From 4276f0d2d5cab22f38e435b44f8a83e779056417 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 17 Jan 2026 20:49:24 +0000 Subject: [PATCH 1/3] Initial plan From f52f72adec0afa0b47c46c707d61e549d5460857 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 17 Jan 2026 20:59:00 +0000 Subject: [PATCH 2/3] Initial plan for fixing daily firewall report caching issue Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> --- pkg/workflow/data/action_pins.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/workflow/data/action_pins.json b/pkg/workflow/data/action_pins.json index 3a943b2f1ce..189d80ee30a 100644 --- a/pkg/workflow/data/action_pins.json +++ b/pkg/workflow/data/action_pins.json @@ -47,8 +47,8 @@ }, "actions/github-script@v7.0.1": { "repo": "actions/github-script", - "version": "v7.1.0", - "sha": "f28e40c7f34bde8b3046d885e986cb6290c5673b" + "version": "v7.0.1", + "sha": "60a0d83039c74a4aee543508d2ffcb1c3799cdea" }, "actions/github-script@v8.0.0": { "repo": "actions/github-script", From 751ed0c537ada238ab6fec8bb2a6e6134b859d92 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 17 Jan 2026 21:05:20 +0000 Subject: [PATCH 3/3] Fix daily firewall report caching to always fetch fresh data Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> --- .github/workflows/daily-firewall-report.lock.yml | 5 ++--- .github/workflows/daily-firewall-report.md | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index e30dbb52bf5..f640ee9a65c 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -862,13 +862,12 @@ jobs: 2. If a report exists from the last 24 hours: - Read the cached run IDs that were analyzed - Determine if any new workflow runs have occurred since then - - If no new runs, update the existing report with current timestamp and exit early + - If no new runs, skip to Step 5 (Generate Report) using the same cached run IDs, but **always re-fetch fresh data from the audit tool** for accurate counts 3. Store the following in repo memory for the next run: - Last analysis timestamp - List of run IDs analyzed - - Aggregated blocked domains data - This prevents unnecessary re-analysis of the same data and significantly reduces token usage. + **IMPORTANT**: Never cache or reuse aggregated statistics (blocked counts, allowed counts, domain lists). Always compute these fresh from the audit tool to ensure accurate reporting. Only cache run IDs to avoid re-discovering the same workflow runs. ### Step 1: Collect Recent Firewall-Enabled Workflow Runs diff --git a/.github/workflows/daily-firewall-report.md b/.github/workflows/daily-firewall-report.md index a033b6c10e3..4acc9acd6e4 100644 --- a/.github/workflows/daily-firewall-report.md +++ b/.github/workflows/daily-firewall-report.md @@ -173,13 +173,12 @@ Simply call the MCP tools directly as described in the steps below. If you want 2. If a report exists from the last 24 hours: - Read the cached run IDs that were analyzed - Determine if any new workflow runs have occurred since then - - If no new runs, update the existing report with current timestamp and exit early + - If no new runs, skip to Step 5 (Generate Report) using the same cached run IDs, but **always re-fetch fresh data from the audit tool** for accurate counts 3. Store the following in repo memory for the next run: - Last analysis timestamp - List of run IDs analyzed - - Aggregated blocked domains data -This prevents unnecessary re-analysis of the same data and significantly reduces token usage. +**IMPORTANT**: Never cache or reuse aggregated statistics (blocked counts, allowed counts, domain lists). Always compute these fresh from the audit tool to ensure accurate reporting. Only cache run IDs to avoid re-discovering the same workflow runs. ### Step 1: Collect Recent Firewall-Enabled Workflow Runs