Allow request an insecure gitea server (#18)

When deploy a Gitea server with a self-signed HTTPS certification. Runner will be failed when connect to Gitea server. This PR will fix that to allow ignore the HTTPS certification verification.

Reviewed-on: https://gitea.com/gitea/act_runner/pulls/18
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-committed-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
Lunny Xiao 2023-02-15 16:51:14 +08:00 committed by Jason Song
parent 990cf93c71
commit f1869f70b9
8 changed files with 66 additions and 29 deletions

View file

@ -10,4 +10,5 @@ type Client interface {
pingv1connect.PingServiceClient
runnerv1connect.RunnerServiceClient
Address() string
Insecure() bool
}

View file

@ -1,17 +1,32 @@
package client
import (
"code.gitea.io/actions-proto-go/ping/v1/pingv1connect"
"code.gitea.io/actions-proto-go/runner/v1/runnerv1connect"
"context"
"gitea.com/gitea/act_runner/core"
"github.com/bufbuild/connect-go"
"crypto/tls"
"net/http"
"strings"
"code.gitea.io/actions-proto-go/ping/v1/pingv1connect"
"code.gitea.io/actions-proto-go/runner/v1/runnerv1connect"
"gitea.com/gitea/act_runner/core"
"github.com/bufbuild/connect-go"
)
func getHttpClient(endpoint string, insecure bool) *http.Client {
if strings.HasPrefix(endpoint, "https://") && insecure {
return &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
}
}
return http.DefaultClient
}
// New returns a new runner client.
func New(endpoint string, uuid, token string, opts ...connect.ClientOption) *HTTPClient {
func New(endpoint string, insecure bool, uuid, token string, opts ...connect.ClientOption) *HTTPClient {
baseURL := strings.TrimRight(endpoint, "/") + "/api/actions"
opts = append(opts, connect.WithInterceptors(connect.UnaryInterceptorFunc(func(next connect.UnaryFunc) connect.UnaryFunc {
@ -28,16 +43,17 @@ func New(endpoint string, uuid, token string, opts ...connect.ClientOption) *HTT
return &HTTPClient{
PingServiceClient: pingv1connect.NewPingServiceClient(
http.DefaultClient,
getHttpClient(endpoint, insecure),
baseURL,
opts...,
),
RunnerServiceClient: runnerv1connect.NewRunnerServiceClient(
http.DefaultClient,
getHttpClient(endpoint, insecure),
baseURL,
opts...,
),
endpoint: endpoint,
insecure: insecure,
}
}
@ -45,6 +61,10 @@ func (c *HTTPClient) Address() string {
return c.endpoint
}
func (c *HTTPClient) Insecure() bool {
return c.insecure
}
var _ Client = (*HTTPClient)(nil)
// An HTTPClient manages communication with the runner API.
@ -52,4 +72,5 @@ type HTTPClient struct {
pingv1connect.PingServiceClient
runnerv1connect.RunnerServiceClient
endpoint string
insecure bool
}

View file

@ -38,6 +38,7 @@ func Execute(ctx context.Context) {
}
registerCmd.Flags().BoolVar(&regArgs.NoInteractive, "no-interactive", false, "Disable interactive mode")
registerCmd.Flags().StringVar(&regArgs.InstanceAddr, "instance", "", "Gitea instance address")
registerCmd.Flags().BoolVar(&regArgs.Insecure, "insecure", false, "If check server's certificate if it's https protocol")
registerCmd.Flags().StringVar(&regArgs.Token, "token", "", "Runner token")
registerCmd.Flags().StringVar(&regArgs.RunnerName, "name", "", "Runner name")
registerCmd.Flags().StringVar(&regArgs.Labels, "labels", "", "Runner tags, comma separated")

View file

@ -53,6 +53,7 @@ func runDaemon(ctx context.Context, envFile string) func(cmd *cobra.Command, arg
cli := client.New(
cfg.Client.Address,
cfg.Client.Insecure,
cfg.Runner.UUID,
cfg.Runner.Token,
)

View file

@ -69,6 +69,7 @@ func runRegister(ctx context.Context, regArgs *registerArgs, envFile string) fun
type registerArgs struct {
NoInteractive bool
InstanceAddr string
Insecure bool
Token string
RunnerName string
Labels string
@ -87,17 +88,16 @@ const (
StageExit
)
var (
defaultLabels = []string{
var defaultLabels = []string{
"ubuntu-latest:docker://node:16-bullseye",
"ubuntu-22.04:docker://node:16-bullseye", // There's no node:16-bookworm yet
"ubuntu-20.04:docker://node:16-bullseye",
"ubuntu-18.04:docker://node:16-buster",
}
)
type registerInputs struct {
InstanceAddr string
Insecure bool
Token string
RunnerName string
CustomLabels []string
@ -239,6 +239,7 @@ func registerNoInteractive(envFile string, regArgs *registerArgs) error {
cfg, _ := config.FromEnviron()
inputs := &registerInputs{
InstanceAddr: regArgs.InstanceAddr,
Insecure: regArgs.Insecure,
Token: regArgs.Token,
RunnerName: regArgs.RunnerName,
CustomLabels: defaultLabels,
@ -269,6 +270,7 @@ func doRegister(cfg *config.Config, inputs *registerInputs) error {
// initial http client
cli := client.New(
inputs.InstanceAddr,
inputs.Insecure,
"", "",
)

View file

@ -5,6 +5,7 @@ import (
"io"
"os"
"runtime"
"strconv"
"gitea.com/gitea/act_runner/core"
@ -24,6 +25,7 @@ type (
Client struct {
Address string `ignored:"true"`
Insecure bool
}
Runner struct {
@ -51,7 +53,8 @@ func FromEnviron() (Config, error) {
}
// check runner config exist
if f, err := os.Stat(cfg.Runner.File); err == nil && !f.IsDir() {
f, err := os.Stat(cfg.Runner.File)
if err == nil && !f.IsDir() {
jsonFile, _ := os.Open(cfg.Runner.File)
defer jsonFile.Close()
byteValue, _ := io.ReadAll(jsonFile)
@ -71,6 +74,11 @@ func FromEnviron() (Config, error) {
if runner.Address != "" {
cfg.Client.Address = runner.Address
}
if runner.Insecure != "" {
cfg.Client.Insecure, _ = strconv.ParseBool(runner.Insecure)
}
} else if err != nil {
return cfg, err
}
// runner config

View file

@ -12,5 +12,6 @@ type Runner struct {
Name string `json:"name"`
Token string `json:"token"`
Address string `json:"address"`
Insecure string `json:"insecure"`
Labels []string `json:"labels"`
}

View file

@ -4,6 +4,7 @@ import (
"context"
"encoding/json"
"os"
"strconv"
"strings"
runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
@ -47,6 +48,7 @@ func (p *Register) Register(ctx context.Context, cfg config.Runner) (*core.Runne
Name: resp.Msg.Runner.Name,
Token: resp.Msg.Runner.Token,
Address: p.Client.Address(),
Insecure: strconv.FormatBool(p.Client.Insecure()),
Labels: cfg.Labels,
}