Does this work with GHES?

[AndyG-0]

We are using GitHub Enterprise. Is there a way to make this work with GHES? At first glance of the code it doesn't appear there is a way to over-ride this going to gh.com.

[libbys01]

@mikedrexler ☝️ who needs to see this to answer?

[mikedrexler]

Hi @AndyG-0 ! I'm not sure what you are asking. Our virtual runners may be downloaded at https://github.com/actions/virtual-environments. Sorry if I misinterpret.

[AndyG-0]

@mikedrexler Trying to run this locally. It appears that the first thing it does is try to connect to api.github.com:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect
self.sock = ssl_wrap_socket(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 370, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:1131)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.github.com', port=443): Max retries exceeded with url: /repos/github/codeql-cli-binaries (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1131)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/startup_scripts/setup.py", line 57, in
setup()
File "/usr/local/startup_scripts/setup.py", line 39, in setup
get_latest_codeql(args)
File "/usr/local/startup_scripts/setup.py", line 46, in get_latest_codeql
latest_online_version = codeql.get_latest_codeql_github_version()
File "/usr/local/startup_scripts/libs/codeql.py", line 80, in get_latest_codeql_github_version
return get_latest_github_repo_version("github/codeql-cli-binaries")
File "/usr/local/startup_scripts/libs/github.py", line 6, in get_latest_github_repo_version
repo = client.get_repo(repo)
File "/usr/local/lib/python3.8/dist-packages/github/MainClass.py", line 294, in get_repo
headers, data = self.__requester.requestJsonAndCheck(
File "/usr/local/lib/python3.8/dist-packages/github/Requester.py", line 275, in requestJsonAndCheck
return self.__check(*self.requestJson(verb, url, parameters, headers, input, self.__customConnection(url)))
File "/usr/local/lib/python3.8/dist-packages/github/Requester.py", line 335, in requestJson
return self.__requestEncode(cnx, verb, url, parameters, headers, input, encode)
File "/usr/local/lib/python3.8/dist-packages/github/Requester.py", line 388, in __requestEncode
status, responseHeaders, output = self.__requestRaw(cnx, verb, url, requestHeaders, encoded_input)
File "/usr/local/lib/python3.8/dist-packages/github/Requester.py", line 412, in __requestRaw
response = cnx.getresponse()
File "/usr/local/lib/python3.8/dist-packages/github/Requester.py", line 114, in getresponse
r = verb(url, headers=self.headers, data=self.input, timeout=self.timeout, verify=self.verify, allow_redirects=False)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.github.com', port=443): Max retries exceeded with url: /repos/github/codeql-cli-binaries (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1131)')))
Error 1 executing from command.
Exiting...
Command Output:
[2022-04-07 19:12:16,397] INFO: Starting setup...
[2022-04-07 19:12:17,141] INFO: Current codeql version: v2.7.6

This is failing of course because I'm behind a proxy and it's not configured in the image but our repos are on our GHES Server not github.com. It however looks like the python script is first connecting to the gh.com api. I would like to connect to our internal GHES vs github.com.

Besides local we could also use this image in our container based CI platforms as well.

It looks like the link provided is for virtual machines and not images, which would not work easily with our container based CI platforms.

If there are instructions on how to get the image to work with GHES, they would be appreciated.

[jacobmsft]

Hey Andy, Mike, sorry for the late reply. Yes, right now the assumption in the script is that the cli and queries are being downloaded from the public github site. We can possibly introduce a override environment variable for each so the connection can be redirected. If you are interesting in sending a PR my way, please feel free. If not, I'll add it to my todo list and prioritize. Thanks for reporting the problem!