runner icon indicating copy to clipboard operation
runner copied to clipboard
verified publisher icon actions

Setting `ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION` only works at workflow (not job/step) level

Open MPV opened this issue 1 year ago • 3 comments

Describe the bug

To Reproduce Steps to reproduce the behavior:

  1. Use an action that fails on node20 but works on node16
  2. Set the ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true at the jobs.<job_id>.steps[*].env step level
  3. Run workflow

Expected behavior While the blog post on the matter says:

To opt out of this and continue using Node16 while it is still available in the runner, you can choose to set ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true as an ‘env’ in their workflow or as an environment variable on your runner machine.

...it would make a lot more sense to just pick the older node version for just the steps (actions) that actually require it, so one can run this compatibility mode only for those single actions that actually require it (and keep it clear to maintainers and not obscure any other actions in the same workflow that may be added at a later time but also still require an upgrade).

Runner Version and Platform

Version of your runner? 2.317.0

OS of the machine running the runner? Linux

What's not working?

Seeing step output mentioning Node.js v20.13.1 when setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION at the jobs.<job_id>.steps[*].env step level.

...until I set ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION at the env workflow level.

MPV avatar Jul 04 '24 10:07 MPV

If it helps, I suspect this is the related code: https://github.com/actions/runner/blob/70746ff593636b07ad251a1525a3fabd1a7a36e9/src/Runner.Worker/JobRunner.cs#L293-L297

MPV avatar Jul 04 '24 12:07 MPV

We are getting the same issues as of yesterday, it seems to be effecting a lot of people since yesterday.

Just a couple I stumbled upon: https://github.com/actions/checkout/issues/1590 https://github.com/arenadata/gpdb/pull/986 https://github.com/actions/runner/issues/3373 https://github.com/actions/checkout/issues/1809

SirSaunders avatar Jul 05 '24 13:07 SirSaunders

If you do not want to update ALL the steps and workflow yamls you can add an env var on the runner. I did the following

cd actions-runner && echo "ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true" >> .env

Note: action-runner is the name of the folder I unpacked my runner to when I first set it up, yours may be named differently. The .env loads all the env var for the runner from there.

Ref the github actions doc here: https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/using-a-proxy-server-with-self-hosted-runners#using-a-env-file-to-set-the-proxy-configuration

SirSaunders avatar Jul 05 '24 15:07 SirSaunders

Given that SirSaunders has proposed a way to add the envVar onto the runner, I am going to close this for now. It would be great if we could make this more granular but right now this isn't a priority for us :(

nebuk89 avatar Aug 29 '24 14:08 nebuk89