From ba60849769fd5289b32fdf338cae9fbf04e9a1f6 Mon Sep 17 00:00:00 2001 From: Tingluo Huang Date: Wed, 3 Jan 2024 11:31:17 -0500 Subject: [PATCH 1/2] Extend --check to check Results-Receiver service. --- docs/checks/actions.md | 6 ++++++ docs/checks/network.md | 1 + src/Runner.Listener/Checks/ActionsCheck.cs | 11 +++++++++++ 3 files changed, 18 insertions(+) diff --git a/docs/checks/actions.md b/docs/checks/actions.md index c232ab3b8f4..28fc53e8244 100644 --- a/docs/checks/actions.md +++ b/docs/checks/actions.md @@ -10,6 +10,7 @@ Make sure the runner has access to actions service for GitHub.com or GitHub Ente - The runner needs to access `https://codeload.github.com` for downloading actions tar.gz/zip. - The runner needs to access `https://vstoken.actions.githubusercontent.com/_apis/.../` for requesting an access token. - The runner needs to access `https://pipelines.actions.githubusercontent.com/_apis/.../` for receiving workflow jobs. + - The runner needs to access `https://results-receiver.actions.githubusercontent.com/.../` for report progress and upload logs during a workflow job execution. --- **NOTE:** for the full list of domains that are required to be in the firewall allow list refer to the [GitHub self-hosted runners requirements documentation](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github). @@ -20,6 +21,7 @@ Make sure the runner has access to actions service for GitHub.com or GitHub Ente curl -v https://codeload.github.com/_ping curl -v https://vstoken.actions.githubusercontent.com/_apis/health curl -v https://pipelines.actions.githubusercontent.com/_apis/health + curl -v https://results-receiver.actions.githubusercontent.com/health ``` - For GitHub Enterprise Server @@ -60,6 +62,10 @@ Make sure the runner has access to actions service for GitHub.com or GitHub Ente - Ping pipelines.actions.githubusercontent.com using dotnet - Make HTTP GET to https://pipelines.actions.githubusercontent.com/_apis/health or https://myGHES.com/_services/pipelines/_apis/health using dotnet, check response headers contains `x-vss-e2eid` - Make HTTP POST to https://pipelines.actions.githubusercontent.com/_apis/health or https://myGHES.com/_services/pipelines/_apis/health using dotnet, check response headers contains `x-vss-e2eid` +--- +- DNS lookup for results-receiver.actions.githubusercontent.com using dotnet +- Ping results-receiver.actions.githubusercontent.com using dotnet +- Make HTTP GET to https://results-receiver.actions.githubusercontent.com/health using dotnet, check response headers contains `X-GitHub-Request-Id` ## How to fix the issue? diff --git a/docs/checks/network.md b/docs/checks/network.md index aaf92480f44..758618a5e90 100644 --- a/docs/checks/network.md +++ b/docs/checks/network.md @@ -42,6 +42,7 @@ If you are having trouble connecting, try these steps: - https://api.github.com/ - https://vstoken.actions.githubusercontent.com/_apis/health - https://pipelines.actions.githubusercontent.com/_apis/health + - https://results-receiver.actions.githubusercontent.com/health - For GHES/GHAE - https://myGHES.com/_services/vstoken/_apis/health - https://myGHES.com/_services/pipelines/_apis/health diff --git a/src/Runner.Listener/Checks/ActionsCheck.cs b/src/Runner.Listener/Checks/ActionsCheck.cs index 8ef00ee448c..4d4d5e42b09 100644 --- a/src/Runner.Listener/Checks/ActionsCheck.cs +++ b/src/Runner.Listener/Checks/ActionsCheck.cs @@ -39,6 +39,7 @@ public async Task RunCheck(string url, string pat) string githubApiUrl = null; string actionsTokenServiceUrl = null; string actionsPipelinesServiceUrl = null; + string resultsReceiverServiceUrl = null; var urlBuilder = new UriBuilder(url); if (UrlUtil.IsHostedServer(urlBuilder)) { @@ -47,6 +48,7 @@ public async Task RunCheck(string url, string pat) githubApiUrl = urlBuilder.Uri.AbsoluteUri; actionsTokenServiceUrl = "https://vstoken.actions.githubusercontent.com/_apis/health"; actionsPipelinesServiceUrl = "https://pipelines.actions.githubusercontent.com/_apis/health"; + resultsReceiverServiceUrl = "https://results-receiver.actions.githubusercontent.com/health"; } else { @@ -56,6 +58,7 @@ public async Task RunCheck(string url, string pat) actionsTokenServiceUrl = urlBuilder.Uri.AbsoluteUri; urlBuilder.Path = "_services/pipelines/_apis/health"; actionsPipelinesServiceUrl = urlBuilder.Uri.AbsoluteUri; + resultsReceiverServiceUrl = string.Empty; // we don't have Results service in GHES yet. } var codeLoadUrlBuilder = new UriBuilder(url); @@ -72,6 +75,14 @@ public async Task RunCheck(string url, string pat) checkTasks.Add(CheckUtil.CheckPing(codeLoadUrlBuilder.Uri.AbsoluteUri)); checkTasks.Add(HostContext.CheckHttpsGetRequests(codeLoadUrlBuilder.Uri.AbsoluteUri, pat, expectedHeader: "X-GitHub-Request-Id")); + // check results-receiver service + if (!string.IsNullOrEmpty(resultsReceiverServiceUrl)) + { + checkTasks.Add(CheckUtil.CheckDns(resultsReceiverServiceUrl)); + checkTasks.Add(CheckUtil.CheckPing(resultsReceiverServiceUrl)); + checkTasks.Add(HostContext.CheckHttpsGetRequests(resultsReceiverServiceUrl, pat, expectedHeader: "X-GitHub-Request-Id")); + } + // check actions token service checkTasks.Add(CheckUtil.CheckDns(actionsTokenServiceUrl)); checkTasks.Add(CheckUtil.CheckPing(actionsTokenServiceUrl)); From 87eed5224e7bd47287a77469596121c53b26029b Mon Sep 17 00:00:00 2001 From: Tingluo Huang Date: Wed, 3 Jan 2024 11:37:07 -0500 Subject: [PATCH 2/2] Update docs/checks/actions.md Co-authored-by: Christopher Schleiden --- docs/checks/actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/checks/actions.md b/docs/checks/actions.md index 28fc53e8244..bdf3abfc1c8 100644 --- a/docs/checks/actions.md +++ b/docs/checks/actions.md @@ -10,7 +10,7 @@ Make sure the runner has access to actions service for GitHub.com or GitHub Ente - The runner needs to access `https://codeload.github.com` for downloading actions tar.gz/zip. - The runner needs to access `https://vstoken.actions.githubusercontent.com/_apis/.../` for requesting an access token. - The runner needs to access `https://pipelines.actions.githubusercontent.com/_apis/.../` for receiving workflow jobs. - - The runner needs to access `https://results-receiver.actions.githubusercontent.com/.../` for report progress and upload logs during a workflow job execution. + - The runner needs to access `https://results-receiver.actions.githubusercontent.com/.../` for reporting progress and uploading logs during a workflow job execution. --- **NOTE:** for the full list of domains that are required to be in the firewall allow list refer to the [GitHub self-hosted runners requirements documentation](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#communication-between-self-hosted-runners-and-github).