diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index 0f2dbbede30..8ad318cf177 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -637,7 +637,9 @@ jobs: ], "entrypointArgs": [ "--output-dir", - "/tmp/gh-aw/mcp-logs/playwright" + "/tmp/gh-aw/mcp-logs/playwright", + "--browser-arg", + "--no-sandbox" ], "mounts": ["/tmp/gh-aw/mcp-logs:/tmp/gh-aw/mcp-logs:rw"] }, diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index ccddf2a2512..9ec4e511b51 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -875,7 +875,9 @@ jobs: ], "entrypointArgs": [ "--output-dir", - "/tmp/gh-aw/mcp-logs/playwright" + "/tmp/gh-aw/mcp-logs/playwright", + "--browser-arg", + "--no-sandbox" ], "mounts": ["/tmp/gh-aw/mcp-logs:/tmp/gh-aw/mcp-logs:rw"] }, diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index e26509a833f..609e470da0f 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -701,7 +701,9 @@ jobs: ], "entrypointArgs": [ "--output-dir", - "/tmp/gh-aw/mcp-logs/playwright" + "/tmp/gh-aw/mcp-logs/playwright", + "--browser-arg", + "--no-sandbox" ], "mounts": ["/tmp/gh-aw/mcp-logs:/tmp/gh-aw/mcp-logs:rw"] }, diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index f4f1bcd8e38..5c309c33dec 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -653,7 +653,7 @@ jobs: "type": "stdio", "container": "mcr.microsoft.com/playwright/mcp", "args": ["--init", "--network", "host", "--security-opt", "seccomp=unconfined", "--ipc=host"], - "entrypointArgs": ["--output-dir", "/tmp/gh-aw/mcp-logs/playwright"], + "entrypointArgs": ["--output-dir", "/tmp/gh-aw/mcp-logs/playwright", "--browser-arg", "--no-sandbox"], "mounts": ["/tmp/gh-aw/mcp-logs:/tmp/gh-aw/mcp-logs:rw"] }, "safeoutputs": { diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index 721d318b4dc..8dff7e98a09 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -685,7 +685,7 @@ jobs: "type": "stdio", "container": "mcr.microsoft.com/playwright/mcp", "args": ["--init", "--network", "host", "--security-opt", "seccomp=unconfined", "--ipc=host"], - "entrypointArgs": ["--output-dir", "/tmp/gh-aw/mcp-logs/playwright"], + "entrypointArgs": ["--output-dir", "/tmp/gh-aw/mcp-logs/playwright", "--browser-arg", "--no-sandbox"], "mounts": ["/tmp/gh-aw/mcp-logs:/tmp/gh-aw/mcp-logs:rw"] }, "safeoutputs": { diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 95c1a9e3c01..4380adf818e 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -2099,7 +2099,9 @@ jobs: ], "entrypointArgs": [ "--output-dir", - "/tmp/gh-aw/mcp-logs/playwright" + "/tmp/gh-aw/mcp-logs/playwright", + "--browser-arg", + "--no-sandbox" ], "mounts": ["/tmp/gh-aw/mcp-logs:/tmp/gh-aw/mcp-logs:rw"] }, diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 88d322a1ef7..4f77b05a37c 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -1118,7 +1118,9 @@ jobs: ], "entrypointArgs": [ "--output-dir", - "/tmp/gh-aw/mcp-logs/playwright" + "/tmp/gh-aw/mcp-logs/playwright", + "--browser-arg", + "--no-sandbox" ], "mounts": ["/tmp/gh-aw/mcp-logs:/tmp/gh-aw/mcp-logs:rw"] }, diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index 5ac4e2faddf..9f2409b8aa2 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -1620,7 +1620,7 @@ jobs: "type": "stdio", "container": "mcr.microsoft.com/playwright/mcp", "args": ["--init", "--network", "host", "--security-opt", "seccomp=unconfined", "--ipc=host"], - "entrypointArgs": ["--output-dir", "/tmp/gh-aw/mcp-logs/playwright"], + "entrypointArgs": ["--output-dir", "/tmp/gh-aw/mcp-logs/playwright", "--browser-arg", "--no-sandbox"], "mounts": ["/tmp/gh-aw/mcp-logs:/tmp/gh-aw/mcp-logs:rw"] }, "safeinputs": { diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index f65d4b342d2..66b47f26213 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -1622,7 +1622,7 @@ jobs: "type": "stdio", "container": "mcr.microsoft.com/playwright/mcp", "args": ["--init", "--network", "host", "--security-opt", "seccomp=unconfined", "--ipc=host"], - "entrypointArgs": ["--output-dir", "/tmp/gh-aw/mcp-logs/playwright"], + "entrypointArgs": ["--output-dir", "/tmp/gh-aw/mcp-logs/playwright", "--browser-arg", "--no-sandbox"], "mounts": ["/tmp/gh-aw/mcp-logs:/tmp/gh-aw/mcp-logs:rw"] }, "safeinputs": { diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index a86eb254342..35071046b0d 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -792,6 +792,8 @@ jobs: "entrypointArgs": [ "--output-dir", "/tmp/gh-aw/mcp-logs/playwright", + "--browser-arg", + "--no-sandbox", "--viewport-size", "1920x1080" ], diff --git a/.github/workflows/weekly-editors-health-check.lock.yml b/.github/workflows/weekly-editors-health-check.lock.yml index 4ae90d21099..12cc2b35198 100644 --- a/.github/workflows/weekly-editors-health-check.lock.yml +++ b/.github/workflows/weekly-editors-health-check.lock.yml @@ -669,7 +669,7 @@ jobs: "type": "stdio", "container": "mcr.microsoft.com/playwright/mcp", "args": ["--init", "--network", "host", "--security-opt", "seccomp=unconfined", "--ipc=host"], - "entrypointArgs": ["--output-dir", "/tmp/gh-aw/mcp-logs/playwright"], + "entrypointArgs": ["--output-dir", "/tmp/gh-aw/mcp-logs/playwright", "--browser-arg", "--no-sandbox"], "mounts": ["/tmp/gh-aw/mcp-logs:/tmp/gh-aw/mcp-logs:rw"] }, "safeoutputs": { diff --git a/pkg/workflow/mcp_config_playwright_renderer.go b/pkg/workflow/mcp_config_playwright_renderer.go index 294fdbb245a..9c26ed758be 100644 --- a/pkg/workflow/mcp_config_playwright_renderer.go +++ b/pkg/workflow/mcp_config_playwright_renderer.go @@ -128,7 +128,10 @@ func renderPlaywrightMCPConfigWithOptions(yaml *strings.Builder, playwrightConfi } // Build entrypoint args for Playwright MCP server (goes after container image) - entrypointArgs := []string{"--output-dir", "/tmp/gh-aw/mcp-logs/playwright"} + // --browser-arg --no-sandbox: Disables Chromium's process sandbox, which otherwise + // creates a network namespace for renderer processes that cannot reach localhost. + // This is required for screenshot workflows that serve docs on localhost. + entrypointArgs := []string{"--output-dir", "/tmp/gh-aw/mcp-logs/playwright", "--browser-arg", "--no-sandbox"} // Append custom args if present if len(customArgs) > 0 { entrypointArgs = append(entrypointArgs, customArgs...)