From 1d2bf3a6b31f3d8730bc0ead7dac7a054b37c5bd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 12 Nov 2025 06:09:35 +0000 Subject: [PATCH] docs: Update documentation for features from 2025-11-12 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Document action SHA validation and fingerprint field features merged in the last 24 hours. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- docs/src/content/docs/reference/frontmatter.md | 17 +++++++++++++++++ docs/src/content/docs/setup/cli.md | 4 +++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/src/content/docs/reference/frontmatter.md b/docs/src/content/docs/reference/frontmatter.md index 6322d6b9825..ce7d46561ef 100644 --- a/docs/src/content/docs/reference/frontmatter.md +++ b/docs/src/content/docs/reference/frontmatter.md @@ -70,6 +70,23 @@ source: "githubnext/agentics/workflows/ci-doctor.md@v1.0.0" When you run `gh aw add githubnext/agentics/ci-doctor@v1.0.0`, the source field is automatically added to the workflow frontmatter. This field is optional for manually created workflows. +### Asset Tracking (`fingerprint:`) + +The `fingerprint:` field enables tracking of assets created by the workflow. When specified, this identifier is automatically included in all created issues, pull requests, discussions, and comments, allowing retrieval of related assets through GitHub search. + +```yaml wrap +fingerprint: "daily-audit-workflow" +``` + +The fingerprint must be at least 8 characters and contain only alphanumeric characters, hyphens, and underscores. The identifier is embedded as an HTML comment in created assets, making it searchable but invisible in the rendered view. + +Search for workflow-created assets using the fingerprint: +```bash wrap +gh search issues --repo owner/repo "fingerprint: daily-audit-workflow" +``` + +This field is useful for workflows that create multiple assets over time (daily reports, scheduled analyses, automated issues) and need to track or aggregate those assets. + ### GitHub Token (`github-token:`) The `github-token:` field configures the default GitHub token for the entire workflow. This token is used for engine authentication, checkout steps, and safe-output operations unless overridden at more specific levels. diff --git a/docs/src/content/docs/setup/cli.md b/docs/src/content/docs/setup/cli.md index 8d89f3bb5de..d87c53e0c33 100644 --- a/docs/src/content/docs/setup/cli.md +++ b/docs/src/content/docs/setup/cli.md @@ -135,13 +135,15 @@ gh aw compile --purge # Remove orphaned .lock.yml files | Option | Description | |--------|-------------| -| `--validate` | Schema validation and container checks | +| `--validate` | Schema validation, container checks, and action SHA validation | | `--strict` | Requires timeouts, explicit network config, blocks write permissions | | `--zizmor` | Security scanning with [zizmor](https://github.com/woodruffw/zizmor) | | `--dependabot` | Generate npm/pip/Go manifests and update dependabot.yml | | `--watch` | Auto-recompile on file changes | | `--purge` | Remove orphaned `.lock.yml` files | +The `--validate` flag performs schema validation, checks container configurations, and validates that all pinned GitHub Actions are using current SHAs. When outdated action SHAs are detected, warnings are emitted with information about available updates. + ### Testing #### `trial`