From 7febbb006b594e0b9cec201bdad509bfa35f62a6 Mon Sep 17 00:00:00 2001 From: Ashwin Bhat Date: Mon, 24 Nov 2025 19:03:53 -0500 Subject: [PATCH] Remove experimental allowed domains feature (#697) * chore: remove experimental allowed domains feature Remove the experimental_allowed_domains feature which was used to restrict network access via a Squid proxy. This removes: - The input definition from action.yml - The Network Restrictions workflow step - The setup-network-restrictions.sh script - Documentation from experimental.md, usage.md, and related files - The input default from collect-inputs.ts * chore: fix formatting with prettier Co-authored-by: Ashwin Bhat --------- Co-authored-by: Claude Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Ashwin Bhat --- action.yml | 13 --- docs/experimental.md | 65 -------------- docs/usage.md | 1 - scripts/setup-network-restrictions.sh | 123 -------------------------- src/entrypoints/collect-inputs.ts | 1 - 5 files changed, 203 deletions(-) delete mode 100755 scripts/setup-network-restrictions.sh diff --git a/action.yml b/action.yml index efc4bc5..62d44e6 100644 --- a/action.yml +++ b/action.yml @@ -93,10 +93,6 @@ inputs: description: "Force tag mode with tracking comments for pull_request and issue events. Only applicable to pull_request (opened, synchronize, ready_for_review, reopened) and issue (opened, edited, labeled, assigned) events." required: false default: "false" - experimental_allowed_domains: - description: "Restrict network access to these domains only (newline-separated). If not set, no restrictions are applied. Provider domains are auto-detected." - required: false - default: "" path_to_claude_code_executable: description: "Optional path to a custom Claude Code executable. If provided, skips automatic installation and uses this executable instead. WARNING: Using an older version may cause problems if the action begins taking advantage of new Claude Code features. This input is typically not needed unless you're debugging something specific or have unique needs in your environment." required: false @@ -217,15 +213,6 @@ runs: echo "$CLAUDE_DIR" >> "$GITHUB_PATH" fi - - name: Setup Network Restrictions - if: steps.prepare.outputs.contains_trigger == 'true' && inputs.experimental_allowed_domains != '' - shell: bash - run: | - chmod +x ${GITHUB_ACTION_PATH}/scripts/setup-network-restrictions.sh - ${GITHUB_ACTION_PATH}/scripts/setup-network-restrictions.sh - env: - EXPERIMENTAL_ALLOWED_DOMAINS: ${{ inputs.experimental_allowed_domains }} - - name: Run Claude Code id: claude-code if: steps.prepare.outputs.contains_trigger == 'true' diff --git a/docs/experimental.md b/docs/experimental.md index 545ffbb..2c62867 100644 --- a/docs/experimental.md +++ b/docs/experimental.md @@ -61,68 +61,3 @@ For specialized use cases, you can fine-tune behavior using `claude_args`: --system-prompt "You are a code review specialist" anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} ``` - -## Network Restrictions - -For enhanced security, you can restrict Claude's network access to specific domains only. This feature is particularly useful for: - -- Enterprise environments with strict security policies -- Preventing access to external services -- Limiting Claude to only your internal APIs and services - -When `experimental_allowed_domains` is set, Claude can only access the domains you explicitly list. You'll need to include the appropriate provider domains based on your authentication method. - -### Provider-Specific Examples - -#### If using Anthropic API or subscription - -```yaml -- uses: anthropics/claude-code-action@v1 - with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - # Or: claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} - experimental_allowed_domains: | - .anthropic.com -``` - -#### If using AWS Bedrock - -```yaml -- uses: anthropics/claude-code-action@v1 - with: - use_bedrock: "true" - experimental_allowed_domains: | - bedrock.*.amazonaws.com - bedrock-runtime.*.amazonaws.com -``` - -#### If using Google Vertex AI - -```yaml -- uses: anthropics/claude-code-action@v1 - with: - use_vertex: "true" - experimental_allowed_domains: | - *.googleapis.com - vertexai.googleapis.com -``` - -### Common GitHub Domains - -In addition to your provider domains, you may need to include GitHub-related domains. For GitHub.com users, common domains include: - -```yaml -- uses: anthropics/claude-code-action@v1 - with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - experimental_allowed_domains: | - .anthropic.com # For Anthropic API - .github.com - .githubusercontent.com - ghcr.io - .blob.core.windows.net -``` - -For GitHub Enterprise users, replace the GitHub.com domains above with your enterprise domains (e.g., `.github.company.com`, `packages.company.com`, etc.). - -To determine which domains your workflow needs, you can temporarily run without restrictions and monitor the network requests, or check your GitHub Enterprise configuration for the specific services you use. diff --git a/docs/usage.md b/docs/usage.md index aad6611..e8588f6 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -70,7 +70,6 @@ jobs: | `branch_prefix` | The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format) | No | `claude/` | | `settings` | Claude Code settings as JSON string or path to settings JSON file | No | "" | | `additional_permissions` | Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results | No | "" | -| `experimental_allowed_domains` | Restrict network access to these domains only (newline-separated). | No | "" | | `use_commit_signing` | Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands | No | `false` | | `bot_id` | GitHub user ID to use for git operations (defaults to Claude's bot ID) | No | `41898282` | | `bot_name` | GitHub username to use for git operations (defaults to Claude's bot name) | No | `claude[bot]` | diff --git a/scripts/setup-network-restrictions.sh b/scripts/setup-network-restrictions.sh deleted file mode 100755 index 2b8712f..0000000 --- a/scripts/setup-network-restrictions.sh +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/bash - -# Setup Network Restrictions with Squid Proxy -# This script sets up a Squid proxy to restrict network access to whitelisted domains only. - -set -e - -# Check if experimental_allowed_domains is provided -if [ -z "$EXPERIMENTAL_ALLOWED_DOMAINS" ]; then - echo "ERROR: EXPERIMENTAL_ALLOWED_DOMAINS environment variable is required" - exit 1 -fi - -# Check required environment variables -if [ -z "$RUNNER_TEMP" ]; then - echo "ERROR: RUNNER_TEMP environment variable is required" - exit 1 -fi - -if [ -z "$GITHUB_ENV" ]; then - echo "ERROR: GITHUB_ENV environment variable is required" - exit 1 -fi - -echo "Setting up network restrictions with Squid proxy..." - -SQUID_START_TIME=$(date +%s.%N) - -# Create whitelist file -echo "$EXPERIMENTAL_ALLOWED_DOMAINS" > $RUNNER_TEMP/whitelist.txt - -# Ensure each domain has proper format -# If domain doesn't start with a dot and isn't an IP, add the dot for subdomain matching -mv $RUNNER_TEMP/whitelist.txt $RUNNER_TEMP/whitelist.txt.orig -while IFS= read -r domain; do - if [ -n "$domain" ]; then - # Trim whitespace - domain=$(echo "$domain" | xargs) - # If it's not empty and doesn't start with a dot, add one - if [[ "$domain" != .* ]] && [[ ! "$domain" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo ".$domain" >> $RUNNER_TEMP/whitelist.txt - else - echo "$domain" >> $RUNNER_TEMP/whitelist.txt - fi - fi -done < $RUNNER_TEMP/whitelist.txt.orig - -# Create Squid config with whitelist -echo "http_port 3128" > $RUNNER_TEMP/squid.conf -echo "" >> $RUNNER_TEMP/squid.conf -echo "# Define ACLs" >> $RUNNER_TEMP/squid.conf -echo "acl whitelist dstdomain \"/etc/squid/whitelist.txt\"" >> $RUNNER_TEMP/squid.conf -echo "acl localnet src 127.0.0.1/32" >> $RUNNER_TEMP/squid.conf -echo "acl localnet src 172.17.0.0/16" >> $RUNNER_TEMP/squid.conf -echo "acl SSL_ports port 443" >> $RUNNER_TEMP/squid.conf -echo "acl Safe_ports port 80" >> $RUNNER_TEMP/squid.conf -echo "acl Safe_ports port 443" >> $RUNNER_TEMP/squid.conf -echo "acl CONNECT method CONNECT" >> $RUNNER_TEMP/squid.conf -echo "" >> $RUNNER_TEMP/squid.conf -echo "# Deny requests to certain unsafe ports" >> $RUNNER_TEMP/squid.conf -echo "http_access deny !Safe_ports" >> $RUNNER_TEMP/squid.conf -echo "" >> $RUNNER_TEMP/squid.conf -echo "# Only allow CONNECT to SSL ports" >> $RUNNER_TEMP/squid.conf -echo "http_access deny CONNECT !SSL_ports" >> $RUNNER_TEMP/squid.conf -echo "" >> $RUNNER_TEMP/squid.conf -echo "# Allow localhost" >> $RUNNER_TEMP/squid.conf -echo "http_access allow localhost" >> $RUNNER_TEMP/squid.conf -echo "" >> $RUNNER_TEMP/squid.conf -echo "# Allow localnet access to whitelisted domains" >> $RUNNER_TEMP/squid.conf -echo "http_access allow localnet whitelist" >> $RUNNER_TEMP/squid.conf -echo "" >> $RUNNER_TEMP/squid.conf -echo "# Deny everything else" >> $RUNNER_TEMP/squid.conf -echo "http_access deny all" >> $RUNNER_TEMP/squid.conf - -echo "Starting Squid proxy..." -# First, remove any existing container -sudo docker rm -f squid-proxy 2>/dev/null || true - -# Ensure whitelist file is not empty (Squid fails with empty files) -if [ ! -s "$RUNNER_TEMP/whitelist.txt" ]; then - echo "WARNING: Whitelist file is empty, adding a dummy entry" - echo ".example.com" >> $RUNNER_TEMP/whitelist.txt -fi - -# Use sudo to prevent Claude from stopping the container -CONTAINER_ID=$(sudo docker run -d \ - --name squid-proxy \ - -p 127.0.0.1:3128:3128 \ - -v $RUNNER_TEMP/squid.conf:/etc/squid/squid.conf:ro \ - -v $RUNNER_TEMP/whitelist.txt:/etc/squid/whitelist.txt:ro \ - ubuntu/squid:latest 2>&1) || { - echo "ERROR: Failed to start Squid container" - exit 1 -} - -# Wait for proxy to be ready (usually < 1 second) -READY=false -for i in {1..30}; do - if nc -z 127.0.0.1 3128 2>/dev/null; then - TOTAL_TIME=$(echo "scale=3; $(date +%s.%N) - $SQUID_START_TIME" | bc) - echo "Squid proxy ready in ${TOTAL_TIME}s" - READY=true - break - fi - sleep 0.1 -done - -if [ "$READY" != "true" ]; then - echo "ERROR: Squid proxy failed to start within 3 seconds" - echo "Container logs:" - sudo docker logs squid-proxy 2>&1 || true - echo "Container status:" - sudo docker ps -a | grep squid-proxy || true - exit 1 -fi - -# Set proxy environment variables -echo "http_proxy=http://127.0.0.1:3128" >> $GITHUB_ENV -echo "https_proxy=http://127.0.0.1:3128" >> $GITHUB_ENV -echo "HTTP_PROXY=http://127.0.0.1:3128" >> $GITHUB_ENV -echo "HTTPS_PROXY=http://127.0.0.1:3128" >> $GITHUB_ENV - -echo "Network restrictions setup completed successfully" \ No newline at end of file diff --git a/src/entrypoints/collect-inputs.ts b/src/entrypoints/collect-inputs.ts index bfb4008..6974e34 100644 --- a/src/entrypoints/collect-inputs.ts +++ b/src/entrypoints/collect-inputs.ts @@ -26,7 +26,6 @@ export function collectActionInputsPresence(): void { max_turns: "", use_sticky_comment: "false", use_commit_signing: "false", - experimental_allowed_domains: "", }; const allInputsJson = process.env.ALL_INPUTS;