Runner Version and Platform

actions-runner-win-x64-2.160.2

Windows Server 2019 Standard (1809)

What's not working?

Side effect of issue #191. Configuring the agent to run as a service that ultimately causes such service to fail, results in the config process to report that the service has been started successfully, where in reality this is definitely not the case.

PS C:\Users\Lucas Costi\actions-runner> ./config.cmd --url https://github.com/lucascosti/actions-private-playground --token ABB2TGV5QRUAQRVT4DONCU25YXSSO

--------------------------------------------------------------------------------
|        ____ _ _   _   _       _          _        _   _                      |
|       / ___(_) |_| | | |_   _| |__      / \   ___| |_(_) ___  _ __  ___      |
|      | |  _| | __| |_| | | | | '_ \    / _ \ / __| __| |/ _ \| '_ \/ __|     |
|      | |_| | | |_|  _  | |_| | |_) |  / ___ \ (__| |_| | (_) | | | \__ \     |
|       \____|_|\__|_| |_|\__,_|_.__/  /_/   \_\___|\__|_|\___/|_| |_|___/     |
|                                                                              |
|                       Self-hosted runner registration                        |
|                                                                              |
--------------------------------------------------------------------------------

# Authentication


√ Connected to GitHub

# Runner Registration

Enter the name of runner: [press Enter for WIN-9L5VTRV5F51] win-server-2019-vm

√ Runner successfully added
√ Runner connection is good

# Runner settings

Enter name of work folder: [press Enter for _work]

√ Settings Saved.

Would you like to run the runner as service? (Y/N) [press Enter for N] y
User account to use for the service [press Enter for NT AUTHORITY\NETWORK SERVICE]
Granting file permissions to 'NT AUTHORITY\NETWORK SERVICE'.
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-server-2019-vm successfully installed
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-server-2019-vm successfully set recovery option
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-server-2019-vm successfully set to delayed auto start
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-server-2019-vm successfully configured
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-server-2019-vm started successfully
PS C:\Users\Lucas Costi\actions-runner>
PS C:\Users\Lucas Costi\actions-runner>
PS C:\Users\Lucas Costi\actions-runner> Get-Service "actionsrunner.*"

Status   Name               DisplayName
------   ----               -----------
Stopped  actionsrunner.c... GitHub Actions Runner (cT09lfQ8MbjR...


PS C:\Users\Lucas Costi\actions-runner>
PS C:\Users\Lucas Costi\actions-runner>
PS C:\Users\Lucas Costi\actions-runner>
PS C:\Users\Lucas Costi\actions-runner> Start-Service "actionsrunner.*"
Start-Service : Service name
actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-server-2019-vm contains invalid
characters, is empty, or is too long (max length = 80).
At line:1 char:1
+ Start-Service "actionsrunner.*"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Start-Service], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.StartServiceCommand

In the GitHub diagnostic logs, the runner logs information that can be considered "Personally-Identifiable" (e.g. names, emails), either from the GitHub context, or from the regular info/warning/debug messages.

@patrickcarnahan made a good point on exploring the need to scrub PII data out of the logs:

GH will (likely) eventually want the same types of certifications that MS has for data sovereignty, right to be forgotten, etc, as some customers may depend on these types of features and certifications to use the products.

This issue tracks the effort of figuring out what sort of information we need to scrub in order to comply with such certifications.

Found whilst doing docs in https://github.com/github/help-docs/pull/11453#issuecomment-550941515

Runner version 2.160.0

It seems that the Windows service naming (actionsrunner.<IDetc>), is different from the systemd and macOS ones (actions.runner.<IDetc>) (note the . between actions and runner 🙂)

On Windows, I have documented the current service name for the time-being in https://github.com/github/help-docs/pull/11453. When this is fixed please let us in docs know (either myself or github/product-docs-core), so we can update the doc if the doc has already shipped.

Default shells seem to be limited. For example, the following step:

    - run: |
        ps
        echo "$(tty)"

produces:

   PID TTY          TIME CMD
  2587 ?        00:00:02 Runner.Listener
  2611 ?        00:00:02 Runner.Worker
  2763 ?        00:00:00 bash
  2777 ?        00:00:00 ps
not a tty

As a result, multiple tools that can provide pretty coloured logs do not work as expected. This is the case of e.g. colorama or pytest in the Python ecosystem.

A possible workaround is to use docker run --rm -t .... However, this involves installing in the container multiple resources/tools that are already available on the host. Furthermore, I don't know if windows containers are supported on windows-latest jobs.

I tried setting shell: bash -i -l {0}, but I get:

bash: cannot set terminal process group (1291): Inappropriate ioctl for device
bash: no job control in this shell

I tried python -c 'import pty; pty.spawn("/bin/sh")' too, but the job wil run for more than 10min with no output.

Which is the appropriate syntax to get a TTY?

The TestUtil class is used on a majority of our tests, it expects an environmental variable that does not resolve when running inside Visual Studio (the path to the ./src folder). The Test Explorer has a large number of failing tests that work via the CLI, which hampers productivity for VS users.

To make it easier to open the codebase in VS, consider adding a solution file (.sln file). This will make it easier to open, edit, and build the various C# projects.

Created this issue to keep track of the code/features that are no longer needed.

Please keep the below list updated with desc of features that has to be removed along with their status.

• Unused authentication methods
  • Integrated, Negotiate, Alternate, ServiceIdentity #123
  • PAT, AAD #218
• AsyncCommandContext #124
• Comment/code references (not server references) still pointing to the 'AZP agent' #125, #227, #228
• Capabilities support
  • #130 did most of the cleanup already, #197 to clean rest of non-SDK code
  • Added check in server list to clean up SDK code (contracts, etc...)
• LocalRun #218
• SDK code
  • Build2 SDK #219
  • DT Expression V1 #218
  • DT Pipeline contract for orchestration (Phase, Job, Pipeline, etc) #218
  • DT WebApi legacy contract (Task, DeploymentGroup, etc) #218
  • VSS WebApis #218, #222
  • TFS common #218, #222
• "PII" variables in job message scrubbing #209
• Unused Constants in Common.Constants #197
• Legacy Proxy code #206
• Configuration Store agentId
  • Should we rename it to runnerId, and keep agentId for back-compat? (not going to do rename)
• Re-enable/delete commented-out test code
  • AgentL0.cs #209
  • ActionManagerL0.cs #214
  • JobExtensionL0.cs #214
  • JobRunnerL0.cs #214
  • StepsRunnerL0.cs #214
  • TaskCommandExtensionL0.cs #214
  • ProcessInvokerL0.cs #214

Untied to open-sourcing runner:

• Build2 (v1) Artifact publish/download #212

Runner Version and Platform

actions-runner-win-x64-2.160.2

Windows Server 2019 Standard (1809)

What's not working?

If a user runs a powershell in a Windows user directory, and tries to use the default suggested user for running installing a service (NT AUTHORITY\NETWORK SERVICE), the config script completes successfully and says the service is running, but the service never actually successfully starts.

@thboop has identified that this is due to NT AUTHORITY\NETWORK SERVICE not having permissions to the user directory to start the service.

I have suggested that we add this extra paragraph to the 'Add runner' modal for adding a runner:

Note: If you want to install the runner application as a service, you must open a shell with administrator privileges. We also recommend that you use C:\actions-runner as the directory for the runner application so that Windows system accounts can access the runner directory.

The above note has been added to the docs, but IMO, it should also be in the modal UI.

Failing powershell run below:

PS C:\Users\Lucas Costi\actions-runner> ./config.cmd --url https://github.com/lucascosti/actions-private-playground --token ABB2TGV5QRUAQRVT4DONCU25YXSSO

--------------------------------------------------------------------------------
|        ____ _ _   _   _       _          _        _   _                      |
|       / ___(_) |_| | | |_   _| |__      / \   ___| |_(_) ___  _ __  ___      |
|      | |  _| | __| |_| | | | | '_ \    / _ \ / __| __| |/ _ \| '_ \/ __|     |
|      | |_| | | |_|  _  | |_| | |_) |  / ___ \ (__| |_| | (_) | | | \__ \     |
|       \____|_|\__|_| |_|\__,_|_.__/  /_/   \_\___|\__|_|\___/|_| |_|___/     |
|                                                                              |
|                       Self-hosted runner registration                        |
|                                                                              |
--------------------------------------------------------------------------------

# Authentication


√ Connected to GitHub

# Runner Registration

Enter the name of runner: [press Enter for WIN-9L5VTRV5F51] win

√ Runner successfully added
√ Runner connection is good

# Runner settings

Enter name of work folder: [press Enter for _work]

√ Settings Saved.

Would you like to run the runner as service? (Y/N) [press Enter for N] y
User account to use for the service [press Enter for NT AUTHORITY\NETWORK SERVICE]
Granting file permissions to 'NT AUTHORITY\NETWORK SERVICE'.
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win successfully installed
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win successfully set recovery option
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win successfully set to delayed auto start
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win successfully configured
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win started successfully
PS C:\Users\Lucas Costi\actions-runner> Get-Service "actionsrunner.*"

Status   Name               DisplayName
------   ----               -----------
Stopped  actionsrunner.c... GitHub Actions Runner (cT09lfQ8MbjR...


PS C:\Users\Lucas Costi\actions-runner> Start-Service "actionsrunner.*"
Start-Service : Failed to start service 'GitHub Actions Runner
(cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win)
(actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win)'.
At line:1 char:1
+ Start-Service "actionsrunner.*"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service],
   ServiceCommandException
    + FullyQualifiedErrorId : StartServiceFailed,Microsoft.PowerShell.Commands.StartServiceCommand

We recently migrated to .Net Core 3.0 and updated the Linux Dependency Doc. We should also make the corresponding updates for Mac and Windows.

Since we are getting ready to open source runner, we need to review a few things:

• Figure out what environment variables are set and if they need to be documented
• Review runner/github context and documentation
• Make sure we are aligning context/variables/docs and not setting anything we don't need to

Runner Version and Platform

2.162.0

OS of the machine running the runner? OSX/Windows/Linux/...
Windows 10

What's not working?

Given this workflow:

jobs:
  run:
    runs-on:
      pool: Default
    steps:
    - name: Run a one-line script
      run: echo "Hello, world!" > foo.txt
      shell: bash

And given a runner on a Windows machine with C:\Windows\System32 higher in the PATH than C:\Program Files\Git\bin, the step will always fail:

2019-12-10T15:04:26.6972799Z ##[group]Run echo "Hello, world!" > foo.txt
2019-12-10T15:04:26.6973314Z �[36;1mecho "Hello, world!" > foo.txt�[0m
2019-12-10T15:04:26.7008574Z shell: C:\WINDOWS\system32\bash.EXE --noprofile --norc -e -o pipefail {0}
2019-12-10T15:04:26.7008971Z ##[endgroup]
2019-12-10T15:04:27.0006449Z /bin/bash: E:SourceGithubrunner_layout_work_temp4d150768-4ef5-4b8b-a310-3effbd9ac7aa.sh: No such file or directory
2019-12-10T15:04:27.0061661Z ##[error]Process completed with exit code 1.

It appears that the WSL bash is expecting a script file path to be Unix-like, e.g. /mnt/E/Source/Github/runner/_layout/....

When an action writes debug, every debug line produces 4 lines of output.

Here is sample log output from one debug statement from an action:

::debug::RUNNER_WORKSPACE = '/Users/eric/repos/actions/runner/_layout/_work/testing'
##[debug]Processing command 'debug'
##[debug]RUNNER_WORKSPACE = '/Users/eric/repos/actions/runner/_layout/_work/testing'
##[debug]Processed command 'debug' successfully

Out of the four lines, only the third one should exist.

We want a way to be able to configure the self hosted runner to use a proxy. First class support for passing proxy information to actions would be helpful as well, as it would enable action authors and users to use that proxy information in their workflows.

Describe the enhancement

Having an agent per repo is very tedious and frustrating.
It would be nice to have agents that can work across repositories to prevent potentially having hundreds of agents to maintain (with rotating tokens) across hundreds of repos

Code Snippet

n/a

Additional information

n/a

This is reproducible in a simple script

run: |
  npm ping
  npm ping
  npm ping

We aren't sure the impact at this time, but it appears to be a power-shell bug. We should file an issue with reproduction for them to fix.

Runner Version and Platform

Version of your runner?
Current runner version: '2.159.2'

OS of the machine running the runner? OSX/Windows/Linux/...
All platforms

What's not working?

Please include error messages and screenshots.
Currently, the hashFiles function only works against absolute path. If I specify a relative path, I get:
##[error]The template is not valid. 'hashFiles(./pom.xml)' failed. Search pattern './pom.xml' doesn't match any file under '/home/runner/work/artifactcache-maven-e2e/artifactcache-maven-e2e'
or
##[error]The template is not valid. 'hashFiles(pom.xml)' failed. Search pattern 'pom.xml' doesn't match any file under '/home/runner/work/artifactcache-maven-e2e/artifactcache-maven-e2e'

It works if the input is an absolute path, or if we **/pom.xml.

This effectively makes hashFiles impractical to use as most of the package lock files are in the checkoued src directory.

I guess this search returns a list of absolute file paths, and our pattern doesn't match any of them.

It would be nice to know the minimum amount of software necessary to run this with a custom container. For example, this project requires git at at least v2.18.

I'm currently trying to debug this failure:

/usr/bin/docker exec  186a95cc5746a0d66133af0ae7ec9e161d903825e4c12bdf02f1a2fcede1fe14 sh -c "cat /etc/*release | grep ^ID"
Running JavaScript Action with default external tool: node12
OCI runtime exec failed: exec failed: container_linux.go:346: starting container process caused "no such file or directory": unknown

I suspect this means I need to add Node.js to the container image but I'm not sure.

Then runner download the action's tarball/zipball via github api, unzip to disk under _work/_actions/<repo>/<ref>.

The runner won't re-download any action if it's already on disk.

I think we need to re-check this logic before self-hosted runner GA.

Ex:

- uses: actions/checkout@v1

action.yml on disk: _work/_actions/actions/checkout/v1/action.yml

Since action author can repoint their v1 tag to the latest v1 version, ex: v1.0.0 to v1.0.1, the current action download/cache logic will prevent user using self-hosted runner to get latest version on a version channel.

Post Action Steps delay sending timeline record entries, which results in the steps appearing out of order in the UI until it is refreshed. This only occurs when jobs are run inside a container, the stopping job container step appears before the post-action steps.

We shouldn't retry if the server is returning back 'Forbidden' or other 400 errors that indicate a problem with the caller. Also, the FCS does not return things like 404 in the event of invalid cache or the like, so this should be a safe change.

See #131 is the change to prevent multiple upload attempts.

Runner Version and Platform

Ubuntu 2.156.4

What's not working?

See this related issue https://github.com/github/dreamlifter/issues/1150

When a user runs a step that kills the process tree (SIGTERMing the runner and the worker), the step fails to upload its logs. We may be able to clean up this process a bit by creating a better UX in this case, by uploading an error message that contains what happened so a user can more easily debug why their step is not running properly.

Here is the reproducible YAML

on: [push]
jobs:
  run:
    name: Run
    runs-on: ubuntu-latest
    steps:
    - run: echo "hello world"
    
    - run: |
        echo "Lets see if signalr shows you this"
        sleep 2
        echo "And this"
        sleep 2
        echo "Sleeping and killing the parent process..."
        sleep 2
        kill -s TERM $PPID
    
    - run: echo "goodbye"

#173 added a solution file and Directory.Build.props to make working on this easier in full VS, but with a fresh clone F5 builds fail because the auto generated BuildConstants class doesn't exist which is coming from:

I've tried playing around with the project files and have gotten this target to run on F5 builds, but it's not working correctly when running from the build script (it runs and the file's created, but it seems to happen too late in the build so it still fails). I'll keep playing with this to see if I can get it to work.

After a few of the currently-open PRs are merged (#174, #178), all compiler and code analyzer warnings should be fixed. It would be good to set TreatWarningsAsErrors to true for all projects to ensure that contributors are forced to fix warnings before submitting a PR.

I recommend this setting be placed in the new Directory.Builds.props file that I included in this PR: https://github.com/actions/runner/pull/173/files#diff-6483fde6c45c90fdfe98ca72eadfa651

That way the setting will automatically be shared by all projects in that folder and sub-folders. Individual projects can override that setting if they want to (but they shouldn't!).

Power PC, Solaris, IBM Mainframe, redhat 5/6 (without a new sku) etc.

Start with an ADR evaluation of platform coverage

Runner Version and Platform

actions-runner-win-x64-2.160.2

Windows Server 2019 Standard (1809)

What's not working?

It's not possible to configure a Windows runner as a service with a runner name > 7 characters.

If you provide a runner name >7 charachters, the config script completes successfully and says the service is running, but the service never actually successfully starts.

Looking at the error, it seems that the length of the runner name is the issue, mainly due to the length of the hash in the name. This means (at least in my case), the runner name has to be quite small (<= 7 characters) to make it inside the 80 character service name limit.

Full powershell outputs below:

Failure with runner name win-server-2019-vm:

PS C:\Users\Lucas Costi\actions-runner> ./config.cmd --url https://github.com/lucascosti/actions-private-playground --token ABB2TGV5QRUAQRVT4DONCU25YXSSO

--------------------------------------------------------------------------------
|        ____ _ _   _   _       _          _        _   _                      |
|       / ___(_) |_| | | |_   _| |__      / \   ___| |_(_) ___  _ __  ___      |
|      | |  _| | __| |_| | | | | '_ \    / _ \ / __| __| |/ _ \| '_ \/ __|     |
|      | |_| | | |_|  _  | |_| | |_) |  / ___ \ (__| |_| | (_) | | | \__ \     |
|       \____|_|\__|_| |_|\__,_|_.__/  /_/   \_\___|\__|_|\___/|_| |_|___/     |
|                                                                              |
|                       Self-hosted runner registration                        |
|                                                                              |
--------------------------------------------------------------------------------

# Authentication


√ Connected to GitHub

# Runner Registration

Enter the name of runner: [press Enter for WIN-9L5VTRV5F51] win-server-2019-vm

√ Runner successfully added
√ Runner connection is good

# Runner settings

Enter name of work folder: [press Enter for _work]

√ Settings Saved.

Would you like to run the runner as service? (Y/N) [press Enter for N] y
User account to use for the service [press Enter for NT AUTHORITY\NETWORK SERVICE]
Granting file permissions to 'NT AUTHORITY\NETWORK SERVICE'.
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-server-2019-vm successfully installed
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-server-2019-vm successfully set recovery option
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-server-2019-vm successfully set to delayed auto start
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-server-2019-vm successfully configured
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-server-2019-vm started successfully
PS C:\Users\Lucas Costi\actions-runner>
PS C:\Users\Lucas Costi\actions-runner>
PS C:\Users\Lucas Costi\actions-runner> Get-Service "actionsrunner.*"

Status   Name               DisplayName
------   ----               -----------
Stopped  actionsrunner.c... GitHub Actions Runner (cT09lfQ8MbjR...


PS C:\Users\Lucas Costi\actions-runner>
PS C:\Users\Lucas Costi\actions-runner>
PS C:\Users\Lucas Costi\actions-runner>
PS C:\Users\Lucas Costi\actions-runner> Start-Service "actionsrunner.*"
Start-Service : Service name
actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-server-2019-vm contains invalid
characters, is empty, or is too long (max length = 80).
At line:1 char:1
+ Start-Service "actionsrunner.*"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Start-Service], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.StartServiceCommand

Working run with runner name win-srv:

PS C:\Users\Lucas Costi\actions-runner> ./config.cmd --url https://github.com/lucascosti/actions-private-playground --token ABB2TGX5OX5XUKXWQBNKHWS5YX63E

--------------------------------------------------------------------------------
|        ____ _ _   _   _       _          _        _   _                      |
|       / ___(_) |_| | | |_   _| |__      / \   ___| |_(_) ___  _ __  ___      |
|      | |  _| | __| |_| | | | | '_ \    / _ \ / __| __| |/ _ \| '_ \/ __|     |
|      | |_| | | |_|  _  | |_| | |_) |  / ___ \ (__| |_| | (_) | | | \__ \     |
|       \____|_|\__|_| |_|\__,_|_.__/  /_/   \_\___|\__|_|\___/|_| |_|___/     |
|                                                                              |
|                       Self-hosted runner registration                        |
|                                                                              |
--------------------------------------------------------------------------------

# Authentication


√ Connected to GitHub

# Runner Registration

Enter the name of runner: [press Enter for WIN-9L5VTRV5F51] win-srv

√ Runner successfully added
√ Runner connection is good

# Runner settings

Enter name of work folder: [press Enter for _work]

√ Settings Saved.

Would you like to run the runner as service? (Y/N) [press Enter for N] y
User account to use for the service [press Enter for NT AUTHORITY\NETWORK SERVICE] Lucas Costi
Password for the account WIN-9L5VTRV5F51\Lucas Costi *********
Granting file permissions to 'WIN-9L5VTRV5F51\Lucas Costi'.
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-srv successfully installed
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-srv successfully set recovery option
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-srv successfully set to delayed auto start
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-srv successfully configured
Service actionsrunner.cT09lfQ8MbjRkaUM211SBR82j32Te65GnVI5TvwNaRzz0HCzOU.Default.win-srv started successfully
PS C:\Users\Lucas Costi\actions-runner>
PS C:\Users\Lucas Costi\actions-runner>
PS C:\Users\Lucas Costi\actions-runner> Get-Service "actionsrunner.*"

Status   Name               DisplayName
------   ----               -----------
Running  actionsrunner.c... GitHub Actions Runner (cT09lfQ8MbjR...

Summary

The fromPath property in matcher config, should be treated as a file path, not a directory path.

Without this fix, the dotnet problem matcher will not work most of the time. The typical convention is for dotnet projects to be under a subfolder, so the relative source file paths printed in the error message are not relative to the root of the repo (they are further down in the directory structure).

Details

Consider the following output from csc:

"foo.cs(7,2): error CS1022: Type or namespace definition, or end-of-file expected [/home/runner/work/my-repo/my-repo/my-project/my-project.csproj]

The source file foo.cs should to be rooted relative to the directory containing the csproj. Currently it is rooted against the csproj file (not the directory). This causes an incorrect rooted path /home/runner/work/my-repo/my-repo/my-project/my-project.csproj/foo.cs

The command-line build dev build sets variables such as -p:PackageRuntime="${RUNTIME_ID}", which are required to be defined for the CSPROJ to be able to compile.

In VS this variable is not defined, so you get build errors due to the OS-specific #define's not being set, such as OS_WINDOWS.

Perhaps there should be a default value for these, or make them optional, so that it's possible to build from Visual Studio?

The add-mask command echoes the input, then processes the command, which means that when the input is echoed the secret is not registered. This causes the secret to leak.

The add mask command encoded data and decodes it before registering it as a secret. A user can send an encoded multiline secret to the add-mask command, which it will then try to register as a single secret. Since we do our processing line by line, a multi-line secret will never mask as the secret masker works based on exact matches.

We should either explicitly fail when a multiline string is given, or split the string into individual secrets and mask all of those.

For now, we have updated the toolkit docs indicating it is not supported
actions/toolkit#196

Node 12 just released as LTS. Let's start with that one.

Also, make sure the handler name in the action.yml is node12

The Runner process is passing up the JWT Tokens to the system using basic auth (which is currently supported). We want to get rid of this, so we should move to using Bearer instead.

Right now, there's a hyperlink to the download. The instructions should have a curl or ps command to download which matches the product instructions.

This is especially important to have in place until we're notarized.

What's not working?

Tools installed by setup-$tool actions that require a PATH update in the environment break in job containers

Containers typically bring their own toolsets so I havent seen anyone hit this yet, but it is broken

I introduced this bug via https://github.com/actions/runner/pull/23/files#diff-fd6512562302c29ee1adf6e88a5f1e11

We had a nice chain-loader-ish setup via the node process where:

1. Node process exec'd in container would pick up PATH from container environment
2. Prepend tool paths that were tracked

Part of supporting more job container types (alpine!) and to simplify the job container concept I removed this dependency on node

Because the environment of the container cant be known until runtime so it must be started and some process must run in the container. Passing -e PATH={prependPath}:$PATH is $PATH relative to the host, and theres not really a way to set a modified path without completely writing over the container path

I am introducing some new patterns where we need to exec into the container to gather runtime information anyways (figure out distribution / libraries so we know which nodejs binary to use as the script runtime), so Im going to fix it there

In this example the modified path setup by setup-node doesnt make it to the run script

on: push
jobs:
  myjob:
    container: alpine
    runs-on:
      pool: default
    steps:
    - uses: actions/setup-node@v1
      with:
        node-version: '10.x'
    - run: node --version

Attempting to use a job-container on macos self hosted, fails with the error message: Could not find a part of the path '/proc/1/cgroup'

Here is the repro:

on: [push]
jobs:
  build:
    runs-on: [self-hosted, macos]      
    container: ubuntu:18.04    
    steps:
      - run: printenv|sort

Note, after commenting out the offending code, the runner fails downstream with a better error message: Container operation is only supported on Linux. So i think we just need to add better validation sooner.

In october, node 12 will LTS.

https://nodejs.org/en/about/releases/

Keep this open and fix when it's available.

The REST API for uploading and downloading artifacts has (already) changed in master (M159). The Build2 APIs have been removed in favor of new APIs are in the Pipelines area. See here for more details.

Note that the contract for upload and download has changed, so this won't be a trivial change (i.e. just changing the area identifier).

Thank you 🙇‍♀ for wanting to create a feature in this repository. Before you do, please ensure you are filing the issue in the right place. Issues should only be opened on if the issue relates to code in this repository.

• If you have found a security issue please submit it here
• If you have questions or issues with the service, writing workflows or actions, then please visit the GitHub Community Forum's Actions Board
• If you are having an issue or question about GitHub Actions then please contact customer support

If you have a feature request that is relevant to this repository, the runner, then please include the information below:

Describe the enhancement
Every runner build should produce containers and they should be published. This allows for kubernetes or other container services to elastically run jobs with the latest runner (avoiding the need for potential updates when starting)

Additional information
Would be nice to have standard linux distros as well as alpine

NOTE: if the feature request has been agreed upon then the assignee will create an ADR. See docs/adrs/README.md

Current usage of action setup-msys2 requires commands to be preprended with msys2do, which is a cmd file (d:\a\_tmp\msys\msys2do.cmd). For example:

  - uses: numworks/setup-msys2@v1
  - run: msys2do makepkg-mingw -sCLfc --noconfirm --noprogressbar

On the one hand, it would be more natural if the shell was selectable as the built-in ones (cmd, powershell, bash), as it would allow a more consistent syntax:

  - uses: numworks/setup-msys2@v1
  - shell: msys2
    run: makepkg-mingw -sCLfc --noconfirm --noprogressbar

On the other hand, such a syntax would hopefully allow to use multi-line run fields, which is not possible ATM (numworks/setup-msys2#8):

  - uses: numworks/setup-msys2@v1
  - shell: msys2
    run: |
      uname -a
      makepkg-mingw -sCLfc --noconfirm --noprogressbar

Apart from that, it'd be useful to have a function in the toolkit core which allows to change the default shell for all the following steps in a job. A possible solution is to allow to set shell at job level (as it is supported for env). However, I think that supporting it in the toolkit would still be useful.

For example, until a month ago, the default shell in windows-latest was cmd. Then, it was changed to powershell: https://github.blog/changelog/2019-10-17-github-actions-default-shell-on-windows-runners-is-changing-to-powershell/. As a result, it is/was necessary to explicitly set shell: cmd in all the steps that won't work with powershell. This is still the case for workflows where certain tests are to be executed on cmd, powershell and/or bash.

Currently, when run: msys2do is used, either with cmd or powershell, msys2do.cmd is found in the path and it is successfully executed. However, it seems that shell: msys2do {0} does not take the PATH set through the toolkit into account,: ##[error]File not found: 'msys2do'

d:\a\_temp\msys\msys2do.cmd {0} is not supported, either: ##[error]Second path fragment must not be a drive or UNC name. (Parameter 'expression')

Using a relative path (..\_temp\msys\msys2do.cmd {0}), shows that the workdir of the parent script is: ##[error]Could not find a part of the path 'C:\hostedtoolcache\windows\Python\3.6.8\_temp\msys'..

Therefore, it seems that a possible solution is to place a dummy file in C:\hostedtoolcache\windows\Python\3.6.8\x64\msys2.cmd, so that a relative path is used. That file will execute d:\a\_temp\msys\msys2do.cmd, which will itself execute bash. Precisely, the following js snippet works:

    fs.writeFileSync('C:/hostedtoolcache/windows/Python/3.6.8/x64/msys2.cmd', [
      `setlocal`,
      `@echo off`,
      `set "args=%*"`,
      `set "args=%args:\\=/%"`,
      cmd + ` %args%`
    ].join('\r\n'));

  - shell: ./msys2.cmd {0}
    run: |
      pacman -Syu --noconfirm
      uname -a

Nonetheless, it feels hackish, specially because of the hardcoded location of msys2.cmd.

Describe the enhancement

Running the agent within docker and having it auto update causes the container to throttle and never succeed without having to manage PID 1

It would be nice to have something in config.sh or run.sh, possibly environment variables to help opt out of auto-update

Code Snippet

n/a

Additional information

n/a

This section here:

It seems like it's maybe from something that was previously used, but is no longer part of the build.

If it's no longer needed, I recommend removing this section (which I'm happy to send a PR for).

./config.sh/cmd --help will only print out some basic info about how to use the cli.

Ex:

H:\Source\runner_new\_layout>config.cmd --help

Commands:,
 .\config.cmd          Configures the runner
 .\config.cmd remove   Unconfigures the runner
 .\run.cmd             Runs the runner interactively. Does not require any options.

Options:
 --version  Prints the runner version
 --commit   Prints the runner commit
 --help     Prints the help for each command

We should include more information in this help output, like all arguments the runner takes durring config and example for doing unattended runner config.

Describe the bug
I need to use a self-hosted runner to run some tests, and I want the tests can be isolated from the host machine due to some security issues, that meaning the host machine won't get access to the source code.
GitHub Actions provides a "container" syntax within a job, indicating the whole job will be running within the container.
However, after I run it, the files can be found within the _work/code-repo/code-repo directory in the runner.

I thought about adding a final clean up step at the end of the job, but it won't work if the job gets cancelled during execution and therefore the final clean up step won't run.

To Reproduce
Steps to reproduce the behavior:

1. I have the workflow.yaml file as follows:

on: [push]

jobs:

  action_test:
    runs-on: self-hosted
    container:
      image: localhost:5000/ubuntu-own
    name: test
    steps:
      - name: checkout
        uses: actions/checkout@v2

      - name: examine
        run: |
          ls
          pwd
      - name: fail clean up
        if: failure()
        run: |
          rm -rf *

      - name: clean up
        run: |
          rm -rf *

2. Push code to Github to trigger the self-hosted runner to run.
3. All the source files obtained through checkout can be seen under the folder of ~/github-actions-runners/test-repo/actions-runner/_work/test-repo/test-repo.

Expected behavior
The source code files cannot be seen by the host machine anytime.

Runner Version and Platform

Version is 2.163.1.

OS of the machine running the runner? Linux

Runner and Worker's Diagnostic Logs

I can see the logs within Initialize containers indicating the creation of the docker does some volume mounts.
/usr/bin/docker create --name 4625a0cc672e4786a61168dd09ed22eb_localhost5000ubuntumcu_8b5abb --label 63b318 --workdir /__w/test-repo/test-repo --network github_network_5b545002914b4c118fdae38bef600c83 --privileged -e "HOME=/github/home" -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/kolmostar/github-actions-runner/runner/_layout/_work":"/__w" -v "/home/kolmostar/github-actions-runner/runner/_layout/externals":"/__e":ro -v "/home/kolmostar/github-actions-runner/runner/_layout/_work/_temp":"/__w/_temp" -v "/home/kolmostar/github-actions-runner/runner/_layout/_work/_actions":"/__w/_actions" -v "/home/kolmostar/github-actions-runner/runner/_layout/_work/_tool":"/__w/_tool" -v "/home/kolmostar/github-actions-runner/runner/_layout/_work/_temp/_github_home":"/github/home" -v "/home/kolmostar/github-actions-runner/runner/_layout/_work/_temp/_github_workflow":"/github/workflow" --entrypoint "tail" localhost:5000/ubuntu-mcu "-f" "/dev/null"

Describe the enhancement

Currently the only way to set up an agent is to dig around the settings and take the runner token from the UI. This changes hourly which is frustrating when debugging as it will eventually just stop working.

Code Snippet

config.sh --url "${REPO_URL}" --token "${RUNNER_TOKEN}" --agent "${_RUNNER_NAME}" --work "${_RUNNER_WORKDIR}"

Additional information

n/a

The below yaml does not echo the second command

run: echo "::echo::on"
run: echo "::warning::test"

This does work

run: |
  echo "::echo::on"
  echo "::warning::test"

See actions/cache#12

https://github.slack.com/archives/CMV6PDVJT/p1572535582109200

On a fresh Windows 2019 Server VM, the config script fails to register a Self Hosted Runner Service.

Would you like to run the runner as service? (Y/N) [press Enter for N] y
User account to use for the service [press Enter for NT AUTHORITY\NETWORK SERVICE] Lucas Costi
Password for the account WIN-9L5VTRV5F51\Lucas Costi *********
Granting file permissions to 'WIN-9L5VTRV5F51\Lucas Costi'.

Unhandled Exception: System.IO.FileLoadException: Could not load file or assembly 'RunnerService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. Strong name validation failed. (Exception from HRESULT: 0x8013141A) ---> System.Security.SecurityException: Strong name validation failed. (Exception from HRESULT: 0x8013141A)
   --- End of inner exception stack trace ---
Exit code -532462766 returned from process: file name '"C:\Users\Lucas Costi\actions-runner\bin\RunnerService.exe"', arguments 'init'.

Create an action workflow to create a runner release.

The assets should be a GitHub release asset (and therefore use it's CDN).

We can have it trigger on version file changes in a release branch? Let's discuss.

When we open source, I want Actions creating the release

When user has symlink loop in the folder they trying to hash, the runner will stuck on finding all files under the folder, the job will hang and user get no idea what's going wrong.

We need to detect the symlink loop, stop the recursion search and continue find other files.