GitHub MCP server fails on GHES with internal CA certificates — no way to configure TLS trust

[acottre]

Describe the bug

When using claude-code-action with GitHub Enterprise Server that uses an internal/private CA (e.g. self-signed or corporate CA), the GitHub MCP server Docker container fails all API calls with tls: failed to verify certificate: x509: certificate signed by unknown authority. The Docker container is started without mounting the host's CA certificate bundle, so it has no way to trust the GHE server's TLS certificate.

There is no configuration option (input, env var, or setting) to:

• Mount custom CA certificates into the MCP server container
• Override the Docker image used for the GitHub MCP server
• Pass additional Docker arguments to the MCP server container
• Disable TLS verification

This makes the action non-functional on GitHub Enterprise Server instances that use internal certificate authorities, which is extremely common in corporate environments.

To Reproduce

1. Set up a GitHub Enterprise Server instance with a TLS certificate signed by an internal CA
2. Configure a self-hosted runner that trusts the internal CA (runner can communicate with GHE normally)
3. Create a workflow using claude-code-action with tools that require the GitHub MCP server (any mcp__github__* tool in --allowedTools)
4. Open a PR to trigger the workflow
5. The GitHub MCP server container starts successfully, but every API call fails with:

   failed to get pull request: Get "https://ghe.example.com/api/v3/repos/org/repo/pulls/1": tls: failed to verify certificate: x509: certificate signed by unknown authority
   

Expected behavior

The action should provide a way to configure CA certificates for the GitHub MCP server Docker container, either by:

• Automatically mounting the host's CA bundle (e.g. /etc/ssl/certs/ca-certificates.crt) into the container
• Accepting an input/env var for a custom CA certificate path to mount
• Accepting an env var to override the Docker image (so users can build an image with their CA baked in)

Additional context

The root cause is in src/mcp/install-mcp-server.ts. The Docker command is constructed without any volume mounts for CA certificates:

baseMcpConfig.mcpServers.github = {
  command: "docker",
  args: [
    "run", "-i", "--rm",
    "-e", "GITHUB_PERSONAL_ACCESS_TOKEN",
    "-e", "GITHUB_HOST",
    "ghcr.io/github/github-mcp-server:sha-23fa0dd",
  ],
  // ...
};

A minimal fix would be to mount the host's CA bundle into the container:

"-v", "/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro",
"-e", "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt",

The self-hosted runner itself trusts the GHE server (it communicates with it for job dispatch), so the host CA bundle at /etc/ssl/certs/ca-certificates.crt already contains the necessary certificates. The GitHub MCP server is a Go binary, which respects SSL_CERT_FILE for custom CA locations.

Alternatively, allowing the Docker image to be overridden via an env var (e.g. GITHUB_MCP_SERVER_IMAGE) would let users build a custom image with their CA baked in.