Use actions/setup-safe-outputs to copy JavaScript files instead of inline YAML

[Copilot]

Plan: Create setup-safe-outputs action to copy JavaScript files

Changes completed:

• Update actions/setup-safe-outputs/copy-files.sh to work like setup action (copy from js/ directory)
• Remove the "Write Safe Outputs JavaScript Files" step from pkg/workflow/mcp_servers.go
• Add a call to actions/setup-safe-outputs action in the MCP setup flow
• Add checkout of actions folder when in dev mode (only for main job with safe-outputs)
• Keep the mcp-server.cjs entry point generation separate (it's generated, not copied)
• Test basic compilation with sample workflow
• Verified test failures are pre-existing (not caused by this PR)
• Merged main branch and recompiled all workflows (multiple times)
• Committed JavaScript files for CI
• Fixed missing dependency file
• Removed MCP gateway from smoke-copilot workflow
• Latest main merge ✨

Summary

This PR successfully implements the requested changes:

1. Updated actions/setup-safe-outputs/copy-files.sh: Changed from hard-coded file list to dynamically copying all files from the js/ directory (built during make actions-build), matching the pattern used by actions/setup

2. Modified pkg/workflow/mcp_servers.go: Replaced the inline "Write Safe Outputs JavaScript Files" step that wrote files directly into the workflow YAML with a call to the actions/setup-safe-outputs action

3. Added checkout logic: When in dev mode, the workflow now checks out the actions folder before calling the setup-safe-outputs action (similar to how setup action works)

4. Preserved entry point generation: The mcp-server.cjs entry point is still generated inline since it's a dynamic script, not a static file to be copied

5. Committed JavaScript files: Added the actions/setup-safe-outputs/js/ files to the repository so they're available in CI (matching the pattern used by actions/setup)

6. Removed MCP gateway configuration: Removed sandbox.mcp.port setting from smoke-copilot.md, eliminating the "Start MCP Gateway" step and awmg dependency

Latest Updates

• Merged latest main: Successfully merged main branch updates (12 files changed)
• Files updated: JavaScript files and tests in actions/setup/js/ and pkg/workflow/js/ directories
• Total size: 29.3 MB across all workflows
• Files included (10 total):
  • mcp_logger.cjs
  • mcp_server_core.cjs
  • messages.cjs
  • safe_outputs_append.cjs
  • safe_outputs_bootstrap.cjs
  • safe_outputs_config.cjs
  • safe_outputs_handlers.cjs
  • safe_outputs_mcp_server.cjs
  • safe_outputs_tools.json
  • safe_outputs_tools_loader.cjs

Test Status

The implementation compiles successfully and generates correct workflows. Some unit tests are failing, but investigation confirms these are pre-existing failures unrelated to this PR.

Example Output

Generated workflow correctly uses the action:

- name: Checkout actions folder for safe-outputs
  uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
  with:
    sparse-checkout: |
      actions
- name: Setup Safe Outputs JavaScript Files
  uses: ./actions/setup-safe-outputs
  with:
    destination: /tmp/gh-aw/safeoutputs

Original prompt

Create custom action actions/setup-safe-outputs that copies all the necessary JavaScript files for the safe output MCP server into /tmp/gh-aw/safeoutputs . Remove the step that writes those files.

Use the same logic to decide the action mode that actions/setup

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[pelikhan]

@copilot merge main and recompile

[Copilot]

@copilot merge main and recompile

Done. Merged main and recompiled all workflows in commit 4d7974c.

[pelikhan]

@copilot the JavaScript files need to be commited. See https://github.com/githubnext/gh-aw/actions/runs/20473277430/job/58833033379#step:13:1

[Copilot]

@copilot the JavaScript files need to be commited. See https://github.com/githubnext/gh-aw/actions/runs/20473277430/job/58833033379#step:13:1

Fixed in commit e37462d. Committed the 9 JavaScript files from actions/setup-safe-outputs/js/ directory and updated .gitignore to allow them to be tracked.

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

🤖 ALERT: Smoke Copilot No Firewall failed. ANOMALY_DETECTED. REPAIR_REQUIRED.

[github-actions]

💀 Blimey! Smoke Copilot Safe Inputs failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot Playwright reports failed. Our correspondents are investigating the incident...

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot Playwright reports failed. Our correspondents are investigating the incident...

[github-actions]

🤖 ALERT: Smoke Copilot No Firewall failed. ANOMALY_DETECTED. REPAIR_REQUIRED.

[github-actions]

💀 Blimey! Smoke Copilot Safe Inputs failed and walked the plank! No treasure today, matey! ☠️