From 38afc986a3afb50a003116ca34b51257a318d2cb Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 13 Jun 2026 10:47:35 +0000 Subject: [PATCH 1/3] Initial plan From 8c0a1a044ff10a87ac6fa8656b7d0730e0747aba Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 13 Jun 2026 11:24:58 +0000 Subject: [PATCH 2/3] [actions] Update GitHub Actions versions - 2026-06-13 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - github/gh-aw/actions/setup-cli: v0.78.3 → v0.79.8 - microsoft/apm-action: SHA update (v1.9.1) - ruby/setup-ruby: v1.310.0 → v1.313.0 - Update workflows from source: ci-doctor, daily-team-status, dependabot-repair Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/aw/actions-lock.json | 14 +-- .github/workflows/ci-doctor.md | 121 +++++++++++++++++++++++++ .github/workflows/daily-team-status.md | 59 +++++------- .github/workflows/dependabot-repair.md | 21 +++-- pkg/actionpins/data/action_pins.json | 14 +-- pkg/workflow/data/action_pins.json | 14 +-- 6 files changed, 178 insertions(+), 65 deletions(-) diff --git a/.github/aw/actions-lock.json b/.github/aw/actions-lock.json index 725248ddf24..bce54cac799 100644 --- a/.github/aw/actions-lock.json +++ b/.github/aw/actions-lock.json @@ -150,10 +150,10 @@ "version": "v4.36.2", "sha": "8aad20d150bbac5944a9f9d289da16a4b0d87c1e" }, - "github/gh-aw/actions/setup-cli@v0.78.3": { + "github/gh-aw/actions/setup-cli@v0.79.8": { "repo": "github/gh-aw/actions/setup-cli", - "version": "v0.78.3", - "sha": "544dd7355d846f9a7a1a5817a18148442e9ffe35" + "version": "v0.79.8", + "sha": "8b02ab336d100a5746e9f53b8bc2b22878278a6f" }, "github/stale-repos@v9.0.14": { "repo": "github/stale-repos", @@ -168,17 +168,17 @@ "microsoft/apm-action@v1.9.1": { "repo": "microsoft/apm-action", "version": "v1.9.1", - "sha": "ce02c22416172beb70072c5910b2163ee3f006f6" + "sha": "e5650fb81c4b5965090a17bd1ed1956071e95d17" }, "oven-sh/setup-bun@v2.2.0": { "repo": "oven-sh/setup-bun", "version": "v2.2.0", "sha": "0c5077e51419868618aeaa5fe8019c62421857d6" }, - "ruby/setup-ruby@v1.310.0": { + "ruby/setup-ruby@v1.313.0": { "repo": "ruby/setup-ruby", - "version": "v1.310.0", - "sha": "afeafc3d1ab54a631816aba4c914a0081c12ff2f" + "version": "v1.313.0", + "sha": "89f90524b88a01fe6e0b732220432cc6142926af" }, "safedep/pmg@v1": { "repo": "safedep/pmg", diff --git a/.github/workflows/ci-doctor.md b/.github/workflows/ci-doctor.md index 249d11e69b5..1c12ec8c56c 100644 --- a/.github/workflows/ci-doctor.md +++ b/.github/workflows/ci-doctor.md @@ -1,7 +1,18 @@ --- +<<<<<<< current (local changes) emoji: "🏥" description: Investigates failed CI workflows to identify root causes and patterns, creating issues with diagnostic information; also reviews PR check failures when the ci-doctor label is applied +||||||| base (original) +======= +description: | + This workflow is an automated CI failure investigator that triggers when monitored workflows fail. + Performs deep analysis of GitHub Actions workflow failures to identify root causes, + patterns, and provide actionable remediation steps. Analyzes logs, error messages, + and workflow configuration to help diagnose and resolve CI issues efficiently. + +>>>>>>> new (upstream) on: +<<<<<<< current (local changes) label_command: name: ci-doctor events: [pull_request] @@ -14,6 +25,34 @@ permissions: issues: read # To search and analyze issues (label removal handled by activation job) pull-requests: read # To read PR context (comments posted via safe-outputs) checks: read # To read check run results +||||||| base (original) + workflow_run: + workflows: ["Daily Perf Improver", "Daily Test Coverage Improver"] # Monitor the CI workflow specifically + types: + - completed + branches: + - main + # This will trigger only when the CI workflow completes with failure + # The condition is handled in the workflow body + stop-after: +1mo + +# Only trigger for failures - check in the workflow body +if: ${{ github.event.workflow_run.conclusion == 'failure' }} + +permissions: read-all +======= + workflow_run: + workflows: ["Daily Perf Improver", "Daily Test Coverage Improver"] # Monitor the CI workflow specifically + types: + - completed + branches: + - main + +# Only trigger for failures - check in the workflow body +if: ${{ github.event.workflow_run.conclusion == 'failure' }} + +permissions: read-all +>>>>>>> new (upstream) network: defaults @@ -21,10 +60,17 @@ engine: claude safe-outputs: create-issue: +<<<<<<< current (local changes) expires: 1d title-prefix: "[CI Failure Doctor] " labels: [cookie] close-older-issues: true +||||||| base (original) + title-prefix: "${{ github.workflow }}" +======= + title-prefix: "[ci-doctor] " + labels: [automation, ci] +>>>>>>> new (upstream) add-comment: max: 1 hide-older-comments: true @@ -42,6 +88,7 @@ tools: cli-proxy: true cache-memory: true web-fetch: +<<<<<<< current (local changes) web-search: github: mode: gh-proxy @@ -202,13 +249,28 @@ steps: echo "" echo "✅ PR pre-analysis complete. Agent should start with $SUMMARY_FILE" +||||||| base (original) + web-search: + +timeout-minutes: 10 +======= +timeout-minutes: 10 +>>>>>>> new (upstream) + +<<<<<<< current (local changes) source: githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d +||||||| base (original) +source: githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d +======= +source: githubnext/agentics/workflows/ci-doctor.md@e15e57b40918dbca11b350c55d02ab61934afa75 +>>>>>>> new (upstream) --- # CI Failure Doctor +<<<<<<< current (local changes) You are the CI Failure Doctor, an expert investigative agent that analyzes failed GitHub Actions checks to identify root causes and patterns. You operate in one of two modes depending on the trigger: - **PR Check Review Mode** — triggered when someone applies the `ci-doctor` label to a pull request; reviews the PR's failing CI checks and posts a diagnostic comment. @@ -294,6 +356,11 @@ Check run data was fetched before this session: {{/if}} {{#if github.event.workflow_run.id}} ## CI Failure Investigation Mode +||||||| base (original) +You are the CI Failure Doctor, an expert investigative agent that analyzes failed GitHub Actions workflows to identify root causes and patterns. Your mission is to conduct a deep investigation when the CI workflow fails. +======= +You are the CI Failure Doctor, an expert investigative agent that analyzes failed GitHub Actions workflows to identify root causes and patterns. Your goal is to conduct a deep investigation when the CI workflow fails. +>>>>>>> new (upstream) ## Current Context @@ -320,14 +387,27 @@ Logs and artifacts have been pre-downloaded before this session started: **ONLY proceed if the workflow conclusion is 'failure' or 'cancelled'**. If the workflow was successful, **call the `noop` tool** immediately and exit. ### Phase 1: Initial Triage + 1. **Verify Failure**: Check that `${{ github.event.workflow_run.conclusion }}` is `failure` or `cancelled` +<<<<<<< current (local changes) - **If the workflow was successful**: Call the `noop` tool with message "CI workflow completed successfully - no investigation needed" and **stop immediately**. Do not proceed with any further analysis. - **If the workflow failed or was cancelled**: Proceed with the investigation steps below. 2. **Get Workflow Details**: Use `get_workflow_run` to get full details of the failed run 3. **List Jobs**: Use `list_workflow_jobs` to identify which specific jobs failed 4. **Quick Assessment**: Determine if this is a new type of failure or a recurring pattern +||||||| base (original) +2. **Get Workflow Details**: Use `get_workflow_run` to get full details of the failed run +3. **List Jobs**: Use `list_workflow_jobs` to identify which specific jobs failed +4. **Quick Assessment**: Determine if this is a new type of failure or a recurring pattern +======= +2. **Deduplication Check**: Read `/tmp/memory/investigations/analyzed-runs.json` from the cache. If the current run ID (`${{ github.event.workflow_run.id }}`) is already listed, **stop immediately** — this run has already been investigated. After completing a new investigation, append the run ID to this index to prevent re-analysis. +3. **Get Workflow Details**: Use `get_workflow_run` to get full details of the failed run +4. **List Jobs**: Use `list_workflow_jobs` to identify which specific jobs failed +5. **Quick Assessment**: Determine if this is a new type of failure or a recurring pattern +>>>>>>> new (upstream) ### Phase 2: Deep Log Analysis +<<<<<<< current (local changes) 1. **Use Pre-Downloaded Logs and Artifacts**: Use the files in `/tmp/gh-aw/agent/ci-doctor/`: - Read the summary and hint files first (minimal context load) - Read ±10 lines around each hinted line number in the full log or artifact file @@ -335,6 +415,14 @@ Logs and artifacts have been pre-downloaded before this session started: - Only load the full log content if the hints are insufficient 2. **Fallback Log Retrieval**: If pre-downloaded files are unavailable, use `get_job_logs` with `failed_only=true`, `return_content=true`, and `tail_lines=100` to get the most relevant portion of logs directly (avoids downloading large blob files). Do NOT use `web-fetch` on blob storage log URLs. 3. **Pattern Recognition**: Analyze logs for: +||||||| base (original) +1. **Retrieve Logs**: Use `get_job_logs` with `failed_only=true` to get logs from all failed jobs +2. **Pattern Recognition**: Analyze logs for: +======= + +1. **Retrieve Logs**: Use `get_job_logs` with `failed_only=true` to get logs from all failed jobs +2. **Pattern Recognition**: Analyze logs for: +>>>>>>> new (upstream) - Error messages and stack traces - Dependency installation failures - Test failures with specific patterns @@ -349,6 +437,7 @@ Logs and artifacts have been pre-downloaded before this session started: - Timing patterns ### Phase 3: Historical Context Analysis + 1. **Search Investigation History**: Use file-based storage to search for similar failures: - Read from cached investigation files in `/tmp/gh-aw/agent/memory/investigations/` - Parse previous failure patterns and solutions @@ -358,6 +447,7 @@ Logs and artifacts have been pre-downloaded before this session started: 4. **PR Context**: If triggered by a PR, analyze the changed files ### Phase 4: Root Cause Investigation + 1. **Categorize Failure Type**: - **Code Issues**: Syntax errors, logic bugs, test failures - **Infrastructure**: Runner issues, network problems, resource constraints @@ -373,6 +463,7 @@ Logs and artifacts have been pre-downloaded before this session started: - For timeout issues: Identify slow operations and bottlenecks ### Phase 5: Pattern Storage and Knowledge Building + 1. **Store Investigation**: Save structured investigation data to files: - Write investigation report to `/tmp/gh-aw/agent/memory/investigations/-.json` - **Important**: Use filesystem-safe timestamp format `YYYY-MM-DD-HH-MM-SS-sss` (e.g., `2026-02-12-11-20-45-458`) @@ -382,6 +473,7 @@ Logs and artifacts have been pre-downloaded before this session started: 2. **Update Pattern Database**: Enhance knowledge with new findings by updating pattern files 3. **Save Artifacts**: Store detailed logs and analysis in the cached directories +<<<<<<< current (local changes) ### Phase 6: Looking for existing issues and closing older ones 1. **Search for existing CI failure doctor issues** @@ -407,6 +499,35 @@ Logs and artifacts have been pre-downloaded before this session started: - Otherwise, continue to create a new issue with fresh investigation data ### Phase 7: Reporting and Recommendations +||||||| base (original) +### Phase 6: Looking for existing issues + +1. **Convert the report to a search query** + - Use any advanced search features in GitHub Issues to find related issues + - Look for keywords, error messages, and patterns in existing issues +2. **Judge each match issues for relevance** + - Analyze the content of the issues found by the search and judge if they are similar to this issue. +3. **Add issue comment to duplicate issue and finish** + - If you find a duplicate issue, add a comment with your findings and close the investigation. + - Do NOT open a new issue since you found a duplicate already (skip next phases). + +### Phase 6: Reporting and Recommendations +======= +### Phase 6: Looking for existing issues + +1. **Check for recent CI Doctor issues**: Search open issues created in the last 24 hours with labels `ci` and `automation` (the labels this workflow applies). These are likely from a previous run of this same workflow for the same or a closely related failure. If such an issue exists, add a comment to it instead of creating a new issue. +2. **Convert the report to a search query** + - Use any advanced search features in GitHub Issues to find related issues + - Look for keywords, error messages, and patterns in existing issues +3. **Judge each match for relevance** + - Analyze the content of the issues found by the search and judge if they are similar to this issue. +4. **Add issue comment to duplicate issue and finish** + - If you find a duplicate issue, add a comment with your findings and close the investigation. + - Do NOT open a new issue since you found a duplicate already (skip next phases). + +### Phase 7: Reporting and Recommendations + +>>>>>>> new (upstream) 1. **Create Investigation Report**: Generate a comprehensive analysis including: - **Executive Summary**: Quick overview of the failure - **Root Cause**: Detailed explanation of what went wrong diff --git a/.github/workflows/daily-team-status.md b/.github/workflows/daily-team-status.md index c548ad55486..ef9ed7efc4a 100644 --- a/.github/workflows/daily-team-status.md +++ b/.github/workflows/daily-team-status.md @@ -1,54 +1,43 @@ --- -emoji: "📅" -timeout-minutes: 10 -strict: true +description: | + This workflow is a daily team status reporter creating upbeat activity summaries. + Gathers recent repository activity (issues, PRs, discussions, releases, code changes) + and generates engaging GitHub issues with productivity insights, community + highlights, and project recommendations. Uses a positive, encouraging tone with + moderate emoji usage to boost team morale. + on: - schedule: - - cron: "daily around 9:00 on weekdays" - stop-after: +1mo - workflow_dispatch: null + schedule: daily + workflow_dispatch: + permissions: contents: read issues: read pull-requests: read -tracker-id: daily-team-status + network: defaults -imports: - - uses: shared/daily-audit-base.md - with: - title-prefix: "[team-status] " - expires: 1d - - shared/otlp.md + +tools: + github: + min-integrity: none # This workflow is allowed to examine and comment on any issues + safe-outputs: + mentions: false + allowed-github-references: [] create-issue: - expires: 1d title-prefix: "[team-status] " - labels: [automation, daily-report] -description: | - This workflow created daily team status reporter creating upbeat activity summaries. - Gathers recent repository activity (issues, PRs, releases, code changes) - and generates engaging GitHub issues with productivity insights, community - highlights, and project recommendations. Uses a positive, encouraging tone with - moderate emoji usage to boost team morale. -source: githubnext/agentics/workflows/daily-team-status.md@d3422bf940923ef1d43db5559652b8e1e71869f3 -tools: - cli-proxy: true - github: null - - + labels: [report, daily-status] + close-older-issues: true +source: githubnext/agentics/workflows/team-status.md@main --- -{{#runtime-import? .github/shared-instructions.md}} - -{{#runtime-import .github/shared/editorial.md}} - -# Daily Team Status +# Team Status Create an upbeat daily status report for the team as a GitHub issue. ## What to include -- Recent repository activity (issues, PRs, releases, code changes) +- Recent repository activity (issues, PRs, discussions, releases, code changes) - Team productivity suggestions and improvement ideas - Community engagement highlights - Project investment and feature recommendations @@ -63,5 +52,3 @@ Create an upbeat daily status report for the team as a GitHub issue. 1. Gather recent activity from the repository 2. Create a new GitHub issue with your findings and insights - -{{#runtime-import shared/noop-reminder.md}} diff --git a/.github/workflows/dependabot-repair.md b/.github/workflows/dependabot-repair.md index aaec7580b44..c698560bdc9 100644 --- a/.github/workflows/dependabot-repair.md +++ b/.github/workflows/dependabot-repair.md @@ -7,6 +7,7 @@ on: timeout-minutes: 45 permissions: read-all +if: github.event.pull_request.user.login == 'dependabot[bot]' imports: - shared/otlp.md @@ -31,17 +32,21 @@ safe-outputs: max: 1 noop: max: 1 +<<<<<<< current (local changes) source: githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@ff91842c074b23270d3a0e26a7206a251232a374 +||||||| base (original) +source: githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@ff91842c074b23270d3a0e26a7206a251232a374 +======= +source: githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@7ddda653c8dd0b5217e197b350e0a4d00244b816 +>>>>>>> new (upstream) --- # Dependabot Local Repair ## Scope -Only act on PRs authored by `dependabot[bot]`. - -If not, use `noop`. +This workflow runs only for PRs authored by `dependabot[bot]`. ## Mission @@ -81,11 +86,11 @@ Title: ## Comment -### Dependabot Repair Review +### Dependabot Review -Action: repaired | safe-out | no-op -Checks reviewed: yes | no +Action: repaired | safe-out | no-op +Checks reviewed: yes | no Repair PR: -Summary: -Next Step: +Summary: +Next Step: \ No newline at end of file diff --git a/pkg/actionpins/data/action_pins.json b/pkg/actionpins/data/action_pins.json index 725248ddf24..bce54cac799 100644 --- a/pkg/actionpins/data/action_pins.json +++ b/pkg/actionpins/data/action_pins.json @@ -150,10 +150,10 @@ "version": "v4.36.2", "sha": "8aad20d150bbac5944a9f9d289da16a4b0d87c1e" }, - "github/gh-aw/actions/setup-cli@v0.78.3": { + "github/gh-aw/actions/setup-cli@v0.79.8": { "repo": "github/gh-aw/actions/setup-cli", - "version": "v0.78.3", - "sha": "544dd7355d846f9a7a1a5817a18148442e9ffe35" + "version": "v0.79.8", + "sha": "8b02ab336d100a5746e9f53b8bc2b22878278a6f" }, "github/stale-repos@v9.0.14": { "repo": "github/stale-repos", @@ -168,17 +168,17 @@ "microsoft/apm-action@v1.9.1": { "repo": "microsoft/apm-action", "version": "v1.9.1", - "sha": "ce02c22416172beb70072c5910b2163ee3f006f6" + "sha": "e5650fb81c4b5965090a17bd1ed1956071e95d17" }, "oven-sh/setup-bun@v2.2.0": { "repo": "oven-sh/setup-bun", "version": "v2.2.0", "sha": "0c5077e51419868618aeaa5fe8019c62421857d6" }, - "ruby/setup-ruby@v1.310.0": { + "ruby/setup-ruby@v1.313.0": { "repo": "ruby/setup-ruby", - "version": "v1.310.0", - "sha": "afeafc3d1ab54a631816aba4c914a0081c12ff2f" + "version": "v1.313.0", + "sha": "89f90524b88a01fe6e0b732220432cc6142926af" }, "safedep/pmg@v1": { "repo": "safedep/pmg", diff --git a/pkg/workflow/data/action_pins.json b/pkg/workflow/data/action_pins.json index 725248ddf24..bce54cac799 100644 --- a/pkg/workflow/data/action_pins.json +++ b/pkg/workflow/data/action_pins.json @@ -150,10 +150,10 @@ "version": "v4.36.2", "sha": "8aad20d150bbac5944a9f9d289da16a4b0d87c1e" }, - "github/gh-aw/actions/setup-cli@v0.78.3": { + "github/gh-aw/actions/setup-cli@v0.79.8": { "repo": "github/gh-aw/actions/setup-cli", - "version": "v0.78.3", - "sha": "544dd7355d846f9a7a1a5817a18148442e9ffe35" + "version": "v0.79.8", + "sha": "8b02ab336d100a5746e9f53b8bc2b22878278a6f" }, "github/stale-repos@v9.0.14": { "repo": "github/stale-repos", @@ -168,17 +168,17 @@ "microsoft/apm-action@v1.9.1": { "repo": "microsoft/apm-action", "version": "v1.9.1", - "sha": "ce02c22416172beb70072c5910b2163ee3f006f6" + "sha": "e5650fb81c4b5965090a17bd1ed1956071e95d17" }, "oven-sh/setup-bun@v2.2.0": { "repo": "oven-sh/setup-bun", "version": "v2.2.0", "sha": "0c5077e51419868618aeaa5fe8019c62421857d6" }, - "ruby/setup-ruby@v1.310.0": { + "ruby/setup-ruby@v1.313.0": { "repo": "ruby/setup-ruby", - "version": "v1.310.0", - "sha": "afeafc3d1ab54a631816aba4c914a0081c12ff2f" + "version": "v1.313.0", + "sha": "89f90524b88a01fe6e0b732220432cc6142926af" }, "safedep/pmg@v1": { "repo": "safedep/pmg", From b3b6dab0b99cefc9f7a23c2a7ff453c503d1c1d2 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 13 Jun 2026 11:29:41 +0000 Subject: [PATCH 3/3] Resolve merge conflicts and recompile workflow lock files - Resolve 3-way merge markers in ci-doctor.md: keep local customizations, update source SHA to e15e57b40918dbca11b350c55d02ab61934afa75 - Resolve merge marker in dependabot-repair.md: update source SHA to 7ddda653c8dd0b5217e197b350e0a4d00244b816 - Recompile lock files for ci-doctor, daily-team-status, dependabot-repair Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/ci-doctor.lock.yml | 32 +- .github/workflows/ci-doctor.md | 118 -------- .github/workflows/daily-team-status.lock.yml | 296 +++++-------------- .github/workflows/dependabot-repair.lock.yml | 39 +-- .github/workflows/dependabot-repair.md | 7 - 5 files changed, 118 insertions(+), 374 deletions(-) diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index c0a2b2140c9..76e853b65cc 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"a9af519ac9d60bb255dcb8f98b80cc025825179c967c488d3f5a03b3ab6ea4d5","body_hash":"52a39a9c452662b42ec0e5e19bfefca16b8d5a92c9f040304074d247398657f2","strict":true,"agent_id":"claude","engine_versions":{"claude":"2.1.168"}} +# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"41ba4d1ea9dcdca42ca5a0c62d30db6d650d7985e5192cc45a3c71e869b3cc81","body_hash":"c5646d7ad137f2fbba9ba94628a5dd8c50476921c14a8ce75073e54590a6876e","strict":true,"agent_id":"claude","engine_versions":{"claude":"2.1.168"}} # gh-aw-manifest: {"version":1,"secrets":["ANTHROPIC_API_KEY","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6.0.3"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.27.2","digest":"sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.27.2@sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2","digest":"sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2@sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.2","digest":"sha256:02f3ec08f32dc26c5427920c6a2e2f3036238fce44802f2f11ef49ed8621b5d0","pinned_image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.2@sha256:02f3ec08f32dc26c5427920c6a2e2f3036238fce44802f2f11ef49ed8621b5d0"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.27.2","digest":"sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.27.2@sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.25","digest":"sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.25@sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa"},{"image":"ghcr.io/github/github-mcp-server:v1.1.2","digest":"sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c","pinned_image":"ghcr.io/github/github-mcp-server:v1.1.2@sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c"}]} # This file was automatically generated by gh-aw. DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md # @@ -17,7 +17,7 @@ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # # -# To update this file, edit githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d and run: +# To update this file, edit githubnext/agentics/workflows/ci-doctor.md@e15e57b40918dbca11b350c55d02ab61934afa75 and run: # gh aw compile # Not all edits will cause changes to this file. # @@ -25,7 +25,7 @@ # # Investigates failed CI workflows to identify root causes and patterns, creating issues with diagnostic information; also reviews PR check failures when the ci-doctor label is applied # -# Source: githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d +# Source: githubnext/agentics/workflows/ci-doctor.md@e15e57b40918dbca11b350c55d02ab61934afa75 # # Resolved workflow manifest: # Imports: @@ -162,7 +162,7 @@ jobs: GH_AW_INFO_AWF_VERSION: "v0.27.2" GH_AW_INFO_AWMG_VERSION: "" GH_AW_INFO_FIREWALL_TYPE: "squid" - GH_AW_INFO_FRONTMATTER_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d" + GH_AW_INFO_FRONTMATTER_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@e15e57b40918dbca11b350c55d02ab61934afa75" GH_AW_INFO_BODY_MODIFIED: "false" GH_AW_INFO_FRONTMATTER_EMOJI: "🏥" GH_AW_COMPILED_STRICT: "true" @@ -1454,8 +1454,8 @@ jobs: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: "1" GH_AW_WORKFLOW_NAME: "CI Failure Doctor" - GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/ea350161ad5dcc9624cf510f134c6a9e39a6f94d/workflows/ci-doctor.md" + GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@e15e57b40918dbca11b350c55d02ab61934afa75" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/e15e57b40918dbca11b350c55d02ab61934afa75/workflows/ci-doctor.md" GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} GH_AW_NOOP_REPORT_AS_ISSUE: "true" @@ -1476,8 +1476,8 @@ jobs: env: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "CI Failure Doctor" - GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/ea350161ad5dcc9624cf510f134c6a9e39a6f94d/workflows/ci-doctor.md" + GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@e15e57b40918dbca11b350c55d02ab61934afa75" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/e15e57b40918dbca11b350c55d02ab61934afa75/workflows/ci-doctor.md" GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.outputs.detection_conclusion }} GH_AW_DETECTION_REASON: ${{ needs.detection.outputs.detection_reason }} @@ -1495,8 +1495,8 @@ jobs: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_MISSING_TOOL_CREATE_ISSUE: "true" GH_AW_WORKFLOW_NAME: "CI Failure Doctor" - GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/ea350161ad5dcc9624cf510f134c6a9e39a6f94d/workflows/ci-doctor.md" + GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@e15e57b40918dbca11b350c55d02ab61934afa75" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/e15e57b40918dbca11b350c55d02ab61934afa75/workflows/ci-doctor.md" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -1511,8 +1511,8 @@ jobs: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_REPORT_INCOMPLETE_CREATE_ISSUE: "true" GH_AW_WORKFLOW_NAME: "CI Failure Doctor" - GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/ea350161ad5dcc9624cf510f134c6a9e39a6f94d/workflows/ci-doctor.md" + GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@e15e57b40918dbca11b350c55d02ab61934afa75" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/e15e57b40918dbca11b350c55d02ab61934afa75/workflows/ci-doctor.md" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -1527,8 +1527,8 @@ jobs: env: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "CI Failure Doctor" - GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/ea350161ad5dcc9624cf510f134c6a9e39a6f94d/workflows/ci-doctor.md" + GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@e15e57b40918dbca11b350c55d02ab61934afa75" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/e15e57b40918dbca11b350c55d02ab61934afa75/workflows/ci-doctor.md" GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} GH_AW_WORKFLOW_ID: "ci-doctor" @@ -1919,8 +1919,8 @@ jobs: GH_AW_WORKFLOW_EMOJI: "🏥" GH_AW_WORKFLOW_ID: "ci-doctor" GH_AW_WORKFLOW_NAME: "CI Failure Doctor" - GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/ea350161ad5dcc9624cf510f134c6a9e39a6f94d/workflows/ci-doctor.md" + GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/ci-doctor.md@e15e57b40918dbca11b350c55d02ab61934afa75" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/e15e57b40918dbca11b350c55d02ab61934afa75/workflows/ci-doctor.md" outputs: code_push_failure_count: ${{ steps.process_safe_outputs.outputs.code_push_failure_count }} code_push_failure_errors: ${{ steps.process_safe_outputs.outputs.code_push_failure_errors }} diff --git a/.github/workflows/ci-doctor.md b/.github/workflows/ci-doctor.md index 1c12ec8c56c..46a99621c9a 100644 --- a/.github/workflows/ci-doctor.md +++ b/.github/workflows/ci-doctor.md @@ -1,18 +1,7 @@ --- -<<<<<<< current (local changes) emoji: "🏥" description: Investigates failed CI workflows to identify root causes and patterns, creating issues with diagnostic information; also reviews PR check failures when the ci-doctor label is applied -||||||| base (original) -======= -description: | - This workflow is an automated CI failure investigator that triggers when monitored workflows fail. - Performs deep analysis of GitHub Actions workflow failures to identify root causes, - patterns, and provide actionable remediation steps. Analyzes logs, error messages, - and workflow configuration to help diagnose and resolve CI issues efficiently. - ->>>>>>> new (upstream) on: -<<<<<<< current (local changes) label_command: name: ci-doctor events: [pull_request] @@ -25,34 +14,6 @@ permissions: issues: read # To search and analyze issues (label removal handled by activation job) pull-requests: read # To read PR context (comments posted via safe-outputs) checks: read # To read check run results -||||||| base (original) - workflow_run: - workflows: ["Daily Perf Improver", "Daily Test Coverage Improver"] # Monitor the CI workflow specifically - types: - - completed - branches: - - main - # This will trigger only when the CI workflow completes with failure - # The condition is handled in the workflow body - stop-after: +1mo - -# Only trigger for failures - check in the workflow body -if: ${{ github.event.workflow_run.conclusion == 'failure' }} - -permissions: read-all -======= - workflow_run: - workflows: ["Daily Perf Improver", "Daily Test Coverage Improver"] # Monitor the CI workflow specifically - types: - - completed - branches: - - main - -# Only trigger for failures - check in the workflow body -if: ${{ github.event.workflow_run.conclusion == 'failure' }} - -permissions: read-all ->>>>>>> new (upstream) network: defaults @@ -60,17 +21,10 @@ engine: claude safe-outputs: create-issue: -<<<<<<< current (local changes) expires: 1d title-prefix: "[CI Failure Doctor] " labels: [cookie] close-older-issues: true -||||||| base (original) - title-prefix: "${{ github.workflow }}" -======= - title-prefix: "[ci-doctor] " - labels: [automation, ci] ->>>>>>> new (upstream) add-comment: max: 1 hide-older-comments: true @@ -88,7 +42,6 @@ tools: cli-proxy: true cache-memory: true web-fetch: -<<<<<<< current (local changes) web-search: github: mode: gh-proxy @@ -249,28 +202,12 @@ steps: echo "" echo "✅ PR pre-analysis complete. Agent should start with $SUMMARY_FILE" -||||||| base (original) - web-search: - -timeout-minutes: 10 -======= - -timeout-minutes: 10 ->>>>>>> new (upstream) -<<<<<<< current (local changes) -source: githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d - -||||||| base (original) -source: githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d -======= source: githubnext/agentics/workflows/ci-doctor.md@e15e57b40918dbca11b350c55d02ab61934afa75 ->>>>>>> new (upstream) --- # CI Failure Doctor -<<<<<<< current (local changes) You are the CI Failure Doctor, an expert investigative agent that analyzes failed GitHub Actions checks to identify root causes and patterns. You operate in one of two modes depending on the trigger: - **PR Check Review Mode** — triggered when someone applies the `ci-doctor` label to a pull request; reviews the PR's failing CI checks and posts a diagnostic comment. @@ -356,11 +293,6 @@ Check run data was fetched before this session: {{/if}} {{#if github.event.workflow_run.id}} ## CI Failure Investigation Mode -||||||| base (original) -You are the CI Failure Doctor, an expert investigative agent that analyzes failed GitHub Actions workflows to identify root causes and patterns. Your mission is to conduct a deep investigation when the CI workflow fails. -======= -You are the CI Failure Doctor, an expert investigative agent that analyzes failed GitHub Actions workflows to identify root causes and patterns. Your goal is to conduct a deep investigation when the CI workflow fails. ->>>>>>> new (upstream) ## Current Context @@ -389,25 +321,13 @@ Logs and artifacts have been pre-downloaded before this session started: ### Phase 1: Initial Triage 1. **Verify Failure**: Check that `${{ github.event.workflow_run.conclusion }}` is `failure` or `cancelled` -<<<<<<< current (local changes) - **If the workflow was successful**: Call the `noop` tool with message "CI workflow completed successfully - no investigation needed" and **stop immediately**. Do not proceed with any further analysis. - **If the workflow failed or was cancelled**: Proceed with the investigation steps below. 2. **Get Workflow Details**: Use `get_workflow_run` to get full details of the failed run 3. **List Jobs**: Use `list_workflow_jobs` to identify which specific jobs failed 4. **Quick Assessment**: Determine if this is a new type of failure or a recurring pattern -||||||| base (original) -2. **Get Workflow Details**: Use `get_workflow_run` to get full details of the failed run -3. **List Jobs**: Use `list_workflow_jobs` to identify which specific jobs failed -4. **Quick Assessment**: Determine if this is a new type of failure or a recurring pattern -======= -2. **Deduplication Check**: Read `/tmp/memory/investigations/analyzed-runs.json` from the cache. If the current run ID (`${{ github.event.workflow_run.id }}`) is already listed, **stop immediately** — this run has already been investigated. After completing a new investigation, append the run ID to this index to prevent re-analysis. -3. **Get Workflow Details**: Use `get_workflow_run` to get full details of the failed run -4. **List Jobs**: Use `list_workflow_jobs` to identify which specific jobs failed -5. **Quick Assessment**: Determine if this is a new type of failure or a recurring pattern ->>>>>>> new (upstream) ### Phase 2: Deep Log Analysis -<<<<<<< current (local changes) 1. **Use Pre-Downloaded Logs and Artifacts**: Use the files in `/tmp/gh-aw/agent/ci-doctor/`: - Read the summary and hint files first (minimal context load) - Read ±10 lines around each hinted line number in the full log or artifact file @@ -415,14 +335,6 @@ Logs and artifacts have been pre-downloaded before this session started: - Only load the full log content if the hints are insufficient 2. **Fallback Log Retrieval**: If pre-downloaded files are unavailable, use `get_job_logs` with `failed_only=true`, `return_content=true`, and `tail_lines=100` to get the most relevant portion of logs directly (avoids downloading large blob files). Do NOT use `web-fetch` on blob storage log URLs. 3. **Pattern Recognition**: Analyze logs for: -||||||| base (original) -1. **Retrieve Logs**: Use `get_job_logs` with `failed_only=true` to get logs from all failed jobs -2. **Pattern Recognition**: Analyze logs for: -======= - -1. **Retrieve Logs**: Use `get_job_logs` with `failed_only=true` to get logs from all failed jobs -2. **Pattern Recognition**: Analyze logs for: ->>>>>>> new (upstream) - Error messages and stack traces - Dependency installation failures - Test failures with specific patterns @@ -473,7 +385,6 @@ Logs and artifacts have been pre-downloaded before this session started: 2. **Update Pattern Database**: Enhance knowledge with new findings by updating pattern files 3. **Save Artifacts**: Store detailed logs and analysis in the cached directories -<<<<<<< current (local changes) ### Phase 6: Looking for existing issues and closing older ones 1. **Search for existing CI failure doctor issues** @@ -499,35 +410,6 @@ Logs and artifacts have been pre-downloaded before this session started: - Otherwise, continue to create a new issue with fresh investigation data ### Phase 7: Reporting and Recommendations -||||||| base (original) -### Phase 6: Looking for existing issues - -1. **Convert the report to a search query** - - Use any advanced search features in GitHub Issues to find related issues - - Look for keywords, error messages, and patterns in existing issues -2. **Judge each match issues for relevance** - - Analyze the content of the issues found by the search and judge if they are similar to this issue. -3. **Add issue comment to duplicate issue and finish** - - If you find a duplicate issue, add a comment with your findings and close the investigation. - - Do NOT open a new issue since you found a duplicate already (skip next phases). - -### Phase 6: Reporting and Recommendations -======= -### Phase 6: Looking for existing issues - -1. **Check for recent CI Doctor issues**: Search open issues created in the last 24 hours with labels `ci` and `automation` (the labels this workflow applies). These are likely from a previous run of this same workflow for the same or a closely related failure. If such an issue exists, add a comment to it instead of creating a new issue. -2. **Convert the report to a search query** - - Use any advanced search features in GitHub Issues to find related issues - - Look for keywords, error messages, and patterns in existing issues -3. **Judge each match for relevance** - - Analyze the content of the issues found by the search and judge if they are similar to this issue. -4. **Add issue comment to duplicate issue and finish** - - If you find a duplicate issue, add a comment with your findings and close the investigation. - - Do NOT open a new issue since you found a duplicate already (skip next phases). - -### Phase 7: Reporting and Recommendations - ->>>>>>> new (upstream) 1. **Create Investigation Report**: Generate a comprehensive analysis including: - **Executive Summary**: Quick overview of the failure - **Root Cause**: Detailed explanation of what went wrong diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index edd40766ff8..200509ef621 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -1,5 +1,5 @@ -# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"4a4e45b2bc9cf5e96c4550ec8976cfabc2ae552d97d383dbcefc69fc227afd98","body_hash":"ce929d76ef870cededa571f721dec62b4d127a65ddfaec248dcda9b0cce61069","stop_time":"2026-02-09 04:24:39","strict":true,"agent_id":"copilot","engine_versions":{"copilot":"1.0.60"}} -# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6.0.3"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.27.2","digest":"sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.27.2@sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2","digest":"sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2@sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.27.2","digest":"sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.27.2@sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.25","digest":"sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.25@sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa"},{"image":"ghcr.io/github/github-mcp-server:v1.1.2","digest":"sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c","pinned_image":"ghcr.io/github/github-mcp-server:v1.1.2@sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c"}]} +# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"9f61ffba0d4e9663a43f41030c13a4c7c71ebac8122f586cbd706756a605df94","body_hash":"2c6ea50782d3aec18621d3c699521beb6fbc4664acb9888a949609bf92a382ca","strict":true,"agent_id":"copilot","engine_versions":{"copilot":"1.0.60"}} +# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6.0.3"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.27.2","digest":"sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.27.2@sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2","digest":"sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2@sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.27.2","digest":"sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.27.2@sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.25","digest":"sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.25@sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa"},{"image":"ghcr.io/github/github-mcp-server:v1.1.2","digest":"sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c","pinned_image":"ghcr.io/github/github-mcp-server:v1.1.2@sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c"}]} # This file was automatically generated by gh-aw. DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md # # ___ _ _ @@ -17,35 +17,24 @@ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # # -# To update this file, edit githubnext/agentics/workflows/daily-team-status.md@d3422bf940923ef1d43db5559652b8e1e71869f3 and run: +# To update this file, edit githubnext/agentics/workflows/team-status.md@main and run: # gh aw compile # Not all edits will cause changes to this file. # # For more information: https://github.github.com/gh-aw/introduction/overview/ # -# This workflow created daily team status reporter creating upbeat activity summaries. -# Gathers recent repository activity (issues, PRs, releases, code changes) +# This workflow is a daily team status reporter creating upbeat activity summaries. +# Gathers recent repository activity (issues, PRs, discussions, releases, code changes) # and generates engaging GitHub issues with productivity insights, community # highlights, and project recommendations. Uses a positive, encouraging tone with # moderate emoji usage to boost team morale. # -# Source: githubnext/agentics/workflows/daily-team-status.md@d3422bf940923ef1d43db5559652b8e1e71869f3 -# -# Resolved workflow manifest: -# Imports: -# - shared/daily-audit-discussion.md -# - shared/otlp.md -# - shared/reporting.md -# - shared/daily-audit-base.md +# Source: githubnext/agentics/workflows/team-status.md@main # # Secrets used: # - COPILOT_GITHUB_TOKEN # - GH_AW_GITHUB_MCP_SERVER_TOKEN # - GH_AW_GITHUB_TOKEN -# - GH_AW_OTEL_GRAFANA_AUTHORIZATION -# - GH_AW_OTEL_GRAFANA_ENDPOINT -# - GH_AW_OTEL_SENTRY_AUTHORIZATION -# - GH_AW_OTEL_SENTRY_ENDPOINT # - GITHUB_TOKEN # # Custom actions used: @@ -54,7 +43,6 @@ # - actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # - actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 -# - actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 (source v9) # - actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 # - actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 # @@ -64,13 +52,12 @@ # - ghcr.io/github/gh-aw-firewall/squid:0.27.2@sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591 # - ghcr.io/github/gh-aw-mcpg:v0.3.25@sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa # - ghcr.io/github/github-mcp-server:v1.1.2@sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c -# -# Effective stop-time: 2026-02-09 04:24:39 -name: "Daily Team Status" +name: "Team Status" on: schedule: - - cron: "17 9 * * 1-5" + - cron: "24 11 * * *" + # Friendly format: daily (scattered) workflow_dispatch: inputs: aw_context: @@ -84,20 +71,10 @@ permissions: {} concurrency: group: "gh-aw-${{ github.workflow }}" -run-name: "Daily Team Status" - -env: - OTEL_EXPORTER_OTLP_ENDPOINT: ${{ secrets.GH_AW_OTEL_SENTRY_ENDPOINT }} - OTEL_SERVICE_NAME: gh-aw.daily-team-status - OTEL_RESOURCE_ATTRIBUTES: 'gh-aw.workflow.name=Daily Team Status,gh-aw.repository=${{ github.repository }},gh-aw.run.id=${{ github.run_id }},github.run_id=${{ github.run_id }},gh-aw.engine.id=copilot' - OTEL_EXPORTER_OTLP_HEADERS: x-sentry-auth=${{ secrets.GH_AW_OTEL_SENTRY_AUTHORIZATION }} - GH_AW_OTLP_ALL_HEADERS: x-sentry-auth=${{ secrets.GH_AW_OTEL_SENTRY_AUTHORIZATION }},Authorization=${{ secrets.GH_AW_OTEL_GRAFANA_AUTHORIZATION }} - GH_AW_OTLP_ENDPOINTS: '[{"url":"${{ secrets.GH_AW_OTEL_SENTRY_ENDPOINT }}","headers":"x-sentry-auth=${{ secrets.GH_AW_OTEL_SENTRY_AUTHORIZATION }}"},{"url":"${{ secrets.GH_AW_OTEL_GRAFANA_ENDPOINT }}","headers":"Authorization=${{ secrets.GH_AW_OTEL_GRAFANA_AUTHORIZATION }}"}]' +run-name: "Team Status" jobs: activation: - needs: pre_activation - if: needs.pre_activation.outputs.activated == 'true' runs-on: ubuntu-slim permissions: actions: read @@ -132,18 +109,14 @@ jobs: with: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - parent-span-id: ${{ needs.pre_activation.outputs.setup-parent-span-id || needs.pre_activation.outputs.setup-span-id }} safe-output-artifact-client: ${{ env.GH_AW_MAX_DAILY_AI_CREDITS != '' }} env: - GH_AW_SETUP_WORKFLOW_NAME: "Daily Team Status" + GH_AW_SETUP_WORKFLOW_NAME: "Team Status" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/daily-team-status.lock.yml@${{ github.ref }} GH_AW_INFO_VERSION: "1.0.60" GH_AW_INFO_AWF_VERSION: "v0.27.2" GH_AW_INFO_BODY_MODIFIED: "false" GH_AW_INFO_ENGINE_ID: "copilot" - - name: Mask OTLP telemetry headers - run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -152,18 +125,17 @@ jobs: GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || vars.GH_AW_DEFAULT_MODEL_COPILOT || 'claude-sonnet-4.6' }} GH_AW_INFO_VERSION: "1.0.60" GH_AW_INFO_AGENT_VERSION: "1.0.60" - GH_AW_INFO_WORKFLOW_NAME: "Daily Team Status" + GH_AW_INFO_WORKFLOW_NAME: "Team Status" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" GH_AW_INFO_STAGED: "false" - GH_AW_INFO_ALLOWED_DOMAINS: '["*.grafana.net","*.sentry.io","defaults"]' + GH_AW_INFO_ALLOWED_DOMAINS: '["defaults"]' GH_AW_INFO_FIREWALL_ENABLED: "true" GH_AW_INFO_AWF_VERSION: "v0.27.2" GH_AW_INFO_AWMG_VERSION: "" GH_AW_INFO_FIREWALL_TYPE: "squid" - GH_AW_INFO_FRONTMATTER_SOURCE: "githubnext/agentics/workflows/daily-team-status.md@d3422bf940923ef1d43db5559652b8e1e71869f3" + GH_AW_INFO_FRONTMATTER_SOURCE: "githubnext/agentics/workflows/team-status.md@main" GH_AW_INFO_BODY_MODIFIED: "false" - GH_AW_INFO_FRONTMATTER_EMOJI: "📅" GH_AW_COMPILED_STRICT: "true" uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: @@ -186,7 +158,7 @@ jobs: if: ${{ env.GH_AW_MAX_DAILY_AI_CREDITS != '' }} uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: - GH_AW_WORKFLOW_NAME: "Daily Team Status" + GH_AW_WORKFLOW_NAME: "Team Status" GH_AW_WORKFLOW_ID: "daily-team-status" GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_WORKFLOW_DISPATCH_AW_CONTEXT: ${{ github.event.inputs.aw_context || '' }} @@ -255,20 +227,20 @@ jobs: run: | bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh" { - cat << 'GH_AW_PROMPT_9ecd0bda1cd01475_EOF' + cat << 'GH_AW_PROMPT_9a25fe0264c2fe92_EOF' - GH_AW_PROMPT_9ecd0bda1cd01475_EOF + GH_AW_PROMPT_9a25fe0264c2fe92_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md" cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md" cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md" - cat << 'GH_AW_PROMPT_9ecd0bda1cd01475_EOF' + cat << 'GH_AW_PROMPT_9a25fe0264c2fe92_EOF' - Tools: create_issue, create_discussion, missing_tool, missing_data, noop + Tools: create_issue, missing_tool, missing_data, noop - GH_AW_PROMPT_9ecd0bda1cd01475_EOF + GH_AW_PROMPT_9a25fe0264c2fe92_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md" - cat << 'GH_AW_PROMPT_9ecd0bda1cd01475_EOF' + cat << 'GH_AW_PROMPT_9a25fe0264c2fe92_EOF' The following GitHub context information is available for this workflow: {{#if github.actor}} @@ -297,16 +269,12 @@ jobs: {{/if}} - GH_AW_PROMPT_9ecd0bda1cd01475_EOF + GH_AW_PROMPT_9a25fe0264c2fe92_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_with_safeoutputs_prompt.md" - cat << 'GH_AW_PROMPT_9ecd0bda1cd01475_EOF' + cat << 'GH_AW_PROMPT_9a25fe0264c2fe92_EOF' - {{#runtime-import .github/workflows/shared/otlp.md}} - {{#runtime-import .github/workflows/shared/reporting.md}} - {{#runtime-import .github/shared/editorial.md}} - {{#runtime-import .github/workflows/shared/noop-reminder.md}} {{#runtime-import .github/workflows/daily-team-status.md}} - GH_AW_PROMPT_9ecd0bda1cd01475_EOF + GH_AW_PROMPT_9a25fe0264c2fe92_EOF } > "$GH_AW_PROMPT" - name: Interpolate variables and render templates uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 @@ -332,7 +300,6 @@ jobs: GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} GH_AW_MCP_CLI_SERVERS_LIST: '- `safeoutputs` — run `safeoutputs --help` to see available tools' - GH_AW_NEEDS_PRE_ACTIVATION_OUTPUTS_ACTIVATED: ${{ needs.pre_activation.outputs.activated }} with: script: | const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); @@ -352,8 +319,7 @@ jobs: GH_AW_GITHUB_REPOSITORY: process.env.GH_AW_GITHUB_REPOSITORY, GH_AW_GITHUB_RUN_ID: process.env.GH_AW_GITHUB_RUN_ID, GH_AW_GITHUB_WORKSPACE: process.env.GH_AW_GITHUB_WORKSPACE, - GH_AW_MCP_CLI_SERVERS_LIST: process.env.GH_AW_MCP_CLI_SERVERS_LIST, - GH_AW_NEEDS_PRE_ACTIVATION_OUTPUTS_ACTIVATED: process.env.GH_AW_NEEDS_PRE_ACTIVATION_OUTPUTS_ACTIVATED + GH_AW_MCP_CLI_SERVERS_LIST: process.env.GH_AW_MCP_CLI_SERVERS_LIST } }); - name: Validate prompt placeholders @@ -439,7 +405,7 @@ jobs: trace-id: ${{ needs.activation.outputs.setup-trace-id }} parent-span-id: ${{ needs.activation.outputs.setup-parent-span-id || needs.activation.outputs.setup-span-id }} env: - GH_AW_SETUP_WORKFLOW_NAME: "Daily Team Status" + GH_AW_SETUP_WORKFLOW_NAME: "Team Status" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/daily-team-status.lock.yml@${{ github.ref }} GH_AW_INFO_VERSION: "1.0.60" GH_AW_INFO_AWF_VERSION: "v0.27.2" @@ -453,8 +419,6 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_CONFIG_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - - name: Mask OTLP telemetry headers - run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: @@ -498,16 +462,13 @@ jobs: GH_HOST: github.com - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.27.2 - - name: Determine automatic lockdown mode for GitHub MCP Server - id: determine-automatic-lockdown - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 (source v9) + - name: Parse integrity filter lists + id: parse-guard-vars env: - GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }} - GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }} - with: - script: | - const determineAutomaticLockdown = require('${{ runner.temp }}/gh-aw/actions/determine_automatic_lockdown.cjs'); - await determineAutomaticLockdown(github, context, core); + GH_AW_BLOCKED_USERS_VAR: ${{ vars.GH_AW_GITHUB_BLOCKED_USERS || '' }} + GH_AW_TRUSTED_USERS_VAR: ${{ vars.GH_AW_GITHUB_TRUSTED_USERS || '' }} + GH_AW_APPROVAL_LABELS_VAR: ${{ vars.GH_AW_GITHUB_APPROVAL_LABELS || '' }} + run: bash "${RUNNER_TEMP}/gh-aw/actions/parse_guard_list.sh" - name: Download activation artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: @@ -535,49 +496,21 @@ jobs: mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs" mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs - cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_3b26f55c41ca3fb3_EOF' - {"create_discussion":{"category":"audits","close_older_discussions":true,"expires":24,"fallback_to_issue":true,"max":1,"title_prefix":"[team-status] "},"create_issue":{"expires":24,"labels":["automation","daily-report"],"max":1,"title_prefix":"[team-status] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}} - GH_AW_SAFE_OUTPUTS_CONFIG_3b26f55c41ca3fb3_EOF + cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_3385073f16158031_EOF' + {"create_issue":{"close_older_issues":true,"labels":["report","daily-status"],"max":1,"title_prefix":"[team-status] "},"create_report_incomplete_issue":{},"mentions":{"enabled":false},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}} + GH_AW_SAFE_OUTPUTS_CONFIG_3385073f16158031_EOF - name: Generate Safe Outputs Tools env: GH_AW_TOOLS_META_JSON: | { "description_suffixes": { - "create_discussion": " CONSTRAINTS: Maximum 1 discussion(s) can be created. Title will be prefixed with \"[team-status] \". Discussions will be created in category \"audits\".", - "create_issue": " CONSTRAINTS: Maximum 1 issue(s) can be created. Title will be prefixed with \"[team-status] \". Labels [\"automation\" \"daily-report\"] will be automatically added." + "create_issue": " CONSTRAINTS: Maximum 1 issue(s) can be created. Title will be prefixed with \"[team-status] \". Labels [\"report\" \"daily-status\"] will be automatically added." }, "repo_params": {}, "dynamic_tools": [] } GH_AW_VALIDATION_JSON: | { - "create_discussion": { - "defaultMax": 1, - "fields": { - "body": { - "required": true, - "type": "string", - "sanitize": true, - "maxLength": 65000, - "minLength": 64 - }, - "category": { - "type": "string", - "sanitize": true, - "maxLength": 128 - }, - "repo": { - "type": "string", - "maxLength": 256 - }, - "title": { - "required": true, - "type": "string", - "sanitize": true, - "maxLength": 128 - } - } - }, "create_issue": { "defaultMax": 1, "fields": { @@ -615,6 +548,9 @@ jobs: } } }, + "mentions": { + "enabled": false + }, "missing_data": { "defaultMax": 20, "fields": { @@ -742,8 +678,6 @@ jobs: GH_AW_SAFE_OUTPUTS: ${{ steps.set-runtime-paths.outputs.GH_AW_SAFE_OUTPUTS }} GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-start.outputs.api_key }} GH_AW_SAFE_OUTPUTS_PORT: ${{ steps.safe-outputs-start.outputs.port }} - GITHUB_MCP_GUARD_MIN_INTEGRITY: ${{ steps.determine-automatic-lockdown.outputs.min_integrity }} - GITHUB_MCP_GUARD_REPOS: ${{ steps.determine-automatic-lockdown.outputs.repos }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} run: | set -eo pipefail @@ -762,7 +696,6 @@ jobs: export DEBUG="*" export GH_AW_ENGINE="copilot" - export GH_AW_MCP_CLI_SERVERS='["safeoutputs"]' MCP_GATEWAY_UID=$(id -u 2>/dev/null || echo '0') MCP_GATEWAY_GID=$(id -g 2>/dev/null || echo '0') case "${DOCKER_HOST:-}" in @@ -771,11 +704,11 @@ jobs: * ) DOCKER_SOCK_PATH=/var/run/docker.sock ;; esac DOCKER_SOCK_GID=$(stat -c '%g' "$DOCKER_SOCK_PATH" 2>/dev/null || echo '0') - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e OTEL_EXPORTER_OTLP_HEADERS -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.25' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v '"${DOCKER_SOCK_PATH}"':/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DOCKER_HOST=unix:///var/run/docker.sock -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.25' mkdir -p "$HOME/.copilot" GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_47abdffabf02619d_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_920bb1916fcb7fc4_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { "github": { @@ -789,8 +722,11 @@ jobs: }, "guard-policies": { "allow-only": { - "min-integrity": "$GITHUB_MCP_GUARD_MIN_INTEGRITY", - "repos": "$GITHUB_MCP_GUARD_REPOS" + "approval-labels": ${{ steps.parse-guard-vars.outputs.approval_labels }}, + "blocked-users": ${{ steps.parse-guard-vars.outputs.blocked_users }}, + "min-integrity": "none", + "repos": "all", + "trusted-users": ${{ steps.parse-guard-vars.outputs.trusted_users }} } } }, @@ -813,15 +749,10 @@ jobs: "port": $MCP_GATEWAY_PORT, "domain": "${MCP_GATEWAY_DOMAIN}", "apiKey": "${MCP_GATEWAY_API_KEY}", - "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}", - "opentelemetry": { - "endpoint": "${OTEL_EXPORTER_OTLP_ENDPOINT}", - "traceId": "${GITHUB_AW_OTEL_TRACE_ID}", - "spanId": "${GITHUB_AW_OTEL_PARENT_SPAN_ID}" - } + "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_47abdffabf02619d_EOF + GH_AW_MCP_CONFIG_920bb1916fcb7fc4_EOF - name: Mount MCP servers as CLIs id: mount-mcp-clis continue-on-error: true @@ -846,7 +777,7 @@ jobs: - name: Execute GitHub Copilot CLI id: agentic_execution # Copilot CLI tool arguments (sorted): - timeout-minutes: 10 + timeout-minutes: 20 run: | set -o pipefail printf '%s' "$(date +%s%3N)" > /tmp/gh-aw/agent_cli_start_ms.txt @@ -861,7 +792,7 @@ jobs: export COPILOT_API_KEY="$COPILOT_DUMMY_BYOK" (umask 177 && touch /tmp/gh-aw/agent-stdio.log) GH_AW_MAX_AI_CREDITS="${{ vars.GH_AW_DEFAULT_MAX_AI_CREDITS || '1000' }}" - printf '%s\n' "{\"\$schema\":\"https://github.com/github/gh-aw-firewall/releases/download/v0.27.2/awf-config.schema.json\",\"network\":{\"allowDomains\":[\"*.grafana.net\",\"*.sentry.io\",\"api.business.githubcopilot.com\",\"api.enterprise.githubcopilot.com\",\"api.github.com\",\"api.githubcopilot.com\",\"api.individual.githubcopilot.com\",\"api.snapcraft.io\",\"archive.ubuntu.com\",\"azure.archive.ubuntu.com\",\"crl.geotrust.com\",\"crl.globalsign.com\",\"crl.identrust.com\",\"crl.sectigo.com\",\"crl.thawte.com\",\"crl.usertrust.com\",\"crl.verisign.com\",\"crl3.digicert.com\",\"crl4.digicert.com\",\"crls.ssl.com\",\"github.com\",\"host.docker.internal\",\"json-schema.org\",\"json.schemastore.org\",\"keyserver.ubuntu.com\",\"ocsp.digicert.com\",\"ocsp.geotrust.com\",\"ocsp.globalsign.com\",\"ocsp.identrust.com\",\"ocsp.sectigo.com\",\"ocsp.ssl.com\",\"ocsp.thawte.com\",\"ocsp.usertrust.com\",\"ocsp.verisign.com\",\"packagecloud.io\",\"packages.cloud.google.com\",\"packages.microsoft.com\",\"ppa.launchpad.net\",\"raw.githubusercontent.com\",\"registry.npmjs.org\",\"s.symcb.com\",\"s.symcd.com\",\"security.ubuntu.com\",\"telemetry.enterprise.githubcopilot.com\",\"ts-crl.ws.symantec.com\",\"ts-ocsp.ws.symantec.com\",\"www.googleapis.com\"]},\"apiProxy\":{\"enabled\":true,\"enableTokenSteering\":true,\"maxRuns\":500,\"maxAiCredits\":${GH_AW_MAX_AI_CREDITS},\"models\":{\"agent\":[\"sonnet-6x\",\"gpt-5.4\",\"gpt-5.3\",\"gemini-pro\",\"any\"],\"antigravity\":[\"copilot/antigravity*\",\"google/antigravity*\",\"gemini/antigravity*\"],\"any\":[\"copilot/*\",\"anthropic/*\",\"openai/*\",\"google/*\",\"gemini/*\"],\"claude\":[\"agent\"],\"codex\":[\"agent\"],\"coding\":[\"copilot/gpt-5*codex*\",\"openai/gpt-5*codex*\",\"gpt-5-codex\"],\"computer-use\":[\"copilot/*computer-use*\",\"google/*computer-use*\",\"gemini/*computer-use*\",\"openai/*computer-use*\"],\"copilot\":[\"agent\"],\"deep-research\":[\"copilot/deep-research*\",\"copilot/o3-deep-research*\",\"copilot/o4-mini-deep-research*\",\"google/deep-research*\",\"gemini/deep-research*\",\"openai/o3-deep-research*\",\"openai/o4-mini-deep-research*\"],\"gemini\":[\"agent\"],\"gemini-3-flash\":[\"copilot/gemini-3*flash*\",\"google/gemini-3*flash*\",\"gemini/gemini-3*flash*\"],\"gemini-3-pro\":[\"copilot/gemini-3*pro*\",\"google/gemini-3*pro*\",\"google/nano-banana*\",\"gemini/gemini-3*pro*\"],\"gemini-3.1-flash\":[\"copilot/gemini-3.1*flash*\",\"google/gemini-3.1*flash*\",\"gemini/gemini-3.1*flash*\"],\"gemini-3.1-pro\":[\"copilot/gemini-3.1*pro*\",\"google/gemini-3.1*pro*\",\"gemini/gemini-3.1*pro*\"],\"gemini-3.5-flash\":[\"copilot/gemini-3.5*flash*\",\"google/gemini-3.5*flash*\",\"gemini/gemini-3.5*flash*\"],\"gemini-flash\":[\"copilot/gemini-*flash*\",\"google/gemini-*flash*\",\"gemini/gemini-*flash*\"],\"gemini-flash-lite\":[\"copilot/gemini-*flash*lite*\",\"google/gemini-*flash*lite*\",\"gemini/gemini-*flash*lite*\"],\"gemini-pro\":[\"copilot/gemini-*pro*\",\"google/gemini-*pro*\",\"gemini/gemini-*pro*\"],\"gemma\":[\"copilot/gemma*\",\"google/gemma*\",\"gemini/gemma*\"],\"gpt-5\":[\"copilot/gpt-5*\",\"openai/gpt-5*\"],\"gpt-5-codex\":[\"copilot/gpt-5*codex*\",\"openai/gpt-5*codex*\"],\"gpt-5-mini\":[\"copilot/gpt-5*mini*\",\"openai/gpt-5*mini*\"],\"gpt-5-nano\":[\"copilot/gpt-5*nano*\",\"openai/gpt-5*nano*\"],\"gpt-5-pro\":[\"copilot/gpt-5*pro*\",\"openai/gpt-5*pro*\"],\"gpt-5.2\":[\"copilot/gpt-5.2*\",\"openai/gpt-5.2*\"],\"gpt-5.3\":[\"copilot/gpt-5.3*\",\"openai/gpt-5.3*\"],\"gpt-5.4\":[\"copilot/gpt-5.4*\",\"openai/gpt-5.4*\"],\"gpt-5.5\":[\"copilot/gpt-5.5*\",\"openai/gpt-5.5*\"],\"haiku\":[\"copilot/*haiku*\",\"anthropic/*haiku*\"],\"large\":[\"sonnet\",\"gpt-5-pro\",\"gpt-5\",\"gemini-pro\"],\"mai-code\":[\"copilot/MAI-Code*\",\"copilot/mai-code*\",\"openai/MAI-Code*\"],\"mini\":[\"haiku\",\"gpt-5-mini\",\"gpt-5-nano\",\"gemini-flash-lite\"],\"nano-banana\":[\"copilot/nano-banana*\",\"google/nano-banana*\",\"gemini/nano-banana*\"],\"opus\":[\"copilot/*opus*\",\"anthropic/*opus*\"],\"opusplan\":[\"opus?effort=high\"],\"reasoning\":[\"copilot/o1*\",\"copilot/o3*\",\"copilot/o4*\",\"openai/o1*\",\"openai/o3*\",\"openai/o4*\"],\"robotics\":[\"copilot/*robotics*\",\"google/*robotics*\",\"gemini/*robotics*\"],\"small\":[\"mini\"],\"small-agent\":[\"haiku\",\"gpt-5-mini\",\"gemini-flash\"],\"sonnet\":[\"copilot/*sonnet*\",\"anthropic/*sonnet*\"],\"sonnet-6x\":[\"copilot/*sonnet-4.5*\",\"copilot/*sonnet-4.6*\",\"copilot/*sonnet-4-5-*\",\"anthropic/*sonnet-4-5-*\",\"copilot/*sonnet-4-6*\",\"anthropic/*sonnet-4-6*\"],\"summarization\":[\"haiku\",\"gpt-5-mini\",\"gemini-flash-lite\",\"mini\"],\"vision\":[\"copilot/gemini-*image*\",\"gemini/gemini-*image*\",\"copilot/gemini-*flash*\",\"gemini/gemini-*flash*\"]}},\"container\":{\"imageTag\":\"0.27.2,squid=sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591,agent=sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6,api-proxy=sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4,cli-proxy=sha256:02f3ec08f32dc26c5427920c6a2e2f3036238fce44802f2f11ef49ed8621b5d0\"}}" > "${RUNNER_TEMP}/gh-aw/awf-config.json" + printf '%s\n' "{\"\$schema\":\"https://github.com/github/gh-aw-firewall/releases/download/v0.27.2/awf-config.schema.json\",\"network\":{\"allowDomains\":[\"api.business.githubcopilot.com\",\"api.enterprise.githubcopilot.com\",\"api.github.com\",\"api.githubcopilot.com\",\"api.individual.githubcopilot.com\",\"api.snapcraft.io\",\"archive.ubuntu.com\",\"azure.archive.ubuntu.com\",\"crl.geotrust.com\",\"crl.globalsign.com\",\"crl.identrust.com\",\"crl.sectigo.com\",\"crl.thawte.com\",\"crl.usertrust.com\",\"crl.verisign.com\",\"crl3.digicert.com\",\"crl4.digicert.com\",\"crls.ssl.com\",\"github.com\",\"host.docker.internal\",\"json-schema.org\",\"json.schemastore.org\",\"keyserver.ubuntu.com\",\"ocsp.digicert.com\",\"ocsp.geotrust.com\",\"ocsp.globalsign.com\",\"ocsp.identrust.com\",\"ocsp.sectigo.com\",\"ocsp.ssl.com\",\"ocsp.thawte.com\",\"ocsp.usertrust.com\",\"ocsp.verisign.com\",\"packagecloud.io\",\"packages.cloud.google.com\",\"packages.microsoft.com\",\"ppa.launchpad.net\",\"raw.githubusercontent.com\",\"registry.npmjs.org\",\"s.symcb.com\",\"s.symcd.com\",\"security.ubuntu.com\",\"telemetry.enterprise.githubcopilot.com\",\"ts-crl.ws.symantec.com\",\"ts-ocsp.ws.symantec.com\",\"www.googleapis.com\"]},\"apiProxy\":{\"enabled\":true,\"enableTokenSteering\":true,\"maxRuns\":500,\"maxAiCredits\":${GH_AW_MAX_AI_CREDITS},\"models\":{\"agent\":[\"sonnet-6x\",\"gpt-5.4\",\"gpt-5.3\",\"gemini-pro\",\"any\"],\"antigravity\":[\"copilot/antigravity*\",\"google/antigravity*\",\"gemini/antigravity*\"],\"any\":[\"copilot/*\",\"anthropic/*\",\"openai/*\",\"google/*\",\"gemini/*\"],\"claude\":[\"agent\"],\"codex\":[\"agent\"],\"coding\":[\"copilot/gpt-5*codex*\",\"openai/gpt-5*codex*\",\"gpt-5-codex\"],\"computer-use\":[\"copilot/*computer-use*\",\"google/*computer-use*\",\"gemini/*computer-use*\",\"openai/*computer-use*\"],\"copilot\":[\"agent\"],\"deep-research\":[\"copilot/deep-research*\",\"copilot/o3-deep-research*\",\"copilot/o4-mini-deep-research*\",\"google/deep-research*\",\"gemini/deep-research*\",\"openai/o3-deep-research*\",\"openai/o4-mini-deep-research*\"],\"gemini\":[\"agent\"],\"gemini-3-flash\":[\"copilot/gemini-3*flash*\",\"google/gemini-3*flash*\",\"gemini/gemini-3*flash*\"],\"gemini-3-pro\":[\"copilot/gemini-3*pro*\",\"google/gemini-3*pro*\",\"google/nano-banana*\",\"gemini/gemini-3*pro*\"],\"gemini-3.1-flash\":[\"copilot/gemini-3.1*flash*\",\"google/gemini-3.1*flash*\",\"gemini/gemini-3.1*flash*\"],\"gemini-3.1-pro\":[\"copilot/gemini-3.1*pro*\",\"google/gemini-3.1*pro*\",\"gemini/gemini-3.1*pro*\"],\"gemini-3.5-flash\":[\"copilot/gemini-3.5*flash*\",\"google/gemini-3.5*flash*\",\"gemini/gemini-3.5*flash*\"],\"gemini-flash\":[\"copilot/gemini-*flash*\",\"google/gemini-*flash*\",\"gemini/gemini-*flash*\"],\"gemini-flash-lite\":[\"copilot/gemini-*flash*lite*\",\"google/gemini-*flash*lite*\",\"gemini/gemini-*flash*lite*\"],\"gemini-pro\":[\"copilot/gemini-*pro*\",\"google/gemini-*pro*\",\"gemini/gemini-*pro*\"],\"gemma\":[\"copilot/gemma*\",\"google/gemma*\",\"gemini/gemma*\"],\"gpt-5\":[\"copilot/gpt-5*\",\"openai/gpt-5*\"],\"gpt-5-codex\":[\"copilot/gpt-5*codex*\",\"openai/gpt-5*codex*\"],\"gpt-5-mini\":[\"copilot/gpt-5*mini*\",\"openai/gpt-5*mini*\"],\"gpt-5-nano\":[\"copilot/gpt-5*nano*\",\"openai/gpt-5*nano*\"],\"gpt-5-pro\":[\"copilot/gpt-5*pro*\",\"openai/gpt-5*pro*\"],\"gpt-5.2\":[\"copilot/gpt-5.2*\",\"openai/gpt-5.2*\"],\"gpt-5.3\":[\"copilot/gpt-5.3*\",\"openai/gpt-5.3*\"],\"gpt-5.4\":[\"copilot/gpt-5.4*\",\"openai/gpt-5.4*\"],\"gpt-5.5\":[\"copilot/gpt-5.5*\",\"openai/gpt-5.5*\"],\"haiku\":[\"copilot/*haiku*\",\"anthropic/*haiku*\"],\"large\":[\"sonnet\",\"gpt-5-pro\",\"gpt-5\",\"gemini-pro\"],\"mai-code\":[\"copilot/MAI-Code*\",\"copilot/mai-code*\",\"openai/MAI-Code*\"],\"mini\":[\"haiku\",\"gpt-5-mini\",\"gpt-5-nano\",\"gemini-flash-lite\"],\"nano-banana\":[\"copilot/nano-banana*\",\"google/nano-banana*\",\"gemini/nano-banana*\"],\"opus\":[\"copilot/*opus*\",\"anthropic/*opus*\"],\"opusplan\":[\"opus?effort=high\"],\"reasoning\":[\"copilot/o1*\",\"copilot/o3*\",\"copilot/o4*\",\"openai/o1*\",\"openai/o3*\",\"openai/o4*\"],\"robotics\":[\"copilot/*robotics*\",\"google/*robotics*\",\"gemini/*robotics*\"],\"small\":[\"mini\"],\"small-agent\":[\"haiku\",\"gpt-5-mini\",\"gemini-flash\"],\"sonnet\":[\"copilot/*sonnet*\",\"anthropic/*sonnet*\"],\"sonnet-6x\":[\"copilot/*sonnet-4.5*\",\"copilot/*sonnet-4.6*\",\"copilot/*sonnet-4-5-*\",\"anthropic/*sonnet-4-5-*\",\"copilot/*sonnet-4-6*\",\"anthropic/*sonnet-4-6*\"],\"summarization\":[\"haiku\",\"gpt-5-mini\",\"gemini-flash-lite\",\"mini\"],\"vision\":[\"copilot/gemini-*image*\",\"gemini/gemini-*image*\",\"copilot/gemini-*flash*\",\"gemini/gemini-*flash*\"]}},\"container\":{\"imageTag\":\"0.27.2,squid=sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591,agent=sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6,api-proxy=sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4,cli-proxy=sha256:02f3ec08f32dc26c5427920c6a2e2f3036238fce44802f2f11ef49ed8621b5d0\"}}" > "${RUNNER_TEMP}/gh-aw/awf-config.json" cp "${RUNNER_TEMP}/gh-aw/awf-config.json" /tmp/gh-aw/awf-config.json export GH_AW_MODELS_JSON_PATH="/tmp/gh-aw/models.json" GH_AW_DOCKER_HOST="" @@ -894,7 +825,7 @@ jobs: GH_AW_PHASE: agent GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_SAFE_OUTPUTS: ${{ steps.set-runtime-paths.outputs.GH_AW_SAFE_OUTPUTS }} - GH_AW_TIMEOUT_MINUTES: 10 + GH_AW_TIMEOUT_MINUTES: 20 GH_AW_VERSION: dev GITHUB_API_URL: ${{ github.api_url }} GITHUB_AW: true @@ -973,7 +904,8 @@ jobs: uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: GH_AW_SAFE_OUTPUTS: ${{ steps.set-runtime-paths.outputs.GH_AW_SAFE_OUTPUTS }} - GH_AW_ALLOWED_DOMAINS: "*.grafana.net,*.sentry.io,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.googleapis.com" + GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.googleapis.com" + GH_AW_ALLOWED_GITHUB_REFS: "" GITHUB_SERVER_URL: ${{ github.server_url }} GITHUB_API_URL: ${{ github.api_url }} with: @@ -1038,15 +970,6 @@ jobs: setupGlobals(core, github, context, exec, io, getOctokit); const { main } = require('${{ runner.temp }}/gh-aw/actions/awf_reflect_summary.cjs'); await main(); - - name: Generate observability summary - if: always() - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 - with: - script: | - const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io, getOctokit); - const { main } = require('${{ runner.temp }}/gh-aw/actions/generate_observability_summary.cjs'); - await main(core); - name: Write agent output placeholder if missing if: always() run: | @@ -1064,13 +987,13 @@ jobs: /tmp/gh-aw/sandbox/agent/logs/ /tmp/gh-aw/redacted-urls.log /tmp/gh-aw/mcp-logs/ + /tmp/gh-aw/proxy-logs/ + !/tmp/gh-aw/proxy-logs/proxy-tls/ /tmp/gh-aw/agent_usage.json /tmp/gh-aw/agent-stdio.log /tmp/gh-aw/pre-agent-audit.txt /tmp/gh-aw/agent/ /tmp/gh-aw/github_rate_limits.jsonl - /tmp/gh-aw/otel.jsonl - /tmp/gh-aw/otlp-export-errors.jsonl /tmp/gh-aw/safeoutputs.jsonl /tmp/gh-aw/agent_output.json /tmp/gh-aw/aw-*.patch @@ -1093,7 +1016,6 @@ jobs: runs-on: ubuntu-slim permissions: contents: read - discussions: write issues: write concurrency: group: "gh-aw-conclusion-daily-team-status" @@ -1121,7 +1043,7 @@ jobs: trace-id: ${{ needs.activation.outputs.setup-trace-id }} parent-span-id: ${{ needs.activation.outputs.setup-parent-span-id || needs.activation.outputs.setup-span-id }} env: - GH_AW_SETUP_WORKFLOW_NAME: "Daily Team Status" + GH_AW_SETUP_WORKFLOW_NAME: "Team Status" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/daily-team-status.lock.yml@${{ github.ref }} GH_AW_INFO_VERSION: "1.0.60" GH_AW_INFO_AWF_VERSION: "v0.27.2" @@ -1210,10 +1132,9 @@ jobs: env: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: "1" - GH_AW_WORKFLOW_NAME: "Daily Team Status" - GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/daily-team-status.md@d3422bf940923ef1d43db5559652b8e1e71869f3" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/d3422bf940923ef1d43db5559652b8e1e71869f3/workflows/daily-team-status.md" - GH_AW_TRACKER_ID: "daily-team-status" + GH_AW_WORKFLOW_NAME: "Team Status" + GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/team-status.md@main" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/main/workflows/team-status.md" GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} GH_AW_NOOP_REPORT_AS_ISSUE: "true" @@ -1233,10 +1154,9 @@ jobs: uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} - GH_AW_WORKFLOW_NAME: "Daily Team Status" - GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/daily-team-status.md@d3422bf940923ef1d43db5559652b8e1e71869f3" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/d3422bf940923ef1d43db5559652b8e1e71869f3/workflows/daily-team-status.md" - GH_AW_TRACKER_ID: "daily-team-status" + GH_AW_WORKFLOW_NAME: "Team Status" + GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/team-status.md@main" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/main/workflows/team-status.md" GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.outputs.detection_conclusion }} GH_AW_DETECTION_REASON: ${{ needs.detection.outputs.detection_reason }} @@ -1253,10 +1173,9 @@ jobs: env: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_MISSING_TOOL_CREATE_ISSUE: "true" - GH_AW_WORKFLOW_NAME: "Daily Team Status" - GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/daily-team-status.md@d3422bf940923ef1d43db5559652b8e1e71869f3" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/d3422bf940923ef1d43db5559652b8e1e71869f3/workflows/daily-team-status.md" - GH_AW_TRACKER_ID: "daily-team-status" + GH_AW_WORKFLOW_NAME: "Team Status" + GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/team-status.md@main" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/main/workflows/team-status.md" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -1270,10 +1189,9 @@ jobs: env: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_REPORT_INCOMPLETE_CREATE_ISSUE: "true" - GH_AW_WORKFLOW_NAME: "Daily Team Status" - GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/daily-team-status.md@d3422bf940923ef1d43db5559652b8e1e71869f3" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/d3422bf940923ef1d43db5559652b8e1e71869f3/workflows/daily-team-status.md" - GH_AW_TRACKER_ID: "daily-team-status" + GH_AW_WORKFLOW_NAME: "Team Status" + GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/team-status.md@main" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/main/workflows/team-status.md" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -1287,10 +1205,9 @@ jobs: uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} - GH_AW_WORKFLOW_NAME: "Daily Team Status" - GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/daily-team-status.md@d3422bf940923ef1d43db5559652b8e1e71869f3" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/d3422bf940923ef1d43db5559652b8e1e71869f3/workflows/daily-team-status.md" - GH_AW_TRACKER_ID: "daily-team-status" + GH_AW_WORKFLOW_NAME: "Team Status" + GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/team-status.md@main" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/main/workflows/team-status.md" GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} GH_AW_WORKFLOW_ID: "daily-team-status" @@ -1309,8 +1226,6 @@ jobs: GH_AW_AGENTIC_ENGINE_TIMEOUT: ${{ needs.agent.outputs.agentic_engine_timeout }} GH_AW_MODEL_NOT_SUPPORTED_ERROR: ${{ needs.agent.outputs.model_not_supported_error }} GH_AW_ENGINE_API_HOSTS: "api.enterprise.githubcopilot.com,api.githubcopilot.com,api.business.githubcopilot.com,api.individual.githubcopilot.com" - GH_AW_CREATE_DISCUSSION_ERRORS: ${{ needs.safe_outputs.outputs.create_discussion_errors }} - GH_AW_CREATE_DISCUSSION_ERROR_COUNT: ${{ needs.safe_outputs.outputs.create_discussion_error_count }} GH_AW_LOCKDOWN_CHECK_FAILED: ${{ needs.activation.outputs.lockdown_check_failed }} GH_AW_STALE_LOCK_FILE_FAILED: ${{ needs.activation.outputs.stale_lock_file_failed }} GH_AW_DAILY_AI_CREDITS_EXCEEDED: ${{ needs.activation.outputs.daily_ai_credits_exceeded }} @@ -1320,7 +1235,7 @@ jobs: GH_AW_FAILURE_REPORT_AS_ISSUE: "true" GH_AW_MISSING_TOOL_REPORT_AS_FAILURE: "true" GH_AW_MISSING_DATA_REPORT_AS_FAILURE: "true" - GH_AW_TIMEOUT_MINUTES: "10" + GH_AW_TIMEOUT_MINUTES: "20" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -1360,7 +1275,7 @@ jobs: trace-id: ${{ needs.activation.outputs.setup-trace-id }} parent-span-id: ${{ needs.activation.outputs.setup-parent-span-id || needs.activation.outputs.setup-span-id }} env: - GH_AW_SETUP_WORKFLOW_NAME: "Daily Team Status" + GH_AW_SETUP_WORKFLOW_NAME: "Team Status" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/daily-team-status.lock.yml@${{ github.ref }} GH_AW_INFO_VERSION: "1.0.60" GH_AW_INFO_AWF_VERSION: "v0.27.2" @@ -1434,8 +1349,8 @@ jobs: if: always() && steps.detection_guard.outputs.run_detection == 'true' uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: - WORKFLOW_NAME: "Daily Team Status" - WORKFLOW_DESCRIPTION: "This workflow created daily team status reporter creating upbeat activity summaries.\nGathers recent repository activity (issues, PRs, releases, code changes)\nand generates engaging GitHub issues with productivity insights, community\nhighlights, and project recommendations. Uses a positive, encouraging tone with\nmoderate emoji usage to boost team morale." + WORKFLOW_NAME: "Team Status" + WORKFLOW_DESCRIPTION: "This workflow is a daily team status reporter creating upbeat activity summaries.\nGathers recent repository activity (issues, PRs, discussions, releases, code changes)\nand generates engaging GitHub issues with productivity insights, community\nhighlights, and project recommendations. Uses a positive, encouraging tone with\nmoderate emoji usage to boost team morale." HAS_PATCH: ${{ needs.agent.outputs.has_patch }} with: script: | @@ -1579,50 +1494,6 @@ jobs: } } - pre_activation: - runs-on: ubuntu-slim - permissions: - contents: read - outputs: - activated: ${{ steps.check_stop_time.outputs.stop_time_ok == 'true' }} - matched_command: '' - setup-parent-span-id: ${{ steps.setup.outputs.parent-span-id || steps.setup.outputs.span-id }} - setup-span-id: ${{ steps.setup.outputs.span-id }} - setup-trace-id: ${{ steps.setup.outputs.trace-id }} - steps: - - name: Checkout actions folder - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - with: - repository: github/gh-aw - sparse-checkout: | - actions - persist-credentials: false - - name: Setup Scripts - id: setup - uses: ./actions/setup - with: - destination: ${{ runner.temp }}/gh-aw/actions - job-name: ${{ github.job }} - env: - GH_AW_SETUP_WORKFLOW_NAME: "Daily Team Status" - GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/daily-team-status.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "1.0.60" - GH_AW_INFO_AWF_VERSION: "v0.27.2" - GH_AW_INFO_BODY_MODIFIED: "false" - GH_AW_INFO_ENGINE_ID: "copilot" - - name: Check stop-time limit - id: check_stop_time - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 - env: - GH_AW_STOP_TIME: "2026-02-09 04:24:39" - GH_AW_WORKFLOW_NAME: "Daily Team Status" - with: - script: | - const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); - setupGlobals(core, github, context, exec, io, getOctokit); - const { main } = require('${{ runner.temp }}/gh-aw/actions/check_stop_time.cjs'); - await main(); - safe_outputs: needs: - activation @@ -1632,7 +1503,6 @@ jobs: runs-on: ubuntu-slim permissions: contents: read - discussions: write issues: write timeout-minutes: 45 env: @@ -1648,12 +1518,10 @@ jobs: GH_AW_ENGINE_VERSION: "1.0.60" GH_AW_PROJECT_UTC: "-08:00" GH_AW_THREAT_DETECTION_AIC: ${{ needs.detection.outputs.aic }} - GH_AW_TRACKER_ID: "daily-team-status" - GH_AW_WORKFLOW_EMOJI: "📅" GH_AW_WORKFLOW_ID: "daily-team-status" - GH_AW_WORKFLOW_NAME: "Daily Team Status" - GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/daily-team-status.md@d3422bf940923ef1d43db5559652b8e1e71869f3" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/d3422bf940923ef1d43db5559652b8e1e71869f3/workflows/daily-team-status.md" + GH_AW_WORKFLOW_NAME: "Team Status" + GH_AW_WORKFLOW_SOURCE: "githubnext/agentics/workflows/team-status.md@main" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/agentics/blob/main/workflows/team-status.md" outputs: code_push_failure_count: ${{ steps.process_safe_outputs.outputs.code_push_failure_count }} code_push_failure_errors: ${{ steps.process_safe_outputs.outputs.code_push_failure_errors }} @@ -1680,14 +1548,12 @@ jobs: trace-id: ${{ needs.activation.outputs.setup-trace-id }} parent-span-id: ${{ needs.activation.outputs.setup-parent-span-id || needs.activation.outputs.setup-span-id }} env: - GH_AW_SETUP_WORKFLOW_NAME: "Daily Team Status" + GH_AW_SETUP_WORKFLOW_NAME: "Team Status" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/daily-team-status.lock.yml@${{ github.ref }} GH_AW_INFO_VERSION: "1.0.60" GH_AW_INFO_AWF_VERSION: "v0.27.2" GH_AW_INFO_BODY_MODIFIED: "false" GH_AW_INFO_ENGINE_ID: "copilot" - - name: Mask OTLP telemetry headers - run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true @@ -1718,10 +1584,10 @@ jobs: env: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_COMMENT_ID: ${{ needs.activation.outputs.comment_id }} - GH_AW_ALLOWED_DOMAINS: "*.grafana.net,*.sentry.io,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.googleapis.com" + GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.googleapis.com" GITHUB_SERVER_URL: ${{ github.server_url }} GITHUB_API_URL: ${{ github.api_url }} - GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_discussion\":{\"category\":\"audits\",\"close_older_discussions\":true,\"expires\":24,\"fallback_to_issue\":true,\"max\":1,\"title_prefix\":\"[team-status] \"},\"create_issue\":{\"expires\":24,\"labels\":[\"automation\",\"daily-report\"],\"max\":1,\"title_prefix\":\"[team-status] \"},\"create_report_incomplete_issue\":{},\"missing_data\":{},\"missing_tool\":{},\"noop\":{\"max\":1,\"report-as-issue\":\"true\"},\"report_incomplete\":{}}" + GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_issue\":{\"close_older_issues\":true,\"labels\":[\"report\",\"daily-status\"],\"max\":1,\"title_prefix\":\"[team-status] \"},\"create_report_incomplete_issue\":{},\"mentions\":{\"enabled\":false},\"missing_data\":{},\"missing_tool\":{},\"noop\":{\"max\":1,\"report-as-issue\":\"true\"},\"report_incomplete\":{}}" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/dependabot-repair.lock.yml b/.github/workflows/dependabot-repair.lock.yml index 14a7068389e..a973665fc92 100644 --- a/.github/workflows/dependabot-repair.lock.yml +++ b/.github/workflows/dependabot-repair.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"f025de309854de6955b3b34c2bc7b7d1329aeb22a01722f81a04cb9c61f877eb","body_hash":"e44728a94eb7e919c7c1cd3b325d3b1781dec026e87ae52cac9c7713efac65bb","strict":true,"agent_id":"copilot","engine_versions":{"copilot":"1.0.60"}} +# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"77b9bd11da3aca5e87d4dd3e84f76893129fc88c49d6c527eca765283b55b893","body_hash":"34a09392a1ea4b32332bdaba2e9dc3b37bd499cbceae21263bceba9fdf3ead0e","strict":true,"agent_id":"copilot","engine_versions":{"copilot":"1.0.60"}} # gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6.0.3"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.27.2","digest":"sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.27.2@sha256:f88e5b17b6b7a600117bc121114d6ce2155c88c983c0c939c5df884f730fa1d6"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2","digest":"sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.2@sha256:ee39841d980878ebbb87592903b06d31a1af500c71525c9616f7e8e2a27041a4"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.27.2","digest":"sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.27.2@sha256:2e3a717e5f19a654cd9a2263beb52012b56bcb68562ec5ae2e42f9d156b49591"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.25","digest":"sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.25@sha256:c10331ad17668ef89f38f5e356678788a40b0cd5fef96e8f92e1d9c1de47cbaa"},{"image":"ghcr.io/github/github-mcp-server:v1.1.2","digest":"sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c","pinned_image":"ghcr.io/github/github-mcp-server:v1.1.2@sha256:30197479d8036c7811892bc07e06f9a05c9ef3cdd79bc59f256d50647f95788c"}]} # This file was automatically generated by gh-aw. DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md # @@ -17,7 +17,7 @@ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # # -# To update this file, edit githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@ff91842c074b23270d3a0e26a7206a251232a374 and run: +# To update this file, edit githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@7ddda653c8dd0b5217e197b350e0a4d00244b816 and run: # gh aw compile # Not all edits will cause changes to this file. # @@ -25,7 +25,7 @@ # # Repair safe Dependabot PR failures locally inside a product repository. # -# Source: githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@ff91842c074b23270d3a0e26a7206a251232a374 +# Source: githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@7ddda653c8dd0b5217e197b350e0a4d00244b816 # # Resolved workflow manifest: # Imports: @@ -87,7 +87,8 @@ jobs: activation: needs: pre_activation if: > - needs.pre_activation.outputs.activated == 'true' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id) + needs.pre_activation.outputs.activated == 'true' && ((github.event.pull_request.user.login == 'dependabot[bot]') && + (github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id)) runs-on: ubuntu-slim permissions: actions: read @@ -154,7 +155,7 @@ jobs: GH_AW_INFO_AWF_VERSION: "v0.27.2" GH_AW_INFO_AWMG_VERSION: "" GH_AW_INFO_FIREWALL_TYPE: "squid" - GH_AW_INFO_FRONTMATTER_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@ff91842c074b23270d3a0e26a7206a251232a374" + GH_AW_INFO_FRONTMATTER_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@7ddda653c8dd0b5217e197b350e0a4d00244b816" GH_AW_INFO_BODY_MODIFIED: "false" GH_AW_INFO_FRONTMATTER_EMOJI: "🔧" GH_AW_COMPILED_STRICT: "true" @@ -1263,8 +1264,8 @@ jobs: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_NOOP_MAX: "1" GH_AW_WORKFLOW_NAME: "Dependabot Local Repair" - GH_AW_WORKFLOW_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@ff91842c074b23270d3a0e26a7206a251232a374" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/dependabot-campaign/blob/ff91842c074b23270d3a0e26a7206a251232a374/.github/workflows/dependabot-repair.md" + GH_AW_WORKFLOW_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@7ddda653c8dd0b5217e197b350e0a4d00244b816" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/dependabot-campaign/blob/7ddda653c8dd0b5217e197b350e0a4d00244b816/.github/workflows/dependabot-repair.md" GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} GH_AW_NOOP_REPORT_AS_ISSUE: "true" @@ -1285,8 +1286,8 @@ jobs: env: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Dependabot Local Repair" - GH_AW_WORKFLOW_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@ff91842c074b23270d3a0e26a7206a251232a374" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/dependabot-campaign/blob/ff91842c074b23270d3a0e26a7206a251232a374/.github/workflows/dependabot-repair.md" + GH_AW_WORKFLOW_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@7ddda653c8dd0b5217e197b350e0a4d00244b816" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/dependabot-campaign/blob/7ddda653c8dd0b5217e197b350e0a4d00244b816/.github/workflows/dependabot-repair.md" GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_DETECTION_CONCLUSION: ${{ needs.detection.outputs.detection_conclusion }} GH_AW_DETECTION_REASON: ${{ needs.detection.outputs.detection_reason }} @@ -1304,8 +1305,8 @@ jobs: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_MISSING_TOOL_CREATE_ISSUE: "true" GH_AW_WORKFLOW_NAME: "Dependabot Local Repair" - GH_AW_WORKFLOW_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@ff91842c074b23270d3a0e26a7206a251232a374" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/dependabot-campaign/blob/ff91842c074b23270d3a0e26a7206a251232a374/.github/workflows/dependabot-repair.md" + GH_AW_WORKFLOW_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@7ddda653c8dd0b5217e197b350e0a4d00244b816" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/dependabot-campaign/blob/7ddda653c8dd0b5217e197b350e0a4d00244b816/.github/workflows/dependabot-repair.md" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -1320,8 +1321,8 @@ jobs: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_REPORT_INCOMPLETE_CREATE_ISSUE: "true" GH_AW_WORKFLOW_NAME: "Dependabot Local Repair" - GH_AW_WORKFLOW_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@ff91842c074b23270d3a0e26a7206a251232a374" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/dependabot-campaign/blob/ff91842c074b23270d3a0e26a7206a251232a374/.github/workflows/dependabot-repair.md" + GH_AW_WORKFLOW_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@7ddda653c8dd0b5217e197b350e0a4d00244b816" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/dependabot-campaign/blob/7ddda653c8dd0b5217e197b350e0a4d00244b816/.github/workflows/dependabot-repair.md" with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -1336,8 +1337,8 @@ jobs: env: GH_AW_AGENT_OUTPUT: ${{ steps.setup-agent-output-env.outputs.GH_AW_AGENT_OUTPUT }} GH_AW_WORKFLOW_NAME: "Dependabot Local Repair" - GH_AW_WORKFLOW_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@ff91842c074b23270d3a0e26a7206a251232a374" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/dependabot-campaign/blob/ff91842c074b23270d3a0e26a7206a251232a374/.github/workflows/dependabot-repair.md" + GH_AW_WORKFLOW_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@7ddda653c8dd0b5217e197b350e0a4d00244b816" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/dependabot-campaign/blob/7ddda653c8dd0b5217e197b350e0a4d00244b816/.github/workflows/dependabot-repair.md" GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} GH_AW_WORKFLOW_ID: "dependabot-repair" @@ -1627,7 +1628,9 @@ jobs: } pre_activation: - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id + if: > + (github.event.pull_request.user.login == 'dependabot[bot]') && (github.event_name != 'pull_request' || + github.event.pull_request.head.repo.id == github.repository_id) runs-on: ubuntu-slim permissions: contents: read @@ -1700,8 +1703,8 @@ jobs: GH_AW_WORKFLOW_EMOJI: "🔧" GH_AW_WORKFLOW_ID: "dependabot-repair" GH_AW_WORKFLOW_NAME: "Dependabot Local Repair" - GH_AW_WORKFLOW_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@ff91842c074b23270d3a0e26a7206a251232a374" - GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/dependabot-campaign/blob/ff91842c074b23270d3a0e26a7206a251232a374/.github/workflows/dependabot-repair.md" + GH_AW_WORKFLOW_SOURCE: "githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@7ddda653c8dd0b5217e197b350e0a4d00244b816" + GH_AW_WORKFLOW_SOURCE_URL: "${{ github.server_url }}/githubnext/dependabot-campaign/blob/7ddda653c8dd0b5217e197b350e0a4d00244b816/.github/workflows/dependabot-repair.md" outputs: code_push_failure_count: ${{ steps.process_safe_outputs.outputs.code_push_failure_count }} code_push_failure_errors: ${{ steps.process_safe_outputs.outputs.code_push_failure_errors }} diff --git a/.github/workflows/dependabot-repair.md b/.github/workflows/dependabot-repair.md index c698560bdc9..f00db65b401 100644 --- a/.github/workflows/dependabot-repair.md +++ b/.github/workflows/dependabot-repair.md @@ -32,14 +32,7 @@ safe-outputs: max: 1 noop: max: 1 -<<<<<<< current (local changes) -source: githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@ff91842c074b23270d3a0e26a7206a251232a374 - -||||||| base (original) -source: githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@ff91842c074b23270d3a0e26a7206a251232a374 -======= source: githubnext/dependabot-campaign/.github/workflows/dependabot-repair.md@7ddda653c8dd0b5217e197b350e0a4d00244b816 ->>>>>>> new (upstream) --- # Dependabot Local Repair