Skip to content

[aw-compat] AW cross-repo compatibility (2026-07-14): 18/20 compile clean, 2 genuine failures #45426

Description

@github-actions

Daily gh-aw cross-repo compatibility audit

gh-aw build b141a48 (built from working tree). Discovered gh-aw-using public repos, ranked by stars, and compiled the top 20 one-by-one.

Key metrics

Metric Value
Repos selected (by stars) 20
Cloned successfully 20 / 20
Compile clean (own settings) 18 / 20
Genuine failures 2 (1 workflow each)
Cross-repo codemod/coverage gaps 2

Genuine failures (plain compile, respecting each repo's own strict: setting)

  1. githubnext/gh-aw-testtest-copilot-restore-memory-custom-job.md: 'restore-memory': got object, want boolean. The workflow configures restore-memory as an object; the schema now expects a boolean. Likely a deliberate test fixture, but it is a real type error. No codemod covers this.
  2. ms-mfg-community/day-in-the-life-copilot-labcode-review.md: Unknown property: add-pr-comment. Did you mean 'add-comment'?. Pure user typo — add-pr-comment was never a valid safe-output key. The compiler already emits a did-you-mean suggestion.

Methodology caveat (important)

The baseline pass used compile --strict, which overrides each workflow's own strict: false opt-out. That produced 3 false-positive repo failures — github/gh-aw-mcpg, github/gh-aw-firewall, elastic/ai-github-actions — all of which compile with 0 errors under their intended settings. These repos intentionally use internal/opt-out fields (sandbox.mcp.container, sandbox.agent: false, secrets-in-steps) in strict: false smoke tests. Future runs should treat --strict as a secondary advisory signal, not the pass/fail gate.

Cross-repo codemod / coverage gaps (see companion issue)

  • Playwright MCP→CLI mode deprecated in 4 repos (elastic, gh-aw-mcpg, gh-aw-firewall, pelikhan); no migrating codemod exists — warning says it "may become an error in a future release".
  • safe-inputs in imported/shared fragments silently dropped in 3 repos (elastic 16 files, gh-aw-firewall 3, gh-aw-mcpg 3). The safe-inputs-to-mcp-scripts codemod exists but gh aw fix doesn't descend into imports: fragment files, and compile ignores the field without failing.
Top-20 selection (stars) and per-repo status
Repo Stars Plain compile Errors Warnings
github/gh-aw 4760 ok 0 183
githubnext/agentics 830 ok 0 0
github/gh-aw-mcpg 146 ok 0 9
github/gh-aw-firewall 109 ok 0 13
github/gh-aw-actions 37 ok 0 0
shyamagu-ms/ai-scrum 24 ok 0 0
felipementel/GitHubCopilotDevDays-Curitiba-2026 14 ok 0 0
githubnext/agentic-ops 14 ok 0 1
Hack23/euparliamentmonitor 12 ok 0 0
elastic/ai-github-actions 10 ok 0 28
haxudev/GCR-AI-Tour-2026 10 ok 0 0
verkyyi/github-agent-runner 10 ok 0 3
Hack23/riksdagsmonitor 8 ok 0 14
github/gh-aw-threat-detection 8 ok 0 0
githubnext/agentics-template 8 ok 0 0
githubnext/gh-aw-test 8 FAIL 1 19
IgniteUI/igniteui-documentation 6 ok 0 0
ms-mfg-community/day-in-the-life-copilot-lab 6 FAIL 1 0
pelikhan/github-agentic-workflows 6 ok 0 4
samuelkahessay/prd-to-prod 5 ok 0 3
Recurring non-fatal warnings across repos
  • Playwright MCP mode deprecated — 4 repos
  • safe-inputs ignored (unexpected frontmatter in fragments) — 3 repos
  • Fixed daily/weekly schedule time (suggest fuzzy schedule) — 3 repos
  • Secrets in steps/env may leak to agent — 4 repos (advisory)
  • Non-centralized slash_command routing — 2 repos
  • Auto-derived path: ("may become an error") — 2 repos

Next actions

  • File the two codemod-gap items (companion issue).
  • The 2 genuine failures are single-workflow and repo-local; no ≥2-repo user-syntax cluster this run.

Discovery limitation

Broad gh search code is unavailable under the repo-scoped Actions integration token (Resource not accessible by integration), so cross-GitHub lock-file code search returns only this repo. Discovery used gh search repos (7 query angles) + contents-API verification of .github/workflows/*.lock.yml. Candidate breadth is therefore narrower than the 60+ target; a PAT with read:org/code-search scope would restore full discovery.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • models.dev

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "models.dev"

See Network Configuration for more information.

Generated by 🔧 Daily AW Cross-Repo Compile Check · 776.9 AIC · ⌖ 37.1 AIC · ⊞ 6.7K ·

  • expires on Jul 21, 2026, 2:07 AM UTC-08:00

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions