Unable to setup java when using self-hosted runner behind proxy with authorization (must upgrade http-client version) #221
Description
Description:
TLDR: Update http-client dependency to 1.0.11.
We have a self-hosted runner which is behind a corporate proxy with authorization. We use CNTLM for the auth via NTLMv2 and the self-hosted runner is configured to use "http://localhost:3128" (where CNTLM listens) as HTTP and HTTPS proxy.
Once the Action is executed, it fails with following error:
Run actions/setup-java@v2
Trying to resolve the latest version from remote
##[debug]Gathering available versions from 'https://api.adoptopenjdk.net/v3/assets/version/%5B1.0,100.0%5D?project=jdk&vendor=adoptopenjdk&heap_size=normal&sort_method=DEFAULT&sort_order=DESC&os=linux&architecture=x64&image_type=jdk&release_type=ga&jvm_impl=hotspot&page_size=20&page=0'
(node:259) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
Error: tunneling socket could not be established, statusCode=407
##[debug]Node Action run completed with exit code 1
This is due to a bug in http-client which has been fixed in version 1.0.11.
Task version:
v2.3.0
Platform:
- Ubuntu
- macOS
- Windows
Runner type:
- Hosted
- Self-hosted
Repro steps:
- Setup CNTLM to authorize requests to corporate proxy
- Setup self-hosted runner to use your CNTLM as a proxy
- Execute a workflow with actions/setup-java
Expected behavior:
Action setup-java does not pass empty credentials to proxy, lets CNTLM use it's own configured credentials and downloads and installs java on the runner.
Actual behavior:
Action setup-java passes empty credentials to proxy, CNTLM forwards those empty credentials to parent proxy and gets 407 Proxy authorization required.