diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index ae96c184f9..ef5259062e 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -1500,7 +1500,7 @@ jobs: run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" - sudo -E awf --enable-chroot --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains '*.githubusercontent.com,api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.githubassets.com,go.dev,golang.org,goproxy.io,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,mcp.tavily.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pkg.go.dev,playwright.download.prss.microsoft.com,ppa.launchpad.net,proxy.golang.org,raw.githubusercontent.com,s.symcb.com,s.symcd.com,security.ubuntu.com,sum.golang.org,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com' --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.13.4 --skip-pull --agent-image act \ + sudo -E awf --enable-chroot --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains '*.githubusercontent.com,172.30.0.1,api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.githubassets.com,go.dev,golang.org,goproxy.io,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,mcp.tavily.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,pkg.go.dev,playwright.download.prss.microsoft.com,ppa.launchpad.net,proxy.golang.org,raw.githubusercontent.com,s.symcb.com,s.symcd.com,security.ubuntu.com,sum.golang.org,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com' --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.13.4 --skip-pull --agent-image act \ -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH" && INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" && codex ${GH_AW_MODEL_AGENT_CODEX:+-c model="$GH_AW_MODEL_AGENT_CODEX" }exec --dangerously-bypass-approvals-and-sandbox --skip-git-repo-check "$INSTRUCTION"' \ 2>&1 | tee /tmp/gh-aw/agent-stdio.log env: @@ -1552,7 +1552,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} - GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" + GH_AW_ALLOWED_DOMAINS: "*.githubusercontent.com,172.30.0.1,api.openai.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,cdn.playwright.dev,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,openai.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,playwright.download.prss.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com" GITHUB_SERVER_URL: ${{ github.server_url }} GITHUB_API_URL: ${{ github.api_url }} with: diff --git a/pkg/workflow/domains.go b/pkg/workflow/domains.go index 12d5e1009c..0d942d6284 100644 --- a/pkg/workflow/domains.go +++ b/pkg/workflow/domains.go @@ -34,6 +34,7 @@ var CopilotDefaultDomains = []string{ // CodexDefaultDomains are the minimal default domains required for Codex CLI operation var CodexDefaultDomains = []string{ + "172.30.0.1", // AWF gateway IP - Codex resolves host.docker.internal to this IP for Rust DNS compatibility "api.openai.com", "host.docker.internal", "openai.com", diff --git a/pkg/workflow/domains_test.go b/pkg/workflow/domains_test.go index e8f6b31927..b55a99d450 100644 --- a/pkg/workflow/domains_test.go +++ b/pkg/workflow/domains_test.go @@ -259,6 +259,7 @@ func TestCopilotDefaultDomains(t *testing.T) { func TestCodexDefaultDomains(t *testing.T) { // Verify that expected Codex domains are present expectedDomains := []string{ + "172.30.0.1", // AWF gateway IP - Codex resolves host.docker.internal to this IP "api.openai.com", "host.docker.internal", "openai.com", @@ -286,8 +287,8 @@ func TestGetCodexAllowedDomains(t *testing.T) { t.Run("nil network permissions returns only defaults", func(t *testing.T) { result := GetCodexAllowedDomains(nil) // Should contain default Codex domains, sorted - if result != "api.openai.com,host.docker.internal,openai.com" { - t.Errorf("Expected 'api.openai.com,host.docker.internal,openai.com', got %q", result) + if result != "172.30.0.1,api.openai.com,host.docker.internal,openai.com" { + t.Errorf("Expected '172.30.0.1,api.openai.com,host.docker.internal,openai.com', got %q", result) } }) @@ -297,8 +298,8 @@ func TestGetCodexAllowedDomains(t *testing.T) { } result := GetCodexAllowedDomains(network) // Should contain both default Codex domains and user-specified domain - if result != "api.openai.com,example.com,host.docker.internal,openai.com" { - t.Errorf("Expected 'api.openai.com,example.com,host.docker.internal,openai.com', got %q", result) + if result != "172.30.0.1,api.openai.com,example.com,host.docker.internal,openai.com" { + t.Errorf("Expected '172.30.0.1,api.openai.com,example.com,host.docker.internal,openai.com', got %q", result) } }) @@ -308,8 +309,8 @@ func TestGetCodexAllowedDomains(t *testing.T) { } result := GetCodexAllowedDomains(network) // api.openai.com should not appear twice - if result != "api.openai.com,example.com,host.docker.internal,openai.com" { - t.Errorf("Expected 'api.openai.com,example.com,host.docker.internal,openai.com', got %q", result) + if result != "172.30.0.1,api.openai.com,example.com,host.docker.internal,openai.com" { + t.Errorf("Expected '172.30.0.1,api.openai.com,example.com,host.docker.internal,openai.com', got %q", result) } }) @@ -319,8 +320,8 @@ func TestGetCodexAllowedDomains(t *testing.T) { } result := GetCodexAllowedDomains(network) // Empty allowed list should still return Codex defaults - if result != "api.openai.com,host.docker.internal,openai.com" { - t.Errorf("Expected 'api.openai.com,host.docker.internal,openai.com', got %q", result) + if result != "172.30.0.1,api.openai.com,host.docker.internal,openai.com" { + t.Errorf("Expected '172.30.0.1,api.openai.com,host.docker.internal,openai.com', got %q", result) } }) }