Skip to content

[WIP] Fix failing GitHub Actions workflow integration #15418

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pelikhan merged 3 commits into from
Feb 13, 2026
Merged

[WIP] Fix failing GitHub Actions workflow integration #15418

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4b60917
Initial plan
Copilot Feb 13, 2026
a393525
Fix integration tests by adding strict: false to workflows with custo…
Copilot Feb 13, 2026
2e8d4d6
Fix strict mode tests to use ecosystem domains instead of custom domains
Copilot Feb 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions pkg/workflow/allowed_domains_sanitization_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ permissions:
issues: read
pull-requests: read
engine: copilot
strict: false
network:
allowed:
- example.com
Expand Down Expand Up @@ -255,6 +256,7 @@ permissions:
issues: read
pull-requests: read
engine: copilot
strict: false
network:
allowed:
- example.com
Expand Down Expand Up @@ -286,6 +288,7 @@ permissions:
issues: read
pull-requests: read
engine: copilot
strict: false
network:
allowed:
- example.com
Expand Down
1 change: 1 addition & 0 deletions pkg/workflow/docker_predownload_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ Test workflow with custom MCP container.`,
frontmatter: `---
on: issues
engine: claude
strict: false
safe-outputs:
create-issue:
network:
Expand Down
3 changes: 3 additions & 0 deletions pkg/workflow/domains_protocol_integration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ on: push
permissions:
contents: read
engine: copilot
strict: false
network:
allowed:
- https://secure.example.com
Expand Down Expand Up @@ -205,6 +206,7 @@ on: push
permissions:
contents: read
engine: copilot
strict: false
network:
allowed:
- https://example.com
Comment on lines 208 to 212

Copilot AI Feb 13, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only the "Valid HTTPS protocol" case sets strict: false. The invalid-protocol cases still run under default strict mode and can fail earlier due to strict-mode custom-domain validation (ecosystem-only), meaning the test may pass without actually exercising the protocol validation logic. Consider setting strict: false on the invalid-protocol cases too and/or asserting the error message indicates an invalid protocol.

Copilot uses AI. Check for mistakes.
Expand Down Expand Up @@ -249,6 +251,7 @@ on: push
permissions:
contents: read
engine: copilot
strict: false
network:
allowed:
- example.com
Expand Down
1 change: 1 addition & 0 deletions pkg/workflow/sandbox_agent_false_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@ Test workflow to verify sandbox.agent: awf enables firewall.

markdown := `---
engine: copilot
strict: false
network:
allowed:
- defaults
Expand Down
1 change: 1 addition & 0 deletions pkg/workflow/sandbox_agent_tools_default_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,7 @@ Test workflow where explicit tools.bash should take precedence over default.
// No explicit sandbox.agent, but network restrictions will auto-enable firewall
markdown := `---
engine: copilot
strict: false
network:
allowed:
- github.com
Expand Down
6 changes: 3 additions & 3 deletions pkg/workflow/strict_mode_deprecated_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ timeout_minutes: 10
engine: copilot
network:
allowed:
- "api.example.com"
- defaults
---

# Test Workflow`,
Expand All @@ -47,7 +47,7 @@ timeout-minutes: 10
engine: copilot
network:
allowed:
- "api.example.com"
- defaults
---

# Test Workflow`,
Expand Down Expand Up @@ -116,7 +116,7 @@ timeout_minutes: 10
engine: copilot
network:
allowed:
- "api.example.com"
- defaults
---

# Test Workflow`
Expand Down
4 changes: 2 additions & 2 deletions pkg/workflow/strict_mode_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ permissions:
engine: copilot
network:
allowed:
- "api.example.com"
- defaults
---
Comment on lines 29 to 33

Copilot AI Feb 13, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TestStrictModeTimeout now uses defaults, but this file still hard-codes custom domains (e.g., api.example.com) in other workflows that are compiled with SetStrictMode(true) (e.g., permissions/network strict-mode tests). With current validateStrictFirewall behavior, those cases will still fail because strict mode rejects custom domains. Update the remaining occurrences to defaults / ecosystem identifiers (python/node/containers/…) or set strict: false only where the test specifically needs custom domains.

Copilot uses AI. Check for mistakes.

# Test Workflow`,
Expand All @@ -47,7 +47,7 @@ timeout-minutes: 10
engine: copilot
network:
allowed:
- "api.example.com"
- defaults
---

# Test Workflow`,
Expand Down
Loading