#0.18.5 still works so it is a regression

okay good to know, based on the error message you are hitting this when trying to use a module from a private github repo, right?

we do have integ tests that do exactly that, so not sure what the delta is

based on the connection timed out error I wouldn't be surprised if it had something to do w/ corp networks

Yeah that's my guess too, usually that happens when the proxy blocks something

The config for git is pulled from the host and it works with 0.18.5 so it must be something new 0.18.6 is trying to do

(some breadcrumbs as I look into it)

git-related changes from 18.5->18.6:

• https://github.com/dagger/dagger/pull/10297
• https://github.com/dagger/dagger/pull/10286
• https://github.com/dagger/dagger/pull/10250

None stick out as obvious culprits yet.

Gonna see if I can discern which op specifically would hit that endpoint w/ git-upload-pack set, based on our integ tests that do this

Also, apparently I was wrong and we have integ tests for other git forges w/ private repos, but github specifically is only tested w/ a public repo https://github.com/sipsma/dagger/blob/48a88b9b11cf606920579d885c1c3d1eeafe9aca/core/integration/module_config_test.go#L1136

might not be relevant, just noting

I haven't found anything yet, but my best guess is that somehow or another we are running a git command w/out proxy config set correctly, but it's unclear how that could be

@untold remnant just to do a sanity check, can you confirm that the v0.18.6 engine you were hitting this in has proxy config set as expected? i.e. HTTPS_PROXY.

I'm presuming that is required and is set in your v0.18.5 engine, lemme know if not correct

Yes, Eric, I double checked. This is the snippet I'm running to spin up a local engine in Jenkins. I am passing the proxies.

sh """docker run -d -v \$(pwd)/ficacert/cert.crt:/usr/local/share/ca-certificates/cert.crt \\
                    |-e https_proxy=...\\
                    |-e http_proxy=... \\
                    |-e HTTPS_PROXY=... \\
                    |-e HTTP_PROXY=... \\
                    |--rm --privileged -v /var/lib/dagger \\
                    |--name dagger-engine-v${DAGGER_VERSION} \\
                    |companyregistry.com/dagger/engine:v${DAGGER_VERSION}""".stripMargin().trim()

Thank you! I just wanted to make 100% sure before going down more rabbit holes

fwiw, we have SSO configured with github. However, when I try to hit the https://github.com/myorg/myrepo/info/refs?service=git-upload-pack I get a web form login. Which is weird.

I missed that this PR was in the diff from 18.5->18.6: https://github.com/dagger/dagger/pull/10248/files

It's actually a bit more sus in that there's some stuff w/ custom http clients, wondering if it's missing proxy config or something

I wasn't setting this before but just to test I also set git config --global http.proxy http://proxy:port. Didn't make a difference.

This isn't super urgent btw. Since 0.18.5 works I'm not blocked. We can wait for Justin. I wanted to get ahead of folks that may upgrade to 0.18.6 and hit this error. But I can ask them to stick to 0.18.5.

Okay good to know, I have a reasonably strong suspicion what I mentioned above is the problem. The code is using &http.Transport{}, whereas previously we had been implicitly using http.DefaultTransport, which means that we no longer honor HTTPS_PROXY.

I'll open an issue and Justin can confirm tomorrow

https://github.com/dagger/dagger/issues/10339

Thank you for looking into it Eric!

ahh thanks, yes, the actual issue is that that pr changed a silent warning that happened when failing to fetch the remote, became a real error - we were branching on whether we got an error, and you'd get different behavior. wildly confusing and ephemeral, so it's better to have it be a hard error
but now, we've got a case like this, so yeah, need to handle proxies here 🙂

will fix today ❤️

fix merged in https://github.com/dagger/dagger/pull/10352