Add gh/rg support and optional --gh copilot mount#17
Conversation
|
@codex review this PR |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: dca12f3f13
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| fi | ||
|
|
||
| if [[ -d "${HOME}/.copilot" ]]; then | ||
| docker_args+=("-v" "${HOME}/.copilot:${CONTAINER_HOME}/.copilot") |
There was a problem hiding this comment.
When --gh is used, this bind mount is currently read-write, so processes inside the container can modify or delete files in the host ~/.copilot directory. In --yolo workflows this expands host-state risk and can corrupt local GitHub/Copilot state, unlike other sensitive mounts here (~/.gitconfig, ~/.ssh) that are intentionally mounted read-only. Adding :ro to this mount would preserve access while reducing credential/state mutation risk.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Summary
- Updated the
--ghmount to bind host~/.copilotas read-only (:ro) and updated the runtime warning message accordingly, addressing the security feedback on the PR thread. .codex_yolo.shL304-L307 - Strengthened integration coverage so the
--ghdry-run assertion now explicitly checks for.copilot:ro(not just.copilot). tests/integration_tests.shL377-L383 - Updated documentation/examples to state that the
~/.copilotmount is read-only when--ghis enabled. README.mdL153-L158 EXAMPLES.mdL99-L104
Testing
- ✅
bash -n .codex_yolo.sh tests/integration_tests.sh README.md EXAMPLES.md - ✅
./tests/integration_tests.sh ⚠️ python - <<'PY' ... urllib.request.urlopen('https://duckduckgo.com/html/?q=docker bind mount read-only :ro') ... PY(web search attempt failed due network proxy/tunnel403 Forbiddenin this environment)
Committed as:
0736767—Mount --gh copilot volume read-only
I also created the follow-up PR with title:
- Harden --gh mount by making ~/.copilot read-only
1 participant
Summary
ghandripgrep(rg) to the Docker image so both tools are available insidecodex_yolocontainers.--ghwrapper flag that mounts host~/.copilotinto the container at~/.copilot.--gh: hostghmust be installed,gh auth statusmust succeed, and~/.copilotmust exist.--gh.--ghusage, prerequisites, and security notes.--ghdry-run mount behavior..specifications/add-rg-gh-and-gh-flag.md.Problem
The container did not include
rgorgh, and there was no explicit path to run GitHub CLI workflows that need host Copilot state. Users also needed clear guardrails that--ghonly works when host-sideghauthentication is already configured.Solution
ghandripgrepvia apt.--ghis parsed as a wrapper-only flag and not forwarded tocodex.--ghis set, wrapper now:ghexists on host,gh auth status,~/.copilotexists,~/.copilotinto container home.Validation
bash -n .codex_yolo.sh .codex_yolo_entrypoint.sh .codex_yolo_diagnostics.sh install.sh tests/integration_tests.sh./tests/integration_tests.shNotes
--ghis opt-in and can be used alongside--mount-ssh.gh auth loginfor--ghto succeed.