tmp

Update remaining allowed_domains references to experimental_allowed_domains
Merge branch 'main' into km/network-restrictions-feature
2026-01-24 15:34:13 +08:00 · 2025-07-16 12:22:25 -07:00 · 2025-07-16 12:13:41 -07:00 · 2025-07-16 12:11:42 -07:00 · 2025-07-16 12:10:11 -07:00 · 2025-07-16 10:54:03 -07:00
3 changed files with 10 additions and 11 deletions
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -31,9 +31,14 @@ jobs:

      - name: Run Claude Code
        id: claude
-        uses: anthropics/claude-code-action@beta
+        uses: ./
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
          allowed_tools: "Bash(bun install),Bash(bun test:*),Bash(bun run format),Bash(bun typecheck)"
          custom_instructions: "You have also been granted tools for editing files and running bun commands (install, run, test, typecheck) for testing your changes: bun install, bun test, bun run format, bun typecheck."
          model: "claude-opus-4-20250514"
+          # Test network restrictions
+          allowed_domains: |
+            .anthropic.com
+            .github.com
+            .githubusercontent.com
--- a/action.yml
+++ b/action.yml
@@ -185,7 +185,7 @@ runs:
    - name: Run Claude Code
      id: claude-code
      if: steps.prepare.outputs.contains_trigger == 'true'
-      uses: anthropics/claude-code-base-action@03e2a2d6923a9187c8e93b04ef2f8dae3219d0b1 # v0.0.36
+      uses: anthropics/claude-code-base-action@503cc7080e62d63d2cc1d80035ed04617d5efb47 # v0.0.35
      with:
        prompt_file: ${{ runner.temp }}/claude-prompts/claude-prompt.txt
        allowed_tools: ${{ env.ALLOWED_TOOLS }}
--- a/src/github/operations/git-config.ts
+++ b/src/github/operations/git-config.ts
@@ -21,13 +21,6 @@ export async function configureGitAuth(
 ) {
  console.log("Configuring git authentication for non-signing mode");

-  // Determine the noreply email domain based on GITHUB_SERVER_URL
-  const serverUrl = new URL(GITHUB_SERVER_URL);
-  const noreplyDomain =
-    serverUrl.hostname === "github.com"
-      ? "users.noreply.github.com"
-      : `users.noreply.${serverUrl.hostname}`;
-
  // Configure git user based on the comment creator
  console.log("Configuring git user...");
  if (user) {
@@ -35,12 +28,12 @@ export async function configureGitAuth(
    const botId = user.id;
    console.log(`Setting git user as ${botName}...`);
    await $`git config user.name "${botName}"`;
-    await $`git config user.email "${botId}+${botName}@${noreplyDomain}"`;
+    await $`git config user.email "${botId}+${botName}@users.noreply.github.com"`;
    console.log(`✓ Set git user as ${botName}`);
  } else {
    console.log("No user data in comment, using default bot user");
    await $`git config user.name "github-actions[bot]"`;
-    await $`git config user.email "41898282+github-actions[bot]@${noreplyDomain}"`;
+    await $`git config user.email "41898282+github-actions[bot]@users.noreply.github.com"`;
  }

  // Remove the authorization header that actions/checkout sets
@@ -54,6 +47,7 @@ export async function configureGitAuth(

  // Update the remote URL to include the token for authentication
  console.log("Updating remote URL with authentication...");
+  const serverUrl = new URL(GITHUB_SERVER_URL);
  const remoteUrl = `https://x-access-token:${githubToken}@${serverUrl.host}/${context.repository.owner}/${context.repository.repo}.git`;
  await $`git remote set-url origin ${remoteUrl}`;
  console.log("✓ Updated remote URL with authentication token");
Author	SHA1	Message	Date
Ashwin Bhat	d909172ebf	tmp	2025-07-16 12:22:25 -07:00
km-anthropic	b04be4e195	Update remaining allowed_domains references to experimental_allowed_domains	2025-07-16 12:13:41 -07:00
km-anthropic	c23800108f	Merge branch 'main' into km/network-restrictions-feature	2025-07-16 12:11:42 -07:00
km-anthropic	23b54ce0d2	change to experimental allowed domains and add `.blob.core.windows.net` to use cached bun isntall	2025-07-16 12:10:11 -07:00
km-anthropic	ed1e708634	Update example allowed_domains with tested domains for network restrictions	2025-07-16 10:54:03 -07:00
km-anthropic	37f5543283	update claude.yml to test	2025-07-16 09:53:51 -07:00
km-anthropic	533ec5356f	Update potential EOF not being treated as a string issue	2025-07-16 09:52:14 -07:00
km-anthropic	f1e95926d6	Merge branch 'main' of https://github.com/anthropics/claude-code-action into km/network-restrictions-feature	2025-07-16 08:53:19 -07:00
km-anthropic	e5b28393c7	Remove proxy example -- it's intuitive for users to figure it out	2025-07-14 15:27:08 -07:00
km-anthropic	168e891554	Remove unnecesssary NO_PROXY as packages are installed beforehand	2025-07-14 15:22:33 -07:00
km-anthropic	7673148cfb	Give an example of network restriction in claude.yml	2025-07-14 15:16:23 -07:00
km-anthropic	af74c779a5	Update README with common domains	2025-07-14 15:13:47 -07:00
km-anthropic	2877ea975e	Remove unnecessary network restrictions test and update readme + action.yml with no default domains and respective instructions in the readme	2025-07-14 14:47:07 -07:00
km-anthropic	c61f7b0167	Merge branch 'anthropics:main' into km/network-restrictions-feature	2025-07-14 14:21:58 -07:00
km-anthropic	b16ea06ada	Simplify network restrictions -- Move it to actions, remove extended examples in claude.yml and move them to readme	2025-07-14 14:19:52 -07:00
km-anthropic	1eab4a208c	Move network restrictions to actions.yml + show custom domains in the examples folder	2025-07-14 12:53:57 -07:00
km-anthropic	b938e69075	test: simplify network restrictions test - Reduce to one allowed and one blocked domain - Remove slow google.com test - Fix TypeScript errors with AbortController - Match test formatting conventions 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-07-14 12:31:11 -07:00
km-anthropic	ba5d64171b	Minor bun format	2025-07-14 12:22:04 -07:00
km-anthropic	5b3ce5ec6d	refactor: make network restrictions opt-in and move to examples - Removed network restrictions from .github/workflows/claude.yml - Added network restrictions to examples/claude.yml as opt-in feature - Changed from DISABLE_NETWORK_RESTRICTIONS to ENABLE_NETWORK_RESTRICTIONS - Added support for CUSTOM_ALLOWED_DOMAINS repository variable - Organized whitelist by provider (Anthropic, Bedrock, Vertex AI) - Removed package registries from whitelist (already in NO_PROXY) Users can now enable network restrictions by setting ENABLE_NETWORK_RESTRICTIONS=true and configure additional domains via CUSTOM_ALLOWED_DOMAINS. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-07-14 12:21:13 -07:00
km-anthropic	c6e906e3ba	test: simplify network restrictions test output	2025-07-13 09:08:53 -07:00
km-anthropic	dbf69fe645	test: add network restrictions verification test	2025-07-13 08:57:04 -07:00
km-anthropic	b49014e105	feat: add Squid proxy network restrictions to Claude workflow Implements URL whitelisting for GitHub Actions to prevent unauthorized network access. Only allows connections to: - Claude API (anthropic.com) - GitHub services - Package registries (npm, bun) - Azure blob storage for caching Uses NO_PROXY for package registries to avoid integrity check issues.	2025-07-13 08:21:37 -07:00