Compiler: redirect DOTNET_INSTALL_DIR and GOPATH for ARC/DinD topology#42855
Conversation
On ARC/DinD runners, setup-dotnet installs to /usr/share/dotnet by default
which requires root permissions. Similarly, GOPATH defaults to a path that
may not be writable or visible to the DinD daemon.
Extend the existing 'Redirect tool cache for ARC/DinD' step to also set:
- DOTNET_INSTALL_DIR -> ${RUNNER_TEMP}/gh-aw/tool-cache/dotnet
- GOPATH -> ${RUNNER_TEMP}/gh-aw/tool-cache/go
This ensures all runtime setup actions install to daemon-visible, writable paths.
Fixes the 'mkdir: cannot create directory /usr/share/dotnet: Permission denied'
error seen in ARC/DinD canary workflows.
Related: #42807
There was a problem hiding this comment.
Pull request overview
This pull request updates the gh-aw workflow compiler’s main-job YAML generation for runner.topology: arc-dind to avoid permission and daemon-visibility issues caused by default tool install locations on ARC/DinD runners.
Changes:
- Extends the ARC/DinD “tool cache redirect” step to also export
DOTNET_INSTALL_DIRandGOPATHunder${RUNNER_TEMP}/gh-aw/tool-cache/.... - Updates the step name and corresponding unit test assertions to match the new behavior.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/compiler_yaml_main_job.go | Exports DOTNET_INSTALL_DIR and GOPATH (in addition to RUNNER_TOOL_CACHE) for ARC/DinD-generated workflows. |
| pkg/workflow/compiler_yaml_main_job_test.go | Updates the ARC/DinD redirect test to assert the new environment exports and step name. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 2/2 changed files
- Comments generated: 0
- Review effort level: Low
|
✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready. |
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 Smoke test completed: issue created; PR comment skipped because workflow event has no auto-targetable PR context despite pull-request-number metadata. |
|
🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨ |
|
💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges... |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
|
🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨ |
|
📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing... |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing... |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
Caution agentic threat detected DetailsThe threat detection engine failed to produce results. Review the workflow run logs for details. Pull request created: #42861
|
|
PR: Compiler: redirect DOTNET_INSTALL_DIR and GOPATH for ARC/DinD topology Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
Smoke review exercised inline comment and review submission paths.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · 280.9 AIC · ⌖ 10.4 AIC · ⊞ 19.2K
Comment /smoke-copilot to run again
Add label smoke to run again
|
🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨ |
|
🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨ |
|
✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready. |
|
💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges... |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 |
|
📰 BREAKING: Smoke Copilot - AOAI (Entra) is now investigating this pull request. Sources say the story is developing... |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
📰 BREAKING: Smoke Copilot - AOAI (apikey) is now investigating this pull request. Sources say the story is developing... |
Smoke Test Results
Overall status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
Smoke test
Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "proxy.golang.org"See Network Configuration for more information.
|
Agent Container Tool Check
Result: 12/12 tools available ✅ Overall Status: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
Smoke tests run 28564794507: FAIL. See issue #42886 for details.
|
|
PRs: #42855 Compiler: redirect DOTNET_INSTALL_DIR and GOPATH for ARC/DinD topology; #42816 [linter-miner] feat(linters): add httprespbodyclose linter; #42815 Compiler: enforce ARC/DinD daemon-visible paths and AWF v0.27.20 minimum Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
There was a problem hiding this comment.
Smoke pass for build and path wiring. Some harness tools bonk, see smoke issue #aw_smoke1.
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
📰 BREAKING: Report filed by Smoke Copilot · 427.9 AIC · ⌖ 15.7 AIC · ⊞ 19.2K
Comment /smoke-copilot to run again
Add label smoke to run again
|
@copilot please run the
|
|
🎉 This pull request is included in a new release. Release: |
Uh oh!
There was an error while loading. Please reload this page.