Consolidate safe-outputs into single job with file-based JavaScript bundling

[Copilot]

All safe outputs are now combined into a single safe_outputs job with multiple steps, reducing GitHub Actions job overhead while maintaining observability through step IDs. JavaScript files are written to disk and use relative require() paths (./file.cjs) to load local modules.

Summary

This PR consolidates all safe output operations into a single GitHub Actions job and implements file-based JavaScript that maximizes module reuse by writing files to disk and requiring them at runtime using local paths.

Key Changes

Consolidated Safe Outputs Job

• compiler_safe_output_jobs.go - Simplified to always use consolidated mode
• compiler_safe_outputs_consolidated.go - Contains the consolidated job builder with all env vars
• Deleted compiler_safe_output_jobs_individual.go - Individual job mode removed
• Removed all build*Job functions that created individual jobs (dead code cleanup)
• Updated 60+ test files to check for safe_outputs: job with step IDs

File-Based JavaScript with Script Inlining

The bundler now properly handles GitHub Script steps:

1. Main scripts are inlined - The entry point script (e.g., add_comment.cjs) is embedded directly in the YAML
2. Dependencies are written to disk - Helper modules are written to /tmp/gh-aw/scripts/ via a "Setup JavaScript files" step
3. require() paths are transformed - Relative requires (./helper.cjs) become absolute (/tmp/gh-aw/scripts/helper.cjs)
4. Top-level await is patched - await main(); becomes (async () => { await main(); })();
5. Globals are exposed - github-script globals are exposed on globalThis so required modules can access them:

   globalThis.github = github;
   globalThis.context = context;
   globalThis.core = core;
   globalThis.exec = exec;
   globalThis.io = io;

This approach works because:

• Inlining the main script gives it access to GitHub Script globals (github, context, core, etc.)
• The globals preamble makes these available to required modules via globalThis
• Dependencies are loaded from files via require() and can access globalThis.core, etc.

New Functions

• GetInlinedScriptForFileMode() - Gets and transforms the main script for inlining, adds globals preamble
• CollectScriptDependencies() - Collects only dependencies (not the main script) to write to disk

Benefits

• Reduced job overhead - Single job instead of multiple jobs
• Proper context access - Main script and dependencies can access github-script globals
• Maximizes module reuse - Shared helper modules are written once to disk
• CommonJS compatibility - Top-level await patterns work correctly

Original prompt

Improve the compiler to consolidate all safe-outputs in a single job instead of one job while keeping observability and existing logic. Do not break anything

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[pelikhan]

@copilot make consolidated the default, remove other modes, cleanup dead code

[Copilot]

@copilot make consolidated the default, remove other modes, cleanup dead code

Made consolidated the default and only mode, removed the Consolidated config flag, deleted compiler_safe_output_jobs_individual.go, and updated many tests. Some tests (~26) still need updates to fully work with the new consolidated job structure, but the core change is complete. Commit: adc502d

[pelikhan]

@copilot migrate mor tests

[pelikhan]

@copilot merge main and fix more tests

[pelikhan]

@copilot merge main and fix more tests

[Copilot]

@copilot migrate mor tests

Migrated all remaining tests to consolidated safe-outputs mode. All unit tests are now passing (0 failures). Added missing env vars (max-patch-size, commit-title-suffix, labels) and updated ~60+ test files. Commit: d2fef71

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[pelikhan]

@copilot when inlining a script in github-script, also add code to expose the builtin object of github-script on the global javascript object (core, github, context, exec)

See error https://github.com/githubnext/gh-aw/actions/runs/20345071226/job/58455290507

[Copilot]

@copilot when inlining a script in github-script, also add code to expose the builtin object of github-script on the global javascript object (core, github, context, exec)

See error https://github...

Added code to expose the github-script built-in objects on the global JavaScript object. When scripts are inlined, a preamble is now added that sets globalThis.github, globalThis.context, globalThis.core, globalThis.exec, and globalThis.io so that required modules can access these globals. Commit: 153d8ce

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/user
  • Triggering command: /usr/bin/gh gh api user --jq .login .git .git e/git-remote-https (http block)
  • Triggering command: /usr/bin/gh gh api user --jq .login ithub/workflows om/github/gitignore.git (http block)
  • Triggering command: /usr/bin/gh gh api user --jq .login /workflows -tests 2845a851855c06a6278e14f6d05fc1d67f8/log.json (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Mossaka]

This PR is adding more lines to each workflows and this isn't ideal since we are already at the limits of file sizes.

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

Copilot Engine Smoke Test Results

Last 2 Merged PRs:

• Consolidate git repository helper functions into centralized utilities #6876: Consolidate git repository helper functions into centralized utilities
• Add .invalid.yml cleanup to compile --purge #6877: Add .invalid.yml cleanup to compile --purge

Test Results:

• ✅ GitHub MCP: Fetched recent PRs successfully
• ✅ File Writing: Created test file in /tmp/gh-aw/agent/
• ✅ Bash Tool: Verified file creation with cat
• ✅ Default Toolset Restriction: get_me correctly failed (403 - not in default toolset)
• ✅ Cache Memory: Created and verified cache file

Overall Status: PASS

cc @pelikhan

📰 BREAKING: Report filed by Smoke Copilot fer issue #6806 🗺️

[github-actions]

Smoke Test Results

Last 2 merged PRs:

• Add .invalid.yml cleanup to compile --purge #6877: Add .invalid.yml cleanup to compile --purge
• Consolidate git repository helper functions into centralized utilities #6876: Consolidate git repository helper functions

✅ GitHub MCP - Retrieved last 2 PRs
✅ File Writing - Created /tmp/gh-aw/agent/smoke-test-copilot-20345669544.txt
✅ Bash Tool - Verified file contents
✅ Playwright MCP - Navigated to GitHub, title: "GitHub · Change is constant. GitHub keeps you ahead. · GitHub"
✅ Safe Input gh Tool - Listed 3 issues successfully

Overall: PASS

🤖 DIAGNOSTIC REPORT GENERATED BY Smoke Copilot No Firewall fer issue #6806 🗺️

[github-actions]

Smoke Test: Claude Engine - PASS

Recent PRs:

• Consolidate git repository helper functions into centralized utilities #6876: Consolidate git repository helper functions into centralized utilities
• Add .invalid.yml cleanup to compile --purge #6877: Add .invalid.yml cleanup to compile --purge

Test Results:

• ✅ GitHub MCP (list_pull_requests)
• ✅ File Writing (/tmp/gh-aw/agent/)
• ✅ Bash Tool (cat verification)
• ✅ Playwright MCP (github.com navigation, title verified)
• ✅ Cache Memory (/tmp/gh-aw/cache-memory/)
• ⚠️ Safe Input gh Tool (not available, reported via missing_tool)

Overall: PASS (5/6 tests passed, 1 tool not available)

💥 [THE END] — Illustrated by Smoke Claude fer issue #6806 🗺️

[github-actions]

PRs: Consolidate git repository helper functions into centralized utilities; Add .invalid.yml cleanup to compile --purge
GitHub MCP last 2 merged PRs: ✅
Agent file write/read: ✅
Cache memory write/read: ✅
Playwright title contains "GitHub": ✅
safeinputs-gh gh issues list --limit 3: ❌ (tool unavailable in env)
Overall: FAIL

🔮 The oracle has spoken through Smoke Codex fer issue #6806 🗺️