From 23b54ce0d20a3b896235810ab7e6542d3f793d57 Mon Sep 17 00:00:00 2001 From: km-anthropic Date: Wed, 16 Jul 2025 12:10:11 -0700 Subject: [PATCH] change to experimental allowed domains and add `.blob.core.windows.net` to use cached bun isntall --- action.yml | 6 +++--- examples/claude.yml | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/action.yml b/action.yml index 7ccee7a..5ef0224 100644 --- a/action.yml +++ b/action.yml @@ -100,7 +100,7 @@ inputs: description: "Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands" required: false default: "false" - allowed_domains: + experimental_allowed_domains: description: "Restrict network access to these domains only (newline-separated). If not set, no restrictions are applied. Provider domains are auto-detected." required: false default: "" @@ -151,13 +151,13 @@ runs: USE_COMMIT_SIGNING: ${{ inputs.use_commit_signing }} - name: Setup Network Restrictions - if: steps.prepare.outputs.contains_trigger == 'true' && inputs.allowed_domains != '' + if: steps.prepare.outputs.contains_trigger == 'true' && inputs.experimental_allowed_domains != '' shell: bash run: | # Install and configure Squid proxy sudo apt-get update && sudo apt-get install -y squid - echo "${{ inputs.allowed_domains }}" > $RUNNER_TEMP/whitelist.txt + echo "${{ inputs.experimental_allowed_domains }}" > $RUNNER_TEMP/whitelist.txt # Configure Squid sudo tee /etc/squid/squid.conf << EOF diff --git a/examples/claude.yml b/examples/claude.yml index 11401c6..c6e9cfd 100644 --- a/examples/claude.yml +++ b/examples/claude.yml @@ -37,10 +37,11 @@ jobs: # claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} timeout_minutes: "60" # Optional: Restrict network access to specific domains only - # allowed_domains: | + # experimental_allowed_domains: | # .anthropic.com # .github.com # api.github.com # .githubusercontent.com # bun.sh # registry.npmjs.org + # .blob.core.windows.net