Add Go proxy domains to CLI Consistency Checker network allowlist#15043
Add Go proxy domains to CLI Consistency Checker network allowlist#15043
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
…lowed domains Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates the CLI Consistency Checker agentic workflow firewall allowlist so Go can fetch toolchain/modules via the Go module proxy endpoints during make build, resolving the reported “Go 1.25.0 missing tool” failures.
Changes:
- Allowlisted
proxy.golang.organdsum.golang.orgin the CLI Consistency Checker workflow frontmatter. - Recompiled the workflow so the generated lock file propagates the updated allowlist into AWF firewall configuration.
- Includes additional generated lockfile diffs in other workflows (rate-limit env var) as a side-effect of recompilation.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/cli-consistency-checker.md | Adds Go proxy + checksum domains to network.allowed frontmatter. |
| .github/workflows/cli-consistency-checker.lock.yml | Propagates the new domains into generated allowed_domains and AWF --allow-domains lists. |
| .github/workflows/workflow-generator.lock.yml | Generated lockfile change adding GH_AW_RATE_LIMIT_IGNORED_ROLES env var. |
| .github/workflows/example-custom-error-patterns.lock.yml | Generated lockfile change adding GH_AW_RATE_LIMIT_IGNORED_ROLES env var. |
| .github/workflows/auto-triage-issues.lock.yml | Generated lockfile change adding GH_AW_RATE_LIMIT_IGNORED_ROLES env var. |
| .github/workflows/ai-moderator.lock.yml | Generated lockfile change adding GH_AW_RATE_LIMIT_IGNORED_ROLES env var. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| GH_AW_RATE_LIMIT_MAX: "5" | ||
| GH_AW_RATE_LIMIT_WINDOW: "60" | ||
| GH_AW_RATE_LIMIT_EVENTS: "issues" | ||
| GH_AW_RATE_LIMIT_IGNORED_ROLES: "admin,maintain,write" |
There was a problem hiding this comment.
This PR is scoped/described as a CLI Consistency Checker firewall allowlist change, but the recompile also introduces GH_AW_RATE_LIMIT_IGNORED_ROLES in this (and other) workflows’ generated lock files. Since it’s unrelated to the Go proxy allowlist and appears behavior-neutral (matches the default), consider either reverting these unrelated lockfile diffs to keep the PR focused, or explicitly calling out this additional generated change in the PR description/title so reviewers understand why multiple workflows changed.
The CLI Consistency Checker workflow fails when running
make buildbecause the firewall blocks access to Go's module proxy servers, preventing Go 1.25.0 from downloading dependencies.Changes
proxy.golang.organdsum.golang.orgtonetwork.allowedin workflow frontmatterThis follows the pattern established by other Go-building workflows (smoke-codex, dev, functional-pragmatist, gpclean).
Original prompt
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.