From a62a979a892e62edbcb929b98bca1502d02a2b80 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 18:51:53 +0000 Subject: [PATCH 1/7] Initial plan From fb94f786f8482ec46de2365c617b6fcf69963e5c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 18:57:03 +0000 Subject: [PATCH 2/7] Add action setup steps to workflows for firewall configuration Co-authored-by: stnguyen90 <1477010+stnguyen90@users.noreply.github.com> --- .github/workflows/e2e.yml | 13 +++++++++++++ .github/workflows/tests.yml | 12 ++++++++++++ 2 files changed, 25 insertions(+) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 862b7ef450..ecd9bfb1c1 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -11,6 +11,19 @@ jobs: e2e: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + allowed-endpoints: > + api.github.com:443 + github.com:443 + nodejs.org:443 + objects.githubusercontent.com:443 + pkg.pr.new:443 + pkg.vc:443 + playwright.azureedge.net:443 + registry.npmjs.org:443 - uses: actions/checkout@v4 - name: Use Node.js uses: actions/setup-node@v3 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 6bd4d86ce9..4b8ea9aab9 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -14,6 +14,18 @@ jobs: build: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + allowed-endpoints: > + api.github.com:443 + github.com:443 + nodejs.org:443 + objects.githubusercontent.com:443 + pkg.pr.new:443 + pkg.vc:443 + registry.npmjs.org:443 - uses: actions/checkout@v4 - name: Use Node.js uses: actions/setup-node@v3 From bbed71882fedebb5f9bed4024f61154a2d2b9d0e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 18:58:39 +0000 Subject: [PATCH 3/7] Add releases.githubusercontent.com to allowed endpoints Co-authored-by: stnguyen90 <1477010+stnguyen90@users.noreply.github.com> --- .github/workflows/e2e.yml | 1 + .github/workflows/tests.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index ecd9bfb1c1..8687178fc4 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -24,6 +24,7 @@ jobs: pkg.vc:443 playwright.azureedge.net:443 registry.npmjs.org:443 + releases.githubusercontent.com:443 - uses: actions/checkout@v4 - name: Use Node.js uses: actions/setup-node@v3 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 4b8ea9aab9..c8aa59a9f7 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -26,6 +26,7 @@ jobs: pkg.pr.new:443 pkg.vc:443 registry.npmjs.org:443 + releases.githubusercontent.com:443 - uses: actions/checkout@v4 - name: Use Node.js uses: actions/setup-node@v3 From dffac54f27cda9e31e36f2f979664ea78789a72e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 29 Oct 2025 07:42:20 +0000 Subject: [PATCH 4/7] Move setup steps to copilot-setup-steps.yml Co-authored-by: stnguyen90 <1477010+stnguyen90@users.noreply.github.com> --- .github/workflows/copilot-setup-steps.yml | 22 ++++++++++++++++++++++ .github/workflows/e2e.yml | 14 -------------- .github/workflows/tests.yml | 13 ------------- 3 files changed, 22 insertions(+), 27 deletions(-) create mode 100644 .github/workflows/copilot-setup-steps.yml diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml new file mode 100644 index 0000000000..6bcba7a0a7 --- /dev/null +++ b/.github/workflows/copilot-setup-steps.yml @@ -0,0 +1,22 @@ +name: Copilot Setup Steps + +on: [] + +jobs: + copilot-setup-steps: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + allowed-endpoints: > + api.github.com:443 + github.com:443 + nodejs.org:443 + objects.githubusercontent.com:443 + pkg.pr.new:443 + pkg.vc:443 + playwright.azureedge.net:443 + registry.npmjs.org:443 + releases.githubusercontent.com:443 diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 8687178fc4..862b7ef450 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -11,20 +11,6 @@ jobs: e2e: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 - with: - egress-policy: audit - allowed-endpoints: > - api.github.com:443 - github.com:443 - nodejs.org:443 - objects.githubusercontent.com:443 - pkg.pr.new:443 - pkg.vc:443 - playwright.azureedge.net:443 - registry.npmjs.org:443 - releases.githubusercontent.com:443 - uses: actions/checkout@v4 - name: Use Node.js uses: actions/setup-node@v3 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c8aa59a9f7..6bd4d86ce9 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -14,19 +14,6 @@ jobs: build: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 - with: - egress-policy: audit - allowed-endpoints: > - api.github.com:443 - github.com:443 - nodejs.org:443 - objects.githubusercontent.com:443 - pkg.pr.new:443 - pkg.vc:443 - registry.npmjs.org:443 - releases.githubusercontent.com:443 - uses: actions/checkout@v4 - name: Use Node.js uses: actions/setup-node@v3 From 21e6822c60bae179df27c6abc756fb11068860d6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 29 Oct 2025 08:55:44 +0000 Subject: [PATCH 5/7] Add workspace setup steps to copilot-setup-steps.yml Co-authored-by: stnguyen90 <1477010+stnguyen90@users.noreply.github.com> --- .github/workflows/copilot-setup-steps.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 6bcba7a0a7..76e9cff34d 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -20,3 +20,12 @@ jobs: playwright.azureedge.net:443 registry.npmjs.org:443 releases.githubusercontent.com:443 + - uses: actions/checkout@v4 + - name: Use Node.js + uses: actions/setup-node@v3 + with: + node-version: 20 + - name: Install pnpm + uses: pnpm/action-setup@v4 + - name: Install dependencies + run: pnpm install --frozen-lockfile From d142208595e733c09e85c5aa3398f1fb927d75d3 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 29 Oct 2025 13:52:01 +0000 Subject: [PATCH 6/7] Remove harden-runner step from copilot-setup-steps.yml Co-authored-by: stnguyen90 <1477010+stnguyen90@users.noreply.github.com> --- .github/workflows/copilot-setup-steps.yml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 76e9cff34d..a5c0fcbeb8 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -6,20 +6,6 @@ jobs: copilot-setup-steps: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 - with: - egress-policy: audit - allowed-endpoints: > - api.github.com:443 - github.com:443 - nodejs.org:443 - objects.githubusercontent.com:443 - pkg.pr.new:443 - pkg.vc:443 - playwright.azureedge.net:443 - registry.npmjs.org:443 - releases.githubusercontent.com:443 - uses: actions/checkout@v4 - name: Use Node.js uses: actions/setup-node@v3 From f92a59095f543d2d47173d784e3061129bee09fe Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 29 Oct 2025 23:37:56 +0000 Subject: [PATCH 7/7] Update copilot-setup-steps.yml with triggers, permissions, and latest action versions Co-authored-by: stnguyen90 <1477010+stnguyen90@users.noreply.github.com> --- .github/workflows/copilot-setup-steps.yml | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index a5c0fcbeb8..6926b0c50d 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -1,14 +1,25 @@ name: Copilot Setup Steps -on: [] +# Automatically run the setup steps when they are changed to allow for easy validation, and +# allow manual testing through the repository's "Actions" tab +on: + workflow_dispatch: + push: + paths: + - .github/workflows/copilot-setup-steps.yml + pull_request: + paths: + - .github/workflows/copilot-setup-steps.yml jobs: copilot-setup-steps: runs-on: ubuntu-latest + permissions: + contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Use Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v6 with: node-version: 20 - name: Install pnpm