Does this work with GHES?

[AndyG-0]

We are using GitHub Enterprise. Is there a way to make this work with GHES? At first glance of the code it doesn't appear there is a way to over-ride this going to gh.com.

[libbys01]

@mikedrexler ☝️ who needs to see this to answer?

[mikedrexler]

Hi @AndyG-0 ! I'm not sure what you are asking. Our virtual runners may be downloaded at https://github.com/actions/virtual-environments. Sorry if I misinterpret.

[AndyG-0]

@mikedrexler Trying to run this locally. It appears that the first thing it does is try to connect to api.github.com:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 370, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.8/ssl.py", line 1040, in _create self.do_handshake() File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:1131) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.github.com', port=443): Max retries exceeded with url: /repos/github/codeql-cli-binaries (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1131)'))) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/startup_scripts/setup.py", line 57, in setup() File "/usr/local/startup_scripts/setup.py", line 39, in setup get_latest_codeql(args) File "/usr/local/startup_scripts/setup.py", line 46, in get_latest_codeql latest_online_version = codeql.get_latest_codeql_github_version() File "/usr/local/startup_scripts/libs/codeql.py", line 80, in get_latest_codeql_github_version return get_latest_github_repo_version("github/codeql-cli-binaries") File "/usr/local/startup_scripts/libs/github.py", line 6, in get_latest_github_repo_version repo = client.get_repo(repo) File "/usr/local/lib/python3.8/dist-packages/github/MainClass.py", line 294, in get_repo headers, data = self.__requester.requestJsonAndCheck( File "/usr/local/lib/python3.8/dist-packages/github/Requester.py", line 275, in requestJsonAndCheck return self.__check(*self.requestJson(verb, url, parameters, headers, input, self.__customConnection(url))) File "/usr/local/lib/python3.8/dist-packages/github/Requester.py", line 335, in requestJson return self.__requestEncode(cnx, verb, url, parameters, headers, input, encode) File "/usr/local/lib/python3.8/dist-packages/github/Requester.py", line 388, in __requestEncode status, responseHeaders, output = self.__requestRaw(cnx, verb, url, requestHeaders, encoded_input) File "/usr/local/lib/python3.8/dist-packages/github/Requester.py", line 412, in __requestRaw response = cnx.getresponse() File "/usr/local/lib/python3.8/dist-packages/github/Requester.py", line 114, in getresponse r = verb(url, headers=self.headers, data=self.input, timeout=self.timeout, verify=self.verify, allow_redirects=False) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 546, in get return self.request('GET', url, **kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='api.github.com', port=443): Max retries exceeded with url: /repos/github/codeql-cli-binaries (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1131)'))) Error 1 executing from command. Exiting... Command Output: [2022-04-07 19:12:16,397] INFO: Starting setup... [2022-04-07 19:12:17,141] INFO: Current codeql version: v2.7.6

This is failing of course because I'm behind a proxy and it's not configured in the image but our repos are on our GHES Server not github.com. It however looks like the python script is first connecting to the gh.com api. I would like to connect to our internal GHES vs github.com.

Besides local we could also use this image in our container based CI platforms as well.

It looks like the link provided is for virtual machines and not images, which would not work easily with our container based CI platforms.

If there are instructions on how to get the image to work with GHES, they would be appreciated.

[jacobmsft]

Hey Andy, Mike, sorry for the late reply. Yes, right now the assumption in the script is that the cli and queries are being downloaded from the public github site. We can possibly introduce a override environment variable for each so the connection can be redirected. If you are interesting in sending a PR my way, please feel free. If not, I'll add it to my todo list and prioritize. Thanks for reporting the problem!