Self-hosted workers fail immediately, get marked "offline" in the runners list. about cml.dev HOT 9 OPEN

It looks like that app needs an additional scope it might not have? https://docs.github.com/en/rest/actions/workflow-runs#list-workflow-runs-for-a-repository

@mikolajpabiszczak to confirm is an issue with app generated token can you try and curl the endpoint with one of the generated tokens?

curl \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: token <TOKEN>" \
  https://api.github.com/repos/OWNER/REPO/actions/runs

from cml.dev.

we might need to update our guide for using a github app?

• https://cml.dev/doc/self-hosted-runners#app
• https://github.com/settings/apps/new
• https://docs.github.com/en/rest/overview/permissions-required-for-github-apps#permission-on-actions
• https://docs.github.com/en/rest/actions/workflow-runs#list-workflow-runs-for-a-repository

from cml.dev.

Did some tests, indeed the culprit was the lack of sufficient permissions: after adding Read and write permissions for Actions the workflows work again.

Thx for your time and help! And yes, the guide needs an update in this case. ;D

from cml.dev.

👋 @mikolajpabiszczak the reason is because the runner has been marked to do just one job with the parameter --single the option that you might be looking for is --reuse

from cml.dev.

@DavidGOrtega: I do know that. So let me emphasise this again:

1. the problem is not about single vs. reusable (I know and understand the difference between those). In both cases the workflow does not work (and it worked 3 months ago). I used reusable only to collect the logs provided and to see whether GitHub sees the runner (it does not: it marks it as offline). In fact all the workflows (using CML) that I tested do not work (but worked 3 months ago)

2. Moreover, if I use the reusable runner, and I try to run the failed job again it does not pick up the already existing runner (bc. GitHub sees it as offline).

3. In case I use single the instance does not get cancelled after the failure, I have to terminate it manually.

(I added some clarifications in the opening message)

from cml.dev.

@mikolajpabiszczak
You have in your logs

Jul 22 11:37:30 ip-172-31-32-70 cml.sh[2440]: {"level":"error","message":"HttpError: Resource not accessible by integration","stack":"Error: HttpError: Resource not accessible by integration\n    at process.<anonymous> (/snapshot/cml/bin/cml/runner.js:333:32)\n    at process.emit (node:events:539:35)\n    at emit (node:internal/process/promises:140:20)\n    at processPromiseRejections (node:internal/process/promises:274:27)\n    at processTicksAndRejections (node:internal/process/task_queues:97:32)","status":"terminated"}

There must be something that you do not have permissions to do with your token?
Then the unregistering can not happen yet because there is still a job in play

from cml.dev.

Just to be sure and move one step forward can you please your REPO_TOKEN? Does it have all all the permissions?

from cml.dev.

These were not changed since the working runs, but I checked it again. We are using a company application, so checking up wrt. this list

Repository level:

• administration (read and write)
• checks (we are not using cml send-github-check)
• pull requests (read and write)

Organisation level:

• self-hosted runners (read and write)

Additionally, in the repository settings:

• all actions are allowed
• and workflows have read and write permissions

from cml.dev.

@mikolajpabiszczak thanks for the report and help, we'll keep this open until we update the docs

from cml.dev.