🌟 Release Highlights
This release fixes TLS certificate validation failures when using gh and git through the DIFC proxy, and removes a GITHUB_ENV dependency that limited portability.
⚠️ Breaking Changes
TLS CA trust no longer written to GITHUB_ENV — If your workflow relied on GITHUB_ENV being populated with the proxy CA certificate path, that behavior has been removed. CA trust is now configured exclusively via process environment variables set at proxy startup. Update your workflows to rely on the process environment instead of reading from GITHUB_ENV.
🐛 Bug Fixes & Improvements
Fixed git clone and gh repo clone failures through the DIFC TLS proxy (#4042) — Commands that perform HTTPS validation (git, gh, curl, Node.js fetch, Python requests) previously failed with certificate errors when routed through awmg proxy --tls. The proxy now automatically propagates the generated CA certificate to all standard trust environment variables at startup:
| Variable | Client |
|---|---|
GIT_SSL_CAINFO |
git, gh |
CURL_CA_BUNDLE |
curl |
NODE_EXTRA_CA_CERTS |
Node.js |
REQUESTS_CA_BUNDLE |
Python requests |
SSL_CERT_FILE |
OpenSSL-based tooling |
📚 Documentation
docs/PROXY_MODE.md has been updated with CA setup guidance for gh and git workflows that do not use GITHUB_ENV automation.
🐳 Docker Image
The Docker image for this release is available at:
docker pull ghcr.io/github/gh-aw-mcpg:v0.2.24
# or
docker pull ghcr.io/github/gh-aw-mcpg:latestSupported platforms: linux/amd64, linux/arm64
For complete details, see the full release notes.
Generated by Release · ● 188.5K
What's Changed
- Propagate DIFC proxy TLS CA trust to git/gh/curl via process environment by @Copilot in #4042
Full Changelog: v0.2.23...v0.2.24