ARC failing to retrieve token with GHE.com domain

[mthemis-provenir]

Checks

• I've already read https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors and I'm sure my issue is not covered in the troubleshooting guide.
• I am using charts that are officially provided

Controller Version

0.10.1

Deployment Method

ArgoCD

Checks

• This isn't a question or user support case (For Q&A and community support, go to Discussions).
• I've read the Changelog before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes

To Reproduce

1. Create an org with the data residency product (EU in this case)
2. Deploy gha-runner-scale-set-controller
3. Deploy gha-runner-scale-set
4. Set the `githubConfigUrl` to `https://mycompany.ghe.com/myorg`

Describe the bug

ARC fails to get the actions tenant and JWT with an error message of Must use a ghe.com URL, despite using a ghe.com address. See logs for more information. We are using an organisation-scoped GitHub App to authenticate.

Describe the expected behavior

ARC successfully creates a new scale set such that the listener is launched.

Additional Context

Using default `values.yaml`

Controller Logs

https://gist.github.com/mthemis-provenir/8922cb857b493dca0c0e16540e530bd5

Runner Pod Logs

N/A - it doesn't get this far

[github-actions]

Hello! Thank you for filing an issue.

The maintainers will triage your issue shortly.

In the meantime, please take a look at the troubleshooting guide for bug reports.

If this is a feature request, please review our contribution guidelines.

[mthemis-provenir]

I have reproduced this using the API manually; the steps are as follows:

• Generate JWT token with the app_id and pem - used the bash script here
• Retrieve an access token thusly:

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer xxx" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.{company}.ghe.com/app/installations/{installation_id}/access_tokens \
  -d '{"repositories":["test"],"permissions":{"metadata":"read"}}'

• Use that token in the call to register a runner:

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: RemoteAuth xxx" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.{company}.ghe.com/actions/runner-registration \
  -d '{"url": "https://{company}.ghe.com/{org}", "runner_event": "register"}'

This will respond with:

{
  "message": "Must use a ghe.com URL",
  "documentation_url": "https://docs.github.com/rest",
  "status": "422"
}

These are the exact steps the code takes to make the runner registration call. As to what the correct URL is, that's anyone's guess at this stage. Haven't figured that out yet...

[nikola-jokic]

Hey @mthemis-provenir,

Just wanted to let you know that we are working on the fix. Thank you for reporting this issue!