On persistent self-hosted runners, the /tmp/ directory is persistent between runs. Coupled with an error that was returned on the first execution, cimon-action subsequently fails all further runs for two reasons:
First, downloadToFile does not check the HTTP response status code before writing to disk. If the S3 URL returns a non-200 response (e.g. 403 AccessDenied), the error body is written verbatim to /tmp/install.sh.
Second, The cache guard checks only for file existence, not file integrity. On subsequent runs, existsSync('/tmp/install.sh') returns true for the corrupt file and the re-download is permanently skipped.
On persistent self-hosted runners, the
/tmp/directory is persistent between runs. Coupled with an error that was returned on the first execution,cimon-actionsubsequently fails all further runs for two reasons:First,
downloadToFiledoes not check the HTTP response status code before writing to disk. If the S3 URL returns a non-200 response (e.g. 403 AccessDenied), the error body is written verbatim to/tmp/install.sh.Second, The cache guard checks only for file existence, not file integrity. On subsequent runs,
existsSync('/tmp/install.sh')returns true for the corrupt file and the re-download is permanently skipped.