Skip to content

fix: pass GITHUB_SERVER_URL to DIFC proxy container for GHEC support #23308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pelikhan merged 2 commits into from
Mar 28, 2026
Merged

fix: pass GITHUB_SERVER_URL to DIFC proxy container for GHEC support #23308

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dbf758f
Initial plan
Copilot Mar 28, 2026
cf58e1b
fix: pass GITHUB_SERVER_URL to DIFC proxy container for GHEC support
Copilot Mar 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/daily-issues-report.lock.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/issue-arborist.lock.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/stale-repo-identifier.lock.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/weekly-blog-post-writer.lock.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions actions/setup/sh/start_difc_proxy.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
#
# Environment:
# GH_TOKEN - GitHub token passed to the proxy container
# GITHUB_SERVER_URL - GitHub server URL for upstream routing (e.g. https://github.com or https://TENANT.ghe.com)
# GITHUB_REPOSITORY - Repository name (owner/repo) for git remote
# GITHUB_ENV - Path to GitHub Actions environment file

Expand Down Expand Up @@ -36,6 +37,7 @@ echo "Starting DIFC proxy container: $CONTAINER_IMAGE"

docker run -d --name awmg-proxy --network host \
-e GH_TOKEN \
-e GITHUB_SERVER_URL \
-e DEBUG='*' \
Comment on lines 38 to 41
Copy link

Copilot AI Mar 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

docker run -e GITHUB_SERVER_URL will pass an empty value into the container when the host env var is unset (Docker treats -e VAR as VAR= if not defined). If this script is ever run outside the generated Actions step (or if GITHUB_SERVER_URL is missing), consider defaulting it to https://github.com or only including the -e flag when non-empty to avoid an explicit empty value affecting proxy routing.

Copilot uses AI. Check for mistakes.
-v "$PROXY_LOG_DIR:$PROXY_LOG_DIR" \
-v "$MCP_LOG_DIR:$MCP_LOG_DIR" \
Expand Down
1 change: 1 addition & 0 deletions pkg/workflow/compiler_difc_proxy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,7 @@ func (c *Compiler) buildStartDIFCProxyStepYAML(data *WorkflowData) string {
sb.WriteString(" - name: Start DIFC proxy for pre-agent gh calls\n")
sb.WriteString(" env:\n")
fmt.Fprintf(&sb, " GH_TOKEN: %s\n", effectiveToken)
sb.WriteString(" GITHUB_SERVER_URL: ${{ github.server_url }}\n")
sb.WriteString(" run: |\n")
// The policy JSON contains only static values from the workflow frontmatter
// (min-integrity and repos). It never contains GitHub Actions expressions (${{ }})
Expand Down
1 change: 1 addition & 0 deletions pkg/workflow/compiler_difc_proxy_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -299,6 +299,7 @@ func TestGenerateStartDIFCProxyStep(t *testing.T) {
require.NotEmpty(t, result, "should generate proxy start step")
assert.Contains(t, result, "Start DIFC proxy for pre-agent gh calls", "step name should be present")
assert.Contains(t, result, "GH_TOKEN:", "step should include GH_TOKEN env var")
assert.Contains(t, result, "GITHUB_SERVER_URL:", "step should include GITHUB_SERVER_URL env var")
Copy link

Copilot AI Mar 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new assertion only checks for the key name GITHUB_SERVER_URL:. Since the intended behavior is specifically to propagate ${{ github.server_url }}, consider asserting on the full expected line to catch regressions where the env var is present but set incorrectly.

Suggested change
assert.Contains(t, result, "GITHUB_SERVER_URL:", "step should include GITHUB_SERVER_URL env var")
assert.Contains(t, result, "GITHUB_SERVER_URL: ${{ github.server_url }}", "step should propagate github.server_url env var")

Copilot uses AI. Check for mistakes.
assert.Contains(t, result, "start_difc_proxy.sh", "step should call the proxy script")
assert.Contains(t, result, `"allow-only"`, "step should include guard policy JSON")
assert.Contains(t, result, `"min-integrity":"approved"`, "step should include min-integrity in policy")
Expand Down
Loading