Enterprise Artifact Hub
Overview
Organizations behind firewalls or air-gapped networks often cannot reach public
registries such as github.com or PSGallery. HVE Core uses HVE_*
environment variables to redirect tool downloads, PowerShell module installs, and
GitHub API calls to internal mirrors or artifact proxies. When these variables
are unset, every download falls back to its public default, so no configuration
is needed for public GitHub environments.
Environment Variables
The table below lists every HVE_* variable, its default value, and which files
read it.
| Variable | Default | Description |
|---|---|---|
HVE_GITHUB_RELEASES_URL | https://github.com | Base URL for tool downloads (actionlint, gitleaks, uv) |
HVE_GITHUB_API_URL | https://api.github.com | GitHub API base URL for security scripts |
HVE_PSGALLERY_REPOSITORY | PSGallery | PowerShell repository name for module installs |
HVE_PSGALLERY_SOURCE_URL | (empty) | Source URL for custom PowerShell repository registration |
HVE_DEVCONTAINER_IMAGE | mcr.microsoft.com/devcontainers/base:2-jammy | Base container image for DevContainer builds |
Affected files per variable:
HVE_GITHUB_RELEASES_URL:.devcontainer/scripts/on-create.sh,.github/workflows/copilot-setup-steps.ymlHVE_GITHUB_API_URL: PowerShell scripts underscripts/security/HVE_PSGALLERY_REPOSITORYandHVE_PSGALLERY_SOURCE_URL:.devcontainer/scripts/on-create.sh,.github/workflows/copilot-setup-steps.ymlHVE_DEVCONTAINER_IMAGE:.devcontainer/devcontainer.json
DevContainer Configuration
Set the variables on your host machine before opening the DevContainer. The
.devcontainer/devcontainer.json file uses HVE_DEVCONTAINER_IMAGE in the
image field to select the base container image, and forwards the remaining
four variables into the container through its remoteEnv block. No changes to
the DevContainer configuration are required.
Export the variables in your shell profile:
export HVE_GITHUB_RELEASES_URL="https://artifactory.corp.example.com/github-releases"
export HVE_GITHUB_API_URL="https://github.corp.example.com/api/v3"
export HVE_PSGALLERY_REPOSITORY="InternalGallery"
export HVE_PSGALLERY_SOURCE_URL="https://nuget.corp.example.com/v2"
export HVE_DEVCONTAINER_IMAGE="registry.corp.example.com/devcontainers/base:2-jammy"
Add these lines to ~/.bashrc, ~/.zshrc, or a .env file sourced by your
shell so they persist across sessions.
GitHub Copilot Coding Agent
The copilot-setup-steps.yml workflow reads variables from GitHub repository or
organization settings. Navigate to Settings > Secrets and variables > Actions >
Variables and create entries for:
HVE_GITHUB_RELEASES_URLHVE_PSGALLERY_REPOSITORYHVE_PSGALLERY_SOURCE_URL
The workflow references these values as vars.HVE_GITHUB_RELEASES_URL,
vars.HVE_PSGALLERY_REPOSITORY, and vars.HVE_PSGALLERY_SOURCE_URL. When a
variable is absent, the workflow falls back to the public default.
Security Scripts
HVE_GITHUB_API_URL is used by the security analysis scripts under
scripts/security/:
Test-SHAStaleness.ps1Update-ActionSHAPinning.ps1Test-DependencyPinning.ps1SecurityHelpers.psm1
These scripts call the GitHub API for SHA resolution, staleness checks, and
token validation. In GitHub Enterprise Server environments, set
HVE_GITHUB_API_URL to your instance's API endpoint (for example,
https://github.corp.example.com/api/v3).
Other Enterprise Configuration
Some tools have their own configuration mechanisms that do not require HVE Core code changes but are relevant for a complete enterprise artifact hub setup.
npm
HVE Core respects the standard .npmrc registry configuration. Set the
registry in a project-level or user-level .npmrc file:
registry=https://npm.corp.example.com/
pip and uv
HVE Core respects the standard UV_INDEX_URL environment variable. Set it
in your shell profile or add an [[tool.uv.index]] entry in pyproject.toml:
export UV_INDEX_URL="https://pypi.corp.example.com/simple"
Container Images
Set HVE_DEVCONTAINER_IMAGE to point at a mirrored base image in your internal
container registry. The .devcontainer/devcontainer.json image field reads
this variable at build time and falls back to the default MCR image when unset.
export HVE_DEVCONTAINER_IMAGE="registry.corp.example.com/devcontainers/base:2-jammy"
Verification
After configuring the variables, confirm the setup works:
- Rebuild the DevContainer and verify that tool downloads (actionlint, gitleaks, uv) complete from the configured URLs.
- Run
npm run lint:psand confirm the security scripts complete without API errors. - When
HVE_PSGALLERY_SOURCE_URLis set, check thatRegister-PSRepositorysucceeds and PowerShell modules install from the custom repository.
🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.