropServices;
-using System.Threading;
 using System.Threading.Tasks;
 
 namespace GitHub.Runner.Listener
@@ -18,7 +16,7 @@ namespace GitHub.Runner.Listener
             // Add environment variables from .env file
             LoadAndSetEnv();
 
-            using (HostContext context = new HostContext("Runner"))
+            using (HostContext context = new("Runner"))
             {
                 return MainAsync(context, args).GetAwaiter().GetResult();
             }
@@ -60,6 +58,18 @@ namespace GitHub.Runner.Listener
                         terminal.WriteLine("This runner version is built for Windows. Please install a correct build for your OS.");
                         return Constants.Runner.ReturnCode.TerminatedError;
                     }
+                    #if ARM64
+                        // A little hacky, but windows gives no way to differentiate between windows 10 and 11.
+                        // By default only 11 supports native x64 app emulation on arm, so we only want to support windows 11
+                        // https://docs.microsoft.com/en-us/windows/arm/overview#build-windows-apps-that-run-on-arm
+                        // Windows 10 and 11 share a MajorVersion, so we also check the build version. Minor for both is 0, so doing < 0 doesn't really make a lot of sense.
+                        if (Environment.OSVersion.Version.Major < Constants.OperatingSystem.Windows11MajorVersion || 
+                            Environment.OSVersion.Version.Build < Constants.OperatingSystem.Windows11BuildVersion)
+                        {
+                            terminal.WriteLine("Win-arm64 runners require windows 11 or later. Please upgrade your operating system.");
+                            return Constants.Runner.ReturnCode.TerminatedError;
+                        }
+                    #endif
                     break;
                 default:
                     terminal.WriteLine($"Running the runner on this platform is not supported. The current platform is {RuntimeInformation.OSDescription} and it was built for {Constants.Runner.Platform.ToString()}.");

src/Runner.Listener/Runner.Listener.csproj

@@ -3,7 +3,7 @@
   <PropertyGroup>
     <TargetFramework>net6.0</TargetFramework>
     <OutputType>Exe</OutputType>
-    <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64</RuntimeIdentifiers>
+    <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64;osx-arm64;win-arm64</RuntimeIdentifiers>
     <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
     <NoWarn>NU1701;NU1603</NoWarn>
     <Version>$(Version)</Version>
@@ -19,7 +19,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Win32.Registry" Version="4.4.0" />
-    <PackageReference Include="Newtonsoft.Json" Version="11.0.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="System.IO.FileSystem.AccessControl" Version="4.4.0" />
     <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="4.4.0" />
     <PackageReference Include="System.ServiceProcess.ServiceController" Version="4.4.0" />

src/Runner.Listener/Runner.cs

@@ -1,18 +1,19 @@
-using GitHub.DistributedTask.WebApi;
-using GitHub.Runner.Listener.Configuration;
 using System;
-using System.Threading;
-using System.Threading.Tasks;
-using GitHub.Services.WebApi;
-using Pipelines = GitHub.DistributedTask.Pipelines;
+using System.Collections.Generic;
 using System.IO;
+using System.Linq;
 using System.Reflection;
 using System.Runtime.CompilerServices;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using GitHub.DistributedTask.WebApi;
 using GitHub.Runner.Common;
-using GitHub.Runner.Sdk;
-using System.Linq;
 using GitHub.Runner.Listener.Check;
-using System.Collections.Generic;
+using GitHub.Runner.Listener.Configuration;
+using GitHub.Runner.Sdk;
+using GitHub.Services.WebApi;
+using Pipelines = GitHub.DistributedTask.Pipelines;
 
 namespace GitHub.Runner.Listener
 {
@@ -27,7 +28,7 @@ namespace GitHub.Runner.Listener
         private IMessageListener _listener;
         private ITerminal _term;
         private bool _inConfigStage;
-        private ManualResetEvent _completedCommand = new ManualResetEvent(false);
+        private ManualResetEvent _completedCommand = new(false);
 
         public override void Initialize(IHostContext hostContext)
         {
@@ -192,6 +193,30 @@ namespace GitHub.Runner.Listener
                     return Constants.Runner.ReturnCode.Success;
                 }
 
+                var base64JitConfig = command.GetJitConfig();
+                if (!string.IsNullOrEmpty(base64JitConfig))
+                {
+                    try
+                    {
+                        var decodedJitConfig = Encoding.UTF8.GetString(Convert.FromBase64String(base64JitConfig));
+                        var jitConfig = StringUtil.ConvertFromJson<Dictionary<string, string>>(decodedJitConfig);
+                        foreach (var config in jitConfig)
+                        {
+                            var configFile = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), config.Key);
+                            var configContent = Encoding.UTF8.GetString(Convert.FromBase64String(config.Value));
+                            File.WriteAllText(configFile, configContent, Encoding.UTF8);
+                            File.SetAttributes(configFile, File.GetAttributes(configFile) | FileAttributes.Hidden);
+                            Trace.Info($"Save {configContent.Length} chars to '{configFile}'.");
+                        }
+                    }
+                    catch (Exception ex)
+                    {
+                        Trace.Error(ex);
+                        _term.WriteError(ex.Message);
+                        return Constants.Runner.ReturnCode.TerminatedError;
+                    }
+                }
+
                 RunnerSettings settings = configManager.LoadSettings();
 
                 var store = HostContext.GetService<IConfigurationStore>();
@@ -322,6 +347,7 @@ namespace GitHub.Runner.Listener
 
                 // Should we try to cleanup ephemeral runners
                 bool runOnceJobCompleted = false;
+                bool skipSessionDeletion = false;
                 try
                 {
                     var notification = HostContext.GetService<IJobNotification>();
@@ -333,6 +359,8 @@ namespace GitHub.Runner.Listener
                     bool runOnceJobReceived = false;
                     jobDispatcher = HostContext.CreateService<IJobDispatcher>();
 
+                    jobDispatcher.JobStatus += _listener.OnJobStatus;
+
                     while (!HostContext.RunnerShutdownToken.IsCancellationRequested)
                     {
                         TaskAgentMessage message = null;
@@ -457,6 +485,44 @@ namespace GitHub.Runner.Listener
                                     }
                                 }
                             }
+                            // Broker flow
+                            else if (string.Equals(message.MessageType, JobRequestMessageTypes.RunnerJobRequest, StringComparison.OrdinalIgnoreCase))
+                            {
+                                if (autoUpdateInProgress || runOnceJobReceived)
+                                {
+                                    skipMessageDeletion = true;
+                                    Trace.Info($"Skip message deletion for job request message '{message.MessageId}'.");
+                                }
+                                else
+                                {
+                                    var messageRef = StringUtil.ConvertFromJson<RunnerJobRequestRef>(message.Body);
+                                    Pipelines.AgentJobRequestMessage jobRequestMessage = null;
+
+                                    // Create connection
+                                    var credMgr = HostContext.GetService<ICredentialManager>();
+                                    var creds = credMgr.LoadCredentials();
+
+                                    if (string.IsNullOrEmpty(messageRef.RunServiceUrl))
+                                    {
+                                        var actionsRunServer = HostContext.CreateService<IActionsRunServer>();
+                                        await actionsRunServer.ConnectAsync(new Uri(settings.ServerUrl), creds);
+                                        jobRequestMessage = await actionsRunServer.GetJobMessageAsync(messageRef.RunnerRequestId, messageQueueLoopTokenSource.Token);
+                                    }
+                                    else
+                                    {
+                                        var runServer = HostContext.CreateService<IRunServer>();
+                                        await runServer.ConnectAsync(new Uri(messageRef.RunServiceUrl), creds);
+                                        jobRequestMessage = await runServer.GetJobMessageAsync(messageRef.RunnerRequestId, messageQueueLoopTokenSource.Token);
+                                    }
+
+                                    jobDispatcher.Run(jobRequestMessage, runOnce);
+                                    if (runOnce)
+                                    {
+                                        Trace.Info("One time used runner received job message.");
+                                        runOnceJobReceived = true;
+                                    }
+                                }
+                            }
                             else if (string.Equals(message.MessageType, JobCancelMessage.MessageType, StringComparison.OrdinalIgnoreCase))
                             {
                                 var cancelJobMessage = JsonUtility.FromString<JobCancelMessage>(message.Body);
@@ -468,6 +534,14 @@ namespace GitHub.Runner.Listener
                                     Trace.Info($"Skip message deletion for cancellation message '{message.MessageId}'.");
                                 }
                             }
+                            else if (string.Equals(message.MessageType, Pipelines.HostedRunnerShutdownMessage.MessageType, StringComparison.OrdinalIgnoreCase))
+                            {
+                                var HostedRunnerShutdownMessage = JsonUtility.FromString<Pipelines.HostedRunnerShutdownMessage>(message.Body);
+                                skipMessageDeletion = true;
+                                skipSessionDeletion = true;
+                                Trace.Info($"Service requests the hosted runner to shutdown. Reason: '{HostedRunnerShutdownMessage.Reason}'.");
+                                return Constants.Runner.ReturnCode.Success;
+                            }
                             else
                             {
                                 Trace.Error($"Received message {message.MessageId} with unsupported message type {message.MessageType}.");
@@ -498,18 +572,22 @@ namespace GitHub.Runner.Listener
                 {
                     if (jobDispatcher != null)
                     {
+                        jobDispatcher.JobStatus -= _listener.OnJobStatus;
                         await jobDispatcher.ShutdownAsync();
                     }
 
-                    try
+                    if (!skipSessionDeletion)
                     {
-                        await _listener.DeleteSessionAsync();
-                    }
-                    catch (Exception ex) when (runOnce)
-                    {
-                        // ignore exception during delete session for ephemeral runner since the runner might already be deleted from the server side
-                        // and the delete session call will ends up with 401.
-                        Trace.Info($"Ignore any exception during DeleteSession for an ephemeral runner. {ex}");
+                        try
+                        {
+                            await _listener.DeleteSessionAsync();
+                        }
+                        catch (Exception ex) when (runOnce)
+                        {
+                            // ignore exception during delete session for ephemeral runner since the runner might already be deleted from the server side
+                            // and the delete session call will ends up with 401.
+                            Trace.Info($"Ignore any exception during DeleteSession for an ephemeral runner. {ex}");
+                        }
                     }
 
                     messageQueueLoopTokenSource.Dispose();
@@ -561,7 +639,7 @@ Config Options:
  --labels string        Extra labels in addition to the default: 'self-hosted,{Constants.Runner.Platform},{Constants.Runner.PlatformArchitecture}'
  --work string          Relative runner work directory (default {Constants.Path.WorkDirectory})
  --replace              Replace any existing runner with the same name (default false)
- --pat                  GitHub personal access token used for checking network connectivity when executing `.{separator}run.{ext} --check`
+ --pat                  GitHub personal access token with repo scope. Used for checking network connectivity when executing `.{separator}run.{ext} --check`
  --disableupdate        Disable self-hosted runner automatic update to the latest released version`
  --ephemeral            Configure the runner to only take one job and then let the service un-configure the runner after the job finishes (default false)");
 

src/Runner.Listener/RunnerJobRequestRef.cs

@@ -0,0 +1,15 @@
+using System.Runtime.Serialization;
+
+namespace GitHub.Runner.Listener
+{
+    [DataContract]
+    public sealed class RunnerJobRequestRef
+    {
+        [DataMember(Name = "id")]
+        public string Id { get; set; }
+        [DataMember(Name = "runner_request_id")]
+        public string RunnerRequestId { get; set; }
+        [DataMember(Name = "run_service_url")]
+        public string RunServiceUrl { get; set; }
+    }
+}

src/Runner.Listener/SelfUpdater.cs

@@ -32,14 +32,14 @@ namespace GitHub.Runner.Listener
         private static string _platform = BuildConstants.RunnerPackage.PackageName;
         private static string _dotnetRuntime = "dotnetRuntime";
         private static string _externals = "externals";
-        private readonly Dictionary<string, string> _contentHashes = new Dictionary<string, string>();
+        private readonly Dictionary<string, string> _contentHashes = new();
 
         private PackageMetadata _targetPackage;
         private ITerminal _terminal;
         private IRunnerServer _runnerServer;
         private int _poolId;
         private int _agentId;
-        private readonly ConcurrentQueue<string> _updateTrace = new ConcurrentQueue<string>();
+        private readonly ConcurrentQueue<string> _updateTrace = new();
         private Task _cloneAndCalculateContentHashTask;
         private string _dotnetRuntimeCloneDirectory;
         private string _externalsCloneDirectory;
@@ -131,8 +131,10 @@ namespace GitHub.Runner.Listener
                 // For L0, we will skip execute update script.
                 if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("_GITHUB_ACTION_EXECUTE_UPDATE_SCRIPT")))
                 {
+                    string flagFile = "update.finished";
+                    IOUtil.DeleteFile(flagFile);
                     // kick off update script
-                    Process invokeScript = new Process();
+                    Process invokeScript = new();
 #if OS_WINDOWS
                     invokeScript.StartInfo.FileName = WhichUtil.Which("cmd.exe", trace: Trace);
                     invokeScript.StartInfo.Arguments = $"/c \"{updateScript}\"";
@@ -189,9 +191,9 @@ namespace GitHub.Runner.Listener
             }
 
             Trace.Info($"Version '{_targetPackage.Version}' of '{_targetPackage.Type}' package available in server.");
-            PackageVersion serverVersion = new PackageVersion(_targetPackage.Version);
+            PackageVersion serverVersion = new(_targetPackage.Version);
             Trace.Info($"Current running runner version is {BuildConstants.RunnerPackage.Version}");
-            PackageVersion runnerVersion = new PackageVersion(BuildConstants.RunnerPackage.Version);
+            PackageVersion runnerVersion = new(BuildConstants.RunnerPackage.Version);
 
             return serverVersion.CompareTo(runnerVersion) > 0;
         }
@@ -294,12 +296,12 @@ namespace GitHub.Runner.Listener
                         archiveFile = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Root), $"runner{targetVersion}.tar.gz");
                     }
 
-                    if (File.Exists(archiveFile)) 
+                    if (File.Exists(archiveFile))
                     {
                         _updateTrace.Enqueue($"Mocking update with file: '{archiveFile}' and targetVersion: '{targetVersion}', nothing is downloaded");
                         _terminal.WriteLine($"Mocking update with file: '{archiveFile}' and targetVersion: '{targetVersion}', nothing is downloaded");
                     }
-                    else 
+                    else
                     {
                         archiveFile = null;
                         _terminal.WriteLine($"Mock runner archive not found at {archiveFile} for target version {targetVersion}, proceeding with download instead");
@@ -474,7 +476,7 @@ namespace GitHub.Runner.Listener
                         long downloadSize = 0;
 
                         //open zip stream in async mode
-                        using (HttpClient httpClient = new HttpClient(HostContext.CreateHttpClientHandler()))
+                        using (HttpClient httpClient = new(HostContext.CreateHttpClientHandler()))
                         {
                             if (!string.IsNullOrEmpty(_targetPackage.Token))
                             {
@@ -484,7 +486,7 @@ namespace GitHub.Runner.Listener
 
                             Trace.Info($"Downloading {packageDownloadUrl}");
 
-                            using (FileStream fs = new FileStream(archiveFile, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize: 4096, useAsync: true))
+                            using (FileStream fs = new(archiveFile, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize: 4096, useAsync: true))
                             using (Stream result = await httpClient.GetStreamAsync(packageDownloadUrl))
                             {
                                 //81920 is the default used by System.IO.Stream.CopyTo and is under the large object heap threshold (85k).
@@ -594,7 +596,7 @@ namespace GitHub.Runner.Listener
                     int exitCode = await processInvoker.ExecuteAsync(extractDirectory, tar, $"-xzf \"{archiveFile}\"", null, token);
                     if (exitCode != 0)
                     {
-                        throw new NotSupportedException($"Can't use 'tar -xzf' extract archive file: {archiveFile}. return code: {exitCode}.");
+                        throw new NotSupportedException($"Can't use 'tar -xzf' to extract archive file: {archiveFile}. return code: {exitCode}.");
                     }
                 }
             }

src/Runner.PluginHost/Program.cs

@@ -1,13 +1,10 @@
-using System;
-using System.Collections.Generic;
+using System;
 using System.Globalization;
 using System.IO;
-using System.Linq;
 using System.Reflection;
 using System.Runtime.Loader;
 using System.Text;
 using System.Threading;
-using System.Threading.Tasks;
 using GitHub.Runner.Sdk;
 using GitHub.DistributedTask.WebApi;
 
@@ -15,7 +12,7 @@ namespace GitHub.Runner.PluginHost
 {
     public static class Program
     {
-        private static CancellationTokenSource tokenSource = new CancellationTokenSource();
+        private static CancellationTokenSource tokenSource = new();
         private static string executingAssemblyLocation = string.Empty;
 
         public static int Main(string[] args)

src/Runner.PluginHost/Runner.PluginHost.csproj

@@ -3,7 +3,7 @@
   <PropertyGroup>
     <TargetFramework>net6.0</TargetFramework>
     <OutputType>Exe</OutputType>
-    <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64</RuntimeIdentifiers>
+    <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64;osx-arm64;win-arm64</RuntimeIdentifiers>
     <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
     <NoWarn>NU1701;NU1603</NoWarn>
     <Version>$(Version)</Version>

src/Runner.Plugins/Artifact/DownloadArtifact.cs

@@ -63,7 +63,7 @@ namespace GitHub.Runner.Plugins.Artifact
             string containerPath = actionsStorageArtifact.Name; // In actions storage artifacts, name equals the path
             long containerId = actionsStorageArtifact.ContainerId;
 
-            FileContainerServer fileContainerServer = new FileContainerServer(context.VssConnection, projectId: new Guid(), containerId, containerPath);
+            FileContainerServer fileContainerServer = new(context.VssConnection, projectId: new Guid(), containerId, containerPath);
             await fileContainerServer.DownloadFromContainerAsync(context, targetPath, token);
 
             context.Output("Artifact download finished.");

src/Runner.Plugins/Artifact/FileContainerServer.cs

@@ -23,10 +23,10 @@ namespace GitHub.Runner.Plugins.Artifact
         //81920 is the default used by System.IO.Stream.CopyTo and is under the large object heap threshold (85k). 
         private const int _defaultCopyBufferSize = 81920;
 
-        private readonly ConcurrentQueue<string> _fileUploadQueue = new ConcurrentQueue<string>();
-        private readonly ConcurrentQueue<DownloadInfo> _fileDownloadQueue = new ConcurrentQueue<DownloadInfo>();
-        private readonly ConcurrentDictionary<string, ConcurrentQueue<string>> _fileUploadTraceLog = new ConcurrentDictionary<string, ConcurrentQueue<string>>();
-        private readonly ConcurrentDictionary<string, ConcurrentQueue<string>> _fileUploadProgressLog = new ConcurrentDictionary<string, ConcurrentQueue<string>>();
+        private readonly ConcurrentQueue<string> _fileUploadQueue = new();
+        private readonly ConcurrentQueue<DownloadInfo> _fileDownloadQueue = new();
+        private readonly ConcurrentDictionary<string, ConcurrentQueue<string>> _fileUploadTraceLog = new();
+        private readonly ConcurrentDictionary<string, ConcurrentQueue<string>> _fileUploadProgressLog = new();
         private readonly FileContainerHttpClient _fileContainerHttpClient;
 
         private CancellationTokenSource _uploadCancellationTokenSource;
@@ -67,7 +67,7 @@ namespace GitHub.Runner.Plugins.Artifact
             CancellationToken cancellationToken)
         {
             // Find out all container items need to be processed
-            List<FileContainerItem> containerItems = new List<FileContainerItem>();
+            List<FileContainerItem> containerItems = new();
             int retryCount = 0;
             while (retryCount < 3)
             {
@@ -106,7 +106,7 @@ namespace GitHub.Runner.Plugins.Artifact
             // Create all required empty folders and emptry files, gather a list of files that we need to download from server.
             int foldersCreated = 0;
             int emptryFilesCreated = 0;
-            List<DownloadInfo> downloadFiles = new List<DownloadInfo>();
+            List<DownloadInfo> downloadFiles = new();
             foreach (var item in containerItems.OrderBy(x => x.Path))
             {
                 if (!item.Path.StartsWith(_containerPath, StringComparison.OrdinalIgnoreCase))
@@ -306,7 +306,7 @@ namespace GitHub.Runner.Plugins.Artifact
             Task downloadMonitor = DownloadReportingAsync(context, files.Count(), token);
 
             // Start parallel download tasks.
-            List<Task<DownloadResult>> parallelDownloadingTasks = new List<Task<DownloadResult>>();
+            List<Task<DownloadResult>> parallelDownloadingTasks = new();
             for (int downloader = 0; downloader < concurrentDownloads; downloader++)
             {
                 parallelDownloadingTasks.Add(DownloadAsync(context, downloader, token));
@@ -358,7 +358,7 @@ namespace GitHub.Runner.Plugins.Artifact
             Task uploadMonitor = UploadReportingAsync(context, files.Count(), _uploadCancellationTokenSource.Token);
 
             // Start parallel upload tasks.
-            List<Task<UploadResult>> parallelUploadingTasks = new List<Task<UploadResult>>();
+            List<Task<UploadResult>> parallelUploadingTasks = new();
             for (int uploader = 0; uploader < concurrentUploads; uploader++)
             {
                 parallelUploadingTasks.Add(UploadAsync(context, uploader, _uploadCancellationTokenSource.Token));
@@ -381,8 +381,8 @@ namespace GitHub.Runner.Plugins.Artifact
 
         private async Task<DownloadResult> DownloadAsync(RunnerActionPluginExecutionContext context, int downloaderId, CancellationToken token)
         {
-            List<DownloadInfo> failedFiles = new List<DownloadInfo>();
-            Stopwatch downloadTimer = new Stopwatch();
+            List<DownloadInfo> failedFiles = new();
+            Stopwatch downloadTimer = new();
             while (_fileDownloadQueue.TryDequeue(out DownloadInfo fileToDownload))
             {
                 token.ThrowIfCancellationRequested();
@@ -396,7 +396,7 @@ namespace GitHub.Runner.Plugins.Artifact
                         {
                             context.Debug($"Start downloading file: '{fileToDownload.ItemPath}' (Downloader {downloaderId})");
                             downloadTimer.Restart();
-                            using (FileStream fs = new FileStream(fileToDownload.LocalPath, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize: _defaultFileStreamBufferSize, useAsync: true))
+                            using (FileStream fs = new(fileToDownload.LocalPath, FileMode.Create, FileAccess.Write, FileShare.None, bufferSize: _defaultFileStreamBufferSize, useAsync: true))
                             using (var downloadStream = await _fileContainerHttpClient.DownloadFileAsync(_containerId, fileToDownload.ItemPath, token, _projectId))
                             {
                                 await downloadStream.CopyToAsync(fs, _defaultCopyBufferSize, token);
@@ -453,10 +453,10 @@ namespace GitHub.Runner.Plugins.Artifact
 
         private async Task<UploadResult> UploadAsync(RunnerActionPluginExecutionContext context, int uploaderId, CancellationToken token)
         {
-            List<string> failedFiles = new List<string>();
+            List<string> failedFiles = new();
             long uploadedSize = 0;
             string fileToUpload;
-            Stopwatch uploadTimer = new Stopwatch();
+            Stopwatch uploadTimer = new();
             while (_fileUploadQueue.TryDequeue(out fileToUpload))
             {
                 token.ThrowIfCancellationRequested();

src/Runner.Plugins/Artifact/PipelinesServer.cs

@@ -1,5 +1,3 @@
-using System;
-using System.IO;
 using System.Threading;
 using System.Threading.Tasks;
 using GitHub.Actions.Pipelines.WebApi;

src/Runner.Plugins/Artifact/PublishArtifact.cs

@@ -68,7 +68,7 @@ namespace GitHub.Runner.Plugins.Artifact
 
             context.Output($"Uploading artifact '{artifactName}' from '{fullPath}' for run #{buildId}");
 
-            FileContainerServer fileContainerHelper = new FileContainerServer(context.VssConnection, projectId: Guid.Empty, containerId, artifactName);
+            FileContainerServer fileContainerHelper = new(context.VssConnection, projectId: Guid.Empty, containerId, artifactName);
             var propertiesDictionary = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
 
             long size = 0;
@@ -87,7 +87,7 @@ namespace GitHub.Runner.Plugins.Artifact
                 // Definition ID is a dummy value only used by HTTP client routing purposes
                 int definitionId = 1;
 
-                PipelinesServer pipelinesHelper = new PipelinesServer(context.VssConnection);
+                PipelinesServer pipelinesHelper = new(context.VssConnection);
 
                 var artifact = await pipelinesHelper.AssociateActionsStorageArtifactAsync(
                     definitionId,

src/Runner.Plugins/Repository/GitCliManager.cs

@@ -1,6 +1,5 @@
 using System;
 using System.Collections.Generic;
-using System.Diagnostics;
 using System.Linq;
 using System.Text;
 using System.Text.RegularExpressions;
@@ -9,7 +8,6 @@ using System.Threading.Tasks;
 using System.IO;
 using GitHub.Runner.Sdk;
 using GitHub.Services.Common;
-using GitHub.DistributedTask.Pipelines.ContextData;
 
 namespace GitHub.Runner.Plugins.Repository
 {
@@ -20,7 +18,7 @@ namespace GitHub.Runner.Plugins.Repository
 #else
         private static readonly Encoding s_encoding = null;
 #endif
-        private readonly Dictionary<string, string> gitEnv = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+        private readonly Dictionary<string, string> gitEnv = new(StringComparer.OrdinalIgnoreCase)
         {
             { "GIT_TERMINAL_PROMPT", "0" },
         };
@@ -94,11 +92,11 @@ namespace GitHub.Runner.Plugins.Repository
             }
 
             // required 2.0, all git operation commandline args need min git version 2.0
-            Version minRequiredGitVersion = new Version(2, 0);
+            Version minRequiredGitVersion = new(2, 0);
             EnsureGitVersion(minRequiredGitVersion, throwOnNotMatch: true);
 
             // suggest user upgrade to 2.9 for better git experience
-            Version recommendGitVersion = new Version(2, 9);
+            Version recommendGitVersion = new(2, 9);
             if (!EnsureGitVersion(recommendGitVersion, throwOnNotMatch: false))
             {
                 context.Output($"To get a better Git experience, upgrade your Git to at least version '{recommendGitVersion}'. Your current Git version is '{gitVersion}'.");
@@ -432,7 +430,7 @@ namespace GitHub.Runner.Plugins.Repository
             context.Debug($"Inspect remote.origin.url for repository under {repositoryPath}");
             Uri fetchUrl = null;
 
-            List<string> outputStrings = new List<string>();
+            List<string> outputStrings = new();
             int exitCode = await ExecuteGitCommandAsync(context, repositoryPath, "config", "--get remote.origin.url", outputStrings);
 
             if (exitCode != 0)
@@ -479,7 +477,7 @@ namespace GitHub.Runner.Plugins.Repository
             context.Debug($"Checking git config {configKey} exist or not");
 
             // ignore any outputs by redirect them into a string list, since the output might contains secrets.
-            List<string> outputStrings = new List<string>();
+            List<string> outputStrings = new();
             int exitcode = await ExecuteGitCommandAsync(context, repositoryPath, "config", StringUtil.Format($"--get-all {configKey}"), outputStrings);
 
             return exitcode == 0;
@@ -541,7 +539,7 @@ namespace GitHub.Runner.Plugins.Repository
             string runnerWorkspace = context.GetRunnerContext("workspace");
             ArgUtil.Directory(runnerWorkspace, "runnerWorkspace");
             Version version = null;
-            List<string> outputStrings = new List<string>();
+            List<string> outputStrings = new();
             int exitCode = await ExecuteGitCommandAsync(context, runnerWorkspace, "version", null, outputStrings);
             context.Output($"{string.Join(Environment.NewLine, outputStrings)}");
             if (exitCode == 0)
@@ -552,7 +550,7 @@ namespace GitHub.Runner.Plugins.Repository
                 {
                     string verString = outputStrings.First();
                     // we interested about major.minor.patch version
-                    Regex verRegex = new Regex("\\d+\\.\\d+(\\.\\d+)?", RegexOptions.IgnoreCase);
+                    Regex verRegex = new("\\d+\\.\\d+(\\.\\d+)?", RegexOptions.IgnoreCase);
                     var matchResult = verRegex.Match(verString);
                     if (matchResult.Success && !string.IsNullOrEmpty(matchResult.Value))
                     {
@@ -574,7 +572,7 @@ namespace GitHub.Runner.Plugins.Repository
             string runnerWorkspace = context.GetRunnerContext("workspace");
             ArgUtil.Directory(runnerWorkspace, "runnerWorkspace");
             Version version = null;
-            List<string> outputStrings = new List<string>();
+            List<string> outputStrings = new();
             int exitCode = await ExecuteGitCommandAsync(context, runnerWorkspace, "lfs version", null, outputStrings);
             context.Output($"{string.Join(Environment.NewLine, outputStrings)}");
             if (exitCode == 0)
@@ -585,7 +583,7 @@ namespace GitHub.Runner.Plugins.Repository
                 {
                     string verString = outputStrings.First();
                     // we interested about major.minor.patch version
-                    Regex verRegex = new Regex("\\d+\\.\\d+(\\.\\d+)?", RegexOptions.IgnoreCase);
+                    Regex verRegex = new("\\d+\\.\\d+(\\.\\d+)?", RegexOptions.IgnoreCase);
                     var matchResult = verRegex.Match(verString);
                     if (matchResult.Success && !string.IsNullOrEmpty(matchResult.Value))
                     {

src/Runner.Plugins/Repository/v1.0/GitSourceProvider.cs

@@ -6,11 +6,9 @@ using System.Threading.Tasks;
 using System.IO;
 using System.Text.RegularExpressions;
 using System.Text;
-using System.Diagnostics;
 using GitHub.Runner.Sdk;
 using System.Linq;
 using GitHub.DistributedTask.WebApi;
-using GitHub.Services.WebApi;
 
 namespace GitHub.Runner.Plugins.Repository.v1_0
 {
@@ -23,7 +21,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_0
         private const string _remotePullRefsPrefix = "refs/remotes/pull/";
 
         // min git version that support add extra auth header.
-        private Version _minGitVersionSupportAuthHeader = new Version(2, 9);
+        private Version _minGitVersionSupportAuthHeader = new(2, 9);
 
 #if OS_WINDOWS
         // min git version that support override sslBackend setting.
@@ -31,7 +29,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_0
 #endif
 
         // min git-lfs version that support add extra auth header.
-        private Version _minGitLfsVersionSupportAuthHeader = new Version(2, 1);
+        private Version _minGitLfsVersionSupportAuthHeader = new(2, 1);
 
         private void RequirementCheck(RunnerActionPluginExecutionContext executionContext, GitCliManager gitCommandManager, bool checkGitLfs)
         {
@@ -85,7 +83,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_0
             var githubUrl = executionContext.GetGitHubContext("server_url");
             var githubUri = new Uri(!string.IsNullOrEmpty(githubUrl) ? githubUrl : "https://github.com");
             var portInfo = githubUri.IsDefaultPort ? string.Empty : $":{githubUri.Port}";
-            Uri repositoryUrl = new Uri($"{githubUri.Scheme}://{githubUri.Host}{portInfo}/{repoFullName}");
+            Uri repositoryUrl = new($"{githubUri.Scheme}://{githubUri.Host}{portInfo}/{repoFullName}");
             if (!repositoryUrl.IsAbsoluteUri)
             {
                 throw new InvalidOperationException("Repository url need to be an absolute uri.");
@@ -123,7 +121,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_0
             executionContext.Debug($"gitLfsSupport={gitLfsSupport}");
 
             // Initialize git command manager with additional environment variables.
-            Dictionary<string, string> gitEnv = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+            Dictionary<string, string> gitEnv = new(StringComparer.OrdinalIgnoreCase);
 
             // Disable prompting for git credential manager
             gitEnv["GCM_INTERACTIVE"] = "Never";
@@ -143,7 +141,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_0
                 gitEnv[formattedKey] = variable.Value?.Value ?? string.Empty;
             }
 
-            GitCliManager gitCommandManager = new GitCliManager(gitEnv);
+            GitCliManager gitCommandManager = new(gitEnv);
             await gitCommandManager.LoadGitExecutionInfo(executionContext);
 
             // Make sure the build machine met all requirements for the git repository
@@ -295,8 +293,8 @@ namespace GitHub.Runner.Plugins.Repository.v1_0
                 await RemoveGitConfig(executionContext, gitCommandManager, targetPath, $"http.{repositoryUrl.AbsoluteUri}.extraheader", string.Empty);
             }
 
-            List<string> additionalFetchArgs = new List<string>();
-            List<string> additionalLfsFetchArgs = new List<string>();
+            List<string> additionalFetchArgs = new();
+            List<string> additionalLfsFetchArgs = new();
 
             // add accessToken as basic auth header to handle auth challenge. 
             if (!string.IsNullOrEmpty(accessToken))
@@ -322,7 +320,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_0
                 }
             }
 
-            List<string> additionalFetchSpecs = new List<string>();
+            List<string> additionalFetchSpecs = new();
             additionalFetchSpecs.Add("+refs/heads/*:refs/remotes/origin/*");
 
             if (IsPullRequest(sourceBranch))
@@ -397,7 +395,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_0
                     throw new InvalidOperationException($"Git submodule sync failed with exit code: {exitCode_submoduleSync}");
                 }
 
-                List<string> additionalSubmoduleUpdateArgs = new List<string>();
+                List<string> additionalSubmoduleUpdateArgs = new();
 
                 if (!string.IsNullOrEmpty(accessToken))
                 {

src/Runner.Plugins/Repository/v1.0/RepositoryPlugin.cs

@@ -1,12 +1,9 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
+using System;
 using System.Threading;
 using System.Threading.Tasks;
 using GitHub.Runner.Sdk;
 using Pipelines = GitHub.DistributedTask.Pipelines;
 using System.IO;
-using GitHub.DistributedTask.Pipelines.ContextData;
 using System.Text.RegularExpressions;
 using GitHub.DistributedTask.Pipelines.Expressions;
 using System.Text;
@@ -15,7 +12,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_0
 {
     public class CheckoutTask : IRunnerActionPlugin
     {
-        private readonly Regex _validSha1 = new Regex(@"\b[0-9a-f]{40}\b", RegexOptions.IgnoreCase | RegexOptions.CultureInvariant | RegexOptions.Compiled, TimeSpan.FromSeconds(2));
+        private readonly Regex _validSha1 = new(@"\b[0-9a-f]{40}\b", RegexOptions.IgnoreCase | RegexOptions.CultureInvariant | RegexOptions.Compiled, TimeSpan.FromSeconds(2));
 
         public async Task RunAsync(RunnerActionPluginExecutionContext executionContext, CancellationToken token)
         {

src/Runner.Plugins/Repository/v1.1/GitSourceProvider.cs

@@ -4,9 +4,7 @@ using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
 using System.IO;
-using System.Text.RegularExpressions;
 using System.Text;
-using System.Diagnostics;
 using GitHub.Runner.Sdk;
 using System.Linq;
 using GitHub.DistributedTask.WebApi;
@@ -24,7 +22,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_1
         private const string _tagRefsPrefix = "refs/tags/";
 
         // min git version that support add extra auth header.
-        private Version _minGitVersionSupportAuthHeader = new Version(2, 9);
+        private Version _minGitVersionSupportAuthHeader = new(2, 9);
 
 #if OS_WINDOWS
         // min git version that support override sslBackend setting.
@@ -32,7 +30,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_1
 #endif
 
         // min git-lfs version that support add extra auth header.
-        private Version _minGitLfsVersionSupportAuthHeader = new Version(2, 1);
+        private Version _minGitLfsVersionSupportAuthHeader = new(2, 1);
 
         public static string ProblemMatcher => @"    
 {
@@ -64,9 +62,9 @@ namespace GitHub.Runner.Plugins.Repository.v1_1
         {
             // Validate args.
             ArgUtil.NotNull(executionContext, nameof(executionContext));
-            Dictionary<string, string> configModifications = new Dictionary<string, string>();
+            Dictionary<string, string> configModifications = new();
             executionContext.Output($"Syncing repository: {repoFullName}");
-            Uri repositoryUrl = new Uri($"https://github.com/{repoFullName}");
+            Uri repositoryUrl = new($"https://github.com/{repoFullName}");
             if (!repositoryUrl.IsAbsoluteUri)
             {
                 throw new InvalidOperationException("Repository url need to be an absolute uri.");
@@ -104,7 +102,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_1
             executionContext.Debug($"gitLfsSupport={gitLfsSupport}");
 
             // Initialize git command manager with additional environment variables.
-            Dictionary<string, string> gitEnv = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+            Dictionary<string, string> gitEnv = new(StringComparer.OrdinalIgnoreCase);
 
             // Disable git prompt
             gitEnv["GIT_TERMINAL_PROMPT"] = "0";
@@ -127,7 +125,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_1
                 gitEnv[formattedKey] = variable.Value?.Value ?? string.Empty;
             }
 
-            GitCliManager gitCommandManager = new GitCliManager(gitEnv);
+            GitCliManager gitCommandManager = new(gitEnv);
             await gitCommandManager.LoadGitExecutionInfo(executionContext);
 
             // Make sure the build machine met all requirements for the git repository
@@ -279,8 +277,8 @@ namespace GitHub.Runner.Plugins.Repository.v1_1
                 await RemoveGitConfig(executionContext, gitCommandManager, targetPath, $"http.{repositoryUrl.AbsoluteUri}.extraheader", string.Empty);
             }
 
-            List<string> additionalFetchArgs = new List<string>();
-            List<string> additionalLfsFetchArgs = new List<string>();
+            List<string> additionalFetchArgs = new();
+            List<string> additionalLfsFetchArgs = new();
 
             // Add http.https://github.com.extraheader=... to gitconfig
             // accessToken as basic auth header to handle any auth challenge from github.com 
@@ -305,7 +303,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_1
                 }
             }
 
-            List<string> additionalFetchSpecs = new List<string>();
+            List<string> additionalFetchSpecs = new();
             additionalFetchSpecs.Add("+refs/heads/*:refs/remotes/origin/*");
 
             if (IsPullRequest(sourceBranch))
@@ -380,7 +378,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_1
                     throw new InvalidOperationException($"Git submodule sync failed with exit code: {exitCode_submoduleSync}");
                 }
 
-                List<string> additionalSubmoduleUpdateArgs = new List<string>();
+                List<string> additionalSubmoduleUpdateArgs = new();
 
                 int exitCode_submoduleUpdate = await gitCommandManager.GitSubmoduleUpdate(executionContext, targetPath, fetchDepth, string.Join(" ", additionalSubmoduleUpdateArgs), checkoutNestedSubmodules, cancellationToken);
                 if (exitCode_submoduleUpdate != 0)
@@ -406,7 +404,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_1
             executionContext.Output($"Cleanup cached git credential from {repositoryPath}.");
 
             // Initialize git command manager
-            GitCliManager gitCommandManager = new GitCliManager();
+            GitCliManager gitCommandManager = new();
             await gitCommandManager.LoadGitExecutionInfo(executionContext);
 
             executionContext.Debug("Remove any extraheader setting from git config.");
@@ -501,7 +499,7 @@ namespace GitHub.Runner.Plugins.Repository.v1_1
                     string gitConfig = Path.Combine(targetPath, ".git/config");
                     if (File.Exists(gitConfig))
                     {
-                        List<string> safeGitConfig = new List<string>();
+                        List<string> safeGitConfig = new();
                         var gitConfigContents = File.ReadAllLines(gitConfig);
                         foreach (var line in gitConfigContents)
                         {

src/Runner.Plugins/Repository/v1.1/RepositoryPlugin.cs

@@ -1,13 +1,9 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
+using System;
 using System.Threading;
 using System.Threading.Tasks;
 using GitHub.Runner.Sdk;
 using Pipelines = GitHub.DistributedTask.Pipelines;
 using System.IO;
-using GitHub.DistributedTask.Pipelines.ContextData;
-using System.Text.RegularExpressions;
 using GitHub.DistributedTask.Pipelines.Expressions;
 using System.Text;
 

src/Runner.Plugins/Runner.Plugins.csproj

@@ -3,7 +3,7 @@
   <PropertyGroup>
     <TargetFramework>net6.0</TargetFramework>
     <OutputType>Library</OutputType>
-    <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64</RuntimeIdentifiers>
+    <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64;osx-arm64;win-arm64</RuntimeIdentifiers>
     <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
     <NoWarn>NU1701;NU1603</NoWarn>
     <Version>$(Version)</Version>

src/Runner.Sdk/ActionPlugin.cs

@@ -1,7 +1,6 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Runtime.InteropServices;
 using System.Threading;
@@ -11,7 +10,6 @@ using GitHub.DistributedTask.WebApi;
 using GitHub.Services.Common;
 using GitHub.Services.WebApi;
 using Newtonsoft.Json;
-using Pipelines = GitHub.DistributedTask.Pipelines;
 
 namespace GitHub.Runner.Sdk
 {
@@ -25,7 +23,7 @@ namespace GitHub.Runner.Sdk
         private readonly string DebugEnvironmentalVariable = "ACTIONS_STEP_DEBUG";
         private VssConnection _connection;
         private RunnerWebProxy _webProxy;
-        private readonly object _stdoutLock = new object();
+        private readonly object _stdoutLock = new();
         private readonly ITraceWriter _trace; // for unit tests
 
         public RunnerActionPluginExecutionContext()
@@ -222,7 +220,7 @@ namespace GitHub.Runner.Sdk
             return input;
         }
 
-        private Dictionary<string, string> _commandEscapeMappings = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+        private Dictionary<string, string> _commandEscapeMappings = new(StringComparer.OrdinalIgnoreCase)
         {
             {
                 ";", "%3B"

src/Runner.Sdk/ProcessInvoker.cs

@@ -24,18 +24,18 @@ namespace GitHub.Runner.Sdk
         private Stopwatch _stopWatch;
         private int _asyncStreamReaderCount = 0;
         private bool _waitingOnStreams = false;
-        private readonly AsyncManualResetEvent _outputProcessEvent = new AsyncManualResetEvent();
-        private readonly TaskCompletionSource<bool> _processExitedCompletionSource = new TaskCompletionSource<bool>();
-        private readonly CancellationTokenSource _processStandardInWriteCancellationTokenSource = new CancellationTokenSource();
-        private readonly ConcurrentQueue<string> _errorData = new ConcurrentQueue<string>();
-        private readonly ConcurrentQueue<string> _outputData = new ConcurrentQueue<string>();
+        private readonly AsyncManualResetEvent _outputProcessEvent = new();
+        private readonly TaskCompletionSource<bool> _processExitedCompletionSource = new();
+        private readonly CancellationTokenSource _processStandardInWriteCancellationTokenSource = new();
+        private readonly ConcurrentQueue<string> _errorData = new();
+        private readonly ConcurrentQueue<string> _outputData = new();
         private readonly TimeSpan _sigintTimeout = TimeSpan.FromMilliseconds(7500);
         private readonly TimeSpan _sigtermTimeout = TimeSpan.FromMilliseconds(2500);
         private ITraceWriter Trace { get; set; }
 
         private class AsyncManualResetEvent
         {
-            private volatile TaskCompletionSource<bool> m_tcs = new TaskCompletionSource<bool>();
+            private volatile TaskCompletionSource<bool> m_tcs = new();
 
             public Task WaitAsync() { return m_tcs.Task; }
 
@@ -264,7 +264,17 @@ namespace GitHub.Runner.Sdk
             {
                 foreach (KeyValuePair<string, string> kvp in environment)
                 {
+#if OS_WINDOWS
+                    string tempKey = String.IsNullOrWhiteSpace(kvp.Key) ? kvp.Key : kvp.Key.Split('\0')[0];
+                    string tempValue = String.IsNullOrWhiteSpace(kvp.Value) ? kvp.Value : kvp.Value.Split('\0')[0];
+                    if(!String.IsNullOrWhiteSpace(tempKey))
+                    {
+                         _proc.StartInfo.Environment[tempKey] = tempValue;
+                    }
+#else
                     _proc.StartInfo.Environment[kvp.Key] = kvp.Value;
+
+#endif
                 }
             }
 
@@ -387,8 +397,8 @@ namespace GitHub.Runner.Sdk
 
         private void ProcessOutput()
         {
-            List<string> errorData = new List<string>();
-            List<string> outputData = new List<string>();
+            List<string> errorData = new();
+            List<string> outputData = new();
 
             string errorLine;
             while (_errorData.TryDequeue(out errorLine))

src/Runner.Sdk/Runner.Sdk.csproj

@@ -3,12 +3,12 @@
   <PropertyGroup>
     <TargetFramework>net6.0</TargetFramework>
     <OutputType>Library</OutputType>
-    <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64</RuntimeIdentifiers>
+    <RuntimeIdentifiers>win-x64;win-x86;linux-x64;linux-arm64;linux-arm;osx-x64;osx-arm64;win-arm64</RuntimeIdentifiers>
     <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
     <NoWarn>NU1701;NU1603</NoWarn>
     <Version>$(Version)</Version>
   </PropertyGroup>
-  
+
   <ItemGroup>
     <ProjectReference Include="..\Sdk\Sdk.csproj" />
   </ItemGroup>

src/Runner.Sdk/RunnerWebProxy.cs

@@ -23,9 +23,9 @@ namespace GitHub.Runner.Sdk
         private string _httpsProxyPassword;
         private string _noProxyString;
 
-        private readonly List<ByPassInfo> _noProxyList = new List<ByPassInfo>();
-        private readonly HashSet<string> _noProxyUnique = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
-        private readonly Regex _validIpRegex = new Regex("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", RegexOptions.Compiled);
+        private readonly List<ByPassInfo> _noProxyList = new();
+        private readonly HashSet<string> _noProxyUnique = new(StringComparer.OrdinalIgnoreCase);
+        private readonly Regex _validIpRegex = new("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", RegexOptions.Compiled);
 
         public string HttpProxyAddress => _httpProxyAddress;
         public string HttpProxyUsername => _httpProxyUsername;

src/Runner.Sdk/Util/IOUtil.cs

@@ -3,7 +3,6 @@ using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
-using System.Reflection;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading;
@@ -53,7 +52,7 @@ namespace GitHub.Runner.Sdk
             using (SHA256 sha256hash = SHA256.Create())
             {
                 byte[] data = sha256hash.ComputeHash(Encoding.UTF8.GetBytes(hashString));
-                StringBuilder sBuilder = new StringBuilder();
+                StringBuilder sBuilder = new();
                 for (int i = 0; i < data.Length; i++)
                 {
                     sBuilder.Append(data[i].ToString("x2"));
@@ -78,7 +77,7 @@ namespace GitHub.Runner.Sdk
         public static void DeleteDirectory(string path, bool contentsOnly, bool continueOnContentDeleteError, CancellationToken cancellationToken)
         {
             ArgUtil.NotNullOrEmpty(path, nameof(path));
-            DirectoryInfo directory = new DirectoryInfo(path);
+            DirectoryInfo directory = new(path);
             if (!directory.Exists)
             {
                 return;
@@ -364,12 +363,12 @@ namespace GitHub.Runner.Sdk
             Directory.CreateDirectory(target);
 
             // Get the file contents of the directory to copy.
-            DirectoryInfo sourceDir = new DirectoryInfo(source);
+            DirectoryInfo sourceDir = new(source);
             foreach (FileInfo sourceFile in sourceDir.GetFiles() ?? new FileInfo[0])
             {
                 // Check if the file already exists.
                 cancellationToken.ThrowIfCancellationRequested();
-                FileInfo targetFile = new FileInfo(Path.Combine(target, sourceFile.Name));
+                FileInfo targetFile = new(Path.Combine(target, sourceFile.Name));
                 if (!targetFile.Exists ||
                     sourceFile.Length != targetFile.Length ||
                     sourceFile.LastWriteTime != targetFile.LastWriteTime)
@@ -424,6 +423,12 @@ namespace GitHub.Runner.Sdk
             throw new NotSupportedException($"Unable to validate execute permissions for directory '{directory}'. Exceeded maximum iterations.");
         }
 
+        public static void CreateEmptyFile(string path)
+        {
+            Directory.CreateDirectory(Path.GetDirectoryName(path));
+            File.WriteAllText(path, null);
+        }
+
         /// <summary>
         /// Recursively enumerates a directory without following directory reparse points.
         /// </summary>