forgejo/runner
31
87
Fork 91
Code Issues 38 Pull requests 9 Releases 81 Packages 1 Activity Actions

fix: use automatic IP detection instead of cache proxy host config value for internal cache server #1088

Merged
earl-warren merged 2 commits from drewcassidy/runner:fix-cache-server-address into main 2025-10-16 07:42:37 +00:00
Conversation 6 Commits 2 Files changed 1 +1 -1
drewcassidy commented 2025-10-14 02:04:16 +00:00
Contributor
Copy link

The description for the cache.host config value is

  # The IP or hostname (195.84.20.30 or example.com) to use when constructing
  # ACTIONS_CACHE_URL which is the URL of the cache proxy.

however the internal cache server was being started using that value, despite it clearly stating its for the proxy.

While the address used to contact the cache proxy from the job is usually the same as the address for the cache proxy to contact the server, that is not the case with custom /etc/hosts entries, like what is used for the host.containers.internal address, which is needed for contacting the cache proxy on rootless podman (see #1075).

Since the cache proxy and internal cache server are always running on the same host (or container), it's safe to use localhost for the server address instead.

  • bug fixes
    • PR: fix: use automatic IP detection instead of cache proxy host config value for internal cache server
The description for the `cache.host` config value is ``` # The IP or hostname (195.84.20.30 or example.com) to use when constructing # ACTIONS_CACHE_URL which is the URL of the cache proxy. ``` however the internal cache *server* was being started using that value, despite it clearly stating its for the *proxy*. While the address used to contact the cache proxy from the job is *usually* the same as the address for the cache proxy to contact the server, that is not the case with custom /etc/hosts entries, like what is used for the `host.containers.internal` address, which is needed for contacting the cache proxy on rootless podman (see #1075). Since the cache proxy and internal cache server are always running on the same host (or container), it's safe to use localhost for the server address instead. <!--start release-notes-assistant--> <!--URL:https://code.forgejo.org/forgejo/runner--> - bug fixes - [PR](https://code.forgejo.org/forgejo/runner/pulls/1088): <!--number 1088 --><!--line 0 --><!--description Zml4OiB1c2UgYXV0b21hdGljIElQIGRldGVjdGlvbiBpbnN0ZWFkIG9mIGNhY2hlIHByb3h5IGhvc3QgY29uZmlnIHZhbHVlIGZvciBpbnRlcm5hbCBjYWNoZSBzZXJ2ZXI=-->fix: use automatic IP detection instead of cache proxy host config value for internal cache server<!--description--> <!--end release-notes-assistant-->
Use localhost instead of the cache proxy address
All checks were successful
checks / validate pre-commit-hooks file (pull_request) Successful in 1m18s
Details
checks / validate mocks (pull_request) Successful in 1m55s
Details
checks / build and test (pull_request) Successful in 4m4s
Details
checks / runner exec tests (pull_request) Successful in 45s
Details
Integration tests for the release process / release-simulation (pull_request) Successful in 7m21s
Details
checks / runner integration tests (pull_request) Successful in 9m16s
Details
checks / integration tests (pull_request) Successful in 19m55s
Details
cascade / forgejo (pull_request_target) Has been skipped
Details
cascade / debug (pull_request_target) Has been skipped
Details
cascade / end-to-end (pull_request_target) Has been skipped
Details
issue-labels / release-notes (pull_request_target) Successful in 6s
Details
bfb2637600
 
cache proxy always runs on the same machine as the internal cache server
viceice reviewed 2025-10-14 05:08:00 +00:00
internal/app/run/runner.go Outdated
@ -118,3 +118,3 @@
cacheServer, err := artifactcache.StartHandler(
cfg.Cache.Dir,
cfg.Cache.Host,
"localhost",
viceice commented 2025-10-14 05:08:00 +00:00
Owner
Copy link

are you sure this works for external cache server too?

are you sure this works for external cache server too?
drewcassidy commented 2025-10-14 05:33:37 +00:00
Author
Contributor
Copy link

this is the call to start the internal cache server. it's skipped when an external cache server is used

this is the call to *start* the internal cache server. it's skipped when an external cache server is used
👍 2
earl-warren commented 2025-10-15 07:48:11 +00:00
Contributor
Copy link

This is indeed inconsistent, good catch.

I think better in this case to leave it empty so that it behaves as if it was not set. Also"localhost" is not guaranteed to exist so it would be better to have 127.0.0.1, if it is set explicitly.

	cacheServer, err := artifactcache.StartHandler(
			cfg.Cache.Dir,
			"", // automatically detect

This should have been caught by a test but there currently are no test verifying those border cases. I tried to figure out how to test that but doing so would require groundwork that is out of proportion for this simple bug fix.

I really do not like this situation because it does nothing to improve how cache servers are tested.

Manual testing is the only way out. @drewcassidy could you confirm that this fix is manually tested to work for you and explain the steps you took to do that?

This is indeed inconsistent, good catch. I think better in this case to leave it empty so that it behaves as if it was not set. Also"localhost" is not guaranteed to exist so it would be better to have 127.0.0.1, if it is set explicitly. ```go cacheServer, err := artifactcache.StartHandler( cfg.Cache.Dir, "", // automatically detect ``` This should have been caught by a test but there currently are no test verifying those border cases. I tried to figure out how to test that but doing so would require groundwork that is out of proportion for this simple bug fix. I really do not like this situation because it does nothing to improve how cache servers are tested. Manual testing is the only way out. @drewcassidy could you confirm that this fix is manually tested to work for you and explain the steps you took to do that?
👍 1
viceice commented 2025-10-15 07:49:53 +00:00
Owner
Copy link

127.0.0.1 doesn't work on ipv6 only networking or does it?

`127.0.0.1` doesn't work on ipv6 only networking or does it?
earl-warren commented 2025-10-15 08:52:50 +00:00
Contributor
Copy link

right, I did not think of that. Leaving it empty is best then.

right, I did not think of that. Leaving it empty is best then.
drewcassidy commented 2025-10-15 21:07:08 +00:00
Author
Contributor
Copy link

Right, was waffling myself between automatic and localhost, I figured localhost would at least not expose the cache server to the outside world if the user isnt running a firewall.

Sockets would be the better answer, but I dont think those work on Windows?

I'll change it to the empty string, test, and report back.

Right, was waffling myself between automatic and localhost, I figured localhost would at least not expose the cache server to the outside world if the user isnt running a firewall. Sockets would be the better answer, but I dont think those work on Windows? I'll change it to the empty string, test, and report back.
earl-warren commented 2025-10-16 04:57:20 +00:00
Contributor
Copy link

Even if the cache is exposed publicly, it cannot be used without the secret (autogenerated or set in the config file) so it is not a concern.

Even if the cache is exposed publicly, it cannot be used without the secret (autogenerated or set in the config file) so it is not a concern.
drewcassidy commented 2025-10-16 07:08:51 +00:00
Author
Contributor
Copy link

Changed it to auto-detect. I tested by running a workflow that uses actions/cache with all config settings default except with cache.host set to host.containers.internal, and making sure the cache proxy doesnt error contacting the cache server.

Changed it to auto-detect. I tested by running a workflow that uses `actions/cache` with all config settings default except with `cache.host` set to `host.containers.internal`, and making sure the cache proxy doesnt error contacting the cache server.
❤️ 1
earl-warren commented 2025-10-16 07:43:28 +00:00
Contributor
Copy link

Thanks for doing the manual testing.

Thanks for doing the manual testing.
viceice marked this conversation as resolved
proton-ab commented 2025-10-14 12:28:03 +00:00
First-time contributor
Copy link

This would technically be breaking change I think (though I can't imagine a valid situation where someone is relying on this behavior)? Note that despite using localhost for local cache server, we're still binding it to a port specified in configuration. This seems to make little sense, as we are now exposing ability to define port for a service that will only ever be accessible locally for sole purpose of cache proxy connecting to it.

This would technically be breaking change I think (though I can't imagine a valid situation where someone is relying on this behavior)? Note that despite using `localhost` for local cache server, we're still binding it to a port specified in configuration. This seems to make little sense, as we are now exposing ability to define port for a service that will only ever be accessible locally for sole purpose of cache proxy connecting to it.
fnetX requested review from Kwonunn 2025-10-14 15:23:28 +00:00
drewcassidy commented 2025-10-14 15:43:23 +00:00
Author
Contributor
Copy link

It still makes sense to have the port configurable. There could be other services (like other runner instances) on the same server with conflicting ports bound to localhost.

It still makes sense to have the port configurable. There could be other services (like other runner instances) on the same server with conflicting ports bound to localhost.
mfenniak approved these changes 2025-10-15 01:34:19 +00:00
mfenniak left a comment
Owner
Copy link

This seems right to me, and consistent with the existing documentation. I would like another reviewer to agree with me, so I'll give it a day to see if anyone else does or does not. 🙂

This seems right to me, and consistent with the existing documentation. I would like another reviewer to agree with me, so I'll give it a day to see if anyone else does or does not. 🙂
Kwonunn approved these changes 2025-10-15 11:05:28 +00:00
Kwonunn left a comment
Member
Copy link

this looks correct to me, though i haven't had a chance to test it.

this looks correct to me, though i haven't had a chance to test it.
auto-detect artifact cache IP instead of using localhost
All checks were successful
checks / validate mocks (pull_request) Successful in 59s
Details
checks / validate pre-commit-hooks file (pull_request) Successful in 38s
Details
checks / build and test (pull_request) Successful in 3m6s
Details
checks / runner exec tests (pull_request) Successful in 25s
Details
Integration tests for the release process / release-simulation (pull_request) Successful in 4m44s
Details
issue-labels / release-notes (pull_request_target) Successful in 4s
Details
checks / runner integration tests (pull_request) Successful in 5m25s
Details
checks / integration tests (pull_request) Successful in 11m15s
Details
cascade / debug (pull_request_target) Has been skipped
Details
cascade / end-to-end (pull_request_target) Successful in 5s
Details
cascade / forgejo (pull_request_target) Successful in 35s
Details
ca5f1437b6
 
localhost isnt guranteed to exist
drewcassidy changed title from fix: use localhost instead of cache proxy host for internal cache server to fix: use automatic IP detection instead of cache proxy host config value for internal cache server 2025-10-16 07:11:24 +00:00
viceice approved these changes 2025-10-16 07:16:29 +00:00
earl-warren deleted branch fix-cache-server-address 2025-10-16 07:42:37 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
mfenniak
Kwonunn
viceice
Labels
Clear labels   
FreeBSD

   
Kind/Breaking

Breaking change that won't be backward compatible

  
Kind/Bug

Something is not working

  
Kind/Chore

It is no fun but it needs to be done, this is a chore.

  
Kind/DependencyUpdate

for pull requests that are created by renovate when updating a dependency

  
Kind/Documentation

Documentation changes

  
Kind/Enhancement

Improve existing functionality

  
Kind/Feature

New functionality

  
Kind/Security

This is security issue

  
Kind/Testing

Issue or pull request related to testing

  
Priority
Critical
The priority is critical

  
Priority
High
The priority is high

  
Priority
Low
The priority is low

  
Priority
Medium
The priority is medium

  
Reviewed
Confirmed
Issue has been confirmed

  
Reviewed
Duplicate
This issue or pull request already exists

  
Reviewed
Invalid
Invalid issue

  
Reviewed
Won't Fix
This issue won't be fixed

  
Status
Abandoned
Somebody has started to work on this but abandoned work

  
Status
Blocked
Something is blocking this issue or pull request

  
Status
Need More Info
Feedback is required to reproduce issue or to continue work

  
Windows

Windows ports is an independent project, see https://github.com/Crown0815/Forgejo-runner-windows-builder

  
linux-powerpc64le

powerpc64le

  
linux-riscv64

   
linux-s390x

   
run-end-to-end-tests

Run https://code.forgejo.org/forgejo/end-to-end with a runner compiled from this pull request

  
run-forgejo-tests

Run https://codeberg.org/forgejo/forgejo tests importing the runner from this pull request

No labels
FreeBSD
Kind/Breaking
Kind/Bug
Kind/Chore
Kind/DependencyUpdate
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Security
Kind/Testing
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Reviewed
Confirmed
Reviewed
Duplicate
Reviewed
Invalid
Reviewed
Won't Fix
Status
Abandoned
Status
Blocked
Status
Need More Info
Windows
linux-powerpc64le
linux-riscv64
linux-s390x
run-end-to-end-tests
run-forgejo-tests
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
6 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo/runner!1088
No description provided.