diff --git a/actions/setup/js/mount_mcp_as_cli.cjs b/actions/setup/js/mount_mcp_as_cli.cjs index 7cf10b308f5..33d5c626f6c 100644 --- a/actions/setup/js/mount_mcp_as_cli.cjs +++ b/actions/setup/js/mount_mcp_as_cli.cjs @@ -66,9 +66,9 @@ function shellEscapeDoubleQuoted(str) { /** * Rewrite a raw gateway manifest URL to use the container-accessible domain. * - * The manifest stores raw gateway-output URLs (e.g., http://0.0.0.0:80/mcp/server) + * The manifest stores raw gateway-output URLs (e.g., http://0.0.0.0:8080/mcp/server) * that work from the host. Inside the AWF sandbox the gateway is reachable via - * MCP_GATEWAY_DOMAIN:MCP_GATEWAY_PORT (typically host.docker.internal:80). + * MCP_GATEWAY_DOMAIN:MCP_GATEWAY_PORT (typically host.docker.internal:8080). * * @param {string} rawUrl - URL from the manifest (host-accessible) * @returns {string} URL suitable for use inside AWF containers @@ -338,7 +338,7 @@ async function main() { skippedServers.push(name); continue; } - // The manifest URL is the host-accessible raw gateway address (e.g., http://0.0.0.0:80/mcp/server). + // The manifest URL is the host-accessible raw gateway address (e.g., http://0.0.0.0:8080/mcp/server). // Rewrite it to the container-accessible URL for the generated CLI wrapper scripts, // which run inside the AWF sandbox where the gateway is reached via MCP_GATEWAY_DOMAIN. const containerUrl = toContainerUrl(url); diff --git a/pkg/constants/README.md b/pkg/constants/README.md index ccf4da2c51e..4082a969552 100644 --- a/pkg/constants/README.md +++ b/pkg/constants/README.md @@ -395,7 +395,7 @@ constants.DefaultAllowedDomains // []string{"localhost","localhost:*","127.0.0 ## Network Port Constants ```go -constants.DefaultMCPGatewayPort // 80 — MCP gateway HTTP service +constants.DefaultMCPGatewayPort // 8080 — MCP gateway HTTP service constants.DefaultMCPServerPort // 3000 — mcp-scripts MCP server constants.DefaultMCPInspectorPort // 3001 — safe-outputs MCP inspector constants.MinNetworkPort // 1 diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index f762d5c2a7d..7e0e9098350 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -75,7 +75,7 @@ const ExpressionBreakThreshold LineLength = 100 const ( // DefaultMCPGatewayPort is the default port for the MCP gateway HTTP service - DefaultMCPGatewayPort = 80 + DefaultMCPGatewayPort = 8080 // DefaultMCPServerPort is the default port for MCP servers (mcp-scripts server) DefaultMCPServerPort = 3000 diff --git a/pkg/constants/spec_test.go b/pkg/constants/spec_test.go index 20e1a0b743b..22529cfacd6 100644 --- a/pkg/constants/spec_test.go +++ b/pkg/constants/spec_test.go @@ -210,8 +210,8 @@ func TestSpec_NetworkPorts_Values(t *testing.T) { actual int expected int }{ - // From spec: DefaultMCPGatewayPort // 80 - {name: "DefaultMCPGatewayPort", actual: constants.DefaultMCPGatewayPort, expected: 80}, + // From spec: DefaultMCPGatewayPort // 8080 + {name: "DefaultMCPGatewayPort", actual: constants.DefaultMCPGatewayPort, expected: 8080}, // From spec: DefaultMCPServerPort // 3000 {name: "DefaultMCPServerPort", actual: constants.DefaultMCPServerPort, expected: 3000}, // From spec: DefaultMCPInspectorPort // 3001 diff --git a/pkg/workflow/mcp_gateway_config.go b/pkg/workflow/mcp_gateway_config.go index df7ad4771e9..f191b24a6a1 100644 --- a/pkg/workflow/mcp_gateway_config.go +++ b/pkg/workflow/mcp_gateway_config.go @@ -14,7 +14,7 @@ // // The gateway configuration includes: // - Container image and version (defaults to github/gh-aw-mcpg) -// - Network port (default: 80) +// - Network port (default: 8080) // - Domain for gateway access (localhost or host.docker.internal) // - API key for authentication // - Volume mounts for workspace and temporary directories @@ -38,7 +38,7 @@ // mcp: // container: github/gh-aw-mcpg // version: v0.0.12 -// port: 80 +// port: 8080 // domain: host.docker.internal // mounts: // - /opt:/opt:ro diff --git a/pkg/workflow/mcp_gateway_constants.go b/pkg/workflow/mcp_gateway_constants.go index e76b5e45a89..9e3838ca1f1 100644 --- a/pkg/workflow/mcp_gateway_constants.go +++ b/pkg/workflow/mcp_gateway_constants.go @@ -5,7 +5,7 @@ // This file provides access to MCP gateway configuration constants. // // Gateway default values: -// - Port: 80 (HTTP standard port) - defined in pkg/constants +// - Port: 8080 (non-privileged HTTP port) - defined in pkg/constants // // The MCP gateway port is used when: // - No custom port is specified in sandbox.mcp.port @@ -22,7 +22,7 @@ // - constants/constants.go: Defines all MCP-related constants (versions, containers, ports) // // Related constants in pkg/constants: -// - DefaultMCPGatewayPort: Gateway port (80) +// - DefaultMCPGatewayPort: Gateway port (8080) // - DefaultMCPGatewayVersion: Gateway container version // - DefaultMCPGatewayContainer: Gateway container image // - DefaultGitHubMCPServerVersion: GitHub MCP server version diff --git a/pkg/workflow/mcp_setup_generator.go b/pkg/workflow/mcp_setup_generator.go index bff796a51ec..b75eee3b1bd 100644 --- a/pkg/workflow/mcp_setup_generator.go +++ b/pkg/workflow/mcp_setup_generator.go @@ -54,7 +54,7 @@ // - Start safe-outputs HTTP server on port 3001 // - Write mcp-scripts config to ${RUNNER_TEMP}/gh-aw/mcp-scripts/ // - Start mcp-scripts HTTP server on port 3000 -// - Start MCP Gateway on port 80 +// - Start MCP Gateway (default port 8080) // - Render MCP config based on engine (copilot/claude/codex/custom) package workflow @@ -696,6 +696,7 @@ func (c *Compiler) generateMCPSetup(yaml *strings.Builder, tools map[string]any, var containerCmd strings.Builder containerCmd.WriteString("docker run -i --rm --network host") + containerCmd.WriteString(" --add-host host.docker.internal:127.0.0.1") // Use runner UID/GID so gateway-created /tmp logs remain readable by downstream // redaction/upload steps; keep a supplementary docker.sock group for daemon access. containerCmd.WriteString(" --user ${MCP_GATEWAY_UID}:${MCP_GATEWAY_GID}") diff --git a/pkg/workflow/mcp_setup_generator_test.go b/pkg/workflow/mcp_setup_generator_test.go index 9a89ad711fd..bda8e6cc2bd 100644 --- a/pkg/workflow/mcp_setup_generator_test.go +++ b/pkg/workflow/mcp_setup_generator_test.go @@ -510,14 +510,20 @@ tools: userSnippet := `--user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"'` groupAddSnippet := `--group-add '"${DOCKER_SOCK_GID}"'` + addHostSnippet := `--add-host host.docker.internal:127.0.0.1` mountSnippet := `-v /var/run/docker.sock:/var/run/docker.sock` + defaultGatewayPortSnippet := `export MCP_GATEWAY_PORT="8080"` uidComputeSnippet := `MCP_GATEWAY_UID=$(id -u 2>/dev/null || echo '0')` runnerGIDComputeSnippet := `MCP_GATEWAY_GID=$(id -g 2>/dev/null || echo '0')` socketGIDComputeSnippet := `DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0')` + require.Contains(t, yamlStr, defaultGatewayPortSnippet, + "Default MCP gateway port should be exported as 8080") require.Contains(t, yamlStr, uidComputeSnippet, "Shell should compute MCP_GATEWAY_UID before docker command") require.Contains(t, yamlStr, runnerGIDComputeSnippet, "Shell should compute MCP_GATEWAY_GID before docker command") + require.Contains(t, yamlStr, addHostSnippet, + "Docker command should map host.docker.internal to host-gateway") require.Contains(t, yamlStr, userSnippet, "Docker command should include runner UID/GID user mapping") require.Contains(t, yamlStr, socketGIDComputeSnippet, diff --git a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden index 51557316671..7d6fc4a5d72 100644 --- a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden +++ b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden @@ -333,7 +333,7 @@ jobs: mkdir -p "${RUNNER_TEMP}/gh-aw/mcp-config" # Export gateway environment variables for MCP config and gateway script - export MCP_GATEWAY_PORT="80" + export MCP_GATEWAY_PORT="8080" export MCP_GATEWAY_DOMAIN="host.docker.internal" MCP_GATEWAY_API_KEY=$(openssl rand -base64 45 | tr -d '/+=') echo "::add-mask::${MCP_GATEWAY_API_KEY}" @@ -347,7 +347,7 @@ jobs: MCP_GATEWAY_UID=$(id -u 2>/dev/null || echo '0') MCP_GATEWAY_GID=$(id -g 2>/dev/null || echo '0') DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.24' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.24' mkdir -p /home/runner/.copilot GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) diff --git a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden index dc463dae230..25c1af8cbcb 100644 --- a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden +++ b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden @@ -334,7 +334,7 @@ jobs: mkdir -p "${RUNNER_TEMP}/gh-aw/mcp-config" # Export gateway environment variables for MCP config and gateway script - export MCP_GATEWAY_PORT="80" + export MCP_GATEWAY_PORT="8080" export MCP_GATEWAY_DOMAIN="host.docker.internal" MCP_GATEWAY_API_KEY=$(openssl rand -base64 45 | tr -d '/+=') echo "::add-mask::${MCP_GATEWAY_API_KEY}" @@ -348,7 +348,7 @@ jobs: MCP_GATEWAY_UID=$(id -u 2>/dev/null || echo '0') MCP_GATEWAY_GID=$(id -g 2>/dev/null || echo '0') DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.24' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.24' mkdir -p /home/runner/.copilot GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node)