From 972d23362ed20f2f46ebcc409e1fb4f5e0bee279 Mon Sep 17 00:00:00 2001 From: theaussiepom Date: Tue, 23 Dec 2025 00:29:10 +0000 Subject: [PATCH] fix: run actions runner config from runner dir Run runner scripts from within the runner directory so ./bin paths resolve. Add simple preflight validation for common misconfigurations (API URL / PAT-like token) that otherwise surface as 404 during runner registration. --- scripts/install.sh | 33 +++++++++++++++++++++++++++++---- tests/bin/kcov-line-coverage.sh | 18 ++++++++++++++++++ 2 files changed, 47 insertions(+), 4 deletions(-) diff --git a/scripts/install.sh b/scripts/install.sh index f38c716..1f5caf4 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -127,13 +127,33 @@ install_actions_runner_if_configured() { # Runner-provided dependency installer; must run as root. if [[ -x "$dir/bin/installdependencies.sh" ]]; then - run_cmd "$dir/bin/installdependencies.sh" + # Runner scripts often assume they are executed from within the runner dir. + run_cmd bash -c "cd \"\$1\" && exec ./bin/installdependencies.sh" bash "$dir" fi # Ensure the runner files are owned by the dedicated user. run_cmd chown -R "$user:$user" "$dir" } +validate_actions_runner_registration_inputs() { + local github_url="$1" + local reg_token="$2" + + # Users occasionally paste API endpoints; the runner expects the *web* URL. + if [[ "$github_url" == *"api.github.com"* || "$github_url" == */api/v3* ]]; then + cover_path "install:actions-runner-config-invalid-url" + die "RUNNER_GITHUB_URL must be the web URL for the org/repo (e.g. https://github.com/ORG or https://github.com/ORG/REPO), not an API URL: $github_url" + fi + + # GitHub returns 404 for invalid auth; a common cause is a PAT instead of a registration token. + if [[ "$reg_token" == ghp_* || "$reg_token" == github_pat_* || "$reg_token" == gho_* || "$reg_token" == ghu_* || "$reg_token" == ghs_* || "$reg_token" == ghr_* ]]; then + cover_path "install:actions-runner-config-pat" + die "RUNNER_REGISTRATION_TOKEN looks like a GitHub token (PAT/app). Use the short-lived *runner registration token* from Settings → Actions → Runners → New self-hosted runner. A wrong/expired token commonly shows up as HTTP 404 during registration." + fi + + cover_path "install:actions-runner-config-inputs-ok" +} + configure_actions_runner_if_configured() { # Optional feature: # If the user provides GitHub URL + registration token, configure the runner. @@ -146,6 +166,8 @@ configure_actions_runner_if_configured() { fi cover_path "install:actions-runner-config-vars-present" + validate_actions_runner_registration_inputs "$github_url" "$reg_token" + local dir dir="$(runner_dir)" if [[ ! -x "$dir/config.sh" ]]; then @@ -164,12 +186,15 @@ configure_actions_runner_if_configured() { local name="${RUNNER_NAME:-$(hostname)}" - local -a cmd=("$dir/config.sh" --unattended --url "$github_url" --token "$reg_token" --name "$name") + local -a cmd=("./config.sh" --unattended --url "$github_url" --token "$reg_token" --name "$name") if command -v runuser > /dev/null 2>&1; then - run_cmd runuser -u "$user" -- "${cmd[@]}" + # Run from within the runner directory so runner scripts can use ./bin/ paths. + run_cmd runuser -u "$user" -- bash -c "cd \"\$1\"; shift; exec \"\$@\"" bash "$dir" "${cmd[@]}" else # Fallback for environments without runuser. - run_cmd su -s /bin/bash -c "\"$dir/config.sh\" --unattended --url \"$github_url\" --token \"$reg_token\" --name \"$name\"" "$user" + local su_cmd + su_cmd="$(printf 'cd %q && exec %q --unattended --url %q --token %q --name %q' "$dir" "./config.sh" "$github_url" "$reg_token" "$name")" + run_cmd su -s /bin/bash -c "$su_cmd" "$user" fi } diff --git a/tests/bin/kcov-line-coverage.sh b/tests/bin/kcov-line-coverage.sh index 7ccd3f6..1e15cc4 100755 --- a/tests/bin/kcov-line-coverage.sh +++ b/tests/bin/kcov-line-coverage.sh @@ -650,6 +650,24 @@ export RUNNER_REGISTRATION_TOKEN="token" export RUNNER_NAME="test" ( set +e; configure_actions_runner_if_configured; exit 0 ) >/dev/null 2>&1 || true +# Configure: reject API URLs (common misconfiguration). +export RUNNER_GITHUB_URL="https://api.github.com/example/repo" +export RUNNER_REGISTRATION_TOKEN="token" +( set +e; configure_actions_runner_if_configured; exit 0 ) >/dev/null 2>&1 || true + +# Reset to valid inputs for subsequent coverage. +export RUNNER_GITHUB_URL="https://github.com/example/repo" +export RUNNER_REGISTRATION_TOKEN="token" + +# Configure: reject PAT-like tokens (404 during registration is a common symptom). +export RUNNER_GITHUB_URL="https://github.com/example/repo" +export RUNNER_REGISTRATION_TOKEN="ghp_examplepat" +( set +e; configure_actions_runner_if_configured; exit 0 ) >/dev/null 2>&1 || true + +# Reset to valid inputs for subsequent coverage. +export RUNNER_GITHUB_URL="https://github.com/example/repo" +export RUNNER_REGISTRATION_TOKEN="token" + # Configure: present + config.sh, cover both runuser and fallback branches. dir="\$(runner_dir)" mkdir -p "\$dir"