diff --git a/.github/copilot/ALLOWLIST.md b/.github/copilot/ALLOWLIST.md new file mode 100644 index 0000000..030fc78 --- /dev/null +++ b/.github/copilot/ALLOWLIST.md @@ -0,0 +1,80 @@ +# GitHub Copilot Coding Agent Allowlist + +This document outlines the URLs and hosts that should be added to the GitHub Copilot Coding Agent allowlist to prevent firewall blocking issues. + +## Required URLs/Hosts + +### Ubuntu Package Repositories +- `esm.ubuntu.com` - Ubuntu Extended Security Maintenance repository +- `security.ubuntu.com` - Ubuntu security updates +- `archive.ubuntu.com` - Ubuntu main package repository +- `packages.ubuntu.com` - Ubuntu package search +- `keyserver.ubuntu.com` - Ubuntu keyserver for package verification +- `ports.ubuntu.com` - Ubuntu ports repository (for non-x86 architectures) + +### Node.js and npm Ecosystem +- `registry.npmjs.org` - npm package registry +- `npm.nodejs.org` - npm package registry mirror +- `nodejs.org` - Node.js official website and releases +- `github.com` - GitHub for package dependencies hosted on GitHub +- `raw.githubusercontent.com` - GitHub raw content for package files +- `api.github.com` - GitHub API for package metadata + +### Homebrew (macOS/Linux) +- `formulae.brew.sh` - Homebrew formulae API +- `github.com/Homebrew` - Homebrew repositories on GitHub +- `raw.githubusercontent.com/Homebrew` - Homebrew formulae and casks +- `ghcr.io` - GitHub Container Registry (for Homebrew bottles) + +### Docker and Container Registries +- `docker.io` - Docker Hub registry +- `registry-1.docker.io` - Docker Hub registry v1 +- `index.docker.io` - Docker Hub index +- `auth.docker.io` - Docker Hub authentication +- `production.cloudflare.docker.com` - Docker CDN + +### Certificate Authorities and Security +- `letsencrypt.org` - Let's Encrypt certificate authority +- `r3.o.lencr.org` - Let's Encrypt OCSP responder +- `ocsp.int-x3.letsencrypt.org` - Let's Encrypt OCSP responder + +### Playwright (Browser Testing) +- `playwright.azureedge.net` - Playwright browser downloads +- `github.com/microsoft/playwright` - Playwright repository + +### Additional Development Dependencies +- `cdn.jsdelivr.net` - jsDelivr CDN for packages +- `unpkg.com` - unpkg CDN for npm packages +- `esm.sh` - ES modules CDN + +## Recommended Wildcard Allowlist Entries + +For broader compatibility, these wildcard entries can be added: + +- `*.ubuntu.com` +- `*.npmjs.org` +- `*.nodejs.org` +- `*.github.com` +- `*.githubusercontent.com` +- `*.docker.io` +- `*.docker.com` +- `*.brew.sh` +- `*.letsencrypt.org` +- `*.azureedge.net` +- `*.jsdelivr.net` + +## Configuration Location + +To configure these allowlist entries: + +1. Go to the repository's Copilot coding agent settings: + `https://github.com/cloudamqp/amqp-client.js/settings/copilot/coding_agent` + +2. Add the URLs/hosts to the custom allowlist (admin access required) + +## Notes + +- The firewall blocking occurs because the Copilot coding agent environment has restricted network access by default +- The setup steps configuration (`.github/copilot/setup-steps.yml`) should handle most dependencies proactively +- Some URLs may only be needed during specific operations (testing, building, etc.) +- Monitor Copilot agent logs for additional blocked URLs that may need to be added \ No newline at end of file diff --git a/.github/copilot/setup-steps.yml b/.github/copilot/setup-steps.yml new file mode 100644 index 0000000..65a7eaf --- /dev/null +++ b/.github/copilot/setup-steps.yml @@ -0,0 +1,59 @@ +# GitHub Copilot Coding Agent Setup Steps +# This configuration runs before the firewall is enabled to pre-install dependencies +# that would otherwise be blocked by firewall rules + +name: Copilot Coding Agent Setup +description: Pre-install dependencies and configure environment for Copilot coding agent + +steps: + - name: Update package lists + run: | + sudo apt-get update + + - name: Install required system packages + run: | + sudo apt-get install -y curl wget ca-certificates gnupg lsb-release + + - name: Set up Homebrew + uses: Homebrew/actions/setup-homebrew@master + + - name: Install mkcert via Homebrew + run: brew install mkcert + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '22.x' + + - name: Create certificates directory + run: | + mkdir -p .etc_rabbitmq + + - name: Create local CA and certificate + run: | + CAROOT="$(pwd)/.etc_rabbitmq" $(brew --prefix)/bin/mkcert -install + $(brew --prefix)/bin/mkcert -key-file ./.etc_rabbitmq/localhost-key.pem -cert-file ./.etc_rabbitmq/localhost.pem localhost + chmod +r ./.etc_rabbitmq/localhost-key.pem + + - name: Create RabbitMQ config + run: | + tee ./.etc_rabbitmq/rabbitmq.conf <<'EOF' + loopback_users = none + listeners.ssl.default = 5671 + ssl_options.cacertfile = /etc/rabbitmq/rootCA.pem + ssl_options.certfile = /etc/rabbitmq/localhost.pem + ssl_options.keyfile = /etc/rabbitmq/localhost-key.pem + EOF + + - name: Start Docker Compose + run: docker compose up -d + + - name: Install Node.js dependencies + run: | + npm install + env: + PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1 + + - name: Install Playwright browsers (for browser testing) + run: | + npx playwright install --with-deps chromium \ No newline at end of file diff --git a/README.md b/README.md index a8e566c..4cdda85 100644 --- a/README.md +++ b/README.md @@ -154,3 +154,14 @@ Module comparison | ------ | ------------ | --- | | amqp-client.js | 0 | 1743 | | amqplib | 14 | 6720 (w/o dependencies) | + +## Development + +### GitHub Copilot Coding Agent Setup + +This repository is configured to work with GitHub Copilot Coding Agent. The configuration includes: + +- **Setup Steps**: `.github/copilot/setup-steps.yml` - Defines pre-installation steps that run before firewall restrictions are applied +- **Allowlist**: `.github/copilot/ALLOWLIST.md` - Documents required URLs/hosts for the firewall allowlist + +These configurations help prevent network access issues when the Copilot agent runs builds, tests, or installs dependencies.