chore: upgrade gh-aw to v0.80.6 and recompile workflows#5294
Merged
Conversation
Upgrade gh-aw extension v0.79.6 -> v0.80.6 (latest pre-release) via
`gh aw upgrade` + smoke post-processing.
- compiler_version v0.79.6 -> v0.80.6 across all lock files
- gh-aw-actions/setup pin v0.79.6 -> v0.80.6
- firewall container pins bumped to 0.27.7; github-mcp-server v1.3.0
- checkout action codemod v6.0.3 -> v7.0.0
- expression-injection codemod hoists inline ${{ }} into env: entries
- update CI workflow test expectations for new pins and env-based
expression variables (security-guard, export-audit,
test-coverage-improver, test-coverage-reporter)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (1 files)
Coverage comparison generated by |
Contributor
There was a problem hiding this comment.
Pull request overview
Upgrades the repository’s agentic workflow toolchain to gh-aw v0.80.6 and refreshes the generated workflow lock files and related CI tests, including new action/container pins and safer handling of ${{ }} expressions inside run: blocks.
Changes:
- Bump workflow compiler/action pins and refresh
.github/aw/actions-lock.jsonentries (e.g.,actions/checkout@v7.0.0,github/gh-aw-actions/setup@v0.80.6,github-mcp-server:v1.3.0). - Regenerate/adjust agentic workflow sources and lock files (notably smoke workflows and coverage reporter).
- Update CI expectations in
scripts/ci/*.test.tsto match the new pins and expression-to-env:pattern.
Show a summary per file
| File | Description |
|---|---|
| scripts/ci/test-coverage-reporter-workflow.test.ts | Updates assertions to validate the new env-based expression variable pattern in the compiled lock. |
| scripts/ci/test-coverage-improver-workflow.test.ts | Refreshes expected action/container pins for the upgraded workflows. |
| scripts/ci/security-guard-workflow.test.ts | Refreshes expected setup and github-mcp-server pins. |
| scripts/ci/export-audit-workflow.test.ts | Refreshes expected github-mcp-server pin. |
| .github/workflows/test-coverage-reporter.md | Hoists ${{ ... }} expressions into env: and consumes them safely in run:. |
| .github/workflows/smoke-gemini.lock.yml | Regenerated lock with updated compiler, action/container pins, and new guardrail/cache wiring. |
| .github/workflows/smoke-copilot.md | Bumps actions/checkout pin in workflow source. |
| .github/workflows/smoke-codex.md | Bumps actions/checkout pin in workflow source. |
| .github/workflows/smoke-claude.md | Bumps actions/checkout pin in workflow source. |
| .github/workflows/smoke-claude.lock.yml | Regenerated lock with updated compiler, action/container pins, and new guardrail/cache wiring. |
| .github/workflows/duplicate-code-detector.md | Hoists ${{ github.repository }} into env: and uses it in run:. |
| .github/workflows/doc-maintainer.md | Bumps actions/checkout version in workflow source. |
| .github/workflows/contribution-check.lock.yml | Regenerated lock with updated compiler/pins and updated runtime wiring. |
| .github/workflows/ci-cd-gaps-assessment.lock.yml | Regenerated lock with updated compiler/pins and updated runtime wiring. |
| .github/aw/actions-lock.json | Updates pinned action entries (notably checkout/setup-java/gh-aw actions) for workflow compilation. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 21/53 changed files
- Comments generated: 0
This was referenced Jun 19, 2026
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Upgrades the
gh-awextension from v0.79.6 → v0.80.6 (latest pre-release) and recompiles all agentic workflow lock files viagh aw upgrade+ the requiredscripts/ci/postprocess-smoke-workflows.tspost-processing.Changes
compiler_versionv0.79.6 → v0.80.6across all*.lock.yml.github/gh-aw-actions/setupv0.79.6 → v0.80.6actions/checkoutv6.0.3 → v7.0.0(codemod, applied to.mdsources)actions/cacheand other action SHAs refreshed inactions-lock.json0.27.7;github-mcp-serverv1.1.2 → v1.3.0.${{ ... }}expressions inrun:steps are now hoisted intoenv:entries (e.g.GH_AW_EXPR_*/EXPR_*), expanded safely at runtime.security-guard,export-audit,test-coverage-improver, andtest-coverage-reporterworkflow tests.Validation
npm run build✅npm run lint✅ (0 errors)npm run test:unit✅ (2859/2859)npx jest scripts/ci✅ (156/156)Generated lock files were produced by
gh aw upgrade+postprocess-smoke-workflows.ts; do not hand-edit.Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com