forked from GoogleCloudPlatform/scion
-
Notifications
You must be signed in to change notification settings - Fork 0
feat(harness): add GitHub Copilot CLI harness bundle #295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| # syntax=docker/dockerfile:1 | ||
| # Copyright 2026 Google LLC | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| ARG BASE_IMAGE | ||
| FROM ${BASE_IMAGE} | ||
|
|
||
| ARG COPILOT_CLI_VERSION=latest | ||
|
|
||
| RUN mkdir -p /home/scion/.copilot /home/scion/.copilot/skills \ | ||
| /home/scion/.github && \ | ||
| chown -R scion:scion /home/scion/.copilot /home/scion/.github | ||
|
|
||
| # Install copilot binary (Alpine/musl variant for scion-base). | ||
| # The binary is a self-contained Node.js SEA — no npm/node dependency needed. | ||
| RUN ARCH=$(uname -m | sed 's/x86_64/x64/;s/aarch64/arm64/') && \ | ||
| if [ "$COPILOT_CLI_VERSION" = "latest" ]; then \ | ||
| URL="https://github.com/github/copilot-cli/releases/latest/download/copilot-linuxmusl-${ARCH}.tar.gz"; \ | ||
| else \ | ||
| URL="https://github.com/github/copilot-cli/releases/download/v${COPILOT_CLI_VERSION}/copilot-linuxmusl-${ARCH}.tar.gz"; \ | ||
| fi && \ | ||
| curl -fsSL "$URL" | tar xz -C /usr/local/bin && \ | ||
| chmod +x /usr/local/bin/copilot | ||
|
|
||
| CMD ["copilot"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| # Copilot Harness Bundle | ||
|
|
||
| Scion harness bundle for the [GitHub Copilot CLI](https://github.com/github/copilot-cli) | ||
| (`copilot` from `github/copilot-cli`). | ||
|
|
||
| ## Bundle Layout | ||
|
|
||
| ``` | ||
| harnesses/copilot/ | ||
| config.yaml # Harness configuration | ||
| provision.py # Container-side provisioner (pre-start hook) | ||
| capture_auth.py # Post-login credential capture | ||
| Dockerfile # Image build (FROM scion-base) | ||
| cloudbuild.yaml # Cloud Build configuration | ||
| README.md # This file | ||
| home/ | ||
| .bashrc # Shell initialization | ||
| .copilot/ | ||
| settings.json # Default settings (auto-update off) | ||
| ``` | ||
|
|
||
| ## Installation | ||
|
|
||
| ```bash | ||
| scion harness-config install harnesses/copilot | ||
| ``` | ||
|
|
||
| ## Authentication | ||
|
|
||
| The Copilot CLI requires a GitHub account with an active Copilot subscription. | ||
|
|
||
| ### Fine-Grained PAT (Recommended) | ||
|
|
||
| Create a [fine-grained personal access token](https://github.com/settings/personal-access-tokens) | ||
| with the **"Copilot Requests"** permission enabled. The token must be user-owned | ||
| (not organization-owned). | ||
|
|
||
| ```bash | ||
| scion start --harness copilot --env COPILOT_GITHUB_TOKEN=github_pat_... | ||
| ``` | ||
|
|
||
| Token precedence: `COPILOT_GITHUB_TOKEN` > `GH_TOKEN` > `GITHUB_TOKEN`. | ||
|
|
||
| **Note:** Classic PATs (`ghp_...`) are not supported by the Copilot CLI. | ||
|
|
||
| ### Interactive Login (No-Auth Fallback) | ||
|
|
||
| If no token is provided, the agent drops to a shell. Run `copilot login` to | ||
| authenticate via browser-based OAuth device flow, then capture credentials: | ||
|
|
||
| ```bash | ||
| python3 /home/scion/.scion/harness/capture_auth.py | ||
| ``` | ||
|
|
||
| ## Known Limitations | ||
|
|
||
| - **No turn/model-call limits** — Copilot CLI has no hook dialect for individual | ||
| turn or model call events. Only `max_duration` (via Scion's external timeout) | ||
| is supported. | ||
| - **No telemetry integration** — Copilot's OpenTelemetry configuration surface | ||
| is undocumented. | ||
| - **System prompt is approximate** — system prompt content is prepended to | ||
| `.github/copilot-instructions.md`; there is no native `--system-prompt` flag. | ||
| - **No project-scoped MCP** — project-scoped MCP server entries are demoted to | ||
| global scope. | ||
| - **Subscription required** — an active GitHub Copilot subscription is required. | ||
| The harness provisions successfully without one, but the CLI will fail with an | ||
| auth error after launch. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,170 @@ | ||
| #!/usr/bin/env python3 | ||
| # Copyright 2026 Google LLC | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
| """Copilot capture-auth script. | ||
|
|
||
| Scans for credential files on disk and stores them as project-scoped secrets | ||
| via `sciontool secret set`. Designed to run after the user authenticates | ||
| interactively inside a no-auth agent container (e.g. after `copilot login`). | ||
|
|
||
| Reads credential mappings from inputs/capture-auth-config.json (derived from | ||
| the harness config.yaml's auth.types.*.required_files declarations). This | ||
| avoids hardcoding paths or key names in the script. | ||
|
|
||
| Exit codes: | ||
| 0 = at least one credential captured | ||
| 1 = error | ||
| 2 = no credentials found (not an error, but nothing was stored) | ||
| """ | ||
|
|
||
| from __future__ import annotations | ||
|
|
||
| import argparse | ||
| import json | ||
| import os | ||
| import subprocess | ||
| import sys | ||
| from typing import Any | ||
|
|
||
| EXIT_OK = 0 | ||
| EXIT_ERROR = 1 | ||
| EXIT_NO_CREDS = 2 | ||
|
|
||
| HARNESS_BUNDLE = os.path.join( | ||
| os.environ.get("HOME") or os.path.expanduser("~"), | ||
| ".scion", "harness", | ||
| ) | ||
|
|
||
|
|
||
| def _expand(path: str) -> str: | ||
| return os.path.expanduser(os.path.expandvars(path)) | ||
|
|
||
|
|
||
| def _load_config(bundle: str) -> list[dict[str, Any]]: | ||
| config_path = os.path.join(bundle, "inputs", "capture-auth-config.json") | ||
| if not os.path.isfile(config_path): | ||
| return [] | ||
| with open(config_path, "r", encoding="utf-8") as f: | ||
| try: | ||
| data = json.load(f) | ||
| except (json.JSONDecodeError, OSError): | ||
| return [] | ||
| creds = data.get("credentials") | ||
| if not isinstance(creds, list): | ||
| return [] | ||
| return creds | ||
|
|
||
|
|
||
| def _capture_one( | ||
| entry: dict[str, Any], force: bool | ||
| ) -> tuple[bool, str | None]: | ||
| """Attempt to capture a single credential. Returns (success, error_msg).""" | ||
| key = entry.get("key", "") | ||
| source = _expand(entry.get("source", "")) | ||
| secret_type = entry.get("type", "file") | ||
| target = entry.get("target", "") | ||
|
|
||
| if not key or not source: | ||
| return False, "invalid entry: missing key or source" | ||
|
|
||
| if not os.path.isfile(source): | ||
| return False, None | ||
|
|
||
| cmd = [ | ||
| "sciontool", "secret", "set", key, f"@{source}", | ||
| "--type", secret_type, | ||
| "--target", target, | ||
| ] | ||
| if force: | ||
| cmd.append("--force") | ||
|
|
||
| try: | ||
| result = subprocess.run( | ||
| cmd, | ||
| capture_output=True, | ||
| text=True, | ||
| timeout=30, | ||
| ) | ||
| except FileNotFoundError: | ||
| return False, "sciontool not found in PATH" | ||
| except subprocess.TimeoutExpired: | ||
| return False, f"sciontool timed out for key {key}" | ||
|
|
||
| if result.returncode != 0: | ||
| stderr = result.stderr.strip() | ||
| if "already exists" in stderr.lower(): | ||
| return True, None | ||
| return False, f"sciontool failed for {key}: {stderr}" | ||
|
|
||
| return True, None | ||
|
|
||
|
|
||
| def main() -> int: | ||
| parser = argparse.ArgumentParser( | ||
| description="Capture auth credentials and store as project secrets" | ||
| ) | ||
| parser.add_argument( | ||
| "--force", | ||
| action="store_true", | ||
| help="Overwrite existing secrets", | ||
| ) | ||
| parser.add_argument( | ||
| "--bundle", | ||
| default=HARNESS_BUNDLE, | ||
| help="Path to harness bundle directory", | ||
| ) | ||
| args = parser.parse_args() | ||
|
|
||
| entries = _load_config(args.bundle) | ||
| if not entries: | ||
| print( | ||
| "capture-auth: no credential mappings found in " | ||
| "inputs/capture-auth-config.json", | ||
| file=sys.stderr, | ||
| ) | ||
| return EXIT_NO_CREDS | ||
|
|
||
| captured = 0 | ||
| errors = 0 | ||
|
|
||
| for entry in entries: | ||
| key = entry.get("key", "<unknown>") | ||
| source = entry.get("source", "") | ||
| expanded = _expand(source) if source else "" | ||
|
|
||
| if not expanded or not os.path.isfile(expanded): | ||
| print(f"capture-auth: {key}: source not found ({source})") | ||
| continue | ||
|
|
||
| ok, err = _capture_one(entry, args.force) | ||
| if err: | ||
| print(f"capture-auth: {key}: {err}", file=sys.stderr) | ||
| errors += 1 | ||
| elif ok: | ||
| print(f"capture-auth: {key}: captured from {source}") | ||
| captured += 1 | ||
|
|
||
| if errors > 0 and captured == 0: | ||
| return EXIT_ERROR | ||
|
|
||
| if captured == 0: | ||
| print("capture-auth: no credentials found to capture") | ||
| return EXIT_NO_CREDS | ||
|
|
||
| print(f"capture-auth: {captured} credential(s) captured successfully") | ||
| return EXIT_OK | ||
|
|
||
|
|
||
| if __name__ == "__main__": | ||
| sys.exit(main()) | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| # Copyright 2026 Google LLC | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| # Per-bundle Cloud Build configuration for the Copilot harness image. | ||
| # Builds scion-copilot on top of scion-base:<_TAG>. | ||
| steps: | ||
| - name: 'gcr.io/cloud-builders/docker' | ||
| id: 'setup-buildx' | ||
| args: ['buildx', 'create', '--name', 'mybuilder', '--use'] | ||
| env: | ||
| - 'DOCKER_CLI_EXPERIMENTAL=enabled' | ||
|
|
||
| - name: 'gcr.io/cloud-builders/docker' | ||
| id: 'bootstrap-buildx' | ||
| args: ['buildx', 'inspect', '--bootstrap'] | ||
| env: | ||
| - 'DOCKER_CLI_EXPERIMENTAL=enabled' | ||
|
|
||
| - name: 'gcr.io/cloud-builders/docker' | ||
| id: 'build-scion-copilot' | ||
| args: | ||
| - 'buildx' | ||
| - 'build' | ||
| - '--platform' | ||
| - 'linux/amd64,linux/arm64' | ||
| - '--build-arg' | ||
| - 'BASE_IMAGE=$_REGISTRY/scion-base:$_TAG' | ||
| - '-t' | ||
| - '$_REGISTRY/scion-copilot:$_SHORT_SHA' | ||
| - '-t' | ||
| - '$_REGISTRY/scion-copilot:$_TAG' | ||
| - '-f' | ||
| - 'Dockerfile' | ||
| - '--pull' | ||
| - '--push' | ||
| - '.' | ||
| env: | ||
| - 'DOCKER_CLI_EXPERIMENTAL=enabled' | ||
|
|
||
| substitutions: | ||
| _REGISTRY: 'us-central1-docker.pkg.dev/${PROJECT_ID}/public-docker' | ||
| _TAG: 'latest' | ||
| options: | ||
| dynamicSubstitutions: true | ||
| machineType: 'E2_HIGHCPU_8' | ||
| timeout: 1200s |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If
json.loadreturns a non-dictionary (e.g., a JSON list or string),datawill not be a dictionary. This will cause anAttributeErrorwhen callingdata.get("credentials"). We should defensively verify thatdatais a dictionary.