Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use @actions/github as a wrapper around octokit in order to support proxies #100

Merged
merged 7 commits into from Jul 10, 2020
Merged

Use @actions/github as a wrapper around octokit in order to support proxies #100

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
0086c2e
use @actions/github
robertbrignull Jul 6, 2020
f77ab09
add sinon types
robertbrignull Jul 7, 2020
07caa0f
pull out mockGetContents method
robertbrignull Jul 7, 2020
13ee335
Merge remote-tracking branch 'origin/main' into github_proxy
robertbrignull Jul 7, 2020
8a6b404
add tests
robertbrignull Jul 9, 2020
b6efd2e
Merge remote-tracking branch 'origin/main' into github_proxy
robertbrignull Jul 9, 2020
ca775cf
remove bypass-proxy test
robertbrignull Jul 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
48 changes: 47 additions & 1 deletion .github/workflows/integration-testing.yml
View file
Open in desktop
Expand Up @@ -93,7 +93,6 @@ jobs:
env:
TEST_MODE: true


multi-language-repo_rubocop:
runs-on: ubuntu-latest

Expand Down Expand Up @@ -124,3 +123,50 @@ jobs:
sarif_file: rubocop.sarif
env:
TEST_MODE: true

test-proxy:
runs-on: ubuntu-latest
container:
image: ubuntu:18.04
options: --dns 127.0.0.1
services:
squid-proxy:
image: datadog/squid:latest
ports:
- 3128:3128
env:
https_proxy: http://squid-proxy:3128
steps:
- uses: actions/checkout@v2
- name: Move codeql-action
shell: bash
run: |
mkdir ../action
mv * .github ../action/
mv ../action/tests/multi-language-repo/{*,.github} .
- uses: ./../action/init
with:
languages: javascript
- uses: ./../action/analyze
env:
TEST_MODE: true

test-bypass-proxy:
runs-on: ubuntu-latest
env:
https_proxy: http://no-such-proxy:3128
no_proxy: api.github.com,github.com,github-production-release-asset-2e65be.s3.amazonaws.com
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if I'm entirely happy with this value having to include github-production-release-asset-2e65be.s3.amazonaws.com. This is a consequence of https://github.com/actions/http-client/blob/master/proxy.ts (which we use for downloading the codeql-bundle) not supporting any form of wildcards, so the domain has to be explicit. Maybe this is fine if this domain is for all of github, but I'm worried about it changing when we update the bundle, or just at random.

The options that I see at the moment are to just not include this test, or to go with this hardcoded value and raise a PR on https://github.com/actions/http-client to improve support there.

@chrisgavin or @tibbes, do you have any thoughts here?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It does seem a little bit dodgy.

Perhaps another option is to use mitmproxy with a script that blocks everything except S3 URLs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After more thought and trying to get this working, I think in fact it's more fair to say that we only partially support no_proxy. As far as I can tell there isn't really a format spec for this, but more a general convention between implementations, and the one we're using seems to be on the minimal side.

I'm going to remove this test and instead open an issue to improve this support and add the test back in.

steps:
- uses: actions/checkout@v2
- name: Move codeql-action
shell: bash
run: |
mkdir ../action
mv * .github ../action/
mv ../action/tests/multi-language-repo/{*,.github} .
- uses: ./../action/init
with:
languages: javascript
- uses: ./../action/analyze
env:
TEST_MODE: true
2 changes: 1 addition & 1 deletion lib/analysis-paths.test.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/analysis-paths.test.js.map
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 7 additions & 8 deletions lib/api-client.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/api-client.js.map
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/codeql.test.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/codeql.test.js.map
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/config-utils.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.