Add *.github.io and *.github.com to weekly-editors-health-check firewall allowlist#17591
Merged
pelikhan merged 2 commits intocopilot/weekly-workflow-editor-checksfrom Feb 21, 2026
Merged
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add automated weekly checks for workflow editors
Add *.github.io and *.github.com to weekly-editors-health-check firewall allowlist
Feb 21, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the Weekly Editors Health Check workflow’s firewall allowlist to permit GitHub Pages / GitHub subdomains used by the editor URLs, and recompiles the generated workflow lock file accordingly.
Changes:
- Added
*.github.ioand*.github.comto the workflow network allowlist. - Regenerated
weekly-editors-health-check.lock.ymlto reflect the updated allowlist and metadata.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| .github/workflows/weekly-editors-health-check.md | Expands the workflow’s allowed network domains to include GitHub Pages / GitHub subdomains. |
| .github/workflows/weekly-editors-health-check.lock.yml | Regenerated compiled workflow with updated allowed_domains and AWF --allow-domains list. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+19
to
+20
| - "*.github.io" | ||
| - "*.github.com" |
There was a problem hiding this comment.
Adding wildcard domains (".github.io" / ".github.com") significantly broadens the AWF egress surface beyond the specific editor hosts currently referenced by this workflow (ashleywolf.github.io, mossaka.github.io, github.github.com). Consider replacing these wildcards with the exact hostnames required (and only adding additional GitHub subdomains if you can confirm they’re needed for page assets via firewall logs) to keep the workflow on a least-privilege network policy.
Suggested change
| - "*.github.io" | |
| - "*.github.com" | |
| - ashleywolf.github.io | |
| - mossaka.github.io | |
| - github.github.com |
pelikhan
added a commit
that referenced
this pull request
Feb 21, 2026
* Initial plan * feat: add weekly editors health check workflow Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> * Weekly editors health check: discover editors dynamically from docs (#17586) * Initial plan * feat: update weekly editors health check to scan editors.mdx for editor list Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> * [WIP] Add automated weekly checks for workflow editors (#17591) * Initial plan * Add *.github.io and *.github.com to network firewall allowlist Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> * [WIP] Fix weekly workflow editor checks (#17590) * Initial plan * Set upload-asset max to 5 in weekly-editors-health-check workflow Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> Co-authored-by: Peli de Halleux <pelikhan@users.noreply.github.com> * Update metadata hash in weekly editors health check workflow --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
This was referenced Feb 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The weekly editors health check workflow couldn't reach editor URLs on
*.github.ioand*.github.com(e.g.,ashleywolf.github.io,mossaka.github.io,github.github.com) because the firewall allowlist didn't include those domains.*.github.ioand*.github.comtonetwork.allowedin the workflow frontmatterallowed_domainsto the Playwright firewall config💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.