Skip to content

Action not fetching images when behind HTTP proxy on self-hosted runner #822

Closed
Closed
Action not fetching images when behind HTTP proxy on self-hosted runner#822
Labels
area/docs
@grahamb

Description

@grahamb
grahamb
opened on Feb 27, 2023

Troubleshooting

Before submitting a bug report please read the Troubleshooting doc.

Behaviour

When running on a self-hosted runner (RHEL8) behind a HTTP proxy, build jobs fail when attempting to fetch the Docker image referenced in the FROM line in the Dockerfile:

ERROR: failed to solve: DeadlineExceeded: DeadlineExceeded: DeadlineExceeded: node:16.19.1-alpine3.17: failed to do request: Head "https://registry-1.docker.io/v2/library/node/manifests/16.19.1-alpine3.17": dial tcp 3.216.34.172:443: i/o timeout

When running the same docker buildx build command on the runner manually with a checkout of the repo, the build succeeds.

Configuration

  • Repository URL (if public): private repo
  • Build URL (if public): private repo

Dockerfile:

FROM node:16.19.1-alpine3.17 as build
ARG GITHUB_NPM_TOKEN
ENV NODE_ENV production
USER root
WORKDIR /usr/src/app
[logfile.txt](https://github.com/docker/build-push-action/files/10845193/logfile.txt)

COPY --chown=node:node package*.json ./
COPY --chown=node:node . .
RUN chown node:node /usr/src/app && apk update && apk add --update-cache dumb-init jq && npm -g i pm2
ARG SENTRY_DSN_ARG=""
ENV SENTRY_DSN $SENTRY_DSN_ARG
USER node
ENV NODE_JQ_SKIP_INSTALL_BINARY=true
RUN printf "//npm.github.sfu.ca/:_authToken=${GITHUB_NPM_TOKEN}\n@its:registry=https://npm.github.sfu.ca/" > .npmrc && \ 
  npm set unsafe-perm true && \
  npm config set noproxy "localhost,127.0.0.1,github.sfu.ca,*.sfu.ca,*.its.sfu.ca,docker.github.sfu.ca,www.sfu.ca" && \
  npm install --include=dev  && \
  npm run build && \
  rm /usr/src/app/.npmrc

FROM node:16.19.1-alpine3.17
WORKDIR /usr/src/app
COPY --chown=node:node --from=build /usr/src/app /usr/src/app
RUN chown node:node /usr/src/app && apk add --update-cache dumb-init jq && npm -g i pm2
USER node
EXPOSE 3000
CMD ["dumb-init", "node", "/usr/src/app/server/index.js"]

Build YAML file

name: Build and push to SFU GHCR

on:
  workflow_dispatch:
  push:
    branches:
      - "main"

permissions:
  packages: write
  contents: read

jobs:
  docker:
    runs-on: [self-hosted, lcpd, rhel8]
    steps:
      - name: Checkout repo
        uses: actions/checkout@v3

      - name: Log in to GitHub Docker registry
        uses: docker/login-action@v2
        with:
          registry: containers.github.sfu.ca
          username: ${{ github.actor }}
          password: ${{ github.token }}

      - name: Generate tags
        id: date
        env:
          TAG: containers.github.sfu.ca/its/github-tools/github-tools
        run: |
          echo "TAG_VER=${{ env.TAG }}:$(date +'%Y%m%d%H%M%S')" >> $GITHUB_ENV
          echo "TAG_LATEST=${{ env.TAG }}:latest" >> $GITHUB_ENV

      - name: Set up Docker Buildx
        uses: docker/[email protected]
        with:
          buildkitd-flags: --debug

      - name: Build and push
        uses: docker/build-push-action@v4
        with:
          file: Dockerfile-production
          push: true
          context: .
          build-args: |
            GITHUB_NPM_TOKEN=${{ secrets.ITS_DOCKER_PACKAGE_TOKEN }}
            SENTRY_DSN=${{ secrets.PRODUCTION_SENTRY_DSN }}
          tags: |
            ${{env.TAG_VER}}
            ${{env.TAG_LATEST}}

GitHub Runner .env file:

LANG=en_US.UTF-8
http_proxy=http://bby-vcontrol-proxy.its.sfu.ca:8080
https_proxy=http://bby-vcontrol-proxy.its.sfu.ca:8080
no_proxy=sfu.ca,github.sfu.ca

Runner user's ~/.docker/config.json

{
  "auths": {},
  "proxies": {
    "default": {
      "httpProxy": "http://bby-vcontrol-proxy.its.sfu.ca:8080",
      "httpsProxy": "http://bby-vcontrol-proxy.its.sfu.ca:8080",
      "noProxy": "localhost,127.0.0.1,sfu.ca,www.sfu.ca,*.sfu.ca,*.its.sfu.ca,.sfu.ca,.its.sfu.ca,its.sfu.ca,github.sfu.ca,containers.github.sfu.ca"
    }
  }
}

Logs

logfile.txt

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/docs

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions