From d3078204d6bb003a3a40df60a0cc417eee67bf3b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 17 Jun 2026 12:19:05 +0000 Subject: [PATCH 1/6] Initial plan From 08be1f25557aa187787712f8ddf52a6f9e02a213 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 17 Jun 2026 12:31:40 +0000 Subject: [PATCH 2/6] Plan uncheckedtypeassertion safe-form fix Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/grumpy-reviewer.lock.yml | 2 +- .github/workflows/mattpocock-skills-reviewer.lock.yml | 2 +- .github/workflows/pr-code-quality-reviewer.lock.yml | 2 +- .github/workflows/pr-nitpick-reviewer.lock.yml | 2 +- .github/workflows/pr-triage-agent.lock.yml | 2 +- .github/workflows/refiner.lock.yml | 2 +- .github/workflows/security-review.lock.yml | 2 +- .github/workflows/smoke-claude.lock.yml | 2 +- .github/workflows/smoke-copilot-aoai-apikey.lock.yml | 2 +- .github/workflows/smoke-copilot-aoai-entra.lock.yml | 2 +- .github/workflows/smoke-copilot-arm.lock.yml | 2 +- .github/workflows/smoke-copilot.lock.yml | 2 +- .github/workflows/test-quality-sentinel.lock.yml | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index f0767b939c0..235620f694d 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -742,7 +742,7 @@ jobs: ] }, "pull_request_number": { - "optionalPositiveInteger": true + "issueOrPRNumber": true }, "repo": { "type": "string", diff --git a/.github/workflows/mattpocock-skills-reviewer.lock.yml b/.github/workflows/mattpocock-skills-reviewer.lock.yml index 630293ffdf3..700ecf36ac1 100644 --- a/.github/workflows/mattpocock-skills-reviewer.lock.yml +++ b/.github/workflows/mattpocock-skills-reviewer.lock.yml @@ -772,7 +772,7 @@ jobs: ] }, "pull_request_number": { - "optionalPositiveInteger": true + "issueOrPRNumber": true }, "repo": { "type": "string", diff --git a/.github/workflows/pr-code-quality-reviewer.lock.yml b/.github/workflows/pr-code-quality-reviewer.lock.yml index c54b67124fe..d45a2313870 100644 --- a/.github/workflows/pr-code-quality-reviewer.lock.yml +++ b/.github/workflows/pr-code-quality-reviewer.lock.yml @@ -736,7 +736,7 @@ jobs: ] }, "pull_request_number": { - "optionalPositiveInteger": true + "issueOrPRNumber": true }, "repo": { "type": "string", diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 8c2646e811d..6130f10bf6c 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -771,7 +771,7 @@ jobs: ] }, "pull_request_number": { - "optionalPositiveInteger": true + "issueOrPRNumber": true }, "repo": { "type": "string", diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index a5f1b83fdef..36618b1e0ce 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -790,7 +790,7 @@ jobs: ] }, "pull_request_number": { - "optionalPositiveInteger": true + "issueOrPRNumber": true }, "repo": { "type": "string", diff --git a/.github/workflows/refiner.lock.yml b/.github/workflows/refiner.lock.yml index e316b50c6a2..b9c4c472934 100644 --- a/.github/workflows/refiner.lock.yml +++ b/.github/workflows/refiner.lock.yml @@ -784,7 +784,7 @@ jobs: ] }, "pull_request_number": { - "optionalPositiveInteger": true + "issueOrPRNumber": true }, "repo": { "type": "string", diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index cc0487ee1b3..813428b8085 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -802,7 +802,7 @@ jobs: ] }, "pull_request_number": { - "optionalPositiveInteger": true + "issueOrPRNumber": true }, "repo": { "type": "string", diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 09e2304f27e..0b49593d1c6 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -1252,7 +1252,7 @@ jobs: ] }, "pull_request_number": { - "optionalPositiveInteger": true + "issueOrPRNumber": true }, "repo": { "type": "string", diff --git a/.github/workflows/smoke-copilot-aoai-apikey.lock.yml b/.github/workflows/smoke-copilot-aoai-apikey.lock.yml index 05fca4ab840..90d951b7862 100644 --- a/.github/workflows/smoke-copilot-aoai-apikey.lock.yml +++ b/.github/workflows/smoke-copilot-aoai-apikey.lock.yml @@ -1168,7 +1168,7 @@ jobs: ] }, "pull_request_number": { - "optionalPositiveInteger": true + "issueOrPRNumber": true }, "repo": { "type": "string", diff --git a/.github/workflows/smoke-copilot-aoai-entra.lock.yml b/.github/workflows/smoke-copilot-aoai-entra.lock.yml index b956d54065f..2dd7ce15d8b 100644 --- a/.github/workflows/smoke-copilot-aoai-entra.lock.yml +++ b/.github/workflows/smoke-copilot-aoai-entra.lock.yml @@ -1169,7 +1169,7 @@ jobs: ] }, "pull_request_number": { - "optionalPositiveInteger": true + "issueOrPRNumber": true }, "repo": { "type": "string", diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index a84512ac19f..838dc591aa4 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -1037,7 +1037,7 @@ jobs: ] }, "pull_request_number": { - "optionalPositiveInteger": true + "issueOrPRNumber": true }, "repo": { "type": "string", diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 6ec9501f68a..568e58f5714 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -1174,7 +1174,7 @@ jobs: ] }, "pull_request_number": { - "optionalPositiveInteger": true + "issueOrPRNumber": true }, "repo": { "type": "string", diff --git a/.github/workflows/test-quality-sentinel.lock.yml b/.github/workflows/test-quality-sentinel.lock.yml index 416ffad3543..c87faeb4013 100644 --- a/.github/workflows/test-quality-sentinel.lock.yml +++ b/.github/workflows/test-quality-sentinel.lock.yml @@ -731,7 +731,7 @@ jobs: ] }, "pull_request_number": { - "optionalPositiveInteger": true + "issueOrPRNumber": true }, "repo": { "type": "string", From fd0d48665abca58a4a024dfe2f843fb99c2c8fab Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 17 Jun 2026 12:37:21 +0000 Subject: [PATCH 3/6] Fix uncheckedtypeassertion safe-form detection Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../uncheckedtypeassertion.go | 22 ++++++++++++++++ .../uncheckedtypeassertion.go | 26 ++++++++++++++----- 2 files changed, 42 insertions(+), 6 deletions(-) diff --git a/pkg/linters/uncheckedtypeassertion/testdata/src/uncheckedtypeassertion/uncheckedtypeassertion.go b/pkg/linters/uncheckedtypeassertion/testdata/src/uncheckedtypeassertion/uncheckedtypeassertion.go index ebff00dbe42..512d07bcdbf 100644 --- a/pkg/linters/uncheckedtypeassertion/testdata/src/uncheckedtypeassertion/uncheckedtypeassertion.go +++ b/pkg/linters/uncheckedtypeassertion/testdata/src/uncheckedtypeassertion/uncheckedtypeassertion.go @@ -35,6 +35,28 @@ func GoodTwoValueBlankOk(v interface{}) string { return s } +// Good: two-value var declaration is safe. +func GoodTwoValueVarDecl(v interface{}) { + var s, ok = v.(string) + if ok { + fmt.Println(s) + } +} + +// Good: parenthesized two-value assignment is safe. +func GoodTwoValueParen(v interface{}) { + s, ok := (v.(string)) + if ok { + fmt.Println(s) + } +} + +// Bad: single-value var declaration may panic. +func BadSingleValueVarDecl(v interface{}) { + var s = v.(string) // want `type assertion x\.\(string\) is unchecked and may panic` + fmt.Println(s) +} + func SuppressedPreviousLine(v interface{}) string { //nolint:uncheckedtypeassertion return v.(string) diff --git a/pkg/linters/uncheckedtypeassertion/uncheckedtypeassertion.go b/pkg/linters/uncheckedtypeassertion/uncheckedtypeassertion.go index a795b9d4923..f7b4ec47677 100644 --- a/pkg/linters/uncheckedtypeassertion/uncheckedtypeassertion.go +++ b/pkg/linters/uncheckedtypeassertion/uncheckedtypeassertion.go @@ -74,10 +74,8 @@ func inspectTypeAssertExpr(pass *analysis.Pass, noLintLinesByFile map[string]map // Skip the safe two-value form: v, ok := x.(T) or v, ok = x.(T) if parents != nil { - if assign, ok := parents[typeAssert].(*ast.AssignStmt); ok { - if isSafeTwoValueAssertion(assign) { - return - } + if isSafeTwoValueAssertion(typeAssert, parents) { + return } } @@ -96,8 +94,24 @@ func inspectTypeAssertExpr(pass *analysis.Pass, noLintLinesByFile map[string]map ) } -func isSafeTwoValueAssertion(assign *ast.AssignStmt) bool { - return len(assign.Lhs) == 2 && len(assign.Rhs) == 1 +func isSafeTwoValueAssertion(typeAssert *ast.TypeAssertExpr, parents map[ast.Node]ast.Node) bool { + parent := parents[typeAssert] + for parent != nil { + paren, ok := parent.(*ast.ParenExpr) + if !ok { + break + } + parent = parents[paren] + } + + switch p := parent.(type) { + case *ast.AssignStmt: + return len(p.Lhs) == 2 && len(p.Rhs) == 1 + case *ast.ValueSpec: + return len(p.Names) == 2 && len(p.Values) == 1 + default: + return false + } } // buildParentMap constructs a map from each AST node to its direct parent node. From 8148795f3e3698a99eee94261b3d5e86af04d671 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 17 Jun 2026 13:53:41 +0000 Subject: [PATCH 4/6] Drop unrelated workflow lockfile changes from PR Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/grumpy-reviewer.lock.yml | 3 +-- .../mattpocock-skills-reviewer.lock.yml | 3 +-- .../pr-code-quality-reviewer.lock.yml | 3 +-- .../workflows/pr-nitpick-reviewer.lock.yml | 3 +-- .github/workflows/pr-triage-agent.lock.yml | 3 +-- .github/workflows/refiner.lock.yml | 3 +-- .github/workflows/security-review.lock.yml | 3 +-- .github/workflows/smoke-claude.lock.yml | 27 +++++++++---------- .../smoke-copilot-aoai-apikey.lock.yml | 3 +-- .../smoke-copilot-aoai-entra.lock.yml | 3 +-- .github/workflows/smoke-copilot-arm.lock.yml | 3 +-- .github/workflows/smoke-copilot.lock.yml | 3 +-- .../workflows/test-quality-sentinel.lock.yml | 3 +-- 13 files changed, 25 insertions(+), 38 deletions(-) diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index 235620f694d..8f0e369a80f 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -1897,8 +1897,7 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. - run: | + run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/mattpocock-skills-reviewer.lock.yml b/.github/workflows/mattpocock-skills-reviewer.lock.yml index 700ecf36ac1..0b867217b26 100644 --- a/.github/workflows/mattpocock-skills-reviewer.lock.yml +++ b/.github/workflows/mattpocock-skills-reviewer.lock.yml @@ -1838,8 +1838,7 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. - run: | + run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/pr-code-quality-reviewer.lock.yml b/.github/workflows/pr-code-quality-reviewer.lock.yml index d45a2313870..c30ea24662c 100644 --- a/.github/workflows/pr-code-quality-reviewer.lock.yml +++ b/.github/workflows/pr-code-quality-reviewer.lock.yml @@ -1795,8 +1795,7 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. - run: | + run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 6130f10bf6c..967d54951bd 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -1841,8 +1841,7 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. - run: | + run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index 36618b1e0ce..d7b21cd936a 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -1891,8 +1891,7 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. - run: | + run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/refiner.lock.yml b/.github/workflows/refiner.lock.yml index b9c4c472934..2a823efe5d8 100644 --- a/.github/workflows/refiner.lock.yml +++ b/.github/workflows/refiner.lock.yml @@ -1860,8 +1860,7 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. - run: | + run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index 813428b8085..7df98126d06 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -1882,8 +1882,7 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. - run: | + run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 0b49593d1c6..532d602a5a1 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"290718d5cf09b3f1c24c9f3eaa706219fdfec9d17dc7ee5e46c78fe4f75189e2","body_hash":"36c065e0560b79a1c971cb1ef686449073e0170c2e67f5e10ecd9ebd481b02fc","agent_id":"claude","engine_versions":{"claude":"2.1.178"}} +# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"290718d5cf09b3f1c24c9f3eaa706219fdfec9d17dc7ee5e46c78fe4f75189e2","body_hash":"36c065e0560b79a1c971cb1ef686449073e0170c2e67f5e10ecd9ebd481b02fc","agent_id":"claude","engine_versions":{"claude":"2.1.179"}} # gh-aw-manifest: {"version":1,"secrets":["ANTHROPIC_API_KEY","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN","TAVILY_API_KEY"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6.0.3"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-go","sha":"4a3601121dd01d1626a1e23e37211e3254c1c06c","version":"v6.4.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"docker/build-push-action","sha":"f9f3042f7e2789586610d6e8b85c8f03e5195baf","version":"v7.2.0"},{"repo":"docker/setup-buildx-action","sha":"d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5","version":"v4.1.0"},{"repo":"github/codeql-action/upload-sarif","sha":"8aad20d150bbac5944a9f9d289da16a4b0d87c1e","version":"v4.36.2"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.27.4","digest":"sha256:b268ebf37df2428b19efcb383f001d65dc6a5ec10af43feb886d1a8477ab0e3a","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.27.4@sha256:b268ebf37df2428b19efcb383f001d65dc6a5ec10af43feb886d1a8477ab0e3a"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.4","digest":"sha256:3ea0d12a2d124db8ed6e2d18aff040e30ab3568161f258a132fccdeede4198cd","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.4@sha256:3ea0d12a2d124db8ed6e2d18aff040e30ab3568161f258a132fccdeede4198cd"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.4","digest":"sha256:72c378c029d2fad4684847ab44c329e526ac6b1a78cdf97656870ea11d201545","pinned_image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.4@sha256:72c378c029d2fad4684847ab44c329e526ac6b1a78cdf97656870ea11d201545"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.27.4","digest":"sha256:87979038897e40caed22245b64d1daa796390d2dca289b99d3d1174c85740af8","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.27.4@sha256:87979038897e40caed22245b64d1daa796390d2dca289b99d3d1174c85740af8"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.26","digest":"sha256:d3b03f54eee3a8176818c9a52087623e45b7f644a28814337fcc0838e2534490","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.26@sha256:d3b03f54eee3a8176818c9a52087623e45b7f644a28814337fcc0838e2534490"},{"image":"ghcr.io/github/gh-aw-node","digest":"sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b","pinned_image":"ghcr.io/github/gh-aw-node@sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b"},{"image":"ghcr.io/github/github-mcp-server:v1.3.0","digest":"sha256:5c83359327a0bacc3d34db730bea6557d39d341cee0bf6c58c9a896e33150e80","pinned_image":"ghcr.io/github/github-mcp-server:v1.3.0@sha256:5c83359327a0bacc3d34db730bea6557d39d341cee0bf6c58c9a896e33150e80"}]} # This file was automatically generated by gh-aw. DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md # @@ -152,7 +152,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.178" + GH_AW_INFO_VERSION: "2.1.179" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Mask OTLP telemetry headers @@ -163,8 +163,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || vars.GH_AW_DEFAULT_MODEL_CLAUDE || 'agent' }} - GH_AW_INFO_VERSION: "2.1.178" - GH_AW_INFO_AGENT_VERSION: "2.1.178" + GH_AW_INFO_VERSION: "2.1.179" + GH_AW_INFO_AGENT_VERSION: "2.1.179" GH_AW_INFO_WORKFLOW_NAME: "Smoke Claude" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -689,7 +689,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.178" + GH_AW_INFO_VERSION: "2.1.179" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Set runtime paths @@ -810,7 +810,7 @@ jobs: - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.27.4 - name: Install Claude Code CLI - run: npm install -g @anthropic-ai/claude-code@2.1.178 + run: npm install -g @anthropic-ai/claude-code@2.1.179 - name: Install Playwright CLI run: npm install -g @playwright/cli@0.1.14 env: @@ -2021,7 +2021,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.178" + GH_AW_INFO_VERSION: "2.1.179" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Download agent output artifact @@ -2285,7 +2285,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.178" + GH_AW_INFO_VERSION: "2.1.179" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Download agent output artifact @@ -2378,7 +2378,7 @@ jobs: - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.27.4 - name: Install Claude Code CLI - run: npm install -g @anthropic-ai/claude-code@2.1.178 + run: npm install -g @anthropic-ai/claude-code@2.1.179 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' continue-on-error: true @@ -2549,7 +2549,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.178" + GH_AW_INFO_VERSION: "2.1.179" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Check team membership for command workflow @@ -2642,7 +2642,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.178" + GH_AW_INFO_VERSION: "2.1.179" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Mask OTLP telemetry headers @@ -2664,8 +2664,7 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. - run: | + run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" @@ -2760,7 +2759,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.178" + GH_AW_INFO_VERSION: "2.1.179" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Download cache-memory artifact (default) diff --git a/.github/workflows/smoke-copilot-aoai-apikey.lock.yml b/.github/workflows/smoke-copilot-aoai-apikey.lock.yml index 90d951b7862..411ad575a37 100644 --- a/.github/workflows/smoke-copilot-aoai-apikey.lock.yml +++ b/.github/workflows/smoke-copilot-aoai-apikey.lock.yml @@ -2897,8 +2897,7 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. - run: | + run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/smoke-copilot-aoai-entra.lock.yml b/.github/workflows/smoke-copilot-aoai-entra.lock.yml index 2dd7ce15d8b..00a877f8dd0 100644 --- a/.github/workflows/smoke-copilot-aoai-entra.lock.yml +++ b/.github/workflows/smoke-copilot-aoai-entra.lock.yml @@ -2908,8 +2908,7 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. - run: | + run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index 838dc591aa4..901de12389c 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -2667,8 +2667,7 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. - run: | + run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 568e58f5714..9b968f197be 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -2899,8 +2899,7 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. - run: | + run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/test-quality-sentinel.lock.yml b/.github/workflows/test-quality-sentinel.lock.yml index c87faeb4013..5e9febcf480 100644 --- a/.github/workflows/test-quality-sentinel.lock.yml +++ b/.github/workflows/test-quality-sentinel.lock.yml @@ -1812,8 +1812,7 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. - run: | + run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" From d46167ebefec53d9ea308f511132c0491605d98a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 17 Jun 2026 14:03:19 +0000 Subject: [PATCH 5/6] Revert unintended workflow lockfile edits Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/grumpy-reviewer.lock.yml | 5 ++-- .../mattpocock-skills-reviewer.lock.yml | 5 ++-- .../pr-code-quality-reviewer.lock.yml | 5 ++-- .../workflows/pr-nitpick-reviewer.lock.yml | 5 ++-- .github/workflows/pr-triage-agent.lock.yml | 5 ++-- .github/workflows/refiner.lock.yml | 5 ++-- .github/workflows/security-review.lock.yml | 5 ++-- .github/workflows/smoke-claude.lock.yml | 29 ++++++++++--------- .../smoke-copilot-aoai-apikey.lock.yml | 5 ++-- .../smoke-copilot-aoai-entra.lock.yml | 5 ++-- .github/workflows/smoke-copilot-arm.lock.yml | 5 ++-- .github/workflows/smoke-copilot.lock.yml | 5 ++-- .../workflows/test-quality-sentinel.lock.yml | 5 ++-- 13 files changed, 51 insertions(+), 38 deletions(-) diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index 8f0e369a80f..f0767b939c0 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -742,7 +742,7 @@ jobs: ] }, "pull_request_number": { - "issueOrPRNumber": true + "optionalPositiveInteger": true }, "repo": { "type": "string", @@ -1897,7 +1897,8 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + run: | # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/mattpocock-skills-reviewer.lock.yml b/.github/workflows/mattpocock-skills-reviewer.lock.yml index 0b867217b26..630293ffdf3 100644 --- a/.github/workflows/mattpocock-skills-reviewer.lock.yml +++ b/.github/workflows/mattpocock-skills-reviewer.lock.yml @@ -772,7 +772,7 @@ jobs: ] }, "pull_request_number": { - "issueOrPRNumber": true + "optionalPositiveInteger": true }, "repo": { "type": "string", @@ -1838,7 +1838,8 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + run: | # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/pr-code-quality-reviewer.lock.yml b/.github/workflows/pr-code-quality-reviewer.lock.yml index c30ea24662c..c54b67124fe 100644 --- a/.github/workflows/pr-code-quality-reviewer.lock.yml +++ b/.github/workflows/pr-code-quality-reviewer.lock.yml @@ -736,7 +736,7 @@ jobs: ] }, "pull_request_number": { - "issueOrPRNumber": true + "optionalPositiveInteger": true }, "repo": { "type": "string", @@ -1795,7 +1795,8 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + run: | # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 967d54951bd..8c2646e811d 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -771,7 +771,7 @@ jobs: ] }, "pull_request_number": { - "issueOrPRNumber": true + "optionalPositiveInteger": true }, "repo": { "type": "string", @@ -1841,7 +1841,8 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + run: | # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index d7b21cd936a..a5f1b83fdef 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -790,7 +790,7 @@ jobs: ] }, "pull_request_number": { - "issueOrPRNumber": true + "optionalPositiveInteger": true }, "repo": { "type": "string", @@ -1891,7 +1891,8 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + run: | # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/refiner.lock.yml b/.github/workflows/refiner.lock.yml index 2a823efe5d8..e316b50c6a2 100644 --- a/.github/workflows/refiner.lock.yml +++ b/.github/workflows/refiner.lock.yml @@ -784,7 +784,7 @@ jobs: ] }, "pull_request_number": { - "issueOrPRNumber": true + "optionalPositiveInteger": true }, "repo": { "type": "string", @@ -1860,7 +1860,8 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + run: | # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index 7df98126d06..cc0487ee1b3 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -802,7 +802,7 @@ jobs: ] }, "pull_request_number": { - "issueOrPRNumber": true + "optionalPositiveInteger": true }, "repo": { "type": "string", @@ -1882,7 +1882,8 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + run: | # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 532d602a5a1..09e2304f27e 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"290718d5cf09b3f1c24c9f3eaa706219fdfec9d17dc7ee5e46c78fe4f75189e2","body_hash":"36c065e0560b79a1c971cb1ef686449073e0170c2e67f5e10ecd9ebd481b02fc","agent_id":"claude","engine_versions":{"claude":"2.1.179"}} +# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"290718d5cf09b3f1c24c9f3eaa706219fdfec9d17dc7ee5e46c78fe4f75189e2","body_hash":"36c065e0560b79a1c971cb1ef686449073e0170c2e67f5e10ecd9ebd481b02fc","agent_id":"claude","engine_versions":{"claude":"2.1.178"}} # gh-aw-manifest: {"version":1,"secrets":["ANTHROPIC_API_KEY","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN","TAVILY_API_KEY"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"df4cb1c069e1874edd31b4311f1884172cec0e10","version":"v6.0.3"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-go","sha":"4a3601121dd01d1626a1e23e37211e3254c1c06c","version":"v6.4.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"docker/build-push-action","sha":"f9f3042f7e2789586610d6e8b85c8f03e5195baf","version":"v7.2.0"},{"repo":"docker/setup-buildx-action","sha":"d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5","version":"v4.1.0"},{"repo":"github/codeql-action/upload-sarif","sha":"8aad20d150bbac5944a9f9d289da16a4b0d87c1e","version":"v4.36.2"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.27.4","digest":"sha256:b268ebf37df2428b19efcb383f001d65dc6a5ec10af43feb886d1a8477ab0e3a","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.27.4@sha256:b268ebf37df2428b19efcb383f001d65dc6a5ec10af43feb886d1a8477ab0e3a"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.4","digest":"sha256:3ea0d12a2d124db8ed6e2d18aff040e30ab3568161f258a132fccdeede4198cd","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.4@sha256:3ea0d12a2d124db8ed6e2d18aff040e30ab3568161f258a132fccdeede4198cd"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.4","digest":"sha256:72c378c029d2fad4684847ab44c329e526ac6b1a78cdf97656870ea11d201545","pinned_image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.27.4@sha256:72c378c029d2fad4684847ab44c329e526ac6b1a78cdf97656870ea11d201545"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.27.4","digest":"sha256:87979038897e40caed22245b64d1daa796390d2dca289b99d3d1174c85740af8","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.27.4@sha256:87979038897e40caed22245b64d1daa796390d2dca289b99d3d1174c85740af8"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.26","digest":"sha256:d3b03f54eee3a8176818c9a52087623e45b7f644a28814337fcc0838e2534490","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.26@sha256:d3b03f54eee3a8176818c9a52087623e45b7f644a28814337fcc0838e2534490"},{"image":"ghcr.io/github/gh-aw-node","digest":"sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b","pinned_image":"ghcr.io/github/gh-aw-node@sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b"},{"image":"ghcr.io/github/github-mcp-server:v1.3.0","digest":"sha256:5c83359327a0bacc3d34db730bea6557d39d341cee0bf6c58c9a896e33150e80","pinned_image":"ghcr.io/github/github-mcp-server:v1.3.0@sha256:5c83359327a0bacc3d34db730bea6557d39d341cee0bf6c58c9a896e33150e80"}]} # This file was automatically generated by gh-aw. DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md # @@ -152,7 +152,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.179" + GH_AW_INFO_VERSION: "2.1.178" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Mask OTLP telemetry headers @@ -163,8 +163,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || vars.GH_AW_DEFAULT_MODEL_CLAUDE || 'agent' }} - GH_AW_INFO_VERSION: "2.1.179" - GH_AW_INFO_AGENT_VERSION: "2.1.179" + GH_AW_INFO_VERSION: "2.1.178" + GH_AW_INFO_AGENT_VERSION: "2.1.178" GH_AW_INFO_WORKFLOW_NAME: "Smoke Claude" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -689,7 +689,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.179" + GH_AW_INFO_VERSION: "2.1.178" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Set runtime paths @@ -810,7 +810,7 @@ jobs: - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.27.4 - name: Install Claude Code CLI - run: npm install -g @anthropic-ai/claude-code@2.1.179 + run: npm install -g @anthropic-ai/claude-code@2.1.178 - name: Install Playwright CLI run: npm install -g @playwright/cli@0.1.14 env: @@ -1252,7 +1252,7 @@ jobs: ] }, "pull_request_number": { - "issueOrPRNumber": true + "optionalPositiveInteger": true }, "repo": { "type": "string", @@ -2021,7 +2021,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.179" + GH_AW_INFO_VERSION: "2.1.178" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Download agent output artifact @@ -2285,7 +2285,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.179" + GH_AW_INFO_VERSION: "2.1.178" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Download agent output artifact @@ -2378,7 +2378,7 @@ jobs: - name: Install AWF binary run: bash "${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh" v0.27.4 - name: Install Claude Code CLI - run: npm install -g @anthropic-ai/claude-code@2.1.179 + run: npm install -g @anthropic-ai/claude-code@2.1.178 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' continue-on-error: true @@ -2549,7 +2549,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.179" + GH_AW_INFO_VERSION: "2.1.178" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Check team membership for command workflow @@ -2642,7 +2642,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.179" + GH_AW_INFO_VERSION: "2.1.178" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Mask OTLP telemetry headers @@ -2664,7 +2664,8 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + run: | # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" @@ -2759,7 +2760,7 @@ jobs: env: GH_AW_SETUP_WORKFLOW_NAME: "Smoke Claude" GH_AW_CURRENT_WORKFLOW_REF: ${{ github.repository }}/.github/workflows/smoke-claude.lock.yml@${{ github.ref }} - GH_AW_INFO_VERSION: "2.1.179" + GH_AW_INFO_VERSION: "2.1.178" GH_AW_INFO_AWF_VERSION: "v0.27.4" GH_AW_INFO_ENGINE_ID: "claude" - name: Download cache-memory artifact (default) diff --git a/.github/workflows/smoke-copilot-aoai-apikey.lock.yml b/.github/workflows/smoke-copilot-aoai-apikey.lock.yml index 411ad575a37..05fca4ab840 100644 --- a/.github/workflows/smoke-copilot-aoai-apikey.lock.yml +++ b/.github/workflows/smoke-copilot-aoai-apikey.lock.yml @@ -1168,7 +1168,7 @@ jobs: ] }, "pull_request_number": { - "issueOrPRNumber": true + "optionalPositiveInteger": true }, "repo": { "type": "string", @@ -2897,7 +2897,8 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + run: | # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/smoke-copilot-aoai-entra.lock.yml b/.github/workflows/smoke-copilot-aoai-entra.lock.yml index 00a877f8dd0..b956d54065f 100644 --- a/.github/workflows/smoke-copilot-aoai-entra.lock.yml +++ b/.github/workflows/smoke-copilot-aoai-entra.lock.yml @@ -1169,7 +1169,7 @@ jobs: ] }, "pull_request_number": { - "issueOrPRNumber": true + "optionalPositiveInteger": true }, "repo": { "type": "string", @@ -2908,7 +2908,8 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + run: | # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index 901de12389c..a84512ac19f 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -1037,7 +1037,7 @@ jobs: ] }, "pull_request_number": { - "issueOrPRNumber": true + "optionalPositiveInteger": true }, "repo": { "type": "string", @@ -2667,7 +2667,8 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + run: | # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 9b968f197be..6ec9501f68a 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -1174,7 +1174,7 @@ jobs: ] }, "pull_request_number": { - "issueOrPRNumber": true + "optionalPositiveInteger": true }, "repo": { "type": "string", @@ -2899,7 +2899,8 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + run: | # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" diff --git a/.github/workflows/test-quality-sentinel.lock.yml b/.github/workflows/test-quality-sentinel.lock.yml index 5e9febcf480..416ffad3543 100644 --- a/.github/workflows/test-quality-sentinel.lock.yml +++ b/.github/workflows/test-quality-sentinel.lock.yml @@ -731,7 +731,7 @@ jobs: ] }, "pull_request_number": { - "issueOrPRNumber": true + "optionalPositiveInteger": true }, "repo": { "type": "string", @@ -1812,7 +1812,8 @@ jobs: - name: Configure GH_HOST for enterprise compatibility id: ghes-host-config shell: bash - run: | # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + # zizmor: ignore[github-env] - GITHUB_SERVER_URL is set by GitHub Actions, not user input. + run: | # Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct # GitHub instance (GHES/GHEC). On github.com this is a harmless no-op. GH_HOST="${GITHUB_SERVER_URL#https://}" From 5709918b301a6c4f0d2f436fbc00695fa1a2233c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 17 Jun 2026 14:08:47 +0000 Subject: [PATCH 6/6] Add missing uncheckedtypeassertion paren fixture coverage Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../uncheckedtypeassertion.go | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/pkg/linters/uncheckedtypeassertion/testdata/src/uncheckedtypeassertion/uncheckedtypeassertion.go b/pkg/linters/uncheckedtypeassertion/testdata/src/uncheckedtypeassertion/uncheckedtypeassertion.go index 512d07bcdbf..aa1757dd5d7 100644 --- a/pkg/linters/uncheckedtypeassertion/testdata/src/uncheckedtypeassertion/uncheckedtypeassertion.go +++ b/pkg/linters/uncheckedtypeassertion/testdata/src/uncheckedtypeassertion/uncheckedtypeassertion.go @@ -51,6 +51,32 @@ func GoodTwoValueParen(v interface{}) { } } +// Good: parenthesized two-value re-assignment is safe. +func GoodTwoValueParenAssign(v interface{}) { + var s string + var ok bool + s, ok = (v.(string)) + if ok { + fmt.Println(s) + } +} + +// Good: parenthesized two-value var declaration is safe. +func GoodTwoValueVarDeclParen(v interface{}) { + var s, ok = (v.(string)) + if ok { + fmt.Println(s) + } +} + +// Good: double-parenthesized two-value assignment is safe. +func GoodTwoValueDoubleParen(v interface{}) { + s, ok := ((v.(string))) + if ok { + fmt.Println(s) + } +} + // Bad: single-value var declaration may panic. func BadSingleValueVarDecl(v interface{}) { var s = v.(string) // want `type assertion x\.\(string\) is unchecked and may panic`