Merge pull request #178 from pikasTech/fix/issue118-runner-egress-proxy

fix: 让 GitHub 下载走 runner egress proxy
This commit is contained in:
Lyon
2026-06-12 05:15:00 +08:00
committed by GitHub
4 changed files with 6 additions and 13 deletions
-5
View File
@@ -7,11 +7,6 @@ export const defaultGitLowSpeedTimeSeconds = 15;
export const defaultGitHttpVersion = "HTTP/1.1";
export const defaultGitDirectHosts = Object.freeze([
"github.com",
"api.github.com",
"codeload.github.com",
"objects.githubusercontent.com",
"raw.githubusercontent.com",
"registry.npmjs.org",
"registry.npmmirror.com",
]);
-5
View File
@@ -24,11 +24,6 @@ const defaultRunnerNoProxy = [
"g14-provider-egress-proxy.unidesk",
"g14-provider-egress-proxy.unidesk.svc",
"g14-provider-egress-proxy.unidesk.svc.cluster.local",
"github.com",
"api.github.com",
"codeload.github.com",
"objects.githubusercontent.com",
"raw.githubusercontent.com",
"registry.npmjs.org",
"registry.npmmirror.com",
"g14-tcp-egress-gateway",
+5 -2
View File
@@ -362,6 +362,8 @@ function assertRunnerJobUsesG14EgressProxy(manifest: JsonRecord): void {
assert.ok(noProxy.includes("hyueapi.com"), "NO_PROXY must keep hyueapi.com direct");
assert.ok(noProxy.includes(".hyueapi.com"), "NO_PROXY must keep .hyueapi.com direct");
assert.ok(noProxy.includes("g14-provider-egress-proxy.unidesk.svc.cluster.local"), "NO_PROXY must include the proxy Service itself");
assert.equal(noProxy.includes("github.com"), false, "GitHub HTTPS traffic must use the configured runner egress proxy");
assert.equal(noProxy.includes("codeload.github.com"), false, "codeload downloads must use the configured runner egress proxy");
assert.ok(noProxy.includes("registry.npmjs.org"), "NO_PROXY must keep registry.npmjs.org direct");
assert.ok(noProxy.includes("registry.npmmirror.com"), "NO_PROXY must keep registry.npmmirror.com direct");
assert.ok(noProxy.includes(".svc"), "NO_PROXY must include Kubernetes Service domains");
@@ -376,8 +378,9 @@ function assertRunnerJobUsesBoundedGitTransport(rendered: JsonRecord): void {
assert.equal(runnerEnvValue(manifest, "AGENTRUN_GIT_DEFAULT_TIMEOUT_MS"), "60000");
assert.equal(runnerEnvValue(manifest, "AGENTRUN_GIT_CREDENTIAL_HELPER"), "gh-auth-setup-git");
const directHosts = String(runnerEnvValue(manifest, "AGENTRUN_GIT_DIRECT_HOSTS"));
assert.ok(directHosts.includes("github.com"), "GitHub HTTPS transport should be eligible for direct fallback");
assert.ok(directHosts.includes("codeload.github.com"), "codeload downloads should be eligible for direct fallback");
assert.equal(directHosts.includes("github.com"), false, "GitHub HTTPS transport should use the runner egress proxy by default");
assert.equal(directHosts.includes("codeload.github.com"), false, "codeload downloads should use the runner egress proxy by default");
assert.ok(directHosts.includes("registry.npmjs.org"), "registry.npmjs.org remains eligible for direct fallback");
const summary = rendered.gitTransport as JsonRecord;
assert.equal(summary.valuesPrinted, false);
assert.equal(summary.terminalPrompt, false);
+1 -1
View File
@@ -10,7 +10,7 @@ const defaultConnectTimeoutSeconds = Number(process.env.AGENTRUN_GIT_CONNECT_TIM
const defaultLowSpeedLimit = Number(process.env.GIT_HTTP_LOW_SPEED_LIMIT || 1_024);
const defaultLowSpeedTime = Number(process.env.GIT_HTTP_LOW_SPEED_TIME || 15);
const defaultHttpVersion = process.env.AGENTRUN_GIT_HTTP_VERSION || process.env.GIT_HTTP_VERSION || "HTTP/1.1";
const defaultDirectHosts = ["github.com", "api.github.com", "codeload.github.com", "objects.githubusercontent.com", "raw.githubusercontent.com", "registry.npmjs.org", "registry.npmmirror.com"];
const defaultDirectHosts = ["registry.npmjs.org", "registry.npmmirror.com"];
function help() {
return {