Github Runner Action Fails when backend api call urls are redirected through security software (like openDNS)

[garkenxian]

Describe the bug
I am using self-hosted runners. The runners are configured to connect to the internet through my company's network. Our network uses OpenDNS for network monitoring. When using the GitHub action software, it will attempt to connect to the github site using a pipelines url, that gets checked by open DNS.

looks like this on chrome

Basically it routes the request through openDNS to validate the link is valid and returns it to the original link with a couple of added headers to say its safe.

This "works" in chrome because chrome follows the redirects, where the GitHub Action software does not. The error in the logs show that when it attempts this, it just fails and retries.

Expected behavior
Expected behavior is that the github action runner application will follow 302 redirects to ensure that openDNS and other networking monitoring solutions can be used in conjunction of github action runners on self hosted machines in a secure environment

Runner Version and Platform

Version of your runner?
Windows runner 2.311.0

OS of the machine running the runner? OSX/Windows/Linux/...
Windows 2019 server edition

What's not working?

Please include error messages and screenshots.

Job Log Output

If applicable, include the relevant part of the job / step log output here. All sensitive information should already be masked out, but please double-check before pasting here.

[2023-12-07 18:36:03Z INFO GitHubActionsService] Starting operation Location.GetConnectionData
[2023-12-07 18:36:03Z ERR  GitHubActionsService] GET request to https://pipelinesghubeus25.actions.githubusercontent.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/_apis/connectionData?connectOptions=1&lastChangeId=-1&lastChangeId64=-1 failed. HTTP Status: Redirect
[2023-12-07 18:36:03Z INFO JobRunner] Redirecting to 'https://pipelinesghubeus25.actions.githubusercontent.com.x.5fbcf52e0106c04fb90ba3500c5b05e633fe.9270fc56.id.opendns.com/s/pipelinesghubeus25.actions.githubusercontent.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/_apis/connectionData?X-OpenDNS-Session=_5fbcf52e0106c04fb90ba3500c5b05e633fe9270fc56_EFagCeIH_connectOptions=1&lastChangeId=-1&lastChangeId64=-1'.
[2023-12-07 18:36:03Z ERR  GitHubActionsService] GET request to https://pipelinesghubeus25.actions.githubusercontent.com.x.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.9270fc56.id.opendns.com/s/pipelinesghubeus25.actions.githubusercontent.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/_apis/connectionData?X-OpenDNS-Session=_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_EFagCeIH_connectOptions=1&lastChangeId=-1&lastChangeId64=-1 failed. HTTP Status: Redirect
[2023-12-07 18:36:03Z INFO GitHubActionsService] Finished operation Location.GetConnectionData
[2023-12-07 18:36:03Z INFO Worker] Job completed.
[2023-12-07 18:36:03Z ERR  Worker] GitHub.Services.WebApi.VssServiceResponseException: Moved Temporarily
   at GitHub.Services.WebApi.VssHttpClientBase.HandleResponseAsync(HttpResponseMessage response, CancellationToken cancellationToken)
   at GitHub.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
   at GitHub.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
   at GitHub.Services.Location.Client.LocationHttpClient.GetConnectionDataAsync(ConnectOptions connectOptions, Int64 lastChangeId, CancellationToken cancellationToken, Object userState)
   at GitHub.Services.WebApi.Location.VssServerDataProvider.GetConnectionDataAsync(ConnectOptions connectOptions, Int32 lastChangeId, CancellationToken cancellationToken)
   at GitHub.Services.WebApi.Location.VssServerDataProvider.ConnectAsync(ConnectOptions connectOptions, CancellationToken cancellationToken)
   at GitHub.Runner.Common.JobServer.ConnectAsync(VssConnection jobConnection)
   at GitHub.Runner.Worker.JobRunner.RunAsync(AgentJobRequestMessage message, CancellationToken jobRequestCancellationToken)
   at GitHub.Runner.Worker.Worker.RunAsync(String pipeIn, String pipeOut)
   at GitHub.Runner.Worker.Program.MainAsync(IHostContext context, String[] args)

Runner and Worker's Diagnostic Logs

If applicable, add relevant diagnostic log information. Logs are located in the runner's _diag folder. The runner logs are prefixed with Runner_ and the worker logs are prefixed with Worker_. Each job run correlates to a worker log. All sensitive information should already be masked out, but please double-check before pasting here.

[dgsauve]

Same kind of issue, even after installing the umbrella cert on our VM we're now getting a redirect error.

[2023-12-14 20:14:28Z INFO GitHubActionsService] Starting operation Location.GetConnectionData
[2023-12-14 20:14:28Z ERR  GitHubActionsService] GET request to https://pipelinesghubeus25.actions.githubusercontent.com/snNcuq4ahJ509ms8Pt8FPtaaAwPLUMnv2OmUOd23jc9OV3AwQa/_apis/connectionData?connectOptions=1&lastChangeId=3944451&lastChangeId64=3944451 failed. HTTP Status: Redirect
[2023-12-14 20:14:28Z INFO JobRunner] Redirecting to 'https://pipelinesghubeus25.actions.githubusercontent.com.x.60e343b3056cd045780b9380c6b14ef900f1.9270f842.id.opendns.com/s/pipelinesghubeus25.actions.githubusercontent.com/snNcuq4ahJ509ms8Pt8FPtaaAwPLUMnv2OmUOd23jc9OV3AwQa/_apis/connectionData?X-OpenDNS-Session=_60e343b3056cd045780b9380c6b14ef900f19270f842_29H7J61B_connectOptions=1&lastChangeId=3944451&lastChangeId64=3944451'.
[2023-12-14 20:14:29Z ERR  GitHubActionsService] GET request to https://pipelinesghubeus25.actions.githubusercontent.com.x.60e343b3056cd045780b9380c6b14ef900f1.9270f842.id.opendns.com/s/pipelinesghubeus25.actions.githubusercontent.com/snNcuq4ahJ509ms8Pt8FPtaaAwPLUMnv2OmUOd23jc9OV3AwQa/_apis/connectionData?X-OpenDNS-Session=_60e343b3056cd045780b9380c6b14ef900f19270f842_29H7J61B_connectOptions=1&lastChangeId=3944451&lastChangeId64=3944451 failed. HTTP Status: Redirect
[2023-12-14 20:14:29Z INFO GitHubActionsService] Finished operation Location.GetConnectionData

[crtjer]

I'm having a similar issue but I only see it in the Github Actions UI using github runners. Same output error. We also have OpenDns.

https://pipelinesghubeus25.actions.githubusercontent.com/2sWqDsQcvUsHYYXUpls2L9T83qWCfDbrL0jq2HMMdm9GkoHmzh/_apis/pipelines/1/runs/143/signedlogcontent/4?urlExpires=2024-02-07T19%3A32%3A47.8302634Z&urlSigningMethod=HMACV1&urlSignature=qnZbzN9O3gQsUE%2BbPgXP8S94BPxPmOd5JA0gAv2UgBg%3D

If you hit the url directly, it will load. If you click the dropdown arrow within the github actions ui, you will be given the same behavior of not following the redirect. It only seems to be one this specific url host: pipelinesghubeus25.actions.githubusercontent.com

[github-actions]

This issue is stale because it has been open 365 days with no activity. Remove stale label or comment or this will be closed in 15 days.

[github-actions]

This issue was closed because it has been stalled for 15 days with no activity.