runner
runner copied to clipboard
actions
Arm Runner authentication broken w/ .Net 6.0 & .Net 8.0 on Ubuntu 24.x, fixed with .Net 9.0. "The SSL connection could not be established, see inner exception."
The runner fails to authenticate with Github when using the arm runner in an Ubuntu 24.x based container. Logs indicate a "The remote certificate is invalid because of errors in the certificate chain: NotTimeValid" error. This appears to be due to arm32 Y2038 compatibility issues with the underlying Ubuntu/Debian operating systems moving to 64-bit time.
Fixes are in .Net 9.0, but will not be backported to .Net 8.0 as per https://github.com/dotnet/core/discussions/9285
See: https://github.com/dotnet/runtime/issues/101444 https://github.com/dotnet/runtime/issues/96460 https://github.com/dotnet/runtime/pull/102410
Working patch (Just adjusting to use .Net 9.0): https://github.com/satmandu/runner/pull/1
I requested a backport at https://github.com/dotnet/runtime/issues/109161 but it's clear that this isn't going to happen and that for newer linux distribution based usage on arm32 .Net 9.0 will be needed.
This is what I see:
docker@7f94f0525ad7:/$ /start.sh
--------------------------------------------------------------------------------
| ____ _ _ _ _ _ _ _ _ |
| / ___(_) |_| | | |_ _| |__ / \ ___| |_(_) ___ _ __ ___ |
| | | _| | __| |_| | | | | '_ \ / _ \ / __| __| |/ _ \| '_ \/ __| |
| | |_| | | |_| _ | |_| | |_) | / ___ \ (__| |_| | (_) | | | \__ \ |
| \____|_|\__|_| |_|\__,_|_.__/ /_/ \_\___|\__|_|\___/|_| |_|___/ |
| |
| Self-hosted runner registration |
| |
--------------------------------------------------------------------------------
# Authentication
The SSL connection could not be established, see inner exception.
An error occurred: Not configured. Run config.(sh/cmd) to configure the runner.
Runner listener exit with terminated error, stop the service, no retry needed.
Exiting runner...
docker@7f94f0525ad7:/$ cat start.sh
#!/bin/bash
ORGANIZATION=$ORGANIZATION
ACCESS_TOKEN=$ACCESS_TOKEN
cd /home/docker/actions-runner
export DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER=0
./config.sh --url https://github.com/${ORGANIZATION} --token ${ACCESS_TOKEN}
cleanup() {
echo "Removing runner..."
./config.sh remove --unattended --token ${ACCESS_TOKEN}
}
trap 'cleanup; exit 130' INT
trap 'cleanup; exit 143' TERM
./run.sh & wait $!
Digging in I see this error when running ./config.sh --check --url https://github.com/${ORGANIZATION} --pat ${ACCESS_TOKEN} (with DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER=0 set):
docker@7f94f0525ad7:~/actions-runner$ ./config.sh --check --url https://github.com/${ORGANIZATION} --pat ${ACCESS_TOKEN}
**********************************************************************************************************************
** Check: Internet Connection
** Description: Check if the Actions runner has internet access.
**********************************************************************************************************************
** **
** F A I L **
** **
**********************************************************************************************************************
** Log: /home/docker/actions-runner/_diag/InternetCheck_20241011-161958-utc.log
** Help Doc: https://github.com/actions/runner/blob/main/docs/checks/internet.md
**********************************************************************************************************************
**********************************************************************************************************************
** Check: GitHub Actions Connection
** Description: Check if the Actions runner has access to the GitHub Actions service.
**********************************************************************************************************************
** **
** F A I L **
** **
**********************************************************************************************************************
** Log: /home/docker/actions-runner/_diag/ActionsCheck_20241011-161958-utc.log
** Help Doc: https://github.com/actions/runner/blob/main/docs/checks/actions.md
**********************************************************************************************************************
**********************************************************************************************************************
** Check: Git Certificate/Proxy Validation
** Description: Check if the Git CLI can access GitHub.com or GitHub Enterprise Server.
**********************************************************************************************************************
** **
** P A S S **
** **
**********************************************************************************************************************
** Log: /home/docker/actions-runner/_diag/GitCheck_20241011-161958-utc.log
**********************************************************************************************************************
Looking at one of these InternetCheck logs in more detail:
w/o DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER=0 set:
2024-10-11T16:28:15.9689744Z ***************************************************************************************************************
2024-10-11T16:28:15.9832297Z ***************************************************************************************************************
2024-10-11T16:28:15.9832694Z **** ****
2024-10-11T16:28:15.9832709Z **** Try DNS lookup for api.github.com
2024-10-11T16:28:15.9834863Z **** ****
2024-10-11T16:28:15.9834879Z ***************************************************************************************************************
2024-10-11T16:28:15.9899717Z Resolved DNS for api.github.com to '140.82.114.6'
2024-10-11T16:28:15.9886904Z ***************************************************************************************************************
2024-10-11T16:28:15.9886976Z **** ****
2024-10-11T16:28:15.9886990Z **** Try ping api.github.com
2024-10-11T16:28:15.9887121Z **** ****
2024-10-11T16:28:15.9887133Z ***************************************************************************************************************
2024-10-11T16:28:16.0345088Z Ping api.github.com (140.82.114.6) succeed within to '10 ms'
2024-10-11T16:28:15.9968608Z ***************************************************************************************************************
2024-10-11T16:28:15.9968695Z **** ****
2024-10-11T16:28:15.9968710Z **** Send HTTPS Request (GET) to https://api.github.com
2024-10-11T16:28:15.9968724Z **** ****
2024-10-11T16:28:15.9968735Z ***************************************************************************************************************
2024-10-11T16:28:16.0354893Z [START System.Net.Http - RequestStart]
2024-10-11T16:28:16.0365428Z https
2024-10-11T16:28:16.0365778Z api.github.com
2024-10-11T16:28:16.0365928Z 443
2024-10-11T16:28:16.0365961Z /
2024-10-11T16:28:16.0366030Z 1
2024-10-11T16:28:16.0366049Z 1
2024-10-11T16:28:16.0366071Z 0
2024-10-11T16:28:16.0366194Z [END System.Net.Http - RequestStart]
2024-10-11T16:28:16.0464598Z [START Private.InternalDiagnostics.System.Net.Http - HandlerMessage]
2024-10-11T16:28:16.0464944Z 63062333
2024-10-11T16:28:16.0464982Z 0
2024-10-11T16:28:16.0465014Z 0
2024-10-11T16:28:16.0465031Z .ctor
2024-10-11T16:28:16.0465047Z HttpConnectionPool https://api.github.com:443
2024-10-11T16:28:16.0465107Z [END Private.InternalDiagnostics.System.Net.Http - HandlerMessage]
2024-10-11T16:28:16.0510496Z [START Private.InternalDiagnostics.System.Net.Http - HandlerMessage]
2024-10-11T16:28:16.0510674Z 63062333
2024-10-11T16:28:16.0510712Z 0
2024-10-11T16:28:16.0510731Z 0
2024-10-11T16:28:16.0510749Z CheckForHttp11ConnectionInjection
2024-10-11T16:28:16.0510767Z Available HTTP/1.1 connections: 0, Requests in the queue: 1, Pending HTTP/1.1 connections: 0, Total associated HTTP/1.1 connections: 0, Max HTTP/1.1 connection limit: 2147483647.
2024-10-11T16:28:16.0510782Z [END Private.InternalDiagnostics.System.Net.Http - HandlerMessage]
2024-10-11T16:28:16.0513230Z [START Private.InternalDiagnostics.System.Net.Http - HandlerMessage]
2024-10-11T16:28:16.0513319Z 63062333
2024-10-11T16:28:16.0513354Z 0
2024-10-11T16:28:16.0513375Z 0
2024-10-11T16:28:16.0513392Z GetHttp11ConnectionAsync
2024-10-11T16:28:16.0513439Z No available HTTP/1.1 connections; request queued.
2024-10-11T16:28:16.0513457Z [END Private.InternalDiagnostics.System.Net.Http - HandlerMessage]
2024-10-11T16:28:16.0516660Z [START Private.InternalDiagnostics.System.Net.Http - HandlerMessage]
2024-10-11T16:28:16.0516837Z 63062333
2024-10-11T16:28:16.0516870Z 0
2024-10-11T16:28:16.0516889Z 0
2024-10-11T16:28:16.0516908Z AddHttp11ConnectionAsync
2024-10-11T16:28:16.0516928Z Creating new HTTP/1.1 connection for pool.
2024-10-11T16:28:16.0516943Z [END Private.InternalDiagnostics.System.Net.Http - HandlerMessage]
2024-10-11T16:28:16.0782091Z [START System.Net.Security - HandshakeStart]
2024-10-11T16:28:16.0782251Z False
2024-10-11T16:28:16.0782282Z api.github.com
2024-10-11T16:28:16.0782301Z [END System.Net.Security - HandshakeStart]
2024-10-11T16:28:16.0997788Z [START Private.InternalDiagnostics.System.Net.Security - SentFrame]
2024-10-11T16:28:16.0997995Z SslStream#41622463
2024-10-11T16:28:16.0998040Z Tls:ClientHello[288] TargetName='api.github.com' SupportedVersion='Tls, Tls12, Tls13' ApplicationProtocols='None'
2024-10-11T16:28:16.0998075Z 1
2024-10-11T16:28:16.0998091Z [END Private.InternalDiagnostics.System.Net.Security - SentFrame]
2024-10-11T16:28:16.1108168Z [START Private.InternalDiagnostics.System.Net.Security - SentFrame]
2024-10-11T16:28:16.1108338Z SslStream#41622463
2024-10-11T16:28:16.1108368Z Tls12:ChangeCipherSpec[1]
2024-10-11T16:28:16.1108399Z 0
2024-10-11T16:28:16.1108419Z [END Private.InternalDiagnostics.System.Net.Security - SentFrame]
2024-10-11T16:28:16.1321056Z [START Private.InternalDiagnostics.System.Net.Security - RemoteCertificate]
2024-10-11T16:28:16.1321470Z [Version]
2024-10-11T16:28:16.1321495Z V3
2024-10-11T16:28:16.1321509Z
2024-10-11T16:28:16.1321522Z [Subject]
2024-10-11T16:28:16.1321533Z CN=*.github.com
2024-10-11T16:28:16.1321543Z Simple Name: *.github.com
2024-10-11T16:28:16.1321552Z DNS Name: *.github.com
2024-10-11T16:28:16.1321658Z
2024-10-11T16:28:16.1321670Z [Issuer]
2024-10-11T16:28:16.1321680Z CN=Sectigo ECC Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
2024-10-11T16:28:16.1321691Z Simple Name: Sectigo ECC Domain Validation Secure Server CA
2024-10-11T16:28:16.1321717Z DNS Name: Sectigo ECC Domain Validation Secure Server CA
2024-10-11T16:28:16.1321728Z
2024-10-11T16:28:16.1321738Z [Serial Number]
2024-10-11T16:28:16.1321748Z 008BDC0FFF54772FAAD173273F23362AAF
2024-10-11T16:28:16.1321758Z
2024-10-11T16:28:16.1321767Z [Not Before]
2024-10-11T16:28:16.1321776Z 03/07/2024 00:00:00
2024-10-11T16:28:16.1321785Z
2024-10-11T16:28:16.1321794Z [Not After]
2024-10-11T16:28:16.1321805Z 03/07/2025 23:59:59
2024-10-11T16:28:16.1321841Z
2024-10-11T16:28:16.1321913Z [Thumbprint]
2024-10-11T16:28:16.1321923Z 0DF6EC50FAEDAE6E13AF829452F7111B0ACF7C20
2024-10-11T16:28:16.1321933Z
2024-10-11T16:28:16.1321942Z [Signature Algorithm]
2024-10-11T16:28:16.1321951Z sha256ECDSA(1.2.840.10045.4.3.2)
2024-10-11T16:28:16.1321961Z
2024-10-11T16:28:16.1321970Z [Public Key]
2024-10-11T16:28:16.1321979Z Algorithm: ECC
2024-10-11T16:28:16.1321988Z Length:
2024-10-11T16:28:16.1321997Z Key Blob: 0470031849449B010A4133A3093799110F9815A71BCA420A43E234388D8D42A8D39E58FEDF3A49FE3F176226AEFA42FE5B3E6BF7B53C43EA9961A0D0D80E886F32
2024-10-11T16:28:16.1322007Z Parameters: 06082A8648CE3D030107
2024-10-11T16:28:16.1322016Z
2024-10-11T16:28:16.1322025Z [Extensions]
2024-10-11T16:28:16.1322034Z * X509v3 Authority Key Identifier(2.5.29.35):
2024-10-11T16:28:16.1322043Z F6:85:0A:3B:11:86:E1:04:7D:0E:AA:0B:2C:D2:EE:CC:64:7B:7B:AE
2024-10-11T16:28:16.1322053Z * X509v3 Subject Key Identifier(2.5.29.14):
2024-10-11T16:28:16.1322272Z 2C:D5:9F:32:48:98:6A:F9:B9:5B:BD:65:51:E9:E9:75:D7:20:B1:96
2024-10-11T16:28:16.1322326Z * X509v3 Key Usage(2.5.29.15):
2024-10-11T16:28:16.1322337Z Digital Signature
2024-10-11T16:28:16.1322347Z * X509v3 Basic Constraints(2.5.29.19):
2024-10-11T16:28:16.1322356Z CA:FALSE
2024-10-11T16:28:16.1322366Z * X509v3 Extended Key Usage(2.5.29.37):
2024-10-11T16:28:16.1322375Z TLS Web Server Authentication, TLS Web Client Authentication
2024-10-11T16:28:16.1322385Z * X509v3 Certificate Policies(2.5.29.32):
2024-10-11T16:28:16.1322395Z Policy: 1.3.6.1.4.1.6449.1.2.2.7
2024-10-11T16:28:16.1322404Z
2024-10-11T16:28:16.1322413Z * Authority Information Access(1.3.6.1.5.5.7.1.1):
2024-10-11T16:28:16.1322423Z CA Issuers - URI:http://crt.sectigo.com/SectigoECCDomainValidationSecureServerCA.crt
2024-10-11T16:28:16.1322433Z
2024-10-11T16:28:16.1322442Z * CT Precertificate SCTs(1.3.6.1.4.1.11129.2.4.2):
2024-10-11T16:28:16.1322451Z Signed Certificate Timestamp:
2024-10-11T16:28:16.1322460Z
2024-10-11T16:28:16.1322469Z * X509v3 Subject Alternative Name(2.5.29.17):
2024-10-11T16:28:16.1322479Z DNS:*.github.com, DNS:github.com
2024-10-11T16:28:16.1322488Z
2024-10-11T16:28:16.1322550Z [END Private.InternalDiagnostics.System.Net.Security - RemoteCertificate]
2024-10-11T16:28:16.2478618Z [START Private.InternalDiagnostics.System.Net.Security - RemoteCertificateError]
2024-10-11T16:28:16.2478803Z 31364015
2024-10-11T16:28:16.2478836Z Remote certificate has errors:
2024-10-11T16:28:16.2478854Z [END Private.InternalDiagnostics.System.Net.Security - RemoteCertificateError]
2024-10-11T16:28:16.2479095Z [START Private.InternalDiagnostics.System.Net.Security - RemoteCertificateError]
2024-10-11T16:28:16.2479139Z 31364015
2024-10-11T16:28:16.2479174Z ChainStatus: certificate has expired
2024-10-11T16:28:16.2479188Z [END Private.InternalDiagnostics.System.Net.Security - RemoteCertificateError]
2024-10-11T16:28:16.2495744Z [START System.Net.Security - HandshakeFailed]
2024-10-11T16:28:16.2495915Z False
2024-10-11T16:28:16.2497157Z 171.2801
2024-10-11T16:28:16.2497182Z The remote certificate is invalid because of errors in the certificate chain: NotTimeValid
2024-10-11T16:28:16.2497199Z [END System.Net.Security - HandshakeFailed]
2024-10-11T16:28:16.2497377Z [START System.Net.Security - HandshakeStop]
2024-10-11T16:28:16.2497416Z 0
2024-10-11T16:28:16.2497434Z [END System.Net.Security - HandshakeStop]
2024-10-11T16:28:16.2646056Z [START Private.InternalDiagnostics.System.Net.Http - HandlerMessage]
2024-10-11T16:28:16.2646217Z 63062333
2024-10-11T16:28:16.2646257Z 0
2024-10-11T16:28:16.2646277Z 0
2024-10-11T16:28:16.2646299Z HandleHttp11ConnectionFailure
2024-10-11T16:28:16.2646362Z HTTP/1.1 connection failed: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
2024-10-11T16:28:16.2646375Z ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: NotTimeValid
2024-10-11T16:28:16.2646397Z at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
2024-10-11T16:28:16.2646408Z at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
2024-10-11T16:28:16.2646438Z at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
2024-10-11T16:28:16.2646449Z at System.Net.Security.SslStream.ProcessAuthenticationWithTelemetryAsync(Boolean isAsync, Boolean isApm, CancellationToken cancellationToken)
2024-10-11T16:28:16.2646459Z at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
2024-10-11T16:28:16.2646473Z --- End of inner exception stack trace ---
2024-10-11T16:28:16.2646483Z at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
2024-10-11T16:28:16.2646493Z at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
2024-10-11T16:28:16.2646503Z at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
2024-10-11T16:28:16.2646514Z at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
2024-10-11T16:28:16.2646534Z [END Private.InternalDiagnostics.System.Net.Http - HandlerMessage]
2024-10-11T16:28:16.2665125Z [START System.Net.Http - RequestLeftQueue]
2024-10-11T16:28:16.2665448Z 215.0822
2024-10-11T16:28:16.2665501Z 1
2024-10-11T16:28:16.2665522Z 1
2024-10-11T16:28:16.2665539Z [END System.Net.Http - RequestLeftQueue]
2024-10-11T16:28:16.2685936Z [START System.Net.Http - RequestFailed]
2024-10-11T16:28:16.2686083Z The SSL connection could not be established, see inner exception.
2024-10-11T16:28:16.2686115Z [END System.Net.Http - RequestFailed]
2024-10-11T16:28:16.2706906Z [START Private.InternalDiagnostics.System.Net.Http - ErrorMessage]
2024-10-11T16:28:16.2707005Z HttpClient#66166301
2024-10-11T16:28:16.2707029Z HandleFailure
2024-10-11T16:28:16.2707100Z System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
2024-10-11T16:28:16.2707112Z ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: NotTimeValid
2024-10-11T16:28:16.2707251Z at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
2024-10-11T16:28:16.2707264Z at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
2024-10-11T16:28:16.2707282Z at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
2024-10-11T16:28:16.2707292Z at System.Net.Security.SslStream.ProcessAuthenticationWithTelemetryAsync(Boolean isAsync, Boolean isApm, CancellationToken cancellationToken)
2024-10-11T16:28:16.2707303Z at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
2024-10-11T16:28:16.2707338Z --- End of inner exception stack trace ---
2024-10-11T16:28:16.2707385Z at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
2024-10-11T16:28:16.2707396Z at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
2024-10-11T16:28:16.2707407Z at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
2024-10-11T16:28:16.2707417Z at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
2024-10-11T16:28:16.2707427Z at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
2024-10-11T16:28:16.2707444Z at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
2024-10-11T16:28:16.2707491Z at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
2024-10-11T16:28:16.2707503Z at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
2024-10-11T16:28:16.2707514Z at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
2024-10-11T16:28:16.2707535Z [END Private.InternalDiagnostics.System.Net.Http - ErrorMessage]
2024-10-11T16:28:16.2708732Z [START System.Net.Http - RequestStop]
2024-10-11T16:28:16.2708829Z -1
2024-10-11T16:28:16.2708847Z [END System.Net.Http - RequestStop]
2024-10-11T16:28:16.2732063Z [START Private.InternalDiagnostics.System.Net.Http - HandlerMessage]
2024-10-11T16:28:16.2732173Z 63062333
2024-10-11T16:28:16.2732203Z 0
2024-10-11T16:28:16.2732230Z 0
2024-10-11T16:28:16.2732256Z Dispose
2024-10-11T16:28:16.2732274Z Disposing pool.
2024-10-11T16:28:16.2732287Z [END Private.InternalDiagnostics.System.Net.Http - HandlerMessage]
2024-10-11T16:28:16.2736490Z ***************************************************************************************************************
2024-10-11T16:28:16.2736514Z **** ****
2024-10-11T16:28:16.2736531Z **** Https request 'GET' to https://api.github.com failed with error: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: NotTimeValid
at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Security.SslStream.ProcessAuthenticationWithTelemetryAsync(Boolean isAsync, Boolean isApm, CancellationToken cancellationToken)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at GitHub.Runner.Listener.Check.CheckUtil.CheckHttpsGetRequests(IHostContext hostContext, String url, String pat, String expectedHeader)
2024-10-11T16:28:16.2747472Z **** ****
2024-10-11T16:28:16.2747494Z ***************************************************************************************************************
To Reproduce See Docker image setup info below.
Runner Version and Platform
v2.320 (though v2.319 didn't work either.)
OS of the machine running the runner? Linux (Raspberry PI OS arm64 with an armv7l/armhf docker container cotnaining the runner.)
Job Log Output
--------------------------------------------------------------------------------
| ____ _ _ _ _ _ _ _ _ |
| / ___(_) |_| | | |_ _| |__ / \ ___| |_(_) ___ _ __ ___ |
| | | _| | __| |_| | | | | '_ \ / _ \ / __| __| |/ _ \| '_ \/ __| |
| | |_| | | |_| _ | |_| | |_) | / ___ \ (__| |_| | (_) | | | \__ \ |
| \____|_|\__|_| |_|\__,_|_.__/ /_/ \_\___|\__|_|\___/|_| |_|___/ |
| |
| Self-hosted runner registration |
| |
--------------------------------------------------------------------------------
# Authentication
The SSL connection could not be established, see inner exception.
An error occurred: Not configured. Run config.(sh/cmd) to configure the runner.
Runner listener exit with terminated error, stop the service, no retry needed.
Exiting runner...
Runner and Worker's Diagnostic Logs
Looking at the _diag Runner logs, I see the same thing:
[2024-10-11 13:47:36Z ERR ConfigurationManager] Failed to get tenant credentials -- Attempt: 1
[2024-10-11 13:47:36Z ERR ConfigurationManager] System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: NotTimeValid
at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at GitHub.Runner.Listener.Configuration.ConfigurationManager.GetTenantCredential(String githubUrl, String githubToken, String runnerEvent)
[2024-10-11 13:47:36Z ERR ConfigurationManager] #####################################################
[2024-10-11 13:47:36Z ERR ConfigurationManager] System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: NotTimeValid
This is the Dockerfile I am using:
# install python and the packages the your code depends on along with jq so we can parse JSON
# add additional packages as necessary
RUN DEBIAN_FRONTEND=noninteractive apt-get update -y \
&& apt-get upgrade -y \
&& apt-get install -y --no-install-recommends \
curl jq build-essential libssl-dev libffi-dev python3 python3-venv python3-dev python3-pip \
&& apt-get install -y ca-certificates libicu-dev ruby inetutils-ping vim git gh sudo file \
&& install -m 0755 -d /etc/apt/keyrings \
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc \
&& chmod a+r /etc/apt/keyrings/docker.asc \
&& echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null \
&& apt-get update \
&& apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin \
&& useradd -m docker -g docker \
&& echo "docker ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
# set the github runner version, cd into the user directory, download and unzip the github actions runner
RUN RUNNER_VERSION=$(git -c 'versionsort.suffix=-' ls-remote --exit-code --refs --sort='version:refname' --tags https://github.com/actions/runner '*.*.*' | tail --lines=1 | cut --delimiter='/' --fields=3 | sed 's/v//') \
&& cd /home/docker && mkdir actions-runner && cd actions-runner \
&& curl -O -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-arm-${RUNNER_VERSION}.tar.gz \
&& tar xzf ./actions-runner-linux-arm-${RUNNER_VERSION}.tar.gz && rm ./actions-runner-linux-arm-${RUNNER_VERSION}.tar.gz
RUN --mount=type=bind,target=/input <<EOF1
tee -a /start.sh <<RUNNERSTARTEOF
#!/bin/bash
ORGANIZATION=\$ORGANIZATION
ACCESS_TOKEN=\$ACCESS_TOKEN
cd /home/docker/actions-runner
./config.sh --url https://github.com/\${ORGANIZATION} --token \${ACCESS_TOKEN}
cleanup() {
echo "Removing runner..."
./config.sh remove --unattended --token \${ACCESS_TOKEN}
}
trap 'cleanup; exit 130' INT
trap 'cleanup; exit 143' TERM
./run.sh & wait \$!
RUNNERSTARTEOF
chmod +x /start.sh
EOF1
# since the config and run script for actions are not allowed to be run by root,
# set the user to "docker" so all subsequent commands are run as the docker user
USER docker
# use cmd instead of entrypoint for easier debugging...
CMD ["./start.sh"]
I build the container on a Raspberry Pi 5B running the 64-bit Raspberry Pi OS with 4k pages set via booting with the kernel8.img (which allows me to use armv7l/armv8l functionality) using:
docker build --platform linux/arm/v7 --tag runner-image-arm .
I can start the container thus:
docker run -it --privileged --init -v /var/run/docker.sock:/var/run/docker.sock \
--env ORGANIZATION=<org> \
--env ACCESS_TOKEN=<token> \
--name runner-arm \
--platform linux/arm/v7 \
runner-image-arm
This may be connected to https://github.com/dotnet/runtime/issues/101444
Which was apparently fixed in https://github.com/dotnet/runtime/pull/102410
But just doing a dotnet 8 build of the current runner from master still has the same issue....
So it appears that this is broken with both .Net 6.0 and .Net 8.0, but fixed with .Net 9.0.
I patched from top of tree to use .Net 9.0 RC2, and I am no longer having authentication failures: https://github.com/satmandu/runner/pull/1
I have opened an issue to request that the likely responsible Y2038 fixes be backported from .Net 9.0 to 8.x:
https://github.com/dotnet/runtime/issues/109161
After patching to use .Net 9.0 this is what I get:
RUNNER_ARCH is arm
--------------------------------------------------------------------------------
| ____ _ _ _ _ _ _ _ _ |
| / ___(_) |_| | | |_ _| |__ / \ ___| |_(_) ___ _ __ ___ |
| | | _| | __| |_| | | | | '_ \ / _ \ / __| __| |/ _ \| '_ \/ __| |
| | |_| | | |_| _ | |_| | |_) | / ___ \ (__| |_| | (_) | | | \__ \ |
| \____|_|\__|_| |_|\__,_|_.__/ /_/ \_\___|\__|_|\___/|_| |_|___/ |
| |
| Self-hosted runner registration |
| |
--------------------------------------------------------------------------------
# Authentication
√ Connected to GitHub
# Runner Registration
√ Runner successfully added
√ Runner connection is good
# Runner settings
√ Settings Saved.
√ Connected to GitHub
Current runner version: '2.320.1'
2024-10-23 17:31:40Z: Listening for Jobs
I am also experiencing this issue. I cannot use actions runner on armv7. Is there an older version, where armv7 is still suported?
🤔 Thanks for bring this up. This is really bad for us. We (actions/runner) have to go to dotnet 8 since dotnet 6 ends its LTS 2 days back...
🤔 Thanks for bring this up. This is really bad for us. We (actions/runner) have to go to dotnet 8 since dotnet 6 ends its LTS 2 days back...
Yes I really hope this gets resolved. 👍 But to me it looks like you either pause releasing for armv7 or you skip dotnet 8 and got to dotnet 9 directly. releasing non functional versions does not really make sense
Would your runner work if we disable TLS validation?
export GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY=1 before config the runner.
Would your runner work if we disable TLS validation?
export GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY=1before config the runner.
This sounds unsafe
I am now using the latest release from @satmandu and no longer have this issue
I've been meaning to submit a PR to update to .Net 9.0, which fixes the underlying issue, and was officially released yesterday! (As previously mentioned this fix will not be backported to .Net 8.x .)
But feel free to just compare my main branch to the one here to see what I changed. I rebased yesterday before rebuilding, and the version I built I'm now using in docker containers on a RPI5 for our armv7l Chromebrew unit tests.
(Essentially I'm just using .Net 9.0 on top of the latest Ubuntu LTS, which the MS dev containers require for .Net 9.0 support.)
PR Submitted: https://github.com/actions/runner/pull/3573
Also @TingluoHuang export GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY=1 does not work to fix the issue. (That's one of the first things I tried.)
@satmandu your branch fixed the issue I had when emulating armv7. Through our deployment scheme on actual hardware I still get the same error, which I thought would be related to this issue:
ldd: error: you do not have read permission for `./bin/libcoreclr.so'ldd: error: you do not have read permission for `./bin/libSystem.Security.Cryptography.Native.OpenSsl.so'ldd: error: you do not have read permission for `./bin/libSystem.IO.Compression.Native.so'Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again.An error occurred: Not configured. Run config.(sh/cmd) to configure the runner.Runner listener exit with terminated error, stop the service, no retry needed.Exiting runner...ldd: error: you do not have read permission for `./bin/libcoreclr.so'ldd: error: you do not have read permission for `./bin/libSystem.Security.Cryptography.Native.OpenSsl.so'ldd: error: you do not have read permission for `./bin/libSystem.IO.Compression.Native.so'Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again.An error occurred: Not configured. Run config.(sh/cmd) to configure the runner.Runner listener exit with terminated error, stop the service, no retry needed.Exiting runner...ldd: error: you do not have read permission for `./bin/libcoreclr.so'ldd: error: you do not have read permission for `./bin/libSystem.Security.Cryptography.Native.OpenSsl.so'ldd: error: you do not have read permission for `./bin/libSystem.IO.Compression.Native.so'Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again.An error occurred: Not configured. Run config.(sh/cmd) to configure the runner.Runner listener exit with terminated error, stop the service, no retry needed.Exiting runner...ldd: error: you do not have read permission for `./bin/libcoreclr.so'ldd: error: you do not have read permission for `./bin/libSystem.Security.Cryptography.Native.OpenSsl.so'ldd: error: you do not have read permission for `./bin/libSystem.IO.Compression.Native.so'Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again.An error occurred: Not configured. Run config.(sh/cmd) to configure the runner.Runner listener exit with terminated error, stop the service, no retry needed.Exiting runner...ldd: error: you do not have read permission for `./bin/libcoreclr.so'ldd: error: you do not have read permission for `./bin/libSystem.Security.Cryptography.Native.OpenSsl.so'ldd: error: you do not have read permission for `./bin/libSystem.IO.Compression.Native.so'Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again.An error occurred: Not configured. Run config.(sh/cmd) to configure the runner.Runner listener exit with terminated error, stop the service, no retry needed.Exiting runner...disconnected
@malik-n I can't speak to your specific issue. This is our setup, which we use for our Unit-Test.yml . Maybe you can see how your setup differs from ours?
This is the Dockerfile I am currently using, with actions-runner-linux-arm-2.321.1.tar.gz and actions-runner-linux-arm64-2.321.1.tar.gz and
actions-runner-linux-x64-2.321.1.tar.gz placed in the same dir as the Dockerfile:
# syntax=docker/dockerfile:1-labs
FROM ubuntu:24.10
ENV TZ='America/New_York'
ENV DEBIAN_FRONTEND=noninteractive
# install python and the packages the your code depends on along with jq so we can parse JSON
# add additional packages as necessary
RUN apt-get update -y \
&& apt-get upgrade -y \
&& apt-get install -y --no-install-recommends \
curl jq build-essential libssl-dev libffi-dev python3 python3-venv python3-dev python3-pip \
&& apt-get install -y ca-certificates libicu-dev ruby inetutils-ping vim git gh sudo file golang \
&& git config --global advice.detachedHead false \
&& echo TZ='America/New_York' >> /etc/environment
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Make sure golang is up to date, and rebuild gh-cli off of that.
ARG GO_VERSION=$GO_VERSION
ENV GO_VERSION=$GO_VERSION
ARG GH_CLI_VERSION=$GH_CLI_VERSION
ENV GH_CLI_VERSION=$GH_CLI_VERSION
RUN echo "GH_CLI_VERSION is ${GH_CLI_VERSION}" \
&& echo "GO_VERSION is ${GO_VERSION}" \
&& apt-get update -y \
&& apt-get upgrade -y \
&& apt remove gh -y \
&& mkdir /home/work \
&& cd /home/work \
&& git clone --depth 1 --branch ${GH_CLI_VERSION} https://github.com/cli/cli.git gh-cli \
&& cd gh-cli \
&& GO_LDFLAGS="-s -w" GOOS=linux CGO_ENABLED=0 make install \
&& cd .. \
&& rm -rf gh-cli \
&& apt-get remove golang* -y
RUN install -m 0755 -d /etc/apt/keyrings \
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc \
&& chmod a+r /etc/apt/keyrings/docker.asc \
&& echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null \
&& apt-get update \
&& apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin \
&& apt-get upgrade -y \
&& useradd -m docker -g docker \
&& echo "docker ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
# Get the github runner version, cd into the user directory, download and unzip the github actions runner
ARG RUNNER_VERSION=$RUNNER_VERSION
ENV RUNNER_VERSION=$RUNNER_VERSION
RUN --mount=type=bind,rw,target=/input echo "RUNNER_VERSION is ${RUNNER_VERSION}" \
&& case $( dpkg --print-architecture ) in amd64) RUNNER_ARCH=x64;; arm64) RUNNER_ARCH=arm64;; armhf) RUNNER_ARCH=arm;; *) echo "Runner ARCH not determined." && exit 1 ;; esac \
&& echo "RUNNER_ARCH is ${RUNNER_ARCH}" \
&& cd /home/docker && mkdir actions-runner && cd actions-runner \
&& cp /input/actions-runner-linux-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz . \
&& tar xzf ./actions-runner-linux-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz && rm ./actions-runner-linux-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz
# && curl -O -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz \
# && tar xzf ./actions-runner-linux-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz && rm ./actions-runner-linux-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz
RUN <<EOF1
tee -a /start.sh <<RUNNERSTARTEOF
#!/bin/bash
CONTAINER_ORIGINAL_RUNNER_VERSION="$RUNNER_VERSION"
TZ='America/New_York'
ORGANIZATION=\$ORGANIZATION
ACCESS_TOKEN=\$ACCESS_TOKEN
case \$( dpkg --print-architecture ) in
amd64) RUNNER_ARCH=x64;;
arm64) RUNNER_ARCH=arm64;;
armhf) RUNNER_ARCH=arm;;
*) echo "Runner ARCH not determined." && exit 1 ;;
esac
echo "RUNNER_ARCH is \$RUNNER_ARCH"
cd /home/docker/actions-runner
verlte() {
[ "\$1" = "`echo -e "\$1\n\$2" | sort -V | head -n1`" ]
}
verlt() {
[ "\$1" = "\$2" ] && return 1 || verlte \$1 \$2
}
RUNNER_VERSION=\$(git -c 'versionsort.suffix=-' ls-remote --exit-code --refs --sort='version:refname' --tags https://github.com/actions/runner '*.*.*' | tail --lines=1 | cut --delimiter='/' --fields=3 | sed 's/v//') \
if verlt \$CONTAINER_ORIGINAL_RUNNER_VERSION \$RUNNER_VERSION ; then
echo "Updating GitHub Actions Runner to: \$RUNNER_VERSION"
curl -O -L https://github.com/actions/runner/releases/download/v\${RUNNER_VERSION}/actions-runner-linux-\${RUNNER_ARCH}-\${RUNNER_VERSION}.tar.gz \
&& tar xzf ./actions-runner-linux-\${RUNNER_ARCH}-\${RUNNER_VERSION}.tar.gz && rm ./actions-runner-linux-\${RUNNER_ARCH}-\${RUNNER_VERSION}.tar.gz
fi
./config.sh --unattended --url https://github.com/\${ORGANIZATION} --token \${ACCESS_TOKEN}
cleanup() {
echo "Removing runner..."
./config.sh remove --token \${ACCESS_TOKEN}
}
trap 'cleanup; exit 130' INT
trap 'cleanup; exit 143' TERM
./run.sh & wait \$!
RUNNERSTARTEOF
chmod +x /start.sh
EOF1
# since the config and run script for actions are not allowed to be run by root,
# set the user to "docker" so all subsequent commands are run as the docker user
USER docker
RUN git config --global advice.detachedHead false
# use cmd instead of entrypoint for easier debugging...
CMD ["./start.sh"]
This is the script I am using to build our container:
#!/bin/bash
# build_docker_runner
: "${REPOSITORY:=satmandu}"
GH_CLI_VERSION="$(git -c 'versionsort.suffix=-' ls-remote --exit-code --refs --sort='version:refname' --tags https://github.com/cli/cli '*.*.*' | grep -v "release.\\|weekly." | tail --lines=1 | cut --delimiter='/' --fields=3)"
echo "GH_CLI_VERSION is $GH_CLI_VERSION"
GO_VERSION="$(git -c 'versionsort.suffix=-' ls-remote --exit-code --refs --sort='version:refname' --tags https://github.com/golang/go '*.*.*' | grep -v "release.\|weekly." | tail --lines=1 | cut --delimiter='/' --fields=3)"
echo "GO_VERSION is $GO_VERSION"
# RUNNER_VERSION="$(git -c 'versionsort.suffix=-' ls-remote --exit-code --refs --sort='version:refname' --tags https://github.com/actions/runner '*.*.*' | tail --lines=1 | cut --delimiter='/' --fields=3 | sed 's/v//')"
RUNNER_VERSION='2.321.1'
echo "RUNNER_VERSION is $RUNNER_VERSION"
case $( uname -m ) in
x86_64) PLATFORM=( linux/amd64 );;
aarch64) PLATFORM=( linux/arm/v7 linux/arm64 );;
armv7l|armv8l) PLATFORM=( linux/arm/v7 );;
*) echo "Docker platform to build not determined." && exit 1 ;;
esac
function join_by { local IFS="$1"; shift; echo "$*"; }
BUILD_PLATFORMS="$(join_by , "${PLATFORM[@]}")"
echo "BUILD_PLATFORMS: $BUILD_PLATFORMS"
BUILD_PLATFORM_TAGS="$(for i in "${PLATFORM[@]}" ; do echo " --tag ${REPOSITORY}/chromebrewgithubrunner:latest-${i//\//_} " ; done | tr -d '\n')"
echo "BUILD_PLATFORM_TAGS: $BUILD_PLATFORM_TAGS"
cd "/localnet/chromeos/github/runner"
dangling_images=$(docker images --filter "dangling=true" -q --no-trunc)
[[ -n "$dangling_images" ]] && docker rmi -f $(docker images --filter "dangling=true" -q --no-trunc)docker buildx rm builder
docker buildx create --name builder --driver docker-container --use --driver-opt env.BUILDKIT_STEP_LOG_MAX_SIZE=10485760
docker buildx inspect --bootstrap
buildx_cmdline="env PROGRESS_NO_TRUNC=1 docker buildx build \
--no-cache \
--build-arg GH_CLI_VERSION=${GH_CLI_VERSION} \
--build-arg GO_VERSION=${GO_VERSION} \
--build-arg RUNNER_VERSION=${RUNNER_VERSION} \
--push --platform ${BUILD_PLATFORMS} \
--tag ${REPOSITORY}/chromebrewgithubrunner:${RUNNER_VERSION} \
--tag ${REPOSITORY}/chromebrewgithubrunner:runner-${RUNNER_VERSION} \
--tag ${REPOSITORY}/chromebrewgithubrunner:latest \
${BUILD_PLATFORM_TAGS} \
."
echo "build command is ${buildx_cmdline}"
rm -rf crewrunner-"${PLATFORM//\//_}"-build.log
$buildx_cmdline 2>&1 | tee -a crewrunner-"${PLATFORM//\//_}"-build.log
This is our systemd service file:
# /etc/systemd/system/github-runner.service
[Unit]
Description=Github Actions Runner
Requires=docker.service
After=network.target docker.service
[Service]
Restart=always
User=runner
ExecStartPre=/usr/bin/docker pull satmandu/chromebrewgithubrunner:latest-linux_arm_v7
ExecStart=/home/runner/bin/runner.sh
ExecStop=/usr/bin/docker stop -t 30 runner-linux_arm_v7
[Install]
WantedBy=default.target
This is the script we invoke from that systemd service:
#!/bin/bash
# runner.sh
if [[ -n $GITHUB_ORGANIZATION ]]; then
echo "GITHUB_ORGANIZATION variable not set!"
exit 1
fi
if [[ -n $GITHUB_ACCESS_TOKEN ]]; then
echo "GITHUB_ACCESS_TOKEN variable not set!"
exit 1
fi
case $( uname -m ) in
x86_64) RUN_PLATFORM=( linux/amd64 );;
aarch64) RUN_PLATFORM=( linux/arm/v7 );;
armv7l|armv8l) RUN_PLATFORM=( linux/arm/v7 );;
*) echo "Docker platforms to run not determined." && exit 1 ;;
esac
function join_by { local IFS="$1"; shift; echo "$*"; }
RUN_PLATFORMS="$(join_by , "${RUN_PLATFORM[@]}")"
echo "Runner platforms are: $RUN_PLATFORMS"
for PLATFORM in "${RUN_PLATFORM[@]}"
do
docker pull satmandu/chromebrewgithubrunner:latest-"${PLATFORM//\//_}"
if docker container ls -a | grep -q runner-"${PLATFORM//\//_}"; then
docker container start -a runner-"${PLATFORM//\//_}"
else
docker run \
--privileged \
--init \
-v /var/run/docker.sock:/var/run/docker.sock \
--env ORGANIZATION="$GITHUB_ORGANIZATION" \
--env ACCESS_TOKEN="$GITHUB_ACCESS_TOKEN" \
--env TZ="America/New_York" \
--name runner-"${PLATFORM//\//_}" \
--platform "${PLATFORM}" \
satmandu/chromebrewgithubrunner:latest-"${PLATFORM//\//_}"
fi
done
(It's clearly working for us...)
RUNNER_ARCH is arm
--------------------------------------------------------------------------------
| ____ _ _ _ _ _ _ _ _ |
| / ___(_) |_| | | |_ _| |__ / \ ___| |_(_) ___ _ __ ___ |
| | | _| | __| |_| | | | | '_ \ / _ \ / __| __| |/ _ \| '_ \/ __| |
| | |_| | | |_| _ | |_| | |_) | / ___ \ (__| |_| | (_) | | | \__ \ |
| \____|_|\__|_| |_|\__,_|_.__/ /_/ \_\___|\__|_|\___/|_| |_|___/ |
| |
| Self-hosted runner registration |
| |
--------------------------------------------------------------------------------
Cannot configure the runner because it is already configured. To reconfigure the runner, run 'config.cmd remove' or './config.sh remove' first.
√ Connected to GitHub
Current runner version: '2.321.1'
2024-11-13 21:22:09Z: Listening for Jobs
2024-11-14 03:54:28Z: Running job: container_tests (armv7l, self-hosted)
2024-11-14 03:58:08Z: Job container_tests (armv7l, self-hosted) completed with result: Succeeded
2024-11-14 04:01:24Z: Running job: container_tests (armv7l, self-hosted)
2024-11-14 04:01:36Z: Job container_tests (armv7l, self-hosted) completed with result: Succeeded
2024-11-14 04:04:53Z: Running job: container_tests (armv7l, self-hosted)
2024-11-14 04:05:03Z: Job container_tests (armv7l, self-hosted) completed with result: Succeeded
2024-11-14 12:43:51Z: Running job: container_tests (armv7l, self-hosted)
Thank you for this information. I am also trying to use actions-runner inside a container running ubuntu noble. But the runtime environemt of that container might still use 32 bit time. You think thats a possible cause?
Thank you for this information. I am also trying to use actions-runner inside a container running ubuntu noble. But the runtime environemt of that container might still use 32 bit time. You think thats a possible cause?
That could be a cause.
We're just starting docker, which gives no problems.
This issue seem to continue to happen after 1 year. Why is this still not fixed?
I had this very same problem on a Debian 13 (trixie) armhf (arm-32) container with GitHub '2.329.0'
Please merge https://github.com/actions/runner/pull/3573
I've two Raspberry Pi 4's as runners, one armhf and one arm64, updated them both from Debian bookworm to trixie, the armhf runner no longer connects to GitHub reporting: Runner connect error: The SSL connection could not be established, see inner exception.. Retrying until reconnected. Both are running v2.329.
