Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Error "fetch failed" when using proxy #814

Open
lindeberg opened this issue Aug 16, 2024 · 4 comments
Open

[BUG] Error "fetch failed" when using proxy #814

lindeberg opened this issue Aug 16, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@lindeberg
Copy link

Describe the bug
Error "fetch failed" when using proxy on a self-hosted runner with a proxy with least privelege network access, and these domains are allowed:

  • api.deps.dev
  • api.securityscorecards.dev
2024-08-16T06:36:11.3271510Z Dependency review did not detect any denied packages
2024-08-16T06:36:31.3476555Z ##[error]fetch failed

To Reproduce
Steps to reproduce the behavior:

  1. Set up a self-hosted runner with least privelege network access
      - name: Dependency Review
        uses: actions/dependency-review-action@v4
        with:
          fail-on-severity: low
          license-check: false
  1. Allow the domains above
  2. Run dependency-review such that it triggers calls to these domains
  3. See the error

Expected behavior
It should be all good!

Screenshots
image

Action version
v4.3.4

@lindeberg lindeberg added the bug Something isn't working label Aug 16, 2024
@bteng22
Copy link
Contributor

bteng22 commented Aug 16, 2024

Hey @lindeberg thanks for reporting this. If you disable the OpenSSF scorecards does the fetch still fail? show-openssf-scorecard: false Trying to narrow down the causes here

@lindeberg
Copy link
Author

Failing still with show-openssf-scorecard: false:
image

@gadzet
Copy link

gadzet commented Sep 27, 2024

We experience this issue as well using proxy. Rolling back to actions/dependency-review-action@v3.1.4 works. It seems like issue is introduced when upgrading to node 20.

@bisdevres
Copy link

bisdevres commented Oct 15, 2024

confirming @gadzet's remak.
v3.1.4 (and the more recent v3.1.5) work for me.

Note

the culprit of this issue as 2 blocked URL's on our firewall:

  • api.deps.dev
  • api.securityscorecards.dev

after a whitelist, we could use v4 again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants