Problem
GH_HOST auto-injection from GITHUB_SERVER_URL is skipped when --env-all is active.
In src/docker-manager.ts (lines 566–606), extractGhHostFromServerUrl() only runs in the else branch — i.e., when --env-all is not used:
if (config.envAll) {
// passes through host env vars, but does NOT auto-derive GH_HOST
for (const [key, value] of Object.entries(process.env)) { ... }
} else {
// ... selective pass-through ...
// Auto-inject GH_HOST (only runs here!)
const ghHost = extractGhHostFromServerUrl(process.env.GITHUB_SERVER_URL);
if (ghHost) {
environment.GH_HOST = ghHost;
}
}Since gh-aw always passes --env-all, GH_HOST is never auto-injected. If the host environment has GITHUB_SERVER_URL set (e.g., https://mycompany.ghe.com) but GH_HOST is not explicitly set, the gh CLI inside the container defaults to github.com.
Impact
On GHES/GHEC runners where GITHUB_SERVER_URL is set but GH_HOST is not in the environment, gh CLI commands inside the AWF sandbox target the wrong GitHub instance. This causes failures in workflows that use gh CLI for PR operations, issue management, etc.
Upstream report: github/gh-aw#23093
Fix
Move the GH_HOST auto-injection after the if/else block so it runs regardless of --env-all:
if (config.envAll) {
for (const [key, value] of Object.entries(process.env)) { ... }
} else {
// ... selective pass-through ...
}
// Auto-inject GH_HOST when GITHUB_SERVER_URL points to a GHES/GHEC instance
// This must be AFTER the env-all block so it runs in both paths, and uses
// conditional assignment so an explicit GH_HOST from env-all is not overwritten
const ghHost = extractGhHostFromServerUrl(process.env.GITHUB_SERVER_URL);
if (ghHost && !environment.GH_HOST) {
environment.GH_HOST = ghHost;
logger.debug(`Auto-injected GH_HOST=${ghHost} from GITHUB_SERVER_URL`);
}The !environment.GH_HOST guard ensures that if the host already has GH_HOST set (and it was passed through via --env-all), the explicit value is preserved.
Testing
- Existing unit tests for
extractGhHostFromServerUrl cover the derivation logic
- Integration tests in
tests/integration/gh-host-injection.test.ts cover the container injection
- Add a test case verifying auto-injection works when
envAll: true and GH_HOST is NOT in the host environment (only GITHUB_SERVER_URL is set)
Problem
GH_HOSTauto-injection fromGITHUB_SERVER_URLis skipped when--env-allis active.In
src/docker-manager.ts(lines 566–606),extractGhHostFromServerUrl()only runs in theelsebranch — i.e., when--env-allis not used:Since gh-aw always passes
--env-all,GH_HOSTis never auto-injected. If the host environment hasGITHUB_SERVER_URLset (e.g.,https://mycompany.ghe.com) butGH_HOSTis not explicitly set, theghCLI inside the container defaults togithub.com.Impact
On GHES/GHEC runners where
GITHUB_SERVER_URLis set butGH_HOSTis not in the environment,ghCLI commands inside the AWF sandbox target the wrong GitHub instance. This causes failures in workflows that useghCLI for PR operations, issue management, etc.Upstream report: github/gh-aw#23093
Fix
Move the
GH_HOSTauto-injection after theif/elseblock so it runs regardless of--env-all:The
!environment.GH_HOSTguard ensures that if the host already hasGH_HOSTset (and it was passed through via--env-all), the explicit value is preserved.Testing
extractGhHostFromServerUrlcover the derivation logictests/integration/gh-host-injection.test.tscover the container injectionenvAll: trueandGH_HOSTis NOT in the host environment (onlyGITHUB_SERVER_URLis set)