From 6d936b6a26e9ddadf770f71ec2e2a02c8c7bf2a3 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 9 Feb 2026 16:22:15 +0000 Subject: [PATCH 1/7] Initial plan From e6919e76cbf8dfe018c628aec9b4f363714dd8d6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 9 Feb 2026 16:31:32 +0000 Subject: [PATCH 2/7] fix(proxy): add Java proxy configuration via JAVA_TOOL_OPTIONS Maven and other Java tools don't automatically respect HTTP_PROXY/HTTPS_PROXY environment variables. They require Java system properties to configure proxy settings. This fix adds JAVA_TOOL_OPTIONS environment variable to automatically configure Java proxy settings for all JVMs running in the agent container: - Sets http.proxyHost and http.proxyPort for HTTP traffic - Sets https.proxyHost and https.proxyPort for HTTPS traffic - Adds http.nonProxyHosts when host access is enabled This resolves the "Unsupported or unrecognized SSL message" error that Maven was experiencing when trying to access repo.maven.apache.org through AWF. Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> --- src/docker-manager.ts | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/docker-manager.ts b/src/docker-manager.ts index e30923c53..fb7e0e249 100644 --- a/src/docker-manager.ts +++ b/src/docker-manager.ts @@ -326,6 +326,10 @@ export function generateDockerCompose( const environment: Record = { HTTP_PROXY: `http://${networkConfig.squidIp}:${SQUID_PORT}`, HTTPS_PROXY: `http://${networkConfig.squidIp}:${SQUID_PORT}`, + // Java applications don't automatically respect HTTP_PROXY/HTTPS_PROXY environment variables. + // Use JAVA_TOOL_OPTIONS to configure Java proxy settings for Maven, Gradle, and other Java tools. + // This environment variable is automatically picked up by all JVMs. + JAVA_TOOL_OPTIONS: `-Dhttp.proxyHost=${networkConfig.squidIp} -Dhttp.proxyPort=${SQUID_PORT} -Dhttps.proxyHost=${networkConfig.squidIp} -Dhttps.proxyPort=${SQUID_PORT}`, SQUID_PROXY_HOST: 'squid-proxy', SQUID_PROXY_PORT: SQUID_PORT.toString(), HOME: homeDir, @@ -342,6 +346,12 @@ export function generateDockerCompose( const networkGatewayIp = `${parts[0]}.${parts[1]}.${parts[2]}.1`; environment.NO_PROXY = `localhost,127.0.0.1,${networkConfig.squidIp},host.docker.internal,${networkGatewayIp}`; environment.no_proxy = environment.NO_PROXY; + + // Java uses a different format for non-proxy hosts (pipe-separated, not comma-separated) + // and doesn't support IP addresses well, so we use hostnames/patterns where possible + const javaNoProxy = `localhost|127.0.0.1|host.docker.internal`; + // Append Java-specific NO_PROXY settings to JAVA_TOOL_OPTIONS + environment.JAVA_TOOL_OPTIONS += ` -Dhttp.nonProxyHosts="${javaNoProxy}"`; } // For chroot mode, pass the host's actual PATH and tool directories so the entrypoint can use them From 5ec82d5955a12f2aa8dc61f8487053e5f14ebec5 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 9 Feb 2026 16:34:05 +0000 Subject: [PATCH 3/7] test: add tests for JAVA_TOOL_OPTIONS proxy configuration Added unit tests to verify that JAVA_TOOL_OPTIONS environment variable is correctly configured with Java proxy settings: - Base proxy configuration (proxyHost, proxyPort for HTTP/HTTPS) - Non-proxy hosts configuration when host access is enabled All 139 tests in docker-manager.test.ts pass. Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> --- src/docker-manager.test.ts | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/docker-manager.test.ts b/src/docker-manager.test.ts index bffec27fd..45867e681 100644 --- a/src/docker-manager.test.ts +++ b/src/docker-manager.test.ts @@ -485,6 +485,30 @@ describe('docker-manager', () => { expect(env.SQUID_PROXY_PORT).toBe('3128'); }); + it('should configure JAVA_TOOL_OPTIONS with proxy settings for Java applications', () => { + const result = generateDockerCompose(mockConfig, mockNetworkConfig); + const agent = result.services.agent; + const env = agent.environment as Record; + + expect(env.JAVA_TOOL_OPTIONS).toBeDefined(); + expect(env.JAVA_TOOL_OPTIONS).toContain('-Dhttp.proxyHost=172.30.0.10'); + expect(env.JAVA_TOOL_OPTIONS).toContain('-Dhttp.proxyPort=3128'); + expect(env.JAVA_TOOL_OPTIONS).toContain('-Dhttps.proxyHost=172.30.0.10'); + expect(env.JAVA_TOOL_OPTIONS).toContain('-Dhttps.proxyPort=3128'); + }); + + it('should add http.nonProxyHosts to JAVA_TOOL_OPTIONS when host access is enabled', () => { + const configWithHostAccess = { ...mockConfig, enableHostAccess: true }; + const result = generateDockerCompose(configWithHostAccess, mockNetworkConfig); + const agent = result.services.agent; + const env = agent.environment as Record; + + expect(env.JAVA_TOOL_OPTIONS).toContain('-Dhttp.nonProxyHosts='); + expect(env.JAVA_TOOL_OPTIONS).toContain('localhost'); + expect(env.JAVA_TOOL_OPTIONS).toContain('127.0.0.1'); + expect(env.JAVA_TOOL_OPTIONS).toContain('host.docker.internal'); + }); + it('should mount required volumes in agent container (default behavior)', () => { const result = generateDockerCompose(mockConfig, mockNetworkConfig); const agent = result.services.agent; From d9a498d15ed104dbc1e7def1031fb888d2283453 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 9 Feb 2026 16:36:48 +0000 Subject: [PATCH 4/7] fix: address code review feedback on JAVA_TOOL_OPTIONS - Use explicit concatenation instead of += to avoid potential undefined errors - Add comment explaining why 127.0.0.1 is included despite Java IP address limitation --- src/docker-manager.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/docker-manager.ts b/src/docker-manager.ts index fb7e0e249..09e6fcb83 100644 --- a/src/docker-manager.ts +++ b/src/docker-manager.ts @@ -348,10 +348,11 @@ export function generateDockerCompose( environment.no_proxy = environment.NO_PROXY; // Java uses a different format for non-proxy hosts (pipe-separated, not comma-separated) - // and doesn't support IP addresses well, so we use hostnames/patterns where possible + // and doesn't support IP addresses well, but 127.0.0.1 is a special case that should be included + // for localhost connections that may use the IP address directly const javaNoProxy = `localhost|127.0.0.1|host.docker.internal`; - // Append Java-specific NO_PROXY settings to JAVA_TOOL_OPTIONS - environment.JAVA_TOOL_OPTIONS += ` -Dhttp.nonProxyHosts="${javaNoProxy}"`; + // Append Java-specific NO_PROXY settings to JAVA_TOOL_OPTIONS (which is guaranteed to exist) + environment.JAVA_TOOL_OPTIONS = `${environment.JAVA_TOOL_OPTIONS} -Dhttp.nonProxyHosts="${javaNoProxy}"`; } // For chroot mode, pass the host's actual PATH and tool directories so the entrypoint can use them From 1975fb22188161df41ef27f5f37aa1ea16b59166 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 9 Feb 2026 18:25:06 +0000 Subject: [PATCH 5/7] feat: add Java proxy configuration validation to build-test-java workflow Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com> --- .github/workflows/agentics-maintenance.yml | 4 +- .github/workflows/build-test-bun.lock.yml | 36 +++- .github/workflows/build-test-cpp.lock.yml | 36 +++- .github/workflows/build-test-deno.lock.yml | 36 +++- .github/workflows/build-test-go.lock.yml | 38 +++- .github/workflows/build-test-java.lock.yml | 36 +++- .github/workflows/build-test-java.md | 65 +++++-- .github/workflows/build-test-node.lock.yml | 36 +++- .github/workflows/build-test-rust.lock.yml | 36 +++- .../workflows/ci-cd-gaps-assessment.lock.yml | 149 +++------------ .github/workflows/ci-doctor.lock.yml | 174 +++++------------- .../issue-duplication-detector.lock.yml | 159 ++++------------ .github/workflows/issue-monster.lock.yml | 53 ++++-- .../pelis-agent-factory-advisor.lock.yml | 155 ++++------------ .github/workflows/plan.lock.yml | 47 +++-- .github/workflows/security-guard.lock.yml | 38 +++- .github/workflows/smoke-chroot.lock.yml | 36 +++- .github/workflows/smoke-claude.lock.yml | 157 ++++------------ .github/workflows/smoke-codex.lock.yml | 146 +++++---------- .github/workflows/smoke-copilot.lock.yml | 44 +++-- .../workflows/test-coverage-improver.lock.yml | 39 +++- .../workflows/update-release-notes.lock.yml | 42 ++++- 22 files changed, 686 insertions(+), 876 deletions(-) diff --git a/.github/workflows/agentics-maintenance.yml b/.github/workflows/agentics-maintenance.yml index 82fc2c54a..12b49c1fa 100644 --- a/.github/workflows/agentics-maintenance.yml +++ b/.github/workflows/agentics-maintenance.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by pkg/workflow/maintenance_workflow.go. DO NOT EDIT. +# This file was automatically generated by pkg/workflow/maintenance_workflow.go (v0.42.17). DO NOT EDIT. # # To regenerate this workflow, run: # gh aw compile @@ -47,7 +47,7 @@ jobs: pull-requests: write steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@v0.42.11-5-g59b2d5fe5 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions diff --git a/.github/workflows/build-test-bun.lock.yml b/.github/workflows/build-test-bun.lock.yml index 5ed48e854..bcdf59f1d 100644 --- a/.github/workflows/build-test-bun.lock.yml +++ b/.github/workflows/build-test-bun.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -54,7 +54,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -93,7 +93,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -170,7 +170,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -423,7 +423,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -468,6 +468,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Build Test Bun", experimental: false, supports_tools_allowlist: true, @@ -484,7 +485,7 @@ jobs: allowed_domains: ["defaults","github","node","bun.sh"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -785,7 +786,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -855,6 +856,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Build Test Bun" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -885,7 +903,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -998,7 +1016,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/build-test-cpp.lock.yml b/.github/workflows/build-test-cpp.lock.yml index 22a6e02b2..134a4342f 100644 --- a/.github/workflows/build-test-cpp.lock.yml +++ b/.github/workflows/build-test-cpp.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -54,7 +54,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -93,7 +93,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -170,7 +170,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -423,7 +423,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -468,6 +468,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Build Test C++", experimental: false, supports_tools_allowlist: true, @@ -484,7 +485,7 @@ jobs: allowed_domains: ["defaults","github"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -785,7 +786,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -855,6 +856,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Build Test C++" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -885,7 +903,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -998,7 +1016,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/build-test-deno.lock.yml b/.github/workflows/build-test-deno.lock.yml index 62d230e8b..772ff2bd8 100644 --- a/.github/workflows/build-test-deno.lock.yml +++ b/.github/workflows/build-test-deno.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -54,7 +54,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -93,7 +93,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -170,7 +170,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -423,7 +423,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -468,6 +468,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Build Test Deno", experimental: false, supports_tools_allowlist: true, @@ -484,7 +485,7 @@ jobs: allowed_domains: ["defaults","github","node","deno.land","jsr.io","dl.deno.land"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -785,7 +786,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -855,6 +856,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Build Test Deno" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -885,7 +903,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -998,7 +1016,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/build-test-go.lock.yml b/.github/workflows/build-test-go.lock.yml index 4286d5a8c..64c298bf2 100644 --- a/.github/workflows/build-test-go.lock.yml +++ b/.github/workflows/build-test-go.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -54,7 +54,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -93,7 +93,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -105,7 +105,7 @@ jobs: with: go-version: '1.22' - name: Capture GOROOT for AWF chroot mode - run: echo "GOROOT=$(go env GOROOT)" >> $GITHUB_ENV + run: echo "GOROOT=$(go env GOROOT)" >> "$GITHUB_ENV" - name: Create gh-aw temp directory run: bash /opt/gh-aw/actions/create_gh_aw_tmp_dir.sh - name: Configure Git credentials @@ -176,7 +176,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -429,7 +429,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -474,6 +474,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Build Test Go", experimental: false, supports_tools_allowlist: true, @@ -490,7 +491,7 @@ jobs: allowed_domains: ["defaults","github","go"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -791,7 +792,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -861,6 +862,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Build Test Go" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -891,7 +909,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1004,7 +1022,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/build-test-java.lock.yml b/.github/workflows/build-test-java.lock.yml index 82a0ef1de..836c98059 100644 --- a/.github/workflows/build-test-java.lock.yml +++ b/.github/workflows/build-test-java.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -54,7 +54,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -93,7 +93,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -175,7 +175,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -428,7 +428,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -473,6 +473,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Build Test Java", experimental: false, supports_tools_allowlist: true, @@ -489,7 +490,7 @@ jobs: allowed_domains: ["defaults","github","java"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -790,7 +791,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -860,6 +861,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Build Test Java" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -890,7 +908,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1003,7 +1021,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/build-test-java.md b/.github/workflows/build-test-java.md index 82256fa42..05c8082d2 100644 --- a/.github/workflows/build-test-java.md +++ b/.github/workflows/build-test-java.md @@ -45,23 +45,55 @@ env: ## Test Requirements -Clone and test the following projects from the test repository: +### 1. Verify Java Proxy Configuration -1. **Clone Repository**: `gh repo clone Mossaka/gh-aw-firewall-test-java /tmp/test-java` - - **CRITICAL**: If clone fails, immediately call `safeoutputs-missing_tool` with message "CLONE_FAILED: Unable to clone test repository" and stop execution +Before running any tests, verify that Java proxy configuration is properly set: -2. **Test Projects**: - - `gson`: `cd /tmp/test-java/gson && mvn compile && mvn test` - - `caffeine`: `cd /tmp/test-java/caffeine && mvn compile && mvn test` +```bash +# Verify JAVA_TOOL_OPTIONS is set +echo "JAVA_TOOL_OPTIONS=$JAVA_TOOL_OPTIONS" -3. **For each project**, capture: - - Compile success/failure - - Test pass/fail count - - Any error messages +# Extract and display proxy settings +java -XshowSettings:properties -version 2>&1 | grep -E "http\.(proxyHost|proxyPort|nonProxyHosts)|https\.(proxyHost|proxyPort)" +``` + +**Expected configuration**: +- `http.proxyHost` should be set to Squid IP (e.g., `172.30.0.10`) +- `http.proxyPort` should be `3128` +- `https.proxyHost` should be set to Squid IP +- `https.proxyPort` should be `3128` +- If host access is enabled, `http.nonProxyHosts` should include `localhost|127.0.0.1|host.docker.internal` + +If proxy settings are missing or incorrect, report the issue and fail the workflow. + +### 2. Clone Repository + +`gh repo clone Mossaka/gh-aw-firewall-test-java /tmp/test-java` +- **CRITICAL**: If clone fails, immediately call `safeoutputs-missing_tool` with message "CLONE_FAILED: Unable to clone test repository" and stop execution + +### 3. Test Projects + +Run Maven compile and test for each project: +- `gson`: `cd /tmp/test-java/gson && mvn compile && mvn test` +- `caffeine`: `cd /tmp/test-java/caffeine && mvn compile && mvn test` + +### 4. Capture Results + +For each project, capture: +- Compile success/failure +- Test pass/fail count +- Any error messages ## Output -Add a comment to the current pull request with a summary table: +Add a comment to the current pull request with a summary including: + +1. **Java Proxy Configuration Status**: + - ✅ Proxy settings verified OR ❌ Proxy settings missing/incorrect + - Display the actual `JAVA_TOOL_OPTIONS` value + - List detected proxy properties (http.proxyHost, http.proxyPort, https.proxyHost, https.proxyPort, http.nonProxyHosts if present) + +2. **Build/Test Results Table**: | Project | Compile | Tests | Status | |----------|---------|-------|--------| @@ -70,15 +102,16 @@ Add a comment to the current pull request with a summary table: **Overall: PASS/FAIL** -If ALL tests pass, add the label `build-test-java` to the pull request. -If ANY test fails, report the failure with error details. +If ALL tests pass AND proxy configuration is correct, add the label `build-test-java` to the pull request. +If ANY test fails OR proxy configuration is incorrect, report the failure with error details. ## Error Handling **CRITICAL**: This workflow MUST fail visibly when errors occur: -1. **Clone failure**: If repository clone fails, call `safeoutputs-missing_tool` with "CLONE_FAILED: [error message]" -2. **Build failure**: Report in comment table with ❌ and include error output -3. **Test failure**: Report in comment table with FAIL status and include failure details +1. **Proxy configuration failure**: If Java proxy settings are missing or incorrect, report in comment with actual vs expected values +2. **Clone failure**: If repository clone fails, call `safeoutputs-missing_tool` with "CLONE_FAILED: [error message]" +3. **Build failure**: Report in comment table with ❌ and include error output +4. **Test failure**: Report in comment table with FAIL status and include failure details DO NOT report success if any step fails. The workflow should produce a clear, actionable error message. diff --git a/.github/workflows/build-test-node.lock.yml b/.github/workflows/build-test-node.lock.yml index 9d689e1f0..27f0043cf 100644 --- a/.github/workflows/build-test-node.lock.yml +++ b/.github/workflows/build-test-node.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -54,7 +54,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -93,7 +93,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -175,7 +175,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -428,7 +428,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -473,6 +473,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Build Test Node.js", experimental: false, supports_tools_allowlist: true, @@ -489,7 +490,7 @@ jobs: allowed_domains: ["defaults","github","node"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -790,7 +791,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -860,6 +861,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Build Test Node.js" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -890,7 +908,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1003,7 +1021,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/build-test-rust.lock.yml b/.github/workflows/build-test-rust.lock.yml index 69c3934e8..0f9a2c08f 100644 --- a/.github/workflows/build-test-rust.lock.yml +++ b/.github/workflows/build-test-rust.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -54,7 +54,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -93,7 +93,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -170,7 +170,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -423,7 +423,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -468,6 +468,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Build Test Rust", experimental: false, supports_tools_allowlist: true, @@ -484,7 +485,7 @@ jobs: allowed_domains: ["defaults","github","rust"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -785,7 +786,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -855,6 +856,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Build Test Rust" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -885,7 +903,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -998,7 +1016,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/ci-cd-gaps-assessment.lock.yml b/.github/workflows/ci-cd-gaps-assessment.lock.yml index 3a08cef97..79715855a 100644 --- a/.github/workflows/ci-cd-gaps-assessment.lock.yml +++ b/.github/workflows/ci-cd-gaps-assessment.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -93,7 +93,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -151,7 +151,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Install gh-aw extension env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -358,7 +358,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -415,6 +415,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "CI/CD Pipelines and Integration Tests Gap Assessment", experimental: false, supports_tools_allowlist: true, @@ -431,7 +432,7 @@ jobs: allowed_domains: ["defaults"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -520,118 +521,7 @@ jobs: PROMPT_EOF cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" - ## MCP Response Size Limits - - MCP tool responses have a **25,000 token limit**. When GitHub API responses exceed this limit, workflows must retry with pagination parameters, wasting turns and tokens. - - ### Common Scenarios - - **Problem**: Fetching large result sets without pagination - - `list_pull_requests` with many PRs (75,897 tokens in one case) - - `pull_request_read` with large diff/comments (31,675 tokens observed) - - `search_issues`, `search_code` with many results - - **Solution**: Use proactive pagination to stay under token limits - - ### Pagination Best Practices - - #### 1. Use `perPage` Parameter - - Limit results per request to prevent oversized responses: - - ```bash - # Good: Fetch PRs in small batches - list_pull_requests --perPage 10 - - # Good: Get issue with limited comments - issue_read --method get_comments --perPage 20 - - # Bad: Default pagination may return too much data - list_pull_requests # May exceed 25k tokens - ``` - - #### 2. Common `perPage` Values - - - **10-20**: For detailed items (PRs with diffs, issues with comments) - - **50-100**: For simpler list operations (commits, branches, labels) - - **1-5**: For exploratory queries or schema discovery - - #### 3. Handle Pagination Loops - - When you need all results: - - ```bash - # Step 1: Fetch first page - result=$(list_pull_requests --perPage 20 --page 1) - - # Step 2: Check if more pages exist - # Most list operations return metadata about total count or next page - - # Step 3: Fetch subsequent pages if needed - result=$(list_pull_requests --perPage 20 --page 2) - ``` - - ### Tool-Specific Guidance - - #### Pull Requests - - ```bash - # Fetch recent PRs in small batches - list_pull_requests --state all --perPage 10 --sort updated --direction desc - - # Get PR details without full diff/comments - pull_request_read --method get --pullNumber 123 - - # Get PR files separately if needed - pull_request_read --method get_files --pullNumber 123 --perPage 30 - ``` - - #### Issues - - ```bash - # List issues with pagination - list_issues --perPage 20 --page 1 - - # Get issue comments in batches - issue_read --method get_comments --issue_number 123 --perPage 20 - ``` - - #### Code Search - - ```bash - # Search with limited results - search_code --query "function language:go" --perPage 10 - ``` - - ### Error Messages to Watch For - - If you see these errors, add pagination: - - - `MCP tool "list_pull_requests" response (75897 tokens) exceeds maximum allowed tokens (25000)` - - `MCP tool "pull_request_read" response (31675 tokens) exceeds maximum allowed tokens (25000)` - - `Response too large for tool [tool_name]` - - ### Performance Tips - - 1. **Start small**: Use `perPage: 10` initially, increase if needed - 2. **Fetch incrementally**: Get overview first, then details for specific items - 3. **Avoid wildcards**: Don't fetch all data when you need specific items - 4. **Use filters**: Combine `perPage` with state/label/date filters to reduce results - - ### Example Workflow Pattern - - ```markdown - # Analyze Recent Pull Requests - - 1. Fetch 10 most recent PRs (stay under token limit) - 2. For each PR, get summary without full diff - 3. If detailed analysis needed, fetch files for specific PR separately - 4. Process results incrementally rather than loading everything at once - ``` - - This proactive approach eliminates retry loops and reduces token consumption. - - + {{#runtime-import .github/workflows/shared/mcp-pagination.md}} PROMPT_EOF cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" {{#runtime-import .github/workflows/ci-cd-gaps-assessment.md}} @@ -846,7 +736,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -915,6 +805,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "CI/CD Pipelines and Integration Tests Gap Assessment" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -946,7 +853,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1053,7 +960,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index 73d131798..16c8b6488 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -83,7 +83,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -125,7 +125,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -194,7 +194,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -484,7 +484,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -529,6 +529,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "CI Doctor", experimental: false, supports_tools_allowlist: true, @@ -545,7 +546,7 @@ jobs: allowed_domains: ["github"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -575,6 +576,10 @@ jobs: GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_CONCLUSION: ${{ github.event.workflow_run.conclusion }} + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_HEAD_SHA: ${{ github.event.workflow_run.head_sha }} + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_HTML_URL: ${{ github.event.workflow_run.html_url }} + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_ID: ${{ github.event.workflow_run.id }} GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} @@ -635,118 +640,7 @@ jobs: PROMPT_EOF cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" - ## MCP Response Size Limits - - MCP tool responses have a **25,000 token limit**. When GitHub API responses exceed this limit, workflows must retry with pagination parameters, wasting turns and tokens. - - ### Common Scenarios - - **Problem**: Fetching large result sets without pagination - - `list_pull_requests` with many PRs (75,897 tokens in one case) - - `pull_request_read` with large diff/comments (31,675 tokens observed) - - `search_issues`, `search_code` with many results - - **Solution**: Use proactive pagination to stay under token limits - - ### Pagination Best Practices - - #### 1. Use `perPage` Parameter - - Limit results per request to prevent oversized responses: - - ```bash - # Good: Fetch PRs in small batches - list_pull_requests --perPage 10 - - # Good: Get issue with limited comments - issue_read --method get_comments --perPage 20 - - # Bad: Default pagination may return too much data - list_pull_requests # May exceed 25k tokens - ``` - - #### 2. Common `perPage` Values - - - **10-20**: For detailed items (PRs with diffs, issues with comments) - - **50-100**: For simpler list operations (commits, branches, labels) - - **1-5**: For exploratory queries or schema discovery - - #### 3. Handle Pagination Loops - - When you need all results: - - ```bash - # Step 1: Fetch first page - result=$(list_pull_requests --perPage 20 --page 1) - - # Step 2: Check if more pages exist - # Most list operations return metadata about total count or next page - - # Step 3: Fetch subsequent pages if needed - result=$(list_pull_requests --perPage 20 --page 2) - ``` - - ### Tool-Specific Guidance - - #### Pull Requests - - ```bash - # Fetch recent PRs in small batches - list_pull_requests --state all --perPage 10 --sort updated --direction desc - - # Get PR details without full diff/comments - pull_request_read --method get --pullNumber 123 - - # Get PR files separately if needed - pull_request_read --method get_files --pullNumber 123 --perPage 30 - ``` - - #### Issues - - ```bash - # List issues with pagination - list_issues --perPage 20 --page 1 - - # Get issue comments in batches - issue_read --method get_comments --issue_number 123 --perPage 20 - ``` - - #### Code Search - - ```bash - # Search with limited results - search_code --query "function language:go" --perPage 10 - ``` - - ### Error Messages to Watch For - - If you see these errors, add pagination: - - - `MCP tool "list_pull_requests" response (75897 tokens) exceeds maximum allowed tokens (25000)` - - `MCP tool "pull_request_read" response (31675 tokens) exceeds maximum allowed tokens (25000)` - - `Response too large for tool [tool_name]` - - ### Performance Tips - - 1. **Start small**: Use `perPage: 10` initially, increase if needed - 2. **Fetch incrementally**: Get overview first, then details for specific items - 3. **Avoid wildcards**: Don't fetch all data when you need specific items - 4. **Use filters**: Combine `perPage` with state/label/date filters to reduce results - - ### Example Workflow Pattern - - ```markdown - # Analyze Recent Pull Requests - - 1. Fetch 10 most recent PRs (stay under token limit) - 2. For each PR, get summary without full diff - 3. If detailed analysis needed, fetch files for specific PR separately - 4. Process results incrementally rather than loading everything at once - ``` - - This proactive approach eliminates retry loops and reduces token consumption. - - + {{#runtime-import .github/workflows/shared/mcp-pagination.md}} PROMPT_EOF cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" {{#runtime-import .github/workflows/ci-doctor.md}} @@ -755,13 +649,17 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt - GH_AW_CACHE_DESCRIPTION: ${{ '' }} - GH_AW_CACHE_DIR: ${{ '/tmp/gh-aw/cache-memory/' }} + GH_AW_CACHE_DESCRIPTION: '' + GH_AW_CACHE_DIR: '/tmp/gh-aw/cache-memory/' GH_AW_GITHUB_ACTOR: ${{ github.actor }} GH_AW_GITHUB_EVENT_COMMENT_ID: ${{ github.event.comment.id }} GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_CONCLUSION: ${{ github.event.workflow_run.conclusion }} + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_HEAD_SHA: ${{ github.event.workflow_run.head_sha }} + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_HTML_URL: ${{ github.event.workflow_run.html_url }} + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_ID: ${{ github.event.workflow_run.id }} GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} @@ -780,6 +678,10 @@ jobs: GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: process.env.GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER, GH_AW_GITHUB_EVENT_ISSUE_NUMBER: process.env.GH_AW_GITHUB_EVENT_ISSUE_NUMBER, GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: process.env.GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER, + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_CONCLUSION: process.env.GH_AW_GITHUB_EVENT_WORKFLOW_RUN_CONCLUSION, + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_HEAD_SHA: process.env.GH_AW_GITHUB_EVENT_WORKFLOW_RUN_HEAD_SHA, + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_HTML_URL: process.env.GH_AW_GITHUB_EVENT_WORKFLOW_RUN_HTML_URL, + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_ID: process.env.GH_AW_GITHUB_EVENT_WORKFLOW_RUN_ID, GH_AW_GITHUB_REPOSITORY: process.env.GH_AW_GITHUB_REPOSITORY, GH_AW_GITHUB_RUN_ID: process.env.GH_AW_GITHUB_RUN_ID, GH_AW_GITHUB_WORKSPACE: process.env.GH_AW_GITHUB_WORKSPACE @@ -789,6 +691,11 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_CONCLUSION: ${{ github.event.workflow_run.conclusion }} + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_HEAD_SHA: ${{ github.event.workflow_run.head_sha }} + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_HTML_URL: ${{ github.event.workflow_run.html_url }} + GH_AW_GITHUB_EVENT_WORKFLOW_RUN_ID: ${{ github.event.workflow_run.id }} + GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} with: script: | const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); @@ -972,7 +879,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -1041,6 +948,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "CI Doctor" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -1072,7 +996,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1168,7 +1092,7 @@ jobs: activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check team membership for workflow @@ -1207,7 +1131,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1244,7 +1168,7 @@ jobs: permissions: {} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download cache-memory artifact (default) diff --git a/.github/workflows/issue-duplication-detector.lock.yml b/.github/workflows/issue-duplication-detector.lock.yml index a93a65abb..39477665b 100644 --- a/.github/workflows/issue-duplication-detector.lock.yml +++ b/.github/workflows/issue-duplication-detector.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -53,7 +53,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -91,7 +91,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -161,7 +161,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -378,7 +378,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -423,6 +423,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Issue Duplication Detector", experimental: false, supports_tools_allowlist: true, @@ -439,7 +440,7 @@ jobs: allowed_domains: ["defaults"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -529,118 +530,7 @@ jobs: PROMPT_EOF cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" - ## MCP Response Size Limits - - MCP tool responses have a **25,000 token limit**. When GitHub API responses exceed this limit, workflows must retry with pagination parameters, wasting turns and tokens. - - ### Common Scenarios - - **Problem**: Fetching large result sets without pagination - - `list_pull_requests` with many PRs (75,897 tokens in one case) - - `pull_request_read` with large diff/comments (31,675 tokens observed) - - `search_issues`, `search_code` with many results - - **Solution**: Use proactive pagination to stay under token limits - - ### Pagination Best Practices - - #### 1. Use `perPage` Parameter - - Limit results per request to prevent oversized responses: - - ```bash - # Good: Fetch PRs in small batches - list_pull_requests --perPage 10 - - # Good: Get issue with limited comments - issue_read --method get_comments --perPage 20 - - # Bad: Default pagination may return too much data - list_pull_requests # May exceed 25k tokens - ``` - - #### 2. Common `perPage` Values - - - **10-20**: For detailed items (PRs with diffs, issues with comments) - - **50-100**: For simpler list operations (commits, branches, labels) - - **1-5**: For exploratory queries or schema discovery - - #### 3. Handle Pagination Loops - - When you need all results: - - ```bash - # Step 1: Fetch first page - result=$(list_pull_requests --perPage 20 --page 1) - - # Step 2: Check if more pages exist - # Most list operations return metadata about total count or next page - - # Step 3: Fetch subsequent pages if needed - result=$(list_pull_requests --perPage 20 --page 2) - ``` - - ### Tool-Specific Guidance - - #### Pull Requests - - ```bash - # Fetch recent PRs in small batches - list_pull_requests --state all --perPage 10 --sort updated --direction desc - - # Get PR details without full diff/comments - pull_request_read --method get --pullNumber 123 - - # Get PR files separately if needed - pull_request_read --method get_files --pullNumber 123 --perPage 30 - ``` - - #### Issues - - ```bash - # List issues with pagination - list_issues --perPage 20 --page 1 - - # Get issue comments in batches - issue_read --method get_comments --issue_number 123 --perPage 20 - ``` - - #### Code Search - - ```bash - # Search with limited results - search_code --query "function language:go" --perPage 10 - ``` - - ### Error Messages to Watch For - - If you see these errors, add pagination: - - - `MCP tool "list_pull_requests" response (75897 tokens) exceeds maximum allowed tokens (25000)` - - `MCP tool "pull_request_read" response (31675 tokens) exceeds maximum allowed tokens (25000)` - - `Response too large for tool [tool_name]` - - ### Performance Tips - - 1. **Start small**: Use `perPage: 10` initially, increase if needed - 2. **Fetch incrementally**: Get overview first, then details for specific items - 3. **Avoid wildcards**: Don't fetch all data when you need specific items - 4. **Use filters**: Combine `perPage` with state/label/date filters to reduce results - - ### Example Workflow Pattern - - ```markdown - # Analyze Recent Pull Requests - - 1. Fetch 10 most recent PRs (stay under token limit) - 2. For each PR, get summary without full diff - 3. If detailed analysis needed, fetch files for specific PR separately - 4. Process results incrementally rather than loading everything at once - ``` - - This proactive approach eliminates retry loops and reduces token consumption. - - + {{#runtime-import .github/workflows/shared/mcp-pagination.md}} PROMPT_EOF cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" {{#runtime-import .github/workflows/issue-duplication-detector.md}} @@ -649,8 +539,8 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt - GH_AW_CACHE_DESCRIPTION: ${{ '' }} - GH_AW_CACHE_DIR: ${{ '/tmp/gh-aw/cache-memory/' }} + GH_AW_CACHE_DESCRIPTION: '' + GH_AW_CACHE_DIR: '/tmp/gh-aw/cache-memory/' GH_AW_GITHUB_ACTOR: ${{ github.actor }} GH_AW_GITHUB_EVENT_COMMENT_ID: ${{ github.event.comment.id }} GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} @@ -683,6 +573,8 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} + GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} with: script: | const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); @@ -866,7 +758,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -935,6 +827,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Issue Duplication Detector" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -964,7 +873,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1059,7 +968,7 @@ jobs: activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check team membership for workflow @@ -1098,7 +1007,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1135,7 +1044,7 @@ jobs: permissions: {} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download cache-memory artifact (default) diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index 9ba249ffb..f0ab1ac95 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -58,7 +58,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -100,7 +100,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -158,7 +158,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -420,7 +420,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -465,6 +465,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Issue Monster", experimental: false, supports_tools_allowlist: true, @@ -481,7 +482,7 @@ jobs: allowed_domains: ["defaults"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -514,6 +515,9 @@ jobs: GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} + GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_COUNT: ${{ needs.search_issues.outputs.issue_count }} + GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_LIST: ${{ needs.search_issues.outputs.issue_list }} + GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_NUMBERS: ${{ needs.search_issues.outputs.issue_numbers }} run: | bash /opt/gh-aw/actions/create_prompt_first.sh cat << 'PROMPT_EOF' > "$GH_AW_PROMPT" @@ -584,6 +588,9 @@ jobs: GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} + GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_COUNT: ${{ needs.search_issues.outputs.issue_count }} + GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_LIST: ${{ needs.search_issues.outputs.issue_list }} + GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_NUMBERS: ${{ needs.search_issues.outputs.issue_numbers }} with: script: | const substitutePlaceholders = require('/opt/gh-aw/actions/substitute_placeholders.cjs'); @@ -599,13 +606,20 @@ jobs: GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: process.env.GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER, GH_AW_GITHUB_REPOSITORY: process.env.GH_AW_GITHUB_REPOSITORY, GH_AW_GITHUB_RUN_ID: process.env.GH_AW_GITHUB_RUN_ID, - GH_AW_GITHUB_WORKSPACE: process.env.GH_AW_GITHUB_WORKSPACE + GH_AW_GITHUB_WORKSPACE: process.env.GH_AW_GITHUB_WORKSPACE, + GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_COUNT: process.env.GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_COUNT, + GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_LIST: process.env.GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_LIST, + GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_NUMBERS: process.env.GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_NUMBERS } }); - name: Interpolate variables and render templates uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} + GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_COUNT: ${{ needs.search_issues.outputs.issue_count }} + GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_LIST: ${{ needs.search_issues.outputs.issue_list }} + GH_AW_NEEDS_SEARCH_ISSUES_OUTPUTS_ISSUE_NUMBERS: ${{ needs.search_issues.outputs.issue_numbers }} with: script: | const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); @@ -782,7 +796,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -854,6 +868,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Issue Monster" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -884,7 +915,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -979,7 +1010,7 @@ jobs: activated: ${{ ((steps.check_membership.outputs.is_team_member == 'true') && (steps.check_skip_if_match.outputs.skip_check_ok == 'true')) && (steps.check_skip_if_no_match.outputs.skip_no_match_check_ok == 'true') }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check team membership for workflow @@ -1048,7 +1079,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/pelis-agent-factory-advisor.lock.yml b/.github/workflows/pelis-agent-factory-advisor.lock.yml index e00e261ad..077d5ff9f 100644 --- a/.github/workflows/pelis-agent-factory-advisor.lock.yml +++ b/.github/workflows/pelis-agent-factory-advisor.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -94,7 +94,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -163,7 +163,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Install gh-aw extension env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -370,7 +370,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -427,6 +427,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Pelis Agent Factory Advisor", experimental: false, supports_tools_allowlist: true, @@ -443,7 +444,7 @@ jobs: allowed_domains: ["github","github.github.io"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -533,118 +534,7 @@ jobs: PROMPT_EOF cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" - ## MCP Response Size Limits - - MCP tool responses have a **25,000 token limit**. When GitHub API responses exceed this limit, workflows must retry with pagination parameters, wasting turns and tokens. - - ### Common Scenarios - - **Problem**: Fetching large result sets without pagination - - `list_pull_requests` with many PRs (75,897 tokens in one case) - - `pull_request_read` with large diff/comments (31,675 tokens observed) - - `search_issues`, `search_code` with many results - - **Solution**: Use proactive pagination to stay under token limits - - ### Pagination Best Practices - - #### 1. Use `perPage` Parameter - - Limit results per request to prevent oversized responses: - - ```bash - # Good: Fetch PRs in small batches - list_pull_requests --perPage 10 - - # Good: Get issue with limited comments - issue_read --method get_comments --perPage 20 - - # Bad: Default pagination may return too much data - list_pull_requests # May exceed 25k tokens - ``` - - #### 2. Common `perPage` Values - - - **10-20**: For detailed items (PRs with diffs, issues with comments) - - **50-100**: For simpler list operations (commits, branches, labels) - - **1-5**: For exploratory queries or schema discovery - - #### 3. Handle Pagination Loops - - When you need all results: - - ```bash - # Step 1: Fetch first page - result=$(list_pull_requests --perPage 20 --page 1) - - # Step 2: Check if more pages exist - # Most list operations return metadata about total count or next page - - # Step 3: Fetch subsequent pages if needed - result=$(list_pull_requests --perPage 20 --page 2) - ``` - - ### Tool-Specific Guidance - - #### Pull Requests - - ```bash - # Fetch recent PRs in small batches - list_pull_requests --state all --perPage 10 --sort updated --direction desc - - # Get PR details without full diff/comments - pull_request_read --method get --pullNumber 123 - - # Get PR files separately if needed - pull_request_read --method get_files --pullNumber 123 --perPage 30 - ``` - - #### Issues - - ```bash - # List issues with pagination - list_issues --perPage 20 --page 1 - - # Get issue comments in batches - issue_read --method get_comments --issue_number 123 --perPage 20 - ``` - - #### Code Search - - ```bash - # Search with limited results - search_code --query "function language:go" --perPage 10 - ``` - - ### Error Messages to Watch For - - If you see these errors, add pagination: - - - `MCP tool "list_pull_requests" response (75897 tokens) exceeds maximum allowed tokens (25000)` - - `MCP tool "pull_request_read" response (31675 tokens) exceeds maximum allowed tokens (25000)` - - `Response too large for tool [tool_name]` - - ### Performance Tips - - 1. **Start small**: Use `perPage: 10` initially, increase if needed - 2. **Fetch incrementally**: Get overview first, then details for specific items - 3. **Avoid wildcards**: Don't fetch all data when you need specific items - 4. **Use filters**: Combine `perPage` with state/label/date filters to reduce results - - ### Example Workflow Pattern - - ```markdown - # Analyze Recent Pull Requests - - 1. Fetch 10 most recent PRs (stay under token limit) - 2. For each PR, get summary without full diff - 3. If detailed analysis needed, fetch files for specific PR separately - 4. Process results incrementally rather than loading everything at once - ``` - - This proactive approach eliminates retry loops and reduces token consumption. - - + {{#runtime-import .github/workflows/shared/mcp-pagination.md}} PROMPT_EOF cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" {{#runtime-import .github/workflows/pelis-agent-factory-advisor.md}} @@ -653,8 +543,8 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt - GH_AW_CACHE_DESCRIPTION: ${{ '' }} - GH_AW_CACHE_DIR: ${{ '/tmp/gh-aw/cache-memory/' }} + GH_AW_CACHE_DESCRIPTION: '' + GH_AW_CACHE_DIR: '/tmp/gh-aw/cache-memory/' GH_AW_GITHUB_ACTOR: ${{ github.actor }} GH_AW_GITHUB_EVENT_COMMENT_ID: ${{ github.event.comment.id }} GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} @@ -870,7 +760,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -939,6 +829,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Pelis Agent Factory Advisor" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -970,7 +877,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1077,7 +984,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1114,7 +1021,7 @@ jobs: permissions: {} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download cache-memory artifact (default) diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index 0cd8715c4..a5a289ded 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -61,7 +61,7 @@ jobs: text: ${{ steps.compute-text.outputs.text }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -122,7 +122,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -180,7 +180,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -492,7 +492,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -537,6 +537,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Plan Command", experimental: false, supports_tools_allowlist: true, @@ -553,7 +554,7 @@ jobs: allowed_domains: ["defaults"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -586,6 +587,7 @@ jobs: GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} + GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT: ${{ needs.activation.outputs.text }} run: | bash /opt/gh-aw/actions/create_prompt_first.sh cat << 'PROMPT_EOF' > "$GH_AW_PROMPT" @@ -656,6 +658,7 @@ jobs: GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} + GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT: ${{ needs.activation.outputs.text }} with: script: | const substitutePlaceholders = require('/opt/gh-aw/actions/substitute_placeholders.cjs'); @@ -671,13 +674,18 @@ jobs: GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: process.env.GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER, GH_AW_GITHUB_REPOSITORY: process.env.GH_AW_GITHUB_REPOSITORY, GH_AW_GITHUB_RUN_ID: process.env.GH_AW_GITHUB_RUN_ID, - GH_AW_GITHUB_WORKSPACE: process.env.GH_AW_GITHUB_WORKSPACE + GH_AW_GITHUB_WORKSPACE: process.env.GH_AW_GITHUB_WORKSPACE, + GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT: process.env.GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT } }); - name: Interpolate variables and render templates uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} + GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} + GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} + GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT: ${{ needs.activation.outputs.text }} with: script: | const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); @@ -855,7 +863,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -924,6 +932,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Plan Command" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -953,7 +978,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1056,7 +1081,7 @@ jobs: matched_command: ${{ steps.check_command_position.outputs.matched_command }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Add eyes reaction for immediate feedback @@ -1118,7 +1143,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/security-guard.lock.yml b/.github/workflows/security-guard.lock.yml index 909b0d41b..50bfa98d2 100644 --- a/.github/workflows/security-guard.lock.yml +++ b/.github/workflows/security-guard.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -51,7 +51,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -90,7 +90,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -154,7 +154,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -371,7 +371,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="claude" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh { @@ -414,6 +414,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_CLAUDE || "", version: "", agent_version: "2.1.34", + cli_version: "v0.42.17", workflow_name: "Security Guard", experimental: false, supports_tools_allowlist: true, @@ -430,7 +431,7 @@ jobs: allowed_domains: ["defaults"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -555,6 +556,8 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} + GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} with: script: | const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); @@ -776,7 +779,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -845,6 +848,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Security Guard" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -874,7 +894,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1001,7 +1021,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/smoke-chroot.lock.yml b/.github/workflows/smoke-chroot.lock.yml index aeab471f4..8e87b5d03 100644 --- a/.github/workflows/smoke-chroot.lock.yml +++ b/.github/workflows/smoke-chroot.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -60,7 +60,7 @@ jobs: comment_url: ${{ steps.add-comment.outputs.comment-url }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -112,7 +112,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -234,7 +234,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -487,7 +487,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -532,6 +532,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Smoke Chroot", experimental: false, supports_tools_allowlist: true, @@ -548,7 +549,7 @@ jobs: allowed_domains: ["defaults","github"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -849,7 +850,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -919,6 +920,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Smoke Chroot" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -949,7 +967,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1062,7 +1080,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 39c646b72..cf5798abf 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -61,7 +61,7 @@ jobs: comment_url: ${{ steps.add-comment.outputs.comment-url }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -113,7 +113,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -207,7 +207,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 mcr.microsoft.com/playwright/mcp node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 mcr.microsoft.com/playwright/mcp node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -460,7 +460,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="claude" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh { @@ -520,6 +520,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_CLAUDE || "", version: "", agent_version: "2.1.34", + cli_version: "v0.42.17", workflow_name: "Smoke Claude", experimental: false, supports_tools_allowlist: true, @@ -536,7 +537,7 @@ jobs: allowed_domains: ["defaults","github","playwright"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -627,118 +628,7 @@ jobs: PROMPT_EOF cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" - ## MCP Response Size Limits - - MCP tool responses have a **25,000 token limit**. When GitHub API responses exceed this limit, workflows must retry with pagination parameters, wasting turns and tokens. - - ### Common Scenarios - - **Problem**: Fetching large result sets without pagination - - `list_pull_requests` with many PRs (75,897 tokens in one case) - - `pull_request_read` with large diff/comments (31,675 tokens observed) - - `search_issues`, `search_code` with many results - - **Solution**: Use proactive pagination to stay under token limits - - ### Pagination Best Practices - - #### 1. Use `perPage` Parameter - - Limit results per request to prevent oversized responses: - - ```bash - # Good: Fetch PRs in small batches - list_pull_requests --perPage 10 - - # Good: Get issue with limited comments - issue_read --method get_comments --perPage 20 - - # Bad: Default pagination may return too much data - list_pull_requests # May exceed 25k tokens - ``` - - #### 2. Common `perPage` Values - - - **10-20**: For detailed items (PRs with diffs, issues with comments) - - **50-100**: For simpler list operations (commits, branches, labels) - - **1-5**: For exploratory queries or schema discovery - - #### 3. Handle Pagination Loops - - When you need all results: - - ```bash - # Step 1: Fetch first page - result=$(list_pull_requests --perPage 20 --page 1) - - # Step 2: Check if more pages exist - # Most list operations return metadata about total count or next page - - # Step 3: Fetch subsequent pages if needed - result=$(list_pull_requests --perPage 20 --page 2) - ``` - - ### Tool-Specific Guidance - - #### Pull Requests - - ```bash - # Fetch recent PRs in small batches - list_pull_requests --state all --perPage 10 --sort updated --direction desc - - # Get PR details without full diff/comments - pull_request_read --method get --pullNumber 123 - - # Get PR files separately if needed - pull_request_read --method get_files --pullNumber 123 --perPage 30 - ``` - - #### Issues - - ```bash - # List issues with pagination - list_issues --perPage 20 --page 1 - - # Get issue comments in batches - issue_read --method get_comments --issue_number 123 --perPage 20 - ``` - - #### Code Search - - ```bash - # Search with limited results - search_code --query "function language:go" --perPage 10 - ``` - - ### Error Messages to Watch For - - If you see these errors, add pagination: - - - `MCP tool "list_pull_requests" response (75897 tokens) exceeds maximum allowed tokens (25000)` - - `MCP tool "pull_request_read" response (31675 tokens) exceeds maximum allowed tokens (25000)` - - `Response too large for tool [tool_name]` - - ### Performance Tips - - 1. **Start small**: Use `perPage: 10` initially, increase if needed - 2. **Fetch incrementally**: Get overview first, then details for specific items - 3. **Avoid wildcards**: Don't fetch all data when you need specific items - 4. **Use filters**: Combine `perPage` with state/label/date filters to reduce results - - ### Example Workflow Pattern - - ```markdown - # Analyze Recent Pull Requests - - 1. Fetch 10 most recent PRs (stay under token limit) - 2. For each PR, get summary without full diff - 3. If detailed analysis needed, fetch files for specific PR separately - 4. Process results incrementally rather than loading everything at once - ``` - - This proactive approach eliminates retry loops and reduces token consumption. - - + {{#runtime-import .github/workflows/shared/mcp-pagination.md}} PROMPT_EOF cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" {{#runtime-import .github/workflows/smoke-claude.md}} @@ -747,8 +637,8 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt - GH_AW_CACHE_DESCRIPTION: ${{ '' }} - GH_AW_CACHE_DIR: ${{ '/tmp/gh-aw/cache-memory/' }} + GH_AW_CACHE_DESCRIPTION: '' + GH_AW_CACHE_DIR: '/tmp/gh-aw/cache-memory/' GH_AW_GITHUB_ACTOR: ${{ github.actor }} GH_AW_GITHUB_EVENT_COMMENT_ID: ${{ github.event.comment.id }} GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} @@ -781,6 +671,8 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} + GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} with: script: | const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); @@ -1035,7 +927,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -1105,6 +997,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Smoke Claude" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -1135,7 +1044,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1264,7 +1173,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1301,7 +1210,7 @@ jobs: permissions: {} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download cache-memory artifact (default) diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index df3442382..e73586937 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -67,7 +67,7 @@ jobs: comment_url: ${{ steps.add-comment.outputs.comment-url }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -120,7 +120,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -214,7 +214,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 mcr.microsoft.com/playwright/mcp node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 mcr.microsoft.com/playwright/mcp node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -1092,7 +1092,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="codex" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_INPUTS_PORT -e GH_AW_SAFE_INPUTS_API_KEY -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -e GH_AW_GH_TOKEN -e GH_DEBUG -e GH_TOKEN -e TAVILY_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_INPUTS_PORT -e GH_AW_SAFE_INPUTS_API_KEY -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -e GH_AW_GH_TOKEN -e GH_DEBUG -e GH_TOKEN -e TAVILY_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' cat > /tmp/gh-aw/mcp-config/config.toml << EOF [history] @@ -1217,6 +1217,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", agent_version: "0.98.0", + cli_version: "v0.42.17", workflow_name: "Smoke Codex", experimental: false, supports_tools_allowlist: true, @@ -1233,7 +1234,7 @@ jobs: allowed_domains: ["defaults","github","playwright"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -1324,96 +1325,16 @@ jobs: PROMPT_EOF cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" - **IMPORTANT**: Always use the `safeinputs-gh` tool for GitHub CLI commands instead of running `gh` directly via bash. The `safeinputs-gh` tool has proper authentication configured with `GITHUB_TOKEN`, while bash commands do not have GitHub CLI authentication by default. - - **Correct**: - ``` - Use the safeinputs-gh tool with args: "pr list --limit 5" - Use the safeinputs-gh tool with args: "issue view 123" - ``` - - **Incorrect**: - ``` - Use the gh safe-input tool with args: "pr list --limit 5" ❌ (Wrong tool name - use safeinputs-gh) - Run: gh pr list --limit 5 ❌ (No authentication in bash) - Execute bash: gh issue view 123 ❌ (No authentication in bash) - ``` - - - - ## Report Structure Guidelines - - ### 1. Header Levels - **Use h3 (###) or lower for all headers in your issue report to maintain proper document hierarchy.** - - When creating GitHub issues or discussions: - - Use `###` (h3) for main sections (e.g., "### Test Summary") - - Use `####` (h4) for subsections (e.g., "#### Device-Specific Results") - - Never use `##` (h2) or `#` (h1) in reports - these are reserved for titles - - ### 2. Progressive Disclosure - **Wrap detailed test results in `
Section Name` tags to improve readability and reduce scrolling.** - - Use collapsible sections for: - - Verbose details (full test logs, raw data) - - Secondary information (minor warnings, extra context) - - Per-item breakdowns when there are many items - - Always keep critical information visible (summary, critical issues, key metrics). - - ### 3. Report Structure Pattern - - 1. **Overview**: 1-2 paragraphs summarizing key findings - 2. **Critical Information**: Show immediately (summary stats, critical issues) - 3. **Details**: Use `
Section Name` for expanded content - 4. **Context**: Add helpful metadata (workflow run, date, trigger) - - ### Design Principles (Airbnb-Inspired) - - Reports should: - - **Build trust through clarity**: Most important info immediately visible - - **Exceed expectations**: Add helpful context like trends, comparisons - - **Create delight**: Use progressive disclosure to reduce overwhelm - - **Maintain consistency**: Follow patterns across all reports - - ### Example Report Structure - - ```markdown - ### Summary - - Key metric 1: value - - Key metric 2: value - - Status: ✅/⚠️/❌ - - ### Critical Issues - [Always visible - these are important] - -
- View Detailed Results - - [Comprehensive details, logs, traces] - -
- -
- View All Warnings - - [Minor issues and potential problems] - -
- - ### Recommendations - [Actionable next steps - keep visible] - ``` - - ## Workflow Run References - - - Format run IDs as links: `[§12345](https://github.com/owner/repo/actions/runs/12345)` - - Include up to 3 most relevant run URLs at end under `**References:**` - - Do NOT add footer attribution (system adds automatically) - - - - + {{#runtime-import .github/workflows/shared/gh.md}} + PROMPT_EOF + cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" + {{#runtime-import .github/workflows/shared/mcp/tavily.md}} + PROMPT_EOF + cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" + {{#runtime-import .github/workflows/shared/reporting.md}} + PROMPT_EOF + cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" + {{#runtime-import .github/workflows/shared/github-queries-safe-input.md}} PROMPT_EOF cat << 'PROMPT_EOF' >> "$GH_AW_PROMPT" {{#runtime-import .github/workflows/smoke-codex.md}} @@ -1422,8 +1343,8 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt - GH_AW_CACHE_DESCRIPTION: ${{ '' }} - GH_AW_CACHE_DIR: ${{ '/tmp/gh-aw/cache-memory/' }} + GH_AW_CACHE_DESCRIPTION: '' + GH_AW_CACHE_DIR: '/tmp/gh-aw/cache-memory/' GH_AW_GITHUB_ACTOR: ${{ github.actor }} GH_AW_GITHUB_EVENT_COMMENT_ID: ${{ github.event.comment.id }} GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} @@ -1456,6 +1377,8 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} + GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} with: script: | const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); @@ -1631,7 +1554,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -1701,6 +1624,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Smoke Codex" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -1731,7 +1671,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1825,7 +1765,7 @@ jobs: activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Add hooray reaction for immediate feedback @@ -1878,7 +1818,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1915,7 +1855,7 @@ jobs: permissions: {} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download cache-memory artifact (default) diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 446bfb533..52d021940 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -57,7 +57,7 @@ jobs: comment_url: ${{ steps.add-comment.outputs.comment-url }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -110,7 +110,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -198,7 +198,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 mcr.microsoft.com/playwright/mcp node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh alpine:latest ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 mcr.microsoft.com/playwright/mcp node:lts-alpine - name: Install gh-aw extension env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -476,7 +476,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -540,6 +540,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Smoke Copilot", experimental: false, supports_tools_allowlist: true, @@ -556,7 +557,7 @@ jobs: allowed_domains: ["defaults","node","github","playwright"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -653,8 +654,8 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt - GH_AW_CACHE_DESCRIPTION: ${{ '' }} - GH_AW_CACHE_DIR: ${{ '/tmp/gh-aw/cache-memory/' }} + GH_AW_CACHE_DESCRIPTION: '' + GH_AW_CACHE_DIR: '/tmp/gh-aw/cache-memory/' GH_AW_GITHUB_ACTOR: ${{ github.actor }} GH_AW_GITHUB_EVENT_COMMENT_ID: ${{ github.event.comment.id }} GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} @@ -687,6 +688,8 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} + GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} with: script: | const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); @@ -870,7 +873,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -940,6 +943,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Smoke Copilot" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -970,7 +990,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1083,7 +1103,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1120,7 +1140,7 @@ jobs: permissions: {} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download cache-memory artifact (default) diff --git a/.github/workflows/test-coverage-improver.lock.yml b/.github/workflows/test-coverage-improver.lock.yml index f6451854c..b108193c1 100644 --- a/.github/workflows/test-coverage-improver.lock.yml +++ b/.github/workflows/test-coverage-improver.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -54,7 +54,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -96,7 +96,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -154,7 +154,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -433,7 +433,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -478,6 +478,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Weekly Test Coverage Improver", experimental: false, supports_tools_allowlist: true, @@ -494,7 +495,7 @@ jobs: allowed_domains: ["github"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -619,6 +620,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} with: script: | const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); @@ -825,7 +827,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -894,6 +896,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Weekly Test Coverage Improver" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Handle Create Pull Request Error id: handle_create_pr_error uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -939,7 +958,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -1034,7 +1053,7 @@ jobs: activated: ${{ (steps.check_membership.outputs.is_team_member == 'true') && (steps.check_skip_if_match.outputs.skip_check_ok == 'true') }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check team membership for workflow @@ -1087,7 +1106,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/update-release-notes.lock.yml b/.github/workflows/update-release-notes.lock.yml index 6a62644dc..a7af1abe9 100644 --- a/.github/workflows/update-release-notes.lock.yml +++ b/.github/workflows/update-release-notes.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw. DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.42.17). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -49,7 +49,7 @@ jobs: comment_repo: "" steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check workflow file timestamps @@ -90,7 +90,7 @@ jobs: secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Checkout .github and .agents folders @@ -148,7 +148,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.103 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.13.12 ghcr.io/github/gh-aw-firewall/squid:0.13.12 ghcr.io/github/gh-aw-mcpg:v0.0.113 ghcr.io/github/github-mcp-server:v0.30.3 node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -387,7 +387,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.103' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.113' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -432,6 +432,7 @@ jobs: model: process.env.GH_AW_MODEL_AGENT_COPILOT || "", version: "", agent_version: "0.0.405", + cli_version: "v0.42.17", workflow_name: "Update Release Notes", experimental: false, supports_tools_allowlist: true, @@ -448,7 +449,7 @@ jobs: allowed_domains: ["defaults"], firewall_enabled: true, awf_version: "v0.13.12", - awmg_version: "v0.0.103", + awmg_version: "v0.0.113", steps: { firewall: "squid" }, @@ -478,6 +479,7 @@ jobs: GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} + GH_AW_GITHUB_EVENT_RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} @@ -548,6 +550,7 @@ jobs: GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: ${{ github.event.discussion.number }} GH_AW_GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} + GH_AW_GITHUB_EVENT_RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} @@ -564,6 +567,7 @@ jobs: GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER: process.env.GH_AW_GITHUB_EVENT_DISCUSSION_NUMBER, GH_AW_GITHUB_EVENT_ISSUE_NUMBER: process.env.GH_AW_GITHUB_EVENT_ISSUE_NUMBER, GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER: process.env.GH_AW_GITHUB_EVENT_PULL_REQUEST_NUMBER, + GH_AW_GITHUB_EVENT_RELEASE_TAG_NAME: process.env.GH_AW_GITHUB_EVENT_RELEASE_TAG_NAME, GH_AW_GITHUB_REPOSITORY: process.env.GH_AW_GITHUB_REPOSITORY, GH_AW_GITHUB_RUN_ID: process.env.GH_AW_GITHUB_RUN_ID, GH_AW_GITHUB_WORKSPACE: process.env.GH_AW_GITHUB_WORKSPACE @@ -573,6 +577,7 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + GH_AW_GITHUB_EVENT_RELEASE_TAG_NAME: ${{ github.event.release.tag_name }} with: script: | const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); @@ -768,7 +773,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Debug job inputs @@ -837,6 +842,23 @@ jobs: setupGlobals(core, github, context, exec, io); const { main } = require('/opt/gh-aw/actions/handle_agent_failure.cjs'); await main(); + - name: Handle No-Op Message + id: handle_noop_message + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + GH_AW_AGENT_OUTPUT: ${{ env.GH_AW_AGENT_OUTPUT }} + GH_AW_WORKFLOW_NAME: "Update Release Notes" + GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} + GH_AW_NOOP_MESSAGE: ${{ steps.noop.outputs.noop_message }} + GH_AW_NOOP_REPORT_AS_ISSUE: "true" + with: + github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} + script: | + const { setupGlobals } = require('/opt/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('/opt/gh-aw/actions/handle_noop_message.cjs'); + await main(); - name: Update reaction comment with completion status id: conclusion uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 @@ -868,7 +890,7 @@ jobs: success: ${{ steps.parse_results.outputs.success }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent artifacts @@ -963,7 +985,7 @@ jobs: activated: ${{ steps.check_membership.outputs.is_team_member == 'true' }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Check team membership for workflow @@ -999,7 +1021,7 @@ jobs: process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@e820ba3d2aacc3903329db6b310aeaa86202844e # v0.42.11 + uses: github/gh-aw/actions/setup@v0.42.17 with: destination: /opt/gh-aw/actions - name: Download agent output artifact From 2c4ac894f0accf31e4e9af3398cc116e0358893b Mon Sep 17 00:00:00 2001 From: "Jiaxiao (mossaka) Zhou" Date: Tue, 10 Feb 2026 06:41:47 +0000 Subject: [PATCH 6/7] fix: add Maven settings.xml proxy and fix nonProxyHosts Maven's HTTP transport does not read Java system properties for proxy configuration, causing "Unsupported or unrecognized SSL message" errors when Maven tries to download dependencies through AWF's Squid proxy. - Generate Maven settings.xml with HTTP/HTTPS proxy config and mount it at ~/.m2/settings.xml in the agent container (both chroot and non-chroot modes) - Remove embedded double quotes from JAVA_TOOL_OPTIONS nonProxyHosts value (JVM treats them as literal characters, breaking host matching) Co-Authored-By: Claude Opus 4.6 (1M context) --- src/docker-manager.test.ts | 65 +++++++++++++++++++++++++++++++++++++- src/docker-manager.ts | 54 ++++++++++++++++++++++++++++++- 2 files changed, 117 insertions(+), 2 deletions(-) diff --git a/src/docker-manager.test.ts b/src/docker-manager.test.ts index 088ede069..61f70af6d 100644 --- a/src/docker-manager.test.ts +++ b/src/docker-manager.test.ts @@ -1,4 +1,4 @@ -import { generateDockerCompose, subnetsOverlap, writeConfigs, startContainers, stopContainers, cleanup, runAgentCommand, validateIdNotInSystemRange, getSafeHostUid, getSafeHostGid, getRealUserHome, MIN_REGULAR_UID, ACT_PRESET_BASE_IMAGE } from './docker-manager'; +import { generateDockerCompose, generateMavenSettings, subnetsOverlap, writeConfigs, startContainers, stopContainers, cleanup, runAgentCommand, validateIdNotInSystemRange, getSafeHostUid, getSafeHostGid, getRealUserHome, MIN_REGULAR_UID, ACT_PRESET_BASE_IMAGE } from './docker-manager'; import { WrapperConfig } from './types'; import * as fs from 'fs'; import * as path from 'path'; @@ -509,6 +509,41 @@ describe('docker-manager', () => { expect(env.JAVA_TOOL_OPTIONS).toContain('host.docker.internal'); }); + it('should not include quotes in JAVA_TOOL_OPTIONS nonProxyHosts value', () => { + const configWithHostAccess = { ...mockConfig, enableHostAccess: true }; + const result = generateDockerCompose(configWithHostAccess, mockNetworkConfig); + const agent = result.services.agent; + const env = agent.environment as Record; + + // Verify no embedded quotes in nonProxyHosts value + // JAVA_TOOL_OPTIONS parsing treats quotes as literal characters, not grouping + expect(env.JAVA_TOOL_OPTIONS).not.toContain('"localhost'); + expect(env.JAVA_TOOL_OPTIONS).not.toContain('internal"'); + expect(env.JAVA_TOOL_OPTIONS).toContain('-Dhttp.nonProxyHosts=localhost|'); + }); + + it('should mount Maven settings.xml for proxy configuration', () => { + const result = generateDockerCompose(mockConfig, mockNetworkConfig); + const agent = result.services.agent; + const volumes = agent.volumes as string[]; + + const mavenMount = volumes.find((v: string) => v.includes('maven-settings.xml')); + expect(mavenMount).toBeDefined(); + expect(mavenMount).toContain('.m2/settings.xml:ro'); + }); + + it('should mount Maven settings.xml under /host in chroot mode', () => { + const chrootConfig = { ...mockConfig, enableChroot: true }; + const result = generateDockerCompose(chrootConfig, mockNetworkConfig); + const agent = result.services.agent; + const volumes = agent.volumes as string[]; + + const mavenMount = volumes.find((v: string) => v.includes('maven-settings.xml')); + expect(mavenMount).toBeDefined(); + expect(mavenMount).toContain('/host'); + expect(mavenMount).toContain('.m2/settings.xml:ro'); + }); + it('should mount required volumes in agent container (default behavior)', () => { const result = generateDockerCompose(mockConfig, mockNetworkConfig); const agent = result.services.agent; @@ -1836,4 +1871,32 @@ describe('docker-manager', () => { await expect(cleanup(nonExistentDir, false)).resolves.not.toThrow(); }); }); + + describe('generateMavenSettings', () => { + it('should generate valid Maven settings.xml with proxy configuration', () => { + const result = generateMavenSettings('172.30.0.10', 3128); + + expect(result).toContain(''); + expect(result).toContain('http'); + expect(result).toContain('https'); + expect(result).toContain('172.30.0.10'); + expect(result).toContain('3128'); + // Should not include nonProxyHosts when not provided + expect(result).not.toContain(''); + }); + + it('should include nonProxyHosts when provided', () => { + const result = generateMavenSettings('172.30.0.10', 3128, 'localhost|127.0.0.1|host.docker.internal'); + + expect(result).toContain('localhost|127.0.0.1|host.docker.internal'); + }); + + it('should have both HTTP and HTTPS proxy entries', () => { + const result = generateMavenSettings('172.30.0.10', 3128); + + expect(result).toContain('awf-http'); + expect(result).toContain('awf-https'); + }); + }); }); diff --git a/src/docker-manager.ts b/src/docker-manager.ts index e4ff67f92..6dc954580 100644 --- a/src/docker-manager.ts +++ b/src/docker-manager.ts @@ -10,6 +10,40 @@ import { generateSessionCa, initSslDb, CaFiles, parseUrlPatterns } from './ssl-b const SQUID_PORT = 3128; +/** + * Generates a Maven settings.xml with proxy configuration. + * Maven's HTTP transport does not read Java system properties (JAVA_TOOL_OPTIONS) for proxy, + * so we must provide proxy config via settings.xml for Maven/Gradle builds to work. + */ +export function generateMavenSettings(proxyHost: string, proxyPort: number, nonProxyHosts?: string): string { + const nonProxyHostsXml = nonProxyHosts + ? `\n ${nonProxyHosts}` + : ''; + return ` + + + + + awf-http + true + http + ${proxyHost} + ${proxyPort}${nonProxyHostsXml} + + + awf-https + true + https + ${proxyHost} + ${proxyPort}${nonProxyHostsXml} + + + +`; +} + /** * Base image for the 'act' preset when building locally. * Uses catthehacker's GitHub Actions parity image. @@ -352,7 +386,8 @@ export function generateDockerCompose( // for localhost connections that may use the IP address directly const javaNoProxy = `localhost|127.0.0.1|host.docker.internal`; // Append Java-specific NO_PROXY settings to JAVA_TOOL_OPTIONS (which is guaranteed to exist) - environment.JAVA_TOOL_OPTIONS = `${environment.JAVA_TOOL_OPTIONS} -Dhttp.nonProxyHosts="${javaNoProxy}"`; + // Note: no quotes around the value — JAVA_TOOL_OPTIONS parsing treats embedded quotes as literals + environment.JAVA_TOOL_OPTIONS = `${environment.JAVA_TOOL_OPTIONS} -Dhttp.nonProxyHosts=${javaNoProxy}`; } // For chroot mode, pass the host's actual PATH and tool directories so the entrypoint can use them @@ -554,6 +589,14 @@ export function generateDockerCompose( environment.AWF_SSL_BUMP_ENABLED = 'true'; } + // Mount Maven settings.xml with proxy configuration + // Maven's HTTP transport ignores Java system properties for proxy, requiring settings.xml + if (config.enableChroot) { + agentVolumes.push(`${config.workDir}/maven-settings.xml:/host${effectiveHome}/.m2/settings.xml:ro`); + } else { + agentVolumes.push(`${config.workDir}/maven-settings.xml:${effectiveHome}/.m2/settings.xml:ro`); + } + // Add custom volume mounts if specified if (config.volumeMounts && config.volumeMounts.length > 0) { logger.debug(`Adding ${config.volumeMounts.length} custom volume mount(s)`); @@ -794,6 +837,15 @@ export async function writeConfigs(config: WrapperConfig): Promise { fs.writeFileSync(squidConfigPath, squidConfig); logger.debug(`Squid config written to: ${squidConfigPath}`); + // Write Maven settings.xml with proxy configuration + // Maven's HTTP transport ignores JAVA_TOOL_OPTIONS/-D proxy properties, + // requiring explicit proxy config in settings.xml + const nonProxyHosts = config.enableHostAccess ? 'localhost|127.0.0.1|host.docker.internal' : undefined; + const mavenSettings = generateMavenSettings(networkConfig.squidIp, SQUID_PORT, nonProxyHosts); + const mavenSettingsPath = path.join(config.workDir, 'maven-settings.xml'); + fs.writeFileSync(mavenSettingsPath, mavenSettings); + logger.debug(`Maven settings.xml written to: ${mavenSettingsPath}`); + // Write Docker Compose config const dockerCompose = generateDockerCompose(config, networkConfig, sslConfig); const dockerComposePath = path.join(config.workDir, 'docker-compose.yml'); From 775387f2933eb48e183320bc9ef8dcea7fb60793 Mon Sep 17 00:00:00 2001 From: "Jiaxiao (mossaka) Zhou" Date: Tue, 10 Feb 2026 19:29:44 +0000 Subject: [PATCH 7/7] fix: move Maven proxy config from docker-manager to workflow instruction Instead of adding JAVA_TOOL_OPTIONS and Maven settings.xml generation to docker-manager.ts, instruct the agent to create ~/.m2/settings.xml with proxy settings before running Maven commands. This is simpler and doesn't require changes to the AWF core. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/build-test-java.lock.yml | 33 ++------ .github/workflows/build-test-java.md | 90 +++++++++------------- src/docker-manager.test.ts | 89 +-------------------- src/docker-manager.ts | 68 +--------------- 4 files changed, 49 insertions(+), 231 deletions(-) diff --git a/.github/workflows/build-test-java.lock.yml b/.github/workflows/build-test-java.lock.yml index 20e2ce0ff..a32d78aa6 100644 --- a/.github/workflows/build-test-java.lock.yml +++ b/.github/workflows/build-test-java.lock.yml @@ -99,6 +99,10 @@ jobs: - name: Checkout .github and .agents folders uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: + sparse-checkout: | + .github + .agents + depth: 1 persist-credentials: false - name: Setup Java uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 @@ -139,31 +143,8 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh 0.0.405 - - name: Install awf dependencies - run: npm ci - - name: Build awf - run: npm run build - - name: Install awf binary (local) - run: | - WORKSPACE_PATH="${GITHUB_WORKSPACE:-$(pwd)}" - NODE_BIN="$(command -v node)" - if [ ! -d "$WORKSPACE_PATH" ]; then - echo "Workspace path not found: $WORKSPACE_PATH" - exit 1 - fi - if [ ! -x "$NODE_BIN" ]; then - echo "Node binary not found: $NODE_BIN" - exit 1 - fi - if [ ! -d "/usr/local/bin" ]; then - echo "/usr/local/bin is missing" - exit 1 - fi - sudo tee /usr/local/bin/awf > /dev/null <&1 | tee /tmp/gh-aw/agent-stdio.log env: diff --git a/.github/workflows/build-test-java.md b/.github/workflows/build-test-java.md index 05c8082d2..268ded301 100644 --- a/.github/workflows/build-test-java.md +++ b/.github/workflows/build-test-java.md @@ -45,55 +45,42 @@ env: ## Test Requirements -### 1. Verify Java Proxy Configuration - -Before running any tests, verify that Java proxy configuration is properly set: - -```bash -# Verify JAVA_TOOL_OPTIONS is set -echo "JAVA_TOOL_OPTIONS=$JAVA_TOOL_OPTIONS" - -# Extract and display proxy settings -java -XshowSettings:properties -version 2>&1 | grep -E "http\.(proxyHost|proxyPort|nonProxyHosts)|https\.(proxyHost|proxyPort)" -``` - -**Expected configuration**: -- `http.proxyHost` should be set to Squid IP (e.g., `172.30.0.10`) -- `http.proxyPort` should be `3128` -- `https.proxyHost` should be set to Squid IP -- `https.proxyPort` should be `3128` -- If host access is enabled, `http.nonProxyHosts` should include `localhost|127.0.0.1|host.docker.internal` - -If proxy settings are missing or incorrect, report the issue and fail the workflow. - -### 2. Clone Repository - -`gh repo clone Mossaka/gh-aw-firewall-test-java /tmp/test-java` -- **CRITICAL**: If clone fails, immediately call `safeoutputs-missing_tool` with message "CLONE_FAILED: Unable to clone test repository" and stop execution - -### 3. Test Projects - -Run Maven compile and test for each project: -- `gson`: `cd /tmp/test-java/gson && mvn compile && mvn test` -- `caffeine`: `cd /tmp/test-java/caffeine && mvn compile && mvn test` - -### 4. Capture Results - -For each project, capture: -- Compile success/failure -- Test pass/fail count -- Any error messages +Clone and test the following projects from the test repository: + +1. **Clone Repository**: `gh repo clone Mossaka/gh-aw-firewall-test-java /tmp/test-java` + - **CRITICAL**: If clone fails, immediately call `safeoutputs-missing_tool` with message "CLONE_FAILED: Unable to clone test repository" and stop execution + +2. **Configure Maven Proxy**: Maven ignores Java system properties for proxy configuration, so you must create `~/.m2/settings.xml` before running any Maven commands: + ```bash + mkdir -p ~/.m2 + cat > ~/.m2/settings.xml << SETTINGS + + + + awf-httptruehttp + ${SQUID_PROXY_HOST}${SQUID_PROXY_PORT} + + + awf-httpstruehttps + ${SQUID_PROXY_HOST}${SQUID_PROXY_PORT} + + + + SETTINGS + ``` + +3. **Test Projects**: + - `gson`: `cd /tmp/test-java/gson && mvn compile && mvn test` + - `caffeine`: `cd /tmp/test-java/caffeine && mvn compile && mvn test` + +4. **For each project**, capture: + - Compile success/failure + - Test pass/fail count + - Any error messages ## Output -Add a comment to the current pull request with a summary including: - -1. **Java Proxy Configuration Status**: - - ✅ Proxy settings verified OR ❌ Proxy settings missing/incorrect - - Display the actual `JAVA_TOOL_OPTIONS` value - - List detected proxy properties (http.proxyHost, http.proxyPort, https.proxyHost, https.proxyPort, http.nonProxyHosts if present) - -2. **Build/Test Results Table**: +Add a comment to the current pull request with a summary table: | Project | Compile | Tests | Status | |----------|---------|-------|--------| @@ -102,16 +89,15 @@ Add a comment to the current pull request with a summary including: **Overall: PASS/FAIL** -If ALL tests pass AND proxy configuration is correct, add the label `build-test-java` to the pull request. -If ANY test fails OR proxy configuration is incorrect, report the failure with error details. +If ALL tests pass, add the label `build-test-java` to the pull request. +If ANY test fails, report the failure with error details. ## Error Handling **CRITICAL**: This workflow MUST fail visibly when errors occur: -1. **Proxy configuration failure**: If Java proxy settings are missing or incorrect, report in comment with actual vs expected values -2. **Clone failure**: If repository clone fails, call `safeoutputs-missing_tool` with "CLONE_FAILED: [error message]" -3. **Build failure**: Report in comment table with ❌ and include error output -4. **Test failure**: Report in comment table with FAIL status and include failure details +1. **Clone failure**: If repository clone fails, call `safeoutputs-missing_tool` with "CLONE_FAILED: [error message]" +2. **Build failure**: Report in comment table with ❌ and include error output +3. **Test failure**: Report in comment table with FAIL status and include failure details DO NOT report success if any step fails. The workflow should produce a clear, actionable error message. diff --git a/src/docker-manager.test.ts b/src/docker-manager.test.ts index 61f70af6d..63aa74906 100644 --- a/src/docker-manager.test.ts +++ b/src/docker-manager.test.ts @@ -1,4 +1,4 @@ -import { generateDockerCompose, generateMavenSettings, subnetsOverlap, writeConfigs, startContainers, stopContainers, cleanup, runAgentCommand, validateIdNotInSystemRange, getSafeHostUid, getSafeHostGid, getRealUserHome, MIN_REGULAR_UID, ACT_PRESET_BASE_IMAGE } from './docker-manager'; +import { generateDockerCompose, subnetsOverlap, writeConfigs, startContainers, stopContainers, cleanup, runAgentCommand, validateIdNotInSystemRange, getSafeHostUid, getSafeHostGid, getRealUserHome, MIN_REGULAR_UID, ACT_PRESET_BASE_IMAGE } from './docker-manager'; import { WrapperConfig } from './types'; import * as fs from 'fs'; import * as path from 'path'; @@ -485,65 +485,6 @@ describe('docker-manager', () => { expect(env.SQUID_PROXY_PORT).toBe('3128'); }); - it('should configure JAVA_TOOL_OPTIONS with proxy settings for Java applications', () => { - const result = generateDockerCompose(mockConfig, mockNetworkConfig); - const agent = result.services.agent; - const env = agent.environment as Record; - - expect(env.JAVA_TOOL_OPTIONS).toBeDefined(); - expect(env.JAVA_TOOL_OPTIONS).toContain('-Dhttp.proxyHost=172.30.0.10'); - expect(env.JAVA_TOOL_OPTIONS).toContain('-Dhttp.proxyPort=3128'); - expect(env.JAVA_TOOL_OPTIONS).toContain('-Dhttps.proxyHost=172.30.0.10'); - expect(env.JAVA_TOOL_OPTIONS).toContain('-Dhttps.proxyPort=3128'); - }); - - it('should add http.nonProxyHosts to JAVA_TOOL_OPTIONS when host access is enabled', () => { - const configWithHostAccess = { ...mockConfig, enableHostAccess: true }; - const result = generateDockerCompose(configWithHostAccess, mockNetworkConfig); - const agent = result.services.agent; - const env = agent.environment as Record; - - expect(env.JAVA_TOOL_OPTIONS).toContain('-Dhttp.nonProxyHosts='); - expect(env.JAVA_TOOL_OPTIONS).toContain('localhost'); - expect(env.JAVA_TOOL_OPTIONS).toContain('127.0.0.1'); - expect(env.JAVA_TOOL_OPTIONS).toContain('host.docker.internal'); - }); - - it('should not include quotes in JAVA_TOOL_OPTIONS nonProxyHosts value', () => { - const configWithHostAccess = { ...mockConfig, enableHostAccess: true }; - const result = generateDockerCompose(configWithHostAccess, mockNetworkConfig); - const agent = result.services.agent; - const env = agent.environment as Record; - - // Verify no embedded quotes in nonProxyHosts value - // JAVA_TOOL_OPTIONS parsing treats quotes as literal characters, not grouping - expect(env.JAVA_TOOL_OPTIONS).not.toContain('"localhost'); - expect(env.JAVA_TOOL_OPTIONS).not.toContain('internal"'); - expect(env.JAVA_TOOL_OPTIONS).toContain('-Dhttp.nonProxyHosts=localhost|'); - }); - - it('should mount Maven settings.xml for proxy configuration', () => { - const result = generateDockerCompose(mockConfig, mockNetworkConfig); - const agent = result.services.agent; - const volumes = agent.volumes as string[]; - - const mavenMount = volumes.find((v: string) => v.includes('maven-settings.xml')); - expect(mavenMount).toBeDefined(); - expect(mavenMount).toContain('.m2/settings.xml:ro'); - }); - - it('should mount Maven settings.xml under /host in chroot mode', () => { - const chrootConfig = { ...mockConfig, enableChroot: true }; - const result = generateDockerCompose(chrootConfig, mockNetworkConfig); - const agent = result.services.agent; - const volumes = agent.volumes as string[]; - - const mavenMount = volumes.find((v: string) => v.includes('maven-settings.xml')); - expect(mavenMount).toBeDefined(); - expect(mavenMount).toContain('/host'); - expect(mavenMount).toContain('.m2/settings.xml:ro'); - }); - it('should mount required volumes in agent container (default behavior)', () => { const result = generateDockerCompose(mockConfig, mockNetworkConfig); const agent = result.services.agent; @@ -1871,32 +1812,4 @@ describe('docker-manager', () => { await expect(cleanup(nonExistentDir, false)).resolves.not.toThrow(); }); }); - - describe('generateMavenSettings', () => { - it('should generate valid Maven settings.xml with proxy configuration', () => { - const result = generateMavenSettings('172.30.0.10', 3128); - - expect(result).toContain(''); - expect(result).toContain('http'); - expect(result).toContain('https'); - expect(result).toContain('172.30.0.10'); - expect(result).toContain('3128'); - // Should not include nonProxyHosts when not provided - expect(result).not.toContain(''); - }); - - it('should include nonProxyHosts when provided', () => { - const result = generateMavenSettings('172.30.0.10', 3128, 'localhost|127.0.0.1|host.docker.internal'); - - expect(result).toContain('localhost|127.0.0.1|host.docker.internal'); - }); - - it('should have both HTTP and HTTPS proxy entries', () => { - const result = generateMavenSettings('172.30.0.10', 3128); - - expect(result).toContain('awf-http'); - expect(result).toContain('awf-https'); - }); - }); }); diff --git a/src/docker-manager.ts b/src/docker-manager.ts index 6dc954580..18481fe99 100644 --- a/src/docker-manager.ts +++ b/src/docker-manager.ts @@ -10,40 +10,6 @@ import { generateSessionCa, initSslDb, CaFiles, parseUrlPatterns } from './ssl-b const SQUID_PORT = 3128; -/** - * Generates a Maven settings.xml with proxy configuration. - * Maven's HTTP transport does not read Java system properties (JAVA_TOOL_OPTIONS) for proxy, - * so we must provide proxy config via settings.xml for Maven/Gradle builds to work. - */ -export function generateMavenSettings(proxyHost: string, proxyPort: number, nonProxyHosts?: string): string { - const nonProxyHostsXml = nonProxyHosts - ? `\n ${nonProxyHosts}` - : ''; - return ` - - - - - awf-http - true - http - ${proxyHost} - ${proxyPort}${nonProxyHostsXml} - - - awf-https - true - https - ${proxyHost} - ${proxyPort}${nonProxyHostsXml} - - - -`; -} - /** * Base image for the 'act' preset when building locally. * Uses catthehacker's GitHub Actions parity image. @@ -360,10 +326,6 @@ export function generateDockerCompose( const environment: Record = { HTTP_PROXY: `http://${networkConfig.squidIp}:${SQUID_PORT}`, HTTPS_PROXY: `http://${networkConfig.squidIp}:${SQUID_PORT}`, - // Java applications don't automatically respect HTTP_PROXY/HTTPS_PROXY environment variables. - // Use JAVA_TOOL_OPTIONS to configure Java proxy settings for Maven, Gradle, and other Java tools. - // This environment variable is automatically picked up by all JVMs. - JAVA_TOOL_OPTIONS: `-Dhttp.proxyHost=${networkConfig.squidIp} -Dhttp.proxyPort=${SQUID_PORT} -Dhttps.proxyHost=${networkConfig.squidIp} -Dhttps.proxyPort=${SQUID_PORT}`, SQUID_PROXY_HOST: 'squid-proxy', SQUID_PROXY_PORT: SQUID_PORT.toString(), HOME: homeDir, @@ -380,14 +342,6 @@ export function generateDockerCompose( const networkGatewayIp = `${parts[0]}.${parts[1]}.${parts[2]}.1`; environment.NO_PROXY = `localhost,127.0.0.1,${networkConfig.squidIp},host.docker.internal,${networkGatewayIp}`; environment.no_proxy = environment.NO_PROXY; - - // Java uses a different format for non-proxy hosts (pipe-separated, not comma-separated) - // and doesn't support IP addresses well, but 127.0.0.1 is a special case that should be included - // for localhost connections that may use the IP address directly - const javaNoProxy = `localhost|127.0.0.1|host.docker.internal`; - // Append Java-specific NO_PROXY settings to JAVA_TOOL_OPTIONS (which is guaranteed to exist) - // Note: no quotes around the value — JAVA_TOOL_OPTIONS parsing treats embedded quotes as literals - environment.JAVA_TOOL_OPTIONS = `${environment.JAVA_TOOL_OPTIONS} -Dhttp.nonProxyHosts=${javaNoProxy}`; } // For chroot mode, pass the host's actual PATH and tool directories so the entrypoint can use them @@ -524,8 +478,9 @@ export function generateDockerCompose( const userHome = getRealUserHome(); agentVolumes.push(`${userHome}:/host${userHome}:rw`); - // /tmp is needed for chroot mode to write temporary command scripts - // The entrypoint.sh writes to /host/tmp/awf-cmd-$$.sh + // /tmp is needed for chroot mode to write: + // - Temporary command scripts: /host/tmp/awf-cmd-$$.sh + // - One-shot token LD_PRELOAD library: /host/tmp/awf-lib/one-shot-token.so agentVolumes.push('/tmp:/host/tmp:rw'); // Minimal /etc - only what's needed for runtime @@ -589,14 +544,6 @@ export function generateDockerCompose( environment.AWF_SSL_BUMP_ENABLED = 'true'; } - // Mount Maven settings.xml with proxy configuration - // Maven's HTTP transport ignores Java system properties for proxy, requiring settings.xml - if (config.enableChroot) { - agentVolumes.push(`${config.workDir}/maven-settings.xml:/host${effectiveHome}/.m2/settings.xml:ro`); - } else { - agentVolumes.push(`${config.workDir}/maven-settings.xml:${effectiveHome}/.m2/settings.xml:ro`); - } - // Add custom volume mounts if specified if (config.volumeMounts && config.volumeMounts.length > 0) { logger.debug(`Adding ${config.volumeMounts.length} custom volume mount(s)`); @@ -837,15 +784,6 @@ export async function writeConfigs(config: WrapperConfig): Promise { fs.writeFileSync(squidConfigPath, squidConfig); logger.debug(`Squid config written to: ${squidConfigPath}`); - // Write Maven settings.xml with proxy configuration - // Maven's HTTP transport ignores JAVA_TOOL_OPTIONS/-D proxy properties, - // requiring explicit proxy config in settings.xml - const nonProxyHosts = config.enableHostAccess ? 'localhost|127.0.0.1|host.docker.internal' : undefined; - const mavenSettings = generateMavenSettings(networkConfig.squidIp, SQUID_PORT, nonProxyHosts); - const mavenSettingsPath = path.join(config.workDir, 'maven-settings.xml'); - fs.writeFileSync(mavenSettingsPath, mavenSettings); - logger.debug(`Maven settings.xml written to: ${mavenSettingsPath}`); - // Write Docker Compose config const dockerCompose = generateDockerCompose(config, networkConfig, sslConfig); const dockerComposePath = path.join(config.workDir, 'docker-compose.yml');