fix runner GitHub egress proxy defaults
This commit is contained in:
@@ -7,11 +7,6 @@ export const defaultGitLowSpeedTimeSeconds = 15;
|
|||||||
export const defaultGitHttpVersion = "HTTP/1.1";
|
export const defaultGitHttpVersion = "HTTP/1.1";
|
||||||
|
|
||||||
export const defaultGitDirectHosts = Object.freeze([
|
export const defaultGitDirectHosts = Object.freeze([
|
||||||
"github.com",
|
|
||||||
"api.github.com",
|
|
||||||
"codeload.github.com",
|
|
||||||
"objects.githubusercontent.com",
|
|
||||||
"raw.githubusercontent.com",
|
|
||||||
"registry.npmjs.org",
|
"registry.npmjs.org",
|
||||||
"registry.npmmirror.com",
|
"registry.npmmirror.com",
|
||||||
]);
|
]);
|
||||||
|
|||||||
@@ -24,11 +24,6 @@ const defaultRunnerNoProxy = [
|
|||||||
"g14-provider-egress-proxy.unidesk",
|
"g14-provider-egress-proxy.unidesk",
|
||||||
"g14-provider-egress-proxy.unidesk.svc",
|
"g14-provider-egress-proxy.unidesk.svc",
|
||||||
"g14-provider-egress-proxy.unidesk.svc.cluster.local",
|
"g14-provider-egress-proxy.unidesk.svc.cluster.local",
|
||||||
"github.com",
|
|
||||||
"api.github.com",
|
|
||||||
"codeload.github.com",
|
|
||||||
"objects.githubusercontent.com",
|
|
||||||
"raw.githubusercontent.com",
|
|
||||||
"registry.npmjs.org",
|
"registry.npmjs.org",
|
||||||
"registry.npmmirror.com",
|
"registry.npmmirror.com",
|
||||||
"g14-tcp-egress-gateway",
|
"g14-tcp-egress-gateway",
|
||||||
|
|||||||
@@ -362,6 +362,8 @@ function assertRunnerJobUsesG14EgressProxy(manifest: JsonRecord): void {
|
|||||||
assert.ok(noProxy.includes("hyueapi.com"), "NO_PROXY must keep hyueapi.com direct");
|
assert.ok(noProxy.includes("hyueapi.com"), "NO_PROXY must keep hyueapi.com direct");
|
||||||
assert.ok(noProxy.includes(".hyueapi.com"), "NO_PROXY must keep .hyueapi.com direct");
|
assert.ok(noProxy.includes(".hyueapi.com"), "NO_PROXY must keep .hyueapi.com direct");
|
||||||
assert.ok(noProxy.includes("g14-provider-egress-proxy.unidesk.svc.cluster.local"), "NO_PROXY must include the proxy Service itself");
|
assert.ok(noProxy.includes("g14-provider-egress-proxy.unidesk.svc.cluster.local"), "NO_PROXY must include the proxy Service itself");
|
||||||
|
assert.equal(noProxy.includes("github.com"), false, "GitHub HTTPS traffic must use the configured runner egress proxy");
|
||||||
|
assert.equal(noProxy.includes("codeload.github.com"), false, "codeload downloads must use the configured runner egress proxy");
|
||||||
assert.ok(noProxy.includes("registry.npmjs.org"), "NO_PROXY must keep registry.npmjs.org direct");
|
assert.ok(noProxy.includes("registry.npmjs.org"), "NO_PROXY must keep registry.npmjs.org direct");
|
||||||
assert.ok(noProxy.includes("registry.npmmirror.com"), "NO_PROXY must keep registry.npmmirror.com direct");
|
assert.ok(noProxy.includes("registry.npmmirror.com"), "NO_PROXY must keep registry.npmmirror.com direct");
|
||||||
assert.ok(noProxy.includes(".svc"), "NO_PROXY must include Kubernetes Service domains");
|
assert.ok(noProxy.includes(".svc"), "NO_PROXY must include Kubernetes Service domains");
|
||||||
@@ -376,8 +378,9 @@ function assertRunnerJobUsesBoundedGitTransport(rendered: JsonRecord): void {
|
|||||||
assert.equal(runnerEnvValue(manifest, "AGENTRUN_GIT_DEFAULT_TIMEOUT_MS"), "60000");
|
assert.equal(runnerEnvValue(manifest, "AGENTRUN_GIT_DEFAULT_TIMEOUT_MS"), "60000");
|
||||||
assert.equal(runnerEnvValue(manifest, "AGENTRUN_GIT_CREDENTIAL_HELPER"), "gh-auth-setup-git");
|
assert.equal(runnerEnvValue(manifest, "AGENTRUN_GIT_CREDENTIAL_HELPER"), "gh-auth-setup-git");
|
||||||
const directHosts = String(runnerEnvValue(manifest, "AGENTRUN_GIT_DIRECT_HOSTS"));
|
const directHosts = String(runnerEnvValue(manifest, "AGENTRUN_GIT_DIRECT_HOSTS"));
|
||||||
assert.ok(directHosts.includes("github.com"), "GitHub HTTPS transport should be eligible for direct fallback");
|
assert.equal(directHosts.includes("github.com"), false, "GitHub HTTPS transport should use the runner egress proxy by default");
|
||||||
assert.ok(directHosts.includes("codeload.github.com"), "codeload downloads should be eligible for direct fallback");
|
assert.equal(directHosts.includes("codeload.github.com"), false, "codeload downloads should use the runner egress proxy by default");
|
||||||
|
assert.ok(directHosts.includes("registry.npmjs.org"), "registry.npmjs.org remains eligible for direct fallback");
|
||||||
const summary = rendered.gitTransport as JsonRecord;
|
const summary = rendered.gitTransport as JsonRecord;
|
||||||
assert.equal(summary.valuesPrinted, false);
|
assert.equal(summary.valuesPrinted, false);
|
||||||
assert.equal(summary.terminalPrompt, false);
|
assert.equal(summary.terminalPrompt, false);
|
||||||
|
|||||||
+1
-1
@@ -10,7 +10,7 @@ const defaultConnectTimeoutSeconds = Number(process.env.AGENTRUN_GIT_CONNECT_TIM
|
|||||||
const defaultLowSpeedLimit = Number(process.env.GIT_HTTP_LOW_SPEED_LIMIT || 1_024);
|
const defaultLowSpeedLimit = Number(process.env.GIT_HTTP_LOW_SPEED_LIMIT || 1_024);
|
||||||
const defaultLowSpeedTime = Number(process.env.GIT_HTTP_LOW_SPEED_TIME || 15);
|
const defaultLowSpeedTime = Number(process.env.GIT_HTTP_LOW_SPEED_TIME || 15);
|
||||||
const defaultHttpVersion = process.env.AGENTRUN_GIT_HTTP_VERSION || process.env.GIT_HTTP_VERSION || "HTTP/1.1";
|
const defaultHttpVersion = process.env.AGENTRUN_GIT_HTTP_VERSION || process.env.GIT_HTTP_VERSION || "HTTP/1.1";
|
||||||
const defaultDirectHosts = ["github.com", "api.github.com", "codeload.github.com", "objects.githubusercontent.com", "raw.githubusercontent.com", "registry.npmjs.org", "registry.npmmirror.com"];
|
const defaultDirectHosts = ["registry.npmjs.org", "registry.npmmirror.com"];
|
||||||
|
|
||||||
function help() {
|
function help() {
|
||||||
return {
|
return {
|
||||||
|
|||||||
Reference in New Issue
Block a user