From c2372adde3983bf91138ef1a3e8389b0d078e735 Mon Sep 17 00:00:00 2001 From: lyon Date: Mon, 15 Jun 2026 12:35:09 +0800 Subject: [PATCH] fix: allow runner egress proxy override --- src/runner/k8s-job.ts | 48 +++++++++++++++++++++++++++++++++---------- 1 file changed, 37 insertions(+), 11 deletions(-) diff --git a/src/runner/k8s-job.ts b/src/runner/k8s-job.ts index 4bca254..5d1d8f9 100644 --- a/src/runner/k8s-job.ts +++ b/src/runner/k8s-job.ts @@ -7,8 +7,8 @@ import { gitTransportSummary, runnerGitTransportEnvVars } from "../common/git-tr const defaultBootRepoUrl = "http://git-mirror-http.devops-infra.svc.cluster.local/pikasTech/agentrun.git"; const defaultResourceBinPath = "/usr/local/bin"; const defaultCodexShellSandbox = "danger-full-access"; -const defaultRunnerEgressProxyUrl = "http://g14-provider-egress-proxy.unidesk.svc.cluster.local:18789"; -const defaultRunnerNoProxy = [ +const fallbackRunnerEgressProxyUrl = "http://g14-provider-egress-proxy.unidesk.svc.cluster.local:18789"; +const defaultRunnerNoProxyItems = [ "localhost", "127.0.0.1", "::1", @@ -36,7 +36,7 @@ const defaultRunnerNoProxy = [ "10.43.0.0/16", ".svc", ".cluster.local", -].join(","); +]; export interface RunnerJobRenderOptions { run: RunRecord; @@ -331,18 +331,44 @@ function transientEnvVars(items: RunnerTransientEnv[]): JsonRecord[] { } function runnerEgressProxyEnvVars(): JsonRecord[] { + const proxyUrl = runnerEgressProxyUrl(process.env); + const noProxy = runnerNoProxy(process.env, proxyUrl); return [ - { name: "HTTP_PROXY", value: defaultRunnerEgressProxyUrl }, - { name: "HTTPS_PROXY", value: defaultRunnerEgressProxyUrl }, - { name: "ALL_PROXY", value: defaultRunnerEgressProxyUrl }, - { name: "NO_PROXY", value: defaultRunnerNoProxy }, - { name: "http_proxy", value: defaultRunnerEgressProxyUrl }, - { name: "https_proxy", value: defaultRunnerEgressProxyUrl }, - { name: "all_proxy", value: defaultRunnerEgressProxyUrl }, - { name: "no_proxy", value: defaultRunnerNoProxy }, + { name: "HTTP_PROXY", value: proxyUrl }, + { name: "HTTPS_PROXY", value: proxyUrl }, + { name: "ALL_PROXY", value: proxyUrl }, + { name: "NO_PROXY", value: noProxy }, + { name: "http_proxy", value: proxyUrl }, + { name: "https_proxy", value: proxyUrl }, + { name: "all_proxy", value: proxyUrl }, + { name: "no_proxy", value: noProxy }, ]; } +function runnerEgressProxyUrl(env: NodeJS.ProcessEnv): string { + const value = env.AGENTRUN_RUNNER_EGRESS_PROXY_URL?.trim(); + return value && value.length > 0 ? value : fallbackRunnerEgressProxyUrl; +} + +function runnerNoProxy(env: NodeJS.ProcessEnv, proxyUrl: string): string { + const items = new Set(defaultRunnerNoProxyItems); + const proxyHost = hostFromUrl(proxyUrl); + if (proxyHost) items.add(proxyHost); + for (const item of (env.AGENTRUN_RUNNER_NO_PROXY_EXTRA ?? "").split(",")) { + const value = item.trim(); + if (value.length > 0) items.add(value); + } + return [...items].join(","); +} + +function hostFromUrl(value: string): string | null { + try { + return new URL(value).hostname || null; + } catch { + return null; + } +} + function dedupeEnvVars(items: JsonRecord[]): JsonRecord[] { const order: string[] = []; const byName = new Map();