diff --git a/action.yml b/action.yml index 6a9342c..933354f 100644 --- a/action.yml +++ b/action.yml @@ -96,6 +96,14 @@ inputs: description: "Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands" required: false default: "false" + enable_network_restrictions: + description: "Enable network restrictions to limit Claude's internet access to approved domains" + required: false + default: "false" + allowed_domains: + description: "Additional domains to allow when network restrictions are enabled (newline-separated)" + required: false + default: "" outputs: execution_file: @@ -142,6 +150,68 @@ runs: ADDITIONAL_PERMISSIONS: ${{ inputs.additional_permissions }} USE_COMMIT_SIGNING: ${{ inputs.use_commit_signing }} + - name: Setup Network Restrictions + if: steps.prepare.outputs.contains_trigger == 'true' && inputs.enable_network_restrictions == 'true' + shell: bash + run: | + # Install and configure Squid proxy + sudo apt-get update && sudo apt-get install -y squid + + # Create whitelist for allowed domains + cat > /tmp/whitelist.txt << 'EOF' + # Core domains (always needed) + .anthropic.com + .github.com + .githubusercontent.com + ghcr.io + .blob.core.windows.net + EOF + + # Auto-detect and add provider-specific domains + if [[ "${{ inputs.use_bedrock }}" == "true" ]]; then + echo "# AWS Bedrock domains" >> /tmp/whitelist.txt + echo "bedrock.*.amazonaws.com" >> /tmp/whitelist.txt + echo "bedrock-runtime.*.amazonaws.com" >> /tmp/whitelist.txt + fi + + if [[ "${{ inputs.use_vertex }}" == "true" ]]; then + echo "# Google Vertex AI domains" >> /tmp/whitelist.txt + echo "*.googleapis.com" >> /tmp/whitelist.txt + echo "vertexai.googleapis.com" >> /tmp/whitelist.txt + fi + + # Add any custom domains provided by user + if [[ -n "${{ inputs.allowed_domains }}" ]]; then + echo "# User-provided custom domains" >> /tmp/whitelist.txt + echo "${{ inputs.allowed_domains }}" >> /tmp/whitelist.txt + fi + + # Configure Squid + sudo tee /etc/squid/squid.conf << 'EOF' + http_port 127.0.0.1:3128 + acl whitelist dstdomain "/tmp/whitelist.txt" + acl localhost src 127.0.0.1/32 + http_access allow localhost whitelist + http_access deny all + cache deny all + EOF + + # Stop any existing squid instance and start with our config + sudo squid -k shutdown || true + sleep 2 + sudo rm -f /run/squid.pid + sudo squid -N -d 1 & + sleep 5 + + # Set proxy environment variables + echo "http_proxy=http://127.0.0.1:3128" >> $GITHUB_ENV + echo "https_proxy=http://127.0.0.1:3128" >> $GITHUB_ENV + echo "HTTP_PROXY=http://127.0.0.1:3128" >> $GITHUB_ENV + echo "HTTPS_PROXY=http://127.0.0.1:3128" >> $GITHUB_ENV + # Bypass proxy for package registries to avoid integrity check issues + echo "NO_PROXY=localhost,127.0.0.1,registry.npmjs.org,registry.yarnpkg.com" >> $GITHUB_ENV + echo "no_proxy=localhost,127.0.0.1,registry.npmjs.org,registry.yarnpkg.com" >> $GITHUB_ENV + - name: Run Claude Code id: claude-code if: steps.prepare.outputs.contains_trigger == 'true' diff --git a/examples/claude.yml b/examples/claude.yml index faf6738..4d78b02 100644 --- a/examples/claude.yml +++ b/examples/claude.yml @@ -29,65 +29,6 @@ jobs: with: fetch-depth: 1 - - name: Setup Network Restrictions - if: ${{ vars.ENABLE_NETWORK_RESTRICTIONS == 'true' }} - run: | - # Install and configure Squid proxy - sudo apt-get update && sudo apt-get install -y squid - - # Create whitelist for allowed domains - cat > /tmp/whitelist.txt << 'EOF' - # Provider APIs - Choose one: - # Anthropic (1P) - .anthropic.com - - # AWS Bedrock: - # bedrock.*.amazonaws.com - # bedrock-runtime.*.amazonaws.com - - # Google Vertex AI: - # *.googleapis.com - # vertexai.googleapis.com - - # GitHub (required for all setups) - .github.com - .githubusercontent.com - ghcr.io - - # Azure storage for GitHub Actions cache - .blob.core.windows.net - - # Additional custom domains (newline-separated) - # Set via CUSTOM_ALLOWED_DOMAINS repository variable - ${{ vars.CUSTOM_ALLOWED_DOMAINS || '' }} - EOF - - # Configure Squid - sudo tee /etc/squid/squid.conf << 'EOF' - http_port 127.0.0.1:3128 - acl whitelist dstdomain "/tmp/whitelist.txt" - acl localhost src 127.0.0.1/32 - http_access allow localhost whitelist - http_access deny all - cache deny all - EOF - - # Stop any existing squid instance and start with our config - sudo squid -k shutdown || true - sleep 2 - sudo rm -f /run/squid.pid - sudo squid -N -d 1 & - sleep 5 - - # Set proxy environment variables - echo "http_proxy=http://127.0.0.1:3128" >> $GITHUB_ENV - echo "https_proxy=http://127.0.0.1:3128" >> $GITHUB_ENV - echo "HTTP_PROXY=http://127.0.0.1:3128" >> $GITHUB_ENV - echo "HTTPS_PROXY=http://127.0.0.1:3128" >> $GITHUB_ENV - # Bypass proxy for package registries to avoid integrity check issues - echo "NO_PROXY=localhost,127.0.0.1,registry.npmjs.org,registry.yarnpkg.com" >> $GITHUB_ENV - echo "no_proxy=localhost,127.0.0.1,registry.npmjs.org,registry.yarnpkg.com" >> $GITHUB_ENV - - name: Run Claude PR Action uses: anthropics/claude-code-action@beta with: @@ -95,3 +36,13 @@ jobs: # Or use OAuth token instead: # claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} timeout_minutes: "60" + + # Optional: Enable network restrictions + # This limits Claude's internet access to approved domains only + # enable_network_restrictions: true + + # Optional: Add custom domains (when network restrictions are enabled) + # These are in addition to core domains and auto-detected provider domains + # allowed_domains: | + # api.mycompany.com + # internal-service.example.com