ContextQMD
Back to Runner

Actions Connection Check

docs/checks/actions.md

2.334.05.4 KB
Original Source

Actions Connection Check

What is this check for?

Make sure the runner has access to actions service for GitHub.com or GitHub Enterprise Server

  • For GitHub.com

    • The runner needs to access https://api.github.com for downloading actions.
    • The runner needs to access https://codeload.github.com for downloading actions tar.gz/zip.
    • The runner needs to access https://vstoken.actions.githubusercontent.com/_apis/.../ for requesting an access token.
    • The runner needs to access https://pipelines.actions.githubusercontent.com/_apis/.../ for receiving workflow jobs.
    • The runner needs to access https://results-receiver.actions.githubusercontent.com/.../ for reporting progress and uploading logs during a workflow job execution.

    NOTE: for the full list of domains that are required to be in the firewall allow list refer to the GitHub self-hosted runners requirements documentation.

    These can by tested by running the following curl commands from your self-hosted runner machine:

    curl -v https://api.github.com/zen
curl -v https://codeload.github.com/_ping
curl -v https://vstoken.actions.githubusercontent.com/_apis/health
curl -v https://pipelines.actions.githubusercontent.com/_apis/health
curl -v https://results-receiver.actions.githubusercontent.com/health

  • For GitHub Enterprise Server

    • The runner needs to access https://[hostname]/api/v3 for downloading actions.
    • The runner needs to access https://codeload.[hostname]/_ping for downloading actions tar.gz/zip.
    • The runner needs to access https://[hostname]/_services/vstoken/_apis/.../ for requesting an access token.
    • The runner needs to access https://[hostname]/_services/pipelines/_apis/.../ for receiving workflow jobs.

    These can by tested by running the following curl commands from your self-hosted runner machine, replacing [hostname] with the hostname of your appliance, for instance github.example.com:

    curl -v https://[hostname]/api/v3/zen
curl -v https://codeload.[hostname]/_ping
curl -v https://[hostname]/_services/vstoken/_apis/health
curl -v https://[hostname]/_services/pipelines/_apis/health

    A common cause of this these connectivity issues is if your to GitHub Enterprise Server appliance is using the self-signed certificate that is enabled the first time your appliance is started. As self-signed certificates are not trusted by web browsers and Git clients, these clients (including the GitHub Actions runner) will report certificate warnings.

    We recommend upload a certificate signed by a trusted authority to GitHub Enterprise Server, or enabling the built-in ]Let's Encrypt support.

What is checked?

  • DNS lookup for api.github.com or myGHES.com using dotnet
  • Ping api.github.com or myGHES.com using dotnet
  • Make HTTP GET to https://api.github.com or https://myGHES.com/api/v3 using dotnet, check response headers contains X-GitHub-Request-Id

How to fix the issue?

1. Check the common network issue

Please check the network doc

If you are seeing System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. in the log, it means the runner can't connect to Actions service due to SSL handshake failure.

Please check the SSL cert doc

Still not working?

Contact GitHub Support if you have further questuons, or log an issue at https://github.com/actions/runner if you think it's a runner issue.