Update runner doctor catalog with ARC/DinD modes A14 and A15#5832
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the self-hosted runner “doctor” knowledge base and related prompts to include two newly observed ARC/DinD failure modes (A14, A15) and to keep the shared catalog, workflow playbook, and portable agent in sync—backed by a Jest regression test.
Changes:
- Added failure modes A14 (missing Docker Compose v2 plugin in ARC/DinD sidecar) and A15 (rootless permission repair bind mount not applying
dockerHostPathPrefix). - Updated A1 citations to include
github/gh-aw-firewall#5753and added quick-lookup mappings + an unresolved-items note for A15. - Extended the runner-doctor workflow Jest test to assert shared + portable + workflow playbook alignment for these additions.
Show a summary per file
| File | Description |
|---|---|
| scripts/ci/self-hosted-runner-doctor-workflow.test.ts | Adds regression assertions that shared catalog + portable agent + workflow playbook include A14/A15 and updated citations. |
| .github/workflows/shared/self-hosted-failure-modes.md | Adds A14/A15 rows, quick-lookup entries, unresolved A15 note, and A1 citation update in the shared catalog. |
| .github/workflows/self-hosted-runner-doctor.md | Updates the workflow doctor playbook examples to reference A14/A15 symptom matches. |
| .github/agents/self-hosted-runner-doctor.md | Mirrors playbook + catalog updates into the portable, self-contained runner-doctor agent doc. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 4/4 changed files
- Comments generated: 2
- Review effort level: Low
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
|
✅ Copilot review passed with no inline comments. @copilot Add the |
|
🔌 Smoke Services — All services reachable! ✅ |
|
Chroot tests failed Smoke Chroot failed - See logs for details. |
|
📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅ |
|
✅ Smoke Gemini completed. All facets verified. 💎 Smoke test completed with failures. Connectivity to GitHub.com and MCP tools for reads were unavailable. |
|
✅ Contribution Check completed successfully! Contribution check passed for PR #5832: the PR has a clear description with related issue references, includes a focused regression test for the catalog updates, updates the relevant documentation/playbook files, and places files in appropriate locations. |
|
🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅ |
|
✅ Smoke Copilot BYOK AOAI (api-key) completed. Copilot AOAI BYOK (api-key) mode operational. 🔓 |
|
✅ Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓 |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
✅ Smoke Copilot BYOK AOAI (Entra) completed. Copilot AOAI BYOK (Entra) mode operational. 🔓 |
|
✅ Build Test Suite completed successfully! |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
|
🚀 Security Guard has started processing this pull request |
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (1 files)
Coverage comparison generated by |
Smoke Test: GitHub Actions Services Connectivity
Overall: FAIL — Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Claude Engine Validation
Overall Result: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra Status: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
✅ Smoke Test: Copilot BYOK Mode
Status: PASS — Running in direct BYOK mode via api-proxy sidecar Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Smoke Test: Copilot PAT Auth — PASS
Overall: PASS | Auth mode: PAT (COPILOT_GITHUB_TOKEN) cc Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
Smoke Test COPILOT BYOK Direct Mode:
Overall: PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
🔬 Smoke Test Results
Overall: PASS (core connectivity verified) PR author: Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
Gemini Smoke Test Results
PR Titles:
Overall status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
API Proxy OTEL Tracing — Smoke Test Results
All 5 scenarios pass. Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "awmgmcpg"See Network Configuration for more information.
|
|
@copilot fix the failing ci check https://github.com/github/gh-aw-firewall/actions/runs/28636561500/job/84924077190?pr=5832 |
Fixed in the latest commit — the A14 table rows in both |
The runner doctor knowledge base was missing two newly observed ARC/DinD failure modes and a citation update for the existing path-prefix guidance. This PR syncs those lessons into the shared catalog, the workflow prompt, and the portable self-contained doctor agent.
Catalog updates
docker compose up -dfails withunknown shorthand flag: 'd' in -d).dockerHostPathPrefix, leaving Squid logs unreadable.github/gh-aw-firewall#5753to A1 to capture the canonical daemon-visible path guidance.Diagnostic lookup improvements
Doctor playbook sync
.github/agents/self-hosted-runner-doctor.mdso the embedded agent stays aligned with the shared source.Regression guard