[actions/checkout@v4] 404 Error on downloading tarball

f00 commented

2023-10-05 21:49:18 +00:00

I am using this simple workflow:

on: [push]
jobs:
  example:
    runs-on: docker
    steps:
      - uses: actions/checkout@v4

... with the following runner config:

# cat .runner 
{
  "WARNING": "This file is automatically generated by act-runner. Do not edit it manually unless you know what you are doing. Removing this file will cause act runner to re-register as a new runner.",
  "id": 25,
  "uuid": "xxx",
  "name": "okorunner",
  "token": "xxx",
  "address": "https://git.okoyono.de",
  "labels": [
    "docker:docker://node:16-bullseye-slim",
    "self-hosted"
  ]
}

This workflow failed. The relevant log entries:

gitokoyonode-runner-1   | [/ls]   | Downloading the archive
gitokoyonode-forgejo-1  | 2023/10/05 23:37:52 ...eb/routing/logger.go:102:func1() [I] router: completed GET /api/v3/repos/okoyono-intern/spaceapi/tarball/63156e573780ccfec64ffd1c29bdc48cf4037cac for 172.31.0.1:34674, 404 Not Found in 7.2ms @ web/goget.go:20(web.goGet)
gitokoyonode-runner-1   | [/ls]   | Not found.

It look like the runner tried to download a tarball, but this is not github, this is my forgejo instance (which does not have such an endpoint)

The repository is set to private
Runner and forgejo is running as docker containers with a docker-compose file
forgejo is started with the env variable FORGEJO__actions__DEFAULT_ACTIONS_URL=https://code.forgejo.org and FORGEJO__actions__ENABLED=true

I am using this simple workflow: ``` on: [push] jobs: example: runs-on: docker steps: - uses: actions/checkout@v4 ``` ... with the following runner config: ``` # cat .runner { "WARNING": "This file is automatically generated by act-runner. Do not edit it manually unless you know what you are doing. Removing this file will cause act runner to re-register as a new runner.", "id": 25, "uuid": "xxx", "name": "okorunner", "token": "xxx", "address": "https://git.okoyono.de", "labels": [ "docker:docker://node:16-bullseye-slim", "self-hosted" ] } ``` This workflow failed. The relevant log entries: ``` gitokoyonode-runner-1 | [/ls] | Downloading the archive gitokoyonode-forgejo-1 | 2023/10/05 23:37:52 ...eb/routing/logger.go:102:func1() [I] router: completed GET /api/v3/repos/okoyono-intern/spaceapi/tarball/63156e573780ccfec64ffd1c29bdc48cf4037cac for 172.31.0.1:34674, 404 Not Found in 7.2ms @ web/goget.go:20(web.goGet) gitokoyonode-runner-1 | [/ls] | Not found. ``` It look like the runner tried to download a tarball, but this is not github, this is my forgejo instance (which does not have such an endpoint) * The repository is set to private * Runner and forgejo is running as docker containers with a docker-compose file * forgejo is started with the env variable ```FORGEJO__actions__DEFAULT_ACTIONS_URL=https://code.forgejo.org``` and ```FORGEJO__actions__ENABLED=true```

earl-warren commented

2023-10-05 22:45:12 +00:00

Owner

Does it work if the repository is public? There is a test that verifies v4 works here https://code.forgejo.org/actions/setup-forgejo/src/branch/main/testdata/example-checkout/.forgejo/workflows/v4.yml and it runs in the CI. So... it's not completely broken 😅

Do you confirm using 3.0.1?

Does it work if the repository is public? There is a test that verifies v4 works here https://code.forgejo.org/actions/setup-forgejo/src/branch/main/testdata/example-checkout/.forgejo/workflows/v4.yml and it runs in the CI. So... it's not completely broken 😅 Do you confirm using 3.0.1?

f00 commented

2023-10-06 06:05:26 +00:00

Author

Makes no difference when I set the repo to public
Yes, I run version 3.0.1

Please correct me if I'am wrong: The actions/checkout action is a 1:1 mirror from github.com/actions/checkout without any modifications. The github actions/checkout makes use of some very GitHub specific features (API-Endpoints and so on). How does that action even work on a Forgejo instance? Are there any magic configuration flags I oversee here?

Here are my setup (striped down to the important parts):

docker-compose.yaml

version: "3"

services:
  forgejo:
    privileged: true
    image: codeberg.org/forgejo/forgejo:1.20.4-1
    restart: always
    ports:
      - 127.0.0.1:3000:3000
      - 0.0.0.0:222:22
    environment:
      - FORGEJO__actions__ENABLED=true
      - FORGEJO__actions__DEFAULT_ACTIONS_URL=https://code.forgejo.org
    extra_hosts:
      - "host.docker.internal:host-gateway"

  runner:
    build: ./runner/
    depends_on:
      - forgejo
    volumes:
      - /:/host
      - /var/run/docker.sock:/var/run/docker.sock
      - type: bind
        source: ./runner/.runner
        target: /build/.runner
    environment:
      - GITEA_DEBUG=true
      - GITEA_TRACE=true
      - FORGEJO_RUNNER_FILE=.runner
      - INSTANCE=https://git.okoyono.de
      - TOKEN=xxx
      - REGISTER_RUNNER=false

runner/Dockerfile

FROM golang:1.21-bullseye

WORKDIR /build
RUN apt-get install openssl git make
RUN git clone https://code.forgejo.org/forgejo/runner.git .
RUN git checkout v3.0.1
RUN make build

COPY ./entrypoint.sh /build/entrypoint.sh
RUN chmod +x /build/entrypoint.sh

CMD ["./entrypoint.sh"]

runner/entrypoint.sh

#!/usr/bin/env bash

cd /build

if [[ $REGISTER_RUNNER == "true" ]]; then
	echo "Register the runner"
	./forgejo-runner register \
		--name okorunner \
		--no-interactive \
		--instance "$INSTANCE" \
		--token "$TOKEN" \
		--labels "docker:docker://node:16-bullseye-slim,self-hosted"
fi

./forgejo-runner daemon

runner/.runner

{
  "WARNING": "This file is automatically generated by act-runner. Do not edit it manually unless you know what you are doing. Removing this file will cause act runner to re-register as a new runner.",
  "id": 25,
  "uuid": "xxx",
  "name": "okorunner",
  "token": "xxx",
  "address": "https://git.okoyono.de",
  "labels": [
    "docker:docker://node:16-bullseye-slim",
    "self-hosted"
  ]
}

* Makes no difference when I set the repo to public * Yes, I run version 3.0.1 Please correct me if I'am wrong: The [actions/checkout](https://code.forgejo.org/actions/checkout) action is a 1:1 mirror from [github.com/actions/checkout](https://github.com/actions/checkout) without any modifications. The github actions/checkout makes use of some very GitHub specific features (API-Endpoints and so on). How does that action even work on a Forgejo instance? Are there any magic configuration flags I oversee here? Here are my setup (striped down to the important parts): docker-compose.yaml ``` version: "3" services: forgejo: privileged: true image: codeberg.org/forgejo/forgejo:1.20.4-1 restart: always ports: - 127.0.0.1:3000:3000 - 0.0.0.0:222:22 environment: - FORGEJO__actions__ENABLED=true - FORGEJO__actions__DEFAULT_ACTIONS_URL=https://code.forgejo.org extra_hosts: - "host.docker.internal:host-gateway" runner: build: ./runner/ depends_on: - forgejo volumes: - /:/host - /var/run/docker.sock:/var/run/docker.sock - type: bind source: ./runner/.runner target: /build/.runner environment: - GITEA_DEBUG=true - GITEA_TRACE=true - FORGEJO_RUNNER_FILE=.runner - INSTANCE=https://git.okoyono.de - TOKEN=xxx - REGISTER_RUNNER=false ``` runner/Dockerfile ``` FROM golang:1.21-bullseye WORKDIR /build RUN apt-get install openssl git make RUN git clone https://code.forgejo.org/forgejo/runner.git . RUN git checkout v3.0.1 RUN make build COPY ./entrypoint.sh /build/entrypoint.sh RUN chmod +x /build/entrypoint.sh CMD ["./entrypoint.sh"] ``` runner/entrypoint.sh ``` #!/usr/bin/env bash cd /build if [[ $REGISTER_RUNNER == "true" ]]; then echo "Register the runner" ./forgejo-runner register \ --name okorunner \ --no-interactive \ --instance "$INSTANCE" \ --token "$TOKEN" \ --labels "docker:docker://node:16-bullseye-slim,self-hosted" fi ./forgejo-runner daemon ``` runner/.runner ``` { "WARNING": "This file is automatically generated by act-runner. Do not edit it manually unless you know what you are doing. Removing this file will cause act runner to re-register as a new runner.", "id": 25, "uuid": "xxx", "name": "okorunner", "token": "xxx", "address": "https://git.okoyono.de", "labels": [ "docker:docker://node:16-bullseye-slim", "self-hosted" ] } ```

earl-warren commented

2023-10-06 06:39:08 +00:00

Owner

Please correct me if I'am wrong: The actions/checkout action is a 1:1 mirror from github.com/actions/checkout without any modifications.

Yes. You can even verify that with the sha.

To get a baseline that work based on docker-compose can you try to run the provided example locally? If that works and it fails when you add the above workflow, there is a bug on Forgejo's side and I'll work on it.

> Please correct me if I'am wrong: The actions/checkout action is a 1:1 mirror from github.com/actions/checkout without any modifications. Yes. You can even verify that with the sha. To get a baseline that work based on docker-compose can you try to run [the provided example](https://code.forgejo.org/forgejo/runner/src/branch/main/examples/docker-compose) locally? If that works and it fails when you add the above workflow, there is a bug on Forgejo's side and I'll work on it.

f00 commented

2023-10-06 08:04:14 +00:00

Author

I can not run the docker-in-docker on my hostsytem (AlpineLinux), because it depends heavily on iptables (I use nftables). Mounting the docker socket in the container so the container can use docker from the hostsystem works fine and I think this is not the problem here.

I replaced my own Dockerfile to build/run forgejo/runner with the provided image. This is the runner configured in docker-compose.yml now:

...
  runner:
    image: code.forgejo.org/forgejo/runner:3.0.1
    links:
      - forgejo
    user: 0:0
    command: >-
      bash -c '
      sleep 3;
      forgejo-runner --config config.yml daemon;
      '
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./runner/data:/data
    environment:
      - INSTANCE=http://forgejo:3000

To be safe, I wiped all the docker cache on the hostsystem (docker system prune -a).

But the problem remains the same:

gitokoyonode-runner-1   | time="2023-10-06T08:01:43Z" level=trace msg="Downloading the archive\n" dryrun=false job=/ls jobID=ls matrix="map[]" raw_output=true stage=Main step=actions/checkout@v3 stepID="[0]" stepNumber=0
gitokoyonode-runner-1   | [/ls]   | Downloading the archive
gitokoyonode-forgejo-1  | 2023/10/06 10:01:43 ...eb/routing/logger.go:102:func1() [I] router: completed GET /api/v3/repos/okoyono-intern/spaceapi/tarball/8e7b98bf073a2c73c8c95ae5277308fb465691d0 for 192.168.224.1:55540, 404 Not Found in 10.5ms @ web/goget.go:20(web.goGet)
gitokoyonode-runner-1   | time="2023-10-06T08:01:43Z" level=trace msg="Not found.\n" dryrun=false job=/ls jobID=ls matrix="map[]" raw_output=true stage=Main step=actions/checkout@v3 stepID="[0]" stepNumber=0
gitokoyonode-runner-1   | [/ls]   | Not found.
gitokoyonode-runner-1   | time="2023-10-06T08:01:43Z" level=trace msg="\n" dryrun=false job=/ls jobID=ls matrix="map[]" raw_output=true stage=Main step=actions/checkout@v3 stepID="[0]" stepNumber=0
gitokoyonode-runner-1   | [/ls]   | 
gitokoyonode-runner-1   | time="2023-10-06T08:01:43Z" level=trace msg="Waiting 16 seconds before trying again\n" dryrun=false job=/ls jobID=ls matrix="map[]" raw_output=true stage=Main step=actions/checkout@v3 stepID="[0]" stepNumber=0
gitokoyonode-runner-1   | [/ls]   | Waiting 16 seconds before trying again
g

I can not run the docker-in-docker on my hostsytem (AlpineLinux), because it depends heavily on iptables (I use nftables). Mounting the docker socket in the container so the container can use docker from the hostsystem works fine and I think this is not the problem here. I replaced my own Dockerfile to build/run forgejo/runner with the provided image. This is the runner configured in docker-compose.yml now: ``` ... runner: image: code.forgejo.org/forgejo/runner:3.0.1 links: - forgejo user: 0:0 command: >- bash -c ' sleep 3; forgejo-runner --config config.yml daemon; ' volumes: - /var/run/docker.sock:/var/run/docker.sock - ./runner/data:/data environment: - INSTANCE=http://forgejo:3000 ``` To be safe, I wiped all the docker cache on the hostsystem (```docker system prune -a```). But the problem remains the same: ``` gitokoyonode-runner-1 | time="2023-10-06T08:01:43Z" level=trace msg="Downloading the archive\n" dryrun=false job=/ls jobID=ls matrix="map[]" raw_output=true stage=Main step=actions/checkout@v3 stepID="[0]" stepNumber=0 gitokoyonode-runner-1 | [/ls] | Downloading the archive gitokoyonode-forgejo-1 | 2023/10/06 10:01:43 ...eb/routing/logger.go:102:func1() [I] router: completed GET /api/v3/repos/okoyono-intern/spaceapi/tarball/8e7b98bf073a2c73c8c95ae5277308fb465691d0 for 192.168.224.1:55540, 404 Not Found in 10.5ms @ web/goget.go:20(web.goGet) gitokoyonode-runner-1 | time="2023-10-06T08:01:43Z" level=trace msg="Not found.\n" dryrun=false job=/ls jobID=ls matrix="map[]" raw_output=true stage=Main step=actions/checkout@v3 stepID="[0]" stepNumber=0 gitokoyonode-runner-1 | [/ls] | Not found. gitokoyonode-runner-1 | time="2023-10-06T08:01:43Z" level=trace msg="\n" dryrun=false job=/ls jobID=ls matrix="map[]" raw_output=true stage=Main step=actions/checkout@v3 stepID="[0]" stepNumber=0 gitokoyonode-runner-1 | [/ls] | gitokoyonode-runner-1 | time="2023-10-06T08:01:43Z" level=trace msg="Waiting 16 seconds before trying again\n" dryrun=false job=/ls jobID=ls matrix="map[]" raw_output=true stage=Main step=actions/checkout@v3 stepID="[0]" stepNumber=0 gitokoyonode-runner-1 | [/ls] | Waiting 16 seconds before trying again g ```

earl-warren referenced this issue

2023-10-06 14:24:43 +00:00

examples/docker-compose: network: host is required #90

earl-warren commented

2023-10-06 14:46:15 +00:00

Owner

I took a hard look at the docker compose example and found one problem preventing checkout (v3 or v4) from working. Which made the example much less useful really. #90 fixes that. However the symptoms are verify different from what you're experiencing and that does not help I'm afraid. Or does it?

I took a hard look at the docker compose example and found one problem preventing checkout (v3 or v4) from working. Which made the example much less useful really. https://code.forgejo.org/forgejo/runner/pulls/90 fixes that. However the symptoms are verify different from what you're experiencing and that does not help I'm afraid. Or does it?

f00 commented

2023-10-06 19:35:32 +00:00

Author

Thank you for looking into it.

I also did a deep-dive into the actions/checkout package and found out, that if the git binary is not available, a fallback is triggered, which then try to download the tarball over the Github API instead 🙈 My problem was that I used the node:16-bullseye-slim image -- which do /not/ contain the git binary. Installing git as a step before the actions/checkout action solved my problem 🥳

Thank you for looking into it. I also did a deep-dive into the actions/checkout package and found out, that if the git binary is not available, a fallback is triggered, which then try to download the tarball over the Github API instead 🙈 My problem was that I used the ```node:16-bullseye-slim``` image -- which do /not/ contain the git binary. Installing git as a step before the actions/checkout action solved my problem 🥳

😆 2