fix: upgrade bundled GitHub Actions runner#128
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 00cd95d174
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| - run: | | ||
| docker run --rm --platform linux/amd64 --entrypoint /bin/sh "${{ steps.release_meta.outputs.image_ref }}" -lc \ | ||
| 'command -v pgrep && pgrep --version | head -n 1 && docker --version && node --version && python3 --version && terraform version | head -n 1' | ||
| 'test "$(cd /actions-runner && ./bin/Runner.Listener --version)" = "2.334.0" && command -v pgrep && pgrep --version | head -n 1 && docker --version && node --version && python3 --version && terraform version | head -n 1' |
There was a problem hiding this comment.
In the release-image.yml ordering I checked, this new Runner.Listener --version assertion runs only after the image digest and per-platform digests have already been signed and SBOM/SLSA attestations have been pushed. If build-image.sh builds with a stale RUNNER_VERSION override and publishes a deprecated runner under the new tag, this check will fail the workflow but leave a signed and attested bad image in GHCR. Run the per-platform version checks immediately after image_digest and before the cosign/attestation steps.
Useful? React with 👍 / 👎.
2 participants
Summary
0.2.1so the broken0.2.0image line is superseded2.333.0to2.334.0Runner.Listener --version == 2.334.0for both amd64 and arm64 images before treating a published image as validRoot Cause
The published
ghcr.io/omt-global/github-runner-fleet:0.2.0image still embedded Actions runner2.333.0. GitHub now rejects that runner binary as deprecated, so Synology containers could register and then fail to receive jobs.Validation
corepack pnpm vitest run test/dockerfile.test.ts test/env.test.ts test/build-script.test.tscorepack pnpm buildOperational Note
The NAS was already moved to a verified
2.334.0image during incident repair. This PR makes the source/release path publish the correct runner executable going forward instead of relying on the emergency image line.