feat: Update check-file-contents.yml to check for non-mTLS hardcoded …

[agrawalradhika-cell]

…endpoints

feat: Update check-file-contents.yml to check for non-mTLS hardcoded endpoints

Please ensure you have read the contribution guide before creating a pull request.

Link to Issue or Description of Change

1. Link to an existing issue (if applicable):

• Closes: #issue_number
• Related: #issue_number

2. Or, if no issue exists, describe the change:

This PR introduces a new linting step to the check-file-contents.yml workflow to detect and prevent the hardcoding of non-mTLS googleapis.com endpoints in Python files. It provides immediate, actionable guidance to developers on how to implement security-compliant, dynamic endpoint selection

Problem:
Hardcoded googleapis.com URLs (e.g., https://telemetry.googleapis.com) do not support mutual TLS (mTLS) by default. This leads to 401 "Invalid authentication credentials" errors when services, fail to satisfy Client Authentication & Authorization (CAA) mTLS policies. Hardcoding these endpoints prevents the underlying session from utilizing the google-auth library for certificate-based authentication

Solution:
The check-file-contents.yml workflow is updated with a "Check for hardcoded googleapis.com endpoints" step. This step identifies .py files containing googleapis.com strings that lack the .mtls. prefix.

Testing Plan

Please describe the tests that you ran to verify your changes. This is required
for all PRs that are not small documentation or typo fixes.

Unit Tests:

• I have added or updated unit tests for my change.
• All unit tests pass locally.

Please include a summary of passed pytest results.

Manual End-to-End (E2E) Tests:

The new workflow step was verified in the agrawalradhika-cell/adk-python fork.

Checklist

• I have read the CONTRIBUTING.md document.
• I have performed a self-review of my own code.
• I have commented my code, particularly in hard-to-understand areas.
• I have added tests that prove my fix is effective or that my feature works.
• New and existing unit tests pass locally with my changes.
• I have manually tested my changes end-to-end.
• Any dependent changes have been merged and published in downstream modules.

Additional context

Add any other context or screenshots about the feature request here.

[adk-bot]

Response from ADK Triaging Agent

Hello @agrawalradhika-cell, thank you for creating this PR!

This PR introduces a new check in the GitHub Actions workflow. To help reviewers better understand and verify the fix:

• Could you please provide logs or a screenshot showing the workflow run (both a successful check and a failing check if possible) from your fork?

Providing logs/screenshots of the applied changes helps ensure high code quality and speeds up the review process. For more details, you can refer to our contribution guidelines.

Thank you!

[rohityan]

Hi @agrawalradhika-cell, Thank you for your contribution! We appreciate you taking the time to submit this pull request. Your PR has been received by the team and is currently under review. We will provide feedback as soon as we have an update to share.

[rohityan]

Hi @DeanChensj , can you please review this.