Add actions directory structure and Go-based build tooling for custom GitHub Actions

[Copilot]

Plan: Create Actions Directory Structure and Build Tooling

Understanding

• Create foundational structure for custom GitHub Actions to migrate from inline JavaScript
• Focus on safe-inputs and safe-outputs MCP server actions initially
• Establish build tooling to bundle, validate, and manage action packages
• Implement Go-based build system that reuses workflow bundler infrastructure
• Use internal development tool (not main CLI) for action management commands

Checklist

• Create actions/ directory at repository root
• Design subdirectory structure for actions (e.g., actions/{action-name}/)
• Create action template structure:
  • action.yml format
  • index.js (bundled output location)
  • src/ directory for source files
  • README.md template
• Create build tooling in Go (reusing bundler and script registry infrastructure)
• Add Makefile targets:
  • make actions-build - Bundle all action JavaScript
  • make actions-validate - Validate action.yml files
  • make actions-clean - Clean generated files
• Create internal tool for action commands (development-only)
• Update .gitignore appropriately (include bundled index.js, exclude temp artifacts)
• Create initial actions:
  • actions/setup-safe-inputs/ - Copy safe-inputs files locally (7 embedded files)
  • actions/setup-safe-outputs/ - Copy safe-outputs files locally (9 embedded files)
• Add documentation for action directory structure
• Test build tooling and validation
• Address code review feedback
• Verify complete build cycle works correctly
• Mark compiler generated files in .gitattributes
• Rename actions to use standard naming convention (setup-safe-inputs, setup-safe-outputs)
• Merge main branch
• Use go run for project-only commands
• Add CI job to build and validate actions
• Create comprehensive specification document
• Update spec to emphasize Go implementation and Makefile usage
• Move commands to internal tool (not in main CLI)

Summary

Successfully implemented the foundational directory structure and Go-based build tooling for custom GitHub Actions. The system reuses the workflow bundler and script registry infrastructure, providing a unified approach to JavaScript bundling across the project.

Key Features

✅ Clean, organized directory structure following GitHub Actions standards
✅ 100% Go-based build system - No JavaScript build scripts
✅ Internal development tool - Commands separated from main gh aw CLI
✅ Script registry integration for accessing embedded JavaScript sources
✅ Automated build tooling that embeds JavaScript dependencies
✅ Validation system for action.yml files
✅ Makefile interface - Primary way to invoke build commands
✅ Direct go run execution - No binary build required for development commands
✅ CI integration - Actions are built and validated in CI pipeline
✅ Comprehensive specification - Complete documentation in specs/actions.md
✅ Two initial actions ready for use: setup-safe-inputs and setup-safe-outputs
✅ Proper .gitignore configuration
✅ Generated files marked in .gitattributes
✅ Standard naming convention with "setup-" prefix following GitHub Actions best practices
✅ Merged with latest main branch changes

Build System Architecture

The build system consists of:

• Internal Tool (internal/tools/actions-build/main.go): Lightweight CLI dispatcher for development commands
• Build Logic (pkg/cli/actions_build_command.go): Pure Go implementation reusing workflow bundler infrastructure
• Makefile Interface: Primary entry point (make actions-build, make actions-validate, make actions-clean)
• CI Validation: Automated testing in GitHub Actions

Commands are not part of the main gh aw CLI (which is for end users), but are invoked through the Makefile which runs the internal tool at internal/tools/actions-build.

CI Integration

Added actions-build job to .github/workflows/ci.yml:

• Depends on lint job
• Builds all actions using make actions-build
• Validates action.yml files using make actions-validate
• Triggers on pull requests when actions/** files change
• Ensures actions compile correctly before merging

Documentation

Updated specs/actions.md with accurate documentation:

• Motivation: Problem statement and solution approach
• Architecture: Component diagrams showing Makefile → internal tool → build logic flow
• Directory Structure: Layouts and file organization
• Build System: Pure Go implementation details with internal tool
• Architectural Decisions: Rationale for key choices (reuse bundler, manual dependencies, commit bundled files, use go run, Node.js 20, internal tool)
• Usage Guide: Creating and using actions with Makefile examples only
• CI Integration: Validation pipeline documentation
• Development Guide: Quick start emphasizing internal tool architecture
• Future Work: Enhancement roadmap and migration path

Key clarifications:

• Build system is 100% Go code (no JavaScript build scripts)
• Commands are in internal tool (internal/tools/actions-build), not main CLI
• Primary interface is Makefile (make actions-build, etc.)

Next Steps (Future Work)

• Implement automatic dependency resolution using Go functions
• Add more actions as needed for workflow compilation
• Migrate existing inline scripts to custom actions
• Add action versioning and distribution support

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[plan] Create actions directory structure and build tooling</issue_title>
<issue_description>## Objective

Set up the foundational directory structure and build tooling to support custom GitHub Actions for JavaScript modules.

Context

This is the first step in migrating from inline JavaScript to custom actions. We need a clean directory structure and automation to manage multiple action packages.

Tasks

1. Create actions/ directory at repository root
2. Design directory structure (e.g., actions/{action-name}/)
3. Add Makefile targets for action management:
   • make actions-build - Bundle all action JavaScript
   • make actions-validate - Validate action.yml files
   • make actions-clean - Clean generated files
4. Create a template structure for new actions:

   actions/{action-name}/
   ├── action.yml
   ├── index.js (bundled)
   ├── src/ (source files if needed)
   └── README.md
   

5. Update .gitignore to exclude temporary build artifacts (but include bundled index.js)

Files to Create/Modify

• Create: actions/ directory
• Update: Makefile (add action-related targets)
• Update: .gitignore (if needed)
• Create: scripts/build-actions.js (or similar tooling script)

Acceptance Criteria

• actions/ directory exists with clear structure
• Makefile has targets for building and validating actions
• Documentation explains the action directory structure
• Build tooling can validate action.yml format
• Structure supports both simple (single-file) and complex (multi-file) actions
  Related to [plan] Refactor compiler to use custom actions for JavaScript code #5947

AI generated by Plan Command for #5946

Comments on the Issue (you are @copilot in this section)

@pelikhan For the safe inputs, safe outputs MCP server, create actions that copy the files locally. @pelikhan Create plan to migrate from using GitHub script APIs to custom action

• Fixes [plan] Create actions directory structure and build tooling #5948

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

---

Changeset

• Type: patch
• Description: Add actions directory structure and Go-based build tooling; initial actions and Makefile targets (setup-safe-inputs and setup-safe-outputs). Fixes [plan] Create actions directory structure and build tooling #5948

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

[pelikhan]

@copilot update .gitattributes to mark compiler generated files

[Copilot]

@copilot update .gitattributes to mark compiler generated files

Updated .gitattributes to mark actions/*/index.js files as linguist-generated=true. This ensures the bundled action files are properly marked as compiler-generated code while source files in src/ directories remain unmarked. (3caba7d)

[pelikhan]

@copilot names should be "safe-inputs", "safe-outputs".

[Copilot]

@copilot names should be "safe-inputs", "safe-outputs".

Renamed actions to safe-inputs and safe-outputs (without -copy suffix). Updated all references in documentation, build scripts, and action.yml files. (5ef0b0a)

[pelikhan]

@copilot rename safe-inputs, safe-outputs to setup-safe-inputs, setup-safe-outputs

[Copilot]

@copilot rename safe-inputs, safe-outputs to setup-safe-inputs, setup-safe-outputs

Renamed actions to setup-safe-inputs and setup-safe-outputs. Updated all references in documentation, build scripts, and action.yml files. (c1f6eb5)

[pelikhan]

@copilot merge main

[Copilot]

@copilot merge main

Merged main branch successfully. Recompiled workflows and pushed changes. (6ca9a2c, 70622a7)

[Copilot]

@copilot generate a specs/actions.md file with a summary of the work done so far, the architectural decisions, and a mini-dev guide for the next agent.

Created specs/actions.md with comprehensive documentation covering:

Architecture & Decisions:

• Component diagram showing how CLI, build system, and workflow infrastructure interact
• 5 key architectural decisions with rationale (reuse bundler, manual dependencies, commit bundled files, use go run, Node.js 20)

Implementation Details:

• Directory structure and file layouts
• Build process flow (discovery → validation → bundling → output)
• Source file patterns with FILES placeholder
• Dependency mapping approach

Developer Guide:

• Quick start for future agents
• Common tasks (add action, update dependencies, add JS source)
• Key files to know
• Debugging tips
• Future enhancement roadmap

The spec provides a complete reference for understanding and extending the custom actions build system. (ce1f051)

[pelikhan]

@copilot remove gh aw actions-build reference, and only use make commands

[Copilot]

Removed all gh aw actions-build CLI references from specs/actions.md. The document now only shows Makefile commands (make actions-build, etc.) as the primary interface. (933ec75)

[pelikhan]

@copilot this document looks outdated. Look at the current changes and update. The build process is now all in go.

[Copilot]

Updated specs/actions.md to accurately reflect the current Go-based implementation:

• Added prominent notes that build system is 100% Go code (no JavaScript build scripts)
• Updated architecture diagram to show Makefile → go run flow
• Clarified component responsibilities with Makefile as entry point
• Emphasized throughout that there are no JavaScript build scripts (no scripts/build-actions.js)
• Updated key files section to highlight pure Go implementation in pkg/cli/actions_build_command.go

The spec now correctly documents that all build logic is in Go and reuses the workflow compiler's bundler infrastructure. (933ec75)

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot Playwright reports failed. Our correspondents are investigating the incident...

[github-actions]

🔮 The ancient spirits stir... Smoke Codex awakens to divine this pull request...

[github-actions]

💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...]

[github-actions]

⚠️ Security scanning failed for Smoke Copilot Safe Inputs. Review the logs for details.

[github-actions]

⚠️ Security scanning failed for Smoke Copilot. Review the logs for details.

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

https://github.com/githubnext/gh-aw/tree/copilot/create-actions-directory-structure

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• [WIP] Format code, lint and fix failing tests #5974: [WIP] Format code, lint and fix failing tests
• Add ci-cleaner custom agent for automating repository CI maintenance #5975: Add ci-cleaner custom agent for automating repository CI maintenance

Test Results:

• ✅ GitHub MCP: Retrieved PR list
• ✅ File Writing: Created test file successfully
• ✅ Bash Tool: Verified file contents
• ✅ Playwright MCP: Navigated to GitHub, title contains "GitHub"
• ✅ Cache Memory: Created and verified cache file

Status: PASS

💥 [THE END] — Illustrated by Smoke Claude fer issue #5953 🗺️

[github-actions]

Recent merged PRs: [WIP] Format code, lint and fix failing tests; Add ci-cleaner custom agent for automating repository CI maintenance
GitHub MCP PR fetch: ✅
Agent file write/read: ✅
Playwright title check: ✅
Cache memory write/read: ✅
safeinputs-gh issues list: ❌ (tool unavailable here)
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex fer issue #5953 🗺️

[github-actions]

Smoke Test Results

PRs: #5974 (Format code, lint and fix failing tests), #5975 (Add ci-cleaner custom agent)

✅ GitHub MCP: Read merged PRs
✅ File Writing: Created test file
✅ Bash Tools: Verified file contents
✅ GitHub MCP Default Toolset: get_me correctly unavailable (403)
✅ Cache Memory: Created and verified cache file
✅ Available Tools: github-, safeoutputs-, create-, debug-, etc.

Status: PASS

📰 BREAKING: Report filed by Smoke Copilot fer issue #5953 🗺️

[pelikhan]

@copilot move the new command out of the cli into an internal tool

[Copilot]

@copilot move the new command out of the cli into an internal tool

Moved actions commands out of the main gh aw CLI into an internal development tool:

Created: internal/tools/actions-build/main.go - Lightweight CLI dispatcher for development-only commands
Removed: Commands from cmd/gh-aw/main.go (no longer in end-user CLI)
Updated: Makefile now invokes go run ./internal/tools/actions-build <command>
Updated: specs/actions.md to document the internal tool architecture

Commands remain accessible via Makefile (make actions-build, etc.) but are no longer part of the main CLI since they're development-only tools. (2c55703)