Merge pull request #588 from sraisl/support-ghe-data-residency

Support GitHub Enterprise Cloud data residency API URLs (*.ghe.com)

Author: myoung34

README.md

@@ -71,6 +71,8 @@ These containers are built via Github actions that [copy the dockerfile](https:/
 | `RUNNER_WORKDIR` | The working directory for the runner. Runners on the same host should not share this directory. Default is '/_work'. This must match the source path for the bind-mounted volume at RUNNER_WORKDIR, in order for container actions to access files. |
 | `RUNNER_GROUP` | Name of the runner group to add this runner to (defaults to the default runner group) |
 | `GITHUB_HOST` | Optional URL of the Github Enterprise server e.g github.mycompany.com. Defaults to `github.com`. |
+| `GITHUB_API_HOST` | Optional API host to use for token generation. Useful when the API host differs from `GITHUB_HOST`, e.g. `api.mycompany.ghe.com` for GitHub Enterprise Cloud with data residency. |
+| `GITHUB_API_PATH` | Optional API path to use for token generation. Defaults to `/api/v3` for non-`github.com` hosts. Set to `/` when the API host does not use a path. |
 | `DISABLE_AUTOMATIC_DEREGISTRATION` | Optional flag to disable signal catching for deregistration. Default is `false`. Any value other than exactly `false` is considered `true`. See [here](https://github.com/myoung34/docker-github-actions-runner/issues/94) |
 | `CONFIGURED_ACTIONS_RUNNER_FILES_DIR` | Path to use for runner data. It allows avoiding reregistration each the start of the runner. No default value. |
 | `EPHEMERAL` | Optional flag to configure runner with [`--ephemeral` option](https://docs.github.com/en/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners#using-ephemeral-runners-for-autoscaling). Ephemeral runners are suitable for autoscaling. |
@@ -120,6 +122,8 @@ $ GOSS_VARS=goss_vars.yaml GOSS_FILE=goss_full.yaml GOSS_SLEEP=1 dgoss run --ent
   -e RUNNER_WORKDIR=/tmp/a \
   -e RUNNER_GROUP=wat \
   -e GITHUB_HOST=github.example.com \
+  -e GITHUB_API_HOST=github.example.com \
+  -e GITHUB_API_PATH=/api/v3 \
   -e DISABLE_AUTOMATIC_DEREGISTRATION=true \
   -e EPHEMERAL=true \
   -e DISABLE_AUTO_UPDATE=true \

app_token.sh

@@ -11,14 +11,36 @@
 
 set -o pipefail
 
-_GITHUB_HOST=${GITHUB_HOST:="github.com"}
+normalize_host() {
+  local host="${1#http://}"
+  host="${host#https://}"
+  echo "${host%%/}"
+}
+
+normalize_api_path() {
+  local path="${1:-}"
+  if [[ -z ${path} ]] || [[ ${path} == "/" ]]; then
+    echo ""
+    return
+  fi
+
+  path="/${path#/}"
+  echo "${path%/}"
+}
+
+_GITHUB_HOST=$(normalize_host "${GITHUB_HOST:="github.com"}")
 
-# If URL is not github.com then use the enterprise api endpoint
-if [[ ${GITHUB_HOST} = "github.com" ]]; then
-  URI="https://api.${_GITHUB_HOST}"
+if [[ -n ${GITHUB_API_HOST} ]]; then
+  _GITHUB_API_HOST=$(normalize_host "${GITHUB_API_HOST}")
+  _GITHUB_API_PATH=$(normalize_api_path "${GITHUB_API_PATH:-/api/v3}")
+elif [[ ${_GITHUB_HOST} = "github.com" ]]; then
+  _GITHUB_API_HOST="api.${_GITHUB_HOST}"
+  _GITHUB_API_PATH=$(normalize_api_path "${GITHUB_API_PATH:-/}")
 else
-  URI="https://${_GITHUB_HOST}/api/v3"
+  _GITHUB_API_HOST="${_GITHUB_HOST}"
+  _GITHUB_API_PATH=$(normalize_api_path "${GITHUB_API_PATH:-/api/v3}")
 fi
+URI="https://${_GITHUB_API_HOST}${_GITHUB_API_PATH}"
 
 API_VERSION=v3
 API_HEADER="Accept: application/vnd.github.${API_VERSION}+json"

entrypoint.sh

@@ -70,6 +70,9 @@ _RUNNER_WORKDIR=${RUNNER_WORKDIR:-/_work/${_RUNNER_NAME}}
 _LABELS=${RUNNER_LABELS:-${LABELS:-default}}
 _RUNNER_GROUP=${RUNNER_GROUP:-Default}
 _GITHUB_HOST=${GITHUB_HOST:="github.com"}
+_GITHUB_HOST="${_GITHUB_HOST#http://}"
+_GITHUB_HOST="${_GITHUB_HOST#https://}"
+_GITHUB_HOST="${_GITHUB_HOST%%/}"
 _RUN_AS_ROOT=${RUN_AS_ROOT:="true"}
 _START_DOCKER_SERVICE=${START_DOCKER_SERVICE:="false"}
 _UNSET_CONFIG_VARS=${UNSET_CONFIG_VARS:="false"}
@@ -187,6 +190,8 @@ unset_config_vars() {
   unset RUNNER_WORKDIR
   unset RUNNER_GROUP
   unset GITHUB_HOST
+  unset GITHUB_API_HOST
+  unset GITHUB_API_PATH
   unset DISABLE_AUTOMATIC_DEREGISTRATION
   unset CONFIGURED_ACTIONS_RUNNER_FILES_DIR
   unset EPHEMERAL

goss_full.yaml

@@ -1,4 +1,11 @@
 command:
+  /bin/bash -c 'curl(){ printf %s "{\"token\":\"abc\"}"; }; export -f curl; ACCESS_TOKEN=123 RUNNER_SCOPE=org ORG_NAME=myoung34 GITHUB_HOST=github.example.com GITHUB_API_HOST=api.github.example.com GITHUB_API_PATH=/foo /token.sh':
+    exit-status: 0
+    stdout:
+      - '"full_url": "https://api.github.example.com/foo/orgs/myoung34/actions/runners/registration-token"'
+    stderr: ""
+    timeout: 2000
+
   /entrypoint.sh something:
     exit-status: 0
     stdout:

token.sh

@@ -1,13 +1,35 @@
 #!/bin/bash
 
-_GITHUB_HOST=${GITHUB_HOST:="github.com"}
+normalize_host() {
+  local host="${1#http://}"
+  host="${host#https://}"
+  echo "${host%%/}"
+}
 
-# If URL is not github.com then use the enterprise api endpoint
-if [[ ${GITHUB_HOST} = "github.com" ]]; then
-  URI="https://api.${_GITHUB_HOST}"
+normalize_api_path() {
+  local path="${1:-}"
+  if [[ -z ${path} ]] || [[ ${path} == "/" ]]; then
+    echo ""
+    return
+  fi
+
+  path="/${path#/}"
+  echo "${path%/}"
+}
+
+_GITHUB_HOST=$(normalize_host "${GITHUB_HOST:="github.com"}")
+
+if [[ -n ${GITHUB_API_HOST} ]]; then
+  _GITHUB_API_HOST=$(normalize_host "${GITHUB_API_HOST}")
+  _GITHUB_API_PATH=$(normalize_api_path "${GITHUB_API_PATH:-/api/v3}")
+elif [[ ${_GITHUB_HOST} = "github.com" ]]; then
+  _GITHUB_API_HOST="api.${_GITHUB_HOST}"
+  _GITHUB_API_PATH=$(normalize_api_path "${GITHUB_API_PATH:-/}")
 else
-  URI="https://${_GITHUB_HOST}/api/v3"
+  _GITHUB_API_HOST="${_GITHUB_HOST}"
+  _GITHUB_API_PATH=$(normalize_api_path "${GITHUB_API_PATH:-/api/v3}")
 fi
+URI="https://${_GITHUB_API_HOST}${_GITHUB_API_PATH}"
 
 API_VERSION=v3
 API_HEADER="Accept: application/vnd.github.${API_VERSION}+json"