Use workflow filename for GH_AW_WORKFLOW_ID and move common env vars to job level

Copilot · pelikhan · Copilot · commit 10c95bd387c4 · 2025-12-20T13:50:52.000Z
- Changed GH_AW_WORKFLOW_ID from mainJobName to workflow filename (without extension)
- Moved common environment variables to job level: GH_AW_WORKFLOW_NAME, GH_AW_WORKFLOW_SOURCE, GH_AW_TRACKER_ID, GH_AW_ENGINE_ID, GH_AW_ENGINE_VERSION, GH_AW_ENGINE_MODEL, GH_AW_SAFE_OUTPUTS_STAGED, GH_AW_TARGET_REPO_SLUG, GH_AW_SAFE_OUTPUT_MESSAGES
- Added buildJobLevelSafeOutputEnvVars() to build job-level environment variables
- Added buildStepLevelSafeOutputEnvVars() to build step-level env vars (excluding job-level ones)
- Updated all consolidated step configs to use buildStepLevelSafeOutputEnvVars()
- Individual job builders still use buildStandardSafeOutputEnvVars() for backward compatibility

Co-authored-by: pelikhan &lt;4175913+pelikhan@users.noreply.github.com&gt;
diff --git a/pkg/workflow/compiler_safe_outputs_consolidated.go b/pkg/workflow/compiler_safe_outputs_consolidated.go
@@ -498,18 +498,22 @@ func (c *Compiler) buildConsolidatedSafeOutputsJob(data *WorkflowData, mainJobNa
 		needs = append(needs, constants.ActivationJobName)
 	}
 
+	// Extract workflow filename (without extension) for GH_AW_WORKFLOW_ID
+	workflowFilename := strings.TrimSuffix(filepath.Base(markdownPath), ".md")
+
+	// Build job-level environment variables that are common to all safe output steps
+	jobEnv := c.buildJobLevelSafeOutputEnvVars(data, workflowFilename)
+
 	job := &Job{
 		Name:           "safe_outputs",
 		If:             jobCondition.Render(),
 		RunsOn:         c.formatSafeOutputsRunsOn(data.SafeOutputs),
 		Permissions:    permissions.RenderToYAML(),
 		TimeoutMinutes: 15, // Slightly longer timeout for consolidated job with multiple steps
-		Env: map[string]string{
-			"GH_AW_WORKFLOW_ID": fmt.Sprintf("%q", mainJobName),
-		},
-		Steps:   steps,
-		Outputs: outputs,
-		Needs:   needs,
+		Env:            jobEnv,
+		Steps:          steps,
+		Outputs:        outputs,
+		Needs:          needs,
 	}
 
 	consolidatedSafeOutputsLog.Printf("Built consolidated safe outputs job with %d steps", len(safeOutputStepNames))
@@ -581,6 +585,67 @@ func (c *Compiler) buildConsolidatedSafeOutputStep(data *WorkflowData, config Sa
 	return steps
 }
 
+// buildJobLevelSafeOutputEnvVars builds environment variables that should be set at the job level
+// for the consolidated safe_outputs job. These are variables that are common to all safe output steps.
+func (c *Compiler) buildJobLevelSafeOutputEnvVars(data *WorkflowData, workflowFilename string) map[string]string {
+	envVars := make(map[string]string)
+
+	// Set GH_AW_WORKFLOW_ID to the workflow filename (without extension)
+	// This is used for branch naming in create_pull_request and other operations
+	envVars["GH_AW_WORKFLOW_ID"] = fmt.Sprintf("%q", workflowFilename)
+
+	// Add workflow metadata that's common to all steps
+	envVars["GH_AW_WORKFLOW_NAME"] = fmt.Sprintf("%q", data.Name)
+	
+	if data.Source != "" {
+		envVars["GH_AW_WORKFLOW_SOURCE"] = fmt.Sprintf("%q", data.Source)
+		sourceURL := buildSourceURL(data.Source)
+		if sourceURL != "" {
+			envVars["GH_AW_WORKFLOW_SOURCE_URL"] = fmt.Sprintf("%q", sourceURL)
+		}
+	}
+
+	if data.TrackerID != "" {
+		envVars["GH_AW_TRACKER_ID"] = fmt.Sprintf("%q", data.TrackerID)
+	}
+
+	// Add engine metadata that's common to all steps
+	if data.EngineConfig != nil {
+		if data.EngineConfig.ID != "" {
+			envVars["GH_AW_ENGINE_ID"] = fmt.Sprintf("%q", data.EngineConfig.ID)
+		}
+		if data.EngineConfig.Version != "" {
+			envVars["GH_AW_ENGINE_VERSION"] = fmt.Sprintf("%q", data.EngineConfig.Version)
+		}
+		if data.EngineConfig.Model != "" {
+			envVars["GH_AW_ENGINE_MODEL"] = fmt.Sprintf("%q", data.EngineConfig.Model)
+		}
+	}
+
+	// Add safe output job environment variables (staged/target repo)
+	if c.trialMode || data.SafeOutputs.Staged {
+		envVars["GH_AW_SAFE_OUTPUTS_STAGED"] = "\"true\""
+	}
+
+	// Set GH_AW_TARGET_REPO_SLUG - prefer trial target repo (applies to all steps)
+	// Note: Individual steps with target-repo config will override this in their step-level env
+	if c.trialMode && c.trialLogicalRepoSlug != "" {
+		envVars["GH_AW_TARGET_REPO_SLUG"] = fmt.Sprintf("%q", c.trialLogicalRepoSlug)
+	}
+
+	// Add messages config if present (applies to all steps)
+	if data.SafeOutputs.Messages != nil {
+		messagesJSON, err := serializeMessagesConfig(data.SafeOutputs.Messages)
+		if err != nil {
+			consolidatedSafeOutputsLog.Printf("Warning: failed to serialize messages config: %v", err)
+		} else if messagesJSON != "" {
+			envVars["GH_AW_SAFE_OUTPUT_MESSAGES"] = fmt.Sprintf("%q", messagesJSON)
+		}
+	}
+
+	return envVars
+}
+
 // buildDetectionSuccessCondition builds the condition to check if detection passed
 func buildDetectionSuccessCondition() ConditionNode {
 	return BuildEquals(
@@ -603,7 +668,7 @@ func (c *Compiler) buildCreateIssueStepConfig(data *WorkflowData, mainJobName st
 	if cfg.Expires > 0 {
 		customEnvVars = append(customEnvVars, fmt.Sprintf("          GH_AW_ISSUE_EXPIRES: \"%d\"\n", cfg.Expires))
 	}
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
 
 	condition := BuildSafeOutputType("create_issue")
 
@@ -622,7 +687,7 @@ func (c *Compiler) buildCreateDiscussionStepConfig(data *WorkflowData, mainJobNa
 	cfg := data.SafeOutputs.CreateDiscussions
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("create_discussion")
 
@@ -676,7 +741,7 @@ func (c *Compiler) buildCreatePullRequestStepConfig(data *WorkflowData, mainJobN
 	if cfg.Expires > 0 && cfg.TargetRepoSlug == "" {
 		customEnvVars = append(customEnvVars, fmt.Sprintf("          GH_AW_PR_EXPIRES: \"%d\"\n", cfg.Expires))
 	}
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
 
 	condition := BuildSafeOutputType("create_pull_request")
 
@@ -723,7 +788,7 @@ func (c *Compiler) buildAddCommentStepConfig(data *WorkflowData, mainJobName str
 		customEnvVars = append(customEnvVars, "          GH_AW_CREATED_PULL_REQUEST_URL: ${{ steps.create_pull_request.outputs.pull_request_url }}\n")
 		customEnvVars = append(customEnvVars, "          GH_AW_CREATED_PULL_REQUEST_NUMBER: ${{ steps.create_pull_request.outputs.pull_request_number }}\n")
 	}
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
 
 	condition := BuildSafeOutputType("add_comment")
 
@@ -742,7 +807,7 @@ func (c *Compiler) buildCloseDiscussionStepConfig(data *WorkflowData, mainJobNam
 	cfg := data.SafeOutputs.CloseDiscussions
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("close_discussion")
 
@@ -761,7 +826,7 @@ func (c *Compiler) buildCloseIssueStepConfig(data *WorkflowData, mainJobName str
 	cfg := data.SafeOutputs.CloseIssues
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("close_issue")
 
@@ -780,7 +845,7 @@ func (c *Compiler) buildClosePullRequestStepConfig(data *WorkflowData, mainJobNa
 	cfg := data.SafeOutputs.ClosePullRequests
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("close_pull_request")
 
@@ -807,7 +872,7 @@ func (c *Compiler) buildCreatePRReviewCommentStepConfig(data *WorkflowData, main
 	if cfg.Target != "" {
 		customEnvVars = append(customEnvVars, fmt.Sprintf("          GH_AW_PR_REVIEW_COMMENT_TARGET: %q\n", cfg.Target))
 	}
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("create_pull_request_review_comment")
 
@@ -827,7 +892,7 @@ func (c *Compiler) buildCreateCodeScanningAlertStepConfig(data *WorkflowData, ma
 
 	var customEnvVars []string
 	customEnvVars = append(customEnvVars, fmt.Sprintf("          GH_AW_WORKFLOW_FILENAME: %q\n", workflowFilename))
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("create_code_scanning_alert")
 
@@ -853,7 +918,7 @@ func (c *Compiler) buildAddLabelsStepConfig(data *WorkflowData, mainJobName stri
 	if cfg.Target != "" {
 		customEnvVars = append(customEnvVars, fmt.Sprintf("          GH_AW_LABELS_TARGET: %q\n", cfg.Target))
 	}
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
 
 	condition := BuildSafeOutputType("add_labels")
 
@@ -872,7 +937,7 @@ func (c *Compiler) buildAddReviewerStepConfig(data *WorkflowData, mainJobName st
 	cfg := data.SafeOutputs.AddReviewer
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("add_reviewer")
 
@@ -891,7 +956,7 @@ func (c *Compiler) buildAssignMilestoneStepConfig(data *WorkflowData, mainJobNam
 	cfg := data.SafeOutputs.AssignMilestone
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("assign_milestone")
 
@@ -910,7 +975,7 @@ func (c *Compiler) buildAssignToAgentStepConfig(data *WorkflowData, mainJobName
 	cfg := data.SafeOutputs.AssignToAgent
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("assign_to_agent")
 
@@ -930,7 +995,7 @@ func (c *Compiler) buildAssignToUserStepConfig(data *WorkflowData, mainJobName s
 	cfg := data.SafeOutputs.AssignToUser
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("assign_to_user")
 
@@ -949,7 +1014,7 @@ func (c *Compiler) buildUpdateIssueStepConfig(data *WorkflowData, mainJobName st
 	cfg := data.SafeOutputs.UpdateIssues
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
 
 	condition := BuildSafeOutputType("update_issue")
 
@@ -968,7 +1033,7 @@ func (c *Compiler) buildUpdatePullRequestStepConfig(data *WorkflowData, mainJobN
 	cfg := data.SafeOutputs.UpdatePullRequests
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
 
 	condition := BuildSafeOutputType("update_pull_request")
 
@@ -987,7 +1052,7 @@ func (c *Compiler) buildUpdateDiscussionStepConfig(data *WorkflowData, mainJobNa
 	cfg := data.SafeOutputs.UpdateDiscussions
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, cfg.TargetRepoSlug)...)
 
 	// Add target environment variable if set
 	if cfg.Target != "" {
@@ -1044,7 +1109,7 @@ func (c *Compiler) buildPushToPullRequestBranchStepConfig(data *WorkflowData, ma
 		maxPatchSize = data.SafeOutputs.MaximumPatchSize
 	}
 	customEnvVars = append(customEnvVars, fmt.Sprintf("          GH_AW_MAX_PATCH_SIZE: %d\n", maxPatchSize))
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("push_to_pull_request_branch")
 
@@ -1067,7 +1132,7 @@ func (c *Compiler) buildUploadAssetsStepConfig(data *WorkflowData, mainJobName s
 	cfg := data.SafeOutputs.UploadAssets
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("upload_asset")
 
@@ -1086,7 +1151,7 @@ func (c *Compiler) buildUpdateReleaseStepConfig(data *WorkflowData, mainJobName
 	cfg := data.SafeOutputs.UpdateRelease
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("update_release")
 
@@ -1109,7 +1174,7 @@ func (c *Compiler) buildLinkSubIssueStepConfig(data *WorkflowData, mainJobName s
 		customEnvVars = append(customEnvVars, "          GH_AW_CREATED_ISSUE_NUMBER: ${{ steps.create_issue.outputs.issue_number }}\n")
 		customEnvVars = append(customEnvVars, "          GH_AW_TEMPORARY_ID_MAP: ${{ steps.create_issue.outputs.temporary_id_map }}\n")
 	}
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("link_sub_issue")
 
@@ -1128,7 +1193,7 @@ func (c *Compiler) buildHideCommentStepConfig(data *WorkflowData, mainJobName st
 	cfg := data.SafeOutputs.HideComment
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("hide_comment")
 
@@ -1147,7 +1212,7 @@ func (c *Compiler) buildCreateAgentTaskStepConfig(data *WorkflowData, mainJobNam
 	cfg := data.SafeOutputs.CreateAgentTasks
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("create_agent_task")
 
@@ -1166,7 +1231,7 @@ func (c *Compiler) buildUpdateProjectStepConfig(data *WorkflowData, mainJobName
 	cfg := data.SafeOutputs.UpdateProjects
 
 	var customEnvVars []string
-	customEnvVars = append(customEnvVars, c.buildStandardSafeOutputEnvVars(data, "")...)
+	customEnvVars = append(customEnvVars, c.buildStepLevelSafeOutputEnvVars(data, "")...)
 
 	condition := BuildSafeOutputType("update_project")
 
diff --git a/pkg/workflow/safe_outputs_env.go b/pkg/workflow/safe_outputs_env.go
@@ -148,6 +148,37 @@ func (c *Compiler) buildStandardSafeOutputEnvVars(data *WorkflowData, targetRepo
 	return customEnvVars
 }
 
+// buildStepLevelSafeOutputEnvVars builds environment variables for consolidated safe output steps
+// This excludes variables that are already set at the job level in consolidated jobs
+func (c *Compiler) buildStepLevelSafeOutputEnvVars(data *WorkflowData, targetRepoSlug string) []string {
+	var customEnvVars []string
+
+	// Only add target repo slug if it's different from the job-level setting
+	// (i.e., this step has a specific target-repo config that overrides the global trial mode target)
+	if targetRepoSlug != "" {
+		// Step-specific target repo overrides job-level setting
+		customEnvVars = append(customEnvVars, fmt.Sprintf("          GH_AW_TARGET_REPO_SLUG: %q\n", targetRepoSlug))
+	} else if !c.trialMode && data.SafeOutputs.Staged {
+		// Step needs staged flag but there's no job-level target repo (not in trial mode)
+		// Job level only sets this if trialMode is true
+		customEnvVars = append(customEnvVars, "          GH_AW_SAFE_OUTPUTS_STAGED: \"true\"\n")
+	}
+
+	// Note: The following are now set at job level and should NOT be included here:
+	// - GH_AW_WORKFLOW_NAME
+	// - GH_AW_WORKFLOW_SOURCE
+	// - GH_AW_WORKFLOW_SOURCE_URL
+	// - GH_AW_TRACKER_ID
+	// - GH_AW_ENGINE_ID
+	// - GH_AW_ENGINE_VERSION
+	// - GH_AW_ENGINE_MODEL
+	// - GH_AW_SAFE_OUTPUTS_STAGED (if in trial mode)
+	// - GH_AW_TARGET_REPO_SLUG (if in trial mode and no step override)
+	// - GH_AW_SAFE_OUTPUT_MESSAGES
+
+	return customEnvVars
+}
+
 // buildEngineMetadataEnvVars builds engine metadata environment variables (id, version, model)
 // These are used by the JavaScript footer generation to create XML comment markers for traceability
 func buildEngineMetadataEnvVars(engineConfig *EngineConfig) []string {
