diff --git a/src/common/git-transport.ts b/src/common/git-transport.ts index 0497f86..4bcc56f 100644 --- a/src/common/git-transport.ts +++ b/src/common/git-transport.ts @@ -7,11 +7,6 @@ export const defaultGitLowSpeedTimeSeconds = 15; export const defaultGitHttpVersion = "HTTP/1.1"; export const defaultGitDirectHosts = Object.freeze([ - "github.com", - "api.github.com", - "codeload.github.com", - "objects.githubusercontent.com", - "raw.githubusercontent.com", "registry.npmjs.org", "registry.npmmirror.com", ]); diff --git a/src/runner/k8s-job.ts b/src/runner/k8s-job.ts index 3beea4f..5479b16 100644 --- a/src/runner/k8s-job.ts +++ b/src/runner/k8s-job.ts @@ -24,11 +24,6 @@ const defaultRunnerNoProxy = [ "g14-provider-egress-proxy.unidesk", "g14-provider-egress-proxy.unidesk.svc", "g14-provider-egress-proxy.unidesk.svc.cluster.local", - "github.com", - "api.github.com", - "codeload.github.com", - "objects.githubusercontent.com", - "raw.githubusercontent.com", "registry.npmjs.org", "registry.npmmirror.com", "g14-tcp-egress-gateway", diff --git a/src/selftest/cases/20-runner-k8s-job.ts b/src/selftest/cases/20-runner-k8s-job.ts index bcbe147..778fc0c 100644 --- a/src/selftest/cases/20-runner-k8s-job.ts +++ b/src/selftest/cases/20-runner-k8s-job.ts @@ -362,6 +362,8 @@ function assertRunnerJobUsesG14EgressProxy(manifest: JsonRecord): void { assert.ok(noProxy.includes("hyueapi.com"), "NO_PROXY must keep hyueapi.com direct"); assert.ok(noProxy.includes(".hyueapi.com"), "NO_PROXY must keep .hyueapi.com direct"); assert.ok(noProxy.includes("g14-provider-egress-proxy.unidesk.svc.cluster.local"), "NO_PROXY must include the proxy Service itself"); + assert.equal(noProxy.includes("github.com"), false, "GitHub HTTPS traffic must use the configured runner egress proxy"); + assert.equal(noProxy.includes("codeload.github.com"), false, "codeload downloads must use the configured runner egress proxy"); assert.ok(noProxy.includes("registry.npmjs.org"), "NO_PROXY must keep registry.npmjs.org direct"); assert.ok(noProxy.includes("registry.npmmirror.com"), "NO_PROXY must keep registry.npmmirror.com direct"); assert.ok(noProxy.includes(".svc"), "NO_PROXY must include Kubernetes Service domains"); @@ -376,8 +378,9 @@ function assertRunnerJobUsesBoundedGitTransport(rendered: JsonRecord): void { assert.equal(runnerEnvValue(manifest, "AGENTRUN_GIT_DEFAULT_TIMEOUT_MS"), "60000"); assert.equal(runnerEnvValue(manifest, "AGENTRUN_GIT_CREDENTIAL_HELPER"), "gh-auth-setup-git"); const directHosts = String(runnerEnvValue(manifest, "AGENTRUN_GIT_DIRECT_HOSTS")); - assert.ok(directHosts.includes("github.com"), "GitHub HTTPS transport should be eligible for direct fallback"); - assert.ok(directHosts.includes("codeload.github.com"), "codeload downloads should be eligible for direct fallback"); + assert.equal(directHosts.includes("github.com"), false, "GitHub HTTPS transport should use the runner egress proxy by default"); + assert.equal(directHosts.includes("codeload.github.com"), false, "codeload downloads should use the runner egress proxy by default"); + assert.ok(directHosts.includes("registry.npmjs.org"), "registry.npmjs.org remains eligible for direct fallback"); const summary = rendered.gitTransport as JsonRecord; assert.equal(summary.valuesPrinted, false); assert.equal(summary.terminalPrompt, false); diff --git a/tools/agentrun-git b/tools/agentrun-git index 66cb565..e3ef213 100755 --- a/tools/agentrun-git +++ b/tools/agentrun-git @@ -10,7 +10,7 @@ const defaultConnectTimeoutSeconds = Number(process.env.AGENTRUN_GIT_CONNECT_TIM const defaultLowSpeedLimit = Number(process.env.GIT_HTTP_LOW_SPEED_LIMIT || 1_024); const defaultLowSpeedTime = Number(process.env.GIT_HTTP_LOW_SPEED_TIME || 15); const defaultHttpVersion = process.env.AGENTRUN_GIT_HTTP_VERSION || process.env.GIT_HTTP_VERSION || "HTTP/1.1"; -const defaultDirectHosts = ["github.com", "api.github.com", "codeload.github.com", "objects.githubusercontent.com", "raw.githubusercontent.com", "registry.npmjs.org", "registry.npmmirror.com"]; +const defaultDirectHosts = ["registry.npmjs.org", "registry.npmmirror.com"]; function help() { return {