diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index de33f612029..a2716eb023b 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -193,6 +193,17 @@ jobs: gh extension install githubnext/gh-aw fi gh aw --version + # Copy the gh-aw binary to /opt/gh-aw for MCP server containerization + mkdir -p /opt/gh-aw + GH_AW_BIN=$(which gh-aw 2>/dev/null || find ~/.local/share/gh/extensions/gh-aw -name 'gh-aw' -type f 2>/dev/null | head -1) + if [ -n "$GH_AW_BIN" ] && [ -f "$GH_AW_BIN" ]; then + cp "$GH_AW_BIN" /opt/gh-aw/gh-aw + chmod +x /opt/gh-aw/gh-aw + echo "Copied gh-aw binary to /opt/gh-aw/gh-aw" + else + echo "::error::Failed to find gh-aw binary for MCP server" + exit 1 + fi - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index c3c9a3d04a8..1c0bb5b0a3b 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -195,6 +195,17 @@ jobs: gh extension install githubnext/gh-aw fi gh aw --version + # Copy the gh-aw binary to /opt/gh-aw for MCP server containerization + mkdir -p /opt/gh-aw + GH_AW_BIN=$(which gh-aw 2>/dev/null || find ~/.local/share/gh/extensions/gh-aw -name 'gh-aw' -type f 2>/dev/null | head -1) + if [ -n "$GH_AW_BIN" ] && [ -f "$GH_AW_BIN" ]; then + cp "$GH_AW_BIN" /opt/gh-aw/gh-aw + chmod +x /opt/gh-aw/gh-aw + echo "Copied gh-aw binary to /opt/gh-aw/gh-aw" + else + echo "::error::Failed to find gh-aw binary for MCP server" + exit 1 + fi - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 00a32d5c50b..1ac94d9678a 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -182,6 +182,17 @@ jobs: gh extension install githubnext/gh-aw fi gh aw --version + # Copy the gh-aw binary to /opt/gh-aw for MCP server containerization + mkdir -p /opt/gh-aw + GH_AW_BIN=$(which gh-aw 2>/dev/null || find ~/.local/share/gh/extensions/gh-aw -name 'gh-aw' -type f 2>/dev/null | head -1) + if [ -n "$GH_AW_BIN" ] && [ -f "$GH_AW_BIN" ]; then + cp "$GH_AW_BIN" /opt/gh-aw/gh-aw + chmod +x /opt/gh-aw/gh-aw + echo "Copied gh-aw binary to /opt/gh-aw/gh-aw" + else + echo "::error::Failed to find gh-aw binary for MCP server" + exit 1 + fi - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 4d14312e618..72c4d0ac16d 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -179,6 +179,17 @@ jobs: gh extension install githubnext/gh-aw fi gh aw --version + # Copy the gh-aw binary to /opt/gh-aw for MCP server containerization + mkdir -p /opt/gh-aw + GH_AW_BIN=$(which gh-aw 2>/dev/null || find ~/.local/share/gh/extensions/gh-aw -name 'gh-aw' -type f 2>/dev/null | head -1) + if [ -n "$GH_AW_BIN" ] && [ -f "$GH_AW_BIN" ]; then + cp "$GH_AW_BIN" /opt/gh-aw/gh-aw + chmod +x /opt/gh-aw/gh-aw + echo "Copied gh-aw binary to /opt/gh-aw/gh-aw" + else + echo "::error::Failed to find gh-aw binary for MCP server" + exit 1 + fi - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index 10bbc4bc359..17775b56dd8 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -181,6 +181,17 @@ jobs: gh extension install githubnext/gh-aw fi gh aw --version + # Copy the gh-aw binary to /opt/gh-aw for MCP server containerization + mkdir -p /opt/gh-aw + GH_AW_BIN=$(which gh-aw 2>/dev/null || find ~/.local/share/gh/extensions/gh-aw -name 'gh-aw' -type f 2>/dev/null | head -1) + if [ -n "$GH_AW_BIN" ] && [ -f "$GH_AW_BIN" ]; then + cp "$GH_AW_BIN" /opt/gh-aw/gh-aw + chmod +x /opt/gh-aw/gh-aw + echo "Copied gh-aw binary to /opt/gh-aw/gh-aw" + else + echo "::error::Failed to find gh-aw binary for MCP server" + exit 1 + fi - name: Start MCP gateway id: start-mcp-gateway env: diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index ec9d0c18cae..2e4ab545a02 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -218,6 +218,17 @@ jobs: gh extension install githubnext/gh-aw fi gh aw --version + # Copy the gh-aw binary to /opt/gh-aw for MCP server containerization + mkdir -p /opt/gh-aw + GH_AW_BIN=$(which gh-aw 2>/dev/null || find ~/.local/share/gh/extensions/gh-aw -name 'gh-aw' -type f 2>/dev/null | head -1) + if [ -n "$GH_AW_BIN" ] && [ -f "$GH_AW_BIN" ]; then + cp "$GH_AW_BIN" /opt/gh-aw/gh-aw + chmod +x /opt/gh-aw/gh-aw + echo "Copied gh-aw binary to /opt/gh-aw/gh-aw" + else + echo "::error::Failed to find gh-aw binary for MCP server" + exit 1 + fi - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index 0d2c4cdbfa9..ed5ab841fa8 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -229,6 +229,17 @@ jobs: gh extension install githubnext/gh-aw fi gh aw --version + # Copy the gh-aw binary to /opt/gh-aw for MCP server containerization + mkdir -p /opt/gh-aw + GH_AW_BIN=$(which gh-aw 2>/dev/null || find ~/.local/share/gh/extensions/gh-aw -name 'gh-aw' -type f 2>/dev/null | head -1) + if [ -n "$GH_AW_BIN" ] && [ -f "$GH_AW_BIN" ]; then + cp "$GH_AW_BIN" /opt/gh-aw/gh-aw + chmod +x /opt/gh-aw/gh-aw + echo "Copied gh-aw binary to /opt/gh-aw/gh-aw" + else + echo "::error::Failed to find gh-aw binary for MCP server" + exit 1 + fi - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 838eac15547..9c86c3b254f 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -216,6 +216,17 @@ jobs: gh extension install githubnext/gh-aw fi gh aw --version + # Copy the gh-aw binary to /opt/gh-aw for MCP server containerization + mkdir -p /opt/gh-aw + GH_AW_BIN=$(which gh-aw 2>/dev/null || find ~/.local/share/gh/extensions/gh-aw -name 'gh-aw' -type f 2>/dev/null | head -1) + if [ -n "$GH_AW_BIN" ] && [ -f "$GH_AW_BIN" ]; then + cp "$GH_AW_BIN" /opt/gh-aw/gh-aw + chmod +x /opt/gh-aw/gh-aw + echo "Copied gh-aw binary to /opt/gh-aw/gh-aw" + else + echo "::error::Failed to find gh-aw binary for MCP server" + exit 1 + fi - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs diff --git a/pkg/workflow/agentic_workflow_test.go b/pkg/workflow/agentic_workflow_test.go index af18deaa00d..ebcb39d8dd5 100644 --- a/pkg/workflow/agentic_workflow_test.go +++ b/pkg/workflow/agentic_workflow_test.go @@ -164,6 +164,10 @@ func TestAgenticWorkflowsInstallStepIncludesGHToken(t *testing.T) { "install step should include command to install gh-aw extension") assert.Contains(t, result, "gh aw --version", "install step should include command to verify gh-aw installation") + + // Verify the binary copy command is present for MCP server containerization + assert.Contains(t, result, "cp \"$GH_AW_BIN\" /opt/gh-aw/gh-aw", + "install step should copy gh-aw binary to /opt/gh-aw for MCP server containerization") } func TestAgenticWorkflowsInstallStepWithCustomToken(t *testing.T) { diff --git a/pkg/workflow/mcp_servers.go b/pkg/workflow/mcp_servers.go index 65297ff386a..8de02d347b9 100644 --- a/pkg/workflow/mcp_servers.go +++ b/pkg/workflow/mcp_servers.go @@ -248,6 +248,17 @@ func (c *Compiler) generateMCPSetup(yaml *strings.Builder, tools map[string]any, yaml.WriteString(" gh extension install githubnext/gh-aw\n") yaml.WriteString(" fi\n") yaml.WriteString(" gh aw --version\n") + yaml.WriteString(" # Copy the gh-aw binary to /opt/gh-aw for MCP server containerization\n") + yaml.WriteString(" mkdir -p /opt/gh-aw\n") + yaml.WriteString(" GH_AW_BIN=$(which gh-aw 2>/dev/null || find ~/.local/share/gh/extensions/gh-aw -name 'gh-aw' -type f 2>/dev/null | head -1)\n") + yaml.WriteString(" if [ -n \"$GH_AW_BIN\" ] && [ -f \"$GH_AW_BIN\" ]; then\n") + yaml.WriteString(" cp \"$GH_AW_BIN\" /opt/gh-aw/gh-aw\n") + yaml.WriteString(" chmod +x /opt/gh-aw/gh-aw\n") + yaml.WriteString(" echo \"Copied gh-aw binary to /opt/gh-aw/gh-aw\"\n") + yaml.WriteString(" else\n") + yaml.WriteString(" echo \"::error::Failed to find gh-aw binary for MCP server\"\n") + yaml.WriteString(" exit 1\n") + yaml.WriteString(" fi\n") } // Write safe-outputs MCP server if enabled