mirror of
https://github.com/game-ci/unity-builder.git
synced 2026-06-01 06:16:14 -07:00
Compare commits
7 Commits
fix/secure
...
feature/pr
| Author | SHA1 | Date | |
|---|---|---|---|
|
dcb0894d0e | ||
|
|
90b9b0c7b0 | ||
|
|
e9c247f04f | ||
|
|
cff759721a | ||
|
|
7e9d0bf53e | ||
|
|
8194790728 | ||
|
|
786ee3799c |
42
action.yml
42
action.yml
@@ -105,12 +105,6 @@ inputs:
|
||||
required: false
|
||||
default: ''
|
||||
description: '[Orchestrator] Github private token to pull from github'
|
||||
gitAuthMode:
|
||||
required: false
|
||||
default: 'header'
|
||||
description:
|
||||
'[Orchestrator] How git authentication is configured. "header" (default) uses http.extraHeader so the token
|
||||
never appears in clone URLs or git config. "url" embeds the token in clone URLs (legacy behavior).'
|
||||
githubOwner:
|
||||
required: false
|
||||
default: ''
|
||||
@@ -200,6 +194,42 @@ inputs:
|
||||
description:
|
||||
'[Orchestrator] Either local, k8s or aws can be used to run builds on a remote cluster. Additional parameters must
|
||||
be configured.'
|
||||
fallbackProviderStrategy:
|
||||
default: ''
|
||||
required: false
|
||||
description:
|
||||
'[Orchestrator] Fallback provider when the primary is unavailable. Used with runnerCheckEnabled for automatic
|
||||
failover, or as a catch-all if the primary provider fails to initialize.'
|
||||
runnerCheckEnabled:
|
||||
default: 'false'
|
||||
required: false
|
||||
description:
|
||||
'[Orchestrator] Check GitHub Actions runner availability before starting a build. When no suitable runners are
|
||||
available and fallbackProviderStrategy is set, automatically routes to the fallback provider.'
|
||||
runnerCheckLabels:
|
||||
default: ''
|
||||
required: false
|
||||
description:
|
||||
'[Orchestrator] Comma-separated runner labels to filter when checking availability (e.g. self-hosted,linux).
|
||||
When empty, checks all runners in the repository.'
|
||||
runnerCheckMinAvailable:
|
||||
default: '1'
|
||||
required: false
|
||||
description:
|
||||
'[Orchestrator] Minimum number of idle runners required for the primary provider. If fewer are available,
|
||||
routes to fallbackProviderStrategy.'
|
||||
retryOnFallback:
|
||||
default: 'false'
|
||||
required: false
|
||||
description:
|
||||
'[Orchestrator] When true and fallbackProviderStrategy is set, automatically retry the build on the fallback
|
||||
provider if the primary provider fails. Useful for long builds where transient cloud failures are common.'
|
||||
providerInitTimeout:
|
||||
default: '0'
|
||||
required: false
|
||||
description:
|
||||
'[Orchestrator] Maximum seconds to wait for the primary provider to initialize (setupWorkflow). If exceeded
|
||||
and fallbackProviderStrategy is set, switches to the fallback. Set to 0 to disable (default).'
|
||||
resourceTracking:
|
||||
default: 'false'
|
||||
required: false
|
||||
|
||||
356
dist/index.js
generated
vendored
356
dist/index.js
generated
vendored
@@ -327,7 +327,12 @@ class BuildParameters {
|
||||
containerRegistryRepository: input_1.default.containerRegistryRepository,
|
||||
containerRegistryImageVersion: input_1.default.containerRegistryImageVersion,
|
||||
providerStrategy: orchestrator_options_1.default.providerStrategy,
|
||||
gitAuthMode: orchestrator_options_1.default.gitAuthMode,
|
||||
fallbackProviderStrategy: orchestrator_options_1.default.fallbackProviderStrategy,
|
||||
runnerCheckEnabled: orchestrator_options_1.default.runnerCheckEnabled,
|
||||
runnerCheckLabels: orchestrator_options_1.default.runnerCheckLabels,
|
||||
runnerCheckMinAvailable: orchestrator_options_1.default.runnerCheckMinAvailable,
|
||||
retryOnFallback: orchestrator_options_1.default.retryOnFallback,
|
||||
providerInitTimeout: orchestrator_options_1.default.providerInitTimeout,
|
||||
buildPlatform: orchestrator_options_1.default.buildPlatform,
|
||||
kubeConfig: orchestrator_options_1.default.kubeConfig,
|
||||
containerMemory: orchestrator_options_1.default.containerMemory,
|
||||
@@ -1945,29 +1950,6 @@ exports["default"] = OrchestratorEnvironmentVariable;
|
||||
|
||||
"use strict";
|
||||
|
||||
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
||||
if (k2 === undefined) k2 = k;
|
||||
var desc = Object.getOwnPropertyDescriptor(m, k);
|
||||
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
||||
desc = { enumerable: true, get: function() { return m[k]; } };
|
||||
}
|
||||
Object.defineProperty(o, k2, desc);
|
||||
}) : (function(o, m, k, k2) {
|
||||
if (k2 === undefined) k2 = k;
|
||||
o[k2] = m[k];
|
||||
}));
|
||||
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
||||
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
||||
}) : function(o, v) {
|
||||
o["default"] = v;
|
||||
});
|
||||
var __importStar = (this && this.__importStar) || function (mod) {
|
||||
if (mod && mod.__esModule) return mod;
|
||||
var result = {};
|
||||
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
||||
__setModuleDefault(result, mod);
|
||||
return result;
|
||||
};
|
||||
var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||
};
|
||||
@@ -2022,57 +2004,12 @@ class OrchestratorFolders {
|
||||
static get libraryCacheFolderFull() {
|
||||
return node_path_1.default.join(OrchestratorFolders.cacheFolderForCacheKeyFull, `Library`);
|
||||
}
|
||||
/**
|
||||
* Whether to use http.extraHeader for git authentication (secure, default)
|
||||
* instead of embedding the token in clone URLs (legacy).
|
||||
*/
|
||||
static get useHeaderAuth() {
|
||||
return orchestrator_1.default.buildParameters.gitAuthMode !== 'url';
|
||||
}
|
||||
static get unityBuilderRepoUrl() {
|
||||
if (OrchestratorFolders.useHeaderAuth) {
|
||||
return `https://github.com/${orchestrator_1.default.buildParameters.orchestratorRepoName}.git`;
|
||||
}
|
||||
return `https://${orchestrator_1.default.buildParameters.gitPrivateToken}@github.com/${orchestrator_1.default.buildParameters.orchestratorRepoName}.git`;
|
||||
}
|
||||
static get targetBuildRepoUrl() {
|
||||
if (OrchestratorFolders.useHeaderAuth) {
|
||||
return `https://github.com/${orchestrator_1.default.buildParameters.githubRepo}.git`;
|
||||
}
|
||||
return `https://${orchestrator_1.default.buildParameters.gitPrivateToken}@github.com/${orchestrator_1.default.buildParameters.githubRepo}.git`;
|
||||
}
|
||||
/**
|
||||
* Shell commands to configure git authentication via http.extraHeader.
|
||||
* Uses GIT_PRIVATE_TOKEN env var so the token never appears in clone URLs or git config output.
|
||||
* This is the same mechanism used by actions/checkout.
|
||||
*
|
||||
* Only emits commands when gitAuthMode is 'header' (default). In 'url' mode,
|
||||
* returns a no-op comment since the token is already in the URL.
|
||||
*/
|
||||
static get gitAuthConfigScript() {
|
||||
if (!OrchestratorFolders.useHeaderAuth) {
|
||||
return `# git auth: using token-in-URL mode (legacy)`;
|
||||
}
|
||||
return `# git auth: configuring http.extraHeader (secure mode)
|
||||
if [ -n "$GIT_PRIVATE_TOKEN" ]; then
|
||||
git config --global http.https://github.com/.extraHeader "Authorization: Basic $(printf '%s' "x-access-token:$GIT_PRIVATE_TOKEN" | base64 -w 0)"
|
||||
fi`;
|
||||
}
|
||||
/**
|
||||
* Configure git authentication via http.extraHeader in the current Node process.
|
||||
* For use in the remote-client where shell scripts aren't used.
|
||||
* Only configures when gitAuthMode is 'header' (default).
|
||||
*/
|
||||
static async configureGitAuth() {
|
||||
if (!OrchestratorFolders.useHeaderAuth)
|
||||
return;
|
||||
const token = orchestrator_1.default.buildParameters.gitPrivateToken || process.env.GIT_PRIVATE_TOKEN || '';
|
||||
if (!token)
|
||||
return;
|
||||
const encoded = Buffer.from(`x-access-token:${token}`).toString('base64');
|
||||
const { OrchestratorSystem } = await Promise.resolve().then(() => __importStar(__nccwpck_require__(9744)));
|
||||
await OrchestratorSystem.Run(`git config --global http.https://github.com/.extraHeader "Authorization: Basic ${encoded}"`);
|
||||
}
|
||||
static get buildVolumeFolder() {
|
||||
return 'data';
|
||||
}
|
||||
@@ -2273,8 +2210,24 @@ class OrchestratorOptions {
|
||||
}
|
||||
return provider || 'local';
|
||||
}
|
||||
static get gitAuthMode() {
|
||||
return OrchestratorOptions.getInput('gitAuthMode') || 'header';
|
||||
static get fallbackProviderStrategy() {
|
||||
return OrchestratorOptions.getInput('fallbackProviderStrategy') || '';
|
||||
}
|
||||
static get runnerCheckEnabled() {
|
||||
return OrchestratorOptions.getInput('runnerCheckEnabled') === 'true';
|
||||
}
|
||||
static get runnerCheckLabels() {
|
||||
const labels = OrchestratorOptions.getInput('runnerCheckLabels');
|
||||
return labels ? labels.split(',').map((l) => l.trim()) : [];
|
||||
}
|
||||
static get runnerCheckMinAvailable() {
|
||||
return Number(OrchestratorOptions.getInput('runnerCheckMinAvailable')) || 1;
|
||||
}
|
||||
static get retryOnFallback() {
|
||||
return OrchestratorOptions.getInput('retryOnFallback') === 'true';
|
||||
}
|
||||
static get providerInitTimeout() {
|
||||
return Number(OrchestratorOptions.getInput('providerInitTimeout')) || 0;
|
||||
}
|
||||
static get containerCpu() {
|
||||
return OrchestratorOptions.getInput('containerCpu') || `1024`;
|
||||
@@ -2580,6 +2533,7 @@ const follow_log_stream_service_1 = __nccwpck_require__(36149);
|
||||
const orchestrator_result_1 = __importDefault(__nccwpck_require__(86819));
|
||||
const orchestrator_options_1 = __importDefault(__nccwpck_require__(82473));
|
||||
const resource_tracking_1 = __importDefault(__nccwpck_require__(42604));
|
||||
const runner_availability_service_1 = __nccwpck_require__(18876);
|
||||
class Orchestrator {
|
||||
static get isOrchestratorEnvironment() {
|
||||
return process.env[`GITHUB_ACTIONS`] !== `true`;
|
||||
@@ -2616,6 +2570,26 @@ class Orchestrator {
|
||||
}
|
||||
static async setupSelectedBuildPlatform() {
|
||||
orchestrator_logger_1.default.log(`Orchestrator platform selected ${Orchestrator.buildParameters.providerStrategy}`);
|
||||
// Check runner availability and apply fallback if needed
|
||||
if (Orchestrator.buildParameters.runnerCheckEnabled && Orchestrator.buildParameters.fallbackProviderStrategy) {
|
||||
const owner = orchestrator_options_1.default.githubOwner;
|
||||
const repo = orchestrator_options_1.default.githubRepoName;
|
||||
const token = Orchestrator.buildParameters.gitPrivateToken || process.env.GITHUB_TOKEN || '';
|
||||
orchestrator_logger_1.default.log(`Checking runner availability (labels: [${Orchestrator.buildParameters.runnerCheckLabels.join(', ')}], min: ${Orchestrator.buildParameters.runnerCheckMinAvailable})`);
|
||||
const result = await runner_availability_service_1.RunnerAvailabilityService.checkAvailability(owner, repo, token, Orchestrator.buildParameters.runnerCheckLabels, Orchestrator.buildParameters.runnerCheckMinAvailable);
|
||||
orchestrator_logger_1.default.log(`Runner check: ${result.totalRunners} total, ${result.matchingRunners} matching, ${result.idleRunners} idle — ${result.reason}`);
|
||||
if (result.shouldFallback) {
|
||||
const original = Orchestrator.buildParameters.providerStrategy;
|
||||
const fallback = Orchestrator.buildParameters.fallbackProviderStrategy;
|
||||
orchestrator_logger_1.default.log(`Falling back from '${original}' to '${fallback}' — ${result.reason}`);
|
||||
Orchestrator.buildParameters.providerStrategy = fallback;
|
||||
core.setOutput('providerFallbackUsed', 'true');
|
||||
core.setOutput('providerFallbackReason', result.reason);
|
||||
}
|
||||
else {
|
||||
core.setOutput('providerFallbackUsed', 'false');
|
||||
}
|
||||
}
|
||||
// Detect LocalStack endpoints and handle AWS provider appropriately
|
||||
// AWS_FORCE_PROVIDER options:
|
||||
// - 'aws': Force AWS provider (requires LocalStack Pro with ECS support)
|
||||
@@ -2714,13 +2688,33 @@ class Orchestrator {
|
||||
if (baseImage.includes(`undefined`)) {
|
||||
throw new Error(`baseImage is undefined`);
|
||||
}
|
||||
try {
|
||||
return await Orchestrator.runWithProvider(buildParameters, baseImage);
|
||||
}
|
||||
catch (primaryError) {
|
||||
// Retry on fallback provider if enabled and a fallback is configured
|
||||
const fallback = buildParameters.fallbackProviderStrategy;
|
||||
const alreadyOnFallback = buildParameters.providerStrategy === fallback;
|
||||
if (buildParameters.retryOnFallback && fallback && !alreadyOnFallback) {
|
||||
orchestrator_logger_1.default.log(`Primary provider '${buildParameters.providerStrategy}' failed: ${primaryError.message}`);
|
||||
orchestrator_logger_1.default.log(`Retrying build on fallback provider '${fallback}'...`);
|
||||
buildParameters.providerStrategy = fallback;
|
||||
core.setOutput('providerFallbackUsed', 'true');
|
||||
core.setOutput('providerFallbackReason', `Primary provider failed: ${primaryError.message}`);
|
||||
return await Orchestrator.runWithProvider(buildParameters, baseImage);
|
||||
}
|
||||
throw primaryError;
|
||||
}
|
||||
}
|
||||
static async runWithProvider(buildParameters, baseImage) {
|
||||
await Orchestrator.setup(buildParameters);
|
||||
// When aws-local mode is enabled, validate AWS CloudFormation templates
|
||||
// This ensures AWS templates are correct even when executing via local-docker
|
||||
if (Orchestrator.validateAwsTemplates) {
|
||||
await Orchestrator.validateAwsCloudFormationTemplates();
|
||||
}
|
||||
await Orchestrator.Provider.setupWorkflow(Orchestrator.buildParameters.buildGuid, Orchestrator.buildParameters, Orchestrator.buildParameters.branch, Orchestrator.defaultSecrets);
|
||||
// Setup workflow with optional init timeout
|
||||
await Orchestrator.setupWorkflowWithTimeout();
|
||||
try {
|
||||
if (buildParameters.maxRetainedWorkspaces > 0) {
|
||||
Orchestrator.lockedWorkspace = shared_workspace_locking_1.default.NewWorkspaceName();
|
||||
@@ -2770,6 +2764,24 @@ class Orchestrator {
|
||||
throw error;
|
||||
}
|
||||
}
|
||||
/**
|
||||
* Runs setupWorkflow with an optional timeout. If providerInitTimeout is set and the
|
||||
* provider takes longer than that to initialize, throws an error that triggers
|
||||
* retry-on-fallback (if enabled).
|
||||
*/
|
||||
static async setupWorkflowWithTimeout() {
|
||||
const timeoutSeconds = Orchestrator.buildParameters.providerInitTimeout;
|
||||
const setupPromise = Orchestrator.Provider.setupWorkflow(Orchestrator.buildParameters.buildGuid, Orchestrator.buildParameters, Orchestrator.buildParameters.branch, Orchestrator.defaultSecrets);
|
||||
if (timeoutSeconds <= 0) {
|
||||
await setupPromise;
|
||||
return;
|
||||
}
|
||||
orchestrator_logger_1.default.log(`Provider init timeout: ${timeoutSeconds}s`);
|
||||
const timeoutPromise = new Promise((_, reject) => {
|
||||
setTimeout(() => reject(new Error(`Provider initialization timed out after ${timeoutSeconds}s`)), timeoutSeconds * 1000);
|
||||
});
|
||||
await Promise.race([setupPromise, timeoutPromise]);
|
||||
}
|
||||
static async updateStatusWithBuildParameters() {
|
||||
const content = { ...Orchestrator.buildParameters };
|
||||
content.gitPrivateToken = ``;
|
||||
@@ -8057,7 +8069,6 @@ class RemoteClient {
|
||||
}
|
||||
remote_client_logger_1.RemoteClientLogger.log(`Initializing source repository for cloning with caching of LFS files`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global advice.detachedHead false`);
|
||||
await orchestrator_folders_1.OrchestratorFolders.configureGitAuth();
|
||||
remote_client_logger_1.RemoteClientLogger.log(`Cloning the repository being built:`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global filter.lfs.smudge "git-lfs smudge --skip -- %f"`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global filter.lfs.process "git-lfs filter-process --skip"`);
|
||||
@@ -8162,7 +8173,10 @@ class RemoteClient {
|
||||
const gitPrivateToken = process.env.GIT_PRIVATE_TOKEN;
|
||||
if (gitPrivateToken) {
|
||||
remote_client_logger_1.RemoteClientLogger.log(`Attempting to pull LFS files with GIT_PRIVATE_TOKEN...`);
|
||||
await RemoteClient.configureTokenAuth(gitPrivateToken);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global --unset-all url."https://github.com/".insteadOf || true`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global --unset-all url."ssh://git@github.com/".insteadOf || true`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global --unset-all url."git@github.com".insteadOf || true`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global url."https://${gitPrivateToken}@github.com/".insteadOf "https://github.com/"`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git lfs pull`, true);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git lfs checkout || true`, true);
|
||||
remote_client_logger_1.RemoteClientLogger.log(`Successfully pulled LFS files with GIT_PRIVATE_TOKEN`);
|
||||
@@ -8177,7 +8191,10 @@ class RemoteClient {
|
||||
const githubToken = process.env.GITHUB_TOKEN;
|
||||
if (githubToken) {
|
||||
remote_client_logger_1.RemoteClientLogger.log(`Attempting to pull LFS files with GITHUB_TOKEN fallback...`);
|
||||
await RemoteClient.configureTokenAuth(githubToken);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global --unset-all url."https://github.com/".insteadOf || true`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global --unset-all url."ssh://git@github.com/".insteadOf || true`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global --unset-all url."git@github.com".insteadOf || true`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global url."https://${githubToken}@github.com/".insteadOf "https://github.com/"`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git lfs pull`, true);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git lfs checkout || true`, true);
|
||||
remote_client_logger_1.RemoteClientLogger.log(`Successfully pulled LFS files with GITHUB_TOKEN`);
|
||||
@@ -8234,23 +8251,6 @@ class RemoteClient {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
/**
|
||||
* Configure git authentication for a token. In header mode (default), uses
|
||||
* http.extraHeader so the token never appears in URLs or git config output.
|
||||
* In url mode (legacy), uses url.insteadOf to embed the token in URLs.
|
||||
*/
|
||||
static async configureTokenAuth(token) {
|
||||
if (orchestrator_folders_1.OrchestratorFolders.useHeaderAuth) {
|
||||
const encoded = Buffer.from(`x-access-token:${token}`).toString('base64');
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global http.https://github.com/.extraHeader "Authorization: Basic ${encoded}"`);
|
||||
}
|
||||
else {
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global --unset-all url."https://github.com/".insteadOf || true`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global --unset-all url."ssh://git@github.com/".insteadOf || true`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global --unset-all url."git@github.com".insteadOf || true`);
|
||||
await orchestrator_system_1.OrchestratorSystem.Run(`git config --global url."https://${token}@github.com/".insteadOf "https://github.com/"`);
|
||||
}
|
||||
}
|
||||
}
|
||||
__decorate([
|
||||
(0, cli_functions_repository_1.CliFunction)(`remote-cli-pre-build`, `sets up a repository, usually before a game-ci build`)
|
||||
@@ -8723,6 +8723,176 @@ class ResourceTracking {
|
||||
exports["default"] = ResourceTracking;
|
||||
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 18876:
|
||||
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
|
||||
|
||||
"use strict";
|
||||
|
||||
var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports.RunnerAvailabilityService = void 0;
|
||||
const core_1 = __nccwpck_require__(76762);
|
||||
const orchestrator_logger_1 = __importDefault(__nccwpck_require__(32549));
|
||||
/**
|
||||
* Maximum number of pages to fetch when paginating through GitHub API results.
|
||||
* 100 pages * 100 per page = 10,000 runners maximum.
|
||||
*/
|
||||
const MAX_PAGINATION_PAGES = 100;
|
||||
/**
|
||||
* Total timeout in milliseconds for the pagination loop.
|
||||
* Prevents indefinite API calls if GitHub is slow or pagination is unexpectedly deep.
|
||||
*/
|
||||
const PAGINATION_TIMEOUT_MS = 30000;
|
||||
/**
|
||||
* Checks GitHub Actions runner availability to support automatic provider fallback.
|
||||
*
|
||||
* When a user configures `runnerCheckEnabled: true` with a `fallbackProviderStrategy`,
|
||||
* this service queries the GitHub API for runner status before the build starts.
|
||||
* If insufficient runners are available, the orchestrator routes to the fallback provider.
|
||||
*/
|
||||
class RunnerAvailabilityService {
|
||||
/**
|
||||
* Check if enough runners are available to handle the build.
|
||||
*
|
||||
* @param owner - GitHub repository owner
|
||||
* @param repo - GitHub repository name
|
||||
* @param token - GitHub token with repo/actions scope
|
||||
* @param requiredLabels - Labels runners must have (empty = any runner)
|
||||
* @param minAvailable - Minimum idle runners required
|
||||
* @returns RunnerCheckResult with decision and diagnostics
|
||||
*/
|
||||
static async checkAvailability(owner, repo, token, requiredLabels, minAvailable) {
|
||||
if (!token) {
|
||||
return {
|
||||
shouldFallback: false,
|
||||
reason: 'No GitHub token available — skipping runner check',
|
||||
totalRunners: 0,
|
||||
matchingRunners: 0,
|
||||
idleRunners: 0,
|
||||
};
|
||||
}
|
||||
try {
|
||||
const octokit = new core_1.Octokit({ auth: token });
|
||||
// Fetch all runners for the repository
|
||||
const runners = await RunnerAvailabilityService.fetchRunners(octokit, owner, repo);
|
||||
if (runners.length === 0) {
|
||||
return {
|
||||
shouldFallback: true,
|
||||
reason: 'No runners registered for this repository',
|
||||
totalRunners: 0,
|
||||
matchingRunners: 0,
|
||||
idleRunners: 0,
|
||||
};
|
||||
}
|
||||
// Filter by required labels
|
||||
const matching = RunnerAvailabilityService.filterByLabels(runners, requiredLabels);
|
||||
// Count idle (online + not busy)
|
||||
const idle = matching.filter((r) => r.status === 'online' && !r.busy);
|
||||
const result = {
|
||||
shouldFallback: idle.length < minAvailable,
|
||||
reason: idle.length >= minAvailable
|
||||
? `${idle.length} idle runner(s) available (need ${minAvailable})`
|
||||
: `Only ${idle.length} idle runner(s) available, need ${minAvailable}`,
|
||||
totalRunners: runners.length,
|
||||
matchingRunners: matching.length,
|
||||
idleRunners: idle.length,
|
||||
};
|
||||
return result;
|
||||
}
|
||||
catch (error) {
|
||||
// If the API call fails (permissions, rate limit, etc.), don't block the build
|
||||
orchestrator_logger_1.default.log(`Runner availability check failed: ${error.message}`);
|
||||
return {
|
||||
shouldFallback: false,
|
||||
reason: `Runner check failed (${error.message}) — proceeding with primary provider`,
|
||||
totalRunners: 0,
|
||||
matchingRunners: 0,
|
||||
idleRunners: 0,
|
||||
};
|
||||
}
|
||||
}
|
||||
/**
|
||||
* Fetch all runners for a repository, handling pagination.
|
||||
*
|
||||
* Includes defensive limits:
|
||||
* - Maximum page count (MAX_PAGINATION_PAGES) to prevent infinite loops
|
||||
* - Total timeout (PAGINATION_TIMEOUT_MS) to prevent indefinite API calls
|
||||
* - Rate-limit detection (HTTP 403/429 with X-RateLimit-Remaining header)
|
||||
*/
|
||||
static async fetchRunners(octokit, owner, repo) {
|
||||
const allRunners = [];
|
||||
let page = 1;
|
||||
const perPage = 100;
|
||||
const startTime = Date.now();
|
||||
while (page <= MAX_PAGINATION_PAGES) {
|
||||
// Check total timeout
|
||||
if (Date.now() - startTime > PAGINATION_TIMEOUT_MS) {
|
||||
orchestrator_logger_1.default.logWarning(`[RunnerAvailability] Pagination timeout reached after ${page - 1} pages and ${Date.now() - startTime}ms. ` +
|
||||
`Using ${allRunners.length} runners found so far.`);
|
||||
break;
|
||||
}
|
||||
let response;
|
||||
try {
|
||||
response = await octokit.request('GET /repos/{owner}/{repo}/actions/runners', {
|
||||
owner,
|
||||
repo,
|
||||
per_page: perPage,
|
||||
page,
|
||||
});
|
||||
}
|
||||
catch (requestError) {
|
||||
// Octokit throws for non-2xx responses. Check if this is a rate limit error.
|
||||
const status = requestError.status ?? requestError.response?.status;
|
||||
if (status === 403 || status === 429) {
|
||||
const resetTime = requestError.response?.headers?.['x-ratelimit-reset'] ?? requestError.headers?.['x-ratelimit-reset'];
|
||||
const resetMessage = resetTime
|
||||
? ` Resets at ${new Date(Number.parseInt(String(resetTime), 10) * 1000).toISOString()}`
|
||||
: '';
|
||||
orchestrator_logger_1.default.logWarning(`[RunnerAvailability] GitHub API rate limit reached (HTTP ${status}).${resetMessage} ` +
|
||||
`Using ${allRunners.length} runners found so far.`);
|
||||
break;
|
||||
}
|
||||
// Re-throw non-rate-limit errors to be handled by the outer catch
|
||||
throw requestError;
|
||||
}
|
||||
const runners = (response.data.runners || []);
|
||||
allRunners.push(...runners);
|
||||
if (runners.length < perPage)
|
||||
break;
|
||||
page++;
|
||||
}
|
||||
if (page > MAX_PAGINATION_PAGES) {
|
||||
orchestrator_logger_1.default.logWarning(`[RunnerAvailability] Maximum pagination limit reached (${MAX_PAGINATION_PAGES} pages). ` +
|
||||
`Using ${allRunners.length} runners found so far.`);
|
||||
}
|
||||
if (allRunners.length === 0) {
|
||||
orchestrator_logger_1.default.log('[RunnerAvailability] No runners found. Possible causes: ' +
|
||||
'wrong token permissions (needs repo or actions scope), ' +
|
||||
'no self-hosted runners registered, ' +
|
||||
'or runners are registered at the organization level instead of the repository.');
|
||||
}
|
||||
return allRunners;
|
||||
}
|
||||
/**
|
||||
* Filter runners by required labels. A runner matches if it has ALL required labels.
|
||||
* If requiredLabels is empty, all runners match.
|
||||
*/
|
||||
static filterByLabels(runners, requiredLabels) {
|
||||
if (requiredLabels.length === 0)
|
||||
return runners;
|
||||
return runners.filter((runner) => {
|
||||
const runnerLabelNames = runner.labels.map((l) => l.name.toLowerCase());
|
||||
return requiredLabels.every((required) => runnerLabelNames.includes(required.toLowerCase()));
|
||||
});
|
||||
}
|
||||
}
|
||||
exports.RunnerAvailabilityService = RunnerAvailabilityService;
|
||||
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 54222:
|
||||
@@ -9809,7 +9979,6 @@ printenv
|
||||
git config --global advice.detachedHead false
|
||||
git config --global filter.lfs.smudge "git-lfs smudge --skip -- %f"
|
||||
git config --global filter.lfs.process "git-lfs filter-process --skip"
|
||||
${orchestrator_folders_1.OrchestratorFolders.gitAuthConfigScript}
|
||||
BRANCH="${orchestrator_1.default.buildParameters.orchestratorBranch}"
|
||||
REPO="${orchestrator_folders_1.OrchestratorFolders.unityBuilderRepoUrl}"
|
||||
if [ -n "$(git ls-remote --heads "$REPO" "$BRANCH" 2>/dev/null)" ]; then
|
||||
@@ -9926,7 +10095,6 @@ class BuildAutomationWorkflow {
|
||||
static setupCommands(builderPath, isContainerized) {
|
||||
// prettier-ignore
|
||||
const commands = `mkdir -p ${orchestrator_folders_1.OrchestratorFolders.ToLinuxFolder(orchestrator_folders_1.OrchestratorFolders.builderPathAbsolute)}
|
||||
${orchestrator_folders_1.OrchestratorFolders.gitAuthConfigScript}
|
||||
BRANCH="${orchestrator_1.default.buildParameters.orchestratorBranch}"
|
||||
REPO="${orchestrator_folders_1.OrchestratorFolders.unityBuilderRepoUrl}"
|
||||
DEST="${orchestrator_folders_1.OrchestratorFolders.ToLinuxFolder(orchestrator_folders_1.OrchestratorFolders.builderPathAbsolute)}"
|
||||
|
||||
2
dist/index.js.map
generated
vendored
2
dist/index.js.map
generated
vendored
File diff suppressed because one or more lines are too long
@@ -54,7 +54,12 @@ class BuildParameters {
|
||||
public sshAgent!: string;
|
||||
public sshPublicKeysDirectoryPath!: string;
|
||||
public providerStrategy!: string;
|
||||
public gitAuthMode!: string;
|
||||
public fallbackProviderStrategy!: string;
|
||||
public runnerCheckEnabled!: boolean;
|
||||
public runnerCheckLabels!: string[];
|
||||
public runnerCheckMinAvailable!: number;
|
||||
public retryOnFallback!: boolean;
|
||||
public providerInitTimeout!: number;
|
||||
public gitPrivateToken!: string;
|
||||
public awsStackName!: string;
|
||||
public awsEndpoint?: string;
|
||||
@@ -195,7 +200,12 @@ class BuildParameters {
|
||||
containerRegistryRepository: Input.containerRegistryRepository,
|
||||
containerRegistryImageVersion: Input.containerRegistryImageVersion,
|
||||
providerStrategy: OrchestratorOptions.providerStrategy,
|
||||
gitAuthMode: OrchestratorOptions.gitAuthMode,
|
||||
fallbackProviderStrategy: OrchestratorOptions.fallbackProviderStrategy,
|
||||
runnerCheckEnabled: OrchestratorOptions.runnerCheckEnabled,
|
||||
runnerCheckLabels: OrchestratorOptions.runnerCheckLabels,
|
||||
runnerCheckMinAvailable: OrchestratorOptions.runnerCheckMinAvailable,
|
||||
retryOnFallback: OrchestratorOptions.retryOnFallback,
|
||||
providerInitTimeout: OrchestratorOptions.providerInitTimeout,
|
||||
buildPlatform: OrchestratorOptions.buildPlatform,
|
||||
kubeConfig: OrchestratorOptions.kubeConfig,
|
||||
containerMemory: OrchestratorOptions.containerMemory,
|
||||
|
||||
@@ -1,140 +0,0 @@
|
||||
import { OrchestratorFolders } from './orchestrator-folders';
|
||||
|
||||
jest.mock('../orchestrator', () => ({
|
||||
__esModule: true,
|
||||
default: {
|
||||
buildParameters: {
|
||||
orchestratorRepoName: 'game-ci/unity-builder',
|
||||
githubRepo: 'myorg/myrepo',
|
||||
gitPrivateToken: 'ghp_test123',
|
||||
gitAuthMode: 'header',
|
||||
buildGuid: 'test-guid',
|
||||
projectPath: '',
|
||||
buildPath: 'Builds',
|
||||
cacheKey: 'test-cache',
|
||||
},
|
||||
lockedWorkspace: '',
|
||||
},
|
||||
}));
|
||||
|
||||
jest.mock('./orchestrator-options', () => ({
|
||||
__esModule: true,
|
||||
default: {
|
||||
useSharedBuilder: false,
|
||||
},
|
||||
}));
|
||||
|
||||
jest.mock('../services/core/orchestrator-system', () => ({
|
||||
OrchestratorSystem: {
|
||||
Run: jest.fn().mockResolvedValue(''),
|
||||
},
|
||||
}));
|
||||
|
||||
const mockOrchestrator = require('../orchestrator').default;
|
||||
|
||||
describe('OrchestratorFolders git auth', () => {
|
||||
beforeEach(() => {
|
||||
jest.clearAllMocks();
|
||||
});
|
||||
|
||||
describe('useHeaderAuth', () => {
|
||||
it('should return true when gitAuthMode is header', () => {
|
||||
mockOrchestrator.buildParameters.gitAuthMode = 'header';
|
||||
expect(OrchestratorFolders.useHeaderAuth).toBe(true);
|
||||
});
|
||||
|
||||
it('should return true when gitAuthMode is undefined (default)', () => {
|
||||
mockOrchestrator.buildParameters.gitAuthMode = undefined;
|
||||
expect(OrchestratorFolders.useHeaderAuth).toBe(true);
|
||||
});
|
||||
|
||||
it('should return false when gitAuthMode is url', () => {
|
||||
mockOrchestrator.buildParameters.gitAuthMode = 'url';
|
||||
expect(OrchestratorFolders.useHeaderAuth).toBe(false);
|
||||
});
|
||||
});
|
||||
|
||||
describe('unityBuilderRepoUrl', () => {
|
||||
it('should not include token in URL when using header auth', () => {
|
||||
mockOrchestrator.buildParameters.gitAuthMode = 'header';
|
||||
const url = OrchestratorFolders.unityBuilderRepoUrl;
|
||||
expect(url).toBe('https://github.com/game-ci/unity-builder.git');
|
||||
expect(url).not.toContain('ghp_test123');
|
||||
});
|
||||
|
||||
it('should include token in URL when using url auth (legacy)', () => {
|
||||
mockOrchestrator.buildParameters.gitAuthMode = 'url';
|
||||
const url = OrchestratorFolders.unityBuilderRepoUrl;
|
||||
expect(url).toBe('https://ghp_test123@github.com/game-ci/unity-builder.git');
|
||||
});
|
||||
});
|
||||
|
||||
describe('targetBuildRepoUrl', () => {
|
||||
it('should not include token in URL when using header auth', () => {
|
||||
mockOrchestrator.buildParameters.gitAuthMode = 'header';
|
||||
const url = OrchestratorFolders.targetBuildRepoUrl;
|
||||
expect(url).toBe('https://github.com/myorg/myrepo.git');
|
||||
expect(url).not.toContain('ghp_test123');
|
||||
});
|
||||
|
||||
it('should include token in URL when using url auth (legacy)', () => {
|
||||
mockOrchestrator.buildParameters.gitAuthMode = 'url';
|
||||
const url = OrchestratorFolders.targetBuildRepoUrl;
|
||||
expect(url).toBe('https://ghp_test123@github.com/myorg/myrepo.git');
|
||||
});
|
||||
});
|
||||
|
||||
describe('gitAuthConfigScript', () => {
|
||||
it('should emit http.extraHeader commands in header mode', () => {
|
||||
mockOrchestrator.buildParameters.gitAuthMode = 'header';
|
||||
const script = OrchestratorFolders.gitAuthConfigScript;
|
||||
expect(script).toContain('http.extraHeader');
|
||||
expect(script).toContain('GIT_PRIVATE_TOKEN');
|
||||
expect(script).toContain('Authorization: Basic');
|
||||
});
|
||||
|
||||
it('should emit no-op comment in url mode', () => {
|
||||
mockOrchestrator.buildParameters.gitAuthMode = 'url';
|
||||
const script = OrchestratorFolders.gitAuthConfigScript;
|
||||
expect(script).toContain('legacy');
|
||||
expect(script).not.toContain('http.extraHeader');
|
||||
});
|
||||
});
|
||||
|
||||
describe('configureGitAuth', () => {
|
||||
it('should run git config with http.extraHeader in header mode', async () => {
|
||||
mockOrchestrator.buildParameters.gitAuthMode = 'header';
|
||||
mockOrchestrator.buildParameters.gitPrivateToken = 'ghp_test123';
|
||||
const { OrchestratorSystem } = require('../services/core/orchestrator-system');
|
||||
|
||||
await OrchestratorFolders.configureGitAuth();
|
||||
|
||||
// Verify the base64 encoding and extraHeader config are correct
|
||||
const expectedEncoded = Buffer.from('x-access-token:ghp_test123').toString('base64');
|
||||
expect(OrchestratorSystem.Run).toHaveBeenCalledWith(expect.stringContaining(expectedEncoded));
|
||||
expect(OrchestratorSystem.Run).toHaveBeenCalledWith(expect.stringContaining('.extraHeader'));
|
||||
});
|
||||
|
||||
it('should not run git config in url mode', async () => {
|
||||
mockOrchestrator.buildParameters.gitAuthMode = 'url';
|
||||
const { OrchestratorSystem } = require('../services/core/orchestrator-system');
|
||||
|
||||
await OrchestratorFolders.configureGitAuth();
|
||||
|
||||
expect(OrchestratorSystem.Run).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('should not run git config when no token is available', async () => {
|
||||
mockOrchestrator.buildParameters.gitAuthMode = 'header';
|
||||
mockOrchestrator.buildParameters.gitPrivateToken = '';
|
||||
const originalEnv = process.env.GIT_PRIVATE_TOKEN;
|
||||
delete process.env.GIT_PRIVATE_TOKEN;
|
||||
const { OrchestratorSystem } = require('../services/core/orchestrator-system');
|
||||
|
||||
await OrchestratorFolders.configureGitAuth();
|
||||
|
||||
expect(OrchestratorSystem.Run).not.toHaveBeenCalled();
|
||||
if (originalEnv !== undefined) process.env.GIT_PRIVATE_TOKEN = originalEnv;
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -72,67 +72,14 @@ export class OrchestratorFolders {
|
||||
return path.join(OrchestratorFolders.cacheFolderForCacheKeyFull, `Library`);
|
||||
}
|
||||
|
||||
/**
|
||||
* Whether to use http.extraHeader for git authentication (secure, default)
|
||||
* instead of embedding the token in clone URLs (legacy).
|
||||
*/
|
||||
public static get useHeaderAuth(): boolean {
|
||||
return Orchestrator.buildParameters.gitAuthMode !== 'url';
|
||||
}
|
||||
|
||||
public static get unityBuilderRepoUrl(): string {
|
||||
if (OrchestratorFolders.useHeaderAuth) {
|
||||
return `https://github.com/${Orchestrator.buildParameters.orchestratorRepoName}.git`;
|
||||
}
|
||||
|
||||
return `https://${Orchestrator.buildParameters.gitPrivateToken}@github.com/${Orchestrator.buildParameters.orchestratorRepoName}.git`;
|
||||
}
|
||||
|
||||
public static get targetBuildRepoUrl(): string {
|
||||
if (OrchestratorFolders.useHeaderAuth) {
|
||||
return `https://github.com/${Orchestrator.buildParameters.githubRepo}.git`;
|
||||
}
|
||||
|
||||
return `https://${Orchestrator.buildParameters.gitPrivateToken}@github.com/${Orchestrator.buildParameters.githubRepo}.git`;
|
||||
}
|
||||
|
||||
/**
|
||||
* Shell commands to configure git authentication via http.extraHeader.
|
||||
* Uses GIT_PRIVATE_TOKEN env var so the token never appears in clone URLs or git config output.
|
||||
* This is the same mechanism used by actions/checkout.
|
||||
*
|
||||
* Only emits commands when gitAuthMode is 'header' (default). In 'url' mode,
|
||||
* returns a no-op comment since the token is already in the URL.
|
||||
*/
|
||||
public static get gitAuthConfigScript(): string {
|
||||
if (!OrchestratorFolders.useHeaderAuth) {
|
||||
return `# git auth: using token-in-URL mode (legacy)`;
|
||||
}
|
||||
|
||||
return `# git auth: configuring http.extraHeader (secure mode)
|
||||
if [ -n "$GIT_PRIVATE_TOKEN" ]; then
|
||||
git config --global http.https://github.com/.extraHeader "Authorization: Basic $(printf '%s' "x-access-token:$GIT_PRIVATE_TOKEN" | base64 -w 0)"
|
||||
fi`;
|
||||
}
|
||||
|
||||
/**
|
||||
* Configure git authentication via http.extraHeader in the current Node process.
|
||||
* For use in the remote-client where shell scripts aren't used.
|
||||
* Only configures when gitAuthMode is 'header' (default).
|
||||
*/
|
||||
public static async configureGitAuth(): Promise<void> {
|
||||
if (!OrchestratorFolders.useHeaderAuth) return;
|
||||
|
||||
const token = Orchestrator.buildParameters.gitPrivateToken || process.env.GIT_PRIVATE_TOKEN || '';
|
||||
if (!token) return;
|
||||
|
||||
const encoded = Buffer.from(`x-access-token:${token}`).toString('base64');
|
||||
const { OrchestratorSystem } = await import('../services/core/orchestrator-system');
|
||||
await OrchestratorSystem.Run(
|
||||
`git config --global http.https://github.com/.extraHeader "Authorization: Basic ${encoded}"`,
|
||||
);
|
||||
}
|
||||
|
||||
public static get buildVolumeFolder() {
|
||||
return 'data';
|
||||
}
|
||||
|
||||
@@ -138,8 +138,30 @@ class OrchestratorOptions {
|
||||
return provider || 'local';
|
||||
}
|
||||
|
||||
static get gitAuthMode(): string {
|
||||
return OrchestratorOptions.getInput('gitAuthMode') || 'header';
|
||||
static get fallbackProviderStrategy(): string {
|
||||
return OrchestratorOptions.getInput('fallbackProviderStrategy') || '';
|
||||
}
|
||||
|
||||
static get runnerCheckEnabled(): boolean {
|
||||
return OrchestratorOptions.getInput('runnerCheckEnabled') === 'true';
|
||||
}
|
||||
|
||||
static get runnerCheckLabels(): string[] {
|
||||
const labels = OrchestratorOptions.getInput('runnerCheckLabels');
|
||||
|
||||
return labels ? labels.split(',').map((l) => l.trim()) : [];
|
||||
}
|
||||
|
||||
static get runnerCheckMinAvailable(): number {
|
||||
return Number(OrchestratorOptions.getInput('runnerCheckMinAvailable')) || 1;
|
||||
}
|
||||
|
||||
static get retryOnFallback(): boolean {
|
||||
return OrchestratorOptions.getInput('retryOnFallback') === 'true';
|
||||
}
|
||||
|
||||
static get providerInitTimeout(): number {
|
||||
return Number(OrchestratorOptions.getInput('providerInitTimeout')) || 0;
|
||||
}
|
||||
|
||||
static get containerCpu(): string {
|
||||
|
||||
@@ -20,6 +20,7 @@ import { FollowLogStreamService } from './services/core/follow-log-stream-servic
|
||||
import OrchestratorResult from './services/core/orchestrator-result';
|
||||
import OrchestratorOptions from './options/orchestrator-options';
|
||||
import ResourceTracking from './services/core/resource-tracking';
|
||||
import { RunnerAvailabilityService } from './services/core/runner-availability-service';
|
||||
|
||||
class Orchestrator {
|
||||
public static Provider: ProviderInterface;
|
||||
@@ -76,6 +77,42 @@ class Orchestrator {
|
||||
private static async setupSelectedBuildPlatform() {
|
||||
OrchestratorLogger.log(`Orchestrator platform selected ${Orchestrator.buildParameters.providerStrategy}`);
|
||||
|
||||
// Check runner availability and apply fallback if needed
|
||||
if (Orchestrator.buildParameters.runnerCheckEnabled && Orchestrator.buildParameters.fallbackProviderStrategy) {
|
||||
const owner = OrchestratorOptions.githubOwner;
|
||||
const repo = OrchestratorOptions.githubRepoName;
|
||||
const token = Orchestrator.buildParameters.gitPrivateToken || process.env.GITHUB_TOKEN || '';
|
||||
|
||||
OrchestratorLogger.log(
|
||||
`Checking runner availability (labels: [${Orchestrator.buildParameters.runnerCheckLabels.join(', ')}], min: ${
|
||||
Orchestrator.buildParameters.runnerCheckMinAvailable
|
||||
})`,
|
||||
);
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability(
|
||||
owner,
|
||||
repo,
|
||||
token,
|
||||
Orchestrator.buildParameters.runnerCheckLabels,
|
||||
Orchestrator.buildParameters.runnerCheckMinAvailable,
|
||||
);
|
||||
|
||||
OrchestratorLogger.log(
|
||||
`Runner check: ${result.totalRunners} total, ${result.matchingRunners} matching, ${result.idleRunners} idle — ${result.reason}`,
|
||||
);
|
||||
|
||||
if (result.shouldFallback) {
|
||||
const original = Orchestrator.buildParameters.providerStrategy;
|
||||
const fallback = Orchestrator.buildParameters.fallbackProviderStrategy;
|
||||
OrchestratorLogger.log(`Falling back from '${original}' to '${fallback}' — ${result.reason}`);
|
||||
Orchestrator.buildParameters.providerStrategy = fallback;
|
||||
core.setOutput('providerFallbackUsed', 'true');
|
||||
core.setOutput('providerFallbackReason', result.reason);
|
||||
} else {
|
||||
core.setOutput('providerFallbackUsed', 'false');
|
||||
}
|
||||
}
|
||||
|
||||
// Detect LocalStack endpoints and handle AWS provider appropriately
|
||||
// AWS_FORCE_PROVIDER options:
|
||||
// - 'aws': Force AWS provider (requires LocalStack Pro with ECS support)
|
||||
@@ -182,6 +219,30 @@ class Orchestrator {
|
||||
if (baseImage.includes(`undefined`)) {
|
||||
throw new Error(`baseImage is undefined`);
|
||||
}
|
||||
|
||||
try {
|
||||
return await Orchestrator.runWithProvider(buildParameters, baseImage);
|
||||
} catch (primaryError: any) {
|
||||
// Retry on fallback provider if enabled and a fallback is configured
|
||||
const fallback = buildParameters.fallbackProviderStrategy;
|
||||
const alreadyOnFallback = buildParameters.providerStrategy === fallback;
|
||||
if (buildParameters.retryOnFallback && fallback && !alreadyOnFallback) {
|
||||
OrchestratorLogger.log(
|
||||
`Primary provider '${buildParameters.providerStrategy}' failed: ${primaryError.message}`,
|
||||
);
|
||||
OrchestratorLogger.log(`Retrying build on fallback provider '${fallback}'...`);
|
||||
buildParameters.providerStrategy = fallback;
|
||||
core.setOutput('providerFallbackUsed', 'true');
|
||||
core.setOutput('providerFallbackReason', `Primary provider failed: ${primaryError.message}`);
|
||||
|
||||
return await Orchestrator.runWithProvider(buildParameters, baseImage);
|
||||
}
|
||||
|
||||
throw primaryError;
|
||||
}
|
||||
}
|
||||
|
||||
private static async runWithProvider(buildParameters: BuildParameters, baseImage: string) {
|
||||
await Orchestrator.setup(buildParameters);
|
||||
|
||||
// When aws-local mode is enabled, validate AWS CloudFormation templates
|
||||
@@ -189,12 +250,10 @@ class Orchestrator {
|
||||
if (Orchestrator.validateAwsTemplates) {
|
||||
await Orchestrator.validateAwsCloudFormationTemplates();
|
||||
}
|
||||
await Orchestrator.Provider.setupWorkflow(
|
||||
Orchestrator.buildParameters.buildGuid,
|
||||
Orchestrator.buildParameters,
|
||||
Orchestrator.buildParameters.branch,
|
||||
Orchestrator.defaultSecrets,
|
||||
);
|
||||
|
||||
// Setup workflow with optional init timeout
|
||||
await Orchestrator.setupWorkflowWithTimeout();
|
||||
|
||||
try {
|
||||
if (buildParameters.maxRetainedWorkspaces > 0) {
|
||||
Orchestrator.lockedWorkspace = SharedWorkspaceLocking.NewWorkspaceName();
|
||||
@@ -275,6 +334,39 @@ class Orchestrator {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Runs setupWorkflow with an optional timeout. If providerInitTimeout is set and the
|
||||
* provider takes longer than that to initialize, throws an error that triggers
|
||||
* retry-on-fallback (if enabled).
|
||||
*/
|
||||
private static async setupWorkflowWithTimeout() {
|
||||
const timeoutSeconds = Orchestrator.buildParameters.providerInitTimeout;
|
||||
|
||||
const setupPromise = Orchestrator.Provider.setupWorkflow(
|
||||
Orchestrator.buildParameters.buildGuid,
|
||||
Orchestrator.buildParameters,
|
||||
Orchestrator.buildParameters.branch,
|
||||
Orchestrator.defaultSecrets,
|
||||
);
|
||||
|
||||
if (timeoutSeconds <= 0) {
|
||||
await setupPromise;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
OrchestratorLogger.log(`Provider init timeout: ${timeoutSeconds}s`);
|
||||
|
||||
const timeoutPromise = new Promise<never>((_, reject) => {
|
||||
setTimeout(
|
||||
() => reject(new Error(`Provider initialization timed out after ${timeoutSeconds}s`)),
|
||||
timeoutSeconds * 1000,
|
||||
);
|
||||
});
|
||||
|
||||
await Promise.race([setupPromise, timeoutPromise]);
|
||||
}
|
||||
|
||||
private static async updateStatusWithBuildParameters() {
|
||||
const content = { ...Orchestrator.buildParameters };
|
||||
content.gitPrivateToken = ``;
|
||||
|
||||
@@ -302,7 +302,6 @@ export class RemoteClient {
|
||||
|
||||
RemoteClientLogger.log(`Initializing source repository for cloning with caching of LFS files`);
|
||||
await OrchestratorSystem.Run(`git config --global advice.detachedHead false`);
|
||||
await OrchestratorFolders.configureGitAuth();
|
||||
RemoteClientLogger.log(`Cloning the repository being built:`);
|
||||
await OrchestratorSystem.Run(`git config --global filter.lfs.smudge "git-lfs smudge --skip -- %f"`);
|
||||
await OrchestratorSystem.Run(`git config --global filter.lfs.process "git-lfs filter-process --skip"`);
|
||||
@@ -412,7 +411,12 @@ export class RemoteClient {
|
||||
const gitPrivateToken = process.env.GIT_PRIVATE_TOKEN;
|
||||
if (gitPrivateToken) {
|
||||
RemoteClientLogger.log(`Attempting to pull LFS files with GIT_PRIVATE_TOKEN...`);
|
||||
await RemoteClient.configureTokenAuth(gitPrivateToken);
|
||||
await OrchestratorSystem.Run(`git config --global --unset-all url."https://github.com/".insteadOf || true`);
|
||||
await OrchestratorSystem.Run(`git config --global --unset-all url."ssh://git@github.com/".insteadOf || true`);
|
||||
await OrchestratorSystem.Run(`git config --global --unset-all url."git@github.com".insteadOf || true`);
|
||||
await OrchestratorSystem.Run(
|
||||
`git config --global url."https://${gitPrivateToken}@github.com/".insteadOf "https://github.com/"`,
|
||||
);
|
||||
await OrchestratorSystem.Run(`git lfs pull`, true);
|
||||
await OrchestratorSystem.Run(`git lfs checkout || true`, true);
|
||||
RemoteClientLogger.log(`Successfully pulled LFS files with GIT_PRIVATE_TOKEN`);
|
||||
@@ -428,7 +432,12 @@ export class RemoteClient {
|
||||
const githubToken = process.env.GITHUB_TOKEN;
|
||||
if (githubToken) {
|
||||
RemoteClientLogger.log(`Attempting to pull LFS files with GITHUB_TOKEN fallback...`);
|
||||
await RemoteClient.configureTokenAuth(githubToken);
|
||||
await OrchestratorSystem.Run(`git config --global --unset-all url."https://github.com/".insteadOf || true`);
|
||||
await OrchestratorSystem.Run(`git config --global --unset-all url."ssh://git@github.com/".insteadOf || true`);
|
||||
await OrchestratorSystem.Run(`git config --global --unset-all url."git@github.com".insteadOf || true`);
|
||||
await OrchestratorSystem.Run(
|
||||
`git config --global url."https://${githubToken}@github.com/".insteadOf "https://github.com/"`,
|
||||
);
|
||||
await OrchestratorSystem.Run(`git lfs pull`, true);
|
||||
await OrchestratorSystem.Run(`git lfs checkout || true`, true);
|
||||
RemoteClientLogger.log(`Successfully pulled LFS files with GITHUB_TOKEN`);
|
||||
@@ -492,25 +501,4 @@ export class RemoteClient {
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Configure git authentication for a token. In header mode (default), uses
|
||||
* http.extraHeader so the token never appears in URLs or git config output.
|
||||
* In url mode (legacy), uses url.insteadOf to embed the token in URLs.
|
||||
*/
|
||||
private static async configureTokenAuth(token: string): Promise<void> {
|
||||
if (OrchestratorFolders.useHeaderAuth) {
|
||||
const encoded = Buffer.from(`x-access-token:${token}`).toString('base64');
|
||||
await OrchestratorSystem.Run(
|
||||
`git config --global http.https://github.com/.extraHeader "Authorization: Basic ${encoded}"`,
|
||||
);
|
||||
} else {
|
||||
await OrchestratorSystem.Run(`git config --global --unset-all url."https://github.com/".insteadOf || true`);
|
||||
await OrchestratorSystem.Run(`git config --global --unset-all url."ssh://git@github.com/".insteadOf || true`);
|
||||
await OrchestratorSystem.Run(`git config --global --unset-all url."git@github.com".insteadOf || true`);
|
||||
await OrchestratorSystem.Run(
|
||||
`git config --global url."https://${token}@github.com/".insteadOf "https://github.com/"`,
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,318 @@
|
||||
import { RunnerAvailabilityService } from './runner-availability-service';
|
||||
|
||||
// Mock @octokit/core
|
||||
jest.mock('@octokit/core', () => ({
|
||||
Octokit: jest.fn().mockImplementation(() => ({
|
||||
request: jest.fn(),
|
||||
})),
|
||||
}));
|
||||
|
||||
jest.mock('./orchestrator-logger', () => ({
|
||||
__esModule: true,
|
||||
default: {
|
||||
log: jest.fn(),
|
||||
logWarning: jest.fn(),
|
||||
error: jest.fn(),
|
||||
},
|
||||
}));
|
||||
|
||||
import { Octokit } from '@octokit/core';
|
||||
|
||||
const MockedOctokit = Octokit as jest.MockedClass<typeof Octokit>;
|
||||
|
||||
function createMockRunners(runners: Array<{ name: string; status: string; busy: boolean; labels: string[] }>) {
|
||||
return runners.map((r, i) => ({
|
||||
id: i + 1,
|
||||
name: r.name,
|
||||
status: r.status,
|
||||
busy: r.busy,
|
||||
labels: r.labels.map((l) => ({ name: l })),
|
||||
}));
|
||||
}
|
||||
|
||||
describe('RunnerAvailabilityService', () => {
|
||||
beforeEach(() => {
|
||||
jest.clearAllMocks();
|
||||
});
|
||||
|
||||
describe('checkAvailability', () => {
|
||||
it('should skip check and not fallback when no token is provided', async () => {
|
||||
const result = await RunnerAvailabilityService.checkAvailability('owner', 'repo', '', [], 1);
|
||||
expect(result.shouldFallback).toBe(false);
|
||||
expect(result.reason).toContain('No GitHub token');
|
||||
});
|
||||
|
||||
it('should fallback when no runners are registered', async () => {
|
||||
const mockRequest = jest.fn().mockResolvedValue({ status: 200, data: { runners: [] } });
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability('owner', 'repo', 'token', [], 1);
|
||||
expect(result.shouldFallback).toBe(true);
|
||||
expect(result.reason).toContain('No runners registered');
|
||||
expect(result.totalRunners).toBe(0);
|
||||
});
|
||||
|
||||
it('should not fallback when enough idle runners are available', async () => {
|
||||
const runners = createMockRunners([
|
||||
{ name: 'runner-1', status: 'online', busy: false, labels: ['self-hosted', 'linux'] },
|
||||
{ name: 'runner-2', status: 'online', busy: false, labels: ['self-hosted', 'linux'] },
|
||||
]);
|
||||
const mockRequest = jest.fn().mockResolvedValue({ status: 200, data: { runners } });
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability('owner', 'repo', 'token', [], 1);
|
||||
expect(result.shouldFallback).toBe(false);
|
||||
expect(result.idleRunners).toBe(2);
|
||||
expect(result.totalRunners).toBe(2);
|
||||
});
|
||||
|
||||
it('should fallback when all runners are busy', async () => {
|
||||
const runners = createMockRunners([
|
||||
{ name: 'runner-1', status: 'online', busy: true, labels: ['self-hosted'] },
|
||||
{ name: 'runner-2', status: 'online', busy: true, labels: ['self-hosted'] },
|
||||
]);
|
||||
const mockRequest = jest.fn().mockResolvedValue({ status: 200, data: { runners } });
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability('owner', 'repo', 'token', [], 1);
|
||||
expect(result.shouldFallback).toBe(true);
|
||||
expect(result.idleRunners).toBe(0);
|
||||
expect(result.matchingRunners).toBe(2);
|
||||
});
|
||||
|
||||
it('should fallback when all runners are offline', async () => {
|
||||
const runners = createMockRunners([
|
||||
{ name: 'runner-1', status: 'offline', busy: false, labels: ['self-hosted'] },
|
||||
]);
|
||||
const mockRequest = jest.fn().mockResolvedValue({ status: 200, data: { runners } });
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability('owner', 'repo', 'token', [], 1);
|
||||
expect(result.shouldFallback).toBe(true);
|
||||
expect(result.idleRunners).toBe(0);
|
||||
});
|
||||
|
||||
it('should filter runners by required labels', async () => {
|
||||
const runners = createMockRunners([
|
||||
{ name: 'linux-runner', status: 'online', busy: false, labels: ['self-hosted', 'linux'] },
|
||||
{ name: 'windows-runner', status: 'online', busy: false, labels: ['self-hosted', 'windows'] },
|
||||
]);
|
||||
const mockRequest = jest.fn().mockResolvedValue({ status: 200, data: { runners } });
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability(
|
||||
'owner',
|
||||
'repo',
|
||||
'token',
|
||||
['self-hosted', 'linux'],
|
||||
1,
|
||||
);
|
||||
|
||||
expect(result.shouldFallback).toBe(false);
|
||||
expect(result.matchingRunners).toBe(1);
|
||||
expect(result.idleRunners).toBe(1);
|
||||
expect(result.totalRunners).toBe(2);
|
||||
});
|
||||
|
||||
it('should fallback when no runners match required labels', async () => {
|
||||
const runners = createMockRunners([
|
||||
{ name: 'windows-runner', status: 'online', busy: false, labels: ['self-hosted', 'windows'] },
|
||||
]);
|
||||
const mockRequest = jest.fn().mockResolvedValue({ status: 200, data: { runners } });
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability(
|
||||
'owner',
|
||||
'repo',
|
||||
'token',
|
||||
['self-hosted', 'linux'],
|
||||
1,
|
||||
);
|
||||
|
||||
expect(result.shouldFallback).toBe(true);
|
||||
expect(result.matchingRunners).toBe(0);
|
||||
expect(result.idleRunners).toBe(0);
|
||||
});
|
||||
|
||||
it('should respect minAvailable threshold', async () => {
|
||||
const runners = createMockRunners([{ name: 'runner-1', status: 'online', busy: false, labels: ['self-hosted'] }]);
|
||||
const mockRequest = jest.fn().mockResolvedValue({ status: 200, data: { runners } });
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
// Need 2, have 1 — should fallback
|
||||
const result = await RunnerAvailabilityService.checkAvailability('owner', 'repo', 'token', [], 2);
|
||||
expect(result.shouldFallback).toBe(true);
|
||||
expect(result.idleRunners).toBe(1);
|
||||
});
|
||||
|
||||
it('should be case-insensitive for label matching', async () => {
|
||||
const runners = createMockRunners([
|
||||
{ name: 'runner-1', status: 'online', busy: false, labels: ['Self-Hosted', 'Linux'] },
|
||||
]);
|
||||
const mockRequest = jest.fn().mockResolvedValue({ status: 200, data: { runners } });
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability(
|
||||
'owner',
|
||||
'repo',
|
||||
'token',
|
||||
['self-hosted', 'linux'],
|
||||
1,
|
||||
);
|
||||
expect(result.shouldFallback).toBe(false);
|
||||
expect(result.matchingRunners).toBe(1);
|
||||
});
|
||||
|
||||
it('should not fallback on API error (fail-open)', async () => {
|
||||
const mockRequest = jest.fn().mockRejectedValue(new Error('403 Forbidden'));
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability('owner', 'repo', 'token', [], 1);
|
||||
expect(result.shouldFallback).toBe(false);
|
||||
expect(result.reason).toContain('Runner check failed');
|
||||
});
|
||||
|
||||
it('should count only online+idle runners', async () => {
|
||||
const runners = createMockRunners([
|
||||
{ name: 'idle', status: 'online', busy: false, labels: ['self-hosted'] },
|
||||
{ name: 'busy', status: 'online', busy: true, labels: ['self-hosted'] },
|
||||
{ name: 'offline', status: 'offline', busy: false, labels: ['self-hosted'] },
|
||||
]);
|
||||
const mockRequest = jest.fn().mockResolvedValue({ status: 200, data: { runners } });
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability('owner', 'repo', 'token', [], 1);
|
||||
expect(result.shouldFallback).toBe(false);
|
||||
expect(result.totalRunners).toBe(3);
|
||||
expect(result.matchingRunners).toBe(3);
|
||||
expect(result.idleRunners).toBe(1);
|
||||
});
|
||||
});
|
||||
|
||||
describe('pagination limits', () => {
|
||||
it('should stop paginating after reaching the page limit', async () => {
|
||||
// Return full pages (100 runners each) to force continued pagination
|
||||
let callCount = 0;
|
||||
const mockRequest = jest.fn().mockImplementation(() => {
|
||||
callCount++;
|
||||
const runners = createMockRunners(
|
||||
Array.from({ length: 100 }, (_, i) => ({
|
||||
name: `runner-${callCount}-${i}`,
|
||||
status: 'online' as const,
|
||||
busy: false,
|
||||
labels: ['self-hosted'],
|
||||
})),
|
||||
);
|
||||
|
||||
return Promise.resolve({ status: 200, data: { runners } });
|
||||
});
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability('owner', 'repo', 'token', [], 1);
|
||||
|
||||
// Should have called at most 100 pages (the MAX_PAGINATION_PAGES limit)
|
||||
expect(mockRequest).toHaveBeenCalledTimes(100);
|
||||
// Should still have runners from the pages it did fetch
|
||||
expect(result.totalRunners).toBe(10000);
|
||||
expect(result.shouldFallback).toBe(false);
|
||||
});
|
||||
|
||||
it('should stop paginating on rate limit (HTTP 403)', async () => {
|
||||
let callCount = 0;
|
||||
const mockRequest = jest.fn().mockImplementation(() => {
|
||||
callCount++;
|
||||
if (callCount === 2) {
|
||||
// Octokit throws for non-2xx responses
|
||||
const error: any = new Error('API rate limit exceeded');
|
||||
error.status = 403;
|
||||
error.response = {
|
||||
status: 403,
|
||||
headers: { 'x-ratelimit-reset': String(Math.floor(Date.now() / 1000) + 3600) },
|
||||
};
|
||||
|
||||
return Promise.reject(error);
|
||||
}
|
||||
const runners = createMockRunners(
|
||||
Array.from({ length: 100 }, (_, i) => ({
|
||||
name: `runner-${i}`,
|
||||
status: 'online' as const,
|
||||
busy: false,
|
||||
labels: ['self-hosted'],
|
||||
})),
|
||||
);
|
||||
|
||||
return Promise.resolve({ status: 200, data: { runners } });
|
||||
});
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability('owner', 'repo', 'token', [], 1);
|
||||
|
||||
// Should have stopped at page 2 (rate limited)
|
||||
expect(mockRequest).toHaveBeenCalledTimes(2);
|
||||
// Should use the 100 runners from the first page
|
||||
expect(result.totalRunners).toBe(100);
|
||||
expect(result.shouldFallback).toBe(false);
|
||||
});
|
||||
|
||||
it('should stop paginating on rate limit (HTTP 429)', async () => {
|
||||
let callCount = 0;
|
||||
const mockRequest = jest.fn().mockImplementation(() => {
|
||||
callCount++;
|
||||
if (callCount === 1) {
|
||||
// Octokit throws for non-2xx responses
|
||||
const error: any = new Error('Too Many Requests');
|
||||
error.status = 429;
|
||||
error.response = { status: 429, headers: {} };
|
||||
|
||||
return Promise.reject(error);
|
||||
}
|
||||
|
||||
return Promise.resolve({ status: 200, data: { runners: [] } });
|
||||
});
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability('owner', 'repo', 'token', [], 1);
|
||||
|
||||
// Should have stopped at first page (rate limited immediately)
|
||||
expect(mockRequest).toHaveBeenCalledTimes(1);
|
||||
// No runners found — should fallback
|
||||
expect(result.totalRunners).toBe(0);
|
||||
expect(result.shouldFallback).toBe(true);
|
||||
});
|
||||
|
||||
it('should handle pagination timeout gracefully', async () => {
|
||||
// Mock Date.now to simulate timeout
|
||||
const originalDateNow = Date.now;
|
||||
let callCount = 0;
|
||||
|
||||
const mockRequest = jest.fn().mockImplementation(() => {
|
||||
callCount++;
|
||||
// After first call, advance time past the timeout
|
||||
if (callCount >= 2) {
|
||||
Date.now = jest.fn(() => originalDateNow() + 31_000);
|
||||
}
|
||||
const runners = createMockRunners(
|
||||
Array.from({ length: 100 }, (_, i) => ({
|
||||
name: `runner-${callCount}-${i}`,
|
||||
status: 'online' as const,
|
||||
busy: false,
|
||||
labels: ['self-hosted'],
|
||||
})),
|
||||
);
|
||||
|
||||
return Promise.resolve({ status: 200, data: { runners } });
|
||||
});
|
||||
MockedOctokit.mockImplementation(() => ({ request: mockRequest } as any));
|
||||
|
||||
const result = await RunnerAvailabilityService.checkAvailability('owner', 'repo', 'token', [], 1);
|
||||
|
||||
// Should have stopped after timeout was detected (2 pages: first succeeds, second triggers timeout check)
|
||||
expect(mockRequest.mock.calls.length).toBeLessThanOrEqual(3);
|
||||
// Should have runners from pages fetched before timeout
|
||||
expect(result.totalRunners).toBeGreaterThan(0);
|
||||
|
||||
// Restore
|
||||
Date.now = originalDateNow;
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -0,0 +1,205 @@
|
||||
import { Octokit } from '@octokit/core';
|
||||
import OrchestratorLogger from './orchestrator-logger';
|
||||
|
||||
interface GitHubRunner {
|
||||
id: number;
|
||||
name: string;
|
||||
status: 'online' | 'offline';
|
||||
busy: boolean;
|
||||
labels: Array<{ name: string }>;
|
||||
}
|
||||
|
||||
interface RunnerCheckResult {
|
||||
shouldFallback: boolean;
|
||||
reason: string;
|
||||
totalRunners: number;
|
||||
matchingRunners: number;
|
||||
idleRunners: number;
|
||||
}
|
||||
|
||||
/**
|
||||
* Maximum number of pages to fetch when paginating through GitHub API results.
|
||||
* 100 pages * 100 per page = 10,000 runners maximum.
|
||||
*/
|
||||
const MAX_PAGINATION_PAGES = 100;
|
||||
|
||||
/**
|
||||
* Total timeout in milliseconds for the pagination loop.
|
||||
* Prevents indefinite API calls if GitHub is slow or pagination is unexpectedly deep.
|
||||
*/
|
||||
const PAGINATION_TIMEOUT_MS = 30_000;
|
||||
|
||||
/**
|
||||
* Checks GitHub Actions runner availability to support automatic provider fallback.
|
||||
*
|
||||
* When a user configures `runnerCheckEnabled: true` with a `fallbackProviderStrategy`,
|
||||
* this service queries the GitHub API for runner status before the build starts.
|
||||
* If insufficient runners are available, the orchestrator routes to the fallback provider.
|
||||
*/
|
||||
export class RunnerAvailabilityService {
|
||||
/**
|
||||
* Check if enough runners are available to handle the build.
|
||||
*
|
||||
* @param owner - GitHub repository owner
|
||||
* @param repo - GitHub repository name
|
||||
* @param token - GitHub token with repo/actions scope
|
||||
* @param requiredLabels - Labels runners must have (empty = any runner)
|
||||
* @param minAvailable - Minimum idle runners required
|
||||
* @returns RunnerCheckResult with decision and diagnostics
|
||||
*/
|
||||
static async checkAvailability(
|
||||
owner: string,
|
||||
repo: string,
|
||||
token: string,
|
||||
requiredLabels: string[],
|
||||
minAvailable: number,
|
||||
): Promise<RunnerCheckResult> {
|
||||
if (!token) {
|
||||
return {
|
||||
shouldFallback: false,
|
||||
reason: 'No GitHub token available — skipping runner check',
|
||||
totalRunners: 0,
|
||||
matchingRunners: 0,
|
||||
idleRunners: 0,
|
||||
};
|
||||
}
|
||||
|
||||
try {
|
||||
const octokit = new Octokit({ auth: token });
|
||||
|
||||
// Fetch all runners for the repository
|
||||
const runners = await RunnerAvailabilityService.fetchRunners(octokit, owner, repo);
|
||||
|
||||
if (runners.length === 0) {
|
||||
return {
|
||||
shouldFallback: true,
|
||||
reason: 'No runners registered for this repository',
|
||||
totalRunners: 0,
|
||||
matchingRunners: 0,
|
||||
idleRunners: 0,
|
||||
};
|
||||
}
|
||||
|
||||
// Filter by required labels
|
||||
const matching = RunnerAvailabilityService.filterByLabels(runners, requiredLabels);
|
||||
|
||||
// Count idle (online + not busy)
|
||||
const idle = matching.filter((r) => r.status === 'online' && !r.busy);
|
||||
|
||||
const result: RunnerCheckResult = {
|
||||
shouldFallback: idle.length < minAvailable,
|
||||
reason:
|
||||
idle.length >= minAvailable
|
||||
? `${idle.length} idle runner(s) available (need ${minAvailable})`
|
||||
: `Only ${idle.length} idle runner(s) available, need ${minAvailable}`,
|
||||
totalRunners: runners.length,
|
||||
matchingRunners: matching.length,
|
||||
idleRunners: idle.length,
|
||||
};
|
||||
|
||||
return result;
|
||||
} catch (error: any) {
|
||||
// If the API call fails (permissions, rate limit, etc.), don't block the build
|
||||
OrchestratorLogger.log(`Runner availability check failed: ${error.message}`);
|
||||
|
||||
return {
|
||||
shouldFallback: false,
|
||||
reason: `Runner check failed (${error.message}) — proceeding with primary provider`,
|
||||
totalRunners: 0,
|
||||
matchingRunners: 0,
|
||||
idleRunners: 0,
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch all runners for a repository, handling pagination.
|
||||
*
|
||||
* Includes defensive limits:
|
||||
* - Maximum page count (MAX_PAGINATION_PAGES) to prevent infinite loops
|
||||
* - Total timeout (PAGINATION_TIMEOUT_MS) to prevent indefinite API calls
|
||||
* - Rate-limit detection (HTTP 403/429 with X-RateLimit-Remaining header)
|
||||
*/
|
||||
private static async fetchRunners(octokit: Octokit, owner: string, repo: string): Promise<GitHubRunner[]> {
|
||||
const allRunners: GitHubRunner[] = [];
|
||||
let page = 1;
|
||||
const perPage = 100;
|
||||
const startTime = Date.now();
|
||||
|
||||
while (page <= MAX_PAGINATION_PAGES) {
|
||||
// Check total timeout
|
||||
if (Date.now() - startTime > PAGINATION_TIMEOUT_MS) {
|
||||
OrchestratorLogger.logWarning(
|
||||
`[RunnerAvailability] Pagination timeout reached after ${page - 1} pages and ${Date.now() - startTime}ms. ` +
|
||||
`Using ${allRunners.length} runners found so far.`,
|
||||
);
|
||||
break;
|
||||
}
|
||||
|
||||
let response: any;
|
||||
try {
|
||||
response = await octokit.request('GET /repos/{owner}/{repo}/actions/runners', {
|
||||
owner,
|
||||
repo,
|
||||
per_page: perPage,
|
||||
page,
|
||||
});
|
||||
} catch (requestError: any) {
|
||||
// Octokit throws for non-2xx responses. Check if this is a rate limit error.
|
||||
const status = requestError.status ?? requestError.response?.status;
|
||||
if (status === 403 || status === 429) {
|
||||
const resetTime =
|
||||
requestError.response?.headers?.['x-ratelimit-reset'] ?? requestError.headers?.['x-ratelimit-reset'];
|
||||
const resetMessage = resetTime
|
||||
? ` Resets at ${new Date(Number.parseInt(String(resetTime), 10) * 1000).toISOString()}`
|
||||
: '';
|
||||
OrchestratorLogger.logWarning(
|
||||
`[RunnerAvailability] GitHub API rate limit reached (HTTP ${status}).${resetMessage} ` +
|
||||
`Using ${allRunners.length} runners found so far.`,
|
||||
);
|
||||
break;
|
||||
}
|
||||
// Re-throw non-rate-limit errors to be handled by the outer catch
|
||||
throw requestError;
|
||||
}
|
||||
|
||||
const runners = (response.data.runners || []) as GitHubRunner[];
|
||||
allRunners.push(...runners);
|
||||
|
||||
if (runners.length < perPage) break;
|
||||
page++;
|
||||
}
|
||||
|
||||
if (page > MAX_PAGINATION_PAGES) {
|
||||
OrchestratorLogger.logWarning(
|
||||
`[RunnerAvailability] Maximum pagination limit reached (${MAX_PAGINATION_PAGES} pages). ` +
|
||||
`Using ${allRunners.length} runners found so far.`,
|
||||
);
|
||||
}
|
||||
|
||||
if (allRunners.length === 0) {
|
||||
OrchestratorLogger.log(
|
||||
'[RunnerAvailability] No runners found. Possible causes: ' +
|
||||
'wrong token permissions (needs repo or actions scope), ' +
|
||||
'no self-hosted runners registered, ' +
|
||||
'or runners are registered at the organization level instead of the repository.',
|
||||
);
|
||||
}
|
||||
|
||||
return allRunners;
|
||||
}
|
||||
|
||||
/**
|
||||
* Filter runners by required labels. A runner matches if it has ALL required labels.
|
||||
* If requiredLabels is empty, all runners match.
|
||||
*/
|
||||
private static filterByLabels(runners: GitHubRunner[], requiredLabels: string[]): GitHubRunner[] {
|
||||
if (requiredLabels.length === 0) return runners;
|
||||
|
||||
return runners.filter((runner) => {
|
||||
const runnerLabelNames = runner.labels.map((l) => l.name.toLowerCase());
|
||||
|
||||
return requiredLabels.every((required) => runnerLabelNames.includes(required.toLowerCase()));
|
||||
});
|
||||
}
|
||||
}
|
||||
@@ -27,7 +27,6 @@ printenv
|
||||
git config --global advice.detachedHead false
|
||||
git config --global filter.lfs.smudge "git-lfs smudge --skip -- %f"
|
||||
git config --global filter.lfs.process "git-lfs filter-process --skip"
|
||||
${OrchestratorFolders.gitAuthConfigScript}
|
||||
BRANCH="${Orchestrator.buildParameters.orchestratorBranch}"
|
||||
REPO="${OrchestratorFolders.unityBuilderRepoUrl}"
|
||||
if [ -n "$(git ls-remote --heads "$REPO" "$BRANCH" 2>/dev/null)" ]; then
|
||||
|
||||
@@ -92,7 +92,6 @@ export class BuildAutomationWorkflow implements WorkflowInterface {
|
||||
const commands = `mkdir -p ${OrchestratorFolders.ToLinuxFolder(
|
||||
OrchestratorFolders.builderPathAbsolute,
|
||||
)}
|
||||
${OrchestratorFolders.gitAuthConfigScript}
|
||||
BRANCH="${Orchestrator.buildParameters.orchestratorBranch}"
|
||||
REPO="${OrchestratorFolders.unityBuilderRepoUrl}"
|
||||
DEST="${OrchestratorFolders.ToLinuxFolder(OrchestratorFolders.builderPathAbsolute)}"
|
||||
|
||||
Reference in New Issue
Block a user