actions
Proxy configuration for runner should not be forwarded to service containers
Describe the bug
When setting proxy variables for self-hosted runners, those proxy vars are forwarded to service containers. This behavior is impossible to override, as both lowercase and uppercase versions of the proxy variables are added as environment vars to the service container, but setting both http_proxy and HTTP_PROXY in jobs.<job>.services.<service>.env is disallowed (they are considered duplicates).
Generally speaking, I think the proxy configuration for self-hosted runners should not be forwarded to service containers or jobs at all. If jobs/service containers need proxy configuration, that can easily be added in the workflows yaml file. The proxy for the self-hosted runner is only there for the runner to connect to github.com.
To Reproduce Steps to reproduce the behavior:
- Setup a self-hosted runner and add
http_proxy,https_proxyandno_proxyto .env. - Start runner.
- Trigger a workflow with a service container.
- Notice that the service container is started with
-e http_proxy=...etc, even though those variables are not specified in the workflow yaml file. - Try in vain to override both
http_proxyandHTTP_PROXYfor the service container by editingjobs.<job>.services.<service>.envin your workflows yaml.
Expected behavior Proxy configuration for a self-hosted runner should be only for the self-hosted runner. It is needed for the runner to connect to github.com. The proxy configuration should not be assumed to work for jobs and service containers spawned by the runner.
Runner Version and Platform
Version: 2.299.1 OS: Linux
What's not working?
It is impossible to use a self hosted runner behind a proxy, and run service containers without proxy on that runner.
Job Log Output
N/A
Runner and Worker's Diagnostic Logs
N/A
