GITHUB_TOOLSETS - GITHUB_ is protected for env vars within Github itself #439
Comments
|
Can you say a little bit more about what outcome you're trying to achieve here? I think you're maybe trying to set a variable or a secret on your repository settings, but I'm not sure why you are doing that. A little more information would help in coming up with a solution, thanks. |
|
MCP server is enabled by default with Github Copilot Agent. I was attempting to set the toolset via env car, but was blocked as I mentioned.
If there are better ways to configure or override the behavior of the Github MCP server for this scenario, I'd love to see examples
Sent from Proton Mail Android
-------- Original Message --------On 5/26/25 3:51 AM, William Martin wrote:williammartin left a comment (github/github-mcp-server#439)
Can you say a little bit more about what outcome you're trying to achieve here? I think you're maybe trying to set a variable or a secret on your repository settings, but I'm not sure why you are doing that. A little more information would help in coming up with a solution, thanks.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
[
{
***@***.***": "http://schema.org",
***@***.***": "EmailMessage",
"potentialAction": {
***@***.***": "ViewAction",
"target": "#439 (comment)",
"url": "#439 (comment)",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
***@***.***": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
|
|
In the bigger picture, are you trying to use this in actions? If so, in the workflow file you don't need to use the same name for github variables and env vars. You can say: env:
GITHUB_TOOLSETS: ${{ vars.MCP_TOOLSETS }}Though I appreciate we may still want to do work here (one idea might be to allow you to set an env var that sets the entire env var prefix dynamically). |
|
I'm attempting to use the new Github Copilot Agent. I believe it technically runs as an action?
Sent with Proton Mail secure email
…On Monday, May 26th, 2025 at 1:55 PM, William Martin ***@***.***> wrote:
williammartin left a comment (github/github-mcp-server#439)
In the bigger picture, are you trying to use this in actions? If so, in the workflow file you don't need to use the same name for github variables and env vars. You can say:
env:
GITHUB_TOOLSETS: ${{ vars.MCP_TOOLSETS }}
Though I appreciate we may still want to do work here (one idea might be to allow you to set an env var that sets the entire env var prefix dynamically).
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.
|
|
@intel352 Hey there! 👋 With Copilot coding agent, the GitHub MCP Server is enabled by default with all read-only tools turned on. There is a way customize the list of allowlisted tools - but this isn't documented at the moment. To customize the list of allowlist tools, you'll need to overwrite the default MCP configuration with your own. You can do that by adding an MCP configuration to your repository using the instructions here. You may want to change the // Remove all comments when you paste this into the MCP config input
{
"mcpServers": {
"github-mcp-server": {
// Leave this blank and we will overwrite it automatically with the correct command
"command": "",
// Optionally allow read-write tools by removing the `--read-only` arg
"args": ["stdio", "--read-only"],
// Use the GitHub access token provided by Copilot coding agent with read access to the current repo
"env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "GITHUB_PERSONAL_ACCESS_TOKEN" },
// Customize the tools exposed to the agent
"tools": ["*"]
}
}
}By default, the token provided to the GitHub MCP Server only has read-only access to the current repository. You can pass a custom token with different permissions by following the instructions here. |
|
@timrogers Excellent, that helps! The documentation I found didn't have any sample configuration. One thing, your example is referencing Or is |
|
@intel352 You can just use the existing Just a heads up that you should be careful about providing a token with read-write access, and even moreso if you create a token which allows access to multiple repositories. The agent will use tools without prompting you - which is why we default to read-only tools, and only the current repo. |
|
@timrogers good callout, I made sure to scope the token for protection. Thank you! |
Describe the bug
When attempting to configure Github MCP behavior for my repository, if I set the env var GITHUB_TOOLSETS, I get an error from Github's UI that GITHUB_ is protected.
Expected vs actual behavior
Either the naming of the env var should be updated so that it doesn't start with GITHUB_, or else the documentation should be updated to provide some sort of workaround.
The text was updated successfully, but these errors were encountered: