Error: check runtime error: CI-Tests: internal error: internal error: Client.Repositories.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 502 Bad Gateway body for GitHub repoΒ #4760
Description
Describe the bug
Recently, we've started to notice 502s in our ossf run:
Error: check runtime error: CI-Tests: internal error: internal error: Client.Repositories.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 502 Bad Gateway body: "<html>\r\n<head><title>502 Bad Gateway</title></head>\r\n<body>\r\n<center><h1>502 Bad Gateway</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
2025/08/20 09:19:58 error during command execution: check runtime error: CI-Tests: internal error: internal error: Client.Repositories.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 502 Bad Gateway body: "<html>\r\n<head><title>502 Bad Gateway</title></head>\r\n<body>\r\n<center><h1>502 Bad Gateway</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
Reproduction steps
Steps to reproduce the behavior:
- Run openssf for a GitHub repo.
- Observe failures referencing
Client.Repositories.ListCheckRunsForRefand502 Bad Gateway
Expected behavior
No error.
Additional context
Previously this hasn't been happening. We're using gcr.io/openssf/scorecard:stable image.
| 10 / 10 | Token-Permissions | GitHub workflow tokens follow | Info: jobLevel 'contents' | https://github.com/ossf/scorecard/blob/40bbc9c958aa66327fb026b2136f1951298ca0f8/docs/checks.md#token-permissions |
| | | principle of least privilege | permission set to 'read': | |
| | | | .github/workflows/__build-workflow.yaml:138 | |
| | | | Info: jobLevel 'actions' | |
| | | | permission set to 'read': | |
| | | | .github/workflows/__build-workflow.yaml:139 | |
| | | | Info: jobLevel 'contents' | |
| | | | permission set to 'read': | |
| | | | .github/workflows/__build-workflow.yaml:308 | |
| | | | Info: jobLevel 'actions' | |
| | | | permission set to 'read': | |
| | | | .github/workflows/__build-workflow.yaml:309 | |
| | | | Warn: jobLevel 'contents' | |
| | | | permission set to 'write': | |
| | | | .github/workflows/__release-workflow.yaml:257 | |
| | | | Info: jobLevel 'actions' | |
| | | | permission set to 'read': | |
| | | | .github/workflows/__release-workflow.yaml:116 | |
| | | | Info: jobLevel 'contents' | |
| | | | permission set to 'read': | |
| | | | .github/workflows/__release-workflow.yaml:117 | |
| | | | Warn: jobLevel 'contents' permission set to | |
| | | | 'write': .github/workflows/backport.yaml:17 | |
| | | | Warn: jobLevel 'contents' permission set to | |
| | | | 'write': .github/workflows/charts-sync.yaml:26 | |
| | | | Info: jobLevel 'actions' permission set to | |
| | | | 'read': .github/workflows/codeql.yaml:45 Info: | |
| | | | jobLevel 'contents' permission set to 'read': | |
| | | | .github/workflows/codeql.yaml:46 Warn: jobLevel | |
| | | | 'security-events' permission set to 'write': | |
| | | | .github/workflows/govulncheck-cron.yaml:29 | |
| | | | Info: jobLevel 'contents' | |
| | | | permission set to 'read': | |
| | | | .github/workflows/govulncheck-cron.yaml:30 | |
| | | | Warn: jobLevel 'security-events' | |
| | | | permission set to 'write': | |
| | | | .github/workflows/govulncheck.yaml:34 Info: | |
| | | | jobLevel 'contents' permission set to 'read': | |
| | | | .github/workflows/govulncheck.yaml:35 Warn: | |
| | | | jobLevel 'contents' permission set to 'write': | |
| | | | .github/workflows/release-bot.yaml:97 Warn: | |
| | | | jobLevel 'contents' permission set to 'write': | |
| | | | .github/workflows/release-bot.yaml:127 Warn: | |
| | | | jobLevel 'contents' permission set to 'write': | |
| | | | .github/workflows/release-bot.yaml:154 | |
| | | | Warn: jobLevel 'contents' permission set to | |
| | | | 'write': .github/workflows/release.yaml:29 | |
| | | | Info: jobLevel 'actions' permission set to | |
| | | | 'read': .github/workflows/release.yaml:30 Info: | |
| | | | topLevel 'contents' permission set to 'read': | |
| | | | .github/workflows/__build-workflow.yaml:87 | |
| | | | Info: topLevel 'actions' | |
| | | | permission set to 'read': | |
| | | | .github/workflows/__build-workflow.yaml:88 | |
| | | | Info: topLevel 'contents' | |
| | | | permission set to 'read': | |
| | | | .github/workflows/__govulncheck.yaml:12 Info: | |
| | | | topLevel 'contents' permission set to 'read': | |
| | | | .github/workflows/__release-workflow.yaml:74 | |
| | | | Info: topLevel 'contents' | |
| | | | permission set to 'read': | |
| | | | .github/workflows/_kongintegration_tests.yaml:7 | |
| | | | Info: topLevel 'contents' permission set to | |
| | | | 'read': .github/workflows/backport.yaml:9 | |
| | | | Info: topLevel 'contents' permission set | |
| | | | to 'read': .github/workflows/build.yaml:23 | |
| | | | Info: topLevel 'actions' permission set | |
| | | | to 'read': .github/workflows/build.yaml:24 | |
| | | | Info: topLevel 'contents' permission set to | |
| | | | 'read': .github/workflows/charts-sync.yaml:20 | |
| | | | Info: topLevel 'contents' permission set to | |
| | | | 'read': .github/workflows/charts-tests.yaml:27 | |
| | | | Info: topLevel 'contents' permission set to | |
| | | | 'read': .github/workflows/codeql.yaml:37 Info: | |
| | | | topLevel 'contents' permission set to 'read': | |
| | | | .github/workflows/govulncheck-cron.yaml:15 | |
| | | | Info: topLevel 'contents' permission set to | |
| | | | 'read': .github/workflows/govulncheck.yaml:26 | |
| | | | Info: topLevel 'contents' permission set | |
| | | | to 'read': .github/workflows/nightly.yaml:9 | |
| | | | Info: topLevel 'actions' permission set to | |
| | | | 'read': .github/workflows/nightly.yaml:10 | |
| | | | Info: topLevel 'contents' permission set to | |
| | | | 'read': .github/workflows/release-bot.yaml:13 | |
| | | | Info: topLevel 'contents' permission set to | |
| | | | 'read': .github/workflows/release.yaml:24 | |
Error: check runtime error: CI-Tests: internal error: internal error: Client.Repositories.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 502 Bad Gateway body: "<html>\r\n<head><title>502 Bad Gateway</title></head>\r\n<body>\r\n<center><h1>502 Bad Gateway</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
2025/08/20 09:19:58 error during command execution: check runtime error: CI-Tests: internal error: internal error: Client.Repositories.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 502 Bad Gateway body: "<html>\r\n<head><title>502 Bad Gateway</title></head>\r\n<body>\r\n<center><h1>502 Bad Gateway</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
| | | | Info: topLevel permissions set to 'read-all': | |
| | | | .github/workflows/scorecard.yml:19 Info: | |
| | | | topLevel 'issues' permission set to 'read': | |
| | | | .github/workflows/stale-issues.yaml:9 Info: | |
| | | | topLevel 'contents' permission set to 'read': | |
| | | | .github/workflows/tests.yaml:30 | |
|---------|---------------------|--------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------|