Skip to content

Expand dev-tools and github domain sets; add dedicated local ecosystem; add github and local to default-safe-outputs#21142

Merged
pelikhan merged 3 commits intomainfrom
copilot/add-domains-to-dev-tools
Mar 16, 2026
Merged

Expand dev-tools and github domain sets; add dedicated local ecosystem; add github and local to default-safe-outputs#21142
pelikhan merged 3 commits intomainfrom
copilot/add-domains-to-dev-tools

Conversation

Copy link
Contributor

Copilot AI commented Mar 16, 2026
edited
Loading

Four related domain set changes: introduce a dedicated local ecosystem for loopback addresses, flesh out the github ecosystem with first-party domains, clean up dev-tools, and include both github and local in the default-safe-outputs baseline.

Changes

  • local (new) — dedicated ecosystem for localhost, 127.0.0.1, ::1
  • dev-tools — remove loopback addresses (moved to local) and docs.github.com (now covered by github)
  • github — add github.com, docs.github.com, github.blog (alongside existing *.githubusercontent.com entries)
  • default-safe-outputs — expand compound from {defaults, dev-tools}{defaults, dev-tools, github, local}
  • Housekeeping — remove duplicate dev-tools key in ecosystem_domains.json (Go's JSON decoder silently used the last one; now canonical)
  • TestTestDefaultSafeOutputsEcosystem now computes expected domain count dynamically from the union of component ecosystems instead of a brittle hard-coded threshold
  • Golden file — regenerated smoke-copilot.golden to reflect the updated --allow-domains list

✨ PR Review Safe Output Test - Run 23123559040

💥 THE END] — Illustrated by [Smoke Claude ·

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

Copilot AI and others added 2 commits March 15, 2026 22:35
Initial plan
99e8960
@pelikhan
feat: add localhost/IPs to dev-tools, expand github domain set, add g…
e8e14b9 
…ithub to default-safe-outputs

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
github-actions[bot]
github-actions bot reviewed Mar 16, 2026
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💥 Automated smoke test review - all systems nominal!

💥 [THE END] — Illustrated by Smoke Claude

pkg/workflow/domains.go Outdated
// Covers common infrastructure certificate/OCSP hosts (via "defaults") plus popular
// developer-tool and CI/CD service domains (via "dev-tools").
"default-safe-outputs": {"defaults", "dev-tools"},
// developer-tool and CI/CD service domains (via "dev-tools") and GitHub domains (via "github").
Copy link
Contributor

@github-actions github-actions bot Mar 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment update clearly documents the change. The default-safe-outputs expansion to include github makes sense — most workflows interact with GitHub APIs/docs.

@github-actions github-actions bot mentioned this pull request Mar 16, 2026
Closed
@pelikhan pelikhan marked this pull request as ready for review March 16, 2026 02:14
Copilot AI review requested due to automatic review settings March 16, 2026 02:14
Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the workflow domain ecosystem configuration so the default-safe-outputs compound ecosystem includes GitHub-related domains, and refreshes tests/golden outputs accordingly.

Changes:

  • Expanded default-safe-outputs to union defaults + dev-tools + github.
  • Added/reshaped entries in ecosystem_domains.json (notably more GitHub domains and loopback hosts in dev-tools).
  • Updated unit tests and the Copilot WASM golden fixture to match the new expanded allow-domain set.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden Updates the expected --allow-domains string to include the newly-added GitHub domains.
pkg/workflow/domains.go Expands default-safe-outputs compound ecosystem to include github and updates related comments.
pkg/workflow/domains_test.go Updates default-safe-outputs expansion test expectations/samples for the added GitHub + loopback entries.
pkg/workflow/data/ecosystem_domains.json Adds loopback hosts to dev-tools and expands the github ecosystem domain list.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

pkg/workflow/data/ecosystem_domains.json Outdated
Comment on lines +42 to +57
@@ -52,6 +54,7 @@
"docs.github.com",
"drone.io",
"img.shields.io",
"localhost",
pkg/workflow/data/ecosystem_domains.json
Comment on lines 88 to +100
"fonts": ["fonts.googleapis.com", "fonts.gstatic.com"],
"github": [
"*.githubusercontent.com",
"raw.githubusercontent.com",
"objects.githubusercontent.com",
"lfs.github.com",
"codeload.github.com",
"docs.github.com",
"github-cloud.githubusercontent.com",
"github-cloud.s3.amazonaws.com",
"codeload.github.com",
"github.githubassets.com"
"github.blog",
"github.com",
"github.githubassets.com",
"lfs.github.com",
"objects.githubusercontent.com",
"raw.githubusercontent.com"
pkg/workflow/domains_test.go Outdated
Comment on lines 1035 to 1038
// Should include defaults + dev-tools + github (at least 34+24+11 = 69 domains, with some overlap)
if len(result) < 60 {
t.Errorf("Expected at least 60 domains in default-safe-outputs, got %d", len(result))
}
pelikhan
pelikhan reviewed Mar 16, 2026
View reviewed changes
Copy link
Contributor

@pelikhan pelikhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot add dedicated domain for local host and loop back addresses.

@pelikhan
feat: add dedicated 'local' ecosystem for loopback addresses, clean u…
834316a 
…p dev-tools

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Mar 16, 2026

@copilot add dedicated domain for local host and loop back addresses.

Done in 834316a. Added a dedicated "local" ecosystem in ecosystem_domains.json with localhost, 127.0.0.1, and ::1, removed those entries from dev-tools (restoring it to external CI/CD services only), removed the duplicate docs.github.com from dev-tools (now covered by the github ecosystem), and included "local" in the default-safe-outputs compound. The test assertion was also updated to compute expected domain count dynamically from the union of component ecosystems rather than a hard-coded threshold.

Copilot AI changed the title Expand dev-tools and github domain sets; add github to default-safe-outputs Expand dev-tools and github domain sets; add dedicated local ecosystem; add github and local to default-safe-outputs Mar 16, 2026
Copilot AI requested a review from pelikhan March 16, 2026 03:28
@pelikhan pelikhan merged commit 842ad12 into main Mar 16, 2026
82 checks passed
@pelikhan pelikhan deleted the copilot/add-domains-to-dev-tools branch March 16, 2026 03:34
@github-actions github-actions bot mentioned this pull request Mar 16, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

ai-inspected

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan