php-github-api icon indicating copy to clipboard operation
php-github-api copied to clipboard
verified publisher icon KnpLabs

Bug Report: downloadLogs() fails with Azure Authentication Error

Open lots0logs opened this issue 2 months ago • 0 comments

Description

The downloadLogs() method in the WorkflowJobs and WorkflowRuns API fails when attempting to download GitHub Actions job logs. Instead of returning the log data, it fails with an Azure Blob Storage authentication error.

Environment

  • Library version: knplabs/github-api 3.16.0
  • PHP version: 8.x
  • HTTP client: Guzzle 7.10.0 (via PSR-18 discovery)

Expected Behavior

Calling downloadLogs() should return the ZIP archive containing the job logs as documented in the library's API.

Actual Behavior

The method throws an exception or returns an XML error response from Azure Blob Storage:

<?xml version="1.0" encoding="utf-8"?>
<Error>
  <Code>AuthenticationFailed</Code>
  <Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.</Message>
</Error>

Root Cause

The GitHub API endpoint /repos/{owner}/{repo}/actions/jobs/{job_id}/logs returns a 302 redirect to an Azure Blob Storage URL with a pre-signed SAS token in the query parameters.

The issue occurs because:

  1. HTTPlug's RedirectPlugin is used by default in the library (added in Client.php)
  2. The RedirectPlugin preserves ALL headers by default (preserve_header: true)
  3. When following the redirect to Azure Blob Storage, the GitHub Authorization header is sent to Azure
  4. Azure Blob Storage doesn't understand GitHub's authentication format and rejects the request
  5. Unlike Guzzle's native RedirectMiddleware (which strips Authorization and Cookie headers on cross-origin redirects), HTTPlug's RedirectPlugin has no such protection

Reproduction Steps

  1. Set up GitHub API client with valid authentication token
  2. Get a valid job ID from a workflow run
  3. Call downloadLogs() on that job ID
  4. Observe the Azure authentication error

References

  • GitHub API docs: https://docs.github.com/en/rest/actions/workflow-jobs#download-job-logs-for-a-workflow-run
  • Guzzle's RedirectMiddleware (strips auth headers): https://github.com/guzzle/guzzle/blob/master/src/RedirectMiddleware.php#L174-L177
  • HTTPlug RedirectPlugin (preserves all headers): https://github.com/php-http/client-common/blob/master/src/Plugin/RedirectPlugin.php

lots0logs avatar Oct 27 '25 19:10 lots0logs