From f1869f70b9798f8ade46f5672a25180a113563e2 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Wed, 15 Feb 2023 16:51:14 +0800 Subject: [PATCH] Allow request an insecure gitea server (#18) When deploy a Gitea server with a self-signed HTTPS certification. Runner will be failed when connect to Gitea server. This PR will fix that to allow ignore the HTTPS certification verification. Reviewed-on: https://gitea.com/gitea/act_runner/pulls/18 Reviewed-by: Jason Song Co-authored-by: Lunny Xiao Co-committed-by: Lunny Xiao --- client/client.go | 1 + client/http.go | 35 ++++++++++++++++++++++++++++------- cmd/cmd.go | 1 + cmd/daemon.go | 1 + cmd/register.go | 18 ++++++++++-------- config/config.go | 12 ++++++++++-- core/runner.go | 13 +++++++------ register/register.go | 14 ++++++++------ 8 files changed, 66 insertions(+), 29 deletions(-) diff --git a/client/client.go b/client/client.go index 8e41864..04b0ae5 100644 --- a/client/client.go +++ b/client/client.go @@ -10,4 +10,5 @@ type Client interface { pingv1connect.PingServiceClient runnerv1connect.RunnerServiceClient Address() string + Insecure() bool } diff --git a/client/http.go b/client/http.go index f551980..2c2d628 100644 --- a/client/http.go +++ b/client/http.go @@ -1,17 +1,32 @@ package client import ( - "code.gitea.io/actions-proto-go/ping/v1/pingv1connect" - "code.gitea.io/actions-proto-go/runner/v1/runnerv1connect" "context" - "gitea.com/gitea/act_runner/core" - "github.com/bufbuild/connect-go" + "crypto/tls" "net/http" "strings" + + "code.gitea.io/actions-proto-go/ping/v1/pingv1connect" + "code.gitea.io/actions-proto-go/runner/v1/runnerv1connect" + "gitea.com/gitea/act_runner/core" + "github.com/bufbuild/connect-go" ) +func getHttpClient(endpoint string, insecure bool) *http.Client { + if strings.HasPrefix(endpoint, "https://") && insecure { + return &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + }, + } + } + return http.DefaultClient +} + // New returns a new runner client. -func New(endpoint string, uuid, token string, opts ...connect.ClientOption) *HTTPClient { +func New(endpoint string, insecure bool, uuid, token string, opts ...connect.ClientOption) *HTTPClient { baseURL := strings.TrimRight(endpoint, "/") + "/api/actions" opts = append(opts, connect.WithInterceptors(connect.UnaryInterceptorFunc(func(next connect.UnaryFunc) connect.UnaryFunc { @@ -28,16 +43,17 @@ func New(endpoint string, uuid, token string, opts ...connect.ClientOption) *HTT return &HTTPClient{ PingServiceClient: pingv1connect.NewPingServiceClient( - http.DefaultClient, + getHttpClient(endpoint, insecure), baseURL, opts..., ), RunnerServiceClient: runnerv1connect.NewRunnerServiceClient( - http.DefaultClient, + getHttpClient(endpoint, insecure), baseURL, opts..., ), endpoint: endpoint, + insecure: insecure, } } @@ -45,6 +61,10 @@ func (c *HTTPClient) Address() string { return c.endpoint } +func (c *HTTPClient) Insecure() bool { + return c.insecure +} + var _ Client = (*HTTPClient)(nil) // An HTTPClient manages communication with the runner API. @@ -52,4 +72,5 @@ type HTTPClient struct { pingv1connect.PingServiceClient runnerv1connect.RunnerServiceClient endpoint string + insecure bool } diff --git a/cmd/cmd.go b/cmd/cmd.go index 1a42b34..278a0df 100644 --- a/cmd/cmd.go +++ b/cmd/cmd.go @@ -38,6 +38,7 @@ func Execute(ctx context.Context) { } registerCmd.Flags().BoolVar(®Args.NoInteractive, "no-interactive", false, "Disable interactive mode") registerCmd.Flags().StringVar(®Args.InstanceAddr, "instance", "", "Gitea instance address") + registerCmd.Flags().BoolVar(®Args.Insecure, "insecure", false, "If check server's certificate if it's https protocol") registerCmd.Flags().StringVar(®Args.Token, "token", "", "Runner token") registerCmd.Flags().StringVar(®Args.RunnerName, "name", "", "Runner name") registerCmd.Flags().StringVar(®Args.Labels, "labels", "", "Runner tags, comma separated") diff --git a/cmd/daemon.go b/cmd/daemon.go index fe0c40e..46d78ad 100644 --- a/cmd/daemon.go +++ b/cmd/daemon.go @@ -53,6 +53,7 @@ func runDaemon(ctx context.Context, envFile string) func(cmd *cobra.Command, arg cli := client.New( cfg.Client.Address, + cfg.Client.Insecure, cfg.Runner.UUID, cfg.Runner.Token, ) diff --git a/cmd/register.go b/cmd/register.go index 56d8a0f..8990f0f 100644 --- a/cmd/register.go +++ b/cmd/register.go @@ -69,6 +69,7 @@ func runRegister(ctx context.Context, regArgs *registerArgs, envFile string) fun type registerArgs struct { NoInteractive bool InstanceAddr string + Insecure bool Token string RunnerName string Labels string @@ -87,17 +88,16 @@ const ( StageExit ) -var ( - defaultLabels = []string{ - "ubuntu-latest:docker://node:16-bullseye", - "ubuntu-22.04:docker://node:16-bullseye", // There's no node:16-bookworm yet - "ubuntu-20.04:docker://node:16-bullseye", - "ubuntu-18.04:docker://node:16-buster", - } -) +var defaultLabels = []string{ + "ubuntu-latest:docker://node:16-bullseye", + "ubuntu-22.04:docker://node:16-bullseye", // There's no node:16-bookworm yet + "ubuntu-20.04:docker://node:16-bullseye", + "ubuntu-18.04:docker://node:16-buster", +} type registerInputs struct { InstanceAddr string + Insecure bool Token string RunnerName string CustomLabels []string @@ -239,6 +239,7 @@ func registerNoInteractive(envFile string, regArgs *registerArgs) error { cfg, _ := config.FromEnviron() inputs := ®isterInputs{ InstanceAddr: regArgs.InstanceAddr, + Insecure: regArgs.Insecure, Token: regArgs.Token, RunnerName: regArgs.RunnerName, CustomLabels: defaultLabels, @@ -269,6 +270,7 @@ func doRegister(cfg *config.Config, inputs *registerInputs) error { // initial http client cli := client.New( inputs.InstanceAddr, + inputs.Insecure, "", "", ) diff --git a/config/config.go b/config/config.go index f0fc2eb..53a4cf1 100644 --- a/config/config.go +++ b/config/config.go @@ -5,6 +5,7 @@ import ( "io" "os" "runtime" + "strconv" "gitea.com/gitea/act_runner/core" @@ -23,7 +24,8 @@ type ( } Client struct { - Address string `ignored:"true"` + Address string `ignored:"true"` + Insecure bool } Runner struct { @@ -51,7 +53,8 @@ func FromEnviron() (Config, error) { } // check runner config exist - if f, err := os.Stat(cfg.Runner.File); err == nil && !f.IsDir() { + f, err := os.Stat(cfg.Runner.File) + if err == nil && !f.IsDir() { jsonFile, _ := os.Open(cfg.Runner.File) defer jsonFile.Close() byteValue, _ := io.ReadAll(jsonFile) @@ -71,6 +74,11 @@ func FromEnviron() (Config, error) { if runner.Address != "" { cfg.Client.Address = runner.Address } + if runner.Insecure != "" { + cfg.Client.Insecure, _ = strconv.ParseBool(runner.Insecure) + } + } else if err != nil { + return cfg, err } // runner config diff --git a/core/runner.go b/core/runner.go index 6ae15dc..da58835 100644 --- a/core/runner.go +++ b/core/runner.go @@ -7,10 +7,11 @@ const ( // Runner struct type Runner struct { - ID int64 `json:"id"` - UUID string `json:"uuid"` - Name string `json:"name"` - Token string `json:"token"` - Address string `json:"address"` - Labels []string `json:"labels"` + ID int64 `json:"id"` + UUID string `json:"uuid"` + Name string `json:"name"` + Token string `json:"token"` + Address string `json:"address"` + Insecure string `json:"insecure"` + Labels []string `json:"labels"` } diff --git a/register/register.go b/register/register.go index 49dd3e0..3c5e7d1 100644 --- a/register/register.go +++ b/register/register.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "os" + "strconv" "strings" runnerv1 "code.gitea.io/actions-proto-go/runner/v1" @@ -42,12 +43,13 @@ func (p *Register) Register(ctx context.Context, cfg config.Runner) (*core.Runne } data := &core.Runner{ - ID: resp.Msg.Runner.Id, - UUID: resp.Msg.Runner.Uuid, - Name: resp.Msg.Runner.Name, - Token: resp.Msg.Runner.Token, - Address: p.Client.Address(), - Labels: cfg.Labels, + ID: resp.Msg.Runner.Id, + UUID: resp.Msg.Runner.Uuid, + Name: resp.Msg.Runner.Name, + Token: resp.Msg.Runner.Token, + Address: p.Client.Address(), + Insecure: strconv.FormatBool(p.Client.Insecure()), + Labels: cfg.Labels, } file, err := json.MarshalIndent(data, "", " ")