diff --git a/.changeset/patch-object-form-otlp-headers.md b/.changeset/patch-object-form-otlp-headers.md new file mode 100644 index 00000000000..937936ce797 --- /dev/null +++ b/.changeset/patch-object-form-otlp-headers.md @@ -0,0 +1,5 @@ +--- +"gh-aw": patch +--- + +Added support for defining `observability.otlp.headers` as an object in workflow frontmatter. diff --git a/.github/workflows/agentic-observability-kit.lock.yml b/.github/workflows/agentic-observability-kit.lock.yml index 380befc434f..f535ac65caf 100644 --- a/.github/workflows/agentic-observability-kit.lock.yml +++ b/.github/workflows/agentic-observability-kit.lock.yml @@ -117,7 +117,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -381,7 +381,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1468,7 +1468,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/agentic-optimization-kit.lock.yml b/.github/workflows/agentic-optimization-kit.lock.yml index d1ecfec9f7d..579d06e9d40 100644 --- a/.github/workflows/agentic-optimization-kit.lock.yml +++ b/.github/workflows/agentic-optimization-kit.lock.yml @@ -119,7 +119,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -394,7 +394,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1612,7 +1612,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/api-consumption-report.lock.yml b/.github/workflows/api-consumption-report.lock.yml index e4007527761..1b787ef6e4c 100644 --- a/.github/workflows/api-consumption-report.lock.yml +++ b/.github/workflows/api-consumption-report.lock.yml @@ -118,7 +118,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -385,7 +385,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1494,7 +1494,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index 081688d533c..bdd1a516d1f 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -121,7 +121,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -396,7 +396,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1619,7 +1619,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index f10eaf1b091..79d5d187656 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -112,7 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -366,7 +366,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1385,7 +1385,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml index ead83b5eb58..4373e9f4411 100644 --- a/.github/workflows/claude-code-user-docs-review.lock.yml +++ b/.github/workflows/claude-code-user-docs-review.lock.yml @@ -113,7 +113,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -372,7 +372,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1354,7 +1354,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index b02b660c224..27d5af80180 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -117,7 +117,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -390,7 +390,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1490,7 +1490,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 66febc55d9f..f99e7fff361 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -114,7 +114,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -326,7 +326,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1342,7 +1342,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index 96f51e58d61..7473340d593 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -118,7 +118,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -396,7 +396,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1491,7 +1491,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index f0eaa420379..5e7eefa0bdb 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -115,7 +115,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -389,7 +389,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1431,7 +1431,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index b3a9a04f773..d65bb5c18c2 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -120,7 +120,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -402,7 +402,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1549,7 +1549,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/copilot-token-audit.lock.yml b/.github/workflows/copilot-token-audit.lock.yml index ab25f28f1a2..1803a352d61 100644 --- a/.github/workflows/copilot-token-audit.lock.yml +++ b/.github/workflows/copilot-token-audit.lock.yml @@ -118,7 +118,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -392,7 +392,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1568,7 +1568,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-architecture-diagram.lock.yml b/.github/workflows/daily-architecture-diagram.lock.yml index 3fb87f2e3fd..b46cc0b60f0 100644 --- a/.github/workflows/daily-architecture-diagram.lock.yml +++ b/.github/workflows/daily-architecture-diagram.lock.yml @@ -109,7 +109,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -367,7 +367,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1337,7 +1337,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index d1c658cc5be..59a55c3c575 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -105,7 +105,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -351,7 +351,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1261,7 +1261,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml index 8227036d83e..3428808c59b 100644 --- a/.github/workflows/daily-choice-test.lock.yml +++ b/.github/workflows/daily-choice-test.lock.yml @@ -108,7 +108,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -354,7 +354,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1302,7 +1302,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index 5023a646b29..8d5cb9de592 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -137,7 +137,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -408,7 +408,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1660,7 +1660,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index 037bd31995d..783c12ec7d0 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -111,7 +111,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -367,7 +367,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1340,7 +1340,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index 5aaffec8c77..a0e90080ac6 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -116,7 +116,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -388,7 +388,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1530,7 +1530,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-community-attribution.lock.yml b/.github/workflows/daily-community-attribution.lock.yml index c5375668b30..bc86dddbfe8 100644 --- a/.github/workflows/daily-community-attribution.lock.yml +++ b/.github/workflows/daily-community-attribution.lock.yml @@ -108,7 +108,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -375,7 +375,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1442,7 +1442,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index 10951197113..57de64dcb0c 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -115,7 +115,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -405,7 +405,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1389,7 +1389,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-doc-healer.lock.yml b/.github/workflows/daily-doc-healer.lock.yml index 9dad5f2dc93..4732f62dfed 100644 --- a/.github/workflows/daily-doc-healer.lock.yml +++ b/.github/workflows/daily-doc-healer.lock.yml @@ -112,7 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -371,7 +371,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1435,7 +1435,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index 4f1788e4d46..1b18961007e 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -112,7 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -370,7 +370,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1396,7 +1396,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 3fd8a89bfb5..40ff1e927ae 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -115,7 +115,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -465,7 +465,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1396,18 +1396,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_1a616677fcc91216_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_5f3f077cd9582590_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_1a616677fcc91216_EOF + GH_AW_MCP_CONFIG_5f3f077cd9582590_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_f35f84e7a0cd92eb_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_b3bf557a7c5ae51c_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1418,11 +1418,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_f35f84e7a0cd92eb_EOF + GH_AW_MCP_CONFIG_b3bf557a7c5ae51c_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_10c504d6b7dd88da_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_af7b6cdd8d207893_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1432,7 +1432,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_10c504d6b7dd88da_EOF + GH_AW_CODEX_SHELL_POLICY_af7b6cdd8d207893_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1540,7 +1540,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index 1b7559fdf14..be47bdca0a1 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -117,7 +117,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -403,7 +403,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1409,7 +1409,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index dc5899a8e2e..b86205ce1e9 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -119,7 +119,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -384,7 +384,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1431,7 +1431,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-function-namer.lock.yml b/.github/workflows/daily-function-namer.lock.yml index 888b0919e96..e5309facff4 100644 --- a/.github/workflows/daily-function-namer.lock.yml +++ b/.github/workflows/daily-function-namer.lock.yml @@ -113,7 +113,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -403,7 +403,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1418,7 +1418,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-integrity-analysis.lock.yml b/.github/workflows/daily-integrity-analysis.lock.yml index f5b07b89c41..15580329c12 100644 --- a/.github/workflows/daily-integrity-analysis.lock.yml +++ b/.github/workflows/daily-integrity-analysis.lock.yml @@ -116,7 +116,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -382,7 +382,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1445,7 +1445,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index ff1c450d5aa..dfecba5a5bc 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -123,7 +123,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -396,7 +396,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1581,7 +1581,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 8549295d269..ecbc0b6c450 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -107,7 +107,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -357,7 +357,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1065,7 +1065,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index 6e60724446e..dc098336906 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -112,7 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -401,7 +401,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1405,7 +1405,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index a1ec1953827..bd06c65204b 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -114,7 +114,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -372,7 +372,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1420,7 +1420,7 @@ jobs: trace-id: ${{ needs.activation.outputs.setup-trace-id }} safe-output-artifact-client: 'true' - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index a8c3d107480..254a159e6e5 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -117,7 +117,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -395,7 +395,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1595,7 +1595,7 @@ jobs: trace-id: ${{ needs.activation.outputs.setup-trace-id }} safe-output-artifact-client: 'true' - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index e1ae58db903..7d80a122a0b 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -118,7 +118,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -373,7 +373,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1313,18 +1313,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_925e6bef6ef6412e_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_54e90585dd37e1b2_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_925e6bef6ef6412e_EOF + GH_AW_MCP_CONFIG_54e90585dd37e1b2_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_17c1f1b27c5586e8_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_1813643351981700_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1335,11 +1335,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_17c1f1b27c5586e8_EOF + GH_AW_MCP_CONFIG_1813643351981700_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_b7acc31acbb29a6c_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_b2fddad0ace1b5a6_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1349,7 +1349,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_b7acc31acbb29a6c_EOF + GH_AW_CODEX_SHELL_POLICY_b2fddad0ace1b5a6_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1488,7 +1488,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-otel-instrumentation-advisor.lock.yml b/.github/workflows/daily-otel-instrumentation-advisor.lock.yml index b99c47d296e..885f60d3e01 100644 --- a/.github/workflows/daily-otel-instrumentation-advisor.lock.yml +++ b/.github/workflows/daily-otel-instrumentation-advisor.lock.yml @@ -109,7 +109,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -364,7 +364,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1340,7 +1340,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 36df4d5a8bc..56d1936b6d4 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -117,7 +117,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -383,7 +383,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1835,7 +1835,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index 235b2d08973..55c30ab42ac 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -112,7 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -368,7 +368,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1747,7 +1747,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-rendering-scripts-verifier.lock.yml b/.github/workflows/daily-rendering-scripts-verifier.lock.yml index f5216f5c912..2431d8abfe3 100644 --- a/.github/workflows/daily-rendering-scripts-verifier.lock.yml +++ b/.github/workflows/daily-rendering-scripts-verifier.lock.yml @@ -121,7 +121,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -386,7 +386,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1544,7 +1544,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index 4ed909944cc..660299f210c 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -113,7 +113,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -374,7 +374,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1344,7 +1344,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-safe-output-integrator.lock.yml b/.github/workflows/daily-safe-output-integrator.lock.yml index ada9d50d847..c1c3895ad3b 100644 --- a/.github/workflows/daily-safe-output-integrator.lock.yml +++ b/.github/workflows/daily-safe-output-integrator.lock.yml @@ -107,7 +107,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -360,7 +360,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1307,7 +1307,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index 87837b61411..97cc405c7d2 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -122,7 +122,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -385,7 +385,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1517,7 +1517,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-safe-outputs-conformance.lock.yml b/.github/workflows/daily-safe-outputs-conformance.lock.yml index 835f84344d2..d9a8bb9d016 100644 --- a/.github/workflows/daily-safe-outputs-conformance.lock.yml +++ b/.github/workflows/daily-safe-outputs-conformance.lock.yml @@ -108,7 +108,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -357,7 +357,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1311,7 +1311,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index 4a670406432..9c367ada3ef 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -109,7 +109,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -359,7 +359,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1254,7 +1254,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-security-red-team.lock.yml b/.github/workflows/daily-security-red-team.lock.yml index d8a11eafce5..68bb480eb41 100644 --- a/.github/workflows/daily-security-red-team.lock.yml +++ b/.github/workflows/daily-security-red-team.lock.yml @@ -109,7 +109,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -365,7 +365,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1320,7 +1320,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index 1723df101f5..370abc9027a 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -110,7 +110,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -359,7 +359,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1281,7 +1281,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index 58919e4e12e..aa79113983f 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -108,7 +108,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -358,7 +358,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1293,7 +1293,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml index efa3bb392c7..e1940a73860 100644 --- a/.github/workflows/daily-team-evolution-insights.lock.yml +++ b/.github/workflows/daily-team-evolution-insights.lock.yml @@ -111,7 +111,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -362,7 +362,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1311,7 +1311,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index 4f99df4498e..612764f734b 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -120,7 +120,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -375,7 +375,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1321,7 +1321,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index 321b5dded92..5546d76142c 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -117,7 +117,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -417,7 +417,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1541,7 +1541,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-token-consumption-report.lock.yml b/.github/workflows/daily-token-consumption-report.lock.yml index c3a8f3e501f..cfc18b36a9c 100644 --- a/.github/workflows/daily-token-consumption-report.lock.yml +++ b/.github/workflows/daily-token-consumption-report.lock.yml @@ -113,7 +113,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -364,7 +364,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1380,7 +1380,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index a97288feedb..b4cb2c24b37 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -107,7 +107,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -356,7 +356,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1268,7 +1268,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index 986f35ef974..e8f5a8ca673 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -111,7 +111,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -376,7 +376,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1450,7 +1450,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index 28e9344bda8..426d7629014 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -117,7 +117,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -422,7 +422,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1615,7 +1615,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index 3d29c579c7a..a6193db5824 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -112,7 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -366,7 +366,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1318,7 +1318,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 9e86151b592..f42220f426b 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -114,7 +114,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -363,7 +363,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1386,7 +1386,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index 58e4087450f..2b60ff5d93e 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -115,7 +115,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -377,7 +377,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1399,7 +1399,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index bf8a3ce3a4d..30db3fc841c 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -113,7 +113,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -374,7 +374,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1397,7 +1397,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index cbee9ec0cea..61216a6b4ef 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -113,7 +113,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -368,7 +368,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1343,7 +1343,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 7477beb268f..ef819454590 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -156,7 +156,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -463,7 +463,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -2111,7 +2111,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index d4c87f7f094..f3420d369f4 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -125,7 +125,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -387,7 +387,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1516,7 +1516,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index e1aacc7228a..3a63584683d 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -115,7 +115,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -376,7 +376,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1295,7 +1295,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index 05b255ba521..8088bace56b 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -116,7 +116,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -409,7 +409,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1357,7 +1357,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index d635d01f5df..357768cbde2 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -118,7 +118,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -372,7 +372,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1433,7 +1433,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index aead01257be..803d4340c30 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -112,7 +112,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -362,7 +362,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1323,7 +1323,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml index 5240c076783..659c44e50ca 100644 --- a/.github/workflows/sergo.lock.yml +++ b/.github/workflows/sergo.lock.yml @@ -116,7 +116,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -401,7 +401,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1448,7 +1448,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-all-merged.lock.yml b/.github/workflows/smoke-agent-all-merged.lock.yml index 777dfad1e32..19c52bde667 100644 --- a/.github/workflows/smoke-agent-all-merged.lock.yml +++ b/.github/workflows/smoke-agent-all-merged.lock.yml @@ -119,7 +119,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -385,7 +385,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1372,7 +1372,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-all-none.lock.yml b/.github/workflows/smoke-agent-all-none.lock.yml index 637388d5121..acbc223f763 100644 --- a/.github/workflows/smoke-agent-all-none.lock.yml +++ b/.github/workflows/smoke-agent-all-none.lock.yml @@ -119,7 +119,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -385,7 +385,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1372,7 +1372,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-public-approved.lock.yml b/.github/workflows/smoke-agent-public-approved.lock.yml index 7202992b0c5..454cd2f8612 100644 --- a/.github/workflows/smoke-agent-public-approved.lock.yml +++ b/.github/workflows/smoke-agent-public-approved.lock.yml @@ -121,7 +121,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -393,7 +393,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1427,7 +1427,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-public-none.lock.yml b/.github/workflows/smoke-agent-public-none.lock.yml index 8ebe7aa48d0..1f6b37e44e7 100644 --- a/.github/workflows/smoke-agent-public-none.lock.yml +++ b/.github/workflows/smoke-agent-public-none.lock.yml @@ -119,7 +119,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -385,7 +385,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1372,7 +1372,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-agent-scoped-approved.lock.yml b/.github/workflows/smoke-agent-scoped-approved.lock.yml index bf4c2a5e2c1..de399bc1422 100644 --- a/.github/workflows/smoke-agent-scoped-approved.lock.yml +++ b/.github/workflows/smoke-agent-scoped-approved.lock.yml @@ -120,7 +120,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -387,7 +387,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1379,7 +1379,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-call-workflow.lock.yml b/.github/workflows/smoke-call-workflow.lock.yml index 3aae75e6ff9..bbd85a20480 100644 --- a/.github/workflows/smoke-call-workflow.lock.yml +++ b/.github/workflows/smoke-call-workflow.lock.yml @@ -118,7 +118,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -375,7 +375,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1225,18 +1225,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_227dec47ef38d6cd_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_8ecd987b7c0d7302_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_227dec47ef38d6cd_EOF + GH_AW_MCP_CONFIG_8ecd987b7c0d7302_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_c3c0bb95cf5fe5c0_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_9caaabd678cba62e_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1247,11 +1247,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_c3c0bb95cf5fe5c0_EOF + GH_AW_MCP_CONFIG_9caaabd678cba62e_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_bea347ecd791e20d_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_e276605ef6a2cf9e_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1261,7 +1261,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_bea347ecd791e20d_EOF + GH_AW_CODEX_SHELL_POLICY_e276605ef6a2cf9e_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1401,7 +1401,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 84a20a3bdc4..1b885f4b0f9 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -134,7 +134,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -470,7 +470,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1763,18 +1763,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.0' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_7cd2ab3ccc926025_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_32128a5236ffeb4b_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_7cd2ab3ccc926025_EOF + GH_AW_MCP_CONFIG_32128a5236ffeb4b_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_a2f0e77a5a5c10a7_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_dbcaa8a629cb35c4_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1785,11 +1785,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_a2f0e77a5a5c10a7_EOF + GH_AW_MCP_CONFIG_dbcaa8a629cb35c4_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_d2384e8d32b7521e_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_285af82c44db869f_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1799,7 +1799,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_d2384e8d32b7521e_EOF + GH_AW_CODEX_SHELL_POLICY_285af82c44db869f_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1946,7 +1946,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index 9c62d6cb476..f48f64f51a4 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -135,7 +135,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -476,7 +476,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -2318,7 +2318,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-create-cross-repo-pr.lock.yml b/.github/workflows/smoke-create-cross-repo-pr.lock.yml index 0c89504daaa..9b5a0e6acb7 100644 --- a/.github/workflows/smoke-create-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-create-cross-repo-pr.lock.yml @@ -119,7 +119,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -396,7 +396,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1429,7 +1429,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-gemini.lock.yml b/.github/workflows/smoke-gemini.lock.yml index ee08d3b2b7e..e53e331edb1 100644 --- a/.github/workflows/smoke-gemini.lock.yml +++ b/.github/workflows/smoke-gemini.lock.yml @@ -127,7 +127,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -421,7 +421,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1561,7 +1561,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-multi-pr.lock.yml b/.github/workflows/smoke-multi-pr.lock.yml index c5619bb3944..d517b48f916 100644 --- a/.github/workflows/smoke-multi-pr.lock.yml +++ b/.github/workflows/smoke-multi-pr.lock.yml @@ -123,7 +123,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -413,7 +413,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1431,7 +1431,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-opencode.lock.yml b/.github/workflows/smoke-opencode.lock.yml index c9a264f3b12..e230a2e1015 100644 --- a/.github/workflows/smoke-opencode.lock.yml +++ b/.github/workflows/smoke-opencode.lock.yml @@ -125,7 +125,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -412,7 +412,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1492,7 +1492,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index 642d8bfff2a..7be659474a6 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -124,7 +124,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -410,7 +410,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1551,7 +1551,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-service-ports.lock.yml b/.github/workflows/smoke-service-ports.lock.yml index 6fcfda34fbd..2cf420fcee5 100644 --- a/.github/workflows/smoke-service-ports.lock.yml +++ b/.github/workflows/smoke-service-ports.lock.yml @@ -107,7 +107,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -371,7 +371,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1300,7 +1300,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-temporary-id.lock.yml b/.github/workflows/smoke-temporary-id.lock.yml index 8097e2d31ec..b28acd1015f 100644 --- a/.github/workflows/smoke-temporary-id.lock.yml +++ b/.github/workflows/smoke-temporary-id.lock.yml @@ -122,7 +122,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -409,7 +409,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1410,7 +1410,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml index 80fa04a5a32..c3a11fdc592 100644 --- a/.github/workflows/smoke-test-tools.lock.yml +++ b/.github/workflows/smoke-test-tools.lock.yml @@ -125,7 +125,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -394,7 +394,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1351,7 +1351,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/smoke-update-cross-repo-pr.lock.yml b/.github/workflows/smoke-update-cross-repo-pr.lock.yml index 64ed8d7a252..105ee6930b5 100644 --- a/.github/workflows/smoke-update-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-update-cross-repo-pr.lock.yml @@ -121,7 +121,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.pre_activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -405,7 +405,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1451,7 +1451,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index 79c9ce40a2a..9fdea8b2dfe 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -127,7 +127,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -392,7 +392,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1478,7 +1478,7 @@ jobs: trace-id: ${{ needs.activation.outputs.setup-trace-id }} safe-output-artifact-client: 'true' - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index d8e68e6348a..bd245b172bd 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -114,7 +114,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -392,7 +392,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1295,7 +1295,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index be19bec4169..4755fb7cb7f 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -114,7 +114,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -395,7 +395,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1388,7 +1388,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 93e8bcb3778..b787663c047 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -117,7 +117,7 @@ jobs: destination: ${{ runner.temp }}/gh-aw/actions job-name: ${{ github.job }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Generate agentic run info id: generate_aw_info env: @@ -374,7 +374,7 @@ jobs: echo "GH_AW_SAFE_OUTPUTS_TOOLS_PATH=${RUNNER_TEMP}/gh-aw/safeoutputs/tools.json" } >> "$GITHUB_OUTPUT" - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -1309,7 +1309,7 @@ jobs: job-name: ${{ github.job }} trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Mask OTLP telemetry headers - run: echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + run: bash "${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh" - name: Download agent output artifact id: download-agent-output continue-on-error: true diff --git a/actions/setup/sh/mask_otlp_headers.sh b/actions/setup/sh/mask_otlp_headers.sh new file mode 100644 index 00000000000..8a2d5778990 --- /dev/null +++ b/actions/setup/sh/mask_otlp_headers.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +set +o histexpand + +# +# mask_otlp_headers.sh - Mask OTEL_EXPORTER_OTLP_HEADERS from GitHub Actions logs +# +# Issues the ::add-mask:: workflow command for OTEL_EXPORTER_OTLP_HEADERS so that +# authentication tokens in the header value do not leak into GitHub Actions runner +# logs (including debug/step-debug logs). +# +# Three levels of masking are applied: +# 1. The entire OTEL_EXPORTER_OTLP_HEADERS value (comma-separated header pairs). +# 2. Each individual header value extracted from the pairs, so that a token +# appearing without its header name prefix is also redacted. +# 3. For Authorization-style "Bearer " credentials, the raw token after +# stripping the "Bearer " scheme prefix, so it is masked even when it appears +# without the scheme (e.g. in downstream tool logs). +# +# Mixed quoting ('::add-mask::' followed by "$VAR") is used so the directive prefix +# is treated as a literal string while the variable values are expanded at runtime. +# +# Exit codes: +# 0 - Success (OTEL_EXPORTER_OTLP_HEADERS may be empty, which is a no-op) + +set -euo pipefail + +# Level 1: mask the entire comma-separated headers string. +echo '::add-mask::'"$OTEL_EXPORTER_OTLP_HEADERS" + +# Levels 2 & 3: split on commas, extract each value, and mask it individually. +# For "Bearer " values, also mask the raw token without the scheme prefix. +printf '%s' "$OTEL_EXPORTER_OTLP_HEADERS" | tr ',' '\n' | while IFS= read -r _pair; do + _val="${_pair#*=}" + [ -n "$_val" ] && echo '::add-mask::'"$_val" + _no_bearer="${_val#Bearer }" + [ "$_no_bearer" != "$_val" ] && echo '::add-mask::'"$_no_bearer" +done diff --git a/docs/adr/28524-support-object-form-for-otlp-headers.md b/docs/adr/28524-support-object-form-for-otlp-headers.md new file mode 100644 index 00000000000..8dab37dc1a0 --- /dev/null +++ b/docs/adr/28524-support-object-form-for-otlp-headers.md @@ -0,0 +1,80 @@ +# ADR-28524: Support Object Form for `observability.otlp.headers` + +**Date**: 2026-04-26 +**Status**: Draft +**Deciders**: pelikhan + +--- + +## Part 1 — Narrative (Human-Friendly) + +### Context + +Workflow frontmatter supports an `observability.otlp.headers` field for passing HTTP headers to an OTLP collector. The original form accepted only a comma-separated `key=value` string (e.g., `"Authorization=Bearer ${{ secrets.TOKEN }},X-Tenant=acme"`). This forced authors to concatenate multiple secrets into a single expression, which is cumbersome, error-prone, and inconsistent with how the `env` field already accepts maps of `name: value` pairs. As observability adoption grew, users increasingly needed to specify multiple headers with individual secret references. + +### Decision + +We will extend `OTLPConfig.Headers` from a `string` field to a polymorphic `any` field that accepts either a map of string key-to-value pairs (preferred) or a comma-separated string (deprecated). A new `normalizeOTLPHeaders` helper converts either form into the `key=value,...` format required by the `OTEL_EXPORTER_OTLP_HEADERS` environment variable. The string form is retained for backwards compatibility but emits a deprecation warning to `stderr` on use. + +### Alternatives Considered + +#### Alternative 1: Keep String Form, Add Multi-Secret Concatenation Helper + +A new expression helper (e.g., `${{ otlp.headers(key1=val1, key2=val2) }}`) could be introduced to construct the header string. This would avoid a type change on the Go struct but would require a new expression-language feature, adding significant implementation surface and coupling the feature to the expression evaluator. It was rejected because it adds more complexity than switching to a map. + +#### Alternative 2: Introduce a Structured List/Array Form + +Headers could be expressed as a list of `{name, value}` objects: `headers: [{name: Authorization, value: "Bearer ${{ secrets.TOKEN }}"}]`. This is more explicit and mirrors patterns in other YAML-based CI systems. However, it is more verbose than a map for the common case and would require a separate deprecation/migration path from the current string form. The map form was preferred as it mirrors the established `env` pattern already familiar to workflow authors. + +### Consequences + +#### Positive +- Individual header values can reference separate GitHub Actions secrets, improving security hygiene. +- The map syntax is consistent with the `env` field pattern, reducing cognitive overhead for authors. +- Comprehensive test coverage for both forms reduces regression risk during the deprecation window. + +#### Negative +- `OTLPConfig.Headers` is now typed as `any` in Go, requiring runtime type assertions wherever the field is read; any code that directly accessed `Headers` as a `string` must be updated. +- Two valid input forms must be supported and tested throughout the deprecation window, increasing maintenance burden. + +#### Neutral +- JSON Schema is updated to `oneOf: [object, string]`, which may affect tooling that provides schema-based autocompletion. +- Non-string values inside the map are silently skipped with a debug log rather than producing a validation error; stricter validation may be desirable in future. + +--- + +## Part 2 — Normative Specification (RFC 2119) + +> The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHALL**, **SHALL NOT**, **SHOULD**, **SHOULD NOT**, **RECOMMENDED**, **MAY**, and **OPTIONAL** in this section are to be interpreted as described in [RFC 2119](https://www.rfc-editor.org/rfc/rfc2119). + +### Header Field Schema + +1. The `observability.otlp.headers` field **MUST** accept both a string value and an object (map of string keys to string values). +2. The JSON schema for this field **MUST** express the two accepted types using `oneOf` with separate sub-schemas for the object form and the string form. +3. The object form **MUST** be listed first in the `oneOf` array and **MUST** be the documented preferred form. + +### Normalization + +1. Implementations **MUST** convert the headers value (regardless of input form) into the `key=value,...` format before injecting it as `OTEL_EXPORTER_OTLP_HEADERS`. +2. When the headers value is a map, implementations **MUST** produce a deterministic output by sorting keys lexicographically. +3. When a map entry's value is not a string, implementations **MUST NOT** include that entry in the normalized output and **SHOULD** emit a debug-level log message identifying the skipped key. +4. When the headers value is a `nil`, empty string, or empty map, implementations **MUST** produce an empty string and **MUST NOT** inject the `OTEL_EXPORTER_OTLP_HEADERS` variable. + +### Deprecation + +1. When the string form is used, implementations **MUST** emit a deprecation warning to `stderr` directing authors to use the map form. +2. Implementations **MUST NOT** reject or fail compilation when the string form is provided; the string value **MUST** be passed through unchanged to `OTEL_EXPORTER_OTLP_HEADERS`. +3. Implementations **SHOULD NOT** remove the string form without a documented removal timeline and a major version bump. + +### Go Type Constraint + +1. The `OTLPConfig.Headers` struct field **MUST** be typed as `any` (Go `interface{}`). +2. All read sites of `OTLPConfig.Headers` **MUST** route through the `normalizeOTLPHeaders` helper rather than performing inline type assertions. + +### Conformance + +An implementation is considered conformant with this ADR if it satisfies all **MUST** and **MUST NOT** requirements above. Failure to meet any **MUST** or **MUST NOT** requirement constitutes non-conformance. + +--- + +*This is a DRAFT ADR generated by the [Design Decision Gate](https://github.com/github/gh-aw/actions/runs/24943747500) workflow. The PR author must review, complete, and finalize this document before the PR can merge.* diff --git a/docs/src/content/docs/reference/frontmatter-full.md b/docs/src/content/docs/reference/frontmatter-full.md index 701e785f5ba..e1af6c97afd 100644 --- a/docs/src/content/docs/reference/frontmatter-full.md +++ b/docs/src/content/docs/reference/frontmatter-full.md @@ -5777,11 +5777,20 @@ observability: # (optional) endpoint: "example-value" - # Comma-separated list of key=value HTTP headers to include with every OTLP export - # request (e.g. 'Authorization=Bearer '). Supports GitHub Actions - # expressions such as ${{ secrets.OTLP_HEADERS }}. Injected as the - # OTEL_EXPORTER_OTLP_HEADERS environment variable. # (optional) + # This field supports multiple formats (oneOf): + + # Option 1: Map of HTTP header names to values to include with every OTLP export + # request. Values support GitHub Actions expressions such as ${{ secrets.TOKEN }}. + # Injected as the OTEL_EXPORTER_OTLP_HEADERS environment variable. + headers: + {} + + # Option 2: Deprecated: use the map form instead. Comma-separated list of + # key=value HTTP headers to include with every OTLP export request (e.g. + # 'Authorization=Bearer '). Supports GitHub Actions expressions such as ${{ + # secrets.OTLP_HEADERS }}. Injected as the OTEL_EXPORTER_OTLP_HEADERS environment + # variable. headers: "example-value" # Allow list of bot identifiers that can trigger the workflow even if they don't diff --git a/pkg/parser/schemas/main_workflow_schema.json b/pkg/parser/schemas/main_workflow_schema.json index 8a23647f3b3..7f3b02f5e50 100644 --- a/pkg/parser/schemas/main_workflow_schema.json +++ b/pkg/parser/schemas/main_workflow_schema.json @@ -8675,8 +8675,19 @@ "description": "OTLP collector endpoint URL (e.g. 'https://traces.example.com:4317'). Supports GitHub Actions expressions such as ${{ secrets.OTLP_ENDPOINT }}. When a static URL is provided, its hostname is automatically added to the network firewall allowlist." }, "headers": { - "type": "string", - "description": "Comma-separated list of key=value HTTP headers to include with every OTLP export request (e.g. 'Authorization=Bearer '). Supports GitHub Actions expressions such as ${{ secrets.OTLP_HEADERS }}. Injected as the OTEL_EXPORTER_OTLP_HEADERS environment variable." + "oneOf": [ + { + "type": "object", + "description": "Map of HTTP header names to values to include with every OTLP export request. Values support GitHub Actions expressions such as ${{ secrets.TOKEN }}. Injected as the OTEL_EXPORTER_OTLP_HEADERS environment variable.", + "additionalProperties": { + "type": "string" + } + }, + { + "type": "string", + "description": "Deprecated: use the map form instead. Comma-separated list of key=value HTTP headers to include with every OTLP export request (e.g. 'Authorization=Bearer '). Supports GitHub Actions expressions such as ${{ secrets.OTLP_HEADERS }}. Injected as the OTEL_EXPORTER_OTLP_HEADERS environment variable." + } + ] } }, "additionalProperties": false diff --git a/pkg/workflow/compiler_types.go b/pkg/workflow/compiler_types.go index af40a4c48cd..23df55db696 100644 --- a/pkg/workflow/compiler_types.go +++ b/pkg/workflow/compiler_types.go @@ -491,6 +491,7 @@ type WorkflowData struct { ParsedFrontmatter *FrontmatterConfig // cached parsed frontmatter configuration (for performance optimization) RawFrontmatter map[string]any // raw parsed frontmatter map (for passing to hash functions without re-parsing) OTLPEndpoint string // resolved OTLP endpoint (from observability.otlp.endpoint, including imports; set by injectOTLPConfig) + OTLPHeaders string // normalized OTLP headers in key=value,key=value format (from observability.otlp.headers, including imports; set by injectOTLPConfig) ResolvedMCPServers map[string]any // fully merged mcp-servers from main workflow and all imports (for mcp inspect) ActionPinWarnings map[string]bool // cache of already-warned action pin failures (key: "repo@version") ActionMode ActionMode // action mode for workflow compilation (dev, release, script) diff --git a/pkg/workflow/frontmatter_types.go b/pkg/workflow/frontmatter_types.go index 35e5d653a2f..46761b4d185 100644 --- a/pkg/workflow/frontmatter_types.go +++ b/pkg/workflow/frontmatter_types.go @@ -122,11 +122,12 @@ type OTLPConfig struct { // network firewall allowlist. Endpoint string `json:"endpoint,omitempty"` - // Headers is a comma-separated list of key=value HTTP headers to include with - // every OTLP export request (e.g. "Authorization=Bearer "). - // Supports GitHub Actions expressions such as ${{ secrets.OTLP_HEADERS }}. - // Injected as the standard OTEL_EXPORTER_OTLP_HEADERS environment variable. - Headers string `json:"headers,omitempty"` + // Headers holds HTTP headers to include with every OTLP export request. + // Preferred form: a map of header name to value (e.g. {"Authorization": "Bearer ${{ secrets.TOKEN }}"}). + // Deprecated string form: a comma-separated list of key=value pairs + // (e.g. "Authorization=Bearer "). Use the map form instead. + // Both forms are injected as the standard OTEL_EXPORTER_OTLP_HEADERS environment variable. + Headers any `json:"headers,omitempty"` } // ObservabilityConfig represents workflow observability options. diff --git a/pkg/workflow/mcp_gateway_config.go b/pkg/workflow/mcp_gateway_config.go index f191b24a6a1..fd234c8b300 100644 --- a/pkg/workflow/mcp_gateway_config.go +++ b/pkg/workflow/mcp_gateway_config.go @@ -131,19 +131,9 @@ func buildMCPGatewayConfig(workflowData *WorkflowData) *MCPGatewayRuntimeConfig // Use ${...} syntax for environment variable references that will be resolved by the gateway at runtime // Per MCP Gateway Specification v1.0.0 section 4.2, variable expressions use "${VARIABLE_NAME}" syntax // - // OTLPEndpoint and OTLPHeaders are derived from workflowData.OTLPEndpoint and the raw - // frontmatter headers string. These compile-time values (including GitHub Actions - // expressions such as ${{ secrets.X }}) are written directly into the gateway config JSON. - var otlpHeaders string - if workflowData.OTLPEndpoint != "" { - // Read headers from raw frontmatter (same source as injectOTLPConfig) - _, otlpHeaders = extractOTLPConfigFromRaw(workflowData.RawFrontmatter) - if otlpHeaders == "" && workflowData.ParsedFrontmatter != nil && - workflowData.ParsedFrontmatter.Observability != nil && - workflowData.ParsedFrontmatter.Observability.OTLP != nil { - otlpHeaders = workflowData.ParsedFrontmatter.Observability.OTLP.Headers - } - } + // OTLPEndpoint and OTLPHeaders are read from workflowData fields set by injectOTLPConfig. + // These compile-time values (including GitHub Actions expressions such as ${{ secrets.X }}) + // are written directly into the gateway config JSON. return &MCPGatewayRuntimeConfig{ Port: int(DefaultMCPGatewayPort), // Will be formatted as "${MCP_GATEWAY_PORT}" in renderer Domain: "${MCP_GATEWAY_DOMAIN}", // Gateway variable expression @@ -153,12 +143,11 @@ func buildMCPGatewayConfig(workflowData *WorkflowData) *MCPGatewayRuntimeConfig PayloadSizeThreshold: payloadSizeThreshold, // Size threshold in bytes TrustedBots: workflowData.SandboxConfig.MCP.TrustedBots, // Additional trusted bot identities from frontmatter KeepaliveInterval: workflowData.SandboxConfig.MCP.KeepaliveInterval, // Keepalive interval from frontmatter (0=default, -1=disabled, >0=custom) - // OTLPEndpoint and OTLPHeaders are set from workflowData.OTLPEndpoint which is the - // fully resolved OTLP endpoint (including imports) set by injectOTLPConfig. Using - // these fields ensures gateway OTLP config honours observability defined in imported - // shared workflows. + // OTLPEndpoint and OTLPHeaders are set from workflowData by injectOTLPConfig, which is + // the fully resolved OTLP config (including imports). Using these fields ensures gateway + // OTLP config honours observability defined in imported shared workflows. OTLPEndpoint: workflowData.OTLPEndpoint, - OTLPHeaders: otlpHeaders, + OTLPHeaders: workflowData.OTLPHeaders, } } diff --git a/pkg/workflow/observability_job_summary_test.go b/pkg/workflow/observability_job_summary_test.go index 10191dc810f..56fb1a774c3 100644 --- a/pkg/workflow/observability_job_summary_test.go +++ b/pkg/workflow/observability_job_summary_test.go @@ -139,7 +139,7 @@ imports: } // TestCompileWorkflow_MasksOTLPHeadersWhenConfigured verifies that the compiled -// workflow includes a ::add-mask:: step for OTEL_EXPORTER_OTLP_HEADERS in all +// workflow includes a masking step that calls mask_otlp_headers.sh in all // relevant jobs when headers are configured. func TestCompileWorkflow_MasksOTLPHeadersWhenConfigured(t *testing.T) { tmpDir := t.TempDir() @@ -175,15 +175,12 @@ engine: copilot compiled := string(lockContent) - // The ::add-mask:: step must appear in the compiled YAML + // The masking step must appear in the compiled YAML and delegate to the .sh script. if !strings.Contains(compiled, "- name: Mask OTLP telemetry headers") { t.Fatal("Expected OTLP headers masking step to be generated when headers are configured") } - if !strings.Contains(compiled, "::add-mask::") { - t.Fatal("Expected ::add-mask:: command for OTEL_EXPORTER_OTLP_HEADERS") - } - if !strings.Contains(compiled, "$OTEL_EXPORTER_OTLP_HEADERS") { - t.Fatal("Expected OTEL_EXPORTER_OTLP_HEADERS env var reference in masking step") + if !strings.Contains(compiled, "mask_otlp_headers.sh") { + t.Fatal("Expected masking step to delegate to mask_otlp_headers.sh") } // The masking step must appear in both the activation job and the agent job. diff --git a/pkg/workflow/observability_otlp.go b/pkg/workflow/observability_otlp.go index b6b5fe0be8b..c8288c7b9a1 100644 --- a/pkg/workflow/observability_otlp.go +++ b/pkg/workflow/observability_otlp.go @@ -3,13 +3,60 @@ package workflow import ( "fmt" "net/url" + "os" + "sort" "strings" + "github.com/github/gh-aw/pkg/console" "github.com/github/gh-aw/pkg/logger" ) var otlpLog = logger.New("workflow:observability_otlp") +// normalizeOTLPHeaders converts the headers field value (which may be a string or a map) +// into the comma-separated key=value format required by OTEL_EXPORTER_OTLP_HEADERS. +// +// The second return value is true when the deprecated string form was used, so callers +// can emit a deprecation warning. +// +// String form (deprecated): "Authorization=Bearer tok,X-Tenant=acme" +// Map form (preferred): map[string]any{"Authorization": "Bearer tok", "X-Tenant": "acme"} +func normalizeOTLPHeaders(raw any) (string, bool) { + if raw == nil { + return "", false + } + switch v := raw.(type) { + case string: + if v == "" { + return "", false + } + return v, true // string form is deprecated + case map[string]any: + if len(v) == 0 { + return "", false + } + // Sort keys for deterministic output + keys := make([]string, 0, len(v)) + for k := range v { + keys = append(keys, k) + } + sort.Strings(keys) + var parts []string + for _, k := range keys { + val, ok := v[k].(string) + if !ok { + otlpLog.Printf("OTLP headers map: value for key %q is not a string (got %T), skipping", k, v[k]) + continue + } + parts = append(parts, k+"="+val) + } + return strings.Join(parts, ","), false + default: + otlpLog.Printf("Unexpected type for OTLP headers: %T", raw) + return "", false + } +} + // extractOTLPEndpointDomain parses an OTLP endpoint URL and returns its hostname. // Returns an empty string when the endpoint is a GitHub Actions expression (which // cannot be resolved at compile time) or when the URL is otherwise invalid. @@ -59,22 +106,24 @@ func isOTLPHeadersPresent(data *WorkflowData) bool { return strings.Contains(data.Env, "OTEL_EXPORTER_OTLP_HEADERS") } -// generateOTLPHeadersMaskStep returns a GitHub Actions step that issues the -// ::add-mask:: workflow command for the OTEL_EXPORTER_OTLP_HEADERS environment -// variable. Masking the value causes the GitHub Actions runner to replace any -// subsequent occurrence of it in the job logs with "***", preventing authentication -// tokens from leaking even when runner debug logging is enabled. +// generateOTLPHeadersMaskStep returns a GitHub Actions step that runs +// mask_otlp_headers.sh to issue the ::add-mask:: workflow command for the +// OTEL_EXPORTER_OTLP_HEADERS environment variable. Masking the value causes the +// GitHub Actions runner to replace any subsequent occurrence of it in the job +// logs with "***", preventing authentication tokens from leaking even when runner +// debug logging is enabled. // -// The run command uses mixed quoting ('::add-mask::' followed by "$VAR") so that -// the prefix is treated as a literal string (safe from injection in the prefix) -// while the environment variable is still expanded at runtime. +// The script performs three levels of masking: +// 1. The entire OTEL_EXPORTER_OTLP_HEADERS value (comma-separated header pairs). +// 2. Each individual header value extracted from the pairs, so that a token +// appearing without its header name prefix is also redacted. +// 3. For Authorization-style "Bearer " credentials, the raw token after +// stripping the "Bearer " scheme prefix, so it is masked even when it appears +// without the scheme (e.g. in downstream tool logs). func generateOTLPHeadersMaskStep() string { var sb strings.Builder sb.WriteString(" - name: Mask OTLP telemetry headers\n") - // Use mixed quoting: single-quoted prefix concatenated with double-quoted variable - // so the ::add-mask:: prefix is never subject to shell word-splitting or glob expansion, - // and the variable value is expanded but not further interpreted. - sb.WriteString(" run: echo '::add-mask::'\"$OTEL_EXPORTER_OTLP_HEADERS\"\n") + sb.WriteString(" run: bash \"${RUNNER_TEMP}/gh-aw/actions/mask_otlp_headers.sh\"\n") return sb.String() } @@ -83,7 +132,10 @@ func generateOTLPHeadersMaskStep() string { // succeeding -- that function may fail for workflows with complex tool configurations // (e.g. engine objects, array-style bash configs), which would leave ParsedFrontmatter // nil and prevent OTLP injection. -func extractOTLPConfigFromRaw(frontmatter map[string]any) (endpoint, headers string) { +// +// The third return value is true when the deprecated string form was used for headers, +// so the caller can emit a deprecation warning. +func extractOTLPConfigFromRaw(frontmatter map[string]any) (endpoint, headers string, deprecated bool) { obs, ok := frontmatter["observability"] if !ok { return @@ -103,8 +155,8 @@ func extractOTLPConfigFromRaw(frontmatter map[string]any) (endpoint, headers str if ep, ok := otlpMap["endpoint"].(string); ok { endpoint = ep } - if h, ok := otlpMap["headers"].(string); ok { - headers = h + if raw, ok := otlpMap["headers"]; ok { + headers, deprecated = normalizeOTLPHeaders(raw) } return } @@ -123,7 +175,7 @@ func extractOTLPConfigFromRaw(frontmatter map[string]any) (endpoint, headers str func (c *Compiler) injectOTLPConfig(workflowData *WorkflowData) { // Read OTLP config from the raw frontmatter map so that injection works even // when ParseFrontmatterConfig failed (e.g. due to complex tool configs). - endpoint, headers := extractOTLPConfigFromRaw(workflowData.RawFrontmatter) + endpoint, headers, deprecated := extractOTLPConfigFromRaw(workflowData.RawFrontmatter) // Fall back to ParsedFrontmatter when the raw map didn't yield an endpoint. if endpoint == "" { @@ -153,8 +205,20 @@ func (c *Compiler) injectOTLPConfig(workflowData *WorkflowData) { if headers == "" && workflowData.ParsedFrontmatter != nil && workflowData.ParsedFrontmatter.Observability != nil && workflowData.ParsedFrontmatter.Observability.OTLP != nil { - headers = workflowData.ParsedFrontmatter.Observability.OTLP.Headers + var parsedDeprecated bool + headers, parsedDeprecated = normalizeOTLPHeaders(workflowData.ParsedFrontmatter.Observability.OTLP.Headers) + if parsedDeprecated { + deprecated = true + } } + + // Emit the deprecation warning once after resolving headers from all sources. + if deprecated { + fmt.Fprintln(os.Stderr, console.FormatWarningMessage( + "observability.otlp.headers: string form is deprecated. Use the map form instead (e.g. headers: {Authorization: \"Bearer ${{ secrets.TOKEN }}\"})", + )) + } + if headers != "" { otlpEnvLines += "\n OTEL_EXPORTER_OTLP_HEADERS: " + headers otlpLog.Printf("Injected OTEL_EXPORTER_OTLP_HEADERS env var") @@ -167,8 +231,9 @@ func (c *Compiler) injectOTLPConfig(workflowData *WorkflowData) { } otlpLog.Printf("Injected OTEL env vars into workflow env block") - // Store the resolved endpoint so downstream code (mcp_gateway_config, mcp_setup_generator) - // can use workflowData.OTLPEndpoint as the single source of truth instead of - // re-reading raw frontmatter independently. + // Store the resolved endpoint and headers so downstream code (mcp_gateway_config, + // mcp_setup_generator) can use workflowData.OTLPEndpoint / OTLPHeaders as the single + // source of truth instead of re-reading raw frontmatter independently. workflowData.OTLPEndpoint = endpoint + workflowData.OTLPHeaders = headers } diff --git a/pkg/workflow/observability_otlp_test.go b/pkg/workflow/observability_otlp_test.go index 163474ae743..969d9664e41 100644 --- a/pkg/workflow/observability_otlp_test.go +++ b/pkg/workflow/observability_otlp_test.go @@ -396,7 +396,9 @@ func TestObservabilityConfigParsing(t *testing.T) { require.NotNil(t, config.Observability, "Observability should not be nil") require.NotNil(t, config.Observability.OTLP, "OTLP should not be nil") assert.Equal(t, tt.expectedEndpoint, config.Observability.OTLP.Endpoint, "Endpoint should match") - assert.Equal(t, tt.expectedHeaders, config.Observability.OTLP.Headers, "Headers should match") + // Normalize Headers (any) to string for comparison + normalizedHeaders, _ := normalizeOTLPHeaders(config.Observability.OTLP.Headers) + assert.Equal(t, tt.expectedHeaders, normalizedHeaders, "Headers should match") }) } } @@ -404,10 +406,11 @@ func TestObservabilityConfigParsing(t *testing.T) { // TestExtractOTLPConfigFromRaw verifies direct raw-frontmatter OTLP extraction. func TestExtractOTLPConfigFromRaw(t *testing.T) { tests := []struct { - name string - frontmatter map[string]any - wantEndpoint string - wantHeaders string + name string + frontmatter map[string]any + wantEndpoint string + wantHeaders string + wantDeprecated bool }{ { name: "nil frontmatter", @@ -444,7 +447,7 @@ func TestExtractOTLPConfigFromRaw(t *testing.T) { wantEndpoint: "${{ secrets.GH_AW_OTEL_ENDPOINT }}", }, { - name: "observability.otlp with endpoint and headers", + name: "observability.otlp with endpoint and string headers (deprecated)", frontmatter: map[string]any{ "observability": map[string]any{ "otlp": map[string]any{ @@ -453,11 +456,12 @@ func TestExtractOTLPConfigFromRaw(t *testing.T) { }, }, }, - wantEndpoint: "https://traces.example.com", - wantHeaders: "${{ secrets.GH_AW_OTEL_HEADERS }}", + wantEndpoint: "https://traces.example.com", + wantHeaders: "${{ secrets.GH_AW_OTEL_HEADERS }}", + wantDeprecated: true, }, { - name: "Sentry-style header with space in value", + name: "Sentry-style header with space in value (deprecated string form)", frontmatter: map[string]any{ "observability": map[string]any{ "otlp": map[string]any{ @@ -466,16 +470,32 @@ func TestExtractOTLPConfigFromRaw(t *testing.T) { }, }, }, - wantEndpoint: "https://sentry.io/api/123/envelope/", - wantHeaders: "x-sentry-auth=Sentry sentry_key=abc123", + wantEndpoint: "https://sentry.io/api/123/envelope/", + wantHeaders: "x-sentry-auth=Sentry sentry_key=abc123", + wantDeprecated: true, + }, + { + name: "observability.otlp with endpoint and map headers (not deprecated)", + frontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{"Authorization": "Bearer tok"}, + }, + }, + }, + wantEndpoint: "https://traces.example.com", + wantHeaders: "Authorization=Bearer tok", + wantDeprecated: false, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - gotEndpoint, gotHeaders := extractOTLPConfigFromRaw(tt.frontmatter) + gotEndpoint, gotHeaders, gotDeprecated := extractOTLPConfigFromRaw(tt.frontmatter) assert.Equal(t, tt.wantEndpoint, gotEndpoint, "endpoint") assert.Equal(t, tt.wantHeaders, gotHeaders, "headers") + assert.Equal(t, tt.wantDeprecated, gotDeprecated, "deprecated") }) } } @@ -569,14 +589,13 @@ func TestIsOTLPHeadersPresent(t *testing.T) { } // TestGenerateOTLPHeadersMaskStep verifies that generateOTLPHeadersMaskStep -// emits a step that uses the ::add-mask:: workflow command. +// emits a step that delegates to mask_otlp_headers.sh. func TestGenerateOTLPHeadersMaskStep(t *testing.T) { step := generateOTLPHeadersMaskStep() assert.Contains(t, step, "- name: Mask OTLP telemetry headers", "should have the masking step name") - assert.Contains(t, step, "::add-mask::", "should emit the ::add-mask:: workflow command") - assert.Contains(t, step, "$OTEL_EXPORTER_OTLP_HEADERS", "should reference the headers env var") - assert.Contains(t, step, "echo", "should use echo to emit the mask command") + assert.Contains(t, step, "mask_otlp_headers.sh", "should delegate to the mask_otlp_headers.sh script") + assert.Contains(t, step, "${RUNNER_TEMP}/gh-aw/actions/", "should reference the runtime actions directory") } // TestInjectOTLPConfig_HeadersPresenceAfterInjection verifies that @@ -661,3 +680,305 @@ func TestInjectOTLPConfig_OTLPEndpointField(t *testing.T) { assert.Contains(t, wd.Env, "OTEL_EXPORTER_OTLP_ENDPOINT:", "env var should be injected") }) } + +// TestInjectOTLPConfig_OTLPHeadersField verifies that injectOTLPConfig sets workflowData.OTLPHeaders +// so that buildMCPGatewayConfig can read it directly instead of re-reading raw frontmatter. +func TestInjectOTLPConfig_OTLPHeadersField(t *testing.T) { + c := &Compiler{} + + t.Run("sets OTLPHeaders when headers are configured (map form)", func(t *testing.T) { + wd := &WorkflowData{ + RawFrontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{"Authorization": "Bearer tok", "X-Tenant": "acme"}, + }, + }, + }, + } + c.injectOTLPConfig(wd) + assert.Equal(t, "Authorization=Bearer tok,X-Tenant=acme", wd.OTLPHeaders, "OTLPHeaders should be set from map form") + }) + + t.Run("sets OTLPHeaders when headers are configured (string form)", func(t *testing.T) { + wd := &WorkflowData{ + RawFrontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": "Authorization=Bearer tok", + }, + }, + }, + } + c.injectOTLPConfig(wd) + assert.Equal(t, "Authorization=Bearer tok", wd.OTLPHeaders, "OTLPHeaders should be set from string form") + }) + + t.Run("OTLPHeaders is empty when no headers are configured", func(t *testing.T) { + wd := &WorkflowData{ + RawFrontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{"endpoint": "https://traces.example.com"}, + }, + }, + } + c.injectOTLPConfig(wd) + assert.Empty(t, wd.OTLPHeaders, "OTLPHeaders should be empty when no headers are configured") + }) +} + +// TestNormalizeOTLPHeaders verifies the normalizeOTLPHeaders helper function. +func TestNormalizeOTLPHeaders(t *testing.T) { + tests := []struct { + name string + input any + expectedHeaders string + expectedDeprecated bool + }{ + { + name: "nil returns empty non-deprecated", + input: nil, + expectedHeaders: "", + expectedDeprecated: false, + }, + { + name: "empty string returns empty non-deprecated", + input: "", + expectedHeaders: "", + expectedDeprecated: false, + }, + { + name: "non-empty string returns string as deprecated", + input: "Authorization=Bearer tok", + expectedHeaders: "Authorization=Bearer tok", + expectedDeprecated: true, + }, + { + name: "secret expression string is deprecated", + input: "${{ secrets.OTLP_HEADERS }}", + expectedHeaders: "${{ secrets.OTLP_HEADERS }}", + expectedDeprecated: true, + }, + { + name: "empty map returns empty non-deprecated", + input: map[string]any{}, + expectedHeaders: "", + expectedDeprecated: false, + }, + { + name: "single-entry map", + input: map[string]any{"Authorization": "Bearer tok"}, + expectedHeaders: "Authorization=Bearer tok", + }, + { + name: "multi-entry map sorts keys deterministically", + input: map[string]any{ + "X-Tenant": "acme", + "Authorization": "Bearer tok", + }, + expectedHeaders: "Authorization=Bearer tok,X-Tenant=acme", + }, + { + name: "map with secret expression value", + input: map[string]any{ + "Authorization": "${{ secrets.TOKEN }}", + "X-Tenant": "acme", + }, + expectedHeaders: "Authorization=${{ secrets.TOKEN }},X-Tenant=acme", + }, + { + name: "unsupported type returns empty non-deprecated", + input: 42, + expectedHeaders: "", + expectedDeprecated: false, + }, + { + name: "non-string map values are skipped", + input: map[string]any{ + "Authorization": "Bearer tok", + "bad-value": 123, // non-string: skipped + }, + expectedHeaders: "Authorization=Bearer tok", + expectedDeprecated: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + gotHeaders, gotDeprecated := normalizeOTLPHeaders(tt.input) + assert.Equal(t, tt.expectedHeaders, gotHeaders, "headers should match") + assert.Equal(t, tt.expectedDeprecated, gotDeprecated, "deprecated flag should match") + }) + } +} + +// TestInjectOTLPConfig_MapHeaders verifies that the map form for headers is supported. +func TestInjectOTLPConfig_MapHeaders(t *testing.T) { + t.Run("injects OTEL_EXPORTER_OTLP_HEADERS from map form", func(t *testing.T) { + c := &Compiler{} + wd := &WorkflowData{ + RawFrontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{ + "Authorization": "Bearer ${{ secrets.TOKEN }}", + "X-Tenant": "acme", + }, + }, + }, + }, + } + c.injectOTLPConfig(wd) + assert.Contains(t, wd.Env, "OTEL_EXPORTER_OTLP_HEADERS: Authorization=Bearer ${{ secrets.TOKEN }},X-Tenant=acme", + "headers should be serialised as sorted key=value pairs") + }) + + t.Run("map form with single header", func(t *testing.T) { + c := &Compiler{} + wd := &WorkflowData{ + RawFrontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{ + "api-key": "${{ secrets.API_KEY }}", + }, + }, + }, + }, + } + c.injectOTLPConfig(wd) + assert.Contains(t, wd.Env, "OTEL_EXPORTER_OTLP_HEADERS: api-key=${{ secrets.API_KEY }}") + }) + + t.Run("map form via ParsedFrontmatter fallback", func(t *testing.T) { + c := &Compiler{} + wd := &WorkflowData{ + ParsedFrontmatter: &FrontmatterConfig{ + Observability: &ObservabilityConfig{ + OTLP: &OTLPConfig{ + Endpoint: "https://traces.example.com", + Headers: map[string]any{ + "Authorization": "Bearer tok", + }, + }, + }, + }, + } + c.injectOTLPConfig(wd) + assert.Contains(t, wd.Env, "OTEL_EXPORTER_OTLP_HEADERS: Authorization=Bearer tok", + "map headers should work via ParsedFrontmatter fallback") + }) +} + +// TestExtractOTLPConfigFromRaw_MapHeaders verifies map-form headers in extractOTLPConfigFromRaw. +func TestExtractOTLPConfigFromRaw_MapHeaders(t *testing.T) { + tests := []struct { + name string + frontmatter map[string]any + wantEndpoint string + wantHeaders string + }{ + { + name: "map form with multiple headers sorted", + frontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{ + "X-Tenant": "acme", + "Authorization": "Bearer tok", + }, + }, + }, + }, + wantEndpoint: "https://traces.example.com", + wantHeaders: "Authorization=Bearer tok,X-Tenant=acme", + }, + { + name: "map form with secret expression value", + frontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{ + "Authorization": "${{ secrets.TOKEN }}", + }, + }, + }, + }, + wantEndpoint: "https://traces.example.com", + wantHeaders: "Authorization=${{ secrets.TOKEN }}", + }, + { + name: "empty map produces no headers", + frontmatter: map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{}, + }, + }, + }, + wantEndpoint: "https://traces.example.com", + wantHeaders: "", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + gotEndpoint, gotHeaders, _ := extractOTLPConfigFromRaw(tt.frontmatter) + assert.Equal(t, tt.wantEndpoint, gotEndpoint, "endpoint") + assert.Equal(t, tt.wantHeaders, gotHeaders, "headers") + }) + } +} + +// correctly parsed by ParseFrontmatterConfig. +func TestObservabilityConfigParsing_MapHeaders(t *testing.T) { + t.Run("map headers parsed as any type", func(t *testing.T) { + frontmatter := map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": map[string]any{ + "Authorization": "Bearer tok", + "X-Tenant": "acme", + }, + }, + }, + } + config, err := ParseFrontmatterConfig(frontmatter) + require.NoError(t, err, "ParseFrontmatterConfig should not fail") + require.NotNil(t, config.Observability) + require.NotNil(t, config.Observability.OTLP) + assert.Equal(t, "https://traces.example.com", config.Observability.OTLP.Endpoint) + + // The Headers field should hold the map as-is + headersMap, ok := config.Observability.OTLP.Headers.(map[string]any) + require.True(t, ok, "Headers should be a map[string]any when map form is used") + assert.Equal(t, "Bearer tok", headersMap["Authorization"]) + assert.Equal(t, "acme", headersMap["X-Tenant"]) + }) + + t.Run("string headers parsed as any string", func(t *testing.T) { + frontmatter := map[string]any{ + "observability": map[string]any{ + "otlp": map[string]any{ + "endpoint": "https://traces.example.com", + "headers": "Authorization=Bearer tok", + }, + }, + } + config, err := ParseFrontmatterConfig(frontmatter) + require.NoError(t, err, "ParseFrontmatterConfig should not fail") + require.NotNil(t, config.Observability) + require.NotNil(t, config.Observability.OTLP) + headersStr, ok := config.Observability.OTLP.Headers.(string) + require.True(t, ok, "Headers should be a string when string form is used") + assert.Equal(t, "Authorization=Bearer tok", headersStr) + }) +}