feat: Download releases from GitHub. (#17)

* feat: migrate AWF download to GitHub Releases and align checksum model

Replace the legacy DownloadPipelineArtifact@2 task (pipeline 2450, project 4x4)
for the AWF binary with a curl-based download from GitHub Releases at
github.com/github/gh-aw-firewall. Add a pinned AWF_VERSION constant in
common.rs with a {{ firewall_version }} template marker.

Also migrate the ado-aw compiler checksum verification from per-binary .sha256
files to checksums.txt with --ignore-missing, matching the gh-aw-firewall
publishing convention. Both standalone and 1ES templates are updated.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* test: add assertions for AWF GitHub Releases download and checksums.txt

Verify the standalone template no longer references ADO pipeline 2450 or
DownloadPipelineArtifact, and instead downloads AWF from GitHub Releases
with firewall_version marker and checksums.txt verification.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* docs: update release workflow and AGENTS.md for checksums.txt

Update release.yml to publish checksums.txt instead of per-binary .sha256
files. Add {{ firewall_version }} marker documentation to AGENTS.md and
update the Network Isolation section to reflect GitHub Releases for AWF.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: harden checksum verification and address review feedback

Add grep confirmation after sha256sum to ensure at least one file was
verified, preventing silent success on naming mismatches. Add compiled
output test asserting AWF GitHub Releases URL appears in final YAML.
Add clarifying comment for no-op firewall_version in 1ES compiler.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: jamesadevine

.github/workflows/release.yml

@@ -48,13 +48,13 @@ jobs:
           set -euo pipefail
           cd target/release
           cp ado-aw ado-aw-linux-x64
-          sha256sum ado-aw-linux-x64 > ado-aw-linux-x64.sha256
+          sha256sum ado-aw-linux-x64 > checksums.txt
 
       - name: Upload release assets
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           gh release upload ${{ needs.release-please.outputs.tag_name }} \
             target/release/ado-aw-linux-x64 \
-            target/release/ado-aw-linux-x64.sha256 \
+            target/release/checksums.txt \
             --clobber

AGENTS.md

@@ -592,7 +592,18 @@ The generated pipelines download the compiler binary from:
 https://github.com/githubnext/ado-aw/releases/download/v{VERSION}/ado-aw-linux-x64
 ```
 
-A SHA256 checksum file (`ado-aw-linux-x64.sha256`) is also downloaded and verified to ensure binary integrity. This replaces the previous approach of downloading from an internal ADO pipeline artifact.
+A `checksums.txt` file is also downloaded and verified via `sha256sum -c checksums.txt --ignore-missing` to ensure binary integrity.
+
+## {{ firewall_version }}
+
+Should be replaced with the pinned version of the AWF (Agentic Workflow Firewall) binary (defined as `AWF_VERSION` constant in `src/compile/common.rs`). This version is used to construct the GitHub Releases download URL for the AWF binary.
+
+The generated pipelines download the AWF binary from:
+```
+https://github.com/github/gh-aw-firewall/releases/download/v{VERSION}/awf-linux-x64
+```
+
+A `checksums.txt` file is also downloaded and verified via `sha256sum -c checksums.txt --ignore-missing` to ensure binary integrity.
 
 ### 1ES-Specific Template Markers
 
@@ -965,7 +976,7 @@ mcp-servers:
 
 Network isolation is provided by AWF (Agentic Workflow Firewall), which provides L7 (HTTP/HTTPS) egress control using Squid proxy and Docker containers. AWF restricts network access to a whitelist of approved domains.
 
-The `ado-aw` compiler binary is distributed via [GitHub Releases](https://github.com/githubnext/ado-aw/releases) with SHA256 checksum verification. The AWF binary is downloaded from an internal ADO pipeline (pipeline 2450, branch `ms/main`, artifact `gh-aw-firewall-linux-x64`). Docker is sourced via the `DockerInstaller@0` ADO task.
+The `ado-aw` compiler binary is distributed via [GitHub Releases](https://github.com/githubnext/ado-aw/releases) with SHA256 checksum verification. The AWF binary is distributed via [GitHub Releases](https://github.com/github/gh-aw-firewall/releases) with SHA256 checksum verification. Docker is sourced via the `DockerInstaller@0` ADO task.
 
 ### Default Allowed Domains
 

src/compile/common.rs

@@ -455,6 +455,11 @@ pub fn sanitize_filename(name: &str) -> String {
 /// Default pool name
 pub const DEFAULT_POOL: &str = "AZS-1ES-L-MMS-ubuntu-22.04";
 
+/// Version of the AWF (Agentic Workflow Firewall) binary to download from GitHub Releases.
+/// Update this when upgrading to a new AWF release.
+/// See: https://github.com/github/gh-aw-firewall/releases
+pub const AWF_VERSION: &str = "0.23.1";
+
 /// Generate source path for the execute command.
 ///
 /// Returns a path using `{{ workspace }}` as the base, which gets resolved

src/compile/onees.rs

@@ -17,7 +17,7 @@ use std::path::Path;
 
 use super::Compiler;
 use super::common::{
-    self, DEFAULT_POOL, compute_effective_workspace, generate_copilot_params,
+    self, AWF_VERSION, DEFAULT_POOL, compute_effective_workspace, generate_copilot_params,
     generate_checkout_self, generate_checkout_steps, generate_ci_trigger,
     generate_pipeline_path, generate_pipeline_resources, generate_pr_trigger,
     generate_repositories, generate_schedule, generate_source_path,
@@ -117,6 +117,8 @@ displayName: "Finalize""#,
         let compiler_version = env!("CARGO_PKG_VERSION");
         let replacements: Vec<(&str, &str)> = vec![
             ("{{ compiler_version }}", compiler_version),
+            // No-op for 1ES (template doesn't use AWF), but included for forward-compatibility
+            ("{{ firewall_version }}", AWF_VERSION),
             ("{{ pool }}", &pool),
             ("{{ schedule }}", &schedule),
             ("{{ pr_trigger }}", &pr_trigger),

src/compile/standalone.rs

@@ -14,7 +14,7 @@ use std::path::Path;
 
 use super::Compiler;
 use super::common::{
-    self, DEFAULT_POOL, compute_effective_workspace, generate_copilot_params,
+    self, AWF_VERSION, DEFAULT_POOL, compute_effective_workspace, generate_copilot_params,
     generate_cancel_previous_builds, generate_checkout_self, generate_checkout_steps,
     generate_ci_trigger, generate_pipeline_path, generate_pipeline_resources, generate_pr_trigger,
     generate_repositories, generate_schedule, generate_source_path, generate_working_directory,
@@ -123,6 +123,7 @@ impl Compiler for StandaloneCompiler {
         let compiler_version = env!("CARGO_PKG_VERSION");
         let replacements: Vec<(&str, &str)> = vec![
             ("{{ compiler_version }}", compiler_version),
+            ("{{ firewall_version }}", AWF_VERSION),
             ("{{ pool }}", &pool),
             ("{{ setup_job }}", &setup_job),
             ("{{ teardown_job }}", &teardown_job),

templates/1es-base.yml

@@ -58,16 +58,16 @@ extends:
                       COMPILER_VERSION="{{ compiler_version }}"
                       DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler"
                       DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64"
-                      CHECKSUM_URL="${DOWNLOAD_URL}.sha256"
+                      CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt"
 
                       mkdir -p "$DOWNLOAD_DIR"
                       echo "Downloading ado-aw v${COMPILER_VERSION} from GitHub Releases..."
                       curl -fsSL -o "$DOWNLOAD_DIR/ado-aw-linux-x64" "$DOWNLOAD_URL"
-                      curl -fsSL -o "$DOWNLOAD_DIR/ado-aw-linux-x64.sha256" "$CHECKSUM_URL"
+                      curl -fsSL -o "$DOWNLOAD_DIR/checksums.txt" "$CHECKSUM_URL"
 
                       echo "Verifying checksum..."
                       cd "$DOWNLOAD_DIR"
-                      sha256sum --check ado-aw-linux-x64.sha256
+                      sha256sum -c checksums.txt --ignore-missing | grep -q ": OK"
                       mv ado-aw-linux-x64 ado-aw
                       chmod +x ado-aw
                     displayName: "Download agentic pipeline compiler (v{{ compiler_version }})"
@@ -171,16 +171,16 @@ extends:
                   COMPILER_VERSION="{{ compiler_version }}"
                   DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler"
                   DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64"
-                  CHECKSUM_URL="${DOWNLOAD_URL}.sha256"
+                  CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt"
 
                   mkdir -p "$DOWNLOAD_DIR"
                   echo "Downloading ado-aw v${COMPILER_VERSION} from GitHub Releases..."
                   curl -fsSL -o "$DOWNLOAD_DIR/ado-aw-linux-x64" "$DOWNLOAD_URL"
-                  curl -fsSL -o "$DOWNLOAD_DIR/ado-aw-linux-x64.sha256" "$CHECKSUM_URL"
+                  curl -fsSL -o "$DOWNLOAD_DIR/checksums.txt" "$CHECKSUM_URL"
 
                   echo "Verifying checksum..."
                   cd "$DOWNLOAD_DIR"
-                  sha256sum --check ado-aw-linux-x64.sha256
+                  sha256sum -c checksums.txt --ignore-missing | grep -q ": OK"
                   mv ado-aw-linux-x64 ado-aw
                   chmod +x ado-aw
                 displayName: "Download agentic pipeline compiler (v{{ compiler_version }})"
@@ -315,16 +315,16 @@ extends:
                   COMPILER_VERSION="{{ compiler_version }}"
                   DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler"
                   DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64"
-                  CHECKSUM_URL="${DOWNLOAD_URL}.sha256"
+                  CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt"
 
                   mkdir -p "$DOWNLOAD_DIR"
                   echo "Downloading ado-aw v${COMPILER_VERSION} from GitHub Releases..."
                   curl -fsSL -o "$DOWNLOAD_DIR/ado-aw-linux-x64" "$DOWNLOAD_URL"
-                  curl -fsSL -o "$DOWNLOAD_DIR/ado-aw-linux-x64.sha256" "$CHECKSUM_URL"
+                  curl -fsSL -o "$DOWNLOAD_DIR/checksums.txt" "$CHECKSUM_URL"
 
                   echo "Verifying checksum..."
                   cd "$DOWNLOAD_DIR"
-                  sha256sum --check ado-aw-linux-x64.sha256
+                  sha256sum -c checksums.txt --ignore-missing | grep -q ": OK"
                   mv ado-aw-linux-x64 ado-aw
                   chmod +x ado-aw
                 displayName: "Download agentic pipeline compiler (v{{ compiler_version }})"

templates/base.yml

@@ -56,16 +56,16 @@ jobs:
           COMPILER_VERSION="{{ compiler_version }}"
           DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler"
           DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64"
-          CHECKSUM_URL="${DOWNLOAD_URL}.sha256"
+          CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt"
 
           mkdir -p "$DOWNLOAD_DIR"
           echo "Downloading ado-aw v${COMPILER_VERSION} from GitHub Releases..."
           curl -fsSL -o "$DOWNLOAD_DIR/ado-aw-linux-x64" "$DOWNLOAD_URL"
-          curl -fsSL -o "$DOWNLOAD_DIR/ado-aw-linux-x64.sha256" "$CHECKSUM_URL"
+          curl -fsSL -o "$DOWNLOAD_DIR/checksums.txt" "$CHECKSUM_URL"
 
           echo "Verifying checksum..."
           cd "$DOWNLOAD_DIR"
-          sha256sum --check ado-aw-linux-x64.sha256
+          sha256sum -c checksums.txt --ignore-missing | grep -q ": OK"
           mv ado-aw-linux-x64 ado-aw
           chmod +x ado-aw
         displayName: "Download agentic pipeline compiler (v{{ compiler_version }})"
@@ -172,23 +172,25 @@ jobs:
       - task: DockerInstaller@0
         displayName: "Install Docker"
 
-      - task: DownloadPipelineArtifact@2
-        displayName: "Download AWF (Agentic Workflow Firewall)"
-        name: awfdrop
-        inputs:
-          source: "specific"
-          project: "4x4"
-          pipeline: 2450
-          runVersion: "latestFromBranch"
-          branchName: "refs/heads/ms/main"
-          artifact: "gh-aw-firewall-linux-x64"
-          targetPath: "$(Pipeline.Workspace)/awf"
-
       - bash: |
-          chmod +x "$(Pipeline.Workspace)/awf/awf"
+          AWF_VERSION="{{ firewall_version }}"
+          DOWNLOAD_DIR="$(Pipeline.Workspace)/awf"
+          DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64"
+          CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt"
+
+          mkdir -p "$DOWNLOAD_DIR"
+          echo "Downloading AWF v${AWF_VERSION} from GitHub Releases..."
+          curl -fsSL -o "$DOWNLOAD_DIR/awf-linux-x64" "$DOWNLOAD_URL"
+          curl -fsSL -o "$DOWNLOAD_DIR/checksums.txt" "$CHECKSUM_URL"
+
+          echo "Verifying checksum..."
+          cd "$DOWNLOAD_DIR"
+          sha256sum -c checksums.txt --ignore-missing | grep -q ": OK"
+          mv awf-linux-x64 awf
+          chmod +x awf
           echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf"
-          "$(Pipeline.Workspace)/awf/awf" --version || echo "AWF binary ready"
-        displayName: "Setup AWF"
+          ./awf --version || echo "AWF binary ready"
+        displayName: "Download AWF (Agentic Workflow Firewall) v{{ firewall_version }}"
 
       - bash: |
           docker pull ghcr.io/github/gh-aw-firewall/squid:latest
@@ -312,40 +314,42 @@ jobs:
           COMPILER_VERSION="{{ compiler_version }}"
           DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler"
           DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64"
-          CHECKSUM_URL="${DOWNLOAD_URL}.sha256"
+          CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt"
 
           mkdir -p "$DOWNLOAD_DIR"
           echo "Downloading ado-aw v${COMPILER_VERSION} from GitHub Releases..."
           curl -fsSL -o "$DOWNLOAD_DIR/ado-aw-linux-x64" "$DOWNLOAD_URL"
-          curl -fsSL -o "$DOWNLOAD_DIR/ado-aw-linux-x64.sha256" "$CHECKSUM_URL"
+          curl -fsSL -o "$DOWNLOAD_DIR/checksums.txt" "$CHECKSUM_URL"
 
           echo "Verifying checksum..."
           cd "$DOWNLOAD_DIR"
-          sha256sum --check ado-aw-linux-x64.sha256
+          sha256sum -c checksums.txt --ignore-missing | grep -q ": OK"
           mv ado-aw-linux-x64 ado-aw
           chmod +x ado-aw
         displayName: "Download agentic pipeline compiler (v{{ compiler_version }})"
 
       - task: DockerInstaller@0
         displayName: "Install Docker"
 
-      - task: DownloadPipelineArtifact@2
-        displayName: "Download AWF (Agentic Workflow Firewall)"
-        name: awfdrop
-        inputs:
-          source: "specific"
-          project: "4x4"
-          pipeline: 2450
-          runVersion: "latestFromBranch"
-          branchName: "refs/heads/ms/main"
-          artifact: "gh-aw-firewall-linux-x64"
-          targetPath: "$(Pipeline.Workspace)/awf"
-
       - bash: |
-          chmod +x "$(Pipeline.Workspace)/awf/awf"
+          AWF_VERSION="{{ firewall_version }}"
+          DOWNLOAD_DIR="$(Pipeline.Workspace)/awf"
+          DOWNLOAD_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/awf-linux-x64"
+          CHECKSUM_URL="https://github.com/github/gh-aw-firewall/releases/download/v${AWF_VERSION}/checksums.txt"
+
+          mkdir -p "$DOWNLOAD_DIR"
+          echo "Downloading AWF v${AWF_VERSION} from GitHub Releases..."
+          curl -fsSL -o "$DOWNLOAD_DIR/awf-linux-x64" "$DOWNLOAD_URL"
+          curl -fsSL -o "$DOWNLOAD_DIR/checksums.txt" "$CHECKSUM_URL"
+
+          echo "Verifying checksum..."
+          cd "$DOWNLOAD_DIR"
+          sha256sum -c checksums.txt --ignore-missing | grep -q ": OK"
+          mv awf-linux-x64 awf
+          chmod +x awf
           echo "##vso[task.prependpath]$(Pipeline.Workspace)/awf"
-          "$(Pipeline.Workspace)/awf/awf" --version || echo "AWF binary ready"
-        displayName: "Setup AWF"
+          ./awf --version || echo "AWF binary ready"
+        displayName: "Download AWF (Agentic Workflow Firewall) v{{ firewall_version }}"
 
       - bash: |
           docker pull ghcr.io/github/gh-aw-firewall/squid:latest
@@ -504,16 +508,16 @@ jobs:
           COMPILER_VERSION="{{ compiler_version }}"
           DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler"
           DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64"
-          CHECKSUM_URL="${DOWNLOAD_URL}.sha256"
+          CHECKSUM_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/checksums.txt"
 
           mkdir -p "$DOWNLOAD_DIR"
           echo "Downloading ado-aw v${COMPILER_VERSION} from GitHub Releases..."
           curl -fsSL -o "$DOWNLOAD_DIR/ado-aw-linux-x64" "$DOWNLOAD_URL"
-          curl -fsSL -o "$DOWNLOAD_DIR/ado-aw-linux-x64.sha256" "$CHECKSUM_URL"
+          curl -fsSL -o "$DOWNLOAD_DIR/checksums.txt" "$CHECKSUM_URL"
 
           echo "Verifying checksum..."
           cd "$DOWNLOAD_DIR"
-          sha256sum --check ado-aw-linux-x64.sha256
+          sha256sum -c checksums.txt --ignore-missing | grep -q ": OK"
           mv ado-aw-linux-x64 ado-aw
           chmod +x ado-aw
         displayName: "Download agentic pipeline compiler (v{{ compiler_version }})"

tests/compiler_tests.rs

@@ -145,8 +145,26 @@ fn test_compiled_yaml_structure() {
         "Template should download the compiler from GitHub Releases"
     );
     assert!(
-        template_content.contains("sha256sum --check"),
-        "Template should verify checksum of downloaded compiler"
+        template_content.contains("sha256sum -c checksums.txt --ignore-missing | grep -q \": OK\""),
+        "Template should verify checksum using checksums.txt with grep confirmation"
+    );
+
+    // Verify AWF (Agentic Workflow Firewall) is downloaded from GitHub Releases, not ADO pipeline artifacts
+    assert!(
+        !template_content.contains("pipeline: 2450"),
+        "Template should not reference ADO pipeline 2450 for the firewall"
+    );
+    assert!(
+        !template_content.contains("DownloadPipelineArtifact"),
+        "Template should not use DownloadPipelineArtifact task"
+    );
+    assert!(
+        template_content.contains("github.com/github/gh-aw-firewall/releases"),
+        "Template should download AWF from GitHub Releases"
+    );
+    assert!(
+        template_content.contains("{{ firewall_version }}"),
+        "Template should contain firewall_version marker"
     );
 }
 
@@ -348,7 +366,13 @@ fn test_compiled_output_no_unreplaced_markers() {
     );
     assert!(
         compiled.contains("github.com/githubnext/ado-aw/releases"),
-        "Compiled output should reference GitHub Releases"
+        "Compiled output should reference GitHub Releases for the compiler"
+    );
+
+    // Verify the AWF firewall version was correctly substituted
+    assert!(
+        compiled.contains("github.com/github/gh-aw-firewall/releases"),
+        "Compiled output should reference GitHub Releases for AWF"
     );
 
     let _ = fs::remove_dir_all(&temp_dir);