Skip to content

Handle edge cases with PAT token ENV import #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
n0vad3v merged 3 commits into from
Apr 1, 2025
Merged

Handle edge cases with PAT token ENV import #1

n0vad3v merged 3 commits into from
Apr 1, 2025

Conversation

@xZero707
Copy link
Contributor

@xZero707 xZero707 commented Mar 29, 2025

One of the issues I've encountered is that I had a newline in my PAT token. This was causing the script to fail with the following:

node:_http_outgoing:702
validateHeaderValue(name, value);
^

TypeError [ERR_INVALID_CHAR]: Invalid character in header content ["Authorization"]
at ClientRequest.setHeader (node:_http_outgoing:702:3)
at new ClientRequest (node:_http_client:302:14)
at Object.request (node:https:381:10)
at RedirectableRequest._performRequest (/usr/src/app/node_modules/follow-redirects/index.js:265:24)
at new RedirectableRequest (/usr/src/app/node_modules/follow-redirects/index.js:61:8)
at Object.request (/usr/src/app/node_modules/follow-redirects/index.js:456:14)
at dispatchHttpRequest (/usr/src/app/node_modules/axios/lib/adapters/http.js:195:25)
at new Promise (<anonymous>)
at httpAdapter (/usr/src/app/node_modules/axios/lib/adapters/http.js:46:10)
at dispatchRequest (/usr/src/app/node_modules/axios/lib/core/dispatchRequest.js:52:10) {
code: 'ERR_INVALID_CHAR'
}

After figuring out the cause, I come up with simple and effective patch for such cases.

Additionally, I implemented some extra error handling to handle the case where the environment can be only PAT_. This would cause the script to attempt to use the empty key on the map, as PAT_ is stripped of it.

@n0vad3v
Copy link
Member

n0vad3v commented Mar 31, 2025

Thanks for feedback, may I ask in which case there will be a newline in PAT token?

@xZero707
Copy link
Contributor Author

xZero707 commented Mar 31, 2025
edited
Loading

In this particular case I modified image a bit and added s6 overlay and docker-env-secrets. Before kms service is started, secrets are loaded into the environment.
Eg. /run/secrets/PAT_myorg will be available as PAT_myorg environment variable and so on. Loading of the files is handled by s6 with-contenv wrapper and s6-envdir.

My compose.yaml (partial):

secrets:
  PAT_myorg:
    file: ./secrets/PAT_myorg.txt

networks:
  default:

services:
  kms:
    image: xcr.se/n0rthernl1ghts/gha-runner-kms:latest # My custom build
    hostname: example.router0.net
    deploy:
      restart_policy:
        condition: any
    secrets:
      - PAT_myorg
    networks:
      default:
      
(...)

Secret file secrets/PAT_myorg.txt is created with text editor. Like nano - Some editors will always add newline.

Code should be able to handle such cases. Trim is an easy choice.

@n0vad3v
Copy link
Member

n0vad3v commented Apr 1, 2025

Got it, nice work!
I'll port this to my Rust port (https://github.com/knatnetwork/github-runner-kms-rs) later, as github-runner-kms-rs has a smaller image and starts faster than this Node version of KMS.

@n0vad3v n0vad3v merged commit cd98fd7 into knatnetwork:master Apr 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xZero707 @n0vad3v