Set runtime to docker-sbx in smoke-docker-sbx workflow frontmatter#6153
Conversation
Add sandbox.agent block with runtime: docker-sbx to all four smoke-docker-sbx workflow .md files, matching the pattern used by the gvisor smoke tests. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Adds explicit Docker sbx runtime configuration to four smoke workflow sources.
Changes:
- Adds
sandbox.agentusing AWF anddocker-sbx. - Enables
sudofor each sandbox agent. - Generated lock workflows remain stale.
Show a summary per file
| File | Description |
|---|---|
smoke-docker-sbx.md |
Configures Docker sbx runtime. |
smoke-docker-sbx-build-test.md |
Configures runtime for build tests. |
smoke-docker-sbx-claude.md |
Configures runtime for Claude tests. |
smoke-docker-sbx-codex.md |
Configures runtime for Codex tests. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 7/7 changed files
- Comments generated: 4
- Review effort level: Medium
| sandbox: | ||
| agent: | ||
| id: awf | ||
| runtime: docker-sbx |
| sandbox: | ||
| agent: | ||
| id: awf | ||
| runtime: docker-sbx |
| sandbox: | ||
| agent: | ||
| id: awf | ||
| runtime: docker-sbx |
| sandbox: | ||
| agent: | ||
| id: awf | ||
| runtime: docker-sbx |
|
✅ Copilot review passed with no inline comments. @lpcox Add the |
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (1 files)
Coverage comparison generated by |
execa throws 'Cannot read properties of null (reading end)' when input is provided but stdio[0] is 'ignore'. Change stdin to 'pipe' so the confirmation input can be written to the sbx create process. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Replace the released binary install step with a source build so the stdin pipe fix in sbx-manager.ts is exercised in CI. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Removing XDG_CONFIG_HOME from the environment passed to sbx create prevents the sbx CLI from finding Docker Hub credentials stored by sbx login, causing 'user is not authenticated' errors even though the daemon pre-pulled the image successfully. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
…t/gh-aw-firewall into set-docker-sbx-runtime
The released AWF binary (v0.27.30) has a bug where execa crashes with 'Cannot read properties of null (reading end)' because stdio[0] is set to 'ignore' while input is provided. Build from source to include the fix (stdio[0] changed to 'pipe'). This is a temporary workaround until a new AWF version is released. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
The compiled dist references ../containers/api-proxy/provider-env-constants.json relative to the dist/ directory. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Passing a custom sanitized env to execa replaces the entire process environment, which strips variables the sbx CLI needs to locate its daemon socket and credential store. This causes 'user is not authenticated to Docker' errors even when sbx login was run moments before. Instead, temporarily set DOCKER_SANDBOXES_PROXY in process.env and restore it after the call, letting sbx inherit the full environment. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Revert to the original behavior from PR #6101: delete DOCKER_SANDBOXES_PROXY from the env during sbx create. Setting it forces the sbx daemon to route Docker Hub registry auth through Squid, which blocks the pull and causes 'user is not authenticated to Docker' errors. The proxy is set at exec time instead, which is after Squid is fully configured and ready. Also reverts the process.env change (security issue: would have leaked secrets like GITHUB_TOKEN, DOCKER_PAT etc to the sbx CLI). The sanitized env approach (sanitizeEnvForSbx) is the correct security boundary. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
sbx create is a management command that talks to the local daemon — it does not run user code inside the sandbox. Passing a custom sanitized env strips variables the sbx CLI needs to locate the daemon's credential store, causing 'user is not authenticated to Docker' errors. The sandbox interior's env is controlled separately by execInSandbox() which still uses sanitizeEnvForSbx() to strip secrets. DOCKER_SANDBOXES_PROXY is temporarily removed during create to prevent routing Docker Hub registry auth through Squid (which isn't ready yet). Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
The Copilot harness sets XDG_CONFIG_HOME=$HOME before running AWF. This makes the sbx CLI look for credentials in $HOME/ instead of the default $HOME/.config/ where 'sbx login' stored them (sbx login runs in a step before the harness, with XDG_CONFIG_HOME unset). Temporarily unset XDG_CONFIG_HOME during sbx create so the sbx CLI finds the daemon credentials at the correct default path. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Add source build + credential refresh step to match the other lock files. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
|
✅ Smoke Gemini completed. All facets verified. 💎 |
|
✅ Build Test Suite completed successfully! |
|
🔌 Smoke Services — All services reachable! ✅ |
|
📰 VERDICT: Smoke Docker Sbx has concluded. All systems operational. This is a developing story. 🎤 |
|
Thanks for the focused runtime configuration change. One contribution-guideline item needs clarification: the PR description says lock files are not recompiled, but the diff includes changes to the generated Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Copilot BYOK Direct Mode✅ GitHub.com Connectivity (HTTP 200) Status: PASS — Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY) Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Copilot PAT Auth —
|
| Test | Result |
|---|---|
| MCP Connectivity | ❌ MCP tools unavailable in sandbox |
| GitHub.com HTTP | ❌ Template vars unresolved |
| File Write/Read | ❌ Template vars unresolved |
Overall: FAIL — workflow template variables were not substituted (pre-step outputs missing).
Auth mode: PAT (COPILOT_GITHUB_TOKEN)
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
🔑 PAT report filed by Smoke Copilot PAT
Add label ready-for-aw to run again
Smoke Test Results
Overall: PASS Author: @lpcox Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Claude Engine Validation
Overall result: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
✅ GitHub MCP connectivity Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test Results
Overall: FAIL — Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: API Proxy OpenTelemetry Tracing
All 5 scenarios passed. OTEL tracing integration is functional. Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
Recent merged PRs: compiled workflows; compiled workflows Warning Firewall blocked 2 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"
- "registry.npmjs.org"See Network Configuration for more information.
|
Gemini Smoke Test Results
Overall status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
|
@lpcox Smoke Test Results:
Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra Overall: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Chroot Version Comparison Results
Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
🔥 Smoke Test: Docker Sbx — PASS
Overall: PASS PR by @lpcox — "Set runtime to docker-sbx in smoke-docker-sbx workflow frontmatter"
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS
Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Summary
Adds
sandbox.agentblock withruntime: docker-sbxto all four smoke-docker-sbx workflow.mdfiles:smoke-docker-sbx.mdsmoke-docker-sbx-build-test.mdsmoke-docker-sbx-claude.mdsmoke-docker-sbx-codex.mdThis matches the pattern used by the gvisor smoke tests (which set
runtime: gvisor). Previously these workflows had nosandbox.agentsection, so the runtime was never explicitly set.Note: Lock files are not recompiled in this PR.