From d9a8f37c819a214e13518eda532f29c7d042ed0e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 22 Aug 2025 23:09:33 +0000 Subject: [PATCH 1/3] Update test-proxy.md to use comments instead of creating issues Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> --- .github/workflows/test-proxy.lock.yml | 116 ++++++++++++++++++++++++-- .github/workflows/test-proxy.md | 21 +++-- 2 files changed, 121 insertions(+), 16 deletions(-) diff --git a/.github/workflows/test-proxy.lock.yml b/.github/workflows/test-proxy.lock.yml index f22af3885ba..001156afdd5 100644 --- a/.github/workflows/test-proxy.lock.yml +++ b/.github/workflows/test-proxy.lock.yml @@ -21,7 +21,12 @@ jobs: test-network-permissions: runs-on: ubuntu-latest permissions: - issues: write + contents: read + issues: read + pull-requests: read + discussions: read + deployments: read + models: read outputs: output: ${{ steps.collect_output.outputs.output }} steps: @@ -239,11 +244,17 @@ jobs: - Verify that all blocked requests fail at the network level (proxy enforcement) - Confirm that only example.com is accessible through the Squid proxy - Create a GitHub issue with the test results, documenting: - - Which domains were successfully accessed vs blocked - - Error messages received for blocked domains - - Confirmation that network isolation is working correctly - - Any security observations or recommendations + ## Reporting Instructions + + If the test runs successfully and network isolation is working correctly: + - Write a brief summary to ${{ env.GITHUB_AW_OUTPUT }} confirming the test passed + + If there are any failures, security issues, or unexpected behaviors: + - Write a detailed report to ${{ env.GITHUB_AW_OUTPUT }} documenting: + - Which domains were successfully accessed vs blocked + - Error messages received for blocked domains + - Any security observations or recommendations + - Specific failure details that need attention The test should demonstrate that MCP containers are properly isolated and can only access explicitly allowed domains through the network proxy. @@ -310,7 +321,6 @@ jobs: # - Task # - mcp__fetch__fetch # - mcp__github__create_comment - # - mcp__github__create_issue # - mcp__github__download_workflow_run_artifact # - mcp__github__get_code_scanning_alert # - mcp__github__get_commit @@ -355,7 +365,7 @@ jobs: # - mcp__github__search_pull_requests # - mcp__github__search_repositories # - mcp__github__search_users - allowed_tools: "Glob,Grep,LS,NotebookRead,Read,Task,mcp__fetch__fetch,mcp__github__create_comment,mcp__github__create_issue,mcp__github__download_workflow_run_artifact,mcp__github__get_code_scanning_alert,mcp__github__get_commit,mcp__github__get_dependabot_alert,mcp__github__get_discussion,mcp__github__get_discussion_comments,mcp__github__get_file_contents,mcp__github__get_issue,mcp__github__get_issue_comments,mcp__github__get_job_logs,mcp__github__get_me,mcp__github__get_notification_details,mcp__github__get_pull_request,mcp__github__get_pull_request_comments,mcp__github__get_pull_request_diff,mcp__github__get_pull_request_files,mcp__github__get_pull_request_reviews,mcp__github__get_pull_request_status,mcp__github__get_secret_scanning_alert,mcp__github__get_tag,mcp__github__get_workflow_run,mcp__github__get_workflow_run_logs,mcp__github__get_workflow_run_usage,mcp__github__list_branches,mcp__github__list_code_scanning_alerts,mcp__github__list_commits,mcp__github__list_dependabot_alerts,mcp__github__list_discussion_categories,mcp__github__list_discussions,mcp__github__list_issues,mcp__github__list_notifications,mcp__github__list_pull_requests,mcp__github__list_secret_scanning_alerts,mcp__github__list_tags,mcp__github__list_workflow_jobs,mcp__github__list_workflow_run_artifacts,mcp__github__list_workflow_runs,mcp__github__list_workflows,mcp__github__search_code,mcp__github__search_issues,mcp__github__search_orgs,mcp__github__search_pull_requests,mcp__github__search_repositories,mcp__github__search_users" + allowed_tools: "Glob,Grep,LS,NotebookRead,Read,Task,mcp__fetch__fetch,mcp__github__create_comment,mcp__github__download_workflow_run_artifact,mcp__github__get_code_scanning_alert,mcp__github__get_commit,mcp__github__get_dependabot_alert,mcp__github__get_discussion,mcp__github__get_discussion_comments,mcp__github__get_file_contents,mcp__github__get_issue,mcp__github__get_issue_comments,mcp__github__get_job_logs,mcp__github__get_me,mcp__github__get_notification_details,mcp__github__get_pull_request,mcp__github__get_pull_request_comments,mcp__github__get_pull_request_diff,mcp__github__get_pull_request_files,mcp__github__get_pull_request_reviews,mcp__github__get_pull_request_status,mcp__github__get_secret_scanning_alert,mcp__github__get_tag,mcp__github__get_workflow_run,mcp__github__get_workflow_run_logs,mcp__github__get_workflow_run_usage,mcp__github__list_branches,mcp__github__list_code_scanning_alerts,mcp__github__list_commits,mcp__github__list_dependabot_alerts,mcp__github__list_discussion_categories,mcp__github__list_discussions,mcp__github__list_issues,mcp__github__list_notifications,mcp__github__list_pull_requests,mcp__github__list_secret_scanning_alerts,mcp__github__list_tags,mcp__github__list_workflow_jobs,mcp__github__list_workflow_run_artifacts,mcp__github__list_workflow_runs,mcp__github__list_workflows,mcp__github__search_code,mcp__github__search_issues,mcp__github__search_orgs,mcp__github__search_pull_requests,mcp__github__search_repositories,mcp__github__search_users" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_env: | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -625,3 +635,93 @@ jobs: path: /tmp/aw.patch if-no-files-found: ignore + create_issue_comment: + needs: test-network-permissions + if: github.event.issue.number || github.event.pull_request.number + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + pull-requests: write + timeout-minutes: 10 + outputs: + comment_id: ${{ steps.create_comment.outputs.comment_id }} + comment_url: ${{ steps.create_comment.outputs.comment_url }} + steps: + - name: Create Output Comment + id: create_comment + uses: actions/github-script@v7 + env: + GITHUB_AW_AGENT_OUTPUT: ${{ needs.test-network-permissions.outputs.output }} + with: + script: | + async function main() { + // Read the agent output content from environment variable + const outputContent = process.env.GITHUB_AW_AGENT_OUTPUT; + if (!outputContent) { + console.log('No GITHUB_AW_AGENT_OUTPUT environment variable found'); + return; + } + if (outputContent.trim() === '') { + console.log('Agent output content is empty'); + return; + } + console.log('Agent output content length:', outputContent.length); + // Check if we're in an issue or pull request context + const isIssueContext = context.eventName === 'issues' || context.eventName === 'issue_comment'; + const isPRContext = context.eventName === 'pull_request' || context.eventName === 'pull_request_review' || context.eventName === 'pull_request_review_comment'; + if (!isIssueContext && !isPRContext) { + console.log('Not running in issue or pull request context, skipping comment creation'); + return; + } + // Determine the issue/PR number and comment endpoint + let issueNumber; + let commentEndpoint; + if (isIssueContext) { + if (context.payload.issue) { + issueNumber = context.payload.issue.number; + commentEndpoint = 'issues'; + } else { + console.log('Issue context detected but no issue found in payload'); + return; + } + } else if (isPRContext) { + if (context.payload.pull_request) { + issueNumber = context.payload.pull_request.number; + commentEndpoint = 'issues'; // PR comments use the issues API endpoint + } else { + console.log('Pull request context detected but no pull request found in payload'); + return; + } + } + if (!issueNumber) { + console.log('Could not determine issue or pull request number'); + return; + } + let body = outputContent.trim(); + // Add AI disclaimer with run id, run htmlurl + const runId = context.runId; + const runUrl = `${context.payload.repository.html_url}/actions/runs/${runId}`; + body += `\n\n> Generated by Agentic Workflow Run [${runId}](${runUrl})\n`; + console.log(`Creating comment on ${commentEndpoint} #${issueNumber}`); + console.log('Comment content length:', body.length); + // Create the comment using GitHub API + const { data: comment } = await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: issueNumber, + body: body + }); + console.log('Created comment #' + comment.id + ': ' + comment.html_url); + // Set output for other jobs to use + core.setOutput('comment_id', comment.id); + core.setOutput('comment_url', comment.html_url); + // write comment id, url to the github_step_summary + await core.summary.addRaw(` + ## GitHub Comment + - Comment ID: ${comment.id} + - Comment URL: ${comment.html_url} + `).write(); + } + await main(); + diff --git a/.github/workflows/test-proxy.md b/.github/workflows/test-proxy.md index 2f30a841086..8ccdbb2b97f 100644 --- a/.github/workflows/test-proxy.md +++ b/.github/workflows/test-proxy.md @@ -4,8 +4,8 @@ on: branches: [ "main" ] workflow_dispatch: -permissions: - issues: write # needed to write the output report to an issue +output: + issue_comment: {} tools: fetch: @@ -21,7 +21,6 @@ tools: github: allowed: - - "create_issue" - "create_comment" - "get_issue" @@ -44,10 +43,16 @@ Test the MCP network permissions feature to validate that domain restrictions ar - Verify that all blocked requests fail at the network level (proxy enforcement) - Confirm that only example.com is accessible through the Squid proxy -Create a GitHub issue with the test results, documenting: -- Which domains were successfully accessed vs blocked -- Error messages received for blocked domains -- Confirmation that network isolation is working correctly -- Any security observations or recommendations +## Reporting Instructions + +If the test runs successfully and network isolation is working correctly: +- Write a brief summary to ${{ env.GITHUB_AW_OUTPUT }} confirming the test passed + +If there are any failures, security issues, or unexpected behaviors: +- Write a detailed report to ${{ env.GITHUB_AW_OUTPUT }} documenting: + - Which domains were successfully accessed vs blocked + - Error messages received for blocked domains + - Any security observations or recommendations + - Specific failure details that need attention The test should demonstrate that MCP containers are properly isolated and can only access explicitly allowed domains through the network proxy. From f048c8df6b14191f9bf697d3d1dedcd9fbff6063 Mon Sep 17 00:00:00 2001 From: Jiaxiao Zhou Date: Fri, 22 Aug 2025 16:16:51 -0700 Subject: [PATCH 2/3] changed the instruction to comment on PR instead of raising a new issue Signed-off-by: Jiaxiao Zhou --- .github/workflows/test-proxy.lock.yml | 111 ++------------------------ .github/workflows/test-proxy.md | 18 ++--- 2 files changed, 15 insertions(+), 114 deletions(-) diff --git a/.github/workflows/test-proxy.lock.yml b/.github/workflows/test-proxy.lock.yml index 001156afdd5..605d3c7ccef 100644 --- a/.github/workflows/test-proxy.lock.yml +++ b/.github/workflows/test-proxy.lock.yml @@ -21,12 +21,7 @@ jobs: test-network-permissions: runs-on: ubuntu-latest permissions: - contents: read - issues: read - pull-requests: read - discussions: read - deployments: read - models: read + issues: write outputs: output: ${{ steps.collect_output.outputs.output }} steps: @@ -246,17 +241,15 @@ jobs: ## Reporting Instructions - If the test runs successfully and network isolation is working correctly: - - Write a brief summary to ${{ env.GITHUB_AW_OUTPUT }} confirming the test passed - If there are any failures, security issues, or unexpected behaviors: + - Write a detailed report to ${{ env.GITHUB_AW_OUTPUT }} documenting: - - Which domains were successfully accessed vs blocked - - Error messages received for blocked domains - - Any security observations or recommendations - - Specific failure details that need attention + - Which domains were successfully accessed vs blocked + - Error messages received for blocked domains + - Any security observations or recommendations + - Specific failure details that need attention - The test should demonstrate that MCP containers are properly isolated and can only access explicitly allowed domains through the network proxy. + Create a GitHub Comment on the pull request with the test results. --- @@ -635,93 +628,3 @@ jobs: path: /tmp/aw.patch if-no-files-found: ignore - create_issue_comment: - needs: test-network-permissions - if: github.event.issue.number || github.event.pull_request.number - runs-on: ubuntu-latest - permissions: - contents: read - issues: write - pull-requests: write - timeout-minutes: 10 - outputs: - comment_id: ${{ steps.create_comment.outputs.comment_id }} - comment_url: ${{ steps.create_comment.outputs.comment_url }} - steps: - - name: Create Output Comment - id: create_comment - uses: actions/github-script@v7 - env: - GITHUB_AW_AGENT_OUTPUT: ${{ needs.test-network-permissions.outputs.output }} - with: - script: | - async function main() { - // Read the agent output content from environment variable - const outputContent = process.env.GITHUB_AW_AGENT_OUTPUT; - if (!outputContent) { - console.log('No GITHUB_AW_AGENT_OUTPUT environment variable found'); - return; - } - if (outputContent.trim() === '') { - console.log('Agent output content is empty'); - return; - } - console.log('Agent output content length:', outputContent.length); - // Check if we're in an issue or pull request context - const isIssueContext = context.eventName === 'issues' || context.eventName === 'issue_comment'; - const isPRContext = context.eventName === 'pull_request' || context.eventName === 'pull_request_review' || context.eventName === 'pull_request_review_comment'; - if (!isIssueContext && !isPRContext) { - console.log('Not running in issue or pull request context, skipping comment creation'); - return; - } - // Determine the issue/PR number and comment endpoint - let issueNumber; - let commentEndpoint; - if (isIssueContext) { - if (context.payload.issue) { - issueNumber = context.payload.issue.number; - commentEndpoint = 'issues'; - } else { - console.log('Issue context detected but no issue found in payload'); - return; - } - } else if (isPRContext) { - if (context.payload.pull_request) { - issueNumber = context.payload.pull_request.number; - commentEndpoint = 'issues'; // PR comments use the issues API endpoint - } else { - console.log('Pull request context detected but no pull request found in payload'); - return; - } - } - if (!issueNumber) { - console.log('Could not determine issue or pull request number'); - return; - } - let body = outputContent.trim(); - // Add AI disclaimer with run id, run htmlurl - const runId = context.runId; - const runUrl = `${context.payload.repository.html_url}/actions/runs/${runId}`; - body += `\n\n> Generated by Agentic Workflow Run [${runId}](${runUrl})\n`; - console.log(`Creating comment on ${commentEndpoint} #${issueNumber}`); - console.log('Comment content length:', body.length); - // Create the comment using GitHub API - const { data: comment } = await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: issueNumber, - body: body - }); - console.log('Created comment #' + comment.id + ': ' + comment.html_url); - // Set output for other jobs to use - core.setOutput('comment_id', comment.id); - core.setOutput('comment_url', comment.html_url); - // write comment id, url to the github_step_summary - await core.summary.addRaw(` - ## GitHub Comment - - Comment ID: ${comment.id} - - Comment URL: ${comment.html_url} - `).write(); - } - await main(); - diff --git a/.github/workflows/test-proxy.md b/.github/workflows/test-proxy.md index 8ccdbb2b97f..137c699eec5 100644 --- a/.github/workflows/test-proxy.md +++ b/.github/workflows/test-proxy.md @@ -4,8 +4,8 @@ on: branches: [ "main" ] workflow_dispatch: -output: - issue_comment: {} +permissions: + issues: write # needed to write the output report to an issue tools: fetch: @@ -45,14 +45,12 @@ Test the MCP network permissions feature to validate that domain restrictions ar ## Reporting Instructions -If the test runs successfully and network isolation is working correctly: -- Write a brief summary to ${{ env.GITHUB_AW_OUTPUT }} confirming the test passed - If there are any failures, security issues, or unexpected behaviors: + - Write a detailed report to ${{ env.GITHUB_AW_OUTPUT }} documenting: - - Which domains were successfully accessed vs blocked - - Error messages received for blocked domains - - Any security observations or recommendations - - Specific failure details that need attention +- Which domains were successfully accessed vs blocked +- Error messages received for blocked domains +- Any security observations or recommendations +- Specific failure details that need attention -The test should demonstrate that MCP containers are properly isolated and can only access explicitly allowed domains through the network proxy. +Create a GitHub Comment on the pull request with the test results. From 6e0a957ea658ba7546807e22959fd86f32a8f85b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 26 Aug 2025 15:35:28 +0000 Subject: [PATCH 3/3] Remove create_comment tool and add inline PR number as requested in review comments Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> --- .github/workflows/test-proxy.lock.yml | 104 +++++++++++++++++++++++++- .github/workflows/test-proxy.md | 7 +- 2 files changed, 103 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test-proxy.lock.yml b/.github/workflows/test-proxy.lock.yml index 605d3c7ccef..e70efe17a79 100644 --- a/.github/workflows/test-proxy.lock.yml +++ b/.github/workflows/test-proxy.lock.yml @@ -21,7 +21,12 @@ jobs: test-network-permissions: runs-on: ubuntu-latest permissions: - issues: write + contents: read + issues: read + pull-requests: read + discussions: read + deployments: read + models: read outputs: output: ${{ steps.collect_output.outputs.output }} steps: @@ -249,7 +254,7 @@ jobs: - Any security observations or recommendations - Specific failure details that need attention - Create a GitHub Comment on the pull request with the test results. + The test results will be automatically posted as a comment on PR #${{ github.event.pull_request.number }}. --- @@ -313,7 +318,6 @@ jobs: # - Read # - Task # - mcp__fetch__fetch - # - mcp__github__create_comment # - mcp__github__download_workflow_run_artifact # - mcp__github__get_code_scanning_alert # - mcp__github__get_commit @@ -358,7 +362,7 @@ jobs: # - mcp__github__search_pull_requests # - mcp__github__search_repositories # - mcp__github__search_users - allowed_tools: "Glob,Grep,LS,NotebookRead,Read,Task,mcp__fetch__fetch,mcp__github__create_comment,mcp__github__download_workflow_run_artifact,mcp__github__get_code_scanning_alert,mcp__github__get_commit,mcp__github__get_dependabot_alert,mcp__github__get_discussion,mcp__github__get_discussion_comments,mcp__github__get_file_contents,mcp__github__get_issue,mcp__github__get_issue_comments,mcp__github__get_job_logs,mcp__github__get_me,mcp__github__get_notification_details,mcp__github__get_pull_request,mcp__github__get_pull_request_comments,mcp__github__get_pull_request_diff,mcp__github__get_pull_request_files,mcp__github__get_pull_request_reviews,mcp__github__get_pull_request_status,mcp__github__get_secret_scanning_alert,mcp__github__get_tag,mcp__github__get_workflow_run,mcp__github__get_workflow_run_logs,mcp__github__get_workflow_run_usage,mcp__github__list_branches,mcp__github__list_code_scanning_alerts,mcp__github__list_commits,mcp__github__list_dependabot_alerts,mcp__github__list_discussion_categories,mcp__github__list_discussions,mcp__github__list_issues,mcp__github__list_notifications,mcp__github__list_pull_requests,mcp__github__list_secret_scanning_alerts,mcp__github__list_tags,mcp__github__list_workflow_jobs,mcp__github__list_workflow_run_artifacts,mcp__github__list_workflow_runs,mcp__github__list_workflows,mcp__github__search_code,mcp__github__search_issues,mcp__github__search_orgs,mcp__github__search_pull_requests,mcp__github__search_repositories,mcp__github__search_users" + allowed_tools: "Glob,Grep,LS,NotebookRead,Read,Task,mcp__fetch__fetch,mcp__github__download_workflow_run_artifact,mcp__github__get_code_scanning_alert,mcp__github__get_commit,mcp__github__get_dependabot_alert,mcp__github__get_discussion,mcp__github__get_discussion_comments,mcp__github__get_file_contents,mcp__github__get_issue,mcp__github__get_issue_comments,mcp__github__get_job_logs,mcp__github__get_me,mcp__github__get_notification_details,mcp__github__get_pull_request,mcp__github__get_pull_request_comments,mcp__github__get_pull_request_diff,mcp__github__get_pull_request_files,mcp__github__get_pull_request_reviews,mcp__github__get_pull_request_status,mcp__github__get_secret_scanning_alert,mcp__github__get_tag,mcp__github__get_workflow_run,mcp__github__get_workflow_run_logs,mcp__github__get_workflow_run_usage,mcp__github__list_branches,mcp__github__list_code_scanning_alerts,mcp__github__list_commits,mcp__github__list_dependabot_alerts,mcp__github__list_discussion_categories,mcp__github__list_discussions,mcp__github__list_issues,mcp__github__list_notifications,mcp__github__list_pull_requests,mcp__github__list_secret_scanning_alerts,mcp__github__list_tags,mcp__github__list_workflow_jobs,mcp__github__list_workflow_run_artifacts,mcp__github__list_workflow_runs,mcp__github__list_workflows,mcp__github__search_code,mcp__github__search_issues,mcp__github__search_orgs,mcp__github__search_pull_requests,mcp__github__search_repositories,mcp__github__search_users" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} claude_env: | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -628,3 +632,95 @@ jobs: path: /tmp/aw.patch if-no-files-found: ignore + create_issue_comment: + needs: test-network-permissions + if: github.event.issue.number || github.event.pull_request.number + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + pull-requests: write + timeout-minutes: 10 + outputs: + comment_id: ${{ steps.create_comment.outputs.comment_id }} + comment_url: ${{ steps.create_comment.outputs.comment_url }} + steps: + - name: Create Output Comment + id: create_comment + uses: actions/github-script@v7 + env: + GITHUB_AW_AGENT_OUTPUT: ${{ needs.test-network-permissions.outputs.output }} + with: + script: | + async function main() { + // Read the agent output content from environment variable + const outputContent = process.env.GITHUB_AW_AGENT_OUTPUT; + if (!outputContent) { + console.log('No GITHUB_AW_AGENT_OUTPUT environment variable found'); + return; + } + if (outputContent.trim() === '') { + console.log('Agent output content is empty'); + return; + } + console.log('Agent output content length:', outputContent.length); + // Check if we're in an issue or pull request context + const isIssueContext = context.eventName === 'issues' || context.eventName === 'issue_comment'; + const isPRContext = context.eventName === 'pull_request' || context.eventName === 'pull_request_review' || context.eventName === 'pull_request_review_comment'; + if (!isIssueContext && !isPRContext) { + console.log('Not running in issue or pull request context, skipping comment creation'); + return; + } + // Determine the issue/PR number and comment endpoint + let issueNumber; + let commentEndpoint; + if (isIssueContext) { + if (context.payload.issue) { + issueNumber = context.payload.issue.number; + commentEndpoint = 'issues'; + } else { + console.log('Issue context detected but no issue found in payload'); + return; + } + } else if (isPRContext) { + if (context.payload.pull_request) { + issueNumber = context.payload.pull_request.number; + commentEndpoint = 'issues'; // PR comments use the issues API endpoint + } else { + console.log('Pull request context detected but no pull request found in payload'); + return; + } + } + if (!issueNumber) { + console.log('Could not determine issue or pull request number'); + return; + } + let body = outputContent.trim(); + // Add AI disclaimer with run id, run htmlurl + const runId = context.runId; + const runUrl = context.payload.repository + ? `${context.payload.repository.html_url}/actions/runs/${runId}` + : `https://github.com/actions/runs/${runId}`; + body += `\n\n> Generated by Agentic Workflow Run [${runId}](${runUrl})\n`; + console.log(`Creating comment on ${commentEndpoint} #${issueNumber}`); + console.log('Comment content length:', body.length); + // Create the comment using GitHub API + const { data: comment } = await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: issueNumber, + body: body + }); + console.log('Created comment #' + comment.id + ': ' + comment.html_url); + // Set output for other jobs to use + core.setOutput('comment_id', comment.id); + core.setOutput('comment_url', comment.html_url); + // write comment id, url to the github_step_summary + await core.summary.addRaw(` + ## GitHub Comment + - Comment ID: ${comment.id} + - Comment URL: ${comment.html_url} + `).write(); + } + await main(); + diff --git a/.github/workflows/test-proxy.md b/.github/workflows/test-proxy.md index 137c699eec5..0f08395e4a4 100644 --- a/.github/workflows/test-proxy.md +++ b/.github/workflows/test-proxy.md @@ -4,8 +4,8 @@ on: branches: [ "main" ] workflow_dispatch: -permissions: - issues: write # needed to write the output report to an issue +output: + issue_comment: {} tools: fetch: @@ -21,7 +21,6 @@ tools: github: allowed: - - "create_comment" - "get_issue" engine: claude @@ -53,4 +52,4 @@ If there are any failures, security issues, or unexpected behaviors: - Any security observations or recommendations - Specific failure details that need attention -Create a GitHub Comment on the pull request with the test results. +The test results will be automatically posted as a comment on PR #${{ github.event.pull_request.number }}.