Skip to content

Make sure runner-admin has both auth_url and auth_url_v2. #4066

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
TingluoHuang merged 1 commit into from
Oct 13, 2025
Merged

Make sure runner-admin has both auth_url and auth_url_v2. #4066

TingluoHuang merged 1 commit into from
Oct 13, 2025

Conversation

@TingluoHuang
Copy link
Member

@TingluoHuang TingluoHuang commented Oct 3, 2025
edited
Loading

Copilot AI review requested due to automatic review settings October 3, 2025 03:04
@TingluoHuang TingluoHuang requested a review from a team as a code owner October 3, 2025 03:04
Copilot AI reviewed Oct 3, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements dual authorization URL support for runner-admin by introducing a new LegacyAuthorizationUrl property alongside the existing AuthorizationUrl. The change ensures backward compatibility during authentication migration by allowing runners to use both legacy and v2 authorization endpoints.

  • Added LegacyAuthorizationUrl property to the Runner WebApi model
  • Updated configuration logic to handle both authorization URLs when legacy URL is available
  • Enabled v2 flow and set appropriate migration flags when using runner-admin

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
src/Sdk/DTWebApi/WebApi/Runner.cs Added LegacyAuthorizationUrl property to support dual authorization URLs
src/Runner.Listener/Configuration/ConfigurationManager.cs Updated configuration logic to use legacy URL when available and set migration properties

src/Runner.Listener/Configuration/ConfigurationManager.cs Outdated
ClientId = new Guid(runner.RunnerAuthorization.ClientId)
};

if (!string.IsNullOrEmpty(runner.RunnerAuthorization.LegacyAuthorizationUrl.AbsoluteUri))
Copy link

Copilot AI Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potential null reference exception when accessing LegacyAuthorizationUrl.AbsoluteUri if LegacyAuthorizationUrl is null. Check if LegacyAuthorizationUrl is not null before accessing its AbsoluteUri property.

Suggested change
if (!string.IsNullOrEmpty(runner.RunnerAuthorization.LegacyAuthorizationUrl.AbsoluteUri))
if (runner.RunnerAuthorization.LegacyAuthorizationUrl != null &&
!string.IsNullOrEmpty(runner.RunnerAuthorization.LegacyAuthorizationUrl.AbsoluteUri))

Copilot uses AI. Check for mistakes.
src/Runner.Listener/Configuration/ConfigurationManager.cs Outdated
ClientId = new Guid(runner.RunnerAuthorization.ClientId)
};

if (!string.IsNullOrEmpty(runner.RunnerAuthorization.LegacyAuthorizationUrl.AbsoluteUri))
Copy link

Copilot AI Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potential null reference exception when accessing LegacyAuthorizationUrl.AbsoluteUri if LegacyAuthorizationUrl is null. Check if LegacyAuthorizationUrl is not null before accessing its AbsoluteUri property.

Suggested change
if (!string.IsNullOrEmpty(runner.RunnerAuthorization.LegacyAuthorizationUrl.AbsoluteUri))
if (runner.RunnerAuthorization.LegacyAuthorizationUrl != null &&
!string.IsNullOrEmpty(runner.RunnerAuthorization.LegacyAuthorizationUrl.AbsoluteUri))

Copilot uses AI. Check for mistakes.
src/Runner.Listener/Configuration/ConfigurationManager.cs Outdated
Comment on lines 296 to 301
if (!string.IsNullOrEmpty(runner.RunnerAuthorization.LegacyAuthorizationUrl.AbsoluteUri))
{
agent.Authorization.AuthorizationUrl = runner.RunnerAuthorization.LegacyAuthorizationUrl;
agent.Properties["EnableAuthMigrationByDefault"] = false;
agent.Properties["AuthorizationUrlV2"] = runner.RunnerAuthorization.AuthorizationUrl.AbsoluteUri;
}
Copy link

Copilot AI Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The same logic for handling legacy authorization URL is duplicated in two locations. Consider extracting this into a helper method to reduce code duplication and improve maintainability.

Copilot uses AI. Check for mistakes.
src/Runner.Listener/Configuration/ConfigurationManager.cs Outdated
Comment on lines 354 to 359
if (!string.IsNullOrEmpty(runner.RunnerAuthorization.LegacyAuthorizationUrl.AbsoluteUri))
{
agent.Authorization.AuthorizationUrl = runner.RunnerAuthorization.LegacyAuthorizationUrl;
agent.Properties["EnableAuthMigrationByDefault"] = false;
agent.Properties["AuthorizationUrlV2"] = runner.RunnerAuthorization.AuthorizationUrl.AbsoluteUri;
}
Copy link

Copilot AI Oct 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The same logic for handling legacy authorization URL is duplicated in two locations. Consider extracting this into a helper method to reduce code duplication and improve maintainability.

Copilot uses AI. Check for mistakes.
@TingluoHuang TingluoHuang force-pushed the users/tihuang/rollback branch from 6d1fead to c8b6702 Compare October 3, 2025 03:08
@TingluoHuang TingluoHuang force-pushed the users/tihuang/rollback branch from c8b6702 to 37ce6fa Compare October 13, 2025 14:21
TingluoHuang
TingluoHuang commented Oct 13, 2025
View reviewed changes
src/Runner.Listener/Configuration/ConfigurationManager.cs
{
var runner = await _dotcomServer.ReplaceRunnerAsync(runnerSettings.PoolId, agent, runnerSettings.GitHubUrl, registerToken, publicKeyXML);
runnerSettings.ServerUrlV2 = runner.RunnerAuthorization.ServerUrl;
runnerSettings.UseV2Flow = true; // if we are using runner admin, we also need to hit broker
Copy link
Member Author

@TingluoHuang TingluoHuang Oct 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we forgot to do this for the update-runner flow, the same code exists in the add-runner flow.

@TingluoHuang TingluoHuang merged commit afe4fc8 into main Oct 13, 2025
10 checks passed
@TingluoHuang TingluoHuang deleted the users/tihuang/rollback branch October 13, 2025 16:22
@github-actions github-actions bot mentioned this pull request Oct 15, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rentziass rentziass rentziass approved these changes

@zarenner zarenner zarenner approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TingluoHuang @rentziass @zarenner