Skip to content

Allow Go module downloads in MCP stress test workflow#625

Merged
lpcox merged 2 commits intomainfrom
copilot/fix-stress-test-network-issues
Feb 4, 2026
Merged

Allow Go module downloads in MCP stress test workflow#625
lpcox merged 2 commits intomainfrom
copilot/fix-stress-test-network-issues

Conversation

Copy link
Contributor

Copilot AI commented Feb 4, 2026
edited
Loading

The nightly MCP stress test workflow fails during make build with HTTP 403 errors when downloading Go modules. The firewall blocks proxy.golang.org and golang.org because the workflow uses network: defaults which only permits basic infrastructure.

Changes

Added go ecosystem identifier to network allowlist:

network:
  allowed:
    - defaults
    - go

This enables access to:

  • proxy.golang.org (Go module proxy)
  • golang.org, go.dev, pkg.go.dev
  • sum.golang.org (checksum database)
  • goproxy.io (fallback proxy)

Impact

Unblocks the stress test workflow. The gateway binary can now build, allowing testing of all 20 configured MCP servers.

Original prompt

This section details on the original issue you should resolve

<issue_title>[mcp-stress-test] Stress test blocked - Network restrictions prevent Go module downloads</issue_title>
<issue_description>The nightly MCP stress test cannot run due to network restrictions in the GitHub Actions environment that prevent downloading Go dependencies.

Issue Summary

  • Test Session: stress-test-20260204-030955
  • Status: ❌ CRITICAL - Complete test blockage
  • Failure Type: Build Environment / Network Configuration

Problem

All attempts to build the awmg gateway binary fail with HTTP 403 Forbidden errors when downloading Go modules:

github.com/stretchr/testify@v1.11.1: Get "(proxy.golang.org/redacted) Forbidden
golang.org/x/term@v0.38.0: Get "(proxy.golang.org/redacted) Forbidden
golang.org/x/oauth2@v0.30.0: Get "(proxy.golang.org/redacted) Forbidden

Attempted workarounds:

  • ✗ Standard make build
  • GOPROXY=direct go build
  • go mod download

All fail with 403 Forbidden responses from both proxy.golang.org and direct sources.

Impact

Without the ability to build the gateway, the stress test cannot:

  • Start the MCP Gateway server
  • Test any of the 20 configured MCP servers
  • Generate compatibility reports
  • Identify authentication requirements
  • Validate gateway stability

This blocks the entire purpose of the nightly stress test workflow.

Recommended Solutions

Option A: Pre-build Binary (Recommended)

Build the binary in a separate job with network access, then pass it to the test job:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: '1.25.0'
      - name: Build gateway
        run: make build
      - name: Upload binary
        uses: actions/upload-artifact@v4
        with:
          name: awmg-binary
          path: ./awmg
          retention-days: 1
          
  stress-test:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/download-artifact@v4
        with:
          name: awmg-binary
      - name: Make binary executable
        run: chmod +x ./awmg
      - name: Run stress test
        run: |
          # Test now uses pre-built ./awmg binary
          ./awmg --config /tmp/mcp-stress-test-config.json

Option B: Vendor Dependencies

Commit all Go dependencies to the repository:

go mod vendor
git add vendor/
git commit -m "Add vendored dependencies for offline builds"

Update Makefile to use vendor:

build:
	go build -mod=vendor -o awmg .

Option C: Fix Network Access

Contact GitHub Actions infrastructure team to:

  • Allow access to proxy.golang.org
  • Allow access to Go module sources (github.com, golang.org)
  • Review firewall/proxy rules blocking Go module downloads

Test Configuration

The stress test configuration was successfully prepared with 20 MCP servers before the build failure:

  • ✅ Test session: stress-test-20260204-030955
  • ✅ Config file: /tmp/mcp-stress-test-config.json
  • ✅ API key generated
  • ✅ 20 MCP servers configured (github, filesystem, memory, sqlite, postgres, brave-search, fetch, puppeteer, slack, gdrive, google-maps, everart, sequential-thinking, aws-kb-retrieval, linear, sentry, raygun, git, time, axiom)
  • Gateway build failed - blocking all testing

Next Steps

  1. Choose and implement one of the solutions above
  2. Test that make build succeeds in the workflow environment
  3. Re-run the nightly stress test
  4. Verify all 20 servers can be tested

Priority

HIGH - This completely blocks the nightly stress test workflow. The workflow cannot provide any value until the build environment is fixed.

Generated by Nightly MCP Stress Test
Session: stress-test-20260204-030955

AI generated by Nightly MCP Server Stress Test

<agent_instructions>Modify the mcp stress test firewall settings so that downlaods from golang.org and github.com are allowed</agent_instructions>

Comments on the Issue (you are @copilot in this section)

Custom agent used: agentic-workflows
GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@lpcox
Add Go ecosystem to network allowed list for MCP stress test
befa005 
This allows the workflow to download Go modules from:
- proxy.golang.org (Go module proxy)
- golang.org (Go official site)
- go.dev, pkg.go.dev (Go documentation)
- goproxy.io (alternative proxy)
- sum.golang.org (Go checksum database)

Fixes HTTP 403 Forbidden errors when building the awmg binary.

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix network restrictions for Go module downloads in stress test Allow Go module downloads in MCP stress test workflow Feb 4, 2026
Copilot AI requested a review from lpcox February 4, 2026 03:19
@lpcox lpcox marked this pull request as ready for review February 4, 2026 03:35
Copilot AI review requested due to automatic review settings February 4, 2026 03:35
@lpcox lpcox merged commit ef52d40 into main Feb 4, 2026
@lpcox lpcox deleted the copilot/fix-stress-test-network-issues branch February 4, 2026 03:35
Copilot AI reviewed Feb 4, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the nightly MCP stress test workflow’s network configuration so Go module downloads are allowed through the firewall, unblocking make build for the MCP gateway.

Changes:

  • Added the go ecosystem to the network.allowed list in nightly-mcp-stress-test.md so the workflow can use the Go network allowlist.
  • Updated the generated lock file to include go in allowed_domains and to extend both awf --allow-domains and GH_AW_ALLOWED_DOMAINS with Go-related domains (proxy.golang.org, golang.org, go.dev, pkg.go.dev, sum.golang.org, goproxy.io).
  • Updated the frontmatter-hash in the lock file to reflect the new frontmatter configuration.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/nightly-mcp-stress-test.md Adds network.allowed entries for defaults and go so the MCP stress test job can use Go’s network allowlist.
.github/workflows/nightly-mcp-stress-test.lock.yml Regenerates the lock file to record allowed_domains: ["defaults","go"] and expands the firewall/domain allowlists with Go module and checksum hosts.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions github-actions bot mentioned this pull request Feb 5, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lpcox lpcox Awaiting requested review from lpcox

Assignees

@lpcox lpcox

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[mcp-stress-test] Stress test blocked - Network restrictions prevent Go module downloads

2 participants

@lpcox