runner
runner copied to clipboard
actions
Configuration tries to use the registration endpoint even when passed `--token <token>`
Describe the bug
When running the configuration of the runner unattended, some means of authenticating is required. The documentation at https://docs.github.com/en/rest/actions/self-hosted-runners#create-a-registration-token-for-an-organization claims that a token from that endpoint can be used with the --token <token> option. Instead, the runner attempts to obtain a new one with a PAT that may or may not be passed to it (See ConfigurationManager.cs#L111) In the case that it isn't, the configuration fails with a 404.
To Reproduce Steps to reproduce the behavior:
- Obtain a registration token from
https://api.github.com/orgs/ORG/actions/runners/registration-token, whereORGis a valid organization. Call this registration tokenTOKEN. - Run
./config --unattended --url https://github.com/ORG --token TOKEN - An error is printed out and the runner exits
Expected behavior What is described to be possible in https://docs.github.com/en/rest/actions/self-hosted-runners#create-a-registration-token-for-an-organization
Runner Version and Platform
Version 2.291.1, Commit 496ec0df97891bd8e50f4431d01874ac3ab75a93
OS of the machine running the runner? OSX/Windows/Linux/... Linux, Ubuntu 20.04.4 LTS
What's not working?
Http response code: NotFound from 'POST https://api.github.com/actions/runner-registration'
{"message":"Not Found","documentation_url":"https://docs.github.com/rest"}
Response status code does not indicate success: 404 (Not Found).
Job Log Output
N/A
Runner and Worker's Diagnostic Logs
N/A
Hi @Caeleron, Thanks for reporting this issue. I'll try to reproduce it, so I'll get back to you as soon as I have more information.
I tried to reproduce the issue you reported, but I had no problem with org runner configuration. Are you sure that your token just didn't expire, since the token generated this way expires after an hour?
I used the token immediately after generating it. I know that the PAT used to generate the registration token is valid and has the permissions needed because passing it to the runner via --pat PAT works.
Hi @Caeleron,
My coworker and I tried to reproduce this issue again, but we had no problems configuring the runner. I'm sending you a link to the documentation where you have instructions for self-checking (mainly connection/internet stuff and similar). Let me know if any of this helped you.
The runner is able to access GitHub without any issues. In fact, the registration endpoint works when called from the runner when passed a valid PAT. However, the problem happens when I try to manually produce the registration token using the same PAT and endpoint as the runner, which produces a valid token but the runner instead attempts to use it as a token to request a registration token.
I found the debug traces for both cases.
Using token:
[2022-05-10 15:02:21Z INFO ConfigurationManager] ConfigureAsync
[2022-05-10 15:02:21Z INFO ConfigurationStore] IsConfigured()
[2022-05-10 15:02:21Z INFO ConfigurationStore] IsConfigured: False
[2022-05-10 15:02:21Z INFO ConfigurationManager] Is configured: False
[2022-05-10 15:02:21Z INFO CommandSettings] Arg 'url': 'https://github.com/ORG'
[2022-05-10 15:02:21Z INFO CommandSettings] Remove url from Arg dictionary.
[2022-05-10 15:02:21Z INFO CommandSettings] Arg 'token': '***'
[2022-05-10 15:02:21Z INFO CommandSettings] Remove token from Arg dictionary.
[2022-05-10 15:02:21Z ERR Terminal] WRITE ERROR: Http response code: NotFound from 'POST https://api.github.com/actions/runner-registration'
[2022-05-10 15:02:21Z ERR Terminal] WRITE ERROR: {"message":"Not Found","documentation_url":"https://docs.github.com/rest"}
[2022-05-10 15:02:21Z ERR Runner] System.Net.Http.HttpRequestException: Response status code does not indicate success: 404 (Not Found).
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at GitHub.Runner.Listener.Configuration.ConfigurationManager.GetTenantCredential(String githubUrl, String githubToken, String runnerEvent)
at GitHub.Runner.Listener.Configuration.ConfigurationManager.ConfigureAsync(CommandSettings command)
at GitHub.Runner.Listener.Runner.ExecuteCommand(CommandSettings command)
Using PAT:
[2022-05-10 17:48:06Z INFO ConfigurationManager] ConfigureAsync
[2022-05-10 17:48:06Z INFO ConfigurationStore] IsConfigured()
[2022-05-10 17:48:06Z INFO ConfigurationStore] IsConfigured: False
[2022-05-10 17:48:06Z INFO ConfigurationManager] Is configured: False
[2022-05-10 17:48:06Z INFO CommandSettings] Arg 'url': 'https://github.com/ORG'
[2022-05-10 17:48:06Z INFO CommandSettings] Remove url from Arg dictionary.
[2022-05-10 17:48:06Z INFO ConfigurationManager] Retriving runner registration token using GitHub PAT.
[2022-05-10 17:48:06Z INFO ConfigurationManager] Http response code: Created from 'POST https://api.github.com/orgs/ORG/actions/runners/registration-token'
[2022-05-10 17:48:07Z INFO ConfigurationManager] Retrived runner registration token is good to 2022-05-10T14:48:06.708-04:00.
[2022-05-10 17:48:07Z INFO ConfigurationManager] Http response code: OK from 'POST https://api.github.com/actions/runner-registration'
[2022-05-10 17:48:07Z INFO ConfigurationManager] cred retrieved via GitHub auth
As a reminder, this is using the same PAT for both, so there is no way that the PAT can be invalid.
We are having the same issue, our entrypoint is here:
https://gist.github.com/neilmock/2b996ddc17bb8dd5bfe23a18f1e1d968
Note: the token provided in
https://github.com/organizations/
is not static, it expires fast so this happens when not using the token immediately
This is not using the token generated by the web interface at https://github.com/organizations/ORG/settings/actions/runners/new. This is using the API endpoint at https://api.github.com/orgs/ORG/actions/runners/registration-token.
The use case for all of this is generating runners on the fly without someone manually configuring the instance through the web interface.
I have the issue too, I'm running auto-scaled instances. I fixed it by getting a new token. So the issue appears to be the length of time the tokens are valid for, we can't specify a length, nor is it documented what it is, so it's almost useless for our longer running auto-scaled instances.
I think GitHub changed the API, check here: https://docs.github.com/en/rest/actions/self-hosted-runners#create-a-registration-token-for-an-organization
The documentation and API looks to be the same from when I was referring to it back in May 2022. The example curl command and subsequent call to ./config.sh also looks the same to what I had originally attempted. (See original post)
I am seeing the same issue, but its not consistent. Sometimes, registration goes through, few times, it fails.
What that 404 stands for here? If that short lived token is already expired - then we should be getting 401 or 403 ideally, but I'm also getting same as others when token is expired:
[runner] | # Authentication
[runner] |
Http response code: NotFound from 'POST https://api.github.com/actions/runner-registration'
{"message":"Not Found","documentation_url":"https://docs.github.com/rest"}
Response status code does not indicate success: 404 (Not Found).
An error occurred: Not configured. Run config.(sh/cmd) to configure the runner.
exit code: 1
At the moment utilizing version 2.300.2 of runner.
I used the token immediately after generating it. I know that the PAT used to generate the registration token is valid and has the permissions needed because passing it to the runner via
--pat PATworks.
the --pat was fixing my Problem with the Registration, Thanks!
Using personal access token with fine-grained permissions work fine for me
Hi All, I'll close this issue since the problem is not happening anymore. If anybody counters a similar issue feel free to reopen the issue and we'll investigate further.
@ruvceskistefan The issue is definitely not fixed. People have been misreading the issue and claiming it has been working. It is not fixed.
The personal access token works, but that is not the bug at hand. The bug is that the --token field does not work.
@ruvceskistefan The issue was an expired token for me. I think the response code should be updated. A 404 is not sufficient for this error.
@oojacoboo This issue has nothing to do with expired personal access tokens. This is involving the registration token that can be generated here: https://docs.github.com/en/rest/actions/self-hosted-runners#create-a-registration-token-for-an-organization
@ruvceskistefan Please reopen the issue, as the issue is not fixed. I don't seem to have the ability to. I will need to make a new issue if this is not re-opened.
I'm having this error as well, the message is not that clear.
$ ./config.sh --url https://github.com/TeamAround/Around --token TOKEN
--------------------------------------------------------------------------------
| ____ _ _ _ _ _ _ _ _ |
| / ___(_) |_| | | |_ _| |__ / \ ___| |_(_) ___ _ __ ___ |
| | | _| | __| |_| | | | | '_ \ / _ \ / __| __| |/ _ \| '_ \/ __| |
| | |_| | | |_| _ | |_| | |_) | / ___ \ (__| |_| | (_) | | | \__ \ |
| \____|_|\__|_| |_|\__,_|_.__/ /_/ \_\___|\__|_|\___/|_| |_|___/ |
| |
| Self-hosted runner registration |
| |
--------------------------------------------------------------------------------
# Authentication
Http response code: NotFound from 'POST https://api.github.com/actions/runner-registration' (Request Id: ID)
{"message":"Not Found","documentation_url":"https://docs.github.com/rest"}
Response status code does not indicate success: 404 (Not Found).
~~I'm seeing the same issue, trying to use it within Google AppEngine as described here~~ Wrong token, there were some privileges missing - sorry for the noise.
~~I'm seeing the same error as well. None of my runners are registering with ./config.sh --url https://github.com/my-org --token TOKEN.~~ Had an expired PAT that needed to get swapped out. 🤦
[2023-03-21 20:56:54Z INFO CommandSettings] Arg 'token': '***'
[2023-03-21 20:56:54Z INFO CommandSettings] Remove token from Arg dictionary.
[2023-03-21 20:56:57Z ERR Terminal] WRITE ERROR: Http response code: NotFound from 'POST https://api.github.com/actions/runner-registration'
[2023-03-21 20:56:57Z ERR Terminal] WRITE ERROR: {"message":"Not Found","documentation_url":"https://docs.github.com/rest"}
[2023-03-21 20:56:58Z ERR Runner] System.Net.Http.HttpRequestException: Response status code does not indicate success: 404 (Not Found).
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at GitHub.Runner.Listener.Configuration.ConfigurationManager.GetTenantCredential(String githubUrl, String githubToken, String runnerEvent)
at GitHub.Runner.Listener.Configuration.ConfigurationManager.ConfigureAsync(CommandSettings command)
at GitHub.Runner.Listener.Runner.ExecuteCommand(CommandSettings command)
[2023-03-21 20:56:58Z ERR Terminal] WRITE ERROR: Response status code does not indicate success: 404 (Not Found).
[2023-03-21 20:56:58Z INFO Listener] Runner execution has finished with return code 1
I am having a similar problem. I am not able to generate a REG_TOKEN by api request, getting
{ "message": "Must have admin rights to Repository.", "documentation_url": "https://docs.github.com/rest/reference/actions#create-a-registration-token-for-an-organization" }
the PAT is not expired and has all rights (admin:org, repo, workflow) and it even works for testing the runner with --pat argument.
Starting the runner manually with REG_TOKEN from https://api.github.com/orgs/datavisyn/actions/runners/registration-token works
I was getting the same error message trying to register an org level runner. Turns out my script was generating the --url with a trailing forward slash. ie: https://github.com/ORG/ Removing the trailing slash allowed the registration to complete successfully.
I found a new hint.
There are two apis for getting the registration-token, one for ORG level and one for REPO level.
That was the incorrect token that I was using. The process now works if I manually generate the registration token for the REPO (My scenario).
I am also getting the same error :- ./config.cmd : Http response code: NotFound from 'POST https://api.github.com/actions/runner-registration' (Request Id: DEDA:5AF3:4E20ED:9F4F63:6494602A) At line:1 char:1
- ./config.cmd --url https://github.com/dyedurham/github-actions-course ...
-
+ CategoryInfo : NotSpecified: (Http response c...F4F63:6494602A):String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError
{"message":"Not Found","documentation_url":"https://docs.github.com/rest"} Response status code does not indicate success: 404 (Not Found).
