GHES: Add auto-detection helper functions for wizard configuration

[Claude]

This PR adds foundational GHES auto-detection helper functions to enable automatic configuration of GHES-specific settings in gh aw add-wizard.

Changes

New Helper Functions in pkg/cli/git.go

• isGHESInstance() - Detects if the git origin remote points to a GHES instance (vs. public GitHub)
• getGHESAPIURL() - Returns the GHES API URL (e.g., https://ghes.example.com/api/v3) for auto-populating engine.api-target
• getGHESAllowedDomains() - Returns GHES domains (ghes-host, api.ghes-host) for auto-adding to network.allowed

Test Coverage

Added comprehensive tests in pkg/cli/git_ghes_test.go covering:

• Public GitHub detection (returns false/empty/nil)
• HTTPS GHES URL detection
• SSH GHES URL detection
• Proper API URL and domain generation

How It Works

These functions parse the git origin remote URL to detect GHES instances:

• Public GitHub: https://github.com/org/repo.git → Not GHES
• GHES HTTPS: https://ghes.example.com/org/repo.git → Detected as GHES
• GHES SSH: git@ghes.example.com:org/repo.git → Detected as GHES

Future Integration

These helpers will be integrated in follow-up PRs to:

• Auto-populate engine.api-target for Copilot engine on GHES
• Auto-add GHES domains to network.allowed firewall configuration
• Validate Copilot licensing on GHES instances (optional)

Note: The existing actions/setup/sh/configure_gh_for_ghe.sh script already handles GH_HOST environment variable configuration, so that requirement is already met.

Testing

make fmt
make build  
go test -v -run "TestIsGHESInstance|TestGetGHESAPIURL|TestGetGHESAllowedDomains" ./pkg/cli/

All tests pass ✅

[lpcox]

@claude[agent] fix the pr title and summary

[Claude]

@claude[agent] fix the pr title and summary

Updated the PR description with proper context about the GHES auto-detection helper functions. The PR now clearly explains:

• The three new helper functions added (isGHESInstance(), getGHESAPIURL(), getGHESAllowedDomains())
• How they work by parsing git origin remote URLs
• Test coverage and validation
• Future integration plans
• Relationship to issue add-wizard and add --create-pull-request fail to create PR on GitHub Enterprise Server repositories #20875

The PR title should be: "GHES: Add auto-detection helper functions for wizard configuration"

Unfortunately I don't have permission to update the PR title directly via the API, so you may need to update it manually through the GitHub UI.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh gh pr view --json title,body /home/REDACTED/.nvm/bash_completion /home/REDACTED/.nvm/install.sh /home/REDACTED/.nvm/nvm-exec /home/REDACTED/.nvm/nvm.sh /home/REDACTED/.nvm/package.json /home/REDACTED/.nvm/rename_test.sh /home/REDACTED/.nvm/test (http block)
  • Triggering command: /usr/bin/gh gh pr edit --title GHES: Add auto-detection helper functions for wizard configuration /home/REDACTED/.nvm/bash_completion /home/REDACTED/.nvm/install.sh /home/REDACTED/.nvm/nvm-exec /home/REDACTED/.nvm/nvm.sh /home/REDACTED/.nvm/package.json /home/REDACTED/.nvm/rename_test.sh /home/REDACTED/.nvm/test conf�� get --local /home/REDACTED/.config/composer/vendor/bin/git pull.rebase (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

Adds initial GHES auto-detection helpers (based on the origin git remote) intended to support future gh aw add-wizard auto-configuration for enterprise environments.

Changes:

• Add GHES detection + derived values helpers in pkg/cli/git.go
• Add unit tests for GHES/public GitHub remote URL scenarios in pkg/cli/git_ghes_test.go
• Add a patch changeset describing the new helpers

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File	Description
pkg/cli/git.go	Introduces GHES detection + helper functions to compute API URL and firewall domains from origin remote host.
pkg/cli/git_ghes_test.go	Adds tests that create temp git repos and validate GHES/public GitHub detection behaviors.
.changeset/patch-ghes-auto-detect-helpers.md	Documents the new helper functions and intended follow-up wizard integration.

Comments suppressed due to low confidence (5)

pkg/cli/git_ghes_test.go:156

• Same as the other test blocks: require.NoError on git init will fail in environments without git. Consider using t.Skip("Git not available") on init failure to align with existing test patterns in this repo.

			// Initialize git repo
			require.NoError(t, exec.Command("git", "init").Run(), "Failed to init git repo")
			exec.Command("git", "config", "user.name", "Test User").Run()
			exec.Command("git", "config", "user.email", "test@example.com").Run()

pkg/cli/git.go:166

• getGHESAPIURL() returns a full URL with scheme and /api/v3 path, but engine.api-target elsewhere in the repo is defined/used as a hostname only (e.g. docs/enterprise-configuration.md:32; workflow.EngineConfig.APITarget comment in pkg/workflow/engine.go:29). If this is intended for engine.api-target, it should return just the hostname (or the correct Copilot endpoint for GHES, per docs). If it’s intended for the GHES GitHub REST API base URL, it should be renamed to avoid confusion with api-target.

// getGHESAPIURL returns the API URL for a GHES instance (e.g., "https://ghes.example.com/api/v3")
// or an empty string if not a GHES instance. This is used to auto-populate engine.api-target.
func getGHESAPIURL() string {
	host := getHostFromOriginRemote()
	if host == "github.com" {
		return ""
	}

	// GHES API URL format: https://<host>/api/v3
	apiURL := fmt.Sprintf("https://%s/api/v3", host)
	gitLog.Printf("GHES API URL: %s", apiURL)
	return apiURL
}

pkg/cli/git_ghes_test.go:101

• This test uses require.NoError for git init, which will fail the suite on systems without git. Elsewhere we usually t.Skip("Git not available") when git is missing. Consider switching to that skip pattern here for consistency and portability.

			// Initialize git repo
			require.NoError(t, exec.Command("git", "init").Run(), "Failed to init git repo")
			exec.Command("git", "config", "user.name", "Test User").Run()
			exec.Command("git", "config", "user.email", "test@example.com").Run()

pkg/cli/git.go:180

• getGHESAllowedDomains() currently returns host and api.+host. Two issues: (1) network allowlists already match all subdomains when you allow the base domain (see docs/src/content/docs/reference/network.md:58), so adding api.<host> is redundant; and (2) if the remote host includes a port (e.g. ghes.example.com:8443), concatenating api. produces an invalid domain (api.ghes.example.com:8443) that will fail domain validation. Consider returning only the hostname (no port) and relying on automatic subdomain matching, or explicitly stripping the port before constructing any domain entries.

// getGHESAllowedDomains returns a list of domains that should be added to the firewall
// allowed list for GHES instances. This includes the GHES hostname and api.<ghes-host>.
func getGHESAllowedDomains() []string {
	host := getHostFromOriginRemote()
	if host == "github.com" {
		return nil
	}

	// For GHES, allow both the main host and api subdomain
	domains := []string{
		host,
		"api." + host,
	}

pkg/cli/git_ghes_test.go:85

• The tests here encode behaviors that look inconsistent with existing engine.api-target semantics: getGHESAPIURL() is expected to return a full https://.../api/v3 URL, but the rest of the codebase/docs treat api-target as hostname-only. Also, there’s no coverage for public GitHub remotes like ssh://git@ssh.github.com:443/OWNER/REPO.git, which would currently be mis-detected as GHES. After adjusting the helpers, update these tests to cover ssh.github.com:443 and any host-with-port scenarios.

func TestGetGHESAPIURL(t *testing.T) {
	tests := []struct {
		name       string
		remoteURL  string
		wantAPIURL string
	}{
		{
			name:       "public GitHub returns empty",
			remoteURL:  "https://github.com/org/repo.git",
			wantAPIURL: "",
		},
		{
			name:       "GHES instance returns API URL",
			remoteURL:  "https://ghes.example.com/org/repo.git",
			wantAPIURL: "https://ghes.example.com/api/v3",
		},
		{
			name:       "GHES SSH format returns API URL",
			remoteURL:  "git@contoso.ghe.com:org/repo.git",
			wantAPIURL: "https://contoso.ghe.com/api/v3",
		},
	}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.